Switch to the new code style
Signed-off-by: David Horstmann <david.horstmann@arm.com>
diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h
index 78b75c8..5d7e663 100644
--- a/configs/config-ccm-psk-dtls1_2.h
+++ b/configs/config-ccm-psk-dtls1_2.h
@@ -72,8 +72,8 @@
* save ROM and a few bytes of RAM by specifying our own ciphersuite list
*/
#define MBEDTLS_SSL_CIPHERSUITES \
- MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \
- MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
+ MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \
+ MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
/*
* Save RAM at the expense of interoperability: do this only if you control
diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index 3216e17..1aa52a7 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -62,8 +62,8 @@
* save ROM and a few bytes of RAM by specifying our own ciphersuite list
*/
#define MBEDTLS_SSL_CIPHERSUITES \
- MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \
- MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
+ MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \
+ MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
/*
* Save RAM at the expense of interoperability: do this only if you control
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 401ac39..fb2322a 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -72,7 +72,7 @@
/** AES hardware accelerator failed. */
#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
@@ -88,8 +88,7 @@
/**
* \brief The AES context-type definition.
*/
-typedef struct mbedtls_aes_context
-{
+typedef struct mbedtls_aes_context {
int nr; /*!< The number of rounds. */
uint32_t *rk; /*!< AES round keys. */
uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can
@@ -107,8 +106,7 @@
/**
* \brief The AES XTS context-type definition.
*/
-typedef struct mbedtls_aes_xts_context
-{
+typedef struct mbedtls_aes_xts_context {
mbedtls_aes_context crypt; /*!< The AES context to use for AES block
encryption or decryption. */
mbedtls_aes_context tweak; /*!< The AES context used for tweak
@@ -128,7 +126,7 @@
*
* \param ctx The AES context to initialize. This must not be \c NULL.
*/
-void mbedtls_aes_init( mbedtls_aes_context *ctx );
+void mbedtls_aes_init(mbedtls_aes_context *ctx);
/**
* \brief This function releases and clears the specified AES context.
@@ -137,7 +135,7 @@
* If this is \c NULL, this function does nothing.
* Otherwise, the context must have been at least initialized.
*/
-void mbedtls_aes_free( mbedtls_aes_context *ctx );
+void mbedtls_aes_free(mbedtls_aes_context *ctx);
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
@@ -148,7 +146,7 @@
*
* \param ctx The AES XTS context to initialize. This must not be \c NULL.
*/
-void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx );
+void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx);
/**
* \brief This function releases and clears the specified AES XTS context.
@@ -157,7 +155,7 @@
* If this is \c NULL, this function does nothing.
* Otherwise, the context must have been at least initialized.
*/
-void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
+void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx);
#endif /* MBEDTLS_CIPHER_MODE_XTS */
/**
@@ -176,8 +174,8 @@
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
- unsigned int keybits );
+int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
+ unsigned int keybits);
/**
* \brief This function sets the decryption key.
@@ -195,8 +193,8 @@
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
- unsigned int keybits );
+int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key,
+ unsigned int keybits);
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
@@ -216,9 +214,9 @@
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
+int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits);
/**
* \brief This function prepares an XTS context for decryption and
@@ -237,9 +235,9 @@
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
+int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits);
#endif /* MBEDTLS_CIPHER_MODE_XTS */
/**
@@ -266,10 +264,10 @@
* \return \c 0 on success.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] );
+int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16]);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
@@ -314,12 +312,12 @@
* on failure.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
@@ -359,12 +357,12 @@
* length is larger than 2^20 blocks (16 MiB).
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
- int mode,
- size_t length,
- const unsigned char data_unit[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx,
+ int mode,
+ size_t length,
+ const unsigned char data_unit[16],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
@@ -408,13 +406,13 @@
* \return \c 0 on success.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function performs an AES-CFB8 encryption or decryption
@@ -453,12 +451,12 @@
* \return \c 0 on success.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output);
#endif /*MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
@@ -508,12 +506,12 @@
* \return \c 0 on success.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_OFB */
@@ -591,13 +589,13 @@
* \return \c 0 on success.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[16],
- unsigned char stream_block[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx,
+ size_t length,
+ size_t *nc_off,
+ unsigned char nonce_counter[16],
+ unsigned char stream_block[16],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CTR */
/**
@@ -612,9 +610,9 @@
* \return \c 0 on success.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] );
+int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx,
+ const unsigned char input[16],
+ unsigned char output[16]);
/**
* \brief Internal AES block decryption function. This is only
@@ -628,9 +626,9 @@
* \return \c 0 on success.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] );
+int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
+ const unsigned char input[16],
+ unsigned char output[16]);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -648,9 +646,9 @@
* \param input Plaintext block.
* \param output Output (ciphertext) block.
*/
-MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] );
+MBEDTLS_DEPRECATED void mbedtls_aes_encrypt(mbedtls_aes_context *ctx,
+ const unsigned char input[16],
+ unsigned char output[16]);
/**
* \brief Deprecated internal AES block decryption function
@@ -662,9 +660,9 @@
* \param input Ciphertext block.
* \param output Output (plaintext) block.
*/
-MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] );
+MBEDTLS_DEPRECATED void mbedtls_aes_decrypt(mbedtls_aes_context *ctx,
+ const unsigned char input[16],
+ unsigned char output[16]);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -678,7 +676,7 @@
* \return \c 1 on failure.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_aes_self_test( int verbose );
+int mbedtls_aes_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/aesni.h b/include/mbedtls/aesni.h
index c1d22f5..653b146 100644
--- a/include/mbedtls/aesni.h
+++ b/include/mbedtls/aesni.h
@@ -37,8 +37,8 @@
#define MBEDTLS_AESNI_CLMUL 0x00000002u
#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \
- ( defined(__amd64__) || defined(__x86_64__) ) && \
- ! defined(MBEDTLS_HAVE_X86_64)
+ (defined(__amd64__) || defined(__x86_64__)) && \
+ !defined(MBEDTLS_HAVE_X86_64)
#define MBEDTLS_HAVE_X86_64
#endif
@@ -59,7 +59,7 @@
*
* \return 1 if CPU has support for the feature, 0 otherwise
*/
-int mbedtls_aesni_has_support( unsigned int what );
+int mbedtls_aesni_has_support(unsigned int what);
/**
* \brief Internal AES-NI AES-ECB block encryption and decryption
@@ -74,10 +74,10 @@
*
* \return 0 on success (cannot fail)
*/
-int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] );
+int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx,
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16]);
/**
* \brief Internal GCM multiplication: c = a * b in GF(2^128)
@@ -92,9 +92,9 @@
* \note Both operands and result are bit strings interpreted as
* elements of GF(2^128) as per the GCM spec.
*/
-void mbedtls_aesni_gcm_mult( unsigned char c[16],
- const unsigned char a[16],
- const unsigned char b[16] );
+void mbedtls_aesni_gcm_mult(unsigned char c[16],
+ const unsigned char a[16],
+ const unsigned char b[16]);
/**
* \brief Internal round key inversion. This function computes
@@ -107,9 +107,9 @@
* \param fwdkey Original round keys (for encryption)
* \param nr Number of rounds (that is, number of round keys minus one)
*/
-void mbedtls_aesni_inverse_key( unsigned char *invkey,
- const unsigned char *fwdkey,
- int nr );
+void mbedtls_aesni_inverse_key(unsigned char *invkey,
+ const unsigned char *fwdkey,
+ int nr);
/**
* \brief Internal key expansion for encryption
@@ -123,9 +123,9 @@
*
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
*/
-int mbedtls_aesni_setkey_enc( unsigned char *rk,
- const unsigned char *key,
- size_t bits );
+int mbedtls_aesni_setkey_enc(unsigned char *rk,
+ const unsigned char *key,
+ size_t bits);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h
index f4b0f9f..d116dda 100644
--- a/include/mbedtls/arc4.h
+++ b/include/mbedtls/arc4.h
@@ -53,8 +53,7 @@
* security risk. We recommend considering stronger ciphers instead.
*
*/
-typedef struct mbedtls_arc4_context
-{
+typedef struct mbedtls_arc4_context {
int x; /*!< permutation index */
int y; /*!< permutation index */
unsigned char m[256]; /*!< permutation table */
@@ -75,7 +74,7 @@
* instead.
*
*/
-void mbedtls_arc4_init( mbedtls_arc4_context *ctx );
+void mbedtls_arc4_init(mbedtls_arc4_context *ctx);
/**
* \brief Clear ARC4 context
@@ -87,7 +86,7 @@
* instead.
*
*/
-void mbedtls_arc4_free( mbedtls_arc4_context *ctx );
+void mbedtls_arc4_free(mbedtls_arc4_context *ctx);
/**
* \brief ARC4 key schedule
@@ -101,8 +100,8 @@
* instead.
*
*/
-void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
- unsigned int keylen );
+void mbedtls_arc4_setup(mbedtls_arc4_context *ctx, const unsigned char *key,
+ unsigned int keylen);
/**
* \brief ARC4 cipher function
@@ -119,8 +118,8 @@
* instead.
*
*/
-int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
- unsigned char *output );
+int mbedtls_arc4_crypt(mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
+ unsigned char *output);
#if defined(MBEDTLS_SELF_TEST)
@@ -134,7 +133,7 @@
* instead.
*
*/
-int mbedtls_arc4_self_test( int verbose );
+int mbedtls_arc4_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index d294c47..9856a1c 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -48,7 +48,7 @@
#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005C )
+#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(-0x005C)
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
/** Bad input data. */
#define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C
@@ -76,8 +76,7 @@
/**
* \brief The ARIA context-type definition.
*/
-typedef struct mbedtls_aria_context
-{
+typedef struct mbedtls_aria_context {
unsigned char nr; /*!< The number of rounds (12, 14 or 16) */
/*! The ARIA round keys. */
uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
@@ -96,7 +95,7 @@
*
* \param ctx The ARIA context to initialize. This must not be \c NULL.
*/
-void mbedtls_aria_init( mbedtls_aria_context *ctx );
+void mbedtls_aria_init(mbedtls_aria_context *ctx);
/**
* \brief This function releases and clears the specified ARIA context.
@@ -105,7 +104,7 @@
* case this function returns immediately. If it is not \c NULL,
* it must point to an initialized ARIA context.
*/
-void mbedtls_aria_free( mbedtls_aria_context *ctx );
+void mbedtls_aria_free(mbedtls_aria_context *ctx);
/**
* \brief This function sets the encryption key.
@@ -122,9 +121,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
+int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits);
/**
* \brief This function sets the decryption key.
@@ -141,9 +140,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
+int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits);
/**
* \brief This function performs an ARIA single-block encryption or
@@ -165,9 +164,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
- const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
- unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] );
+int mbedtls_aria_crypt_ecb(mbedtls_aria_context *ctx,
+ const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
+ unsigned char output[MBEDTLS_ARIA_BLOCKSIZE]);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
@@ -211,12 +210,12 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aria_crypt_cbc(mbedtls_aria_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
@@ -261,13 +260,13 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aria_crypt_cfb128(mbedtls_aria_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
@@ -348,13 +347,13 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
- unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aria_crypt_ctr(mbedtls_aria_context *ctx,
+ size_t length,
+ size_t *nc_off,
+ unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
+ unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_SELF_TEST)
@@ -363,7 +362,7 @@
*
* \return \c 0 on success, or \c 1 on failure.
*/
-int mbedtls_aria_self_test( int verbose );
+int mbedtls_aria_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 5117fc7..540cdcc 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -97,15 +97,15 @@
/* Slightly smaller way to check if tag is a string tag
* compared to canonical implementation. */
-#define MBEDTLS_ASN1_IS_STRING_TAG( tag ) \
- ( ( tag ) < 32u && ( \
- ( ( 1u << ( tag ) ) & ( ( 1u << MBEDTLS_ASN1_BMP_STRING ) | \
- ( 1u << MBEDTLS_ASN1_UTF8_STRING ) | \
- ( 1u << MBEDTLS_ASN1_T61_STRING ) | \
- ( 1u << MBEDTLS_ASN1_IA5_STRING ) | \
- ( 1u << MBEDTLS_ASN1_UNIVERSAL_STRING ) | \
- ( 1u << MBEDTLS_ASN1_PRINTABLE_STRING ) | \
- ( 1u << MBEDTLS_ASN1_BIT_STRING ) ) ) != 0 ) )
+#define MBEDTLS_ASN1_IS_STRING_TAG(tag) \
+ ((tag) < 32u && ( \
+ ((1u << (tag)) & ((1u << MBEDTLS_ASN1_BMP_STRING) | \
+ (1u << MBEDTLS_ASN1_UTF8_STRING) | \
+ (1u << MBEDTLS_ASN1_T61_STRING) | \
+ (1u << MBEDTLS_ASN1_IA5_STRING) | \
+ (1u << MBEDTLS_ASN1_UNIVERSAL_STRING) | \
+ (1u << MBEDTLS_ASN1_PRINTABLE_STRING) | \
+ (1u << MBEDTLS_ASN1_BIT_STRING))) != 0))
/*
* Bit masks for each of the components of an ASN.1 tag as specified in
@@ -133,12 +133,12 @@
* 'unsigned char *oid' here!
*/
#define MBEDTLS_OID_CMP(oid_str, oid_buf) \
- ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) || \
- memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
+ ((MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len) || \
+ memcmp((oid_str), (oid_buf)->p, (oid_buf)->len) != 0)
#define MBEDTLS_OID_CMP_RAW(oid_str, oid_buf, oid_buf_len) \
- ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len) ) || \
- memcmp( (oid_str), (oid_buf), (oid_buf_len) ) != 0 )
+ ((MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len)) || \
+ memcmp((oid_str), (oid_buf), (oid_buf_len)) != 0)
#ifdef __cplusplus
extern "C" {
@@ -152,8 +152,7 @@
/**
* Type-length-value structure that allows for ASN1 using DER.
*/
-typedef struct mbedtls_asn1_buf
-{
+typedef struct mbedtls_asn1_buf {
int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
size_t len; /**< ASN1 length, in octets. */
unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
@@ -163,8 +162,7 @@
/**
* Container for ASN1 bit strings.
*/
-typedef struct mbedtls_asn1_bitstring
-{
+typedef struct mbedtls_asn1_bitstring {
size_t len; /**< ASN1 length, in octets. */
unsigned char unused_bits; /**< Number of unused bits at the end of the string */
unsigned char *p; /**< Raw ASN1 data for the bit string */
@@ -174,8 +172,7 @@
/**
* Container for a sequence of ASN.1 items
*/
-typedef struct mbedtls_asn1_sequence
-{
+typedef struct mbedtls_asn1_sequence {
mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
struct mbedtls_asn1_sequence *next; /**< The next entry in the sequence. */
}
@@ -184,8 +181,7 @@
/**
* Container for a sequence or list of 'named' ASN.1 data items
*/
-typedef struct mbedtls_asn1_named_data
-{
+typedef struct mbedtls_asn1_named_data {
mbedtls_asn1_buf oid; /**< The object identifier. */
mbedtls_asn1_buf val; /**< The named value. */
struct mbedtls_asn1_named_data *next; /**< The next entry in the sequence. */
@@ -211,9 +207,9 @@
* would end beyond \p end.
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
*/
-int mbedtls_asn1_get_len( unsigned char **p,
- const unsigned char *end,
- size_t *len );
+int mbedtls_asn1_get_len(unsigned char **p,
+ const unsigned char *end,
+ size_t *len);
/**
* \brief Get the tag and length of the element.
@@ -236,9 +232,9 @@
* would end beyond \p end.
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
*/
-int mbedtls_asn1_get_tag( unsigned char **p,
- const unsigned char *end,
- size_t *len, int tag );
+int mbedtls_asn1_get_tag(unsigned char **p,
+ const unsigned char *end,
+ size_t *len, int tag);
/**
* \brief Retrieve a boolean ASN.1 tag and its value.
@@ -255,9 +251,9 @@
* \return An ASN.1 error code if the input does not start with
* a valid ASN.1 BOOLEAN.
*/
-int mbedtls_asn1_get_bool( unsigned char **p,
- const unsigned char *end,
- int *val );
+int mbedtls_asn1_get_bool(unsigned char **p,
+ const unsigned char *end,
+ int *val);
/**
* \brief Retrieve an integer ASN.1 tag and its value.
@@ -276,9 +272,9 @@
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
* not fit in an \c int.
*/
-int mbedtls_asn1_get_int( unsigned char **p,
- const unsigned char *end,
- int *val );
+int mbedtls_asn1_get_int(unsigned char **p,
+ const unsigned char *end,
+ int *val);
/**
* \brief Retrieve an enumerated ASN.1 tag and its value.
@@ -297,9 +293,9 @@
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
* not fit in an \c int.
*/
-int mbedtls_asn1_get_enum( unsigned char **p,
- const unsigned char *end,
- int *val );
+int mbedtls_asn1_get_enum(unsigned char **p,
+ const unsigned char *end,
+ int *val);
/**
* \brief Retrieve a bitstring ASN.1 tag and its value.
@@ -318,8 +314,8 @@
* \return An ASN.1 error code if the input does not start with
* a valid ASN.1 BIT STRING.
*/
-int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
- mbedtls_asn1_bitstring *bs );
+int mbedtls_asn1_get_bitstring(unsigned char **p, const unsigned char *end,
+ mbedtls_asn1_bitstring *bs);
/**
* \brief Retrieve a bitstring ASN.1 tag without unused bits and its
@@ -339,9 +335,9 @@
* \return An ASN.1 error code if the input does not start with
* a valid ASN.1 BIT STRING.
*/
-int mbedtls_asn1_get_bitstring_null( unsigned char **p,
- const unsigned char *end,
- size_t *len );
+int mbedtls_asn1_get_bitstring_null(unsigned char **p,
+ const unsigned char *end,
+ size_t *len);
/**
* \brief Parses and splits an ASN.1 "SEQUENCE OF <tag>".
@@ -390,10 +386,10 @@
* \return An ASN.1 error code if the input does not start with
* a valid ASN.1 SEQUENCE.
*/
-int mbedtls_asn1_get_sequence_of( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_sequence *cur,
- int tag );
+int mbedtls_asn1_get_sequence_of(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_asn1_sequence *cur,
+ int tag);
/**
* \brief Free a heap-allocated linked list presentation of
* an ASN.1 sequence, including the first element.
@@ -415,7 +411,7 @@
* be \c NULL, in which case this functions returns
* immediately.
*/
-void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq );
+void mbedtls_asn1_sequence_free(mbedtls_asn1_sequence *seq);
/**
* \brief Traverse an ASN.1 SEQUENCE container and
@@ -507,9 +503,9 @@
const unsigned char *end,
unsigned char tag_must_mask, unsigned char tag_must_val,
unsigned char tag_may_mask, unsigned char tag_may_val,
- int (*cb)( void *ctx, int tag,
- unsigned char* start, size_t len ),
- void *ctx );
+ int (*cb)(void *ctx, int tag,
+ unsigned char *start, size_t len),
+ void *ctx);
#if defined(MBEDTLS_BIGNUM_C)
/**
@@ -530,9 +526,9 @@
* not fit in an \c int.
* \return An MPI error code if the parsed value is too large.
*/
-int mbedtls_asn1_get_mpi( unsigned char **p,
- const unsigned char *end,
- mbedtls_mpi *X );
+int mbedtls_asn1_get_mpi(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_mpi *X);
#endif /* MBEDTLS_BIGNUM_C */
/**
@@ -551,9 +547,9 @@
*
* \return 0 if successful or a specific ASN.1 or MPI error code.
*/
-int mbedtls_asn1_get_alg( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
+int mbedtls_asn1_get_alg(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params);
/**
* \brief Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
@@ -570,9 +566,9 @@
*
* \return 0 if successful or a specific ASN.1 or MPI error code.
*/
-int mbedtls_asn1_get_alg_null( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_buf *alg );
+int mbedtls_asn1_get_alg_null(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_asn1_buf *alg);
/**
* \brief Find a specific named_data entry in a sequence or list based on
@@ -584,8 +580,8 @@
*
* \return NULL if not found, or a pointer to the existing entry.
*/
-mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
- const char *oid, size_t len );
+mbedtls_asn1_named_data *mbedtls_asn1_find_named_data(mbedtls_asn1_named_data *list,
+ const char *oid, size_t len);
/**
* \brief Free a mbedtls_asn1_named_data entry
@@ -594,7 +590,7 @@
* This function calls mbedtls_free() on
* `entry->oid.p` and `entry->val.p`.
*/
-void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
+void mbedtls_asn1_free_named_data(mbedtls_asn1_named_data *entry);
/**
* \brief Free all entries in a mbedtls_asn1_named_data list.
@@ -604,7 +600,7 @@
* mbedtls_free() on each list element and
* sets \c *head to \c NULL.
*/
-void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
+void mbedtls_asn1_free_named_data_list(mbedtls_asn1_named_data **head);
/** \} name Functions to parse ASN.1 data structures */
/** \} addtogroup asn1_module */
diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h
index 5da7654..a439268 100644
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@@ -33,11 +33,11 @@
#define MBEDTLS_ASN1_CHK_ADD(g, f) \
do \
{ \
- if( ( ret = (f) ) < 0 ) \
- return( ret ); \
+ if ((ret = (f)) < 0) \
+ return ret; \
else \
- (g) += ret; \
- } while( 0 )
+ (g) += ret; \
+ } while (0)
#ifdef __cplusplus
extern "C" {
@@ -55,8 +55,8 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start,
- size_t len );
+int mbedtls_asn1_write_len(unsigned char **p, unsigned char *start,
+ size_t len);
/**
* \brief Write an ASN.1 tag in ASN.1 format.
*
@@ -69,8 +69,8 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start,
- unsigned char tag );
+int mbedtls_asn1_write_tag(unsigned char **p, unsigned char *start,
+ unsigned char tag);
/**
* \brief Write raw buffer data.
@@ -85,8 +85,8 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
- const unsigned char *buf, size_t size );
+int mbedtls_asn1_write_raw_buffer(unsigned char **p, unsigned char *start,
+ const unsigned char *buf, size_t size);
#if defined(MBEDTLS_BIGNUM_C)
/**
@@ -103,8 +103,8 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start,
- const mbedtls_mpi *X );
+int mbedtls_asn1_write_mpi(unsigned char **p, unsigned char *start,
+ const mbedtls_mpi *X);
#endif /* MBEDTLS_BIGNUM_C */
/**
@@ -119,7 +119,7 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start );
+int mbedtls_asn1_write_null(unsigned char **p, unsigned char *start);
/**
* \brief Write an OID tag (#MBEDTLS_ASN1_OID) and data
@@ -135,8 +135,8 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
- const char *oid, size_t oid_len );
+int mbedtls_asn1_write_oid(unsigned char **p, unsigned char *start,
+ const char *oid, size_t oid_len);
/**
* \brief Write an AlgorithmIdentifier sequence in ASN.1 format.
@@ -153,10 +153,10 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_algorithm_identifier( unsigned char **p,
- unsigned char *start,
- const char *oid, size_t oid_len,
- size_t par_len );
+int mbedtls_asn1_write_algorithm_identifier(unsigned char **p,
+ unsigned char *start,
+ const char *oid, size_t oid_len,
+ size_t par_len);
/**
* \brief Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value
@@ -171,8 +171,8 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start,
- int boolean );
+int mbedtls_asn1_write_bool(unsigned char **p, unsigned char *start,
+ int boolean);
/**
* \brief Write an int tag (#MBEDTLS_ASN1_INTEGER) and value
@@ -188,7 +188,7 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val );
+int mbedtls_asn1_write_int(unsigned char **p, unsigned char *start, int val);
/**
* \brief Write an enum tag (#MBEDTLS_ASN1_ENUMERATED) and value
@@ -203,7 +203,7 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val );
+int mbedtls_asn1_write_enum(unsigned char **p, unsigned char *start, int val);
/**
* \brief Write a string in ASN.1 format using a specific
@@ -222,9 +222,9 @@
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
-int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start,
- int tag, const char *text,
- size_t text_len );
+int mbedtls_asn1_write_tagged_string(unsigned char **p, unsigned char *start,
+ int tag, const char *text,
+ size_t text_len);
/**
* \brief Write a string in ASN.1 format using the PrintableString
@@ -241,9 +241,9 @@
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
-int mbedtls_asn1_write_printable_string( unsigned char **p,
- unsigned char *start,
- const char *text, size_t text_len );
+int mbedtls_asn1_write_printable_string(unsigned char **p,
+ unsigned char *start,
+ const char *text, size_t text_len);
/**
* \brief Write a UTF8 string in ASN.1 format using the UTF8String
@@ -260,8 +260,8 @@
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
-int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start,
- const char *text, size_t text_len );
+int mbedtls_asn1_write_utf8_string(unsigned char **p, unsigned char *start,
+ const char *text, size_t text_len);
/**
* \brief Write a string in ASN.1 format using the IA5String
@@ -278,8 +278,8 @@
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
-int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
- const char *text, size_t text_len );
+int mbedtls_asn1_write_ia5_string(unsigned char **p, unsigned char *start,
+ const char *text, size_t text_len);
/**
* \brief Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and
@@ -295,8 +295,8 @@
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
-int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
- const unsigned char *buf, size_t bits );
+int mbedtls_asn1_write_bitstring(unsigned char **p, unsigned char *start,
+ const unsigned char *buf, size_t bits);
/**
* \brief This function writes a named bitstring tag
@@ -315,10 +315,10 @@
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
-int mbedtls_asn1_write_named_bitstring( unsigned char **p,
- unsigned char *start,
- const unsigned char *buf,
- size_t bits );
+int mbedtls_asn1_write_named_bitstring(unsigned char **p,
+ unsigned char *start,
+ const unsigned char *buf,
+ size_t bits);
/**
* \brief Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING)
@@ -334,8 +334,8 @@
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
-int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
- const unsigned char *buf, size_t size );
+int mbedtls_asn1_write_octet_string(unsigned char **p, unsigned char *start,
+ const unsigned char *buf, size_t size);
/**
* \brief Create or find a specific named_data entry for writing in a
@@ -358,10 +358,10 @@
* \return A pointer to the new / existing entry on success.
* \return \c NULL if if there was a memory allocation error.
*/
-mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list,
- const char *oid, size_t oid_len,
- const unsigned char *val,
- size_t val_len );
+mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(mbedtls_asn1_named_data **list,
+ const char *oid, size_t oid_len,
+ const unsigned char *val,
+ size_t val_len);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h
index cf4149e..ec9c408 100644
--- a/include/mbedtls/base64.h
+++ b/include/mbedtls/base64.h
@@ -58,8 +58,8 @@
* \note Call this function with dlen = 0 to obtain the
* required buffer size in *olen
*/
-int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
- const unsigned char *src, size_t slen );
+int mbedtls_base64_encode(unsigned char *dst, size_t dlen, size_t *olen,
+ const unsigned char *src, size_t slen);
/**
* \brief Decode a base64-formatted buffer
@@ -78,8 +78,8 @@
* \note Call this function with *dst = NULL or dlen = 0 to obtain
* the required buffer size in *olen
*/
-int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
- const unsigned char *src, size_t slen );
+int mbedtls_base64_decode(unsigned char *dst, size_t dlen, size_t *olen,
+ const unsigned char *src, size_t slen);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -87,7 +87,7 @@
*
* \return 0 if successful, or 1 if the test failed
*/
-int mbedtls_base64_self_test( int verbose );
+int mbedtls_base64_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index c61db82..d706a2c 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -55,9 +55,9 @@
#define MBEDTLS_MPI_CHK(f) \
do \
{ \
- if( ( ret = (f) ) != 0 ) \
- goto cleanup; \
- } while( 0 )
+ if ((ret = (f)) != 0) \
+ goto cleanup; \
+ } while (0)
/*
* Maximum size MPIs are allowed to grow to in number of limbs.
@@ -88,7 +88,7 @@
#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
#endif /* !MBEDTLS_MPI_MAX_SIZE */
-#define MBEDTLS_MPI_MAX_BITS ( 8 * MBEDTLS_MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */
+#define MBEDTLS_MPI_MAX_BITS (8 * MBEDTLS_MPI_MAX_SIZE) /**< Maximum number of bits for usable MPIs. */
/*
* When reading from files with mbedtls_mpi_read_file() and writing to files with
@@ -108,9 +108,11 @@
* MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) +
* LabelSize + 6
*/
-#define MBEDTLS_MPI_MAX_BITS_SCALE100 ( 100 * MBEDTLS_MPI_MAX_BITS )
+#define MBEDTLS_MPI_MAX_BITS_SCALE100 (100 * MBEDTLS_MPI_MAX_BITS)
#define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332
-#define MBEDTLS_MPI_RW_BUFFER_SIZE ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
+#define MBEDTLS_MPI_RW_BUFFER_SIZE (((MBEDTLS_MPI_MAX_BITS_SCALE100 + \
+ MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / \
+ MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6)
/*
* Define the base integer type, architecture-wise.
@@ -124,60 +126,60 @@
*/
#if !defined(MBEDTLS_HAVE_INT32)
#if defined(_MSC_VER) && defined(_M_AMD64)
- /* Always choose 64-bit when using MSC */
+/* Always choose 64-bit when using MSC */
#if !defined(MBEDTLS_HAVE_INT64)
#define MBEDTLS_HAVE_INT64
#endif /* !MBEDTLS_HAVE_INT64 */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
+typedef int64_t mbedtls_mpi_sint;
+typedef uint64_t mbedtls_mpi_uint;
#elif defined(__GNUC__) && ( \
- defined(__amd64__) || defined(__x86_64__) || \
- defined(__ppc64__) || defined(__powerpc64__) || \
- defined(__ia64__) || defined(__alpha__) || \
- ( defined(__sparc__) && defined(__arch64__) ) || \
- defined(__s390x__) || defined(__mips64) || \
- defined(__aarch64__) )
+ defined(__amd64__) || defined(__x86_64__) || \
+ defined(__ppc64__) || defined(__powerpc64__) || \
+ defined(__ia64__) || defined(__alpha__) || \
+ (defined(__sparc__) && defined(__arch64__)) || \
+ defined(__s390x__) || defined(__mips64) || \
+ defined(__aarch64__))
#if !defined(MBEDTLS_HAVE_INT64)
#define MBEDTLS_HAVE_INT64
#endif /* MBEDTLS_HAVE_INT64 */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
+typedef int64_t mbedtls_mpi_sint;
+typedef uint64_t mbedtls_mpi_uint;
#if !defined(MBEDTLS_NO_UDBL_DIVISION)
- /* mbedtls_t_udbl defined as 128-bit unsigned int */
- typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
+/* mbedtls_t_udbl defined as 128-bit unsigned int */
+typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
#define MBEDTLS_HAVE_UDBL
#endif /* !MBEDTLS_NO_UDBL_DIVISION */
#elif defined(__ARMCC_VERSION) && defined(__aarch64__)
- /*
- * __ARMCC_VERSION is defined for both armcc and armclang and
- * __aarch64__ is only defined by armclang when compiling 64-bit code
- */
+/*
+ * __ARMCC_VERSION is defined for both armcc and armclang and
+ * __aarch64__ is only defined by armclang when compiling 64-bit code
+ */
#if !defined(MBEDTLS_HAVE_INT64)
#define MBEDTLS_HAVE_INT64
#endif /* !MBEDTLS_HAVE_INT64 */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
+typedef int64_t mbedtls_mpi_sint;
+typedef uint64_t mbedtls_mpi_uint;
#if !defined(MBEDTLS_NO_UDBL_DIVISION)
- /* mbedtls_t_udbl defined as 128-bit unsigned int */
- typedef __uint128_t mbedtls_t_udbl;
+/* mbedtls_t_udbl defined as 128-bit unsigned int */
+typedef __uint128_t mbedtls_t_udbl;
#define MBEDTLS_HAVE_UDBL
#endif /* !MBEDTLS_NO_UDBL_DIVISION */
#elif defined(MBEDTLS_HAVE_INT64)
- /* Force 64-bit integers with unknown compiler */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
+/* Force 64-bit integers with unknown compiler */
+typedef int64_t mbedtls_mpi_sint;
+typedef uint64_t mbedtls_mpi_uint;
#endif
#endif /* !MBEDTLS_HAVE_INT32 */
#if !defined(MBEDTLS_HAVE_INT64)
- /* Default to 32-bit compilation */
+/* Default to 32-bit compilation */
#if !defined(MBEDTLS_HAVE_INT32)
#define MBEDTLS_HAVE_INT32
#endif /* !MBEDTLS_HAVE_INT32 */
- typedef int32_t mbedtls_mpi_sint;
- typedef uint32_t mbedtls_mpi_uint;
+typedef int32_t mbedtls_mpi_sint;
+typedef uint32_t mbedtls_mpi_uint;
#if !defined(MBEDTLS_NO_UDBL_DIVISION)
- typedef uint64_t mbedtls_t_udbl;
+typedef uint64_t mbedtls_t_udbl;
#define MBEDTLS_HAVE_UDBL
#endif /* !MBEDTLS_NO_UDBL_DIVISION */
#endif /* !MBEDTLS_HAVE_INT64 */
@@ -203,8 +205,7 @@
/**
* \brief MPI structure
*/
-typedef struct mbedtls_mpi
-{
+typedef struct mbedtls_mpi {
/** Sign: -1 if the mpi is negative, 1 otherwise.
*
* The number 0 must be represented with `s = +1`. Although many library
@@ -237,7 +238,7 @@
*
* \param X The MPI context to initialize. This must not be \c NULL.
*/
-void mbedtls_mpi_init( mbedtls_mpi *X );
+void mbedtls_mpi_init(mbedtls_mpi *X);
/**
* \brief This function frees the components of an MPI context.
@@ -246,7 +247,7 @@
* in which case this function is a no-op. If it is
* not \c NULL, it must point to an initialized MPI.
*/
-void mbedtls_mpi_free( mbedtls_mpi *X );
+void mbedtls_mpi_free(mbedtls_mpi *X);
/**
* \brief Enlarge an MPI to the specified number of limbs.
@@ -261,7 +262,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
+int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs);
/**
* \brief This function resizes an MPI downwards, keeping at least the
@@ -278,7 +279,7 @@
* (this can only happen when resizing up).
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
+int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs);
/**
* \brief Make a copy of an MPI.
@@ -293,7 +294,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );
+int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y);
/**
* \brief Swap the contents of two MPIs.
@@ -301,7 +302,7 @@
* \param X The first MPI. It must be initialized.
* \param Y The second MPI. It must be initialized.
*/
-void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
+void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y);
/**
* \brief Perform a safe conditional copy of MPI which doesn't
@@ -331,7 +332,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign );
+int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign);
/**
* \brief Perform a safe conditional swap which doesn't
@@ -360,7 +361,7 @@
* \return Another negative error code on other kinds of failure.
*
*/
-int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap );
+int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap);
/**
* \brief Store integer value in MPI.
@@ -372,7 +373,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );
+int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z);
/**
* \brief Get a specific bit from an MPI.
@@ -384,7 +385,7 @@
* of \c X is unset or set.
* \return A negative error code on failure.
*/
-int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );
+int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos);
/**
* \brief Modify a specific bit in an MPI.
@@ -401,7 +402,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );
+int mbedtls_mpi_set_bit(mbedtls_mpi *X, size_t pos, unsigned char val);
/**
* \brief Return the number of bits of value \c 0 before the
@@ -415,7 +416,7 @@
* \return The number of bits of value \c 0 before the least significant
* bit of value \c 1 in \p X.
*/
-size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );
+size_t mbedtls_mpi_lsb(const mbedtls_mpi *X);
/**
* \brief Return the number of bits up to and including the most
@@ -429,7 +430,7 @@
* \return The number of bits up to and including the most
* significant bit of value \c 1.
*/
-size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X );
+size_t mbedtls_mpi_bitlen(const mbedtls_mpi *X);
/**
* \brief Return the total size of an MPI value in bytes.
@@ -444,7 +445,7 @@
* \return The least number of bytes capable of storing
* the absolute value of \p X.
*/
-size_t mbedtls_mpi_size( const mbedtls_mpi *X );
+size_t mbedtls_mpi_size(const mbedtls_mpi *X);
/**
* \brief Import an MPI from an ASCII string.
@@ -456,7 +457,7 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );
+int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s);
/**
* \brief Export an MPI to an ASCII string.
@@ -480,8 +481,8 @@
* size of \p buf required for a successful call.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
- char *buf, size_t buflen, size_t *olen );
+int mbedtls_mpi_write_string(const mbedtls_mpi *X, int radix,
+ char *buf, size_t buflen, size_t *olen);
#if defined(MBEDTLS_FS_IO)
/**
@@ -505,7 +506,7 @@
* is too small.
* \return Another negative error code on failure.
*/
-int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );
+int mbedtls_mpi_read_file(mbedtls_mpi *X, int radix, FILE *fin);
/**
* \brief Export an MPI into an opened file.
@@ -522,8 +523,8 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X,
- int radix, FILE *fout );
+int mbedtls_mpi_write_file(const char *p, const mbedtls_mpi *X,
+ int radix, FILE *fout);
#endif /* MBEDTLS_FS_IO */
/**
@@ -538,8 +539,8 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf,
- size_t buflen );
+int mbedtls_mpi_read_binary(mbedtls_mpi *X, const unsigned char *buf,
+ size_t buflen);
/**
* \brief Import X from unsigned binary data, little endian
@@ -553,8 +554,8 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
- const unsigned char *buf, size_t buflen );
+int mbedtls_mpi_read_binary_le(mbedtls_mpi *X,
+ const unsigned char *buf, size_t buflen);
/**
* \brief Export X into unsigned binary data, big endian.
@@ -571,8 +572,8 @@
* large enough to hold the value of \p X.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf,
- size_t buflen );
+int mbedtls_mpi_write_binary(const mbedtls_mpi *X, unsigned char *buf,
+ size_t buflen);
/**
* \brief Export X into unsigned binary data, little endian.
@@ -589,8 +590,8 @@
* large enough to hold the value of \p X.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,
- unsigned char *buf, size_t buflen );
+int mbedtls_mpi_write_binary_le(const mbedtls_mpi *X,
+ unsigned char *buf, size_t buflen);
/**
* \brief Perform a left-shift on an MPI: X <<= count
@@ -602,7 +603,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );
+int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count);
/**
* \brief Perform a right-shift on an MPI: X >>= count
@@ -614,7 +615,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );
+int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count);
/**
* \brief Compare the absolute values of two MPIs.
@@ -626,7 +627,7 @@
* \return \c -1 if `|X|` is lesser than `|Y|`.
* \return \c 0 if `|X|` is equal to `|Y|`.
*/
-int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
+int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y);
/**
* \brief Compare two MPIs.
@@ -638,7 +639,7 @@
* \return \c -1 if \p X is lesser than \p Y.
* \return \c 0 if \p X is equal to \p Y.
*/
-int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
+int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y);
/**
* \brief Check if an MPI is less than the other in constant time.
@@ -655,8 +656,8 @@
* \return MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of
* the two input MPIs is not the same.
*/
-int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y,
- unsigned *ret );
+int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, const mbedtls_mpi *Y,
+ unsigned *ret);
/**
* \brief Compare an MPI with an integer.
@@ -668,7 +669,7 @@
* \return \c -1 if \p X is lesser than \p z.
* \return \c 0 if \p X is equal to \p z.
*/
-int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );
+int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z);
/**
* \brief Perform an unsigned addition of MPIs: X = |A| + |B|
@@ -681,8 +682,8 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
+int mbedtls_mpi_add_abs(mbedtls_mpi *X, const mbedtls_mpi *A,
+ const mbedtls_mpi *B);
/**
* \brief Perform an unsigned subtraction of MPIs: X = |A| - |B|
@@ -696,8 +697,8 @@
* \return Another negative error code on different kinds of failure.
*
*/
-int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
+int mbedtls_mpi_sub_abs(mbedtls_mpi *X, const mbedtls_mpi *A,
+ const mbedtls_mpi *B);
/**
* \brief Perform a signed addition of MPIs: X = A + B
@@ -710,8 +711,8 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
+int mbedtls_mpi_add_mpi(mbedtls_mpi *X, const mbedtls_mpi *A,
+ const mbedtls_mpi *B);
/**
* \brief Perform a signed subtraction of MPIs: X = A - B
@@ -724,8 +725,8 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
+int mbedtls_mpi_sub_mpi(mbedtls_mpi *X, const mbedtls_mpi *A,
+ const mbedtls_mpi *B);
/**
* \brief Perform a signed addition of an MPI and an integer: X = A + b
@@ -738,8 +739,8 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A,
- mbedtls_mpi_sint b );
+int mbedtls_mpi_add_int(mbedtls_mpi *X, const mbedtls_mpi *A,
+ mbedtls_mpi_sint b);
/**
* \brief Perform a signed subtraction of an MPI and an integer:
@@ -753,8 +754,8 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A,
- mbedtls_mpi_sint b );
+int mbedtls_mpi_sub_int(mbedtls_mpi *X, const mbedtls_mpi *A,
+ mbedtls_mpi_sint b);
/**
* \brief Perform a multiplication of two MPIs: X = A * B
@@ -768,8 +769,8 @@
* \return Another negative error code on different kinds of failure.
*
*/
-int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
+int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A,
+ const mbedtls_mpi *B);
/**
* \brief Perform a multiplication of an MPI with an unsigned integer:
@@ -784,8 +785,8 @@
* \return Another negative error code on different kinds of failure.
*
*/
-int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A,
- mbedtls_mpi_uint b );
+int mbedtls_mpi_mul_int(mbedtls_mpi *X, const mbedtls_mpi *A,
+ mbedtls_mpi_uint b);
/**
* \brief Perform a division with remainder of two MPIs:
@@ -805,8 +806,8 @@
* \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
+int mbedtls_mpi_div_mpi(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
+ const mbedtls_mpi *B);
/**
* \brief Perform a division with remainder of an MPI by an integer:
@@ -826,8 +827,8 @@
* \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
- mbedtls_mpi_sint b );
+int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
+ mbedtls_mpi_sint b);
/**
* \brief Perform a modular reduction. R = A mod B
@@ -846,8 +847,8 @@
* \return Another negative error code on different kinds of failure.
*
*/
-int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
+int mbedtls_mpi_mod_mpi(mbedtls_mpi *R, const mbedtls_mpi *A,
+ const mbedtls_mpi *B);
/**
* \brief Perform a modular reduction with respect to an integer.
@@ -865,8 +866,8 @@
* \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A,
- mbedtls_mpi_sint b );
+int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A,
+ mbedtls_mpi_sint b);
/**
* \brief Perform a sliding-window exponentiation: X = A^E mod N
@@ -895,9 +896,9 @@
* \return Another negative error code on different kinds of failures.
*
*/
-int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *E, const mbedtls_mpi *N,
- mbedtls_mpi *prec_RR );
+int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A,
+ const mbedtls_mpi *E, const mbedtls_mpi *N,
+ mbedtls_mpi *prec_RR);
/**
* \brief Fill an MPI with a number of random bytes.
@@ -916,9 +917,9 @@
* as a big-endian representation of an MPI; this can
* be relevant in applications like deterministic ECDSA.
*/
-int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/** Generate a random number uniformly in a range.
*
@@ -952,11 +953,11 @@
* for all usual cryptographic applications.
* \return Another negative error code on failure.
*/
-int mbedtls_mpi_random( mbedtls_mpi *X,
- mbedtls_mpi_sint min,
- const mbedtls_mpi *N,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_mpi_random(mbedtls_mpi *X,
+ mbedtls_mpi_sint min,
+ const mbedtls_mpi *N,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief Compute the greatest common divisor: G = gcd(A, B)
@@ -969,8 +970,8 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
+int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A,
+ const mbedtls_mpi *B);
/**
* \brief Compute the modular inverse: X = A^-1 mod N
@@ -988,8 +989,8 @@
* \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse
* with respect to \p N.
*/
-int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *N );
+int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A,
+ const mbedtls_mpi *N);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -1016,9 +1017,9 @@
* \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
* \return Another negative error code on other kinds of failure.
*/
-MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime(const mbedtls_mpi *X,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -1049,9 +1050,9 @@
* \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X, int rounds,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief Flags for mbedtls_mpi_gen_prime()
*
@@ -1082,9 +1083,9 @@
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between
* \c 3 and #MBEDTLS_MPI_MAX_BITS.
*/
-int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
#if defined(MBEDTLS_SELF_TEST)
@@ -1093,7 +1094,7 @@
*
* \return 0 if successful, or 1 if the test failed
*/
-int mbedtls_mpi_self_test( int verbose );
+int mbedtls_mpi_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h
index d5f8099..7936d2f 100644
--- a/include/mbedtls/blowfish.h
+++ b/include/mbedtls/blowfish.h
@@ -41,7 +41,7 @@
#define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 )
+#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(-0x0016)
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
/** Bad input data. */
#define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016
@@ -65,8 +65,7 @@
/**
* \brief Blowfish context structure
*/
-typedef struct mbedtls_blowfish_context
-{
+typedef struct mbedtls_blowfish_context {
uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
uint32_t S[4][256]; /*!< key dependent S-boxes */
}
@@ -82,7 +81,7 @@
* \param ctx The Blowfish context to be initialized.
* This must not be \c NULL.
*/
-void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx );
+void mbedtls_blowfish_init(mbedtls_blowfish_context *ctx);
/**
* \brief Clear a Blowfish context.
@@ -92,7 +91,7 @@
* returns immediately. If it is not \c NULL, it must
* point to an initialized Blowfish context.
*/
-void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx );
+void mbedtls_blowfish_free(mbedtls_blowfish_context *ctx);
/**
* \brief Perform a Blowfish key schedule operation.
@@ -106,8 +105,8 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
- unsigned int keybits );
+int mbedtls_blowfish_setkey(mbedtls_blowfish_context *ctx, const unsigned char *key,
+ unsigned int keybits);
/**
* \brief Perform a Blowfish-ECB block encryption/decryption operation.
@@ -125,10 +124,10 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
- int mode,
- const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
- unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] );
+int mbedtls_blowfish_crypt_ecb(mbedtls_blowfish_context *ctx,
+ int mode,
+ const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
+ unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE]);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
@@ -159,12 +158,12 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_blowfish_crypt_cbc(mbedtls_blowfish_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
@@ -199,13 +198,13 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_blowfish_crypt_cfb64(mbedtls_blowfish_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output);
#endif /*MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
@@ -272,13 +271,13 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
- unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_blowfish_crypt_ctr(mbedtls_blowfish_context *ctx,
+ size_t length,
+ size_t *nc_off,
+ unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
+ unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#ifdef __cplusplus
diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index bce9ce3..a0bc4d0 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -51,36 +51,36 @@
*/
#if defined(MBEDTLS_HAVE_INT32)
-#define MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ) \
- ( (mbedtls_mpi_uint) (a) << 0 ) | \
- ( (mbedtls_mpi_uint) (b) << 8 ) | \
- ( (mbedtls_mpi_uint) (c) << 16 ) | \
- ( (mbedtls_mpi_uint) (d) << 24 )
+#define MBEDTLS_BYTES_TO_T_UINT_4(a, b, c, d) \
+ ((mbedtls_mpi_uint) (a) << 0) | \
+ ((mbedtls_mpi_uint) (b) << 8) | \
+ ((mbedtls_mpi_uint) (c) << 16) | \
+ ((mbedtls_mpi_uint) (d) << 24)
-#define MBEDTLS_BYTES_TO_T_UINT_2( a, b ) \
- MBEDTLS_BYTES_TO_T_UINT_4( a, b, 0, 0 )
+#define MBEDTLS_BYTES_TO_T_UINT_2(a, b) \
+ MBEDTLS_BYTES_TO_T_UINT_4(a, b, 0, 0)
-#define MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
- MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ), \
- MBEDTLS_BYTES_TO_T_UINT_4( e, f, g, h )
+#define MBEDTLS_BYTES_TO_T_UINT_8(a, b, c, d, e, f, g, h) \
+ MBEDTLS_BYTES_TO_T_UINT_4(a, b, c, d), \
+ MBEDTLS_BYTES_TO_T_UINT_4(e, f, g, h)
#else /* 64-bits */
-#define MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
- ( (mbedtls_mpi_uint) (a) << 0 ) | \
- ( (mbedtls_mpi_uint) (b) << 8 ) | \
- ( (mbedtls_mpi_uint) (c) << 16 ) | \
- ( (mbedtls_mpi_uint) (d) << 24 ) | \
- ( (mbedtls_mpi_uint) (e) << 32 ) | \
- ( (mbedtls_mpi_uint) (f) << 40 ) | \
- ( (mbedtls_mpi_uint) (g) << 48 ) | \
- ( (mbedtls_mpi_uint) (h) << 56 )
+#define MBEDTLS_BYTES_TO_T_UINT_8(a, b, c, d, e, f, g, h) \
+ ((mbedtls_mpi_uint) (a) << 0) | \
+ ((mbedtls_mpi_uint) (b) << 8) | \
+ ((mbedtls_mpi_uint) (c) << 16) | \
+ ((mbedtls_mpi_uint) (d) << 24) | \
+ ((mbedtls_mpi_uint) (e) << 32) | \
+ ((mbedtls_mpi_uint) (f) << 40) | \
+ ((mbedtls_mpi_uint) (g) << 48) | \
+ ((mbedtls_mpi_uint) (h) << 56)
-#define MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ) \
- MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 )
+#define MBEDTLS_BYTES_TO_T_UINT_4(a, b, c, d) \
+ MBEDTLS_BYTES_TO_T_UINT_8(a, b, c, d, 0, 0, 0, 0)
-#define MBEDTLS_BYTES_TO_T_UINT_2( a, b ) \
- MBEDTLS_BYTES_TO_T_UINT_8( a, b, 0, 0, 0, 0, 0, 0 )
+#define MBEDTLS_BYTES_TO_T_UINT_2(a, b) \
+ MBEDTLS_BYTES_TO_T_UINT_8(a, b, 0, 0, 0, 0, 0, 0)
#endif /* bits in mbedtls_mpi_uint */
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index d39d932..05397d2 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -37,7 +37,7 @@
#define MBEDTLS_CAMELLIA_DECRYPT 0
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0024 )
+#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(-0x0024)
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
/** Bad input data. */
#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024
@@ -61,8 +61,7 @@
/**
* \brief CAMELLIA context structure
*/
-typedef struct mbedtls_camellia_context
-{
+typedef struct mbedtls_camellia_context {
int nr; /*!< number of rounds */
uint32_t rk[68]; /*!< CAMELLIA round keys */
}
@@ -78,7 +77,7 @@
* \param ctx The CAMELLIA context to be initialized.
* This must not be \c NULL.
*/
-void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
+void mbedtls_camellia_init(mbedtls_camellia_context *ctx);
/**
* \brief Clear a CAMELLIA context.
@@ -87,7 +86,7 @@
* in which case this function returns immediately. If it is not
* \c NULL, it must be initialized.
*/
-void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
+void mbedtls_camellia_free(mbedtls_camellia_context *ctx);
/**
* \brief Perform a CAMELLIA key schedule operation for encryption.
@@ -101,9 +100,9 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
+int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits);
/**
* \brief Perform a CAMELLIA key schedule operation for decryption.
@@ -117,9 +116,9 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
+int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits);
/**
* \brief Perform a CAMELLIA-ECB block encryption/decryption operation.
@@ -136,10 +135,10 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] );
+int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16]);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
@@ -170,12 +169,12 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
@@ -216,13 +215,13 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
@@ -300,13 +299,13 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[16],
- unsigned char stream_block[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
+ size_t length,
+ size_t *nc_off,
+ unsigned char nonce_counter[16],
+ unsigned char stream_block[16],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_SELF_TEST)
@@ -316,7 +315,7 @@
*
* \return 0 if successful, or 1 if the test failed
*/
-int mbedtls_camellia_self_test( int verbose );
+int mbedtls_camellia_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index ece5a90..f082aba 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -76,8 +76,7 @@
* \brief The CCM context-type definition. The CCM context is passed
* to the APIs called.
*/
-typedef struct mbedtls_ccm_context
-{
+typedef struct mbedtls_ccm_context {
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
}
mbedtls_ccm_context;
@@ -93,7 +92,7 @@
*
* \param ctx The CCM context to initialize. This must not be \c NULL.
*/
-void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
+void mbedtls_ccm_init(mbedtls_ccm_context *ctx);
/**
* \brief This function initializes the CCM context set in the
@@ -108,10 +107,10 @@
* \return \c 0 on success.
* \return A CCM or cipher-specific error code on failure.
*/
-int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
- mbedtls_cipher_id_t cipher,
- const unsigned char *key,
- unsigned int keybits );
+int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx,
+ mbedtls_cipher_id_t cipher,
+ const unsigned char *key,
+ unsigned int keybits);
/**
* \brief This function releases and clears the specified CCM context
@@ -120,7 +119,7 @@
* \param ctx The CCM context to clear. If this is \c NULL, the function
* has no effect. Otherwise, this must be initialized.
*/
-void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
+void mbedtls_ccm_free(mbedtls_ccm_context *ctx);
/**
* \brief This function encrypts a buffer using CCM.
@@ -158,11 +157,11 @@
* \return \c 0 on success.
* \return A CCM or cipher-specific error code on failure.
*/
-int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *add, size_t add_len,
- const unsigned char *input, unsigned char *output,
- unsigned char *tag, size_t tag_len );
+int mbedtls_ccm_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *add, size_t add_len,
+ const unsigned char *input, unsigned char *output,
+ unsigned char *tag, size_t tag_len);
/**
* \brief This function encrypts a buffer using CCM*.
@@ -206,11 +205,11 @@
* \return \c 0 on success.
* \return A CCM or cipher-specific error code on failure.
*/
-int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *add, size_t add_len,
- const unsigned char *input, unsigned char *output,
- unsigned char *tag, size_t tag_len );
+int mbedtls_ccm_star_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *add, size_t add_len,
+ const unsigned char *input, unsigned char *output,
+ unsigned char *tag, size_t tag_len);
/**
* \brief This function performs a CCM authenticated decryption of a
@@ -243,11 +242,11 @@
* \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
* \return A cipher-specific error code on calculation failure.
*/
-int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *add, size_t add_len,
- const unsigned char *input, unsigned char *output,
- const unsigned char *tag, size_t tag_len );
+int mbedtls_ccm_auth_decrypt(mbedtls_ccm_context *ctx, size_t length,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *add, size_t add_len,
+ const unsigned char *input, unsigned char *output,
+ const unsigned char *tag, size_t tag_len);
/**
* \brief This function performs a CCM* authenticated decryption of a
@@ -288,11 +287,11 @@
* \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
* \return A cipher-specific error code on calculation failure.
*/
-int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *add, size_t add_len,
- const unsigned char *input, unsigned char *output,
- const unsigned char *tag, size_t tag_len );
+int mbedtls_ccm_star_auth_decrypt(mbedtls_ccm_context *ctx, size_t length,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *add, size_t add_len,
+ const unsigned char *input, unsigned char *output,
+ const unsigned char *tag, size_t tag_len);
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
/**
@@ -301,7 +300,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_ccm_self_test( int verbose );
+int mbedtls_ccm_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
#ifdef __cplusplus
diff --git a/include/mbedtls/certs.h b/include/mbedtls/certs.h
index c93c741..0ec6971 100644
--- a/include/mbedtls/certs.h
+++ b/include/mbedtls/certs.h
@@ -37,11 +37,11 @@
/* List of all PEM-encoded CA certificates, terminated by NULL;
* PEM encoded if MBEDTLS_PEM_PARSE_C is enabled, DER encoded
* otherwise. */
-extern const char * mbedtls_test_cas[];
+extern const char *mbedtls_test_cas[];
extern const size_t mbedtls_test_cas_len[];
/* List of all DER-encoded CA certificates, terminated by NULL */
-extern const unsigned char * mbedtls_test_cas_der[];
+extern const unsigned char *mbedtls_test_cas_der[];
extern const size_t mbedtls_test_cas_der_len[];
#if defined(MBEDTLS_PEM_PARSE_C)
@@ -112,9 +112,9 @@
/* Config-dependent dispatch between EC and RSA
* (RSA if enabled, otherwise EC) */
-extern const char * mbedtls_test_ca_crt;
-extern const char * mbedtls_test_ca_key;
-extern const char * mbedtls_test_ca_pwd;
+extern const char *mbedtls_test_ca_crt;
+extern const char *mbedtls_test_ca_key;
+extern const char *mbedtls_test_ca_pwd;
extern const size_t mbedtls_test_ca_crt_len;
extern const size_t mbedtls_test_ca_key_len;
extern const size_t mbedtls_test_ca_pwd_len;
@@ -181,9 +181,9 @@
/* Config-dependent dispatch between EC and RSA
* (RSA if enabled, otherwise EC) */
-extern const char * mbedtls_test_srv_crt;
-extern const char * mbedtls_test_srv_key;
-extern const char * mbedtls_test_srv_pwd;
+extern const char *mbedtls_test_srv_crt;
+extern const char *mbedtls_test_srv_key;
+extern const char *mbedtls_test_srv_pwd;
extern const size_t mbedtls_test_srv_crt_len;
extern const size_t mbedtls_test_srv_key_len;
extern const size_t mbedtls_test_srv_pwd_len;
@@ -236,9 +236,9 @@
/* Config-dependent dispatch between EC and RSA
* (RSA if enabled, otherwise EC) */
-extern const char * mbedtls_test_cli_crt;
-extern const char * mbedtls_test_cli_key;
-extern const char * mbedtls_test_cli_pwd;
+extern const char *mbedtls_test_cli_crt;
+extern const char *mbedtls_test_cli_key;
+extern const char *mbedtls_test_cli_pwd;
extern const size_t mbedtls_test_cli_crt_len;
extern const size_t mbedtls_test_cli_key_len;
extern const size_t mbedtls_test_cli_pwd_len;
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index 03b4871..cd9f91a 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -60,8 +60,7 @@
#if !defined(MBEDTLS_CHACHA20_ALT)
-typedef struct mbedtls_chacha20_context
-{
+typedef struct mbedtls_chacha20_context {
uint32_t state[16]; /*! The state (before round operations). */
uint8_t keystream8[64]; /*! Leftover keystream bytes. */
size_t keystream_bytes_used; /*! Number of keystream bytes already used. */
@@ -87,7 +86,7 @@
* \param ctx The ChaCha20 context to initialize.
* This must not be \c NULL.
*/
-void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
+void mbedtls_chacha20_init(mbedtls_chacha20_context *ctx);
/**
* \brief This function releases and clears the specified
@@ -98,7 +97,7 @@
* \c NULL, it must point to an initialized context.
*
*/
-void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
+void mbedtls_chacha20_free(mbedtls_chacha20_context *ctx);
/**
* \brief This function sets the encryption/decryption key.
@@ -116,8 +115,8 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL.
*/
-int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
- const unsigned char key[32] );
+int mbedtls_chacha20_setkey(mbedtls_chacha20_context *ctx,
+ const unsigned char key[32]);
/**
* \brief This function sets the nonce and initial counter value.
@@ -138,9 +137,9 @@
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is
* NULL.
*/
-int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
- const unsigned char nonce[12],
- uint32_t counter );
+int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx,
+ const unsigned char nonce[12],
+ uint32_t counter);
/**
* \brief This function encrypts or decrypts data.
@@ -171,10 +170,10 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
- size_t size,
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_chacha20_update(mbedtls_chacha20_context *ctx,
+ size_t size,
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function encrypts or decrypts data with ChaCha20 and
@@ -204,12 +203,12 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_chacha20_crypt( const unsigned char key[32],
- const unsigned char nonce[12],
- uint32_t counter,
- size_t size,
- const unsigned char* input,
- unsigned char* output );
+int mbedtls_chacha20_crypt(const unsigned char key[32],
+ const unsigned char nonce[12],
+ uint32_t counter,
+ size_t size,
+ const unsigned char *input,
+ unsigned char *output);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -218,7 +217,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_chacha20_self_test( int verbose );
+int mbedtls_chacha20_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index ed568bc..c3f1720 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -50,8 +50,7 @@
extern "C" {
#endif
-typedef enum
-{
+typedef enum {
MBEDTLS_CHACHAPOLY_ENCRYPT, /**< The mode value for performing encryption. */
MBEDTLS_CHACHAPOLY_DECRYPT /**< The mode value for performing decryption. */
}
@@ -61,8 +60,7 @@
#include "mbedtls/chacha20.h"
-typedef struct mbedtls_chachapoly_context
-{
+typedef struct mbedtls_chachapoly_context {
mbedtls_chacha20_context chacha20_ctx; /**< The ChaCha20 context. */
mbedtls_poly1305_context poly1305_ctx; /**< The Poly1305 context. */
uint64_t aad_len; /**< The length (bytes) of the Additional Authenticated Data. */
@@ -118,7 +116,7 @@
*
* \param ctx The ChachaPoly context to initialize. Must not be \c NULL.
*/
-void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx );
+void mbedtls_chachapoly_init(mbedtls_chachapoly_context *ctx);
/**
* \brief This function releases and clears the specified
@@ -127,7 +125,7 @@
* \param ctx The ChachaPoly context to clear. This may be \c NULL, in which
* case this function is a no-op.
*/
-void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx );
+void mbedtls_chachapoly_free(mbedtls_chachapoly_context *ctx);
/**
* \brief This function sets the ChaCha20-Poly1305
@@ -140,8 +138,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
- const unsigned char key[32] );
+int mbedtls_chachapoly_setkey(mbedtls_chachapoly_context *ctx,
+ const unsigned char key[32]);
/**
* \brief This function starts a ChaCha20-Poly1305 encryption or
@@ -168,9 +166,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
- const unsigned char nonce[12],
- mbedtls_chachapoly_mode_t mode );
+int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx,
+ const unsigned char nonce[12],
+ mbedtls_chachapoly_mode_t mode);
/**
* \brief This function feeds additional data to be authenticated
@@ -211,9 +209,9 @@
* if the operations has not been started or has been
* finished, or if the AAD has been finished.
*/
-int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
- const unsigned char *aad,
- size_t aad_len );
+int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx,
+ const unsigned char *aad,
+ size_t aad_len);
/**
* \brief Thus function feeds data to be encrypted or decrypted
@@ -246,10 +244,10 @@
* finished.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
- size_t len,
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx,
+ size_t len,
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function finished the ChaCha20-Poly1305 operation and
@@ -267,8 +265,8 @@
* finished.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
- unsigned char mac[16] );
+int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx,
+ unsigned char mac[16]);
/**
* \brief This function performs a complete ChaCha20-Poly1305
@@ -299,14 +297,14 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
- size_t length,
- const unsigned char nonce[12],
- const unsigned char *aad,
- size_t aad_len,
- const unsigned char *input,
- unsigned char *output,
- unsigned char tag[16] );
+int mbedtls_chachapoly_encrypt_and_tag(mbedtls_chachapoly_context *ctx,
+ size_t length,
+ const unsigned char nonce[12],
+ const unsigned char *aad,
+ size_t aad_len,
+ const unsigned char *input,
+ unsigned char *output,
+ unsigned char tag[16]);
/**
* \brief This function performs a complete ChaCha20-Poly1305
@@ -333,14 +331,14 @@
* if the data was not authentic.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
- size_t length,
- const unsigned char nonce[12],
- const unsigned char *aad,
- size_t aad_len,
- const unsigned char tag[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx,
+ size_t length,
+ const unsigned char nonce[12],
+ const unsigned char *aad,
+ size_t aad_len,
+ const unsigned char tag[16],
+ const unsigned char *input,
+ unsigned char *output);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -349,7 +347,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_chachapoly_self_test( int verbose );
+int mbedtls_chachapoly_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index ce100d3..02421e4 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -49,7 +49,7 @@
#define MBEDTLS_CIPHER_MODE_STREAM
#endif
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
@@ -273,8 +273,7 @@
* Cipher information. Allows calling cipher functions
* in a generic way.
*/
-typedef struct mbedtls_cipher_info_t
-{
+typedef struct mbedtls_cipher_info_t {
/** Full cipher identifier. For example,
* MBEDTLS_CIPHER_AES_256_CBC.
*/
@@ -290,7 +289,7 @@
unsigned int key_bitlen;
/** Name of the cipher. */
- const char * name;
+ const char *name;
/** IV or nonce size, in Bytes.
* For ciphers that accept variable IV sizes,
@@ -315,8 +314,7 @@
/**
* Generic cipher context.
*/
-typedef struct mbedtls_cipher_context_t
-{
+typedef struct mbedtls_cipher_context_t {
/** Information about the associated cipher. */
const mbedtls_cipher_info_t *cipher_info;
@@ -332,8 +330,8 @@
/** Padding functions to use, if relevant for
* the specific cipher mode.
*/
- void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
- int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
+ void (*add_padding)(unsigned char *output, size_t olen, size_t data_len);
+ int (*get_padding)(unsigned char *input, size_t ilen, size_t *data_len);
#endif
/** Buffer for input that has not been processed yet. */
@@ -383,7 +381,7 @@
* \return A statically-allocated array of cipher identifiers
* of type cipher_type_t. The last entry is zero.
*/
-const int *mbedtls_cipher_list( void );
+const int *mbedtls_cipher_list(void);
/**
* \brief This function retrieves the cipher-information
@@ -396,7 +394,7 @@
* given \p cipher_name.
* \return \c NULL if the associated cipher information is not found.
*/
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string(const char *cipher_name);
/**
* \brief This function retrieves the cipher-information
@@ -408,7 +406,7 @@
* given \p cipher_type.
* \return \c NULL if the associated cipher information is not found.
*/
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type(const mbedtls_cipher_type_t cipher_type);
/**
* \brief This function retrieves the cipher-information
@@ -424,16 +422,16 @@
* given \p cipher_id.
* \return \c NULL if the associated cipher information is not found.
*/
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
- int key_bitlen,
- const mbedtls_cipher_mode_t mode );
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values(const mbedtls_cipher_id_t cipher_id,
+ int key_bitlen,
+ const mbedtls_cipher_mode_t mode);
/**
* \brief This function initializes a \p cipher_context as NONE.
*
* \param ctx The context to be initialized. This must not be \c NULL.
*/
-void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
+void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx);
/**
* \brief This function frees and clears the cipher-specific
@@ -444,7 +442,7 @@
* function has no effect, otherwise this must point to an
* initialized context.
*/
-void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
+void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx);
/**
@@ -464,8 +462,8 @@
* In future versions, the caller will be required to call
* mbedtls_cipher_init() on the structure first.
*/
-int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
- const mbedtls_cipher_info_t *cipher_info );
+int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx,
+ const mbedtls_cipher_info_t *cipher_info);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
@@ -489,9 +487,9 @@
* \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
* cipher-specific context fails.
*/
-int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
- const mbedtls_cipher_info_t *cipher_info,
- size_t taglen );
+int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
+ const mbedtls_cipher_info_t *cipher_info,
+ size_t taglen);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/**
@@ -503,11 +501,12 @@
* \return \c 0 if \p ctx has not been initialized.
*/
static inline unsigned int mbedtls_cipher_get_block_size(
- const mbedtls_cipher_context_t *ctx )
+ const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->cipher_info == NULL )
+ MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
+ if (ctx->cipher_info == NULL) {
return 0;
+ }
return ctx->cipher_info->block_size;
}
@@ -522,11 +521,12 @@
* \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
*/
static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
- const mbedtls_cipher_context_t *ctx )
+ const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
- if( ctx->cipher_info == NULL )
+ MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_MODE_NONE);
+ if (ctx->cipher_info == NULL) {
return MBEDTLS_MODE_NONE;
+ }
return ctx->cipher_info->mode;
}
@@ -542,14 +542,16 @@
* \return The actual size if an IV has been set.
*/
static inline int mbedtls_cipher_get_iv_size(
- const mbedtls_cipher_context_t *ctx )
+ const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->cipher_info == NULL )
+ MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
+ if (ctx->cipher_info == NULL) {
return 0;
+ }
- if( ctx->iv_size != 0 )
+ if (ctx->iv_size != 0) {
return (int) ctx->iv_size;
+ }
return (int) ctx->cipher_info->iv_size;
}
@@ -563,12 +565,13 @@
* \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
*/
static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
- const mbedtls_cipher_context_t *ctx )
+ const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET(
- ctx != NULL, MBEDTLS_CIPHER_NONE );
- if( ctx->cipher_info == NULL )
+ ctx != NULL, MBEDTLS_CIPHER_NONE);
+ if (ctx->cipher_info == NULL) {
return MBEDTLS_CIPHER_NONE;
+ }
return ctx->cipher_info->type;
}
@@ -583,11 +586,12 @@
* \return NULL if \p ctx has not been not initialized.
*/
static inline const char *mbedtls_cipher_get_name(
- const mbedtls_cipher_context_t *ctx )
+ const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->cipher_info == NULL )
+ MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
+ if (ctx->cipher_info == NULL) {
return 0;
+ }
return ctx->cipher_info->name;
}
@@ -602,12 +606,13 @@
* initialized.
*/
static inline int mbedtls_cipher_get_key_bitlen(
- const mbedtls_cipher_context_t *ctx )
+ const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET(
- ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
- if( ctx->cipher_info == NULL )
+ ctx != NULL, MBEDTLS_KEY_LENGTH_NONE);
+ if (ctx->cipher_info == NULL) {
return MBEDTLS_KEY_LENGTH_NONE;
+ }
return (int) ctx->cipher_info->key_bitlen;
}
@@ -621,12 +626,13 @@
* \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
*/
static inline mbedtls_operation_t mbedtls_cipher_get_operation(
- const mbedtls_cipher_context_t *ctx )
+ const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET(
- ctx != NULL, MBEDTLS_OPERATION_NONE );
- if( ctx->cipher_info == NULL )
+ ctx != NULL, MBEDTLS_OPERATION_NONE);
+ if (ctx->cipher_info == NULL) {
return MBEDTLS_OPERATION_NONE;
+ }
return ctx->operation;
}
@@ -647,10 +653,10 @@
* parameter-verification failure.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
- const unsigned char *key,
- int key_bitlen,
- const mbedtls_operation_t operation );
+int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
+ const unsigned char *key,
+ int key_bitlen,
+ const mbedtls_operation_t operation);
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/**
@@ -669,8 +675,8 @@
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
* does not support padding.
*/
-int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
- mbedtls_cipher_padding_t mode );
+int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx,
+ mbedtls_cipher_padding_t mode);
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
/**
@@ -691,9 +697,9 @@
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
*/
-int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv,
- size_t iv_len );
+int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv,
+ size_t iv_len);
/**
* \brief This function resets the cipher state.
@@ -704,7 +710,7 @@
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
*/
-int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
+int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx);
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/**
@@ -721,8 +727,8 @@
* \return \c 0 on success.
* \return A specific error code on failure.
*/
-int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
- const unsigned char *ad, size_t ad_len );
+int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx,
+ const unsigned char *ad, size_t ad_len);
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
/**
@@ -759,10 +765,10 @@
* unsupported mode for a cipher.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx,
- const unsigned char *input,
- size_t ilen, unsigned char *output,
- size_t *olen );
+int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx,
+ const unsigned char *input,
+ size_t ilen, unsigned char *output,
+ size_t *olen);
/**
* \brief The generic cipher finalization function. If data still
@@ -786,8 +792,8 @@
* while decrypting.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
- unsigned char *output, size_t *olen );
+int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx,
+ unsigned char *output, size_t *olen);
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/**
@@ -806,8 +812,8 @@
* \return \c 0 on success.
* \return A specific error code on failure.
*/
-int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
- unsigned char *tag, size_t tag_len );
+int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx,
+ unsigned char *tag, size_t tag_len);
/**
* \brief This function checks the tag for AEAD ciphers.
@@ -822,8 +828,8 @@
* \return \c 0 on success.
* \return A specific error code on failure.
*/
-int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
- const unsigned char *tag, size_t tag_len );
+int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx,
+ const unsigned char *tag, size_t tag_len);
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
/**
@@ -859,13 +865,13 @@
* while decrypting.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen );
+int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen);
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
#else
@@ -918,12 +924,12 @@
* \return A cipher-specific error code on failure.
*/
int MBEDTLS_DEPRECATED mbedtls_cipher_auth_encrypt(
- mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen,
- unsigned char *tag, size_t tag_len );
+ mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen,
+ unsigned char *tag, size_t tag_len);
/**
* \brief The generic authenticated decryption (AEAD) function.
@@ -977,12 +983,12 @@
* \return A cipher-specific error code on failure.
*/
int MBEDTLS_DEPRECATED mbedtls_cipher_auth_decrypt(
- mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen,
- const unsigned char *tag, size_t tag_len );
+ mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen,
+ const unsigned char *tag, size_t tag_len);
#undef MBEDTLS_DEPRECATED
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_CIPHER_MODE_AEAD */
@@ -1032,12 +1038,12 @@
* parameter-verification failure.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t output_len,
- size_t *olen, size_t tag_len );
+int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t output_len,
+ size_t *olen, size_t tag_len);
/**
* \brief The authenticated encryption (AEAD/NIST_KW) function.
@@ -1088,12 +1094,12 @@
* \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_auth_decrypt_ext( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t output_len,
- size_t *olen, size_t tag_len );
+int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t output_len,
+ size_t *olen, size_t tag_len);
#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */
#ifdef __cplusplus
}
diff --git a/include/mbedtls/cipher_internal.h b/include/mbedtls/cipher_internal.h
index 2484c01..c77bb8c 100644
--- a/include/mbedtls/cipher_internal.h
+++ b/include/mbedtls/cipher_internal.h
@@ -43,82 +43,79 @@
/**
* Base cipher information. The non-mode specific functions and values.
*/
-struct mbedtls_cipher_base_t
-{
+struct mbedtls_cipher_base_t {
/** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
mbedtls_cipher_id_t cipher;
/** Encrypt using ECB */
- int (*ecb_func)( void *ctx, mbedtls_operation_t mode,
- const unsigned char *input, unsigned char *output );
+ int (*ecb_func)(void *ctx, mbedtls_operation_t mode,
+ const unsigned char *input, unsigned char *output);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/** Encrypt using CBC */
- int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length,
- unsigned char *iv, const unsigned char *input,
- unsigned char *output );
+ int (*cbc_func)(void *ctx, mbedtls_operation_t mode, size_t length,
+ unsigned char *iv, const unsigned char *input,
+ unsigned char *output);
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
/** Encrypt using CFB (Full length) */
- int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off,
- unsigned char *iv, const unsigned char *input,
- unsigned char *output );
+ int (*cfb_func)(void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off,
+ unsigned char *iv, const unsigned char *input,
+ unsigned char *output);
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
/** Encrypt using OFB (Full length) */
- int (*ofb_func)( void *ctx, size_t length, size_t *iv_off,
- unsigned char *iv,
- const unsigned char *input,
- unsigned char *output );
+ int (*ofb_func)(void *ctx, size_t length, size_t *iv_off,
+ unsigned char *iv,
+ const unsigned char *input,
+ unsigned char *output);
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
/** Encrypt using CTR */
- int (*ctr_func)( void *ctx, size_t length, size_t *nc_off,
- unsigned char *nonce_counter, unsigned char *stream_block,
- const unsigned char *input, unsigned char *output );
+ int (*ctr_func)(void *ctx, size_t length, size_t *nc_off,
+ unsigned char *nonce_counter, unsigned char *stream_block,
+ const unsigned char *input, unsigned char *output);
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/** Encrypt or decrypt using XTS. */
- int (*xts_func)( void *ctx, mbedtls_operation_t mode, size_t length,
- const unsigned char data_unit[16],
- const unsigned char *input, unsigned char *output );
+ int (*xts_func)(void *ctx, mbedtls_operation_t mode, size_t length,
+ const unsigned char data_unit[16],
+ const unsigned char *input, unsigned char *output);
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
/** Encrypt using STREAM */
- int (*stream_func)( void *ctx, size_t length,
- const unsigned char *input, unsigned char *output );
+ int (*stream_func)(void *ctx, size_t length,
+ const unsigned char *input, unsigned char *output);
#endif
/** Set key for encryption purposes */
- int (*setkey_enc_func)( void *ctx, const unsigned char *key,
- unsigned int key_bitlen );
+ int (*setkey_enc_func)(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen);
/** Set key for decryption purposes */
- int (*setkey_dec_func)( void *ctx, const unsigned char *key,
- unsigned int key_bitlen);
+ int (*setkey_dec_func)(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen);
/** Allocate a new context */
- void * (*ctx_alloc_func)( void );
+ void * (*ctx_alloc_func)(void);
/** Free the given context */
- void (*ctx_free_func)( void *ctx );
+ void (*ctx_free_func)(void *ctx);
};
-typedef struct
-{
+typedef struct {
mbedtls_cipher_type_t type;
const mbedtls_cipher_info_t *info;
} mbedtls_cipher_definition_t;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-typedef enum
-{
+typedef enum {
MBEDTLS_CIPHER_PSA_KEY_UNSET = 0,
MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts which */
/* use raw key material internally imported */
@@ -131,8 +128,7 @@
/* destroyed when the context is freed. */
} mbedtls_cipher_psa_key_ownership;
-typedef struct
-{
+typedef struct {
psa_algorithm_t alg;
psa_key_id_t slot;
mbedtls_cipher_psa_key_ownership slot_state;
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 8934886..254995c 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -56,8 +56,7 @@
/**
* The CMAC context structure.
*/
-struct mbedtls_cmac_context_t
-{
+struct mbedtls_cmac_context_t {
/** The internal state of the CMAC algorithm. */
unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX];
@@ -103,8 +102,8 @@
* \return \c 0 on success.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
- const unsigned char *key, size_t keybits );
+int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx,
+ const unsigned char *key, size_t keybits);
/**
* \brief This function feeds an input buffer into an ongoing CMAC
@@ -128,8 +127,8 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
-int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
- const unsigned char *input, size_t ilen );
+int mbedtls_cipher_cmac_update(mbedtls_cipher_context_t *ctx,
+ const unsigned char *input, size_t ilen);
/**
* \brief This function finishes an ongoing CMAC operation, and
@@ -147,8 +146,8 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
-int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
- unsigned char *output );
+int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx,
+ unsigned char *output);
/**
* \brief This function starts a new CMAC operation with the same
@@ -166,7 +165,7 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
-int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
+int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx);
/**
* \brief This function calculates the full generic CMAC
@@ -195,10 +194,10 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
-int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
- const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char *output );
+int mbedtls_cipher_cmac(const mbedtls_cipher_info_t *cipher_info,
+ const unsigned char *key, size_t keylen,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output);
#if defined(MBEDTLS_AES_C)
/**
@@ -218,12 +217,12 @@
*
* \return \c 0 on success.
*/
-int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
- const unsigned char *input, size_t in_len,
- unsigned char output[16] );
+int mbedtls_aes_cmac_prf_128(const unsigned char *key, size_t key_len,
+ const unsigned char *input, size_t in_len,
+ unsigned char output[16]);
#endif /* MBEDTLS_AES_C */
-#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
+#if defined(MBEDTLS_SELF_TEST) && (defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C))
/**
* \brief The CMAC checkup routine.
*
@@ -237,7 +236,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_cmac_self_test( int verbose );
+int mbedtls_cmac_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
#ifdef __cplusplus
diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h
index 4017751..3a34cf6 100644
--- a/include/mbedtls/compat-1.3.h
+++ b/include/mbedtls/compat-1.3.h
@@ -29,7 +29,7 @@
#include MBEDTLS_CONFIG_FILE
#endif
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
#warning "Including compat-1.3.h is deprecated"
@@ -597,7 +597,8 @@
#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
#endif
#if defined MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION \
+ MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
#endif
#if defined MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
#define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
@@ -1382,8 +1383,8 @@
#define SSL_ANTI_REPLAY_ENABLED MBEDTLS_SSL_ANTI_REPLAY_ENABLED
#define SSL_ARC4_DISABLED MBEDTLS_SSL_ARC4_DISABLED
#define SSL_ARC4_ENABLED MBEDTLS_SSL_ARC4_ENABLED
-#define SSL_BUFFER_LEN ( ( ( MBEDTLS_SSL_IN_BUFFER_LEN ) < ( MBEDTLS_SSL_OUT_BUFFER_LEN ) ) \
- ? ( MBEDTLS_SSL_IN_BUFFER_LEN ) : ( MBEDTLS_SSL_OUT_BUFFER_LEN ) )
+#define SSL_BUFFER_LEN (((MBEDTLS_SSL_IN_BUFFER_LEN) < (MBEDTLS_SSL_OUT_BUFFER_LEN)) \
+ ? (MBEDTLS_SSL_IN_BUFFER_LEN) : (MBEDTLS_SSL_OUT_BUFFER_LEN))
#define SSL_CACHE_DEFAULT_MAX_ENTRIES MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES
#define SSL_CACHE_DEFAULT_TIMEOUT MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT
#define SSL_CBC_RECORD_SPLITTING_DISABLED MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
@@ -1554,10 +1555,14 @@
#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \
+ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \
+ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \
+ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \
+ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
#define TLS_ECDHE_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
@@ -1565,8 +1570,10 @@
#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
-#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 \
+ MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 \
+ MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
#define TLS_ECDHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
#define TLS_ECDHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
#define TLS_ECDHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
@@ -1578,10 +1585,14 @@
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
+ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
+ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \
+ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \
+ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
#define TLS_ECDHE_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
#define TLS_ECDHE_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
@@ -1591,10 +1602,14 @@
#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
#define TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
-#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \
+ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \
+ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \
+ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \
+ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
#define TLS_ECDH_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
@@ -2492,7 +2507,8 @@
#define x509write_crt_free mbedtls_x509write_crt_free
#define x509write_crt_init mbedtls_x509write_crt_init
#define x509write_crt_pem mbedtls_x509write_crt_pem
-#define x509write_crt_set_authority_key_identifier mbedtls_x509write_crt_set_authority_key_identifier
+#define x509write_crt_set_authority_key_identifier \
+ mbedtls_x509write_crt_set_authority_key_identifier
#define x509write_crt_set_basic_constraints mbedtls_x509write_crt_set_basic_constraints
#define x509write_crt_set_extension mbedtls_x509write_crt_set_extension
#define x509write_crt_set_issuer_key mbedtls_x509write_crt_set_issuer_key
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index d27fb54..8a5c68f 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -274,9 +274,9 @@
(defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
(defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
(defined(PSA_WANT_ALG_CBC_PKCS7) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
(defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC))
#define PSA_HAVE_SOFT_BLOCK_MODE 1
#endif
diff --git a/include/mbedtls/constant_time.h b/include/mbedtls/constant_time.h
index c5de57a..8419c99 100644
--- a/include/mbedtls/constant_time.h
+++ b/include/mbedtls/constant_time.h
@@ -38,8 +38,8 @@
* \return Zero if the content of the two buffer is the same,
* otherwise non-zero.
*/
-int mbedtls_ct_memcmp( const void *a,
- const void *b,
- size_t n );
+int mbedtls_ct_memcmp(const void *a,
+ const void *b,
+ size_t n);
#endif /* MBEDTLS_CONSTANT_TIME_H */
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index e68237a..1bf427c 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -80,8 +80,8 @@
*/
#endif
-#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */
-#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */
+#define MBEDTLS_CTR_DRBG_KEYBITS (MBEDTLS_CTR_DRBG_KEYSIZE * 8) /**< The key size for the DRBG operation, in bits. */
+#define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */
/**
* \name SECTION: Module settings
@@ -164,14 +164,13 @@
* the entropy source does not provide enough material to form a nonce.
* See the documentation of mbedtls_ctr_drbg_seed() for more information.
*/
-#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN ( MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1 ) / 2
+#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2
#endif
/**
* \brief The CTR_DRBG context structure.
*/
-typedef struct mbedtls_ctr_drbg_context
-{
+typedef struct mbedtls_ctr_drbg_context {
unsigned char counter[16]; /*!< The counter (V). */
int reseed_counter; /*!< The reseed counter.
* This is the number of requests that have
@@ -199,7 +198,7 @@
* Callbacks (Entropy)
*/
int (*f_entropy)(void *, unsigned char *, size_t);
- /*!< The entropy callback function. */
+ /*!< The entropy callback function. */
void *p_entropy; /*!< The context for the entropy function. */
@@ -228,7 +227,7 @@
*
* \param ctx The CTR_DRBG context to initialize.
*/
-void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
+void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx);
/**
* \brief This function seeds and sets up the CTR_DRBG
@@ -329,11 +328,11 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
*/
-int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
- int (*f_entropy)(void *, unsigned char *, size_t),
- void *p_entropy,
- const unsigned char *custom,
- size_t len );
+int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx,
+ int (*f_entropy)(void *, unsigned char *, size_t),
+ void *p_entropy,
+ const unsigned char *custom,
+ size_t len);
/**
* \brief This function resets CTR_DRBG context to the state immediately
@@ -341,7 +340,7 @@
*
* \param ctx The CTR_DRBG context to clear.
*/
-void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
+void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx);
/**
* \brief This function turns prediction resistance on or off.
@@ -356,8 +355,8 @@
* \param ctx The CTR_DRBG context.
* \param resistance #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF.
*/
-void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
- int resistance );
+void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx,
+ int resistance);
/**
* \brief This function sets the amount of entropy grabbed on each
@@ -383,8 +382,8 @@
* and at most the maximum length accepted by the
* entropy function that is set in the context.
*/
-void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
- size_t len );
+void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx,
+ size_t len);
/**
* \brief This function sets the amount of entropy grabbed
@@ -405,8 +404,8 @@
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
* if the initial seeding has already taken place.
*/
-int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
- size_t len );
+int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx,
+ size_t len);
/**
* \brief This function sets the reseed interval.
@@ -420,8 +419,8 @@
* \param ctx The CTR_DRBG context.
* \param interval The reseed interval.
*/
-void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
- int interval );
+void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx,
+ int interval);
/**
* \brief This function reseeds the CTR_DRBG context, that is
@@ -443,8 +442,8 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
*/
-int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional, size_t len );
+int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx,
+ const unsigned char *additional, size_t len);
/**
* \brief This function updates the state of the CTR_DRBG context.
@@ -466,9 +465,9 @@
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
* \return An error from the underlying AES cipher on failure.
*/
-int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional,
- size_t add_len );
+int mbedtls_ctr_drbg_update_ret(mbedtls_ctr_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t add_len);
/**
* \brief This function updates a CTR_DRBG instance with additional
@@ -501,9 +500,9 @@
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
*/
-int mbedtls_ctr_drbg_random_with_add( void *p_rng,
- unsigned char *output, size_t output_len,
- const unsigned char *additional, size_t add_len );
+int mbedtls_ctr_drbg_random_with_add(void *p_rng,
+ unsigned char *output, size_t output_len,
+ const unsigned char *additional, size_t add_len);
/**
* \brief This function uses CTR_DRBG to generate random data.
@@ -529,11 +528,11 @@
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
*/
-int mbedtls_ctr_drbg_random( void *p_rng,
- unsigned char *output, size_t output_len );
+int mbedtls_ctr_drbg_random(void *p_rng,
+ unsigned char *output, size_t output_len);
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
#else
@@ -557,7 +556,7 @@
MBEDTLS_DEPRECATED void mbedtls_ctr_drbg_update(
mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional,
- size_t add_len );
+ size_t add_len);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -573,7 +572,7 @@
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on reseed
* failure.
*/
-int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
+int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path);
/**
* \brief This function reads and updates a seed file. The seed
@@ -589,7 +588,7 @@
* \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if the existing
* seed file is too large.
*/
-int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
+int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path);
#endif /* MBEDTLS_FS_IO */
#if defined(MBEDTLS_SELF_TEST)
@@ -600,7 +599,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_ctr_drbg_self_test( int verbose );
+int mbedtls_ctr_drbg_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index 4fc4662..bcc640c 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -36,47 +36,47 @@
#if defined(MBEDTLS_DEBUG_C)
-#define MBEDTLS_DEBUG_STRIP_PARENS( ... ) __VA_ARGS__
+#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__
-#define MBEDTLS_SSL_DEBUG_MSG( level, args ) \
- mbedtls_debug_print_msg( ssl, level, __FILE__, __LINE__, \
- MBEDTLS_DEBUG_STRIP_PARENS args )
+#define MBEDTLS_SSL_DEBUG_MSG(level, args) \
+ mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \
+ MBEDTLS_DEBUG_STRIP_PARENS args)
-#define MBEDTLS_SSL_DEBUG_RET( level, text, ret ) \
- mbedtls_debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret )
+#define MBEDTLS_SSL_DEBUG_RET(level, text, ret) \
+ mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret)
-#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len ) \
- mbedtls_debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len )
+#define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \
+ mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len)
#if defined(MBEDTLS_BIGNUM_C)
-#define MBEDTLS_SSL_DEBUG_MPI( level, text, X ) \
- mbedtls_debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X )
+#define MBEDTLS_SSL_DEBUG_MPI(level, text, X) \
+ mbedtls_debug_print_mpi(ssl, level, __FILE__, __LINE__, text, X)
#endif
#if defined(MBEDTLS_ECP_C)
-#define MBEDTLS_SSL_DEBUG_ECP( level, text, X ) \
- mbedtls_debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X )
+#define MBEDTLS_SSL_DEBUG_ECP(level, text, X) \
+ mbedtls_debug_print_ecp(ssl, level, __FILE__, __LINE__, text, X)
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) \
- mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt )
+#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \
+ mbedtls_debug_print_crt(ssl, level, __FILE__, __LINE__, text, crt)
#endif
#if defined(MBEDTLS_ECDH_C)
-#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) \
- mbedtls_debug_printf_ecdh( ssl, level, __FILE__, __LINE__, ecdh, attr )
+#define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) \
+ mbedtls_debug_printf_ecdh(ssl, level, __FILE__, __LINE__, ecdh, attr)
#endif
#else /* MBEDTLS_DEBUG_C */
-#define MBEDTLS_SSL_DEBUG_MSG( level, args ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_RET( level, text, ret ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_MPI( level, text, X ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_ECP( level, text, X ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_MSG(level, args) do { } while (0)
+#define MBEDTLS_SSL_DEBUG_RET(level, text, ret) do { } while (0)
+#define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) do { } while (0)
+#define MBEDTLS_SSL_DEBUG_MPI(level, text, X) do { } while (0)
+#define MBEDTLS_SSL_DEBUG_ECP(level, text, X) do { } while (0)
+#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0)
+#define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) do { } while (0)
#endif /* MBEDTLS_DEBUG_C */
@@ -96,7 +96,7 @@
#if __has_attribute(format)
#if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1
#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
- __attribute__((__format__ (gnu_printf, string_index, first_to_check)))
+ __attribute__((__format__(gnu_printf, string_index, first_to_check)))
#else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */
#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
__attribute__((format(printf, string_index, first_to_check)))
@@ -124,10 +124,12 @@
#include <inttypes.h>
#define MBEDTLS_PRINTF_SIZET PRIuPTR
#define MBEDTLS_PRINTF_LONGLONG "I64d"
-#else /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
+#else \
+ /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
#define MBEDTLS_PRINTF_SIZET "zu"
#define MBEDTLS_PRINTF_LONGLONG "lld"
-#endif /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
+#endif \
+ /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
#ifdef __cplusplus
extern "C" {
@@ -148,7 +150,7 @@
* - 3 Informational
* - 4 Verbose
*/
-void mbedtls_debug_set_threshold( int threshold );
+void mbedtls_debug_set_threshold(int threshold);
/**
* \brief Print a message to the debug output. This function is always used
@@ -165,9 +167,9 @@
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
-void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *format, ... ) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
+void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *format, ...) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
/**
* \brief Print the return value of a function to the debug output. This
@@ -184,9 +186,9 @@
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
-void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, int ret );
+void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, int ret);
/**
* \brief Output a buffer of size len bytes to the debug output. This function
@@ -205,9 +207,9 @@
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
-void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line, const char *text,
- const unsigned char *buf, size_t len );
+void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line, const char *text,
+ const unsigned char *buf, size_t len);
#if defined(MBEDTLS_BIGNUM_C)
/**
@@ -226,9 +228,9 @@
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
-void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_mpi *X );
+void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const mbedtls_mpi *X);
#endif
#if defined(MBEDTLS_ECP_C)
@@ -248,9 +250,9 @@
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
-void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_ecp_point *X );
+void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const mbedtls_ecp_point *X);
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -269,14 +271,13 @@
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
-void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_x509_crt *crt );
+void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const mbedtls_x509_crt *crt);
#endif
#if defined(MBEDTLS_ECDH_C)
-typedef enum
-{
+typedef enum {
MBEDTLS_DEBUG_ECDH_Q,
MBEDTLS_DEBUG_ECDH_QP,
MBEDTLS_DEBUG_ECDH_Z,
@@ -298,10 +299,10 @@
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
-void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const mbedtls_ecdh_context *ecdh,
- mbedtls_debug_ecdh_attr attr );
+void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const mbedtls_ecdh_context *ecdh,
+ mbedtls_debug_ecdh_attr attr);
#endif
#ifdef __cplusplus
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 325aab5..2944d5c 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -64,8 +64,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
-typedef struct mbedtls_des_context
-{
+typedef struct mbedtls_des_context {
uint32_t sk[32]; /*!< DES subkeys */
}
mbedtls_des_context;
@@ -73,8 +72,7 @@
/**
* \brief Triple-DES context structure
*/
-typedef struct mbedtls_des3_context
-{
+typedef struct mbedtls_des3_context {
uint32_t sk[96]; /*!< 3DES subkeys */
}
mbedtls_des3_context;
@@ -92,7 +90,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
-void mbedtls_des_init( mbedtls_des_context *ctx );
+void mbedtls_des_init(mbedtls_des_context *ctx);
/**
* \brief Clear DES context
@@ -103,21 +101,21 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
-void mbedtls_des_free( mbedtls_des_context *ctx );
+void mbedtls_des_free(mbedtls_des_context *ctx);
/**
* \brief Initialize Triple-DES context
*
* \param ctx DES3 context to be initialized
*/
-void mbedtls_des3_init( mbedtls_des3_context *ctx );
+void mbedtls_des3_init(mbedtls_des3_context *ctx);
/**
* \brief Clear Triple-DES context
*
* \param ctx DES3 context to be cleared
*/
-void mbedtls_des3_free( mbedtls_des3_context *ctx );
+void mbedtls_des3_free(mbedtls_des3_context *ctx);
/**
* \brief Set key parity on the given key to odd.
@@ -131,7 +129,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
-void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE]);
/**
* \brief Check that key parity on the given key is odd.
@@ -148,7 +146,7 @@
* instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+int mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
/**
* \brief Check that key is not a weak or semi-weak DES key
@@ -162,7 +160,7 @@
* instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
/**
* \brief DES key schedule (56-bit, encryption)
@@ -177,7 +175,7 @@
* instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
/**
* \brief DES key schedule (56-bit, decryption)
@@ -192,7 +190,7 @@
* instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
/**
* \brief Triple-DES key schedule (112-bit, encryption)
@@ -203,8 +201,8 @@
* \return 0
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
- const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
+int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx,
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]);
/**
* \brief Triple-DES key schedule (112-bit, decryption)
@@ -215,8 +213,8 @@
* \return 0
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
- const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
+int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx,
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]);
/**
* \brief Triple-DES key schedule (168-bit, encryption)
@@ -227,8 +225,8 @@
* \return 0
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
- const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
+int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx,
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]);
/**
* \brief Triple-DES key schedule (168-bit, decryption)
@@ -239,8 +237,8 @@
* \return 0
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
- const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
+int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx,
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]);
/**
* \brief DES-ECB block encryption/decryption
@@ -256,9 +254,9 @@
* instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
- const unsigned char input[8],
- unsigned char output[8] );
+int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx,
+ const unsigned char input[8],
+ unsigned char output[8]);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
@@ -284,12 +282,12 @@
* instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[8],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[8],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
/**
@@ -302,9 +300,9 @@
* \return 0 if successful
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
- const unsigned char input[8],
- unsigned char output[8] );
+int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx,
+ const unsigned char input[8],
+ unsigned char output[8]);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
@@ -328,12 +326,12 @@
* \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[8],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[8],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
/**
@@ -348,8 +346,8 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
-void mbedtls_des_setkey( uint32_t SK[32],
- const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+void mbedtls_des_setkey(uint32_t SK[32],
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
#if defined(MBEDTLS_SELF_TEST)
@@ -359,7 +357,7 @@
* \return 0 if successful, or 1 if the test failed
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_des_self_test( int verbose );
+int mbedtls_des_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index c4b15a2..117af93 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -108,8 +108,7 @@
/**
* \brief The DHM context structure.
*/
-typedef struct mbedtls_dhm_context
-{
+typedef struct mbedtls_dhm_context {
size_t len; /*!< The size of \p P in Bytes. */
mbedtls_mpi P; /*!< The prime modulus. */
mbedtls_mpi G; /*!< The generator. */
@@ -133,7 +132,7 @@
*
* \param ctx The DHM context to initialize.
*/
-void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
+void mbedtls_dhm_init(mbedtls_dhm_context *ctx);
/**
* \brief This function parses the DHM parameters in a
@@ -157,9 +156,9 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
-int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
- unsigned char **p,
- const unsigned char *end );
+int mbedtls_dhm_read_params(mbedtls_dhm_context *ctx,
+ unsigned char **p,
+ const unsigned char *end);
/**
* \brief This function generates a DHM key pair and exports its
@@ -193,10 +192,10 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
-int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
- unsigned char *output, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_dhm_make_params(mbedtls_dhm_context *ctx, int x_size,
+ unsigned char *output, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function sets the prime modulus and generator.
@@ -213,9 +212,9 @@
* \return \c 0 if successful.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
-int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
- const mbedtls_mpi *P,
- const mbedtls_mpi *G );
+int mbedtls_dhm_set_group(mbedtls_dhm_context *ctx,
+ const mbedtls_mpi *P,
+ const mbedtls_mpi *G);
/**
* \brief This function imports the raw public value of the peer.
@@ -233,8 +232,8 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
-int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
- const unsigned char *input, size_t ilen );
+int mbedtls_dhm_read_public(mbedtls_dhm_context *ctx,
+ const unsigned char *input, size_t ilen);
/**
* \brief This function creates a DHM key pair and exports
@@ -260,10 +259,10 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
-int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
- unsigned char *output, size_t olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_dhm_make_public(mbedtls_dhm_context *ctx, int x_size,
+ unsigned char *output, size_t olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function derives and exports the shared secret
@@ -291,10 +290,10 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
-int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
- unsigned char *output, size_t output_size, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_dhm_calc_secret(mbedtls_dhm_context *ctx,
+ unsigned char *output, size_t output_size, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function frees and clears the components
@@ -304,7 +303,7 @@
* in which case this function is a no-op. If it is not \c NULL,
* it must point to an initialized DHM context.
*/
-void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
+void mbedtls_dhm_free(mbedtls_dhm_context *ctx);
#if defined(MBEDTLS_ASN1_PARSE_C)
/**
@@ -321,8 +320,8 @@
* \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error
* code on failure.
*/
-int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
- size_t dhminlen );
+int mbedtls_dhm_parse_dhm(mbedtls_dhm_context *dhm, const unsigned char *dhmin,
+ size_t dhminlen);
#if defined(MBEDTLS_FS_IO)
/**
@@ -337,7 +336,7 @@
* \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX
* error code on failure.
*/
-int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
+int mbedtls_dhm_parse_dhmfile(mbedtls_dhm_context *dhm, const char *path);
#endif /* MBEDTLS_FS_IO */
#endif /* MBEDTLS_ASN1_PARSE_C */
@@ -349,7 +348,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_dhm_self_test( int verbose );
+int mbedtls_dhm_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
@@ -426,7 +425,7 @@
"CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \
"BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \
"C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \
- "CF9DE5384E71B81C0AC4DFFE0C10E64F" )
+ "CF9DE5384E71B81C0AC4DFFE0C10E64F")
/**
* The hexadecimal presentation of the chosen generator of the 2048-bit MODP
@@ -445,7 +444,7 @@
"10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381" \
"B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269" \
"EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179" \
- "81BC087F2A7065B384B890D3191F2BFA" )
+ "81BC087F2A7065B384B890D3191F2BFA")
/**
* The hexadecimal presentation of the prime underlying the 2048-bit MODP
@@ -470,7 +469,7 @@
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
- "15728E5A8AACAA68FFFFFFFFFFFFFFFF" )
+ "15728E5A8AACAA68FFFFFFFFFFFFFFFF")
/**
* The hexadecimal presentation of the chosen generator of the 2048-bit MODP
@@ -478,7 +477,7 @@
* Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
*/
#define MBEDTLS_DHM_RFC3526_MODP_2048_G \
- MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
+ MBEDTLS_DEPRECATED_STRING_CONSTANT("02")
/**
* The hexadecimal presentation of the prime underlying the 3072-bit MODP
@@ -502,7 +501,7 @@
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
- "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF" )
+ "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF")
/**
* The hexadecimal presentation of the chosen generator of the 3072-bit MODP
@@ -510,7 +509,7 @@
* Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
*/
#define MBEDTLS_DHM_RFC3526_MODP_3072_G \
- MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
+ MBEDTLS_DEPRECATED_STRING_CONSTANT("02")
/**
* The hexadecimal presentation of the prime underlying the 4096-bit MODP
@@ -540,7 +539,7 @@
"287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \
"1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \
"93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \
- "FFFFFFFFFFFFFFFF" )
+ "FFFFFFFFFFFFFFFF")
/**
* The hexadecimal presentation of the chosen generator of the 4096-bit MODP
@@ -548,7 +547,7 @@
* Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
*/
#define MBEDTLS_DHM_RFC3526_MODP_4096_G \
- MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
+ MBEDTLS_DEPRECATED_STRING_CONSTANT("02")
#endif /* MBEDTLS_DEPRECATED_REMOVED */
@@ -557,546 +556,546 @@
*/
#define MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
+ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
+ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
+ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
+ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
+ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
+ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
+ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
+ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
+ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
#define MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN { 0x02 }
#define MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \
- 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \
- 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \
- 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \
- 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \
- 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \
- 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \
- 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \
- 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \
- 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \
- 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \
- 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \
- 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \
- 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \
- 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \
- 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \
- 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
+ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
+ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
+ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
+ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
+ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
+ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
+ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
+ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
+ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \
+ 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \
+ 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \
+ 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \
+ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \
+ 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \
+ 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \
+ 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \
+ 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \
+ 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \
+ 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \
+ 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
#define MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN { 0x02 }
#define MBEDTLS_DHM_RFC3526_MODP_4096_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \
- 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \
- 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \
- 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \
- 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \
- 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \
- 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \
- 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \
- 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \
- 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \
- 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \
- 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \
- 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \
- 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \
- 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \
- 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \
- 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, \
- 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, \
- 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, \
- 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, \
- 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, \
- 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, \
- 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, \
- 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, \
- 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, \
- 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, \
- 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, \
- 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, \
- 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, \
- 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, \
- 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, \
- 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, \
- 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
+ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
+ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
+ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
+ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
+ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
+ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
+ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
+ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
+ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \
+ 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \
+ 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \
+ 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \
+ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \
+ 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \
+ 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \
+ 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \
+ 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \
+ 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \
+ 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \
+ 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, \
+ 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, \
+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, \
+ 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, \
+ 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, \
+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, \
+ 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, \
+ 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, \
+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, \
+ 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, \
+ 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, \
+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, \
+ 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, \
+ 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, \
+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, \
+ 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, \
+ 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
#define MBEDTLS_DHM_RFC3526_MODP_4096_G_BIN { 0x02 }
#define MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
- 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
- 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
- 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
- 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
- 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
- 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
- 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
- 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
- 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
- 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
- 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
- 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
- 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
- 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
- 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
- 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
- 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
- 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
- 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
- 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
- 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
- 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
- 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
- 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
- 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
- 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
- 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
- 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
- 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, }
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, }
#define MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN { 0x02 }
#define MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
- 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
- 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
- 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
- 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
- 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
- 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
- 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
- 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
- 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
- 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
- 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
- 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
- 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
- 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
- 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
- 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
- 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
- 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
- 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
- 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
- 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
- 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
- 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
- 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
- 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
- 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
- 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
- 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
- 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
- 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
- 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
- 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
- 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
- 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
- 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
- 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
- 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
- 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
- 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
- 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
- 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
- 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
- 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
- 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
- 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
+ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
+ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
+ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
+ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
+ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
+ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
+ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
+ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
+ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
+ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
#define MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN { 0x02 }
#define MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
- 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
- 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
- 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
- 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
- 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
- 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
- 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
- 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
- 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
- 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
- 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
- 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
- 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
- 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
- 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
- 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
- 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
- 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
- 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
- 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
- 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
- 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
- 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
- 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
- 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
- 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
- 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
- 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
- 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
- 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
- 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
- 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
- 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
- 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
- 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
- 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
- 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
- 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
- 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
- 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
- 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
- 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
- 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
- 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
- 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
- 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
- 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
- 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
- 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
- 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
- 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
- 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
- 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
- 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
- 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
- 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
- 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
- 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
- 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
- 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
- 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
+ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
+ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
+ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
+ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
+ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
+ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
+ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
+ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
+ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
+ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
+ 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
+ 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
+ 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
+ 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
+ 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
+ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
+ 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
+ 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
+ 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
+ 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
+ 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
#define MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN { 0x02 }
#define MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
- 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
- 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
- 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
- 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
- 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
- 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
- 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
- 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
- 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
- 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
- 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
- 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
- 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
- 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
- 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
- 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
- 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
- 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
- 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
- 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
- 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
- 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
- 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
- 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
- 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
- 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
- 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
- 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
- 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
- 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
- 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
- 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
- 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
- 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
- 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
- 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
- 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
- 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
- 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
- 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
- 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
- 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
- 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
- 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
- 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
- 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
- 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
- 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
- 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
- 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
- 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
- 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
- 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
- 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
- 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
- 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
- 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
- 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
- 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
- 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
- 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
- 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
- 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
- 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
- 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
- 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
- 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
- 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
- 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
- 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
- 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
- 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
- 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
- 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
- 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
- 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
- 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
- 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
- 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
- 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
- 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
- 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
- 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
- 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
- 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
- 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
- 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
- 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
- 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
- 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
- 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
- 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
- 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
+ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
+ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
+ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
+ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
+ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
+ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
+ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
+ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
+ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
+ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
+ 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
+ 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
+ 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
+ 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
+ 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
+ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
+ 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
+ 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
+ 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
+ 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
+ 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
+ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
+ 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
+ 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
+ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
+ 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
+ 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
+ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
+ 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
+ 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
+ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
+ 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
+ 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
+ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
+ 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
+ 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
+ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
+ 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
+ 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
+ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
+ 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
+ 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
+ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
+ 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
+ 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
+ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
+ 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
+ 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
+ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
+ 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
+ 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
+ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
+ 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65, \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
#define MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN { 0x02 }
#define MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
- 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
- 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
- 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
- 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
- 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
- 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
- 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
- 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
- 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
- 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
- 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
- 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
- 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
- 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
- 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
- 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
- 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
- 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
- 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
- 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
- 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
- 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
- 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
- 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
- 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
- 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
- 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
- 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
- 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
- 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
- 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
- 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
- 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
- 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
- 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
- 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
- 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
- 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
- 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
- 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
- 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
- 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
- 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
- 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
- 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
- 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
- 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
- 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
- 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
- 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
- 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
- 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
- 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
- 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
- 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
- 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
- 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
- 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
- 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
- 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
- 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
- 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
- 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
- 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
- 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
- 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
- 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
- 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
- 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
- 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
- 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
- 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
- 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
- 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
- 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
- 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
- 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
- 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
- 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
- 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
- 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
- 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
- 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
- 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
- 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
- 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
- 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
- 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
- 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
- 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
- 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
- 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
- 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA, \
- 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, \
- 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, \
- 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43, \
- 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, \
- 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, \
- 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29, \
- 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, \
- 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, \
- 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, \
- 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, \
- 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, \
- 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, \
- 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, \
- 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, \
- 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, \
- 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, \
- 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, \
- 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B, \
- 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, \
- 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, \
- 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31, \
- 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, \
- 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, \
- 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, \
- 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, \
- 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, \
- 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, \
- 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, \
- 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, \
- 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, \
- 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, \
- 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
+ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
+ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
+ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
+ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
+ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
+ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
+ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
+ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
+ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
+ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
+ 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
+ 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
+ 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
+ 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
+ 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
+ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
+ 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
+ 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
+ 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
+ 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
+ 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
+ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
+ 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
+ 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
+ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
+ 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
+ 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
+ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
+ 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
+ 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
+ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
+ 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
+ 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
+ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
+ 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
+ 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
+ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
+ 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
+ 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
+ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
+ 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
+ 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
+ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
+ 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
+ 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
+ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
+ 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
+ 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
+ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
+ 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
+ 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
+ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
+ 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA, \
+ 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, \
+ 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, \
+ 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43, \
+ 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, \
+ 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, \
+ 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29, \
+ 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, \
+ 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, \
+ 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, \
+ 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, \
+ 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, \
+ 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, \
+ 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, \
+ 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, \
+ 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, \
+ 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, \
+ 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, \
+ 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B, \
+ 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, \
+ 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, \
+ 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31, \
+ 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, \
+ 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, \
+ 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, \
+ 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, \
+ 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, \
+ 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, \
+ 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, \
+ 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, \
+ 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, \
+ 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, \
+ 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
#define MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN { 0x02 }
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index 05855cd..aade25a 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -52,8 +52,7 @@
/**
* Defines the source of the imported EC key.
*/
-typedef enum
-{
+typedef enum {
MBEDTLS_ECDH_OURS, /**< Our key. */
MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
} mbedtls_ecdh_side;
@@ -65,8 +64,7 @@
* Later versions of the library may add new variants, therefore users should
* not make any assumptions about them.
*/
-typedef enum
-{
+typedef enum {
MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */
MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
@@ -81,8 +79,7 @@
* should not make any assumptions about the structure of
* mbedtls_ecdh_context_mbed.
*/
-typedef struct mbedtls_ecdh_context_mbed
-{
+typedef struct mbedtls_ecdh_context_mbed {
mbedtls_ecp_group grp; /*!< The elliptic curve used. */
mbedtls_mpi d; /*!< The private key. */
mbedtls_ecp_point Q; /*!< The public key. */
@@ -101,8 +98,7 @@
* should not be shared between multiple threads.
* \brief The ECDH context structure.
*/
-typedef struct mbedtls_ecdh_context
-{
+typedef struct mbedtls_ecdh_context {
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
mbedtls_ecp_group grp; /*!< The elliptic curve used. */
mbedtls_mpi d; /*!< The private key. */
@@ -119,24 +115,23 @@
#endif /* MBEDTLS_ECP_RESTARTABLE */
#else
uint8_t point_format; /*!< The format of point export in TLS messages
- as defined in RFC 4492. */
+ as defined in RFC 4492. */
mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */
mbedtls_ecdh_variant var; /*!< The ECDH implementation/structure used. */
- union
- {
+ union {
mbedtls_ecdh_context_mbed mbed_ecdh;
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
mbedtls_ecdh_context_everest everest_ecdh;
#endif
} ctx; /*!< Implementation-specific context. The
- context in use is specified by the \c var
- field. */
+ context in use is specified by the \c var
+ field. */
#if defined(MBEDTLS_ECP_RESTARTABLE)
uint8_t restart_enabled; /*!< The flag for restartable mode. Functions of
- an alternative implementation not supporting
- restartable mode must return
- MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error
- if this flag is set. */
+ an alternative implementation not supporting
+ restartable mode must return
+ MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error
+ if this flag is set. */
#endif /* MBEDTLS_ECP_RESTARTABLE */
#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
}
@@ -149,7 +144,7 @@
*
* \return \c 1 if the group can be used, \c 0 otherwise
*/
-int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid );
+int mbedtls_ecdh_can_do(mbedtls_ecp_group_id gid);
/**
* \brief This function generates an ECDH keypair on an elliptic
@@ -176,9 +171,9 @@
* \return Another \c MBEDTLS_ERR_ECP_XXX or
* \c MBEDTLS_MPI_XXX error code on failure.
*/
-int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function computes the shared secret.
@@ -214,17 +209,17 @@
* \return Another \c MBEDTLS_ERR_ECP_XXX or
* \c MBEDTLS_MPI_XXX error code on failure.
*/
-int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
- const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecdh_compute_shared(mbedtls_ecp_group *grp, mbedtls_mpi *z,
+ const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function initializes an ECDH context.
*
* \param ctx The ECDH context to initialize. This must not be \c NULL.
*/
-void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
+void mbedtls_ecdh_init(mbedtls_ecdh_context *ctx);
/**
* \brief This function sets up the ECDH context with the information
@@ -242,8 +237,8 @@
*
* \return \c 0 on success.
*/
-int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx,
- mbedtls_ecp_group_id grp_id );
+int mbedtls_ecdh_setup(mbedtls_ecdh_context *ctx,
+ mbedtls_ecp_group_id grp_id);
/**
* \brief This function frees a context.
@@ -252,7 +247,7 @@
* case this function does nothing. If it is not \c NULL,
* it must point to an initialized ECDH context.
*/
-void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
+void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx);
/**
* \brief This function generates an EC key pair and exports its
@@ -279,10 +274,10 @@
* operations was reached: see \c mbedtls_ecp_set_max_ops().
* \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
-int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
- unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecdh_make_params(mbedtls_ecdh_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function parses the ECDHE parameters in a
@@ -308,9 +303,9 @@
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
*/
-int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
- const unsigned char **buf,
- const unsigned char *end );
+int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx,
+ const unsigned char **buf,
+ const unsigned char *end);
/**
* \brief This function sets up an ECDH context from an EC key.
@@ -331,9 +326,9 @@
* \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
*/
-int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
- const mbedtls_ecp_keypair *key,
- mbedtls_ecdh_side side );
+int mbedtls_ecdh_get_params(mbedtls_ecdh_context *ctx,
+ const mbedtls_ecp_keypair *key,
+ mbedtls_ecdh_side side);
/**
* \brief This function generates a public key and exports it
@@ -361,10 +356,10 @@
* operations was reached: see \c mbedtls_ecp_set_max_ops().
* \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
-int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
- unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecdh_make_public(mbedtls_ecdh_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function parses and processes the ECDHE payload of a
@@ -385,8 +380,8 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
-int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
- const unsigned char *buf, size_t blen );
+int mbedtls_ecdh_read_public(mbedtls_ecdh_context *ctx,
+ const unsigned char *buf, size_t blen);
/**
* \brief This function derives and exports the shared secret.
@@ -418,10 +413,10 @@
* operations was reached: see \c mbedtls_ecp_set_max_ops().
* \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
-int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
- unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
#if defined(MBEDTLS_ECP_RESTARTABLE)
/**
@@ -436,7 +431,7 @@
*
* \param ctx The ECDH context to use. This must be initialized.
*/
-void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx );
+void mbedtls_ecdh_enable_restart(mbedtls_ecdh_context *ctx);
#endif /* MBEDTLS_ECP_RESTARTABLE */
#ifdef __cplusplus
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index 118f7ce..e42d114 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -56,13 +56,13 @@
*
* For each of r and s, the value (V) may include an extra initial "0" bit.
*/
-#define MBEDTLS_ECDSA_MAX_SIG_LEN( bits ) \
- ( /*T,L of SEQUENCE*/ ( ( bits ) >= 61 * 8 ? 3 : 2 ) + \
- /*T,L of r,s*/ 2 * ( ( ( bits ) >= 127 * 8 ? 3 : 2 ) + \
- /*V of r,s*/ ( ( bits ) + 8 ) / 8 ) )
+#define MBEDTLS_ECDSA_MAX_SIG_LEN(bits) \
+ (/*T,L of SEQUENCE*/ ((bits) >= 61 * 8 ? 3 : 2) + \
+ /*T,L of r,s*/ 2 * (((bits) >= 127 * 8 ? 3 : 2) + \
+ /*V of r,s*/ ((bits) + 8) / 8))
/** The maximal size of an ECDSA signature in Bytes. */
-#define MBEDTLS_ECDSA_MAX_LEN MBEDTLS_ECDSA_MAX_SIG_LEN( MBEDTLS_ECP_MAX_BITS )
+#define MBEDTLS_ECDSA_MAX_LEN MBEDTLS_ECDSA_MAX_SIG_LEN(MBEDTLS_ECP_MAX_BITS)
#ifdef __cplusplus
extern "C" {
@@ -105,8 +105,7 @@
/**
* \brief General context for resuming ECDSA operations
*/
-typedef struct
-{
+typedef struct {
mbedtls_ecp_restart_ctx ecp; /*!< base context for ECP restart and
shared administrative info */
mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */
@@ -131,7 +130,7 @@
*
* \return \c 1 if the group can be used, \c 0 otherwise
*/
-int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid );
+int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid);
/**
* \brief This function computes the ECDSA signature of a
@@ -169,12 +168,12 @@
* \return An \c MBEDTLS_ERR_ECP_XXX
* or \c MBEDTLS_MPI_XXX error code on failure.
*/
-int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
- const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+ const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
#else
@@ -228,10 +227,10 @@
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
* error code on failure.
*/
-int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r,
- mbedtls_mpi *s, const mbedtls_mpi *d,
- const unsigned char *buf, size_t blen,
- mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED;
+int mbedtls_ecdsa_sign_det(mbedtls_ecp_group *grp, mbedtls_mpi *r,
+ mbedtls_mpi *s, const mbedtls_mpi *d,
+ const unsigned char *buf, size_t blen,
+ mbedtls_md_type_t md_alg) MBEDTLS_DEPRECATED;
#undef MBEDTLS_DEPRECATED
#endif /* MBEDTLS_DEPRECATED_REMOVED */
@@ -274,12 +273,12 @@
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
* error code on failure.
*/
-int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
- mbedtls_mpi *s, const mbedtls_mpi *d,
- const unsigned char *buf, size_t blen,
- mbedtls_md_type_t md_alg,
- int (*f_rng_blind)(void *, unsigned char *, size_t),
- void *p_rng_blind );
+int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r,
+ mbedtls_mpi *s, const mbedtls_mpi *d,
+ const unsigned char *buf, size_t blen,
+ mbedtls_md_type_t md_alg,
+ int (*f_rng_blind)(void *, unsigned char *, size_t),
+ void *p_rng_blind);
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
/**
@@ -312,10 +311,10 @@
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
* error code on failure.
*/
-int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
- const unsigned char *buf, size_t blen,
- const mbedtls_ecp_point *Q, const mbedtls_mpi *r,
- const mbedtls_mpi *s);
+int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
+ const unsigned char *buf, size_t blen,
+ const mbedtls_ecp_point *Q, const mbedtls_mpi *r,
+ const mbedtls_mpi *s);
/**
* \brief This function computes the ECDSA signature and writes it
@@ -365,12 +364,12 @@
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hlen,
- unsigned char *sig, size_t *slen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecdsa_write_signature(mbedtls_ecdsa_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hlen,
+ unsigned char *sig, size_t *slen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function computes the ECDSA signature and writes it
@@ -411,16 +410,16 @@
* \return Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hlen,
- unsigned char *sig, size_t *slen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_ecdsa_restart_ctx *rs_ctx );
+int mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hlen,
+ unsigned char *sig, size_t *slen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_ecdsa_restart_ctx *rs_ctx);
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
#else
@@ -469,10 +468,10 @@
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
- const unsigned char *hash, size_t hlen,
- unsigned char *sig, size_t *slen,
- mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED;
+int mbedtls_ecdsa_write_signature_det(mbedtls_ecdsa_context *ctx,
+ const unsigned char *hash, size_t hlen,
+ unsigned char *sig, size_t *slen,
+ mbedtls_md_type_t md_alg) MBEDTLS_DEPRECATED;
#undef MBEDTLS_DEPRECATED
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
@@ -504,9 +503,9 @@
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
* error code on failure for any other reason.
*/
-int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
- const unsigned char *hash, size_t hlen,
- const unsigned char *sig, size_t slen );
+int mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx,
+ const unsigned char *hash, size_t hlen,
+ const unsigned char *sig, size_t slen);
/**
* \brief This function reads and verifies an ECDSA signature,
@@ -539,10 +538,10 @@
* \return Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
* error code on failure for any other reason.
*/
-int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
- const unsigned char *hash, size_t hlen,
- const unsigned char *sig, size_t slen,
- mbedtls_ecdsa_restart_ctx *rs_ctx );
+int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
+ const unsigned char *hash, size_t hlen,
+ const unsigned char *sig, size_t slen,
+ mbedtls_ecdsa_restart_ctx *rs_ctx);
/**
* \brief This function generates an ECDSA keypair on the given curve.
@@ -560,8 +559,8 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
*/
-int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_ecdsa_genkey(mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
/**
* \brief This function sets up an ECDSA context from an EC key pair.
@@ -578,8 +577,8 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
*/
-int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx,
- const mbedtls_ecp_keypair *key );
+int mbedtls_ecdsa_from_keypair(mbedtls_ecdsa_context *ctx,
+ const mbedtls_ecp_keypair *key);
/**
* \brief This function initializes an ECDSA context.
@@ -587,7 +586,7 @@
* \param ctx The ECDSA context to initialize.
* This must not be \c NULL.
*/
-void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
+void mbedtls_ecdsa_init(mbedtls_ecdsa_context *ctx);
/**
* \brief This function frees an ECDSA context.
@@ -596,7 +595,7 @@
* in which case this function does nothing. If it
* is not \c NULL, it must be initialized.
*/
-void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
+void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx);
#if defined(MBEDTLS_ECP_RESTARTABLE)
/**
@@ -605,7 +604,7 @@
* \param ctx The restart context to initialize.
* This must not be \c NULL.
*/
-void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx );
+void mbedtls_ecdsa_restart_init(mbedtls_ecdsa_restart_ctx *ctx);
/**
* \brief Free the components of a restart context.
@@ -614,7 +613,7 @@
* in which case this function does nothing. If it
* is not \c NULL, it must be initialized.
*/
-void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx );
+void mbedtls_ecdsa_restart_free(mbedtls_ecdsa_restart_ctx *ctx);
#endif /* MBEDTLS_ECP_RESTARTABLE */
#ifdef __cplusplus
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index 3564ff8..b992838 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -71,8 +71,7 @@
* convention from the Thread v1.0 spec. Correspondence is indicated in the
* description as a pair C: client name, S: server name
*/
-typedef struct mbedtls_ecjpake_context
-{
+typedef struct mbedtls_ecjpake_context {
const mbedtls_md_info_t *md_info; /**< Hash to use */
mbedtls_ecp_group grp; /**< Elliptic curve */
mbedtls_ecjpake_role role; /**< Are we client or server? */
@@ -100,7 +99,7 @@
* \param ctx The ECJPAKE context to initialize.
* This must not be \c NULL.
*/
-void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
+void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx);
/**
* \brief Set up an ECJPAKE context for use.
@@ -123,12 +122,12 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
- mbedtls_ecjpake_role role,
- mbedtls_md_type_t hash,
- mbedtls_ecp_group_id curve,
- const unsigned char *secret,
- size_t len );
+int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx,
+ mbedtls_ecjpake_role role,
+ mbedtls_md_type_t hash,
+ mbedtls_ecp_group_id curve,
+ const unsigned char *secret,
+ size_t len);
/**
* \brief Check if an ECJPAKE context is ready for use.
@@ -139,7 +138,7 @@
* \return \c 0 if the context is ready for use.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise.
*/
-int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx );
+int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx);
/**
* \brief Generate and write the first round message
@@ -160,10 +159,10 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
- unsigned char *buf, size_t len, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx,
+ unsigned char *buf, size_t len, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief Read and process the first round message
@@ -179,9 +178,9 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
- const unsigned char *buf,
- size_t len );
+int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx,
+ const unsigned char *buf,
+ size_t len);
/**
* \brief Generate and write the second round message
@@ -201,10 +200,10 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
- unsigned char *buf, size_t len, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx,
+ unsigned char *buf, size_t len, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief Read and process the second round message
@@ -219,9 +218,9 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
- const unsigned char *buf,
- size_t len );
+int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx,
+ const unsigned char *buf,
+ size_t len);
/**
* \brief Derive the shared secret
@@ -241,10 +240,10 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
- unsigned char *buf, size_t len, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx,
+ unsigned char *buf, size_t len, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This clears an ECJPAKE context and frees any
@@ -254,7 +253,7 @@
* in which case this function does nothing. If it is not
* \c NULL, it must point to an initialized ECJPAKE context.
*/
-void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
+void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx);
#if defined(MBEDTLS_SELF_TEST)
@@ -263,7 +262,7 @@
*
* \return 0 if successful, or 1 if a test failed
*/
-int mbedtls_ecjpake_self_test( int verbose );
+int mbedtls_ecjpake_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 64a0bcc..5402e74 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -117,8 +117,7 @@
* - Add the curve to the ecp_supported_curves array in ecp.c.
* - Add the curve to applicable profiles in x509_crt.c if applicable.
*/
-typedef enum
-{
+typedef enum {
MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */
MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */
MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */
@@ -145,8 +144,7 @@
/*
* Curve types
*/
-typedef enum
-{
+typedef enum {
MBEDTLS_ECP_TYPE_NONE = 0,
MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */
MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */
@@ -155,8 +153,7 @@
/**
* Curve information, for use by other modules.
*/
-typedef struct mbedtls_ecp_curve_info
-{
+typedef struct mbedtls_ecp_curve_info {
mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */
uint16_t tls_id; /*!< The TLS NamedCurve identifier. */
uint16_t bit_size; /*!< The curve size in bits. */
@@ -174,8 +171,7 @@
* Otherwise, \p X and \p Y are its standard (affine)
* coordinates.
*/
-typedef struct mbedtls_ecp_point
-{
+typedef struct mbedtls_ecp_point {
mbedtls_mpi X; /*!< The X coordinate of the ECP point. */
mbedtls_mpi Y; /*!< The Y coordinate of the ECP point. */
mbedtls_mpi Z; /*!< The Z coordinate of the ECP point. */
@@ -257,8 +253,7 @@
* identical.
*
*/
-typedef struct mbedtls_ecp_group
-{
+typedef struct mbedtls_ecp_group {
mbedtls_ecp_group_id id; /*!< An internal group identifier. */
mbedtls_mpi P; /*!< The prime modulus of the base field. */
mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
@@ -309,8 +304,8 @@
#define MBEDTLS_ECP_MAX_BITS 1
#endif
-#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
-#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
+#define MBEDTLS_ECP_MAX_BYTES ((MBEDTLS_ECP_MAX_BITS + 7) / 8)
+#define MBEDTLS_ECP_MAX_PT_LEN (2 * MBEDTLS_ECP_MAX_BYTES + 1)
#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
/*
@@ -376,8 +371,7 @@
/**
* \brief General context for resuming ECC operations
*/
-typedef struct
-{
+typedef struct {
unsigned ops_done; /*!< current ops count */
unsigned depth; /*!< call depth (0 = top-level) */
mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */
@@ -403,18 +397,18 @@
* \return \c 0 if doing \p ops basic ops is still allowed,
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS otherwise.
*/
-int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
- mbedtls_ecp_restart_ctx *rs_ctx,
- unsigned ops );
+int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_restart_ctx *rs_ctx,
+ unsigned ops);
/* Utility macro for checking and updating ops budget */
-#define MBEDTLS_ECP_BUDGET( ops ) \
- MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, rs_ctx, \
- (unsigned) (ops) ) );
+#define MBEDTLS_ECP_BUDGET(ops) \
+ MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, rs_ctx, \
+ (unsigned) (ops)));
#else /* MBEDTLS_ECP_RESTARTABLE */
-#define MBEDTLS_ECP_BUDGET( ops ) /* no-op; for compatibility */
+#define MBEDTLS_ECP_BUDGET(ops) /* no-op; for compatibility */
/* We want to declare restartable versions of existing functions anyway */
typedef void mbedtls_ecp_restart_ctx;
@@ -429,8 +423,7 @@
* \note Members are deliberately in the same order as in the
* ::mbedtls_ecdsa_context structure.
*/
-typedef struct mbedtls_ecp_keypair
-{
+typedef struct mbedtls_ecp_keypair {
mbedtls_ecp_group grp; /*!< Elliptic curve and base point */
mbedtls_mpi d; /*!< our secret value */
mbedtls_ecp_point Q; /*!< our public value */
@@ -506,7 +499,7 @@
*
* \note This setting is currently ignored by Curve25519.
*/
-void mbedtls_ecp_set_max_ops( unsigned max_ops );
+void mbedtls_ecp_set_max_ops(unsigned max_ops);
/**
* \brief Check if restart is enabled (max_ops != 0)
@@ -514,13 +507,13 @@
* \return \c 0 if \c max_ops == 0 (restart disabled)
* \return \c 1 otherwise (restart enabled)
*/
-int mbedtls_ecp_restart_is_enabled( void );
+int mbedtls_ecp_restart_is_enabled(void);
#endif /* MBEDTLS_ECP_RESTARTABLE */
/*
* Get the type of a curve
*/
-mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp );
+mbedtls_ecp_curve_type mbedtls_ecp_get_type(const mbedtls_ecp_group *grp);
/**
* \brief This function retrieves the information defined in
@@ -534,7 +527,7 @@
*
* \return A statically allocated array. The last entry is 0.
*/
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list(void);
/**
* \brief This function retrieves the list of internal group
@@ -550,7 +543,7 @@
* \return A statically allocated array,
* terminated with MBEDTLS_ECP_DP_NONE.
*/
-const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
+const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list(void);
/**
* \brief This function retrieves curve information from an internal
@@ -561,7 +554,7 @@
* \return The associated curve information on success.
* \return NULL on failure.
*/
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id(mbedtls_ecp_group_id grp_id);
/**
* \brief This function retrieves curve information from a TLS
@@ -572,7 +565,7 @@
* \return The associated curve information on success.
* \return NULL on failure.
*/
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id(uint16_t tls_id);
/**
* \brief This function retrieves curve information from a
@@ -583,14 +576,14 @@
* \return The associated curve information on success.
* \return NULL on failure.
*/
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name(const char *name);
/**
* \brief This function initializes a point as zero.
*
* \param pt The point to initialize.
*/
-void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
+void mbedtls_ecp_point_init(mbedtls_ecp_point *pt);
/**
* \brief This function initializes an ECP group context
@@ -601,21 +594,21 @@
* mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()
* functions.
*/
-void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
+void mbedtls_ecp_group_init(mbedtls_ecp_group *grp);
/**
* \brief This function initializes a key pair as an invalid one.
*
* \param key The key pair to initialize.
*/
-void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );
+void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key);
/**
* \brief This function frees the components of a point.
*
* \param pt The point to free.
*/
-void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
+void mbedtls_ecp_point_free(mbedtls_ecp_point *pt);
/**
* \brief This function frees the components of an ECP group.
@@ -624,7 +617,7 @@
* case this function returns immediately. If it is not
* \c NULL, it must point to an initialized ECP group.
*/
-void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
+void mbedtls_ecp_group_free(mbedtls_ecp_group *grp);
/**
* \brief This function frees the components of a key pair.
@@ -633,7 +626,7 @@
* case this function returns immediately. If it is not
* \c NULL, it must point to an initialized ECP key pair.
*/
-void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
+void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key);
#if defined(MBEDTLS_ECP_RESTARTABLE)
/**
@@ -642,7 +635,7 @@
* \param ctx The restart context to initialize. This must
* not be \c NULL.
*/
-void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx );
+void mbedtls_ecp_restart_init(mbedtls_ecp_restart_ctx *ctx);
/**
* \brief Free the components of a restart context.
@@ -651,7 +644,7 @@
* case this function returns immediately. If it is not
* \c NULL, it must point to an initialized restart context.
*/
-void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx );
+void mbedtls_ecp_restart_free(mbedtls_ecp_restart_ctx *ctx);
#endif /* MBEDTLS_ECP_RESTARTABLE */
/**
@@ -665,7 +658,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
* \return Another negative error code for other kinds of failure.
*/
-int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
+int mbedtls_ecp_copy(mbedtls_ecp_point *P, const mbedtls_ecp_point *Q);
/**
* \brief This function copies the contents of group \p src into
@@ -678,8 +671,8 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst,
- const mbedtls_ecp_group *src );
+int mbedtls_ecp_group_copy(mbedtls_ecp_group *dst,
+ const mbedtls_ecp_group *src);
/**
* \brief This function sets a point to the point at infinity.
@@ -690,7 +683,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
+int mbedtls_ecp_set_zero(mbedtls_ecp_point *pt);
/**
* \brief This function checks if a point is the point at infinity.
@@ -701,7 +694,7 @@
* \return \c 0 if the point is non-zero.
* \return A negative error code on failure.
*/
-int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
+int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt);
/**
* \brief This function compares two points.
@@ -715,8 +708,8 @@
* \return \c 0 if the points are equal.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.
*/
-int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
- const mbedtls_ecp_point *Q );
+int mbedtls_ecp_point_cmp(const mbedtls_ecp_point *P,
+ const mbedtls_ecp_point *Q);
/**
* \brief This function imports a non-zero point from two ASCII
@@ -730,8 +723,8 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_MPI_XXX error code on failure.
*/
-int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
- const char *x, const char *y );
+int mbedtls_ecp_point_read_string(mbedtls_ecp_point *P, int radix,
+ const char *x, const char *y);
/**
* \brief This function exports a point into unsigned binary data.
@@ -758,10 +751,10 @@
* or the export for the given group is not implemented.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *P,
- int format, size_t *olen,
- unsigned char *buf, size_t buflen );
+int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp,
+ const mbedtls_ecp_point *P,
+ int format, size_t *olen,
+ unsigned char *buf, size_t buflen);
/**
* \brief This function imports a point from unsigned binary data.
@@ -785,9 +778,9 @@
* \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the
* given group is not implemented.
*/
-int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *P,
- const unsigned char *buf, size_t ilen );
+int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *P,
+ const unsigned char *buf, size_t ilen);
/**
* \brief This function imports a point from a TLS ECPoint record.
@@ -807,9 +800,9 @@
* failure.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
*/
-int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *pt,
- const unsigned char **buf, size_t len );
+int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *pt,
+ const unsigned char **buf, size_t len);
/**
* \brief This function exports a point as a TLS ECPoint record
@@ -833,10 +826,10 @@
* is too small to hold the exported point.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *pt,
- int format, size_t *olen,
- unsigned char *buf, size_t blen );
+int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp,
+ const mbedtls_ecp_point *pt,
+ int format, size_t *olen,
+ unsigned char *buf, size_t blen);
/**
* \brief This function sets up an ECP group context
@@ -855,7 +848,7 @@
* correspond to a known group.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
+int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id);
/**
* \brief This function sets up an ECP group context from a TLS
@@ -874,8 +867,8 @@
* recognized.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
- const unsigned char **buf, size_t len );
+int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp,
+ const unsigned char **buf, size_t len);
/**
* \brief This function extracts an elliptic curve group ID from a
@@ -895,9 +888,9 @@
* recognized.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp,
- const unsigned char **buf,
- size_t len );
+int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp,
+ const unsigned char **buf,
+ size_t len);
/**
* \brief This function exports an elliptic curve as a TLS
* ECParameters record as defined in RFC 4492, Section 5.4.
@@ -916,9 +909,9 @@
* buffer is too small to hold the exported group.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp,
- size_t *olen,
- unsigned char *buf, size_t blen );
+int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp,
+ size_t *olen,
+ unsigned char *buf, size_t blen);
/**
* \brief This function performs a scalar multiplication of a point
@@ -956,9 +949,9 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
/**
* \brief This function performs multiplication of a point by
@@ -990,10 +983,10 @@
* operations was reached: see \c mbedtls_ecp_set_max_ops().
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_ecp_restart_ctx *rs_ctx );
+int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ mbedtls_ecp_restart_ctx *rs_ctx);
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
/**
@@ -1031,9 +1024,9 @@
* designate a short Weierstrass curve.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
+int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+ const mbedtls_mpi *n, const mbedtls_ecp_point *Q);
/**
* \brief This function performs multiplication and addition of two
@@ -1076,10 +1069,10 @@
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_muladd_restartable(
- mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
- mbedtls_ecp_restart_ctx *rs_ctx );
+ mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+ const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
+ mbedtls_ecp_restart_ctx *rs_ctx);
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
/**
@@ -1109,8 +1102,8 @@
* a valid public key for the given curve.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *pt );
+int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp,
+ const mbedtls_ecp_point *pt);
/**
* \brief This function checks that an \p mbedtls_mpi is a
@@ -1131,8 +1124,8 @@
* private key for the given curve.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
- const mbedtls_mpi *d );
+int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp,
+ const mbedtls_mpi *d);
/**
* \brief This function generates a private key.
@@ -1149,10 +1142,10 @@
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
* on failure.
*/
-int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
- mbedtls_mpi *d,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp,
+ mbedtls_mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function generates a keypair with a configurable base
@@ -1181,11 +1174,11 @@
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
* on failure.
*/
-int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *G,
- mbedtls_mpi *d, mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp,
+ const mbedtls_ecp_point *G,
+ mbedtls_mpi *d, mbedtls_ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function generates an ECP keypair.
@@ -1210,10 +1203,10 @@
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
* on failure.
*/
-int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d,
- mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d,
+ mbedtls_ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function generates an ECP key.
@@ -1228,9 +1221,9 @@
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
* on failure.
*/
-int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function reads an elliptic curve private key.
@@ -1250,8 +1243,8 @@
* the group is not implemented.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
- const unsigned char *buf, size_t buflen );
+int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
+ const unsigned char *buf, size_t buflen);
/**
* \brief This function exports an elliptic curve private key.
@@ -1269,8 +1262,8 @@
* the group is not implemented.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key,
- unsigned char *buf, size_t buflen );
+int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
+ unsigned char *buf, size_t buflen);
/**
* \brief This function checks that the keypair objects
@@ -1289,8 +1282,8 @@
* \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
* error code on calculation failure.
*/
-int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub,
- const mbedtls_ecp_keypair *prv );
+int mbedtls_ecp_check_pub_priv(const mbedtls_ecp_keypair *pub,
+ const mbedtls_ecp_keypair *prv);
#if defined(MBEDTLS_SELF_TEST)
@@ -1300,7 +1293,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_ecp_self_test( int verbose );
+int mbedtls_ecp_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/ecp_internal.h b/include/mbedtls/ecp_internal.h
index 6a47a8f..acaaa08 100644
--- a/include/mbedtls/ecp_internal.h
+++ b/include/mbedtls/ecp_internal.h
@@ -76,7 +76,7 @@
*
* \return Non-zero if successful.
*/
-unsigned char mbedtls_internal_ecp_grp_capable( const mbedtls_ecp_group *grp );
+unsigned char mbedtls_internal_ecp_grp_capable(const mbedtls_ecp_group *grp);
/**
* \brief Initialise the Elliptic Curve Point module extension.
@@ -93,7 +93,7 @@
*
* \return 0 if successful.
*/
-int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp );
+int mbedtls_internal_ecp_init(const mbedtls_ecp_group *grp);
/**
* \brief Frees and deallocates the Elliptic Curve Point module
@@ -101,7 +101,7 @@
*
* \param grp The pointer to the group the module was initialised for.
*/
-void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp );
+void mbedtls_internal_ecp_free(const mbedtls_ecp_group *grp);
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
@@ -121,9 +121,11 @@
*
* \return 0 if successful.
*/
-int mbedtls_internal_ecp_randomize_jac( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *pt, int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_internal_ecp_randomize_jac(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *pt, int (*f_rng)(void *,
+ unsigned char *,
+ size_t),
+ void *p_rng);
#endif
#if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
@@ -166,9 +168,9 @@
*
* \return 0 if successful.
*/
-int mbedtls_internal_ecp_add_mixed( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *R, const mbedtls_ecp_point *P,
- const mbedtls_ecp_point *Q );
+int mbedtls_internal_ecp_add_mixed(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *R, const mbedtls_ecp_point *P,
+ const mbedtls_ecp_point *Q);
#endif
/**
@@ -191,8 +193,8 @@
* \return 0 if successful.
*/
#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
-int mbedtls_internal_ecp_double_jac( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *R, const mbedtls_ecp_point *P );
+int mbedtls_internal_ecp_double_jac(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *R, const mbedtls_ecp_point *P);
#endif
/**
@@ -221,8 +223,8 @@
* an error if one of the points is zero.
*/
#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
-int mbedtls_internal_ecp_normalize_jac_many( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *T[], size_t t_len );
+int mbedtls_internal_ecp_normalize_jac_many(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *T[], size_t t_len);
#endif
/**
@@ -239,8 +241,8 @@
* \return 0 if successful.
*/
#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
-int mbedtls_internal_ecp_normalize_jac( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *pt );
+int mbedtls_internal_ecp_normalize_jac(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *pt);
#endif
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
@@ -248,9 +250,12 @@
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
-int mbedtls_internal_ecp_double_add_mxz( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *R, mbedtls_ecp_point *S, const mbedtls_ecp_point *P,
- const mbedtls_ecp_point *Q, const mbedtls_mpi *d );
+int mbedtls_internal_ecp_double_add_mxz(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *R,
+ mbedtls_ecp_point *S,
+ const mbedtls_ecp_point *P,
+ const mbedtls_ecp_point *Q,
+ const mbedtls_mpi *d);
#endif
/**
@@ -269,9 +274,11 @@
* \return 0 if successful
*/
#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
-int mbedtls_internal_ecp_randomize_mxz( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_internal_ecp_randomize_mxz(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *P, int (*f_rng)(void *,
+ unsigned char *,
+ size_t),
+ void *p_rng);
#endif
/**
@@ -285,8 +292,8 @@
* \return 0 if successful
*/
#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
-int mbedtls_internal_ecp_normalize_mxz( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *P );
+int mbedtls_internal_ecp_normalize_mxz(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *P);
#endif
#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
@@ -294,4 +301,3 @@
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
#endif /* ecp_internal.h */
-
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index 40259eb..4075d2a 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -105,15 +105,14 @@
* MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
*/
typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len,
- size_t *olen);
+ size_t *olen);
/**
* \brief Entropy source state
*/
-typedef struct mbedtls_entropy_source_state
-{
+typedef struct mbedtls_entropy_source_state {
mbedtls_entropy_f_source_ptr f_source; /**< The entropy source callback */
- void * p_source; /**< The callback data pointer */
+ void *p_source; /**< The callback data pointer */
size_t size; /**< Amount received in bytes */
size_t threshold; /**< Minimum bytes required before release */
int strong; /**< Is the source strong? */
@@ -123,8 +122,7 @@
/**
* \brief Entropy context structure
*/
-typedef struct mbedtls_entropy_context
-{
+typedef struct mbedtls_entropy_context {
int accumulator_started; /* 0 after init.
* 1 after the first update.
* -1 after free. */
@@ -152,14 +150,14 @@
*
* \param ctx Entropy context to initialize
*/
-void mbedtls_entropy_init( mbedtls_entropy_context *ctx );
+void mbedtls_entropy_init(mbedtls_entropy_context *ctx);
/**
* \brief Free the data in the context
*
* \param ctx Entropy context to free
*/
-void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
+void mbedtls_entropy_free(mbedtls_entropy_context *ctx);
/**
* \brief Adds an entropy source to poll
@@ -178,9 +176,9 @@
*
* \return 0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
*/
-int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
- mbedtls_entropy_f_source_ptr f_source, void *p_source,
- size_t threshold, int strong );
+int mbedtls_entropy_add_source(mbedtls_entropy_context *ctx,
+ mbedtls_entropy_f_source_ptr f_source, void *p_source,
+ size_t threshold, int strong);
/**
* \brief Trigger an extra gather poll for the accumulator
@@ -190,7 +188,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
*/
-int mbedtls_entropy_gather( mbedtls_entropy_context *ctx );
+int mbedtls_entropy_gather(mbedtls_entropy_context *ctx);
/**
* \brief Retrieve entropy from the accumulator
@@ -203,7 +201,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
*/
-int mbedtls_entropy_func( void *data, unsigned char *output, size_t len );
+int mbedtls_entropy_func(void *data, unsigned char *output, size_t len);
/**
* \brief Add data to the accumulator manually
@@ -215,8 +213,8 @@
*
* \return 0 if successful
*/
-int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
- const unsigned char *data, size_t len );
+int mbedtls_entropy_update_manual(mbedtls_entropy_context *ctx,
+ const unsigned char *data, size_t len);
#if defined(MBEDTLS_ENTROPY_NV_SEED)
/**
@@ -227,7 +225,7 @@
*
* \return 0 if successful
*/
-int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx );
+int mbedtls_entropy_update_nv_seed(mbedtls_entropy_context *ctx);
#endif /* MBEDTLS_ENTROPY_NV_SEED */
#if defined(MBEDTLS_FS_IO)
@@ -241,7 +239,7 @@
* MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or
* MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
*/
-int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path );
+int mbedtls_entropy_write_seed_file(mbedtls_entropy_context *ctx, const char *path);
/**
* \brief Read and update a seed file. Seed is added to this
@@ -255,7 +253,7 @@
* MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error,
* MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
*/
-int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path );
+int mbedtls_entropy_update_seed_file(mbedtls_entropy_context *ctx, const char *path);
#endif /* MBEDTLS_FS_IO */
#if defined(MBEDTLS_SELF_TEST)
@@ -267,7 +265,7 @@
*
* \return 0 if successful, or 1 if a test failed
*/
-int mbedtls_entropy_self_test( int verbose );
+int mbedtls_entropy_self_test(int verbose);
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
/**
@@ -283,7 +281,7 @@
*
* \return 0 if successful, or 1 if a test failed
*/
-int mbedtls_entropy_source_self_test( int verbose );
+int mbedtls_entropy_source_self_test(int verbose);
#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/entropy_poll.h b/include/mbedtls/entropy_poll.h
index e1d7491..eca3b56 100644
--- a/include/mbedtls/entropy_poll.h
+++ b/include/mbedtls/entropy_poll.h
@@ -48,16 +48,16 @@
* \brief Entropy poll callback that provides 0 entropy.
*/
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
- int mbedtls_null_entropy_poll( void *data,
- unsigned char *output, size_t len, size_t *olen );
+int mbedtls_null_entropy_poll(void *data,
+ unsigned char *output, size_t len, size_t *olen);
#endif
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
/**
* \brief Platform-specific entropy poll callback
*/
-int mbedtls_platform_entropy_poll( void *data,
- unsigned char *output, size_t len, size_t *olen );
+int mbedtls_platform_entropy_poll(void *data,
+ unsigned char *output, size_t len, size_t *olen);
#endif
#if defined(MBEDTLS_HAVEGE_C)
@@ -66,16 +66,16 @@
*
* Requires an HAVEGE state as its data pointer.
*/
-int mbedtls_havege_poll( void *data,
- unsigned char *output, size_t len, size_t *olen );
+int mbedtls_havege_poll(void *data,
+ unsigned char *output, size_t len, size_t *olen);
#endif
#if defined(MBEDTLS_TIMING_C)
/**
* \brief mbedtls_timing_hardclock-based entropy poll callback
*/
-int mbedtls_hardclock_poll( void *data,
- unsigned char *output, size_t len, size_t *olen );
+int mbedtls_hardclock_poll(void *data,
+ unsigned char *output, size_t len, size_t *olen);
#endif
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
@@ -87,8 +87,8 @@
*
* \note This must accept NULL as its first argument.
*/
-int mbedtls_hardware_poll( void *data,
- unsigned char *output, size_t len, size_t *olen );
+int mbedtls_hardware_poll(void *data,
+ unsigned char *output, size_t len, size_t *olen);
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
@@ -97,8 +97,8 @@
*
* \note This must accept NULL as its first argument.
*/
-int mbedtls_nv_seed_poll( void *data,
- unsigned char *output, size_t len, size_t *olen );
+int mbedtls_nv_seed_poll(void *data,
+ unsigned char *output, size_t len, size_t *olen);
#endif
#ifdef __cplusplus
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 50f2538..dd3c787 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -30,7 +30,7 @@
#include <stddef.h>
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
@@ -127,15 +127,15 @@
* Wrapper macro for mbedtls_error_add(). See that function for
* more details.
*/
-#define MBEDTLS_ERROR_ADD( high, low ) \
- mbedtls_error_add( high, low, __FILE__, __LINE__ )
+#define MBEDTLS_ERROR_ADD(high, low) \
+ mbedtls_error_add(high, low, __FILE__, __LINE__)
#if defined(MBEDTLS_TEST_HOOKS)
/**
* \brief Testing hook called before adding/combining two error codes together.
* Only used when invasive testing is enabled via MBEDTLS_TEST_HOOKS.
*/
-extern void (*mbedtls_test_hook_error_add)( int, int, const char *, int );
+extern void (*mbedtls_test_hook_error_add)(int, int, const char *, int);
#endif
/**
@@ -156,17 +156,18 @@
* \param file file where this error code addition occurred.
* \param line line where this error code addition occurred.
*/
-static inline int mbedtls_error_add( int high, int low,
- const char *file, int line )
+static inline int mbedtls_error_add(int high, int low,
+ const char *file, int line)
{
#if defined(MBEDTLS_TEST_HOOKS)
- if( *mbedtls_test_hook_error_add != NULL )
- ( *mbedtls_test_hook_error_add )( high, low, file, line );
+ if (*mbedtls_test_hook_error_add != NULL) {
+ (*mbedtls_test_hook_error_add)(high, low, file, line);
+ }
#endif
- (void)file;
- (void)line;
+ (void) file;
+ (void) line;
- return( high + low );
+ return high + low;
}
/**
@@ -178,7 +179,7 @@
* \param buffer buffer to place representation in
* \param buflen length of the buffer
*/
-void mbedtls_strerror( int errnum, char *buffer, size_t buflen );
+void mbedtls_strerror(int errnum, char *buffer, size_t buflen);
/**
* \brief Translate the high-level part of an Mbed TLS error code into a string
@@ -193,7 +194,7 @@
* \return The string representation of the error code, or \c NULL if the error
* code is unknown.
*/
-const char * mbedtls_high_level_strerr( int error_code );
+const char *mbedtls_high_level_strerr(int error_code);
/**
* \brief Translate the low-level part of an Mbed TLS error code into a string
@@ -208,7 +209,7 @@
* \return The string representation of the error code, or \c NULL if the error
* code is unknown.
*/
-const char * mbedtls_low_level_strerr( int error_code );
+const char *mbedtls_low_level_strerr(int error_code);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index 9723a17..c040883 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -63,8 +63,7 @@
/**
* \brief The GCM context structure.
*/
-typedef struct mbedtls_gcm_context
-{
+typedef struct mbedtls_gcm_context {
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
uint64_t HL[16]; /*!< Precalculated HTable low. */
uint64_t HH[16]; /*!< Precalculated HTable high. */
@@ -74,8 +73,8 @@
unsigned char y[16]; /*!< The Y working value. */
unsigned char buf[16]; /*!< The buf working value. */
int mode; /*!< The operation to perform:
- #MBEDTLS_GCM_ENCRYPT or
- #MBEDTLS_GCM_DECRYPT. */
+ #MBEDTLS_GCM_ENCRYPT or
+ #MBEDTLS_GCM_DECRYPT. */
}
mbedtls_gcm_context;
@@ -94,7 +93,7 @@
*
* \param ctx The GCM context to initialize. This must not be \c NULL.
*/
-void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
+void mbedtls_gcm_init(mbedtls_gcm_context *ctx);
/**
* \brief This function associates a GCM context with a
@@ -112,10 +111,10 @@
* \return \c 0 on success.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
- mbedtls_cipher_id_t cipher,
- const unsigned char *key,
- unsigned int keybits );
+int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx,
+ mbedtls_cipher_id_t cipher,
+ const unsigned char *key,
+ unsigned int keybits);
/**
* \brief This function performs GCM encryption or decryption of a buffer.
@@ -168,17 +167,17 @@
* not valid or a cipher-specific error code if the encryption
* or decryption failed.
*/
-int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
- int mode,
- size_t length,
- const unsigned char *iv,
- size_t iv_len,
- const unsigned char *add,
- size_t add_len,
- const unsigned char *input,
- unsigned char *output,
- size_t tag_len,
- unsigned char *tag );
+int mbedtls_gcm_crypt_and_tag(mbedtls_gcm_context *ctx,
+ int mode,
+ size_t length,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *add,
+ size_t add_len,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t tag_len,
+ unsigned char *tag);
/**
* \brief This function performs a GCM authenticated decryption of a
@@ -213,16 +212,16 @@
* not valid or a cipher-specific error code if the decryption
* failed.
*/
-int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
- size_t length,
- const unsigned char *iv,
- size_t iv_len,
- const unsigned char *add,
- size_t add_len,
- const unsigned char *tag,
- size_t tag_len,
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx,
+ size_t length,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *add,
+ size_t add_len,
+ const unsigned char *tag,
+ size_t tag_len,
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function starts a GCM encryption or decryption
@@ -241,12 +240,12 @@
*
* \return \c 0 on success.
*/
-int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
- int mode,
- const unsigned char *iv,
- size_t iv_len,
- const unsigned char *add,
- size_t add_len );
+int mbedtls_gcm_starts(mbedtls_gcm_context *ctx,
+ int mode,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *add,
+ size_t add_len);
/**
* \brief This function feeds an input buffer into an ongoing GCM
@@ -273,10 +272,10 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
*/
-int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
- size_t length,
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_gcm_update(mbedtls_gcm_context *ctx,
+ size_t length,
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function finishes the GCM operation and generates
@@ -294,9 +293,9 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
*/
-int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
- unsigned char *tag,
- size_t tag_len );
+int mbedtls_gcm_finish(mbedtls_gcm_context *ctx,
+ unsigned char *tag,
+ size_t tag_len);
/**
* \brief This function clears a GCM context and the underlying
@@ -305,7 +304,7 @@
* \param ctx The GCM context to clear. If this is \c NULL, the call has
* no effect. Otherwise, this must be initialized.
*/
-void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
+void mbedtls_gcm_free(mbedtls_gcm_context *ctx);
#if defined(MBEDTLS_SELF_TEST)
@@ -315,7 +314,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_gcm_self_test( int verbose );
+int mbedtls_gcm_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/havege.h b/include/mbedtls/havege.h
index 7d27039..7d042d1 100644
--- a/include/mbedtls/havege.h
+++ b/include/mbedtls/havege.h
@@ -40,8 +40,7 @@
/**
* \brief HAVEGE state structure
*/
-typedef struct mbedtls_havege_state
-{
+typedef struct mbedtls_havege_state {
uint32_t PT1, PT2, offset[2];
uint32_t pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
uint32_t WALK[8192];
@@ -53,14 +52,14 @@
*
* \param hs HAVEGE state to be initialized
*/
-void mbedtls_havege_init( mbedtls_havege_state *hs );
+void mbedtls_havege_init(mbedtls_havege_state *hs);
/**
* \brief Clear HAVEGE state
*
* \param hs HAVEGE state to be cleared
*/
-void mbedtls_havege_free( mbedtls_havege_state *hs );
+void mbedtls_havege_free(mbedtls_havege_state *hs);
/**
* \brief HAVEGE rand function
@@ -71,7 +70,7 @@
*
* \return 0
*/
-int mbedtls_havege_random( void *p_rng, unsigned char *output, size_t len );
+int mbedtls_havege_random(void *p_rng, unsigned char *output, size_t len);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h
index 111d960..3118369 100644
--- a/include/mbedtls/hkdf.h
+++ b/include/mbedtls/hkdf.h
@@ -69,10 +69,10 @@
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
* MD layer.
*/
-int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
- size_t salt_len, const unsigned char *ikm, size_t ikm_len,
- const unsigned char *info, size_t info_len,
- unsigned char *okm, size_t okm_len );
+int mbedtls_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt,
+ size_t salt_len, const unsigned char *ikm, size_t ikm_len,
+ const unsigned char *info, size_t info_len,
+ unsigned char *okm, size_t okm_len);
/**
* \brief Take the input keying material \p ikm and extract from it a
@@ -98,10 +98,10 @@
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
* MD layer.
*/
-int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
- const unsigned char *salt, size_t salt_len,
- const unsigned char *ikm, size_t ikm_len,
- unsigned char *prk );
+int mbedtls_hkdf_extract(const mbedtls_md_info_t *md,
+ const unsigned char *salt, size_t salt_len,
+ const unsigned char *ikm, size_t ikm_len,
+ unsigned char *prk);
/**
* \brief Expand the supplied \p prk into several additional pseudorandom
@@ -129,9 +129,9 @@
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
* MD layer.
*/
-int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
- size_t prk_len, const unsigned char *info,
- size_t info_len, unsigned char *okm, size_t okm_len );
+int mbedtls_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk,
+ size_t prk_len, const unsigned char *info,
+ size_t info_len, unsigned char *okm, size_t okm_len);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 6d372b9..3ccf61c 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -86,8 +86,7 @@
/**
* HMAC_DRBG context.
*/
-typedef struct mbedtls_hmac_drbg_context
-{
+typedef struct mbedtls_hmac_drbg_context {
/* Working state: the key K is not stored explicitly,
* but is implied by the HMAC context */
mbedtls_md_context_t md_ctx; /*!< HMAC context (inc. K) */
@@ -129,7 +128,7 @@
*
* \param ctx HMAC_DRBG context to be initialized.
*/
-void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
+void mbedtls_hmac_drbg_init(mbedtls_hmac_drbg_context *ctx);
/**
* \brief HMAC_DRBG initial seeding.
@@ -199,12 +198,12 @@
* \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
* if the call to \p f_entropy failed.
*/
-int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
- const mbedtls_md_info_t * md_info,
- int (*f_entropy)(void *, unsigned char *, size_t),
- void *p_entropy,
- const unsigned char *custom,
- size_t len );
+int mbedtls_hmac_drbg_seed(mbedtls_hmac_drbg_context *ctx,
+ const mbedtls_md_info_t *md_info,
+ int (*f_entropy)(void *, unsigned char *, size_t),
+ void *p_entropy,
+ const unsigned char *custom,
+ size_t len);
/**
* \brief Initialisation of simplified HMAC_DRBG (never reseeds).
@@ -234,9 +233,9 @@
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough
* memory to allocate context data.
*/
-int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
- const mbedtls_md_info_t * md_info,
- const unsigned char *data, size_t data_len );
+int mbedtls_hmac_drbg_seed_buf(mbedtls_hmac_drbg_context *ctx,
+ const mbedtls_md_info_t *md_info,
+ const unsigned char *data, size_t data_len);
/**
* \brief This function turns prediction resistance on or off.
@@ -251,8 +250,8 @@
* \param ctx The HMAC_DRBG context.
* \param resistance #MBEDTLS_HMAC_DRBG_PR_ON or #MBEDTLS_HMAC_DRBG_PR_OFF.
*/
-void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
- int resistance );
+void mbedtls_hmac_drbg_set_prediction_resistance(mbedtls_hmac_drbg_context *ctx,
+ int resistance);
/**
* \brief This function sets the amount of entropy grabbed on each
@@ -263,8 +262,8 @@
* \param ctx The HMAC_DRBG context.
* \param len The amount of entropy to grab, in bytes.
*/
-void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
- size_t len );
+void mbedtls_hmac_drbg_set_entropy_len(mbedtls_hmac_drbg_context *ctx,
+ size_t len);
/**
* \brief Set the reseed interval.
@@ -278,8 +277,8 @@
* \param ctx The HMAC_DRBG context.
* \param interval The reseed interval.
*/
-void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
- int interval );
+void mbedtls_hmac_drbg_set_reseed_interval(mbedtls_hmac_drbg_context *ctx,
+ int interval);
/**
* \brief This function updates the state of the HMAC_DRBG context.
@@ -298,8 +297,8 @@
* \return \c 0 on success, or an error from the underlying
* hash calculation.
*/
-int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
- const unsigned char *additional, size_t add_len );
+int mbedtls_hmac_drbg_update_ret(mbedtls_hmac_drbg_context *ctx,
+ const unsigned char *additional, size_t add_len);
/**
* \brief This function reseeds the HMAC_DRBG context, that is
@@ -325,8 +324,8 @@
* \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
* if a call to the entropy function failed.
*/
-int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
- const unsigned char *additional, size_t len );
+int mbedtls_hmac_drbg_reseed(mbedtls_hmac_drbg_context *ctx,
+ const unsigned char *additional, size_t len);
/**
* \brief This function updates an HMAC_DRBG instance with additional
@@ -359,10 +358,10 @@
* \return #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if
* \p add_len > #MBEDTLS_HMAC_DRBG_MAX_INPUT.
*/
-int mbedtls_hmac_drbg_random_with_add( void *p_rng,
- unsigned char *output, size_t output_len,
- const unsigned char *additional,
- size_t add_len );
+int mbedtls_hmac_drbg_random_with_add(void *p_rng,
+ unsigned char *output, size_t output_len,
+ const unsigned char *additional,
+ size_t add_len);
/**
* \brief This function uses HMAC_DRBG to generate random data.
@@ -391,7 +390,7 @@
* \return #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if
* \p out_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
*/
-int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
+int mbedtls_hmac_drbg_random(void *p_rng, unsigned char *output, size_t out_len);
/**
* \brief This function resets HMAC_DRBG context to the state immediately
@@ -399,9 +398,9 @@
*
* \param ctx The HMAC_DRBG context to free.
*/
-void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
+void mbedtls_hmac_drbg_free(mbedtls_hmac_drbg_context *ctx);
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
#else
@@ -421,7 +420,7 @@
*/
MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update(
mbedtls_hmac_drbg_context *ctx,
- const unsigned char *additional, size_t add_len );
+ const unsigned char *additional, size_t add_len);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -437,7 +436,7 @@
* \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on reseed
* failure.
*/
-int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
+int mbedtls_hmac_drbg_write_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path);
/**
* \brief This function reads and updates a seed file. The seed
@@ -453,7 +452,7 @@
* \return #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if the existing
* seed file is too large.
*/
-int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
+int mbedtls_hmac_drbg_update_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path);
#endif /* MBEDTLS_FS_IO */
@@ -464,7 +463,7 @@
* \return \c 0 if successful.
* \return \c 1 if the test failed.
*/
-int mbedtls_hmac_drbg_self_test( int verbose );
+int mbedtls_hmac_drbg_self_test(int verbose);
#endif
#ifdef __cplusplus
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 9cea40a..db4d14c 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -1,4 +1,4 @@
- /**
+/**
* \file md.h
*
* \brief This file contains the generic message-digest wrapper.
@@ -92,8 +92,7 @@
/**
* The generic message-digest context.
*/
-typedef struct mbedtls_md_context_t
-{
+typedef struct mbedtls_md_context_t {
/** Information about the associated message digest. */
const mbedtls_md_info_t *md_info;
@@ -115,7 +114,7 @@
* message-digest enumeration #mbedtls_md_type_t.
* The last entry is 0.
*/
-const int *mbedtls_md_list( void );
+const int *mbedtls_md_list(void);
/**
* \brief This function returns the message-digest information
@@ -126,7 +125,7 @@
* \return The message-digest information associated with \p md_name.
* \return NULL if the associated message-digest information is not found.
*/
-const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
+const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name);
/**
* \brief This function returns the message-digest information
@@ -137,7 +136,7 @@
* \return The message-digest information associated with \p md_type.
* \return NULL if the associated message-digest information is not found.
*/
-const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
+const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type);
/**
* \brief This function initializes a message-digest context without
@@ -147,7 +146,7 @@
* context for mbedtls_md_setup() for binding it to a
* message-digest algorithm.
*/
-void mbedtls_md_init( mbedtls_md_context_t *ctx );
+void mbedtls_md_init(mbedtls_md_context_t *ctx);
/**
* \brief This function clears the internal structure of \p ctx and
@@ -162,9 +161,9 @@
* You must not call this function if you have not called
* mbedtls_md_init().
*/
-void mbedtls_md_free( mbedtls_md_context_t *ctx );
+void mbedtls_md_free(mbedtls_md_context_t *ctx);
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
#else
@@ -188,7 +187,8 @@
* failure.
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
*/
-int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
+int mbedtls_md_init_ctx(mbedtls_md_context_t *ctx,
+ const mbedtls_md_info_t *md_info) MBEDTLS_DEPRECATED;
#undef MBEDTLS_DEPRECATED
#endif /* MBEDTLS_DEPRECATED_REMOVED */
@@ -212,7 +212,7 @@
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
+int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac);
/**
* \brief This function clones the state of a message-digest
@@ -234,8 +234,8 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_clone( mbedtls_md_context_t *dst,
- const mbedtls_md_context_t *src );
+int mbedtls_md_clone(mbedtls_md_context_t *dst,
+ const mbedtls_md_context_t *src);
/**
* \brief This function extracts the message-digest size from the
@@ -246,7 +246,7 @@
*
* \return The size of the message-digest output in Bytes.
*/
-unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
+unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info);
/**
* \brief This function extracts the message-digest type from the
@@ -257,7 +257,7 @@
*
* \return The type of the message digest.
*/
-mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
+mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info);
/**
* \brief This function extracts the message-digest name from the
@@ -268,7 +268,7 @@
*
* \return The name of the message digest.
*/
-const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
+const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info);
/**
* \brief This function starts a message-digest computation.
@@ -284,7 +284,7 @@
* failure.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_starts( mbedtls_md_context_t *ctx );
+int mbedtls_md_starts(mbedtls_md_context_t *ctx);
/**
* \brief This function feeds an input buffer into an ongoing
@@ -303,7 +303,7 @@
* failure.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
+int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen);
/**
* \brief This function finishes the digest operation,
@@ -324,7 +324,7 @@
* failure.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
+int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output);
/**
* \brief This function calculates the message-digest of a buffer,
@@ -345,8 +345,8 @@
* failure.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
- unsigned char *output );
+int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
+ unsigned char *output);
#if defined(MBEDTLS_FS_IO)
/**
@@ -367,8 +367,8 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
- unsigned char *output );
+int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path,
+ unsigned char *output);
#endif /* MBEDTLS_FS_IO */
/**
@@ -390,8 +390,8 @@
* failure.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
- size_t keylen );
+int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key,
+ size_t keylen);
/**
* \brief This function feeds an input buffer into an ongoing HMAC
@@ -413,8 +413,8 @@
* failure.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
- size_t ilen );
+int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input,
+ size_t ilen);
/**
* \brief This function finishes the HMAC operation, and writes
@@ -435,7 +435,7 @@
* failure.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
+int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output);
/**
* \brief This function prepares to authenticate a new message with
@@ -453,7 +453,7 @@
* failure.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
+int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx);
/**
* \brief This function calculates the full generic HMAC
@@ -478,13 +478,13 @@
* failure.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char *output );
+int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output);
/* Internal use */
MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
+int mbedtls_md_process(mbedtls_md_context_t *ctx, const unsigned char *data);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h
index 7f3d5cf..68b0d32 100644
--- a/include/mbedtls/md2.h
+++ b/include/mbedtls/md2.h
@@ -55,8 +55,7 @@
* stronger message digests instead.
*
*/
-typedef struct mbedtls_md2_context
-{
+typedef struct mbedtls_md2_context {
unsigned char cksum[16]; /*!< checksum of the data block */
unsigned char state[48]; /*!< intermediate digest state */
unsigned char buffer[16]; /*!< data block being processed */
@@ -78,7 +77,7 @@
* stronger message digests instead.
*
*/
-void mbedtls_md2_init( mbedtls_md2_context *ctx );
+void mbedtls_md2_init(mbedtls_md2_context *ctx);
/**
* \brief Clear MD2 context
@@ -90,7 +89,7 @@
* stronger message digests instead.
*
*/
-void mbedtls_md2_free( mbedtls_md2_context *ctx );
+void mbedtls_md2_free(mbedtls_md2_context *ctx);
/**
* \brief Clone (the state of) an MD2 context
@@ -103,8 +102,8 @@
* stronger message digests instead.
*
*/
-void mbedtls_md2_clone( mbedtls_md2_context *dst,
- const mbedtls_md2_context *src );
+void mbedtls_md2_clone(mbedtls_md2_context *dst,
+ const mbedtls_md2_context *src);
/**
* \brief MD2 context setup
@@ -118,7 +117,7 @@
* stronger message digests instead.
*
*/
-int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx );
+int mbedtls_md2_starts_ret(mbedtls_md2_context *ctx);
/**
* \brief MD2 process buffer
@@ -134,9 +133,9 @@
* stronger message digests instead.
*
*/
-int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_md2_update_ret(mbedtls_md2_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief MD2 final digest
@@ -151,8 +150,8 @@
* stronger message digests instead.
*
*/
-int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
- unsigned char output[16] );
+int mbedtls_md2_finish_ret(mbedtls_md2_context *ctx,
+ unsigned char output[16]);
/**
* \brief MD2 process data block (internal use only)
@@ -166,7 +165,7 @@
* stronger message digests instead.
*
*/
-int mbedtls_internal_md2_process( mbedtls_md2_context *ctx );
+int mbedtls_internal_md2_process(mbedtls_md2_context *ctx);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -186,7 +185,7 @@
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_md2_starts( mbedtls_md2_context *ctx );
+MBEDTLS_DEPRECATED void mbedtls_md2_starts(mbedtls_md2_context *ctx);
/**
* \brief MD2 process buffer
@@ -202,9 +201,9 @@
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_md2_update( mbedtls_md2_context *ctx,
- const unsigned char *input,
- size_t ilen );
+MBEDTLS_DEPRECATED void mbedtls_md2_update(mbedtls_md2_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief MD2 final digest
@@ -219,8 +218,8 @@
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_md2_finish( mbedtls_md2_context *ctx,
- unsigned char output[16] );
+MBEDTLS_DEPRECATED void mbedtls_md2_finish(mbedtls_md2_context *ctx,
+ unsigned char output[16]);
/**
* \brief MD2 process data block (internal use only)
@@ -234,7 +233,7 @@
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx );
+MBEDTLS_DEPRECATED void mbedtls_md2_process(mbedtls_md2_context *ctx);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -251,9 +250,9 @@
* stronger message digests instead.
*
*/
-int mbedtls_md2_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] );
+int mbedtls_md2_ret(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16]);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -275,9 +274,9 @@
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] );
+MBEDTLS_DEPRECATED void mbedtls_md2(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16]);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -294,7 +293,7 @@
* stronger message digests instead.
*
*/
-int mbedtls_md2_self_test( int verbose );
+int mbedtls_md2_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h
index 0238c67..fd64710 100644
--- a/include/mbedtls/md4.h
+++ b/include/mbedtls/md4.h
@@ -56,8 +56,7 @@
* stronger message digests instead.
*
*/
-typedef struct mbedtls_md4_context
-{
+typedef struct mbedtls_md4_context {
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
@@ -78,7 +77,7 @@
* stronger message digests instead.
*
*/
-void mbedtls_md4_init( mbedtls_md4_context *ctx );
+void mbedtls_md4_init(mbedtls_md4_context *ctx);
/**
* \brief Clear MD4 context
@@ -90,7 +89,7 @@
* stronger message digests instead.
*
*/
-void mbedtls_md4_free( mbedtls_md4_context *ctx );
+void mbedtls_md4_free(mbedtls_md4_context *ctx);
/**
* \brief Clone (the state of) an MD4 context
@@ -103,8 +102,8 @@
* stronger message digests instead.
*
*/
-void mbedtls_md4_clone( mbedtls_md4_context *dst,
- const mbedtls_md4_context *src );
+void mbedtls_md4_clone(mbedtls_md4_context *dst,
+ const mbedtls_md4_context *src);
/**
* \brief MD4 context setup
@@ -117,7 +116,7 @@
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*/
-int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx );
+int mbedtls_md4_starts_ret(mbedtls_md4_context *ctx);
/**
* \brief MD4 process buffer
@@ -133,9 +132,9 @@
* stronger message digests instead.
*
*/
-int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_md4_update_ret(mbedtls_md4_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief MD4 final digest
@@ -150,8 +149,8 @@
* stronger message digests instead.
*
*/
-int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
- unsigned char output[16] );
+int mbedtls_md4_finish_ret(mbedtls_md4_context *ctx,
+ unsigned char output[16]);
/**
* \brief MD4 process data block (internal use only)
@@ -166,8 +165,8 @@
* stronger message digests instead.
*
*/
-int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
- const unsigned char data[64] );
+int mbedtls_internal_md4_process(mbedtls_md4_context *ctx,
+ const unsigned char data[64]);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -187,7 +186,7 @@
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_md4_starts( mbedtls_md4_context *ctx );
+MBEDTLS_DEPRECATED void mbedtls_md4_starts(mbedtls_md4_context *ctx);
/**
* \brief MD4 process buffer
@@ -203,9 +202,9 @@
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_md4_update( mbedtls_md4_context *ctx,
- const unsigned char *input,
- size_t ilen );
+MBEDTLS_DEPRECATED void mbedtls_md4_update(mbedtls_md4_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief MD4 final digest
@@ -220,8 +219,8 @@
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_md4_finish( mbedtls_md4_context *ctx,
- unsigned char output[16] );
+MBEDTLS_DEPRECATED void mbedtls_md4_finish(mbedtls_md4_context *ctx,
+ unsigned char output[16]);
/**
* \brief MD4 process data block (internal use only)
@@ -236,8 +235,8 @@
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx,
- const unsigned char data[64] );
+MBEDTLS_DEPRECATED void mbedtls_md4_process(mbedtls_md4_context *ctx,
+ const unsigned char data[64]);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -256,9 +255,9 @@
* stronger message digests instead.
*
*/
-int mbedtls_md4_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] );
+int mbedtls_md4_ret(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16]);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -280,9 +279,9 @@
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] );
+MBEDTLS_DEPRECATED void mbedtls_md4(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16]);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -299,7 +298,7 @@
* stronger message digests instead.
*
*/
-int mbedtls_md4_self_test( int verbose );
+int mbedtls_md4_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h
index 73e4dd2..04f71ee 100644
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@@ -55,8 +55,7 @@
* stronger message digests instead.
*
*/
-typedef struct mbedtls_md5_context
-{
+typedef struct mbedtls_md5_context {
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
@@ -77,7 +76,7 @@
* stronger message digests instead.
*
*/
-void mbedtls_md5_init( mbedtls_md5_context *ctx );
+void mbedtls_md5_init(mbedtls_md5_context *ctx);
/**
* \brief Clear MD5 context
@@ -89,7 +88,7 @@
* stronger message digests instead.
*
*/
-void mbedtls_md5_free( mbedtls_md5_context *ctx );
+void mbedtls_md5_free(mbedtls_md5_context *ctx);
/**
* \brief Clone (the state of) an MD5 context
@@ -102,8 +101,8 @@
* stronger message digests instead.
*
*/
-void mbedtls_md5_clone( mbedtls_md5_context *dst,
- const mbedtls_md5_context *src );
+void mbedtls_md5_clone(mbedtls_md5_context *dst,
+ const mbedtls_md5_context *src);
/**
* \brief MD5 context setup
@@ -117,7 +116,7 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx );
+int mbedtls_md5_starts_ret(mbedtls_md5_context *ctx);
/**
* \brief MD5 process buffer
@@ -133,9 +132,9 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_md5_update_ret(mbedtls_md5_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief MD5 final digest
@@ -150,8 +149,8 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
- unsigned char output[16] );
+int mbedtls_md5_finish_ret(mbedtls_md5_context *ctx,
+ unsigned char output[16]);
/**
* \brief MD5 process data block (internal use only)
@@ -166,8 +165,8 @@
* stronger message digests instead.
*
*/
-int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
- const unsigned char data[64] );
+int mbedtls_internal_md5_process(mbedtls_md5_context *ctx,
+ const unsigned char data[64]);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -187,7 +186,7 @@
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_md5_starts( mbedtls_md5_context *ctx );
+MBEDTLS_DEPRECATED void mbedtls_md5_starts(mbedtls_md5_context *ctx);
/**
* \brief MD5 process buffer
@@ -203,9 +202,9 @@
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_md5_update( mbedtls_md5_context *ctx,
- const unsigned char *input,
- size_t ilen );
+MBEDTLS_DEPRECATED void mbedtls_md5_update(mbedtls_md5_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief MD5 final digest
@@ -220,8 +219,8 @@
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_md5_finish( mbedtls_md5_context *ctx,
- unsigned char output[16] );
+MBEDTLS_DEPRECATED void mbedtls_md5_finish(mbedtls_md5_context *ctx,
+ unsigned char output[16]);
/**
* \brief MD5 process data block (internal use only)
@@ -236,8 +235,8 @@
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx,
- const unsigned char data[64] );
+MBEDTLS_DEPRECATED void mbedtls_md5_process(mbedtls_md5_context *ctx,
+ const unsigned char data[64]);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -256,9 +255,9 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] );
+int mbedtls_md5_ret(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16]);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -280,9 +279,9 @@
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] );
+MBEDTLS_DEPRECATED void mbedtls_md5(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16]);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -299,7 +298,7 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5_self_test( int verbose );
+int mbedtls_md5_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h
index f33cdf6..9e10f24 100644
--- a/include/mbedtls/md_internal.h
+++ b/include/mbedtls/md_internal.h
@@ -42,10 +42,9 @@
* Message digest information.
* Allows message digest functions to be called in a generic way.
*/
-struct mbedtls_md_info_t
-{
+struct mbedtls_md_info_t {
/** Name of the message digest */
- const char * name;
+ const char *name;
/** Digest identifier */
mbedtls_md_type_t type;
diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h
index 3954b36..bc28252 100644
--- a/include/mbedtls/memory_buffer_alloc.h
+++ b/include/mbedtls/memory_buffer_alloc.h
@@ -47,7 +47,8 @@
#define MBEDTLS_MEMORY_VERIFY_NONE 0
#define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0)
#define MBEDTLS_MEMORY_VERIFY_FREE (1 << 1)
-#define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
+#define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | \
+ MBEDTLS_MEMORY_VERIFY_FREE)
#ifdef __cplusplus
extern "C" {
@@ -68,12 +69,12 @@
* \param buf buffer to use as heap
* \param len size of the buffer
*/
-void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len );
+void mbedtls_memory_buffer_alloc_init(unsigned char *buf, size_t len);
/**
* \brief Free the mutex for thread-safety and clear remaining memory
*/
-void mbedtls_memory_buffer_alloc_free( void );
+void mbedtls_memory_buffer_alloc_free(void);
/**
* \brief Determine when the allocator should automatically verify the state
@@ -83,7 +84,7 @@
* \param verify One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC,
* MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS
*/
-void mbedtls_memory_buffer_set_verify( int verify );
+void mbedtls_memory_buffer_set_verify(int verify);
#if defined(MBEDTLS_MEMORY_DEBUG)
/**
@@ -92,7 +93,7 @@
* Prints out a list of 'still allocated' blocks and their stack
* trace if MBEDTLS_MEMORY_BACKTRACE is defined.
*/
-void mbedtls_memory_buffer_alloc_status( void );
+void mbedtls_memory_buffer_alloc_status(void);
/**
* \brief Get the peak heap usage so far
@@ -102,12 +103,12 @@
* into smaller blocks but larger than the requested size.
* \param max_blocks Peak number of blocks in use, including free and used
*/
-void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
+void mbedtls_memory_buffer_alloc_max_get(size_t *max_used, size_t *max_blocks);
/**
* \brief Reset peak statistics
*/
-void mbedtls_memory_buffer_alloc_max_reset( void );
+void mbedtls_memory_buffer_alloc_max_reset(void);
/**
* \brief Get the current heap usage
@@ -117,7 +118,7 @@
* into smaller blocks but larger than the requested size.
* \param cur_blocks Current number of blocks in use, including free and used
*/
-void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
+void mbedtls_memory_buffer_alloc_cur_get(size_t *cur_used, size_t *cur_blocks);
#endif /* MBEDTLS_MEMORY_DEBUG */
/**
@@ -131,7 +132,7 @@
*
* \return 0 if verified, 1 otherwise
*/
-int mbedtls_memory_buffer_alloc_verify( void );
+int mbedtls_memory_buffer_alloc_verify(void);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -139,7 +140,7 @@
*
* \return 0 if successful, or 1 if a test failed
*/
-int mbedtls_memory_buffer_alloc_self_test( int verbose );
+int mbedtls_memory_buffer_alloc_self_test(int verbose);
#endif
#ifdef __cplusplus
diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index ceb7d5f..c8bcde0 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -95,8 +95,7 @@
* (eg two file descriptors for combined IPv4 + IPv6 support, or additional
* structures for hand-made UDP demultiplexing).
*/
-typedef struct mbedtls_net_context
-{
+typedef struct mbedtls_net_context {
int fd; /**< The underlying file descriptor */
}
mbedtls_net_context;
@@ -107,7 +106,7 @@
*
* \param ctx Context to initialize
*/
-void mbedtls_net_init( mbedtls_net_context *ctx );
+void mbedtls_net_init(mbedtls_net_context *ctx);
/**
* \brief Initiate a connection with host:port in the given protocol
@@ -124,7 +123,7 @@
*
* \note Sets the socket in connected mode even with UDP.
*/
-int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto );
+int mbedtls_net_connect(mbedtls_net_context *ctx, const char *host, const char *port, int proto);
/**
* \brief Create a receiving socket on bind_ip:port in the chosen
@@ -144,7 +143,7 @@
* \note Regardless of the protocol, opens the sockets and binds it.
* In addition, make the socket listening if protocol is TCP.
*/
-int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto );
+int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto);
/**
* \brief Accept a connection from a remote client
@@ -164,9 +163,9 @@
* MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
* non-blocking and accept() would block.
*/
-int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
- mbedtls_net_context *client_ctx,
- void *client_ip, size_t buf_size, size_t *ip_len );
+int mbedtls_net_accept(mbedtls_net_context *bind_ctx,
+ mbedtls_net_context *client_ctx,
+ void *client_ip, size_t buf_size, size_t *ip_len);
/**
* \brief Check and wait for the context to be ready for read/write
@@ -193,7 +192,7 @@
* \return Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE
* on success or timeout, or a negative return code otherwise.
*/
-int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout );
+int mbedtls_net_poll(mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout);
/**
* \brief Set the socket blocking
@@ -202,7 +201,7 @@
*
* \return 0 if successful, or a non-zero error code
*/
-int mbedtls_net_set_block( mbedtls_net_context *ctx );
+int mbedtls_net_set_block(mbedtls_net_context *ctx);
/**
* \brief Set the socket non-blocking
@@ -211,7 +210,7 @@
*
* \return 0 if successful, or a non-zero error code
*/
-int mbedtls_net_set_nonblock( mbedtls_net_context *ctx );
+int mbedtls_net_set_nonblock(mbedtls_net_context *ctx);
/**
* \brief Portable usleep helper
@@ -221,7 +220,7 @@
* \note Real amount of time slept will not be less than
* select()'s timeout granularity (typically, 10ms).
*/
-void mbedtls_net_usleep( unsigned long usec );
+void mbedtls_net_usleep(unsigned long usec);
/**
* \brief Read at most 'len' characters. If no error occurs,
@@ -235,7 +234,7 @@
* or a non-zero error code; with a non-blocking socket,
* MBEDTLS_ERR_SSL_WANT_READ indicates read() would block.
*/
-int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
+int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len);
/**
* \brief Write at most 'len' characters. If no error occurs,
@@ -249,7 +248,7 @@
* or a non-zero error code; with a non-blocking socket,
* MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block.
*/
-int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
+int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len);
/**
* \brief Read at most 'len' characters, blocking for at most
@@ -277,22 +276,22 @@
* non-blocking. Handling timeouts with non-blocking reads
* requires a different strategy.
*/
-int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
- uint32_t timeout );
+int mbedtls_net_recv_timeout(void *ctx, unsigned char *buf, size_t len,
+ uint32_t timeout);
/**
* \brief Closes down the connection and free associated data
*
* \param ctx The context to close
*/
-void mbedtls_net_close( mbedtls_net_context *ctx );
+void mbedtls_net_close(mbedtls_net_context *ctx);
/**
* \brief Gracefully shutdown the connection and free associated data
*
* \param ctx The context to free
*/
-void mbedtls_net_free( mbedtls_net_context *ctx );
+void mbedtls_net_free(mbedtls_net_context *ctx);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h
index 7f3e64a..8d3a4a5 100644
--- a/include/mbedtls/nist_kw.h
+++ b/include/mbedtls/nist_kw.h
@@ -47,8 +47,7 @@
extern "C" {
#endif
-typedef enum
-{
+typedef enum {
MBEDTLS_KW_MODE_KW = 0,
MBEDTLS_KW_MODE_KWP = 1
} mbedtls_nist_kw_mode_t;
@@ -80,7 +79,7 @@
* \param ctx The key wrapping context to initialize.
*
*/
-void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx );
+void mbedtls_nist_kw_init(mbedtls_nist_kw_context *ctx);
/**
* \brief This function initializes the key wrapping context set in the
@@ -98,11 +97,11 @@
* which are not supported.
* \return cipher-specific error code on failure of the underlying cipher.
*/
-int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
- mbedtls_cipher_id_t cipher,
- const unsigned char *key,
- unsigned int keybits,
- const int is_wrap );
+int mbedtls_nist_kw_setkey(mbedtls_nist_kw_context *ctx,
+ mbedtls_cipher_id_t cipher,
+ const unsigned char *key,
+ unsigned int keybits,
+ const int is_wrap);
/**
* \brief This function releases and clears the specified key wrapping context
@@ -110,7 +109,7 @@
*
* \param ctx The key wrapping context to clear.
*/
-void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx );
+void mbedtls_nist_kw_free(mbedtls_nist_kw_context *ctx);
/**
* \brief This function encrypts a buffer using key wrapping.
@@ -133,9 +132,9 @@
* \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
* \return cipher-specific error code on failure of the underlying cipher.
*/
-int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
- const unsigned char *input, size_t in_len,
- unsigned char *output, size_t* out_len, size_t out_size );
+int mbedtls_nist_kw_wrap(mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
+ const unsigned char *input, size_t in_len,
+ unsigned char *output, size_t *out_len, size_t out_size);
/**
* \brief This function decrypts a buffer using key wrapping.
@@ -160,9 +159,9 @@
* \return \c MBEDTLS_ERR_CIPHER_AUTH_FAILED for verification failure of the ciphertext.
* \return cipher-specific error code on failure of the underlying cipher.
*/
-int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
- const unsigned char *input, size_t in_len,
- unsigned char *output, size_t* out_len, size_t out_size);
+int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
+ const unsigned char *input, size_t in_len,
+ unsigned char *output, size_t *out_len, size_t out_size);
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
@@ -172,7 +171,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_nist_kw_self_test( int verbose );
+int mbedtls_nist_kw_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
#ifdef __cplusplus
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 0186217..a64eaeb 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -82,10 +82,10 @@
#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */
#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */
#define MBEDTLS_OID_RSA_COMPANY MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
- MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
+ MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */
#define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
- MBEDTLS_OID_ORG_ANSI_X9_62
+ MBEDTLS_OID_ORG_ANSI_X9_62
/*
* ISO Identified organization OID parts
@@ -96,15 +96,18 @@
#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02"
#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */
-#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
+#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG \
+ MBEDTLS_OID_ORG_CERTICOM
#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */
-#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
+#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG \
+ MBEDTLS_OID_ORG_TELETRUST
/*
* ISO ITU OID parts
*/
#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */
-#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
+#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US \
+ MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */
#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
@@ -122,7 +125,8 @@
* { iso(1) identified-organization(3) dod(6) internet(1)
* security(5) mechanisms(5) pkix(7) }
*/
-#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01"
+#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD \
+ "\x01"
#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07"
/*
@@ -254,7 +258,8 @@
#define MBEDTLS_OID_DIGEST_ALG_MD2 MBEDTLS_OID_RSA_COMPANY "\x02\x02" /**< id-mbedtls_md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
#define MBEDTLS_OID_DIGEST_ALG_MD4 MBEDTLS_OID_RSA_COMPANY "\x02\x04" /**< id-mbedtls_md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG \
+ MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
@@ -277,7 +282,8 @@
/*
* Encryption algorithms
*/
-#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
+#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG \
+ MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
@@ -439,8 +445,7 @@
/**
* \brief Base OID descriptor structure
*/
-typedef struct mbedtls_oid_descriptor_t
-{
+typedef struct mbedtls_oid_descriptor_t {
const char *asn1; /*!< OID ASN.1 representation */
size_t asn1_len; /*!< length of asn1 */
const char *name; /*!< official name (e.g. from RFC) */
@@ -458,7 +463,7 @@
* \return Length of the string written (excluding final NULL) or
* MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
*/
-int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid );
+int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid);
/**
* \brief Translate an X.509 extension OID into local values
@@ -468,7 +473,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
+int mbedtls_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type);
/**
* \brief Translate an X.509 attribute type OID into the short name
@@ -479,7 +484,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name );
+int mbedtls_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name);
/**
* \brief Translate PublicKeyAlgorithm OID into pk_type
@@ -489,7 +494,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg );
+int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg);
/**
* \brief Translate pk_type into PublicKeyAlgorithm OID
@@ -500,8 +505,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
- const char **oid, size_t *olen );
+int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg,
+ const char **oid, size_t *olen);
#if defined(MBEDTLS_ECP_C)
/**
@@ -512,7 +517,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id );
+int mbedtls_oid_get_ec_grp(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id);
/**
* \brief Translate EC group identifier into NamedCurve OID
@@ -523,8 +528,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
- const char **oid, size_t *olen );
+int mbedtls_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id,
+ const char **oid, size_t *olen);
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_MD_C)
@@ -537,8 +542,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid,
- mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg );
+int mbedtls_oid_get_sig_alg(const mbedtls_asn1_buf *oid,
+ mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg);
/**
* \brief Translate SignatureAlgorithm OID into description
@@ -548,7 +553,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc );
+int mbedtls_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc);
/**
* \brief Translate md_type and pk_type into SignatureAlgorithm OID
@@ -560,8 +565,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
- const char **oid, size_t *olen );
+int mbedtls_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
+ const char **oid, size_t *olen);
/**
* \brief Translate hash algorithm OID into md_type
@@ -571,7 +576,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
+int mbedtls_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg);
/**
* \brief Translate hmac algorithm OID into md_type
@@ -581,7 +586,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac );
+int mbedtls_oid_get_md_hmac(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac);
#endif /* MBEDTLS_MD_C */
/**
@@ -592,7 +597,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
+int mbedtls_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc);
/**
* \brief Translate certificate policies OID into description
@@ -602,7 +607,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const char **desc );
+int mbedtls_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc);
/**
* \brief Translate md_type into hash algorithm OID
@@ -613,7 +618,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen );
+int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t *olen);
#if defined(MBEDTLS_CIPHER_C)
/**
@@ -624,7 +629,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg );
+int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg);
#endif /* MBEDTLS_CIPHER_C */
#if defined(MBEDTLS_PKCS12_C)
@@ -638,8 +643,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
- mbedtls_cipher_type_t *cipher_alg );
+int mbedtls_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
+ mbedtls_cipher_type_t *cipher_alg);
#endif /* MBEDTLS_PKCS12_C */
#ifdef __cplusplus
diff --git a/include/mbedtls/padlock.h b/include/mbedtls/padlock.h
index 624d02d..01069ea 100644
--- a/include/mbedtls/padlock.h
+++ b/include/mbedtls/padlock.h
@@ -74,7 +74,7 @@
*
* \return non-zero if CPU has support for the feature, 0 otherwise
*/
-int mbedtls_padlock_has_support( int feature );
+int mbedtls_padlock_has_support(int feature);
/**
* \brief Internal PadLock AES-ECB block en(de)cryption
@@ -89,10 +89,10 @@
*
* \return 0 if success, 1 if operation failed
*/
-int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] );
+int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx,
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16]);
/**
* \brief Internal PadLock AES-CBC buffer en(de)cryption
@@ -109,12 +109,12 @@
*
* \return 0 if success, 1 if operation failed
*/
-int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h
index daa71c8..fee32a3 100644
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@@ -64,8 +64,7 @@
/**
* \brief PEM context structure
*/
-typedef struct mbedtls_pem_context
-{
+typedef struct mbedtls_pem_context {
unsigned char *buf; /*!< buffer for decoded data */
size_t buflen; /*!< length of the buffer */
unsigned char *info; /*!< buffer for extra header information */
@@ -77,7 +76,7 @@
*
* \param ctx context to be initialized
*/
-void mbedtls_pem_init( mbedtls_pem_context *ctx );
+void mbedtls_pem_init(mbedtls_pem_context *ctx);
/**
* \brief Read a buffer for PEM information and store the resulting
@@ -101,17 +100,17 @@
*
* \return 0 on success, or a specific PEM error code
*/
-int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
- const unsigned char *data,
- const unsigned char *pwd,
- size_t pwdlen, size_t *use_len );
+int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const char *footer,
+ const unsigned char *data,
+ const unsigned char *pwd,
+ size_t pwdlen, size_t *use_len);
/**
* \brief PEM context memory freeing
*
* \param ctx context to be freed
*/
-void mbedtls_pem_free( mbedtls_pem_context *ctx );
+void mbedtls_pem_free(mbedtls_pem_context *ctx);
#endif /* MBEDTLS_PEM_PARSE_C */
#if defined(MBEDTLS_PEM_WRITE_C)
@@ -141,9 +140,9 @@
* the required minimum size of \p buf.
* \return Another PEM or BASE64 error code on other kinds of failure.
*/
-int mbedtls_pem_write_buffer( const char *header, const char *footer,
- const unsigned char *der_data, size_t der_len,
- unsigned char *buf, size_t buf_len, size_t *olen );
+int mbedtls_pem_write_buffer(const char *header, const char *footer,
+ const unsigned char *der_data, size_t der_len,
+ unsigned char *buf, size_t buf_len, size_t *olen);
#endif /* MBEDTLS_PEM_WRITE_C */
#ifdef __cplusplus
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index c9a13f4..a226e71 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -47,7 +47,7 @@
#include "psa/crypto.h"
#endif
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
@@ -107,8 +107,7 @@
* \brief Options for RSASSA-PSS signature verification.
* See \c mbedtls_rsa_rsassa_pss_verify_ext()
*/
-typedef struct mbedtls_pk_rsassa_pss_options
-{
+typedef struct mbedtls_pk_rsassa_pss_options {
mbedtls_md_type_t mgf1_hash_id;
int expected_salt_len;
@@ -128,7 +127,7 @@
*/
#define MBEDTLS_PK_SIGNATURE_MAX_SIZE 0
-#if ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT) ) && \
+#if (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT)) && \
MBEDTLS_MPI_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
/* For RSA, the signature can be as large as the bignum module allows.
* For RSA_ALT, the signature size is not necessarily tied to what the
@@ -162,15 +161,14 @@
* types, lengths (represented by up to 2 bytes), and potential leading
* zeros of the INTEGERs and the SEQUENCE. */
#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE ( PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 )
+#define MBEDTLS_PK_SIGNATURE_MAX_SIZE (PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11)
#endif
#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */
/**
* \brief Types for interfacing with the debug module
*/
-typedef enum
-{
+typedef enum {
MBEDTLS_PK_DEBUG_NONE = 0,
MBEDTLS_PK_DEBUG_MPI,
MBEDTLS_PK_DEBUG_ECP,
@@ -179,8 +177,7 @@
/**
* \brief Item to send to the debug module
*/
-typedef struct mbedtls_pk_debug_item
-{
+typedef struct mbedtls_pk_debug_item {
mbedtls_pk_debug_type type;
const char *name;
void *value;
@@ -197,20 +194,18 @@
/**
* \brief Public key container
*/
-typedef struct mbedtls_pk_context
-{
- const mbedtls_pk_info_t * pk_info; /**< Public key information */
- void * pk_ctx; /**< Underlying public key context */
+typedef struct mbedtls_pk_context {
+ const mbedtls_pk_info_t *pk_info; /**< Public key information */
+ void *pk_ctx; /**< Underlying public key context */
} mbedtls_pk_context;
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/**
* \brief Context for resuming operations
*/
-typedef struct
-{
- const mbedtls_pk_info_t * pk_info; /**< Public key information */
- void * rs_ctx; /**< Underlying restart context */
+typedef struct {
+ const mbedtls_pk_info_t *pk_info; /**< Public key information */
+ void *rs_ctx; /**< Underlying restart context */
} mbedtls_pk_restart_ctx;
#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
/* Now we can declare functions that take a pointer to that */
@@ -221,14 +216,16 @@
/**
* \brief Types for RSA-alt abstraction
*/
-typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen,
- const unsigned char *input, unsigned char *output,
- size_t output_max_len );
-typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
- const unsigned char *hash, unsigned char *sig );
-typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
+typedef int (*mbedtls_pk_rsa_alt_decrypt_func)(void *ctx, int mode, size_t *olen,
+ const unsigned char *input, unsigned char *output,
+ size_t output_max_len);
+typedef int (*mbedtls_pk_rsa_alt_sign_func)(void *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode, mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash, unsigned char *sig);
+typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)(void *ctx);
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
/**
@@ -238,7 +235,7 @@
*
* \return The PK info associated with the type or NULL if not found.
*/
-const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
+const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type);
/**
* \brief Initialize a #mbedtls_pk_context (as NONE).
@@ -246,7 +243,7 @@
* \param ctx The context to initialize.
* This must not be \c NULL.
*/
-void mbedtls_pk_init( mbedtls_pk_context *ctx );
+void mbedtls_pk_init(mbedtls_pk_context *ctx);
/**
* \brief Free the components of a #mbedtls_pk_context.
@@ -259,7 +256,7 @@
* PSA key and you still need to call psa_destroy_key()
* independently if you want to destroy that key.
*/
-void mbedtls_pk_free( mbedtls_pk_context *ctx );
+void mbedtls_pk_free(mbedtls_pk_context *ctx);
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/**
@@ -268,7 +265,7 @@
* \param ctx The context to initialize.
* This must not be \c NULL.
*/
-void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx );
+void mbedtls_pk_restart_init(mbedtls_pk_restart_ctx *ctx);
/**
* \brief Free the components of a restart context
@@ -276,7 +273,7 @@
* \param ctx The context to clear. It must have been initialized.
* If this is \c NULL, this function does nothing.
*/
-void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx );
+void mbedtls_pk_restart_free(mbedtls_pk_restart_ctx *ctx);
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
/**
@@ -294,7 +291,7 @@
* \note For contexts holding an RSA-alt key, use
* \c mbedtls_pk_setup_rsa_alt() instead.
*/
-int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
+int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
@@ -325,8 +322,8 @@
* ECC key pair.
* \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
*/
-int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx,
- const psa_key_id_t key );
+int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx,
+ const psa_key_id_t key);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
@@ -345,10 +342,10 @@
*
* \note This function replaces \c mbedtls_pk_setup() for RSA-alt.
*/
-int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
- mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
- mbedtls_pk_rsa_alt_sign_func sign_func,
- mbedtls_pk_rsa_alt_key_len_func key_len_func );
+int mbedtls_pk_setup_rsa_alt(mbedtls_pk_context *ctx, void *key,
+ mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
+ mbedtls_pk_rsa_alt_sign_func sign_func,
+ mbedtls_pk_rsa_alt_key_len_func key_len_func);
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
/**
@@ -358,7 +355,7 @@
*
* \return Key size in bits, or 0 on error
*/
-size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
+size_t mbedtls_pk_get_bitlen(const mbedtls_pk_context *ctx);
/**
* \brief Get the length in bytes of the underlying key
@@ -367,9 +364,9 @@
*
* \return Key length in bytes, or 0 on error
*/
-static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
+static inline size_t mbedtls_pk_get_len(const mbedtls_pk_context *ctx)
{
- return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 );
+ return (mbedtls_pk_get_bitlen(ctx) + 7) / 8;
}
/**
@@ -384,7 +381,7 @@
* been initialized but not set up, or that has been
* cleared with mbedtls_pk_free().
*/
-int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
+int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type);
/**
* \brief Verify signature (including padding if relevant).
@@ -410,9 +407,9 @@
*
* \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
*/
-int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len );
+int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len);
/**
* \brief Restartable version of \c mbedtls_pk_verify()
@@ -434,11 +431,11 @@
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
* operations was reached: see \c mbedtls_ecp_set_max_ops().
*/
-int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len,
- mbedtls_pk_restart_ctx *rs_ctx );
+int mbedtls_pk_verify_restartable(mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len,
+ mbedtls_pk_restart_ctx *rs_ctx);
/**
* \brief Verify signature, with options.
@@ -469,10 +466,10 @@
* to a mbedtls_pk_rsassa_pss_options structure,
* otherwise it must be NULL.
*/
-int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
- mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len );
+int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options,
+ mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len);
/**
* \brief Make signature, including padding if relevant.
@@ -504,10 +501,10 @@
* \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
* For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
*/
-int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
/**
* \brief Restartable version of \c mbedtls_pk_sign()
@@ -537,12 +534,12 @@
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
* operations was reached: see \c mbedtls_ecp_set_max_ops().
*/
-int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_pk_restart_ctx *rs_ctx );
+int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ mbedtls_pk_restart_ctx *rs_ctx);
/**
* \brief Decrypt message (including padding if relevant).
@@ -561,10 +558,10 @@
*
* \return 0 on success, or a specific error code.
*/
-int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_pk_decrypt(mbedtls_pk_context *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
/**
* \brief Encrypt message (including padding if relevant).
@@ -582,10 +579,10 @@
*
* \return 0 on success, or a specific error code.
*/
-int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_pk_encrypt(mbedtls_pk_context *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
/**
* \brief Check if a public-private pair of keys matches.
@@ -599,7 +596,7 @@
* \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid.
* \return Another non-zero value if the keys do not match.
*/
-int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv );
+int mbedtls_pk_check_pair(const mbedtls_pk_context *pub, const mbedtls_pk_context *prv);
/**
* \brief Export debug information
@@ -609,7 +606,7 @@
*
* \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
*/
-int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
+int mbedtls_pk_debug(const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items);
/**
* \brief Access the type name
@@ -618,7 +615,7 @@
*
* \return Type name on success, or "invalid PK"
*/
-const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
+const char *mbedtls_pk_get_name(const mbedtls_pk_context *ctx);
/**
* \brief Get the key type
@@ -628,7 +625,7 @@
* \return Type on success.
* \return #MBEDTLS_PK_NONE for a context that has not been set up.
*/
-mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
+mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx);
#if defined(MBEDTLS_RSA_C)
/**
@@ -641,14 +638,13 @@
*
* \return The internal RSA context held by the PK context, or NULL.
*/
-static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
+static inline mbedtls_rsa_context *mbedtls_pk_rsa(const mbedtls_pk_context pk)
{
- switch( mbedtls_pk_get_type( &pk ) )
- {
+ switch (mbedtls_pk_get_type(&pk)) {
case MBEDTLS_PK_RSA:
- return( (mbedtls_rsa_context *) (pk).pk_ctx );
+ return (mbedtls_rsa_context *) (pk).pk_ctx;
default:
- return( NULL );
+ return NULL;
}
}
#endif /* MBEDTLS_RSA_C */
@@ -665,16 +661,15 @@
*
* \return The internal EC context held by the PK context, or NULL.
*/
-static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
+static inline mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk)
{
- switch( mbedtls_pk_get_type( &pk ) )
- {
+ switch (mbedtls_pk_get_type(&pk)) {
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA:
- return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
+ return (mbedtls_ecp_keypair *) (pk).pk_ctx;
default:
- return( NULL );
+ return NULL;
}
}
#endif /* MBEDTLS_ECP_C */
@@ -709,9 +704,9 @@
*
* \return 0 if successful, or a specific PK or PEM error code
*/
-int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
- const unsigned char *key, size_t keylen,
- const unsigned char *pwd, size_t pwdlen );
+int mbedtls_pk_parse_key(mbedtls_pk_context *ctx,
+ const unsigned char *key, size_t keylen,
+ const unsigned char *pwd, size_t pwdlen);
/** \ingroup pk_module */
/**
@@ -735,8 +730,8 @@
*
* \return 0 if successful, or a specific PK or PEM error code
*/
-int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
- const unsigned char *key, size_t keylen );
+int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx,
+ const unsigned char *key, size_t keylen);
#if defined(MBEDTLS_FS_IO)
/** \ingroup pk_module */
@@ -760,8 +755,8 @@
*
* \return 0 if successful, or a specific PK or PEM error code
*/
-int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
- const char *path, const char *password );
+int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx,
+ const char *path, const char *password);
/** \ingroup pk_module */
/**
@@ -780,7 +775,7 @@
*
* \return 0 if successful, or a specific PK or PEM error code
*/
-int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path );
+int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path);
#endif /* MBEDTLS_FS_IO */
#endif /* MBEDTLS_PK_PARSE_C */
@@ -798,7 +793,7 @@
* \return length of data written if successful, or a specific
* error code
*/
-int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+int mbedtls_pk_write_key_der(mbedtls_pk_context *ctx, unsigned char *buf, size_t size);
/**
* \brief Write a public key to a SubjectPublicKeyInfo DER structure
@@ -813,7 +808,7 @@
* \return length of data written if successful, or a specific
* error code
*/
-int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+int mbedtls_pk_write_pubkey_der(mbedtls_pk_context *ctx, unsigned char *buf, size_t size);
#if defined(MBEDTLS_PEM_WRITE_C)
/**
@@ -826,7 +821,7 @@
*
* \return 0 if successful, or a specific error code
*/
-int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+int mbedtls_pk_write_pubkey_pem(mbedtls_pk_context *ctx, unsigned char *buf, size_t size);
/**
* \brief Write a private key to a PKCS#1 or SEC1 PEM string
@@ -838,7 +833,7 @@
*
* \return 0 if successful, or a specific error code
*/
-int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+int mbedtls_pk_write_key_pem(mbedtls_pk_context *ctx, unsigned char *buf, size_t size);
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_PK_WRITE_C */
@@ -858,8 +853,8 @@
*
* \return 0 if successful, or a specific PK error code
*/
-int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
- mbedtls_pk_context *pk );
+int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end,
+ mbedtls_pk_context *pk);
#endif /* MBEDTLS_PK_PARSE_C */
#if defined(MBEDTLS_PK_WRITE_C)
@@ -873,8 +868,8 @@
*
* \return the length written or a negative error code
*/
-int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
- const mbedtls_pk_context *key );
+int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
+ const mbedtls_pk_context *key);
#endif /* MBEDTLS_PK_WRITE_C */
/*
@@ -882,7 +877,7 @@
* know you do.
*/
#if defined(MBEDTLS_FS_IO)
-int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
+int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n);
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -906,9 +901,9 @@
* \return \c 0 if successful.
* \return An Mbed TLS error code otherwise.
*/
-int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
- psa_key_id_t *key,
- psa_algorithm_t hash_alg );
+int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
+ psa_key_id_t *key,
+ psa_algorithm_t hash_alg);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#ifdef __cplusplus
diff --git a/include/mbedtls/pk_internal.h b/include/mbedtls/pk_internal.h
index 47f7767..8a0c30f 100644
--- a/include/mbedtls/pk_internal.h
+++ b/include/mbedtls/pk_internal.h
@@ -31,8 +31,7 @@
#include "mbedtls/pk.h"
-struct mbedtls_pk_info_t
-{
+struct mbedtls_pk_info_t {
/** Public key type */
mbedtls_pk_type_t type;
@@ -40,75 +39,74 @@
const char *name;
/** Get key size in bits */
- size_t (*get_bitlen)( const void * );
+ size_t (*get_bitlen)(const void *);
/** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */
- int (*can_do)( mbedtls_pk_type_t type );
+ int (*can_do)(mbedtls_pk_type_t type);
/** Verify signature */
- int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len );
+ int (*verify_func)(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len);
/** Make signature */
- int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+ int (*sign_func)(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/** Verify signature (restartable) */
- int (*verify_rs_func)( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len,
- void *rs_ctx );
+ int (*verify_rs_func)(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len,
+ void *rs_ctx);
/** Make signature (restartable) */
- int (*sign_rs_func)( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng, void *rs_ctx );
+ int (*sign_rs_func)(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng, void *rs_ctx);
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
/** Decrypt message */
- int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+ int (*decrypt_func)(void *ctx, const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/** Encrypt message */
- int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+ int (*encrypt_func)(void *ctx, const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/** Check public-private key pair */
- int (*check_pair_func)( const void *pub, const void *prv );
+ int (*check_pair_func)(const void *pub, const void *prv);
/** Allocate a new context */
- void * (*ctx_alloc_func)( void );
+ void * (*ctx_alloc_func)(void);
/** Free the given context */
- void (*ctx_free_func)( void *ctx );
+ void (*ctx_free_func)(void *ctx);
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/** Allocate the restart context */
- void * (*rs_alloc_func)( void );
+ void *(*rs_alloc_func)(void);
/** Free the restart context */
- void (*rs_free_func)( void *rs_ctx );
+ void (*rs_free_func)(void *rs_ctx);
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
/** Interface with the debug module */
- void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );
+ void (*debug_func)(const void *ctx, mbedtls_pk_debug_item *items);
};
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/* Container for RSA-alt */
-typedef struct
-{
+typedef struct {
void *key;
mbedtls_pk_rsa_alt_decrypt_func decrypt_func;
mbedtls_pk_rsa_alt_sign_func sign_func;
diff --git a/include/mbedtls/pkcs11.h b/include/mbedtls/pkcs11.h
index 3530ee1..80a8a9c 100644
--- a/include/mbedtls/pkcs11.h
+++ b/include/mbedtls/pkcs11.h
@@ -36,7 +36,7 @@
#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
@@ -50,10 +50,9 @@
/**
* Context for PKCS #11 private keys.
*/
-typedef struct mbedtls_pkcs11_context
-{
- pkcs11h_certificate_t pkcs11h_cert;
- int len;
+typedef struct mbedtls_pkcs11_context {
+ pkcs11h_certificate_t pkcs11h_cert;
+ int len;
} mbedtls_pkcs11_context;
#if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -69,7 +68,7 @@
* \deprecated This function is deprecated and will be removed in a
* future version of the library.
*/
-MBEDTLS_DEPRECATED void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx );
+MBEDTLS_DEPRECATED void mbedtls_pkcs11_init(mbedtls_pkcs11_context *ctx);
/**
* Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
@@ -82,8 +81,8 @@
*
* \return 0 on success.
*/
-MBEDTLS_DEPRECATED int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert,
- pkcs11h_certificate_t pkcs11h_cert );
+MBEDTLS_DEPRECATED int mbedtls_pkcs11_x509_cert_bind(mbedtls_x509_crt *cert,
+ pkcs11h_certificate_t pkcs11h_cert);
/**
* Set up a mbedtls_pkcs11_context storing the given certificate. Note that the
@@ -99,8 +98,8 @@
* \return 0 on success
*/
MBEDTLS_DEPRECATED int mbedtls_pkcs11_priv_key_bind(
- mbedtls_pkcs11_context *priv_key,
- pkcs11h_certificate_t pkcs11_cert );
+ mbedtls_pkcs11_context *priv_key,
+ pkcs11h_certificate_t pkcs11_cert);
/**
* Free the contents of the given private key context. Note that the structure
@@ -112,7 +111,7 @@
* \param priv_key Private key structure to cleanup
*/
MBEDTLS_DEPRECATED void mbedtls_pkcs11_priv_key_free(
- mbedtls_pkcs11_context *priv_key );
+ mbedtls_pkcs11_context *priv_key);
/**
* \brief Do an RSA private key decrypt, then remove the message
@@ -134,11 +133,11 @@
* of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
* an error is thrown.
*/
-MBEDTLS_DEPRECATED int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
- int mode, size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
+MBEDTLS_DEPRECATED int mbedtls_pkcs11_decrypt(mbedtls_pkcs11_context *ctx,
+ int mode, size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len);
/**
* \brief Do a private RSA to sign a message digest
@@ -159,12 +158,12 @@
* \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/
-MBEDTLS_DEPRECATED int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
+MBEDTLS_DEPRECATED int mbedtls_pkcs11_sign(mbedtls_pkcs11_context *ctx,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig);
/**
* SSL/TLS wrappers for PKCS#11 functions
@@ -172,13 +171,15 @@
* \deprecated This function is deprecated and will be removed in a future
* version of the library.
*/
-MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx,
- int mode, size_t *olen,
- const unsigned char *input, unsigned char *output,
- size_t output_max_len )
+MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt(void *ctx,
+ int mode,
+ size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len)
{
- return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output,
- output_max_len );
+ return mbedtls_pkcs11_decrypt((mbedtls_pkcs11_context *) ctx, mode, olen, input, output,
+ output_max_len);
}
/**
@@ -207,15 +208,21 @@
* <code>ctx->N</code>. For example, 128 bytes if RSA-1024 is
* used.
*/
-MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign( void *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
- const unsigned char *hash, unsigned char *sig )
+MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign(void *ctx,
+ int (*f_rng)(void *,
+ unsigned char *,
+ size_t),
+ void *p_rng,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig)
{
((void) f_rng);
((void) p_rng);
- return mbedtls_pkcs11_sign( (mbedtls_pkcs11_context *) ctx, mode, md_alg,
- hashlen, hash, sig );
+ return mbedtls_pkcs11_sign((mbedtls_pkcs11_context *) ctx, mode, md_alg,
+ hashlen, hash, sig);
}
/**
@@ -228,9 +235,9 @@
*
* \return The length of the private key.
*/
-MBEDTLS_DEPRECATED static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx )
+MBEDTLS_DEPRECATED static inline size_t mbedtls_ssl_pkcs11_key_len(void *ctx)
{
- return ( (mbedtls_pkcs11_context *) ctx )->len;
+ return ((mbedtls_pkcs11_context *) ctx)->len;
}
#undef MBEDTLS_DEPRECATED
diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h
index d9e85b1..cd13852 100644
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@@ -70,10 +70,10 @@
*
* \return 0 if successful, or a MBEDTLS_ERR_XXX code
*/
-int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *input, size_t len,
- unsigned char *output );
+int mbedtls_pkcs12_pbe_sha1_rc4_128(mbedtls_asn1_buf *pbe_params, int mode,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *input, size_t len,
+ unsigned char *output);
/**
* \brief PKCS12 Password Based function (encryption / decryption)
@@ -93,11 +93,11 @@
*
* \return 0 if successful, or a MBEDTLS_ERR_XXX code
*/
-int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
- mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *input, size_t len,
- unsigned char *output );
+int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
+ mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *input, size_t len,
+ unsigned char *output);
#endif /* MBEDTLS_ASN1_PARSE_C */
@@ -128,10 +128,10 @@
*
* \return 0 if successful, or a MD, BIGNUM type error.
*/
-int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *salt, size_t saltlen,
- mbedtls_md_type_t mbedtls_md, int id, int iterations );
+int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *salt, size_t saltlen,
+ mbedtls_md_type_t mbedtls_md, int id, int iterations);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h
index 696930f..12dec05 100644
--- a/include/mbedtls/pkcs5.h
+++ b/include/mbedtls/pkcs5.h
@@ -67,10 +67,10 @@
*
* \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
*/
-int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *data, size_t datalen,
- unsigned char *output );
+int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t datalen,
+ unsigned char *output);
#endif /* MBEDTLS_ASN1_PARSE_C */
@@ -88,10 +88,10 @@
*
* \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
*/
-int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
- size_t plen, const unsigned char *salt, size_t slen,
- unsigned int iteration_count,
- uint32_t key_length, unsigned char *output );
+int mbedtls_pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx, const unsigned char *password,
+ size_t plen, const unsigned char *salt, size_t slen,
+ unsigned int iteration_count,
+ uint32_t key_length, unsigned char *output);
#if defined(MBEDTLS_SELF_TEST)
@@ -100,7 +100,7 @@
*
* \return 0 if successful, or 1 if the test failed
*/
-int mbedtls_pkcs5_self_test( int verbose );
+int mbedtls_pkcs5_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index eaf5122..9033852 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -149,8 +149,8 @@
#else
/* For size_t */
#include <stddef.h>
-extern void *mbedtls_calloc( size_t n, size_t size );
-extern void mbedtls_free( void *ptr );
+extern void *mbedtls_calloc(size_t n, size_t size);
+extern void mbedtls_free(void *ptr);
/**
* \brief This function dynamically sets the memory-management
@@ -161,8 +161,8 @@
*
* \return \c 0.
*/
-int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
- void (*free_func)( void * ) );
+int mbedtls_platform_set_calloc_free(void *(*calloc_func)(size_t, size_t),
+ void (*free_func)(void *));
#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
#else /* !MBEDTLS_PLATFORM_MEMORY */
#define mbedtls_free free
@@ -175,7 +175,7 @@
#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
/* We need FILE * */
#include <stdio.h>
-extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
+extern int (*mbedtls_fprintf)(FILE *stream, const char *format, ...);
/**
* \brief This function dynamically configures the fprintf
@@ -186,8 +186,8 @@
*
* \return \c 0.
*/
-int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
- ... ) );
+int mbedtls_platform_set_fprintf(int (*fprintf_func)(FILE *stream, const char *,
+ ...));
#else
#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
#define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO
@@ -200,7 +200,7 @@
* The function pointers for printf
*/
#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-extern int (*mbedtls_printf)( const char *format, ... );
+extern int (*mbedtls_printf)(const char *format, ...);
/**
* \brief This function dynamically configures the snprintf
@@ -211,7 +211,7 @@
*
* \return \c 0 on success.
*/
-int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
+int mbedtls_platform_set_printf(int (*printf_func)(const char *, ...));
#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
#define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO
@@ -231,11 +231,11 @@
*/
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
/* For Windows (inc. MSYS2), we provide our own fixed implementation */
-int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
+int mbedtls_platform_win32_snprintf(char *s, size_t n, const char *fmt, ...);
#endif
#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
+extern int (*mbedtls_snprintf)(char *s, size_t n, const char *format, ...);
/**
* \brief This function allows configuring a custom
@@ -245,8 +245,8 @@
*
* \return \c 0 on success.
*/
-int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
- const char * format, ... ) );
+int mbedtls_platform_set_snprintf(int (*snprintf_func)(char *s, size_t n,
+ const char *format, ...));
#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
@@ -267,12 +267,12 @@
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
#include <stdarg.h>
/* For Older Windows (inc. MSYS2), we provide our own fixed implementation */
-int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg );
+int mbedtls_platform_win32_vsnprintf(char *s, size_t n, const char *fmt, va_list arg);
#endif
#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
#include <stdarg.h>
-extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_list arg );
+extern int (*mbedtls_vsnprintf)(char *s, size_t n, const char *format, va_list arg);
/**
* \brief Set your own snprintf function pointer
@@ -281,8 +281,8 @@
*
* \return \c 0
*/
-int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
- const char * format, va_list arg ) );
+int mbedtls_platform_set_vsnprintf(int (*vsnprintf_func)(char *s, size_t n,
+ const char *format, va_list arg));
#else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
#define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO
@@ -295,7 +295,7 @@
* The function pointers for exit
*/
#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
-extern void (*mbedtls_exit)( int status );
+extern void (*mbedtls_exit)(int status);
/**
* \brief This function dynamically configures the exit
@@ -306,7 +306,7 @@
*
* \return \c 0 on success.
*/
-int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
+int mbedtls_platform_set_exit(void (*exit_func)(int status));
#else
#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
#define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO
@@ -338,13 +338,13 @@
#if defined(MBEDTLS_ENTROPY_NV_SEED)
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
/* Internal standard platform definitions */
-int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len );
-int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len );
+int mbedtls_platform_std_nv_seed_read(unsigned char *buf, size_t buf_len);
+int mbedtls_platform_std_nv_seed_write(unsigned char *buf, size_t buf_len);
#endif
#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len );
-extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len );
+extern int (*mbedtls_nv_seed_read)(unsigned char *buf, size_t buf_len);
+extern int (*mbedtls_nv_seed_write)(unsigned char *buf, size_t buf_len);
/**
* \brief This function allows configuring custom seed file writing and
@@ -356,9 +356,9 @@
* \return \c 0 on success.
*/
int mbedtls_platform_set_nv_seed(
- int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
- int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len )
- );
+ int (*nv_seed_read_func)(unsigned char *buf, size_t buf_len),
+ int (*nv_seed_write_func)(unsigned char *buf, size_t buf_len)
+ );
#else
#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
@@ -379,8 +379,7 @@
* \note This structure may be used to assist platform-specific
* setup or teardown operations.
*/
-typedef struct mbedtls_platform_context
-{
+typedef struct mbedtls_platform_context {
char dummy; /**< A placeholder member, as empty structs are not portable. */
}
mbedtls_platform_context;
@@ -404,7 +403,7 @@
*
* \return \c 0 on success.
*/
-int mbedtls_platform_setup( mbedtls_platform_context *ctx );
+int mbedtls_platform_setup(mbedtls_platform_context *ctx);
/**
* \brief This function performs any platform teardown operations.
*
@@ -419,7 +418,7 @@
* \param ctx The platform context.
*
*/
-void mbedtls_platform_teardown( mbedtls_platform_context *ctx );
+void mbedtls_platform_teardown(mbedtls_platform_context *ctx);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h
index 9405571..eee61d6 100644
--- a/include/mbedtls/platform_time.h
+++ b/include/mbedtls/platform_time.h
@@ -47,7 +47,7 @@
* The function pointers for time
*/
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
-extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
+extern mbedtls_time_t (*mbedtls_time)(mbedtls_time_t *time);
/**
* \brief Set your own time function pointer
@@ -56,7 +56,7 @@
*
* \return 0
*/
-int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
+int mbedtls_platform_set_time(mbedtls_time_t (*time_func)(mbedtls_time_t *time));
#else
#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index cd112ab..55fc431 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -56,12 +56,12 @@
#define MBEDTLS_PARAM_FAILED_ALT
#elif defined(MBEDTLS_CHECK_PARAMS_ASSERT)
-#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
+#define MBEDTLS_PARAM_FAILED(cond) assert(cond)
#define MBEDTLS_PARAM_FAILED_ALT
#else /* MBEDTLS_PARAM_FAILED */
-#define MBEDTLS_PARAM_FAILED( cond ) \
- mbedtls_param_failed( #cond, __FILE__, __LINE__ )
+#define MBEDTLS_PARAM_FAILED(cond) \
+ mbedtls_param_failed( #cond, __FILE__, __LINE__)
/**
* \brief User supplied callback function for parameter validation failure.
@@ -78,36 +78,36 @@
* \param file The file where the assertion failed.
* \param line The line in the file where the assertion failed.
*/
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line );
+void mbedtls_param_failed(const char *failure_condition,
+ const char *file,
+ int line);
#endif /* MBEDTLS_PARAM_FAILED */
/* Internal macro meant to be called only from within the library. */
-#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) \
+#define MBEDTLS_INTERNAL_VALIDATE_RET(cond, ret) \
do { \
- if( !(cond) ) \
+ if (!(cond)) \
{ \
- MBEDTLS_PARAM_FAILED( cond ); \
- return( ret ); \
+ MBEDTLS_PARAM_FAILED(cond); \
+ return ret; \
} \
- } while( 0 )
+ } while (0)
/* Internal macro meant to be called only from within the library. */
-#define MBEDTLS_INTERNAL_VALIDATE( cond ) \
+#define MBEDTLS_INTERNAL_VALIDATE(cond) \
do { \
- if( !(cond) ) \
+ if (!(cond)) \
{ \
- MBEDTLS_PARAM_FAILED( cond ); \
+ MBEDTLS_PARAM_FAILED(cond); \
return; \
} \
- } while( 0 )
+ } while (0)
#else /* MBEDTLS_CHECK_PARAMS */
/* Internal macros meant to be called only from within the library. */
-#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 )
-#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 )
+#define MBEDTLS_INTERNAL_VALIDATE_RET(cond, ret) do { } while (0)
+#define MBEDTLS_INTERNAL_VALIDATE(cond) do { } while (0)
#endif /* MBEDTLS_CHECK_PARAMS */
@@ -119,16 +119,16 @@
* it, too. We might want to move all these definitions here at
* some point for uniformity. */
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
- ( (mbedtls_deprecated_string_constant_t) ( VAL ) )
+MBEDTLS_DEPRECATED typedef char const *mbedtls_deprecated_string_constant_t;
+#define MBEDTLS_DEPRECATED_STRING_CONSTANT(VAL) \
+ ((mbedtls_deprecated_string_constant_t) (VAL))
MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
-#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \
- ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
+#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(VAL) \
+ ((mbedtls_deprecated_numeric_constant_t) (VAL))
#undef MBEDTLS_DEPRECATED
#else /* MBEDTLS_DEPRECATED_WARNING */
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
-#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
+#define MBEDTLS_DEPRECATED_STRING_CONSTANT(VAL) VAL
+#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(VAL) VAL
#endif /* MBEDTLS_DEPRECATED_WARNING */
#endif /* MBEDTLS_DEPRECATED_REMOVED */
@@ -218,7 +218,7 @@
* https://stackoverflow.com/questions/40576003/ignoring-warning-wunused-result
* https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425#c34
*/
-#define MBEDTLS_IGNORE_RETURN(result) ( (void) !( result ) )
+#define MBEDTLS_IGNORE_RETURN(result) ((void) !(result))
#endif
/**
@@ -243,7 +243,7 @@
* \param len Length of the buffer in bytes
*
*/
-void mbedtls_platform_zeroize( void *buf, size_t len );
+void mbedtls_platform_zeroize(void *buf, size_t len);
#if defined(MBEDTLS_HAVE_TIME_DATE)
/**
@@ -272,8 +272,8 @@
* \return Pointer to an object of type struct tm on success, otherwise
* NULL
*/
-struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
- struct tm *tm_buf );
+struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *tt,
+ struct tm *tm_buf);
#endif /* MBEDTLS_HAVE_TIME_DATE */
#ifdef __cplusplus
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index a69ede9..7b1faa5 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -60,8 +60,7 @@
#if !defined(MBEDTLS_POLY1305_ALT)
-typedef struct mbedtls_poly1305_context
-{
+typedef struct mbedtls_poly1305_context {
uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */
uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */
uint32_t acc[5]; /** The accumulator number. */
@@ -89,7 +88,7 @@
* \param ctx The Poly1305 context to initialize. This must
* not be \c NULL.
*/
-void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx );
+void mbedtls_poly1305_init(mbedtls_poly1305_context *ctx);
/**
* \brief This function releases and clears the specified
@@ -99,7 +98,7 @@
* case this function is a no-op. If it is not \c NULL, it must
* point to an initialized Poly1305 context.
*/
-void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
+void mbedtls_poly1305_free(mbedtls_poly1305_context *ctx);
/**
* \brief This function sets the one-time authentication key.
@@ -114,8 +113,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
- const unsigned char key[32] );
+int mbedtls_poly1305_starts(mbedtls_poly1305_context *ctx,
+ const unsigned char key[32]);
/**
* \brief This functions feeds an input buffer into an ongoing
@@ -135,9 +134,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_poly1305_update(mbedtls_poly1305_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief This function generates the Poly1305 Message
@@ -151,8 +150,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
- unsigned char mac[16] );
+int mbedtls_poly1305_finish(mbedtls_poly1305_context *ctx,
+ unsigned char mac[16]);
/**
* \brief This function calculates the Poly1305 MAC of the input
@@ -172,10 +171,10 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_poly1305_mac( const unsigned char key[32],
- const unsigned char *input,
- size_t ilen,
- unsigned char mac[16] );
+int mbedtls_poly1305_mac(const unsigned char key[32],
+ const unsigned char *input,
+ size_t ilen,
+ unsigned char mac[16]);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -184,7 +183,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_poly1305_self_test( int verbose );
+int mbedtls_poly1305_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index af7a809..9a1a2ea 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -46,10 +46,9 @@
/* Translations for symmetric crypto. */
static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
- mbedtls_cipher_type_t cipher )
+ mbedtls_cipher_type_t cipher)
{
- switch( cipher )
- {
+ switch (cipher) {
case MBEDTLS_CIPHER_AES_128_CCM:
case MBEDTLS_CIPHER_AES_192_CCM:
case MBEDTLS_CIPHER_AES_256_CCM:
@@ -62,7 +61,7 @@
case MBEDTLS_CIPHER_AES_128_ECB:
case MBEDTLS_CIPHER_AES_192_ECB:
case MBEDTLS_CIPHER_AES_256_ECB:
- return( PSA_KEY_TYPE_AES );
+ return PSA_KEY_TYPE_AES;
/* ARIA not yet supported in PSA. */
/* case MBEDTLS_CIPHER_ARIA_128_CCM:
@@ -77,87 +76,85 @@
return( PSA_KEY_TYPE_ARIA ); */
default:
- return( 0 );
+ return 0;
}
}
static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
- mbedtls_cipher_mode_t mode, size_t taglen )
+ mbedtls_cipher_mode_t mode, size_t taglen)
{
- switch( mode )
- {
+ switch (mode) {
case MBEDTLS_MODE_ECB:
- return( PSA_ALG_ECB_NO_PADDING );
+ return PSA_ALG_ECB_NO_PADDING;
case MBEDTLS_MODE_GCM:
- return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, taglen ) );
+ return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, taglen);
case MBEDTLS_MODE_CCM:
- return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) );
+ return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen);
case MBEDTLS_MODE_CBC:
- if( taglen == 0 )
- return( PSA_ALG_CBC_NO_PADDING );
- else
- return( 0 );
+ if (taglen == 0) {
+ return PSA_ALG_CBC_NO_PADDING;
+ } else {
+ return 0;
+ }
default:
- return( 0 );
+ return 0;
}
}
static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(
- mbedtls_operation_t op )
+ mbedtls_operation_t op)
{
- switch( op )
- {
+ switch (op) {
case MBEDTLS_ENCRYPT:
- return( PSA_KEY_USAGE_ENCRYPT );
+ return PSA_KEY_USAGE_ENCRYPT;
case MBEDTLS_DECRYPT:
- return( PSA_KEY_USAGE_DECRYPT );
+ return PSA_KEY_USAGE_DECRYPT;
default:
- return( 0 );
+ return 0;
}
}
/* Translations for hashing. */
-static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg )
+static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg)
{
- switch( md_alg )
- {
+ switch (md_alg) {
#if defined(MBEDTLS_MD2_C)
- case MBEDTLS_MD_MD2:
- return( PSA_ALG_MD2 );
+ case MBEDTLS_MD_MD2:
+ return PSA_ALG_MD2;
#endif
#if defined(MBEDTLS_MD4_C)
- case MBEDTLS_MD_MD4:
- return( PSA_ALG_MD4 );
+ case MBEDTLS_MD_MD4:
+ return PSA_ALG_MD4;
#endif
#if defined(MBEDTLS_MD5_C)
- case MBEDTLS_MD_MD5:
- return( PSA_ALG_MD5 );
+ case MBEDTLS_MD_MD5:
+ return PSA_ALG_MD5;
#endif
#if defined(MBEDTLS_SHA1_C)
- case MBEDTLS_MD_SHA1:
- return( PSA_ALG_SHA_1 );
+ case MBEDTLS_MD_SHA1:
+ return PSA_ALG_SHA_1;
#endif
#if defined(MBEDTLS_SHA256_C)
- case MBEDTLS_MD_SHA224:
- return( PSA_ALG_SHA_224 );
- case MBEDTLS_MD_SHA256:
- return( PSA_ALG_SHA_256 );
+ case MBEDTLS_MD_SHA224:
+ return PSA_ALG_SHA_224;
+ case MBEDTLS_MD_SHA256:
+ return PSA_ALG_SHA_256;
#endif
#if defined(MBEDTLS_SHA512_C)
- case MBEDTLS_MD_SHA384:
- return( PSA_ALG_SHA_384 );
- case MBEDTLS_MD_SHA512:
- return( PSA_ALG_SHA_512 );
+ case MBEDTLS_MD_SHA384:
+ return PSA_ALG_SHA_384;
+ case MBEDTLS_MD_SHA512:
+ return PSA_ALG_SHA_512;
#endif
#if defined(MBEDTLS_RIPEMD160_C)
- case MBEDTLS_MD_RIPEMD160:
- return( PSA_ALG_RIPEMD160 );
+ case MBEDTLS_MD_RIPEMD160:
+ return PSA_ALG_RIPEMD160;
#endif
- case MBEDTLS_MD_NONE:
- return( 0 );
- default:
- return( 0 );
+ case MBEDTLS_MD_NONE:
+ return 0;
+ default:
+ return 0;
}
}
@@ -165,202 +162,197 @@
static inline int mbedtls_psa_get_ecc_oid_from_id(
psa_ecc_family_t curve, size_t bits,
- char const **oid, size_t *oid_len )
+ char const **oid, size_t *oid_len)
{
- switch( curve )
- {
+ switch (curve) {
case PSA_ECC_FAMILY_SECP_R1:
- switch( bits )
- {
+ switch (bits) {
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case 192:
*oid = MBEDTLS_OID_EC_GRP_SECP192R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
- return( 0 );
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP192R1);
+ return 0;
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
case 224:
*oid = MBEDTLS_OID_EC_GRP_SECP224R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
- return( 0 );
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP224R1);
+ return 0;
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case 256:
*oid = MBEDTLS_OID_EC_GRP_SECP256R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
- return( 0 );
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP256R1);
+ return 0;
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case 384:
*oid = MBEDTLS_OID_EC_GRP_SECP384R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
- return( 0 );
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP384R1);
+ return 0;
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case 521:
*oid = MBEDTLS_OID_EC_GRP_SECP521R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
- return( 0 );
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP521R1);
+ return 0;
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
}
break;
case PSA_ECC_FAMILY_SECP_K1:
- switch( bits )
- {
+ switch (bits) {
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case 192:
*oid = MBEDTLS_OID_EC_GRP_SECP192K1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
- return( 0 );
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP192K1);
+ return 0;
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case 224:
*oid = MBEDTLS_OID_EC_GRP_SECP224K1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
- return( 0 );
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP224K1);
+ return 0;
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case 256:
*oid = MBEDTLS_OID_EC_GRP_SECP256K1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
- return( 0 );
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP256K1);
+ return 0;
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
}
break;
case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
- switch( bits )
- {
+ switch (bits) {
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
case 256:
*oid = MBEDTLS_OID_EC_GRP_BP256R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
- return( 0 );
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP256R1);
+ return 0;
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
case 384:
*oid = MBEDTLS_OID_EC_GRP_BP384R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
- return( 0 );
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP384R1);
+ return 0;
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
case 512:
*oid = MBEDTLS_OID_EC_GRP_BP512R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
- return( 0 );
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP512R1);
+ return 0;
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
}
break;
}
(void) oid;
(void) oid_len;
- return( -1 );
+ return -1;
}
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((192 + 7) / 8) + 1)
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((192 + 7) / 8) + 1)
#endif
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((224 + 7) / 8) + 1)
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((224 + 7) / 8) + 1)
#endif
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((256 + 7) / 8) + 1)
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((256 + 7) / 8) + 1)
#endif
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((384 + 7) / 8) + 1)
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((384 + 7) / 8) + 1)
#endif
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((521 + 7) / 8) + 1)
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((521 + 7) / 8) + 1)
#endif
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((192 + 7) / 8) + 1)
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((192 + 7) / 8) + 1)
#endif
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((224 + 7) / 8) + 1)
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((224 + 7) / 8) + 1)
#endif
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((256 + 7) / 8) + 1)
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((256 + 7) / 8) + 1)
#endif
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((256 + 7) / 8) + 1)
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((256 + 7) / 8) + 1)
#endif
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((384 + 7) / 8) + 1)
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((384 + 7) / 8) + 1)
#endif
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((512 + 7) / 8) + 1)
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((512 + 7) / 8) + 1)
#endif
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
/* Translations for PK layer */
-static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
+static inline int mbedtls_psa_err_translate_pk(psa_status_t status)
{
- switch( status )
- {
+ switch (status) {
case PSA_SUCCESS:
- return( 0 );
+ return 0;
case PSA_ERROR_NOT_SUPPORTED:
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
case PSA_ERROR_INSUFFICIENT_MEMORY:
- return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+ return MBEDTLS_ERR_PK_ALLOC_FAILED;
case PSA_ERROR_INSUFFICIENT_ENTROPY:
- return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+ return MBEDTLS_ERR_ECP_RANDOM_FAILED;
case PSA_ERROR_BAD_STATE:
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
/* All other failures */
case PSA_ERROR_COMMUNICATION_FAILURE:
case PSA_ERROR_HARDWARE_FAILURE:
case PSA_ERROR_CORRUPTION_DETECTED:
- return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+ return MBEDTLS_ERR_PK_HW_ACCEL_FAILED;
default: /* We return the same as for the 'other failures',
* but list them separately nonetheless to indicate
* which failure conditions we have considered. */
- return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+ return MBEDTLS_ERR_PK_HW_ACCEL_FAILED;
}
}
@@ -371,14 +363,15 @@
* into a PSA ECC group identifier. */
#if defined(MBEDTLS_ECP_C)
static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
- uint16_t tls_ecc_grp_reg_id, size_t *bits )
+ uint16_t tls_ecc_grp_reg_id, size_t *bits)
{
const mbedtls_ecp_curve_info *curve_info =
- mbedtls_ecp_curve_info_from_tls_id( tls_ecc_grp_reg_id );
- if( curve_info == NULL )
- return( 0 );
- return( PSA_KEY_TYPE_ECC_KEY_PAIR(
- mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) );
+ mbedtls_ecp_curve_info_from_tls_id(tls_ecc_grp_reg_id);
+ if (curve_info == NULL) {
+ return 0;
+ }
+ return PSA_KEY_TYPE_ECC_KEY_PAIR(
+ mbedtls_ecc_group_to_psa(curve_info->grp_id, bits));
}
#endif /* MBEDTLS_ECP_C */
@@ -392,14 +385,14 @@
* as a subbuffer, and the function merely selects this subbuffer instead
* of making a copy.
*/
-static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src,
- size_t srclen,
- unsigned char **dst,
- size_t *dstlen )
+static inline int mbedtls_psa_tls_psa_ec_to_ecpoint(unsigned char *src,
+ size_t srclen,
+ unsigned char **dst,
+ size_t *dstlen)
{
*dst = src;
*dstlen = srclen;
- return( 0 );
+ return 0;
}
/* This function takes a buffer holding an ECPoint structure
@@ -407,18 +400,19 @@
* exchanges) and converts it into a format that the PSA key
* agreement API understands.
*/
-static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( unsigned char const *src,
- size_t srclen,
- unsigned char *dst,
- size_t dstlen,
- size_t *olen )
+static inline int mbedtls_psa_tls_ecpoint_to_psa_ec(unsigned char const *src,
+ size_t srclen,
+ unsigned char *dst,
+ size_t dstlen,
+ size_t *olen)
{
- if( srclen > dstlen )
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+ if (srclen > dstlen) {
+ return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+ }
- memcpy( dst, src, srclen );
+ memcpy(dst, src, srclen);
*olen = srclen;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -435,7 +429,7 @@
* This type name is not part of the Mbed TLS stable API. It may be renamed
* or moved without warning.
*/
-typedef int mbedtls_f_rng_t( void *p_rng, unsigned char *output, size_t output_size );
+typedef int mbedtls_f_rng_t(void *p_rng, unsigned char *output, size_t output_size);
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
@@ -474,9 +468,9 @@
* `MBEDTLS_ERR_CTR_DRBG_xxx` or
* `MBEDTLS_ERR_HMAC_DRBG_xxx` on error.
*/
-int mbedtls_psa_get_random( void *p_rng,
- unsigned char *output,
- size_t output_size );
+int mbedtls_psa_get_random(void *p_rng,
+ unsigned char *output,
+ size_t output_size);
/** The random generator state for the PSA subsystem.
*
diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h
index f890aef..6d9a1a2 100644
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@@ -47,8 +47,7 @@
/**
* \brief RIPEMD-160 context structure
*/
-typedef struct mbedtls_ripemd160_context
-{
+typedef struct mbedtls_ripemd160_context {
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[5]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
@@ -64,14 +63,14 @@
*
* \param ctx RIPEMD-160 context to be initialized
*/
-void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx );
+void mbedtls_ripemd160_init(mbedtls_ripemd160_context *ctx);
/**
* \brief Clear RIPEMD-160 context
*
* \param ctx RIPEMD-160 context to be cleared
*/
-void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx );
+void mbedtls_ripemd160_free(mbedtls_ripemd160_context *ctx);
/**
* \brief Clone (the state of) a RIPEMD-160 context
@@ -79,8 +78,8 @@
* \param dst The destination context
* \param src The context to be cloned
*/
-void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
- const mbedtls_ripemd160_context *src );
+void mbedtls_ripemd160_clone(mbedtls_ripemd160_context *dst,
+ const mbedtls_ripemd160_context *src);
/**
* \brief RIPEMD-160 context setup
@@ -89,7 +88,7 @@
*
* \return 0 if successful
*/
-int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx );
+int mbedtls_ripemd160_starts_ret(mbedtls_ripemd160_context *ctx);
/**
* \brief RIPEMD-160 process buffer
@@ -100,9 +99,9 @@
*
* \return 0 if successful
*/
-int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_ripemd160_update_ret(mbedtls_ripemd160_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief RIPEMD-160 final digest
@@ -112,8 +111,8 @@
*
* \return 0 if successful
*/
-int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx,
- unsigned char output[20] );
+int mbedtls_ripemd160_finish_ret(mbedtls_ripemd160_context *ctx,
+ unsigned char output[20]);
/**
* \brief RIPEMD-160 process data block (internal use only)
@@ -123,8 +122,8 @@
*
* \return 0 if successful
*/
-int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
- const unsigned char data[64] );
+int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx,
+ const unsigned char data[64]);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -140,7 +139,7 @@
* \param ctx context to be initialized
*/
MBEDTLS_DEPRECATED void mbedtls_ripemd160_starts(
- mbedtls_ripemd160_context *ctx );
+ mbedtls_ripemd160_context *ctx);
/**
* \brief RIPEMD-160 process buffer
@@ -152,9 +151,9 @@
* \param ilen length of the input data
*/
MBEDTLS_DEPRECATED void mbedtls_ripemd160_update(
- mbedtls_ripemd160_context *ctx,
- const unsigned char *input,
- size_t ilen );
+ mbedtls_ripemd160_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief RIPEMD-160 final digest
@@ -165,8 +164,8 @@
* \param output RIPEMD-160 checksum result
*/
MBEDTLS_DEPRECATED void mbedtls_ripemd160_finish(
- mbedtls_ripemd160_context *ctx,
- unsigned char output[20] );
+ mbedtls_ripemd160_context *ctx,
+ unsigned char output[20]);
/**
* \brief RIPEMD-160 process data block (internal use only)
@@ -177,8 +176,8 @@
* \param data buffer holding one block of data
*/
MBEDTLS_DEPRECATED void mbedtls_ripemd160_process(
- mbedtls_ripemd160_context *ctx,
- const unsigned char data[64] );
+ mbedtls_ripemd160_context *ctx,
+ const unsigned char data[64]);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -192,9 +191,9 @@
*
* \return 0 if successful
*/
-int mbedtls_ripemd160_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] );
+int mbedtls_ripemd160_ret(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[20]);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -211,9 +210,9 @@
* \param ilen length of the input data
* \param output RIPEMD-160 checksum result
*/
-MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] );
+MBEDTLS_DEPRECATED void mbedtls_ripemd160(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[20]);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -225,7 +224,7 @@
*
* \return 0 if successful, or 1 if the test failed
*/
-int mbedtls_ripemd160_self_test( int verbose );
+int mbedtls_ripemd160_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 8559f67..f8725ff 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -106,8 +106,7 @@
* is deprecated. All manipulation should instead be done through
* the public interface functions.
*/
-typedef struct mbedtls_rsa_context
-{
+typedef struct mbedtls_rsa_context {
int ver; /*!< Reserved for internal purposes.
* Do not set this field in application
* code. Its meaning might change without
@@ -134,8 +133,8 @@
mbedtls_mpi Vf; /*!< The cached un-blinding value. */
int padding; /*!< Selects padding mode:
- #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
- #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
+ #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
+ #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
int hash_id; /*!< Hash identifier of mbedtls_md_type_t type,
as specified in md.h for use in the MGF
mask generating function used in the
@@ -178,9 +177,9 @@
* \p padding is #MBEDTLS_RSA_PKCS_V21. It is unused
* otherwise.
*/
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
- int padding,
- int hash_id );
+void mbedtls_rsa_init(mbedtls_rsa_context *ctx,
+ int padding,
+ int hash_id);
/**
* \brief This function imports a set of core parameters into an
@@ -211,10 +210,10 @@
* \return \c 0 on success.
* \return A non-zero error code on failure.
*/
-int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
- const mbedtls_mpi *N,
- const mbedtls_mpi *P, const mbedtls_mpi *Q,
- const mbedtls_mpi *D, const mbedtls_mpi *E );
+int mbedtls_rsa_import(mbedtls_rsa_context *ctx,
+ const mbedtls_mpi *N,
+ const mbedtls_mpi *P, const mbedtls_mpi *Q,
+ const mbedtls_mpi *D, const mbedtls_mpi *E);
/**
* \brief This function imports core RSA parameters, in raw big-endian
@@ -250,12 +249,12 @@
* \return \c 0 on success.
* \return A non-zero error code on failure.
*/
-int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
- unsigned char const *N, size_t N_len,
- unsigned char const *P, size_t P_len,
- unsigned char const *Q, size_t Q_len,
- unsigned char const *D, size_t D_len,
- unsigned char const *E, size_t E_len );
+int mbedtls_rsa_import_raw(mbedtls_rsa_context *ctx,
+ unsigned char const *N, size_t N_len,
+ unsigned char const *P, size_t P_len,
+ unsigned char const *Q, size_t Q_len,
+ unsigned char const *D, size_t D_len,
+ unsigned char const *E, size_t E_len);
/**
* \brief This function completes an RSA context from
@@ -289,7 +288,7 @@
* failed.
*
*/
-int mbedtls_rsa_complete( mbedtls_rsa_context *ctx );
+int mbedtls_rsa_complete(mbedtls_rsa_context *ctx);
/**
* \brief This function exports the core parameters of an RSA key.
@@ -331,9 +330,9 @@
* \return A non-zero return code on any other failure.
*
*/
-int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
- mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
- mbedtls_mpi *D, mbedtls_mpi *E );
+int mbedtls_rsa_export(const mbedtls_rsa_context *ctx,
+ mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
+ mbedtls_mpi *D, mbedtls_mpi *E);
/**
* \brief This function exports core parameters of an RSA key
@@ -382,12 +381,12 @@
* functionality or because of security policies.
* \return A non-zero return code on any other failure.
*/
-int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
- unsigned char *N, size_t N_len,
- unsigned char *P, size_t P_len,
- unsigned char *Q, size_t Q_len,
- unsigned char *D, size_t D_len,
- unsigned char *E, size_t E_len );
+int mbedtls_rsa_export_raw(const mbedtls_rsa_context *ctx,
+ unsigned char *N, size_t N_len,
+ unsigned char *P, size_t P_len,
+ unsigned char *Q, size_t Q_len,
+ unsigned char *D, size_t D_len,
+ unsigned char *E, size_t E_len);
/**
* \brief This function exports CRT parameters of a private RSA key.
@@ -408,8 +407,8 @@
* \return A non-zero error code on failure.
*
*/
-int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
- mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP );
+int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx,
+ mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP);
/**
* \brief This function sets padding for an already initialized RSA
@@ -420,8 +419,8 @@
* #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
* \param hash_id The #MBEDTLS_RSA_PKCS_V21 hash identifier.
*/
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
- int hash_id );
+void mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx, int padding,
+ int hash_id);
/**
* \brief This function retrieves the length of RSA modulus in Bytes.
@@ -431,7 +430,7 @@
* \return The length of the RSA modulus in Bytes.
*
*/
-size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx );
+size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx);
/**
* \brief This function generates an RSA keypair.
@@ -451,10 +450,10 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- unsigned int nbits, int exponent );
+int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ unsigned int nbits, int exponent);
/**
* \brief This function checks if a context contains at least an RSA
@@ -470,7 +469,7 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*
*/
-int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
+int mbedtls_rsa_check_pubkey(const mbedtls_rsa_context *ctx);
/**
* \brief This function checks if a context contains an RSA private key
@@ -508,7 +507,7 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
+int mbedtls_rsa_check_privkey(const mbedtls_rsa_context *ctx);
/**
* \brief This function checks a public-private RSA key pair.
@@ -521,8 +520,8 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
- const mbedtls_rsa_context *prv );
+int mbedtls_rsa_check_pub_priv(const mbedtls_rsa_context *pub,
+ const mbedtls_rsa_context *prv);
/**
* \brief This function performs an RSA public key operation.
@@ -543,9 +542,9 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_rsa_public(mbedtls_rsa_context *ctx,
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function performs an RSA private key operation.
@@ -578,11 +577,11 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*
*/
-int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_rsa_private(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function adds the message padding, then performs an RSA
@@ -623,12 +622,12 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t ilen,
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode, size_t ilen,
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function performs a PKCS#1 v1.5 encryption operation
@@ -664,12 +663,12 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t ilen,
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode, size_t ilen,
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function performs a PKCS#1 v2.1 OAEP encryption
@@ -709,14 +708,14 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- const unsigned char *label, size_t label_len,
- size_t ilen,
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ const unsigned char *label, size_t label_len,
+ size_t ilen,
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function performs an RSA operation, then removes the
@@ -762,13 +761,13 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
+int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode, size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len);
/**
* \brief This function performs a PKCS#1 v1.5 decryption
@@ -812,13 +811,13 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*
*/
-int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
+int mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode, size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len);
/**
* \brief This function performs a PKCS#1 v2.1 OAEP decryption
@@ -866,15 +865,15 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- const unsigned char *label, size_t label_len,
- size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
+int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ const unsigned char *label, size_t label_len,
+ size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len);
/**
* \brief This function performs a private RSA operation to sign
@@ -926,14 +925,14 @@
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
+int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v1.5 signature
@@ -974,14 +973,14 @@
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
+int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v2.1 PSS signature
@@ -1029,14 +1028,14 @@
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- int saltlen,
- unsigned char *sig );
+int mbedtls_rsa_rsassa_pss_sign_ext(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ int saltlen,
+ unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v2.1 PSS signature
@@ -1093,14 +1092,14 @@
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
+int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig);
/**
* \brief This function performs a public RSA operation and checks
@@ -1146,14 +1145,14 @@
* \return \c 0 if the verify operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig );
+int mbedtls_rsa_pkcs1_verify(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ const unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v1.5 verification
@@ -1192,14 +1191,14 @@
* \return \c 0 if the verify operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig );
+int mbedtls_rsa_rsassa_pkcs1_v15_verify(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ const unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v2.1 PSS verification
@@ -1248,14 +1247,14 @@
* \return \c 0 if the verify operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig );
+int mbedtls_rsa_rsassa_pss_verify(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ const unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v2.1 PSS verification
@@ -1301,16 +1300,16 @@
* \return \c 0 if the verify operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- mbedtls_md_type_t mgf1_hash_id,
- int expected_salt_len,
- const unsigned char *sig );
+int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ mbedtls_md_type_t mgf1_hash_id,
+ int expected_salt_len,
+ const unsigned char *sig);
/**
* \brief This function copies the components of an RSA context.
@@ -1321,7 +1320,7 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
*/
-int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );
+int mbedtls_rsa_copy(mbedtls_rsa_context *dst, const mbedtls_rsa_context *src);
/**
* \brief This function frees the components of an RSA key.
@@ -1330,7 +1329,7 @@
* this function is a no-op. If it is not \c NULL, it must
* point to an initialized RSA context.
*/
-void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
+void mbedtls_rsa_free(mbedtls_rsa_context *ctx);
#if defined(MBEDTLS_SELF_TEST)
@@ -1340,7 +1339,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_rsa_self_test( int verbose );
+int mbedtls_rsa_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h
index d55492b..017018b 100644
--- a/include/mbedtls/rsa_internal.h
+++ b/include/mbedtls/rsa_internal.h
@@ -92,9 +92,9 @@
* use the helper function \c mbedtls_rsa_validate_params.
*
*/
-int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *E,
- mbedtls_mpi const *D,
- mbedtls_mpi *P, mbedtls_mpi *Q );
+int mbedtls_rsa_deduce_primes(mbedtls_mpi const *N, mbedtls_mpi const *E,
+ mbedtls_mpi const *D,
+ mbedtls_mpi *P, mbedtls_mpi *Q);
/**
* \brief Compute RSA private exponent from
@@ -117,10 +117,10 @@
* \note This function does not check whether P and Q are primes.
*
*/
-int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P,
- mbedtls_mpi const *Q,
- mbedtls_mpi const *E,
- mbedtls_mpi *D );
+int mbedtls_rsa_deduce_private_exponent(mbedtls_mpi const *P,
+ mbedtls_mpi const *Q,
+ mbedtls_mpi const *E,
+ mbedtls_mpi *D);
/**
@@ -143,9 +143,9 @@
* prime and whether D is a valid private exponent.
*
*/
-int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
- const mbedtls_mpi *D, mbedtls_mpi *DP,
- mbedtls_mpi *DQ, mbedtls_mpi *QP );
+int mbedtls_rsa_deduce_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q,
+ const mbedtls_mpi *D, mbedtls_mpi *DP,
+ mbedtls_mpi *DQ, mbedtls_mpi *QP);
/**
@@ -178,11 +178,11 @@
* to perform specific checks only. E.g., calling it with
* (-,P,-,-,-) and a PRNG amounts to a primality check for P.
*/
-int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P,
- const mbedtls_mpi *Q, const mbedtls_mpi *D,
- const mbedtls_mpi *E,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_rsa_validate_params(const mbedtls_mpi *N, const mbedtls_mpi *P,
+ const mbedtls_mpi *Q, const mbedtls_mpi *D,
+ const mbedtls_mpi *E,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief Check validity of RSA CRT parameters
@@ -213,9 +213,9 @@
* to perform specific checks only. E.g., calling it with the
* parameters (P, -, D, DP, -, -) will check DP = D mod P-1.
*/
-int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
- const mbedtls_mpi *D, const mbedtls_mpi *DP,
- const mbedtls_mpi *DQ, const mbedtls_mpi *QP );
+int mbedtls_rsa_validate_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q,
+ const mbedtls_mpi *D, const mbedtls_mpi *DP,
+ const mbedtls_mpi *DQ, const mbedtls_mpi *QP);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h
index 4c3251b..7a7319f 100644
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@@ -60,8 +60,7 @@
* stronger message digests instead.
*
*/
-typedef struct mbedtls_sha1_context
-{
+typedef struct mbedtls_sha1_context {
uint32_t total[2]; /*!< The number of Bytes processed. */
uint32_t state[5]; /*!< The intermediate digest state. */
unsigned char buffer[64]; /*!< The data block being processed. */
@@ -83,7 +82,7 @@
* This must not be \c NULL.
*
*/
-void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
+void mbedtls_sha1_init(mbedtls_sha1_context *ctx);
/**
* \brief This function clears a SHA-1 context.
@@ -98,7 +97,7 @@
* SHA-1 context.
*
*/
-void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
+void mbedtls_sha1_free(mbedtls_sha1_context *ctx);
/**
* \brief This function clones the state of a SHA-1 context.
@@ -111,8 +110,8 @@
* \param src The SHA-1 context to clone from. This must be initialized.
*
*/
-void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
- const mbedtls_sha1_context *src );
+void mbedtls_sha1_clone(mbedtls_sha1_context *dst,
+ const mbedtls_sha1_context *src);
/**
* \brief This function starts a SHA-1 checksum calculation.
@@ -127,7 +126,7 @@
* \return A negative error code on failure.
*
*/
-int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
+int mbedtls_sha1_starts_ret(mbedtls_sha1_context *ctx);
/**
* \brief This function feeds an input buffer into an ongoing SHA-1
@@ -146,9 +145,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_sha1_update_ret(mbedtls_sha1_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief This function finishes the SHA-1 operation, and writes
@@ -166,8 +165,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
- unsigned char output[20] );
+int mbedtls_sha1_finish_ret(mbedtls_sha1_context *ctx,
+ unsigned char output[20]);
/**
* \brief SHA-1 process data block (internal use only).
@@ -184,8 +183,8 @@
* \return A negative error code on failure.
*
*/
-int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
- const unsigned char data[64] );
+int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx,
+ const unsigned char data[64]);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -205,7 +204,7 @@
* \param ctx The SHA-1 context to initialize. This must be initialized.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
+MBEDTLS_DEPRECATED void mbedtls_sha1_starts(mbedtls_sha1_context *ctx);
/**
* \brief This function feeds an input buffer into an ongoing SHA-1
@@ -224,9 +223,9 @@
* \param ilen The length of the input data \p input in Bytes.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
- const unsigned char *input,
- size_t ilen );
+MBEDTLS_DEPRECATED void mbedtls_sha1_update(mbedtls_sha1_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief This function finishes the SHA-1 operation, and writes
@@ -243,8 +242,8 @@
* \param output The SHA-1 checksum result.
* This must be a writable buffer of length \c 20 Bytes.
*/
-MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
- unsigned char output[20] );
+MBEDTLS_DEPRECATED void mbedtls_sha1_finish(mbedtls_sha1_context *ctx,
+ unsigned char output[20]);
/**
* \brief SHA-1 process data block (internal use only).
@@ -260,8 +259,8 @@
* This must be a readable buffer of length \c 64 bytes.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
- const unsigned char data[64] );
+MBEDTLS_DEPRECATED void mbedtls_sha1_process(mbedtls_sha1_context *ctx,
+ const unsigned char data[64]);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -289,9 +288,9 @@
* \return A negative error code on failure.
*
*/
-int mbedtls_sha1_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] );
+int mbedtls_sha1_ret(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[20]);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -321,9 +320,9 @@
* buffer of size \c 20 Bytes.
*
*/
-MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] );
+MBEDTLS_DEPRECATED void mbedtls_sha1(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[20]);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -341,7 +340,7 @@
* \return \c 1 on failure.
*
*/
-int mbedtls_sha1_self_test( int verbose );
+int mbedtls_sha1_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index 5b54be2..00bd17d 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -55,8 +55,7 @@
* checksum calculations. The choice between these two is
* made in the call to mbedtls_sha256_starts_ret().
*/
-typedef struct mbedtls_sha256_context
-{
+typedef struct mbedtls_sha256_context {
uint32_t total[2]; /*!< The number of Bytes processed. */
uint32_t state[8]; /*!< The intermediate digest state. */
unsigned char buffer[64]; /*!< The data block being processed. */
@@ -74,7 +73,7 @@
*
* \param ctx The SHA-256 context to initialize. This must not be \c NULL.
*/
-void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
+void mbedtls_sha256_init(mbedtls_sha256_context *ctx);
/**
* \brief This function clears a SHA-256 context.
@@ -83,7 +82,7 @@
* case this function returns immediately. If it is not \c NULL,
* it must point to an initialized SHA-256 context.
*/
-void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
+void mbedtls_sha256_free(mbedtls_sha256_context *ctx);
/**
* \brief This function clones the state of a SHA-256 context.
@@ -91,8 +90,8 @@
* \param dst The destination context. This must be initialized.
* \param src The context to clone. This must be initialized.
*/
-void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
- const mbedtls_sha256_context *src );
+void mbedtls_sha256_clone(mbedtls_sha256_context *dst,
+ const mbedtls_sha256_context *src);
/**
* \brief This function starts a SHA-224 or SHA-256 checksum
@@ -105,7 +104,7 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 );
+int mbedtls_sha256_starts_ret(mbedtls_sha256_context *ctx, int is224);
/**
* \brief This function feeds an input buffer into an ongoing
@@ -120,9 +119,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_sha256_update_ret(mbedtls_sha256_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief This function finishes the SHA-256 operation, and writes
@@ -136,8 +135,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
- unsigned char output[32] );
+int mbedtls_sha256_finish_ret(mbedtls_sha256_context *ctx,
+ unsigned char output[32]);
/**
* \brief This function processes a single data block within
@@ -151,8 +150,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
- const unsigned char data[64] );
+int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx,
+ const unsigned char data[64]);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -170,8 +169,8 @@
* \param is224 Determines which function to use. This must be
* either \c 0 for SHA-256, or \c 1 for SHA-224.
*/
-MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
- int is224 );
+MBEDTLS_DEPRECATED void mbedtls_sha256_starts(mbedtls_sha256_context *ctx,
+ int is224);
/**
* \brief This function feeds an input buffer into an ongoing
@@ -185,9 +184,9 @@
* buffer of length \p ilen Bytes.
* \param ilen The length of the input data in Bytes.
*/
-MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
- const unsigned char *input,
- size_t ilen );
+MBEDTLS_DEPRECATED void mbedtls_sha256_update(mbedtls_sha256_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief This function finishes the SHA-256 operation, and writes
@@ -200,8 +199,8 @@
* \param output The SHA-224 or SHA-256 checksum result. This must be
* a writable buffer of length \c 32 Bytes.
*/
-MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
- unsigned char output[32] );
+MBEDTLS_DEPRECATED void mbedtls_sha256_finish(mbedtls_sha256_context *ctx,
+ unsigned char output[32]);
/**
* \brief This function processes a single data block within
@@ -214,8 +213,8 @@
* \param data The buffer holding one block of data. This must be
* a readable buffer of size \c 64 Bytes.
*/
-MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
- const unsigned char data[64] );
+MBEDTLS_DEPRECATED void mbedtls_sha256_process(mbedtls_sha256_context *ctx,
+ const unsigned char data[64]);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -241,10 +240,10 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha256_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[32],
- int is224 );
+int mbedtls_sha256_ret(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[32],
+ int is224);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -273,10 +272,10 @@
* \param is224 Determines which function to use. This must be either
* \c 0 for SHA-256, or \c 1 for SHA-224.
*/
-MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
- size_t ilen,
- unsigned char output[32],
- int is224 );
+MBEDTLS_DEPRECATED void mbedtls_sha256(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[32],
+ int is224);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -289,7 +288,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_sha256_self_test( int verbose );
+int mbedtls_sha256_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
index cca47c2..1df87f9 100644
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@@ -54,8 +54,7 @@
* checksum calculations. The choice between these two is
* made in the call to mbedtls_sha512_starts_ret().
*/
-typedef struct mbedtls_sha512_context
-{
+typedef struct mbedtls_sha512_context {
uint64_t total[2]; /*!< The number of Bytes processed. */
uint64_t state[8]; /*!< The intermediate digest state. */
unsigned char buffer[128]; /*!< The data block being processed. */
@@ -76,7 +75,7 @@
* \param ctx The SHA-512 context to initialize. This must
* not be \c NULL.
*/
-void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
+void mbedtls_sha512_init(mbedtls_sha512_context *ctx);
/**
* \brief This function clears a SHA-512 context.
@@ -86,7 +85,7 @@
* is not \c NULL, it must point to an initialized
* SHA-512 context.
*/
-void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
+void mbedtls_sha512_free(mbedtls_sha512_context *ctx);
/**
* \brief This function clones the state of a SHA-512 context.
@@ -94,8 +93,8 @@
* \param dst The destination context. This must be initialized.
* \param src The context to clone. This must be initialized.
*/
-void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
- const mbedtls_sha512_context *src );
+void mbedtls_sha512_clone(mbedtls_sha512_context *dst,
+ const mbedtls_sha512_context *src);
/**
* \brief This function starts a SHA-384 or SHA-512 checksum
@@ -112,7 +111,7 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 );
+int mbedtls_sha512_starts_ret(mbedtls_sha512_context *ctx, int is384);
/**
* \brief This function feeds an input buffer into an ongoing
@@ -127,9 +126,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_sha512_update_ret(mbedtls_sha512_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief This function finishes the SHA-512 operation, and writes
@@ -143,8 +142,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
- unsigned char output[64] );
+int mbedtls_sha512_finish_ret(mbedtls_sha512_context *ctx,
+ unsigned char output[64]);
/**
* \brief This function processes a single data block within
@@ -158,8 +157,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
- const unsigned char data[128] );
+int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx,
+ const unsigned char data[128]);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
@@ -179,8 +178,8 @@
* \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
* be \c 0, or the function will fail to work.
*/
-MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
- int is384 );
+MBEDTLS_DEPRECATED void mbedtls_sha512_starts(mbedtls_sha512_context *ctx,
+ int is384);
/**
* \brief This function feeds an input buffer into an ongoing
@@ -194,9 +193,9 @@
* buffer of length \p ilen Bytes.
* \param ilen The length of the input data in Bytes.
*/
-MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
- const unsigned char *input,
- size_t ilen );
+MBEDTLS_DEPRECATED void mbedtls_sha512_update(mbedtls_sha512_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief This function finishes the SHA-512 operation, and writes
@@ -209,8 +208,8 @@
* \param output The SHA-384 or SHA-512 checksum result. This must
* be a writable buffer of size \c 64 Bytes.
*/
-MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
- unsigned char output[64] );
+MBEDTLS_DEPRECATED void mbedtls_sha512_finish(mbedtls_sha512_context *ctx,
+ unsigned char output[64]);
/**
* \brief This function processes a single data block within
@@ -224,8 +223,8 @@
* a readable buffer of length \c 128 Bytes.
*/
MBEDTLS_DEPRECATED void mbedtls_sha512_process(
- mbedtls_sha512_context *ctx,
- const unsigned char data[128] );
+ mbedtls_sha512_context *ctx,
+ const unsigned char data[128]);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -255,10 +254,10 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha512_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[64],
- int is384 );
+int mbedtls_sha512_ret(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[64],
+ int is384);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -290,23 +289,23 @@
* \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
* be \c 0, or the function will fail to work.
*/
-MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
- size_t ilen,
- unsigned char output[64],
- int is384 );
+MBEDTLS_DEPRECATED void mbedtls_sha512(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[64],
+ int is384);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_SELF_TEST)
- /**
+/**
* \brief The SHA-384 or SHA-512 checkup routine.
*
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_sha512_self_test( int verbose );
+int mbedtls_sha512_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index aecac93..7836ece 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -54,11 +54,13 @@
#if defined(MBEDTLS_ZLIB_SUPPORT)
#if defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
+#warning \
+ "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
#endif
#if defined(MBEDTLS_DEPRECATED_REMOVED)
-#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
+#error \
+ "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
#endif
#include "zlib.h"
@@ -491,8 +493,7 @@
#endif
/* Dummy type used only for its size */
-union mbedtls_ssl_premaster_secret
-{
+union mbedtls_ssl_premaster_secret {
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
#endif
@@ -510,21 +511,21 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
- + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */
+ + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 4 */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
- + MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */
+ + MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
unsigned char _pms_ecjpake[32]; /* Thread spec: SHA-256 output */
#endif
};
-#define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
+#define MBEDTLS_PREMASTER_SIZE sizeof(union mbedtls_ssl_premaster_secret)
#ifdef __cplusplus
extern "C" {
@@ -533,8 +534,7 @@
/*
* SSL state machine
*/
-typedef enum
-{
+typedef enum {
MBEDTLS_SSL_HELLO_REQUEST,
MBEDTLS_SSL_CLIENT_HELLO,
MBEDTLS_SSL_SERVER_HELLO,
@@ -560,13 +560,12 @@
/*
* The tls_prf function types.
*/
-typedef enum
-{
- MBEDTLS_SSL_TLS_PRF_NONE,
- MBEDTLS_SSL_TLS_PRF_SSL3,
- MBEDTLS_SSL_TLS_PRF_TLS1,
- MBEDTLS_SSL_TLS_PRF_SHA384,
- MBEDTLS_SSL_TLS_PRF_SHA256
+typedef enum {
+ MBEDTLS_SSL_TLS_PRF_NONE,
+ MBEDTLS_SSL_TLS_PRF_SSL3,
+ MBEDTLS_SSL_TLS_PRF_TLS1,
+ MBEDTLS_SSL_TLS_PRF_SHA384,
+ MBEDTLS_SSL_TLS_PRF_SHA256
}
mbedtls_tls_prf_types;
/**
@@ -586,9 +585,9 @@
* \note The callback is allowed to send fewer bytes than requested.
* It must always return the number of bytes actually sent.
*/
-typedef int mbedtls_ssl_send_t( void *ctx,
- const unsigned char *buf,
- size_t len );
+typedef int mbedtls_ssl_send_t(void *ctx,
+ const unsigned char *buf,
+ size_t len);
/**
* \brief Callback type: receive data from the network.
@@ -610,9 +609,9 @@
* buffer. It must always return the number of bytes actually
* received and written to the buffer.
*/
-typedef int mbedtls_ssl_recv_t( void *ctx,
- unsigned char *buf,
- size_t len );
+typedef int mbedtls_ssl_recv_t(void *ctx,
+ unsigned char *buf,
+ size_t len);
/**
* \brief Callback type: receive data from the network, with timeout
@@ -636,10 +635,10 @@
* buffer. It must always return the number of bytes actually
* received and written to the buffer.
*/
-typedef int mbedtls_ssl_recv_timeout_t( void *ctx,
- unsigned char *buf,
- size_t len,
- uint32_t timeout );
+typedef int mbedtls_ssl_recv_timeout_t(void *ctx,
+ unsigned char *buf,
+ size_t len,
+ uint32_t timeout);
/**
* \brief Callback type: set a pair of timers/delays to watch
*
@@ -662,9 +661,9 @@
* function while a timer is running must cancel it. Cancelled
* timers must not generate any event.
*/
-typedef void mbedtls_ssl_set_timer_t( void * ctx,
- uint32_t int_ms,
- uint32_t fin_ms );
+typedef void mbedtls_ssl_set_timer_t(void *ctx,
+ uint32_t int_ms,
+ uint32_t fin_ms);
/**
* \brief Callback type: get status of timers/delays
@@ -677,7 +676,7 @@
* 1 if only the intermediate delay has passed,
* 2 if the final delay has passed.
*/
-typedef int mbedtls_ssl_get_timer_t( void * ctx );
+typedef int mbedtls_ssl_get_timer_t(void *ctx);
/* Defined below */
typedef struct mbedtls_ssl_session mbedtls_ssl_session;
@@ -768,11 +767,11 @@
* use \c MBEDTLS_ERR_SSL_xxx error codes except as
* directed in the documentation of this callback.
*/
-typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *cert,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash,
- size_t hash_len );
+typedef int mbedtls_ssl_async_sign_t(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *cert,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash,
+ size_t hash_len);
/**
* \brief Callback type: start external decryption operation.
@@ -834,10 +833,10 @@
* use \c MBEDTLS_ERR_SSL_xxx error codes except as
* directed in the documentation of this callback.
*/
-typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *cert,
- const unsigned char *input,
- size_t input_len );
+typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *cert,
+ const unsigned char *input,
+ size_t input_len);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/**
@@ -882,10 +881,10 @@
* use \c MBEDTLS_ERR_SSL_xxx error codes except as
* directed in the documentation of this callback.
*/
-typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl,
- unsigned char *output,
- size_t *output_len,
- size_t output_size );
+typedef int mbedtls_ssl_async_resume_t(mbedtls_ssl_context *ssl,
+ unsigned char *output,
+ size_t *output_len,
+ size_t output_size);
/**
* \brief Callback type: cancel external operation.
@@ -904,7 +903,7 @@
* \param ssl The SSL connection instance. It should not be
* modified.
*/
-typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
+typedef void mbedtls_ssl_async_cancel_t(mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
@@ -939,17 +938,16 @@
* Reminder: if this list is expanded mbedtls_ssl_check_srtp_profile_value
* must be updated too.
*/
-#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 ( (uint16_t) 0x0001)
-#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 ( (uint16_t) 0x0002)
-#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 ( (uint16_t) 0x0005)
-#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 ( (uint16_t) 0x0006)
+#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 ((uint16_t) 0x0001)
+#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 ((uint16_t) 0x0002)
+#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 ((uint16_t) 0x0005)
+#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 ((uint16_t) 0x0006)
/* This one is not iana defined, but for code readability. */
-#define MBEDTLS_TLS_SRTP_UNSET ( (uint16_t) 0x0000)
+#define MBEDTLS_TLS_SRTP_UNSET ((uint16_t) 0x0000)
typedef uint16_t mbedtls_ssl_srtp_profile;
-typedef struct mbedtls_dtls_srtp_info_t
-{
+typedef struct mbedtls_dtls_srtp_info_t {
/*! The SRTP profile that was negotiated. */
mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile;
/*! The length of mki_value. */
@@ -972,8 +970,7 @@
* mbedtls_ssl_session_save() and ssl_session_load()
* ssl_session_copy()
*/
-struct mbedtls_ssl_session
-{
+struct mbedtls_ssl_session {
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
@@ -1018,8 +1015,7 @@
/**
* SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
*/
-struct mbedtls_ssl_config
-{
+struct mbedtls_ssl_config {
/* Group items by size and reorder them to maximize usage of immediate offset access. */
/*
@@ -1074,7 +1070,7 @@
#endif
#if defined(MBEDTLS_SSL_SRV_C)
uint8_t cert_req_ca_list /*bool*/; /*!< enable sending CA list in
- Certificate Request messages? */
+ Certificate Request messages? */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
uint8_t ignore_unexpected_cid /*bool*/; /*!< Determines whether DTLS
@@ -1153,33 +1149,33 @@
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a cookie for ClientHello verification */
- int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
- const unsigned char *, size_t );
+ int (*f_cookie_write)(void *, unsigned char **, unsigned char *,
+ const unsigned char *, size_t);
/** Callback to verify validity of a ClientHello cookie */
- int (*f_cookie_check)( void *, const unsigned char *, size_t,
- const unsigned char *, size_t );
+ int (*f_cookie_check)(void *, const unsigned char *, size_t,
+ const unsigned char *, size_t);
void *p_cookie; /*!< context for the cookie callbacks */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a session ticket */
- int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
- unsigned char *, const unsigned char *, size_t *, uint32_t * );
+ int (*f_ticket_write)(void *, const mbedtls_ssl_session *,
+ unsigned char *, const unsigned char *, size_t *, uint32_t *);
/** Callback to parse a session ticket into a session structure */
- int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
+ int (*f_ticket_parse)(void *, mbedtls_ssl_session *, unsigned char *, size_t);
void *p_ticket; /*!< context for the ticket callbacks */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
/** Callback to export key block and master secret */
- int (*f_export_keys)( void *, const unsigned char *,
- const unsigned char *, size_t, size_t, size_t );
+ int (*f_export_keys)(void *, const unsigned char *,
+ const unsigned char *, size_t, size_t, size_t);
/** Callback to export key block, master secret,
* tls_prf and random bytes. Should replace f_export_keys */
- int (*f_export_keys_ext)( void *, const unsigned char *,
- const unsigned char *, size_t, size_t, size_t,
- const unsigned char[32], const unsigned char[32],
- mbedtls_tls_prf_types );
+ int (*f_export_keys_ext)(void *, const unsigned char *,
+ const unsigned char *, size_t, size_t, size_t,
+ const unsigned char[32], const unsigned char[32],
+ mbedtls_tls_prf_types);
void *p_export_keys; /*!< context for key export callback */
#endif
@@ -1267,8 +1263,7 @@
#endif /* MBEDTLS_SSL_DTLS_SRTP */
};
-struct mbedtls_ssl_context
-{
+struct mbedtls_ssl_context {
const mbedtls_ssl_config *conf; /*!< configuration information */
/*
@@ -1278,8 +1273,8 @@
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int renego_status; /*!< Initial, in progress, pending? */
int renego_records_seen; /*!< Records since renego request, or with DTLS,
- number of retransmissions of request if
- renego_max_records is < 0 */
+ number of retransmissions of request if
+ renego_max_records is < 0 */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
@@ -1298,7 +1293,7 @@
mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
mbedtls_ssl_recv_timeout_t *f_recv_timeout;
- /*!< Callback for network receive with timeout */
+ /*!< Callback for network receive with timeout */
void *p_bio; /*!< context for I/O operations */
@@ -1311,7 +1306,7 @@
mbedtls_ssl_session *session_negotiate; /*!< session data in negotiation */
mbedtls_ssl_handshake_params *handshake; /*!< params required only during
- the handshake process */
+ the handshake process */
/*
* Record layer transformations
@@ -1459,7 +1454,7 @@
* all subsequent handshakes. This may be different from the
* CID currently used in case the user has re-configured the CID
* after an initial handshake. */
- unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
+ unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
uint8_t own_cid_len; /*!< The length of \c own_cid. */
uint8_t negotiate_cid; /*!< This indicates whether the CID extension should
* be negotiated in the next handshake or not.
@@ -1472,8 +1467,8 @@
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#define MBEDTLS_SSL_CHANNEL_OUTBOUND MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( 0 )
-#define MBEDTLS_SSL_CHANNEL_INBOUND MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( 1 )
+#define MBEDTLS_SSL_CHANNEL_OUTBOUND MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(0)
+#define MBEDTLS_SSL_CHANNEL_INBOUND MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(1)
#if defined(MBEDTLS_DEPRECATED_WARNING)
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
@@ -1482,24 +1477,24 @@
#endif /* MBEDTLS_DEPRECATED_WARNING */
MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_init)(
- mbedtls_ssl_context *ssl,
- const unsigned char *key_enc, const unsigned char *key_dec,
- size_t keylen,
- const unsigned char *iv_enc, const unsigned char *iv_dec,
- size_t ivlen,
- const unsigned char *mac_enc, const unsigned char *mac_dec,
- size_t maclen);
+ mbedtls_ssl_context *ssl,
+ const unsigned char *key_enc, const unsigned char *key_dec,
+ size_t keylen,
+ const unsigned char *iv_enc, const unsigned char *iv_dec,
+ size_t ivlen,
+ const unsigned char *mac_enc, const unsigned char *mac_dec,
+ size_t maclen);
MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_activate)(
- mbedtls_ssl_context *ssl,
- int direction );
+ mbedtls_ssl_context *ssl,
+ int direction);
MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_reset)(
- mbedtls_ssl_context *ssl );
+ mbedtls_ssl_context *ssl);
MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_write)(
- mbedtls_ssl_context *ssl );
+ mbedtls_ssl_context *ssl);
MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_read)(
- mbedtls_ssl_context *ssl );
+ mbedtls_ssl_context *ssl);
MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_finish)(
- mbedtls_ssl_context *ssl );
+ mbedtls_ssl_context *ssl);
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -1514,7 +1509,7 @@
*
* \return a string containing the ciphersuite name
*/
-const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
+const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id);
/**
* \brief Return the ID of the ciphersuite associated with the
@@ -1524,7 +1519,7 @@
*
* \return the ID with the ciphersuite or 0 if not found
*/
-int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
+int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name);
/**
* \brief Initialize an SSL context
@@ -1533,7 +1528,7 @@
*
* \param ssl SSL context
*/
-void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_init(mbedtls_ssl_context *ssl);
/**
* \brief Set up an SSL context for use
@@ -1555,8 +1550,8 @@
* \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if
* memory allocation failed
*/
-int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
- const mbedtls_ssl_config *conf );
+int mbedtls_ssl_setup(mbedtls_ssl_context *ssl,
+ const mbedtls_ssl_config *conf);
/**
* \brief Reset an already initialized SSL context for re-use
@@ -1568,7 +1563,7 @@
MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or
* MBEDTLS_ERR_SSL_COMPRESSION_FAILED
*/
-int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl);
/**
* \brief Set the current endpoint type
@@ -1576,7 +1571,7 @@
* \param conf SSL configuration
* \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
*/
-void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
+void mbedtls_ssl_conf_endpoint(mbedtls_ssl_config *conf, int endpoint);
/**
* \brief Set the transport type (TLS or DTLS).
@@ -1592,7 +1587,7 @@
* MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
* MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
*/
-void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
+void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport);
/**
* \brief Set the certificate verification mode
@@ -1620,7 +1615,7 @@
* the verification as soon as possible. For example, REQUIRED was protecting
* against the "triple handshake" attack even before it was found.
*/
-void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
+void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
@@ -1638,9 +1633,9 @@
* \param f_vrfy The verification callback to use during CRT verification.
* \param p_vrfy The opaque context to be passed to the callback.
*/
-void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy );
+void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/**
@@ -1650,9 +1645,9 @@
* \param f_rng RNG function
* \param p_rng RNG parameter
*/
-void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief Set the debug callback
@@ -1668,9 +1663,9 @@
* \param f_dbg debug function
* \param p_dbg debug parameter
*/
-void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
- void (*f_dbg)(void *, int, const char *, int, const char *),
- void *p_dbg );
+void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf,
+ void (*f_dbg)(void *, int, const char *, int, const char *),
+ void *p_dbg);
/**
* \brief Set the underlying BIO callbacks for write, read and
@@ -1702,11 +1697,11 @@
* \c mbedtls_net_recv_timeout() that are suitable to be used
* here.
*/
-void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
- void *p_bio,
- mbedtls_ssl_send_t *f_send,
- mbedtls_ssl_recv_t *f_recv,
- mbedtls_ssl_recv_timeout_t *f_recv_timeout );
+void mbedtls_ssl_set_bio(mbedtls_ssl_context *ssl,
+ void *p_bio,
+ mbedtls_ssl_send_t *f_send,
+ mbedtls_ssl_recv_t *f_recv,
+ mbedtls_ssl_recv_timeout_t *f_recv_timeout);
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -1796,10 +1791,10 @@
* applies to the next handshake.
* \return A negative error code on failure.
*/
-int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
- int enable,
- unsigned char const *own_cid,
- size_t own_cid_len );
+int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl,
+ int enable,
+ unsigned char const *own_cid,
+ size_t own_cid_len);
/**
* \brief Get information about the use of the CID extension
@@ -1838,10 +1833,10 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
- int *enabled,
- unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],
- size_t *peer_cid_len );
+int mbedtls_ssl_get_peer_cid(mbedtls_ssl_context *ssl,
+ int *enabled,
+ unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
+ size_t *peer_cid_len);
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -1887,7 +1882,7 @@
* \param ssl SSL context
* \param mtu Value of the path MTU in bytes
*/
-void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu );
+void mbedtls_ssl_set_mtu(mbedtls_ssl_context *ssl, uint16_t mtu);
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -1909,9 +1904,9 @@
* \param f_vrfy The verification callback to use during CRT verification.
* \param p_vrfy The opaque context to be passed to the callback.
*/
-void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy );
+void mbedtls_ssl_set_verify(mbedtls_ssl_context *ssl,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/**
@@ -1930,7 +1925,7 @@
* \note With non-blocking I/O, you may also skip this function
* altogether and handle timeouts at the application layer.
*/
-void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
+void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout);
#if defined(MBEDTLS_SSL_RECORD_CHECKING)
/**
@@ -1977,9 +1972,9 @@
* In this case, the SSL context becomes unusable and needs
* to be freed or reset before reuse.
*/
-int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
- unsigned char *buf,
- size_t buflen );
+int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl,
+ unsigned char *buf,
+ size_t buflen);
#endif /* MBEDTLS_SSL_RECORD_CHECKING */
/**
@@ -2002,10 +1997,10 @@
* \note See also the "DTLS tutorial" article in our knowledge base.
* https://mbed-tls.readthedocs.io/en/latest/kb/how-to/dtls-tutorial
*/
-void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
- void *p_timer,
- mbedtls_ssl_set_timer_t *f_set_timer,
- mbedtls_ssl_get_timer_t *f_get_timer );
+void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl,
+ void *p_timer,
+ mbedtls_ssl_set_timer_t *f_set_timer,
+ mbedtls_ssl_get_timer_t *f_get_timer);
/**
* \brief Callback type: generate and write session ticket
@@ -2026,12 +2021,12 @@
* \return 0 if successful, or
* a specific MBEDTLS_ERR_XXX code.
*/
-typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
- const mbedtls_ssl_session *session,
- unsigned char *start,
- const unsigned char *end,
- size_t *tlen,
- uint32_t *lifetime );
+typedef int mbedtls_ssl_ticket_write_t(void *p_ticket,
+ const mbedtls_ssl_session *session,
+ unsigned char *start,
+ const unsigned char *end,
+ size_t *tlen,
+ uint32_t *lifetime);
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
/**
@@ -2054,12 +2049,12 @@
* \return 0 if successful, or
* a specific MBEDTLS_ERR_XXX code.
*/
-typedef int mbedtls_ssl_export_keys_t( void *p_expkey,
- const unsigned char *ms,
- const unsigned char *kb,
- size_t maclen,
- size_t keylen,
- size_t ivlen );
+typedef int mbedtls_ssl_export_keys_t(void *p_expkey,
+ const unsigned char *ms,
+ const unsigned char *kb,
+ size_t maclen,
+ size_t keylen,
+ size_t ivlen);
/**
* \brief Callback type: Export key block, master secret,
@@ -2086,15 +2081,15 @@
* \return 0 if successful, or
* a specific MBEDTLS_ERR_XXX code.
*/
-typedef int mbedtls_ssl_export_keys_ext_t( void *p_expkey,
- const unsigned char *ms,
- const unsigned char *kb,
- size_t maclen,
- size_t keylen,
- size_t ivlen,
- const unsigned char client_random[32],
- const unsigned char server_random[32],
- mbedtls_tls_prf_types tls_prf_type );
+typedef int mbedtls_ssl_export_keys_ext_t(void *p_expkey,
+ const unsigned char *ms,
+ const unsigned char *kb,
+ size_t maclen,
+ size_t keylen,
+ size_t ivlen,
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type);
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
/**
@@ -2120,10 +2115,10 @@
* MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or
* any other non-zero code for other failures.
*/
-typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
- mbedtls_ssl_session *session,
- unsigned char *buf,
- size_t len );
+typedef int mbedtls_ssl_ticket_parse_t(void *p_ticket,
+ mbedtls_ssl_session *session,
+ unsigned char *buf,
+ size_t len);
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
/**
@@ -2140,10 +2135,10 @@
* \param f_ticket_parse Callback for parsing a ticket
* \param p_ticket Context shared by the two callbacks
*/
-void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_ticket_write_t *f_ticket_write,
- mbedtls_ssl_ticket_parse_t *f_ticket_parse,
- void *p_ticket );
+void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf,
+ mbedtls_ssl_ticket_write_t *f_ticket_write,
+ mbedtls_ssl_ticket_parse_t *f_ticket_parse,
+ void *p_ticket);
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
@@ -2157,9 +2152,9 @@
* \param f_export_keys Callback for exporting keys
* \param p_export_keys Context for the callback
*/
-void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_export_keys_t *f_export_keys,
- void *p_export_keys );
+void mbedtls_ssl_conf_export_keys_cb(mbedtls_ssl_config *conf,
+ mbedtls_ssl_export_keys_t *f_export_keys,
+ void *p_export_keys);
/**
* \brief Configure extended key export callback.
@@ -2173,9 +2168,9 @@
* \param f_export_keys_ext Callback for exporting keys
* \param p_export_keys Context for the callback
*/
-void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_export_keys_ext_t *f_export_keys_ext,
- void *p_export_keys );
+void mbedtls_ssl_conf_export_keys_ext_cb(mbedtls_ssl_config *conf,
+ mbedtls_ssl_export_keys_ext_t *f_export_keys_ext,
+ void *p_export_keys);
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -2209,12 +2204,12 @@
* mbedtls_ssl_conf_get_async_config_data(). The
* library stores this value without dereferencing it.
*/
-void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_async_sign_t *f_async_sign,
- mbedtls_ssl_async_decrypt_t *f_async_decrypt,
- mbedtls_ssl_async_resume_t *f_async_resume,
- mbedtls_ssl_async_cancel_t *f_async_cancel,
- void *config_data );
+void mbedtls_ssl_conf_async_private_cb(mbedtls_ssl_config *conf,
+ mbedtls_ssl_async_sign_t *f_async_sign,
+ mbedtls_ssl_async_decrypt_t *f_async_decrypt,
+ mbedtls_ssl_async_resume_t *f_async_resume,
+ mbedtls_ssl_async_cancel_t *f_async_cancel,
+ void *config_data);
/**
* \brief Retrieve the configuration data set by
@@ -2224,7 +2219,7 @@
* \return The configuration data set by
* mbedtls_ssl_conf_async_private_cb().
*/
-void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf );
+void *mbedtls_ssl_conf_get_async_config_data(const mbedtls_ssl_config *conf);
/**
* \brief Retrieve the asynchronous operation user context.
@@ -2240,7 +2235,7 @@
* called during the current handshake, this function returns
* \c NULL.
*/
-void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl );
+void *mbedtls_ssl_get_async_operation_data(const mbedtls_ssl_context *ssl);
/**
* \brief Retrieve the asynchronous operation user context.
@@ -2253,8 +2248,8 @@
* Call mbedtls_ssl_get_async_operation_data() later during the
* same handshake to retrieve this value.
*/
-void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl,
- void *ctx );
+void mbedtls_ssl_set_async_operation_data(mbedtls_ssl_context *ssl,
+ void *ctx);
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
/**
@@ -2271,9 +2266,9 @@
* \return The callback must return 0 on success,
* or a negative error code.
*/
-typedef int mbedtls_ssl_cookie_write_t( void *ctx,
- unsigned char **p, unsigned char *end,
- const unsigned char *info, size_t ilen );
+typedef int mbedtls_ssl_cookie_write_t(void *ctx,
+ unsigned char **p, unsigned char *end,
+ const unsigned char *info, size_t ilen);
/**
* \brief Callback type: verify a cookie
@@ -2288,9 +2283,9 @@
* \return The callback must return 0 if cookie is valid,
* or a negative error code.
*/
-typedef int mbedtls_ssl_cookie_check_t( void *ctx,
- const unsigned char *cookie, size_t clen,
- const unsigned char *info, size_t ilen );
+typedef int mbedtls_ssl_cookie_check_t(void *ctx,
+ const unsigned char *cookie, size_t clen,
+ const unsigned char *info, size_t ilen);
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/**
@@ -2321,10 +2316,10 @@
* \param f_cookie_check Cookie check callback
* \param p_cookie Context for both callbacks
*/
-void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
- mbedtls_ssl_cookie_write_t *f_cookie_write,
- mbedtls_ssl_cookie_check_t *f_cookie_check,
- void *p_cookie );
+void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf,
+ mbedtls_ssl_cookie_write_t *f_cookie_write,
+ mbedtls_ssl_cookie_check_t *f_cookie_check,
+ void *p_cookie);
/**
* \brief Set client's transport-level identification info.
@@ -2345,9 +2340,9 @@
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
* MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.
*/
-int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
- const unsigned char *info,
- size_t ilen );
+int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl,
+ const unsigned char *info,
+ size_t ilen);
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
@@ -2367,7 +2362,7 @@
* packets and needs information about them to adjust its
* transmission strategy, then you'll want to disable this.
*/
-void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
+void mbedtls_ssl_conf_dtls_anti_replay(mbedtls_ssl_config *conf, char mode);
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
@@ -2394,7 +2389,7 @@
* might make us waste resources checking authentication on
* many bogus packets.
*/
-void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
+void mbedtls_ssl_conf_dtls_badmac_limit(mbedtls_ssl_config *conf, unsigned limit);
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -2427,8 +2422,8 @@
* are currently always sent in separate datagrams.
*
*/
-void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
- unsigned allow_packing );
+void mbedtls_ssl_set_datagram_packing(mbedtls_ssl_context *ssl,
+ unsigned allow_packing);
/**
* \brief Set retransmit timeout values for the DTLS handshake.
@@ -2461,7 +2456,7 @@
* goes: send ... 1s -> resend ... 2s -> resend ... 4s ->
* resend ... 5s -> give up and return a timeout error.
*/
-void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
+void mbedtls_ssl_conf_handshake_timeout(mbedtls_ssl_config *conf, uint32_t min, uint32_t max);
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_SRV_C)
@@ -2502,10 +2497,10 @@
* \param f_get_cache session get callback
* \param f_set_cache session set callback
*/
-void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
- void *p_cache,
- int (*f_get_cache)(void *, mbedtls_ssl_session *),
- int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
+void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf,
+ void *p_cache,
+ int (*f_get_cache)(void *, mbedtls_ssl_session *),
+ int (*f_set_cache)(void *, const mbedtls_ssl_session *));
#endif /* MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_CLI_C)
@@ -2523,7 +2518,7 @@
*
* \sa mbedtls_ssl_get_session()
*/
-int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
+int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session);
#endif /* MBEDTLS_SSL_CLI_C */
/**
@@ -2558,9 +2553,9 @@
* \return Another negative value for other kinds of errors (for
* example, unsupported features in the embedded certificate).
*/
-int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
- const unsigned char *buf,
- size_t len );
+int mbedtls_ssl_session_load(mbedtls_ssl_session *session,
+ const unsigned char *buf,
+ size_t len);
/**
* \brief Save session structure as serialized data in a buffer.
@@ -2588,10 +2583,10 @@
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
*/
-int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
- unsigned char *buf,
- size_t buf_len,
- size_t *olen );
+int mbedtls_ssl_session_save(const mbedtls_ssl_session *session,
+ unsigned char *buf,
+ size_t buf_len,
+ size_t *olen);
/**
* \brief Get a pointer to the current session structure, for example
@@ -2608,7 +2603,7 @@
* \return A pointer to the current session if successful.
* \return \c NULL if no session is active.
*/
-const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl );
+const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer(const mbedtls_ssl_context *ssl);
/**
* \brief Set the list of allowed ciphersuites and the preference
@@ -2625,8 +2620,8 @@
* \param conf SSL configuration
* \param ciphersuites 0-terminated list of allowed ciphersuites
*/
-void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
- const int *ciphersuites );
+void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf,
+ const int *ciphersuites);
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
@@ -2663,8 +2658,8 @@
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len
* is too large.
*/
-int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len,
- int ignore_other_cids );
+int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len,
+ int ignore_other_cids);
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/**
@@ -2686,9 +2681,9 @@
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
* and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
*/
-void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
- const int *ciphersuites,
- int major, int minor );
+void mbedtls_ssl_conf_ciphersuites_for_version(mbedtls_ssl_config *conf,
+ const int *ciphersuites,
+ int major, int minor);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
@@ -2701,8 +2696,8 @@
* \param conf SSL configuration
* \param profile Profile to use
*/
-void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
- const mbedtls_x509_crt_profile *profile );
+void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf,
+ const mbedtls_x509_crt_profile *profile);
/**
* \brief Set the data required to verify peer certificate
@@ -2715,9 +2710,9 @@
* \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
* \param ca_crl trusted CA CRLs
*/
-void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
+void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf,
mbedtls_x509_crt *ca_chain,
- mbedtls_x509_crl *ca_crl );
+ mbedtls_x509_crl *ca_crl);
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/**
@@ -2771,9 +2766,9 @@
* to guarantee this (for example through a mutex
* contained in the callback context pointed to by \p p_ca_cb).
*/
-void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
- mbedtls_x509_crt_ca_cb_t f_ca_cb,
- void *p_ca_cb );
+void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf,
+ mbedtls_x509_crt_ca_cb_t f_ca_cb,
+ void *p_ca_cb);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
/**
@@ -2812,9 +2807,9 @@
*
* \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
*/
-int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
+int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf,
mbedtls_x509_crt *own_cert,
- mbedtls_pk_context *pk_key );
+ mbedtls_pk_context *pk_key);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
@@ -2849,9 +2844,9 @@
* \return \c 0 if successful.
* \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
*/
-int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
- const unsigned char *psk, size_t psk_len,
- const unsigned char *psk_identity, size_t psk_identity_len );
+int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf,
+ const unsigned char *psk, size_t psk_len,
+ const unsigned char *psk_identity, size_t psk_identity_len);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
@@ -2890,10 +2885,10 @@
* \return \c 0 if successful.
* \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
*/
-int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
- psa_key_id_t psk,
- const unsigned char *psk_identity,
- size_t psk_identity_len );
+int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf,
+ psa_key_id_t psk,
+ const unsigned char *psk_identity,
+ size_t psk_identity_len);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/**
@@ -2912,8 +2907,8 @@
* \return \c 0 if successful.
* \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
*/
-int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
- const unsigned char *psk, size_t psk_len );
+int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl,
+ const unsigned char *psk, size_t psk_len);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
@@ -2932,12 +2927,12 @@
* PSA_ALG_CATEGORY_KEY_DERIVATION whose policy allows its
* use for the key derivation algorithm
* applied in the handshake.
- *
+ *
* \return \c 0 if successful.
* \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
*/
-int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
- psa_key_id_t psk );
+int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl,
+ psa_key_id_t psk);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/**
@@ -2978,10 +2973,10 @@
* \param p_psk A pointer to an opaque structure to be passed to
* the callback, for example a PSK store.
*/
-void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
- int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
- size_t),
- void *p_psk );
+void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf,
+ int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
+ size_t),
+ void *p_psk);
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
@@ -3007,9 +3002,9 @@
*
* \return 0 if successful
*/
-MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf,
- const char *dhm_P,
- const char *dhm_G );
+MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param(mbedtls_ssl_config *conf,
+ const char *dhm_P,
+ const char *dhm_G);
#endif /* MBEDTLS_DEPRECATED_REMOVED */
@@ -3026,9 +3021,9 @@
*
* \return 0 if successful
*/
-int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
- const unsigned char *dhm_P, size_t P_len,
- const unsigned char *dhm_G, size_t G_len );
+int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf,
+ const unsigned char *dhm_P, size_t P_len,
+ const unsigned char *dhm_G, size_t G_len);
/**
* \brief Set the Diffie-Hellman public P and G values,
@@ -3039,7 +3034,7 @@
*
* \return 0 if successful
*/
-int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
+int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx);
#endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
@@ -3051,8 +3046,8 @@
* \param conf SSL configuration
* \param bitlen Minimum bit length of the DHM prime
*/
-void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
- unsigned int bitlen );
+void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf,
+ unsigned int bitlen);
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_ECP_C)
@@ -3085,8 +3080,8 @@
* \param curves Ordered list of allowed curves,
* terminated by MBEDTLS_ECP_DP_NONE.
*/
-void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
- const mbedtls_ecp_group_id *curves );
+void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
+ const mbedtls_ecp_group_id *curves);
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@@ -3110,8 +3105,8 @@
* \param hashes Ordered list of allowed signature hashes,
* terminated by \c MBEDTLS_MD_NONE.
*/
-void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
- const int *hashes );
+void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf,
+ const int *hashes);
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -3133,7 +3128,7 @@
* when NULL). On allocation failure hostname is cleared.
* On too long input failure, old hostname is unchanged.
*/
-int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
+int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@@ -3149,9 +3144,9 @@
*
* \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
*/
-int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *own_cert,
- mbedtls_pk_context *pk_key );
+int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *own_cert,
+ mbedtls_pk_context *pk_key);
/**
* \brief Set the data required to verify peer certificate for the
@@ -3164,9 +3159,9 @@
* \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
* \param ca_crl trusted CA CRLs
*/
-void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *ca_chain,
- mbedtls_x509_crl *ca_crl );
+void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *ca_chain,
+ mbedtls_x509_crl *ca_crl);
/**
* \brief Set authmode for the current handshake.
@@ -3178,8 +3173,8 @@
* \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or
* MBEDTLS_SSL_VERIFY_REQUIRED
*/
-void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
- int authmode );
+void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl,
+ int authmode);
/**
* \brief Set server side ServerName TLS extension callback
@@ -3204,10 +3199,10 @@
* \param f_sni verification function
* \param p_sni verification parameter
*/
-void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
- int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
- size_t),
- void *p_sni );
+void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf,
+ int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
+ size_t),
+ void *p_sni);
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -3228,9 +3223,9 @@
*
* \return 0 on success, or a negative error code.
*/
-int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
- const unsigned char *pw,
- size_t pw_len );
+int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl,
+ const unsigned char *pw,
+ size_t pw_len);
#endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_ALPN)
@@ -3246,7 +3241,7 @@
*
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
*/
-int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
+int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos);
/**
* \brief Get the name of the negotiated Application Layer Protocol.
@@ -3257,26 +3252,25 @@
*
* \return Protocol name, or NULL if no protocol was negotiated.
*/
-const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
+const char *mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
#if defined(MBEDTLS_DEBUG_C)
-static inline const char *mbedtls_ssl_get_srtp_profile_as_string( mbedtls_ssl_srtp_profile profile )
+static inline const char *mbedtls_ssl_get_srtp_profile_as_string(mbedtls_ssl_srtp_profile profile)
{
- switch( profile )
- {
+ switch (profile) {
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
- return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" );
+ return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80";
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
- return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" );
+ return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32";
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
- return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" );
+ return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80";
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32:
- return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" );
+ return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32";
default: break;
}
- return( "" );
+ return "";
}
#endif /* MBEDTLS_DEBUG_C */
/**
@@ -3292,8 +3286,8 @@
* #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED
* or #MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED.
*/
-void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf,
- int support_mki_value );
+void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf,
+ int support_mki_value);
/**
* \brief Set the supported DTLS-SRTP protection profiles.
@@ -3315,8 +3309,8 @@
* protection profiles is incorrect.
*/
int mbedtls_ssl_conf_dtls_srtp_protection_profiles
- ( mbedtls_ssl_config *conf,
- const mbedtls_ssl_srtp_profile *profiles );
+ (mbedtls_ssl_config *conf,
+ const mbedtls_ssl_srtp_profile *profiles);
/**
* \brief Set the mki_value for the current DTLS-SRTP session.
@@ -3334,9 +3328,9 @@
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA
* \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
*/
-int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
- unsigned char *mki_value,
- uint16_t mki_len );
+int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl,
+ unsigned char *mki_value,
+ uint16_t mki_len);
/**
* \brief Get the negotiated DTLS-SRTP information:
* Protection profile and MKI value.
@@ -3355,8 +3349,8 @@
* or peer's Hello packet was not parsed yet.
* - mki size and value( if size is > 0 ).
*/
-void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl,
- mbedtls_dtls_srtp_info *dtls_srtp_info );
+void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl,
+ mbedtls_dtls_srtp_info *dtls_srtp_info);
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/**
@@ -3375,7 +3369,7 @@
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
* MBEDTLS_SSL_MINOR_VERSION_3 supported)
*/
-void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
+void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, int minor);
/**
* \brief Set the minimum accepted SSL/TLS protocol version
@@ -3395,7 +3389,7 @@
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
* MBEDTLS_SSL_MINOR_VERSION_3 supported)
*/
-void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
+void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, int minor);
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
/**
@@ -3417,7 +3411,7 @@
* \param conf SSL configuration
* \param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK
*/
-void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback );
+void mbedtls_ssl_conf_fallback(mbedtls_ssl_config *conf, char fallback);
#endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
@@ -3432,7 +3426,7 @@
* \param conf SSL configuration
* \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
*/
-void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
+void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm);
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
@@ -3447,7 +3441,7 @@
* \param conf SSL configuration
* \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
*/
-void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
+void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf, char ems);
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_ARC4_C)
@@ -3466,7 +3460,7 @@
* \param conf SSL configuration
* \param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
*/
-void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 );
+void mbedtls_ssl_conf_arc4_support(mbedtls_ssl_config *conf, char arc4);
#endif /* MBEDTLS_ARC4_C */
#if defined(MBEDTLS_SSL_SRV_C)
@@ -3479,8 +3473,8 @@
* \param cert_req_ca_list MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or
* MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED
*/
-void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
- char cert_req_ca_list );
+void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf,
+ char cert_req_ca_list);
#endif /* MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -3518,7 +3512,7 @@
*
* \return 0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
*/
-int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
+int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code);
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
@@ -3530,7 +3524,7 @@
* \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or
* MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
*/
-void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
+void mbedtls_ssl_conf_truncated_hmac(mbedtls_ssl_config *conf, int truncate);
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
@@ -3545,7 +3539,7 @@
* \param split MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or
* MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
*/
-void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split );
+void mbedtls_ssl_conf_cbc_record_splitting(mbedtls_ssl_config *conf, char split);
#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
@@ -3559,7 +3553,7 @@
* \param use_tickets Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
* MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
*/
-void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
+void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets);
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -3580,7 +3574,7 @@
* \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
* MBEDTLS_SSL_RENEGOTIATION_DISABLED)
*/
-void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
+void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf, int renegotiation);
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/**
@@ -3610,7 +3604,7 @@
* SSL_ALLOW_LEGACY_RENEGOTIATION or
* MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
*/
-void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
+void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf, int allow_legacy);
#if defined(MBEDTLS_SSL_RENEGOTIATION)
/**
@@ -3650,7 +3644,7 @@
* enforce renegotiation, or a non-negative value to enforce
* it but allow for a grace period of max_records records.
*/
-void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
+void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf, int max_records);
/**
* \brief Set record counter threshold for periodic renegotiation.
@@ -3677,8 +3671,8 @@
* \param conf SSL configuration
* \param period The threshold value: a big-endian 64-bit number.
*/
-void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
- const unsigned char period[8] );
+void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf,
+ const unsigned char period[8]);
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/**
@@ -3719,7 +3713,7 @@
* that all internal data has been processed.
*
*/
-int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl );
+int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl);
/**
* \brief Return the number of application data bytes
@@ -3736,7 +3730,7 @@
* amount of data fitting into the input buffer.
*
*/
-size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
+size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl);
/**
* \brief Return the result of the certificate verification
@@ -3750,7 +3744,7 @@
* \return A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX
* and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h.
*/
-uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
+uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl);
/**
* \brief Return the name of the current ciphersuite
@@ -3759,7 +3753,7 @@
*
* \return a string containing the ciphersuite name
*/
-const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
+const char *mbedtls_ssl_get_ciphersuite(const mbedtls_ssl_context *ssl);
/**
* \brief Return the current SSL version (SSLv3/TLSv1/etc)
@@ -3768,7 +3762,7 @@
*
* \return a string containing the SSL version
*/
-const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
+const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl);
/**
* \brief Return the (maximum) number of bytes added by the record
@@ -3783,7 +3777,7 @@
* MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if compression is
* enabled, which makes expansion much less predictable
*/
-int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
+int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
/**
@@ -3799,7 +3793,7 @@
*
* \return Current maximum fragment length for the output buffer.
*/
-size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl );
+size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl);
/**
* \brief Return the maximum fragment length (payload, in bytes) for
@@ -3815,7 +3809,7 @@
*
* \return Current maximum fragment length for the output buffer.
*/
-size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
+size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -3840,7 +3834,7 @@
* \return Current maximum fragment length for the output buffer.
*/
MBEDTLS_DEPRECATED size_t mbedtls_ssl_get_max_frag_len(
- const mbedtls_ssl_context *ssl );
+ const mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
@@ -3871,7 +3865,7 @@
* \return Current maximum payload for an outgoing record,
* or a negative error code.
*/
-int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl );
+int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
@@ -3904,7 +3898,7 @@
* If you want to use the certificate across API calls,
* you must make a copy.
*/
-const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
+const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_CLI_C)
@@ -3934,7 +3928,7 @@
*
* \sa mbedtls_ssl_set_session()
*/
-int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session );
+int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session);
#endif /* MBEDTLS_SSL_CLI_C */
/**
@@ -3987,7 +3981,7 @@
* currently being processed might or might not contain further
* DTLS records.
*/
-int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl);
/**
* \brief Perform a single step of the SSL handshake
@@ -4009,7 +4003,7 @@
* re-using it for a new connection; the current connection
* must be closed.
*/
-int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_RENEGOTIATION)
/**
@@ -4035,7 +4029,7 @@
* must be closed.
*
*/
-int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/**
@@ -4115,7 +4109,7 @@
* \c mbedtls_ssl_check_pending to check for remaining records.
*
*/
-int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
+int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
/**
* \brief Try to write exactly 'len' application data bytes
@@ -4177,7 +4171,7 @@
* \note Attempting to write 0 bytes will result in an empty TLS
* application record being sent.
*/
-int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
+int mbedtls_ssl_write(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len);
/**
* \brief Send an alert message
@@ -4195,9 +4189,9 @@
* call \c mbedtls_ssl_session_reset() on it before re-using it
* for a new connection; the current connection must be closed.
*/
-int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
- unsigned char level,
- unsigned char message );
+int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl,
+ unsigned char level,
+ unsigned char message);
/**
* \brief Notify the peer that the connection is being closed
*
@@ -4211,14 +4205,14 @@
* call \c mbedtls_ssl_session_reset() on it before re-using it
* for a new connection; the current connection must be closed.
*/
-int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl);
/**
* \brief Free referenced items in an SSL context and clear memory
*
* \param ssl SSL context
*/
-void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_free(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
/**
@@ -4269,10 +4263,10 @@
* or the connection does not use DTLS 1.2 with an AEAD
* ciphersuite, or renegotiation is enabled.
*/
-int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t buf_len,
- size_t *olen );
+int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t buf_len,
+ size_t *olen);
/**
* \brief Load serialized connection data to an SSL context.
@@ -4339,9 +4333,9 @@
* comes from a different Mbed TLS version or build.
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
*/
-int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len );
+int mbedtls_ssl_context_load(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len);
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
/**
@@ -4354,7 +4348,7 @@
*
* \param conf SSL configuration context
*/
-void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
+void mbedtls_ssl_config_init(mbedtls_ssl_config *conf);
/**
* \brief Load reasonable default SSL configuration values.
@@ -4371,22 +4365,22 @@
* \return 0 if successful, or
* MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.
*/
-int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
- int endpoint, int transport, int preset );
+int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
+ int endpoint, int transport, int preset);
/**
* \brief Free an SSL configuration context
*
* \param conf SSL configuration context
*/
-void mbedtls_ssl_config_free( mbedtls_ssl_config *conf );
+void mbedtls_ssl_config_free(mbedtls_ssl_config *conf);
/**
* \brief Initialize SSL session structure
*
* \param session SSL session
*/
-void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
+void mbedtls_ssl_session_init(mbedtls_ssl_session *session);
/**
* \brief Free referenced items in an SSL session including the
@@ -4397,7 +4391,7 @@
*
* \param session SSL session
*/
-void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
+void mbedtls_ssl_session_free(mbedtls_ssl_session *session);
/**
* \brief TLS-PRF function for key derivation.
@@ -4414,11 +4408,11 @@
*
* \return 0 on success. An SSL specific error on failure.
*/
-int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
- const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen );
+int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf,
+ const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index 02eab96..e358c6c 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -62,8 +62,7 @@
/**
* \brief This structure is used for storing cache entries
*/
-struct mbedtls_ssl_cache_entry
-{
+struct mbedtls_ssl_cache_entry {
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t timestamp; /*!< entry timestamp */
#endif
@@ -78,8 +77,7 @@
/**
* \brief Cache context
*/
-struct mbedtls_ssl_cache_context
-{
+struct mbedtls_ssl_cache_context {
mbedtls_ssl_cache_entry *chain; /*!< start of the chain */
int timeout; /*!< cache entry timeout */
int max_entries; /*!< maximum entries */
@@ -93,7 +91,7 @@
*
* \param cache SSL cache context
*/
-void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache );
+void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache);
/**
* \brief Cache get callback implementation
@@ -102,7 +100,7 @@
* \param data SSL cache context
* \param session session to retrieve entry for
*/
-int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session );
+int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session);
/**
* \brief Cache set callback implementation
@@ -111,7 +109,7 @@
* \param data SSL cache context
* \param session session to store entry for
*/
-int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session );
+int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session);
#if defined(MBEDTLS_HAVE_TIME)
/**
@@ -123,7 +121,7 @@
* \param cache SSL cache context
* \param timeout cache entry timeout in seconds
*/
-void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout );
+void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout);
#endif /* MBEDTLS_HAVE_TIME */
/**
@@ -133,14 +131,14 @@
* \param cache SSL cache context
* \param max cache entry maximum
*/
-void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max );
+void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max);
/**
* \brief Free referenced items in a cache context and clear memory
*
* \param cache SSL cache context
*/
-void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache );
+void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 93c32a5..5300125 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -385,10 +385,9 @@
/**
* \brief This structure is used for storing ciphersuite information
*/
-struct mbedtls_ssl_ciphersuite_t
-{
+struct mbedtls_ssl_ciphersuite_t {
int id;
- const char * name;
+ const char *name;
mbedtls_cipher_type_t cipher;
mbedtls_md_type_t mac;
@@ -402,92 +401,87 @@
unsigned char flags;
};
-const int *mbedtls_ssl_list_ciphersuites( void );
+const int *mbedtls_ssl_list_ciphersuites(void);
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id );
+const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name);
+const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id);
#if defined(MBEDTLS_PK_C)
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info );
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info );
+mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info);
+mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info);
#endif
-int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info );
-int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
+int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info);
+int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info);
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
+static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->key_exchange )
- {
+ switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
- return( 1 );
+ return 1;
default:
- return( 0 );
+ return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
+static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->key_exchange )
- {
+ switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_PSK:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
- return( 1 );
+ return 1;
default:
- return( 0 );
+ return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
+static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->key_exchange )
- {
+ switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- return( 1 );
+ return 1;
default:
- return( 0 );
+ return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
-static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info )
+static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->key_exchange )
- {
+ switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return( 1 );
+ return 1;
default:
- return( 0 );
+ return 0;
}
}
-static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info )
+static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->key_exchange )
- {
+ switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
@@ -495,56 +489,54 @@
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return( 1 );
+ return 1;
default:
- return( 0 );
+ return 0;
}
}
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
+static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->key_exchange )
- {
+ switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
- return( 1 );
+ return 1;
default:
- return( 0 );
+ return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
+static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->key_exchange )
- {
+ switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
- return( 1 );
+ return 1;
default:
- return( 0 );
+ return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
+static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
+ const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->key_exchange )
- {
+ switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return( 1 );
+ return 1;
default:
- return( 0 );
+ return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 2aa3731..334c005 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -54,8 +54,7 @@
/**
* \brief Context for the default cookie functions.
*/
-typedef struct mbedtls_ssl_cookie_ctx
-{
+typedef struct mbedtls_ssl_cookie_ctx {
mbedtls_md_context_t hmac_ctx; /*!< context for the HMAC portion */
#if !defined(MBEDTLS_HAVE_TIME)
unsigned long serial; /*!< serial number for expiration */
@@ -71,14 +70,14 @@
/**
* \brief Initialize cookie context
*/
-void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx );
+void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx);
/**
* \brief Setup cookie context (generate keys)
*/
-int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief Set expiration delay for cookies
@@ -89,12 +88,12 @@
* issued in the meantime.
* 0 to disable expiration (NOT recommended)
*/
-void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay );
+void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long delay);
/**
* \brief Free cookie context
*/
-void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx );
+void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx);
/**
* \brief Generate cookie, see \c mbedtls_ssl_cookie_write_t
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 77ad755..b1915c8 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -60,7 +60,7 @@
#include "mbedtls/psa_util.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
@@ -146,19 +146,19 @@
/* This macro determines whether CBC is supported. */
#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
- ( defined(MBEDTLS_AES_C) || \
- defined(MBEDTLS_CAMELLIA_C) || \
- defined(MBEDTLS_ARIA_C) || \
- defined(MBEDTLS_DES_C) )
+ (defined(MBEDTLS_AES_C) || \
+ defined(MBEDTLS_CAMELLIA_C) || \
+ defined(MBEDTLS_ARIA_C) || \
+ defined(MBEDTLS_DES_C))
#define MBEDTLS_SSL_SOME_SUITES_USE_CBC
#endif
/* This macro determines whether the CBC construct used in TLS 1.0-1.2 (as
* opposed to the very different CBC construct used in SSLv3) is supported. */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
- ( defined(MBEDTLS_SSL_PROTO_TLS1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2) )
+ (defined(MBEDTLS_SSL_PROTO_TLS1) || \
+ defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+ defined(MBEDTLS_SSL_PROTO_TLS1_2))
#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
#endif
@@ -193,18 +193,18 @@
#define MBEDTLS_SSL_MAX_CID_EXPANSION 0
#endif
-#define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD + \
- MBEDTLS_MAX_IV_LENGTH + \
- MBEDTLS_SSL_MAC_ADD + \
- MBEDTLS_SSL_PADDING_ADD + \
- MBEDTLS_SSL_MAX_CID_EXPANSION \
- )
+#define MBEDTLS_SSL_PAYLOAD_OVERHEAD (MBEDTLS_SSL_COMPRESSION_ADD + \
+ MBEDTLS_MAX_IV_LENGTH + \
+ MBEDTLS_SSL_MAC_ADD + \
+ MBEDTLS_SSL_PADDING_ADD + \
+ MBEDTLS_SSL_MAX_CID_EXPANSION \
+ )
-#define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
- ( MBEDTLS_SSL_IN_CONTENT_LEN ) )
+#define MBEDTLS_SSL_IN_PAYLOAD_LEN (MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
+ (MBEDTLS_SSL_IN_CONTENT_LEN))
-#define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
- ( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
+#define MBEDTLS_SSL_OUT_PAYLOAD_LEN (MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
+ (MBEDTLS_SSL_OUT_CONTENT_LEN))
/* The maximum number of buffered handshake messages. */
#define MBEDTLS_SSL_MAX_BUFFERED_HS 4
@@ -215,8 +215,8 @@
*/
#define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ( \
(MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \
- ? ( MBEDTLS_SSL_OUT_CONTENT_LEN ) \
- : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \
+ ? (MBEDTLS_SSL_OUT_CONTENT_LEN) \
+ : (MBEDTLS_SSL_IN_CONTENT_LEN) \
)
/* Maximum size in bytes of list in sig-hash algorithm ext., RFC 5246 */
@@ -234,11 +234,13 @@
#endif
#if MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
-#error "Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
+#error \
+ "Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
#endif
#if MBEDTLS_SSL_OUT_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
-#error "Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
+#error \
+ "Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
#endif
#if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
@@ -258,44 +260,44 @@
#if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define MBEDTLS_SSL_IN_BUFFER_LEN \
- ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
+ ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN))
#else
#define MBEDTLS_SSL_IN_BUFFER_LEN \
- ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) \
- + ( MBEDTLS_SSL_CID_IN_LEN_MAX ) )
+ ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN) \
+ + (MBEDTLS_SSL_CID_IN_LEN_MAX))
#endif
#if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define MBEDTLS_SSL_OUT_BUFFER_LEN \
- ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
+ ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN))
#else
#define MBEDTLS_SSL_OUT_BUFFER_LEN \
- ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) \
- + ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
+ ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN) \
+ + (MBEDTLS_SSL_CID_OUT_LEN_MAX))
#endif
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-static inline size_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx )
+static inline size_t mbedtls_ssl_get_output_buflen(const mbedtls_ssl_context *ctx)
{
-#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
- return mbedtls_ssl_get_output_max_frag_len( ctx )
- + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
- + MBEDTLS_SSL_CID_OUT_LEN_MAX;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ return mbedtls_ssl_get_output_max_frag_len(ctx)
+ + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
+ + MBEDTLS_SSL_CID_OUT_LEN_MAX;
#else
- return mbedtls_ssl_get_output_max_frag_len( ctx )
- + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
+ return mbedtls_ssl_get_output_max_frag_len(ctx)
+ + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
#endif
}
-static inline size_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx )
+static inline size_t mbedtls_ssl_get_input_buflen(const mbedtls_ssl_context *ctx)
{
-#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
- return mbedtls_ssl_get_input_max_frag_len( ctx )
- + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
- + MBEDTLS_SSL_CID_IN_LEN_MAX;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ return mbedtls_ssl_get_input_max_frag_len(ctx)
+ + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
+ + MBEDTLS_SSL_CID_IN_LEN_MAX;
#else
- return mbedtls_ssl_get_input_max_frag_len( ctx )
- + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
+ return mbedtls_ssl_get_input_max_frag_len(ctx)
+ + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
#endif
}
#endif
@@ -303,7 +305,7 @@
#ifdef MBEDTLS_ZLIB_SUPPORT
/* Compression buffer holds both IN and OUT buffers, so should be size of the larger */
#define MBEDTLS_SSL_COMPRESS_BUFFER_LEN ( \
- ( MBEDTLS_SSL_IN_BUFFER_LEN > MBEDTLS_SSL_OUT_BUFFER_LEN ) \
+ (MBEDTLS_SSL_IN_BUFFER_LEN > MBEDTLS_SSL_OUT_BUFFER_LEN) \
? MBEDTLS_SSL_IN_BUFFER_LEN \
: MBEDTLS_SSL_OUT_BUFFER_LEN \
)
@@ -328,10 +330,10 @@
* \return Zero if the needed space is available in the buffer, non-zero
* otherwise.
*/
-static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
- const uint8_t *end, size_t need )
+static inline int mbedtls_ssl_chk_buf_ptr(const uint8_t *cur,
+ const uint8_t *end, size_t need)
{
- return( ( cur > end ) || ( need > (size_t)( end - cur ) ) );
+ return (cur > end) || (need > (size_t) (end - cur));
}
/**
@@ -344,13 +346,13 @@
* \param need Needed space in bytes.
*
*/
-#define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need ) \
+#define MBEDTLS_SSL_CHK_BUF_PTR(cur, end, need) \
do { \
- if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \
+ if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \
{ \
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); \
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \
} \
- } while( 0 )
+ } while (0)
#ifdef __cplusplus
extern "C" {
@@ -361,8 +363,7 @@
/*
* Abstraction for a grid of allowed signature-hash-algorithm pairs.
*/
-struct mbedtls_ssl_sig_hash_set_t
-{
+struct mbedtls_ssl_sig_hash_set_t {
/* At the moment, we only need to remember a single suitable
* hash algorithm per signature algorithm. As long as that's
* the case - and we don't need a general lookup function -
@@ -374,10 +375,10 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen );
+typedef int mbedtls_ssl_tls_prf_cb(const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen);
/* cipher.h exports the maximum IV, key and block length from
* all ciphers enabled in the config, regardless of whether those
@@ -403,16 +404,15 @@
* \brief The data structure holding the cryptographic material (key and IV)
* used for record protection in TLS 1.3.
*/
-struct mbedtls_ssl_key_set
-{
+struct mbedtls_ssl_key_set {
/*! The key for client->server records. */
- unsigned char client_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ];
+ unsigned char client_write_key[MBEDTLS_SSL_MAX_KEY_LENGTH];
/*! The key for server->client records. */
- unsigned char server_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ];
+ unsigned char server_write_key[MBEDTLS_SSL_MAX_KEY_LENGTH];
/*! The IV for client->server records. */
- unsigned char client_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ];
+ unsigned char client_write_iv[MBEDTLS_SSL_MAX_IV_LENGTH];
/*! The IV for server->client records. */
- unsigned char server_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ];
+ unsigned char server_write_iv[MBEDTLS_SSL_MAX_IV_LENGTH];
size_t key_len; /*!< The length of client_write_key and
* server_write_key, in Bytes. */
@@ -424,8 +424,7 @@
/*
* This structure contains the parameters only needed during handshake.
*/
-struct mbedtls_ssl_handshake_params
-{
+struct mbedtls_ssl_handshake_params {
/*
* Handshake specific crypto variables
*/
@@ -544,16 +543,14 @@
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- struct
- {
+ struct {
size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
* buffers used for message buffering. */
uint8_t seen_ccs; /*!< Indicates if a CCS message has
* been seen in the current flight. */
- struct mbedtls_ssl_hs_buffer
- {
+ struct mbedtls_ssl_hs_buffer {
unsigned is_valid : 1;
unsigned is_fragmented : 1;
unsigned is_complete : 1;
@@ -561,8 +558,7 @@
size_t data_len;
} hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
- struct
- {
+ struct {
unsigned char *data;
size_t len;
unsigned epoch;
@@ -585,7 +581,7 @@
unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
flight being received */
mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
- resending messages */
+ resending messages */
unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
for resending messages */
@@ -596,7 +592,7 @@
* has been negotiated. Possible values are
* #MBEDTLS_SSL_CID_ENABLED and
* #MBEDTLS_SSL_CID_DISABLED. */
- unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */
+ unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; /*! The peer's CID */
uint8_t peer_cid_len; /*!< The length of
* \c peer_cid. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -631,7 +627,7 @@
unsigned char randbytes[64]; /*!< random bytes */
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
- /*!< premaster secret */
+ /*!< premaster secret */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
/** Asynchronous operation context. This field is meant for use by the
@@ -744,8 +740,7 @@
* in other transformations.
*
*/
-struct mbedtls_ssl_transform
-{
+struct mbedtls_ssl_transform {
/*
* Session specific crypto layer
*/
@@ -782,8 +777,8 @@
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
uint8_t in_cid_len;
uint8_t out_cid_len;
- unsigned char in_cid [ MBEDTLS_SSL_CID_IN_LEN_MAX ];
- unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
+ unsigned char in_cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ unsigned char out_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/*
@@ -806,13 +801,13 @@
* Equivalently, return 0 if a separate MAC is used, 1 otherwise.
*/
static inline int mbedtls_ssl_transform_uses_aead(
- const mbedtls_ssl_transform *transform )
+ const mbedtls_ssl_transform *transform)
{
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
- return( transform->maclen == 0 && transform->taglen != 0 );
+ return transform->maclen == 0 && transform->taglen != 0;
#else
(void) transform;
- return( 1 );
+ return 1;
#endif
}
@@ -842,8 +837,7 @@
#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX
#endif
-typedef struct
-{
+typedef struct {
uint8_t ctr[8]; /* In TLS: The implicit record sequence number.
* In DTLS: The 2-byte epoch followed by
* the 6-byte sequence number.
@@ -866,7 +860,7 @@
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
uint8_t cid_len; /* Length of the CID (0 if not present) */
- unsigned char cid[ MBEDTLS_SSL_CID_LEN_MAX ]; /* The CID */
+ unsigned char cid[MBEDTLS_SSL_CID_LEN_MAX]; /* The CID */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
} mbedtls_record;
@@ -874,8 +868,7 @@
/*
* List of certificate + private key pairs
*/
-struct mbedtls_ssl_key_cert
-{
+struct mbedtls_ssl_key_cert {
mbedtls_x509_crt *cert; /*!< cert */
mbedtls_pk_context *key; /*!< private key */
mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
@@ -886,8 +879,7 @@
/*
* List of handshake messages kept around for resending
*/
-struct mbedtls_ssl_flight_item
-{
+struct mbedtls_ssl_flight_item {
unsigned char *p; /*!< message, including handshake headers */
size_t len; /*!< length of p */
unsigned char type; /*!< type of the message: handshake or CCS */
@@ -899,20 +891,20 @@
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* Find an entry in a signature-hash set matching a given hash algorithm. */
-mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
- mbedtls_pk_type_t sig_alg );
+mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find(mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_pk_type_t sig_alg);
/* Add a signature-hash-pair to a signature-hash set */
-void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
- mbedtls_pk_type_t sig_alg,
- mbedtls_md_type_t md_alg );
+void mbedtls_ssl_sig_hash_set_add(mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_pk_type_t sig_alg,
+ mbedtls_md_type_t md_alg);
/* Allow exactly one hash algorithm for each signature. */
-void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
- mbedtls_md_type_t md_alg );
+void mbedtls_ssl_sig_hash_set_const_hash(mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_md_type_t md_alg);
/* Setup an empty signature-hash set */
-static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set )
+static inline void mbedtls_ssl_sig_hash_set_init(mbedtls_ssl_sig_hash_set_t *set)
{
- mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE );
+ mbedtls_ssl_sig_hash_set_const_hash(set, MBEDTLS_MD_NONE);
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
@@ -924,7 +916,7 @@
*
* \param transform SSL transform context
*/
-void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
+void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform);
/**
* \brief Free referenced items in an SSL handshake context and clear
@@ -932,26 +924,26 @@
*
* \param ssl SSL context
*/
-void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl);
-void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl);
/**
* \brief Update record layer
@@ -1030,39 +1022,39 @@
*
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
- unsigned update_hs_digest );
+int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl,
+ unsigned update_hs_digest);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
+int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
+int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, uint8_t force_flush);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl);
-void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
+void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl,
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info);
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
+int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex);
/**
* Get the first defined PSK by order of precedence:
@@ -1070,29 +1062,22 @@
* 2. static PSK configured by \c mbedtls_ssl_conf_psk()
* Return a code and update the pair (PSK, PSK length) passed to this function
*/
-static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl,
- const unsigned char **psk, size_t *psk_len )
+static inline int mbedtls_ssl_get_psk(const mbedtls_ssl_context *ssl,
+ const unsigned char **psk, size_t *psk_len)
{
- if( ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0 )
- {
+ if (ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0) {
*psk = ssl->handshake->psk;
*psk_len = ssl->handshake->psk_len;
- }
-
- else if( ssl->conf->psk != NULL && ssl->conf->psk_len > 0 )
- {
+ } else if (ssl->conf->psk != NULL && ssl->conf->psk_len > 0) {
*psk = ssl->conf->psk;
*psk_len = ssl->conf->psk_len;
- }
-
- else
- {
+ } else {
*psk = NULL;
*psk_len = 0;
- return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+ return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
}
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1104,50 +1089,51 @@
* Return an opaque PSK
*/
static inline psa_key_id_t mbedtls_ssl_get_opaque_psk(
- const mbedtls_ssl_context *ssl )
+ const mbedtls_ssl_context *ssl)
{
- if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
- return( ssl->handshake->psk_opaque );
+ if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
+ return ssl->handshake->psk_opaque;
+ }
- if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
- return( ssl->conf->psk_opaque );
+ if (!mbedtls_svc_key_id_is_null(ssl->conf->psk_opaque)) {
+ return ssl->conf->psk_opaque;
+ }
- return( MBEDTLS_SVC_KEY_ID_INIT );
+ return MBEDTLS_SVC_KEY_ID_INIT;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_PK_C)
-unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
-unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type );
-mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
+unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk);
+unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type);
+mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig);
#endif
-mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
-unsigned char mbedtls_ssl_hash_from_md_alg( int md );
+mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash);
+unsigned char mbedtls_ssl_hash_from_md_alg(int md);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
+int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md);
#if defined(MBEDTLS_ECP_C)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
+int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id );
+int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id);
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
- mbedtls_md_type_t md );
+int mbedtls_ssl_check_sig_hash(const mbedtls_ssl_context *ssl,
+ mbedtls_md_type_t md);
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value
- ( const uint16_t srtp_profile_value )
+ (const uint16_t srtp_profile_value)
{
- switch( srtp_profile_value )
- {
+ switch (srtp_profile_value) {
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
@@ -1155,33 +1141,35 @@
return srtp_profile_value;
default: break;
}
- return( MBEDTLS_TLS_SRTP_UNSET );
+ return MBEDTLS_TLS_SRTP_UNSET;
}
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
+static inline mbedtls_pk_context *mbedtls_ssl_own_key(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_key_cert *key_cert;
- if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
+ if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) {
key_cert = ssl->handshake->key_cert;
- else
+ } else {
key_cert = ssl->conf->key_cert;
+ }
- return( key_cert == NULL ? NULL : key_cert->key );
+ return key_cert == NULL ? NULL : key_cert->key;
}
-static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
+static inline mbedtls_x509_crt *mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_key_cert *key_cert;
- if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
+ if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) {
key_cert = ssl->handshake->key_cert;
- else
+ } else {
key_cert = ssl->conf->key_cert;
+ }
- return( key_cert == NULL ? NULL : key_cert->cert );
+ return key_cert == NULL ? NULL : key_cert->cert;
}
/*
@@ -1194,77 +1182,76 @@
* Return 0 if everything is OK, -1 if not.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
- const mbedtls_ssl_ciphersuite_t *ciphersuite,
- int cert_endpoint,
- uint32_t *flags );
+int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
+ const mbedtls_ssl_ciphersuite_t *ciphersuite,
+ int cert_endpoint,
+ uint32_t *flags);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_ssl_write_version( int major, int minor, int transport,
- unsigned char ver[2] );
-void mbedtls_ssl_read_version( int *major, int *minor, int transport,
- const unsigned char ver[2] );
+void mbedtls_ssl_write_version(int major, int minor, int transport,
+ unsigned char ver[2]);
+void mbedtls_ssl_read_version(int *major, int *minor, int transport,
+ const unsigned char ver[2]);
-static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_in_hdr_len(const mbedtls_ssl_context *ssl)
{
#if !defined(MBEDTLS_SSL_PROTO_DTLS)
((void) ssl);
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- return( 13 );
- }
- else
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ return 13;
+ } else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
{
- return( 5 );
+ return 5;
}
}
-static inline size_t mbedtls_ssl_out_hdr_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_out_hdr_len(const mbedtls_ssl_context *ssl)
{
- return( (size_t) ( ssl->out_iv - ssl->out_hdr ) );
+ return (size_t) (ssl->out_iv - ssl->out_hdr);
}
-static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- return( 12 );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ return 12;
+ }
#else
((void) ssl);
#endif
- return( 4 );
+ return 4;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
-void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_resend(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl);
#endif
/* Visible for testing purposes only */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl );
-void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context const *ssl);
+void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl);
#endif
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
- const mbedtls_ssl_session *src );
+int mbedtls_ssl_session_copy(mbedtls_ssl_session *dst,
+ const mbedtls_ssl_session *src);
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
- unsigned char *output,
- unsigned char *data, size_t data_len );
+int mbedtls_ssl_get_key_exchange_md_ssl_tls(mbedtls_ssl_context *ssl,
+ unsigned char *output,
+ unsigned char *data, size_t data_len);
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
MBEDTLS_SSL_PROTO_TLS1_1 */
@@ -1272,10 +1259,10 @@
defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
- unsigned char *hash, size_t *hashlen,
- unsigned char *data, size_t data_len,
- mbedtls_md_type_t md_alg );
+int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl,
+ unsigned char *hash, size_t *hashlen,
+ unsigned char *data, size_t data_len,
+ mbedtls_md_type_t md_alg);
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -1283,70 +1270,71 @@
}
#endif
-void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform );
+void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
- mbedtls_ssl_transform *transform,
- mbedtls_record *rec,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform,
+ mbedtls_record *rec,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
- mbedtls_ssl_transform *transform,
- mbedtls_record *rec );
+int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
+ mbedtls_ssl_transform *transform,
+ mbedtls_record *rec);
/* Length of the "epoch" field in the record header */
-static inline size_t mbedtls_ssl_ep_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_ep_len(const mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- return( 2 );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ return 2;
+ }
#else
((void) ssl);
#endif
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_resend_hello_request(mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_PROTO_DTLS */
-void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs );
+void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl);
-void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
- mbedtls_ssl_transform *transform );
-void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform);
+void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
+int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial);
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_dtls_replay_reset(mbedtls_ssl_context *ssl);
#endif
-void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_RENEGOTIATION)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
-size_t mbedtls_ssl_get_current_mtu( const mbedtls_ssl_context *ssl );
-void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
+size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl);
+void mbedtls_ssl_buffering_free(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_flight_free(mbedtls_ssl_flight_item *flight);
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_TEST_HOOKS)
int mbedtls_ssl_check_dtls_clihlo_cookie(
- mbedtls_ssl_context *ssl,
- const unsigned char *cli_id, size_t cli_id_len,
- const unsigned char *in, size_t in_len,
- unsigned char *obuf, size_t buf_len, size_t *olen );
+ mbedtls_ssl_context *ssl,
+ const unsigned char *cli_id, size_t cli_id_len,
+ const unsigned char *in, size_t in_len,
+ unsigned char *obuf, size_t buf_len, size_t *olen);
#endif
#endif /* ssl_internal.h */
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 8221051..401df7c 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -48,8 +48,7 @@
/**
* \brief Information for session ticket protection
*/
-typedef struct mbedtls_ssl_ticket_key
-{
+typedef struct mbedtls_ssl_ticket_key {
unsigned char name[4]; /*!< random key identifier */
uint32_t generation_time; /*!< key generation timestamp (seconds) */
mbedtls_cipher_context_t ctx; /*!< context for auth enc/decryption */
@@ -59,8 +58,7 @@
/**
* \brief Context for session ticket handling functions
*/
-typedef struct mbedtls_ssl_ticket_context
-{
+typedef struct mbedtls_ssl_ticket_context {
mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */
unsigned char active; /*!< index of the currently active key */
@@ -83,7 +81,7 @@
*
* \param ctx Context to be initialized
*/
-void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
+void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx);
/**
* \brief Prepare context to be actually used
@@ -107,10 +105,10 @@
* \return 0 if successful,
* or a specific MBEDTLS_ERR_XXX error code
*/
-int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_cipher_type_t cipher,
- uint32_t lifetime );
+int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ mbedtls_cipher_type_t cipher,
+ uint32_t lifetime);
/**
* \brief Implementation of the ticket write callback
@@ -131,7 +129,7 @@
*
* \param ctx Context to be cleaned up
*/
-void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );
+void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index d147c73..25de77e 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -46,8 +46,7 @@
#if defined(MBEDTLS_THREADING_PTHREAD)
#include <pthread.h>
-typedef struct mbedtls_threading_mutex_t
-{
+typedef struct mbedtls_threading_mutex_t {
pthread_mutex_t mutex;
/* is_valid is 0 after a failed init or a free, and nonzero after a
* successful init. This field is not considered part of the public
@@ -78,15 +77,15 @@
* \param mutex_lock the lock function implementation
* \param mutex_unlock the unlock function implementation
*/
-void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
- void (*mutex_free)( mbedtls_threading_mutex_t * ),
- int (*mutex_lock)( mbedtls_threading_mutex_t * ),
- int (*mutex_unlock)( mbedtls_threading_mutex_t * ) );
+void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *),
+ void (*mutex_free)(mbedtls_threading_mutex_t *),
+ int (*mutex_lock)(mbedtls_threading_mutex_t *),
+ int (*mutex_unlock)(mbedtls_threading_mutex_t *));
/**
* \brief Free global mutexes.
*/
-void mbedtls_threading_free_alt( void );
+void mbedtls_threading_free_alt(void);
#endif /* MBEDTLS_THREADING_ALT */
#if defined(MBEDTLS_THREADING_C)
@@ -95,10 +94,10 @@
*
* All these functions are expected to work or the result will be undefined.
*/
-extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex );
-extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex );
-extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex );
-extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
+extern void (*mbedtls_mutex_init)(mbedtls_threading_mutex_t *mutex);
+extern void (*mbedtls_mutex_free)(mbedtls_threading_mutex_t *mutex);
+extern int (*mbedtls_mutex_lock)(mbedtls_threading_mutex_t *mutex);
+extern int (*mbedtls_mutex_unlock)(mbedtls_threading_mutex_t *mutex);
/*
* Global mutexes
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
index b7290cf..597ef75 100644
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@@ -41,16 +41,14 @@
/**
* \brief timer structure
*/
-struct mbedtls_timing_hr_time
-{
+struct mbedtls_timing_hr_time {
unsigned char opaque[32];
};
/**
* \brief Context for mbedtls_timing_set/get_delay()
*/
-typedef struct mbedtls_timing_delay_context
-{
+typedef struct mbedtls_timing_delay_context {
struct mbedtls_timing_hr_time timer;
uint32_t int_ms;
uint32_t fin_ms;
@@ -72,7 +70,7 @@
* \note This value starts at an unspecified origin and
* may wrap around.
*/
-unsigned long mbedtls_timing_hardclock( void );
+unsigned long mbedtls_timing_hardclock(void);
/**
* \brief Return the elapsed time in milliseconds
@@ -91,7 +89,7 @@
* get_timer(0) }` the value time1+time2 is only approximately
* the delay since the first reset.
*/
-unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset );
+unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset);
/**
* \brief Setup an alarm clock
@@ -103,7 +101,7 @@
* context, this means one for the whole process, not one per
* thread.
*/
-void mbedtls_set_alarm( int seconds );
+void mbedtls_set_alarm(int seconds);
/**
* \brief Set a pair of delays to watch
@@ -119,7 +117,7 @@
* \note To set a single delay, either use \c mbedtls_timing_set_timer
* directly or use this function with int_ms == fin_ms.
*/
-void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
+void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms);
/**
* \brief Get the status of delays
@@ -133,7 +131,7 @@
* 1 if only the intermediate delay is passed,
* 2 if the final delay is passed.
*/
-int mbedtls_timing_get_delay( void *data );
+int mbedtls_timing_get_delay(void *data);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -141,7 +139,7 @@
*
* \return 0 if successful, or 1 if a test failed
*/
-int mbedtls_timing_self_test( int verbose );
+int mbedtls_timing_self_test(int verbose);
#endif
#ifdef __cplusplus
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index b3b441d..1324eae 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -61,7 +61,7 @@
* \return The constructed version number in the format
* MMNNPP00 (Major, Minor, Patch).
*/
-unsigned int mbedtls_version_get_number( void );
+unsigned int mbedtls_version_get_number(void);
/**
* Get the version string ("x.y.z").
@@ -69,7 +69,7 @@
* \param string The string that will receive the value.
* (Should be at least 9 bytes in size)
*/
-void mbedtls_version_get_string( char *string );
+void mbedtls_version_get_string(char *string);
/**
* Get the full version string ("mbed TLS x.y.z").
@@ -80,7 +80,7 @@
* (So the buffer should be at least 18 bytes to receive this
* version string).
*/
-void mbedtls_version_get_string_full( char *string );
+void mbedtls_version_get_string_full(char *string);
/**
* \brief Check if support for a feature was compiled into this
@@ -99,7 +99,7 @@
* -2 if support for feature checking as a whole was not
* compiled in.
*/
-int mbedtls_version_check_feature( const char *feature );
+int mbedtls_version_check_feature(const char *feature);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 31b78df..8fd321a 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -247,8 +247,7 @@
typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
/** Container for date and time (precision in seconds). */
-typedef struct mbedtls_x509_time
-{
+typedef struct mbedtls_x509_time {
int year, mon, day; /**< Date. */
int hour, min, sec; /**< Time. */
}
@@ -267,7 +266,7 @@
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
-int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn );
+int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn);
/**
* \brief Store the certificate serial in printable form into buf;
@@ -280,7 +279,7 @@
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
-int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial );
+int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial);
/**
* \brief Check a given mbedtls_x509_time against the system time
@@ -294,7 +293,7 @@
* \return 1 if the given time is in the past or an error occurred,
* 0 otherwise.
*/
-int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
+int mbedtls_x509_time_is_past(const mbedtls_x509_time *to);
/**
* \brief Check a given mbedtls_x509_time against the system time
@@ -308,7 +307,7 @@
* \return 1 if the given time is in the future or an error occurred,
* 0 otherwise.
*/
-int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
+int mbedtls_x509_time_is_future(const mbedtls_x509_time *from);
/** \} addtogroup x509_module */
@@ -319,7 +318,7 @@
*
* \return 0 if successful, or 1 if the test failed
*/
-int mbedtls_x509_self_test( int verbose );
+int mbedtls_x509_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
@@ -327,51 +326,51 @@
* Internal module functions. You probably do not want to use these unless you
* know you do.
*/
-int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
- mbedtls_x509_name *cur );
-int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *alg );
-int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *alg, mbedtls_x509_buf *params );
+int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_name *cur);
+int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_buf *alg);
+int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_buf *alg, mbedtls_x509_buf *params);
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
- mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
- int *salt_len );
+int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params,
+ mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
+ int *salt_len);
#endif
-int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig );
-int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
- mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
- void **sig_opts );
-int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
- mbedtls_x509_time *t );
-int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *serial );
-int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *ext, int tag );
-int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
- mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
- const void *sig_opts );
-int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name );
-int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name );
-int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
- int critical, const unsigned char *val,
- size_t val_len );
-int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
- mbedtls_asn1_named_data *first );
-int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
- mbedtls_asn1_named_data *first );
-int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
- const char *oid, size_t oid_len,
- unsigned char *sig, size_t size );
+int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig);
+int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
+ mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
+ void **sig_opts);
+int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_time *t);
+int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_buf *serial);
+int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_buf *ext, int tag);
+int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
+ mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
+ const void *sig_opts);
+int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name);
+int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name);
+int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
+ int critical, const unsigned char *val,
+ size_t val_len);
+int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start,
+ mbedtls_asn1_named_data *first);
+int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
+ mbedtls_asn1_named_data *first);
+int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
+ const char *oid, size_t oid_len,
+ unsigned char *sig, size_t size);
#define MBEDTLS_X509_SAFE_SNPRINTF \
do { \
- if( ret < 0 || (size_t) ret >= n ) \
- return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); \
- \
+ if (ret < 0 || (size_t) ret >= n) \
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; \
+ \
n -= (size_t) ret; \
p += (size_t) ret; \
- } while( 0 )
+ } while (0)
#ifdef __cplusplus
}
diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index 9222009..895eca0 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -47,8 +47,7 @@
* Certificate revocation list entry.
* Contains the CA-specific serial numbers and revocation dates.
*/
-typedef struct mbedtls_x509_crl_entry
-{
+typedef struct mbedtls_x509_crl_entry {
mbedtls_x509_buf raw;
mbedtls_x509_buf serial;
@@ -65,8 +64,7 @@
* Certificate revocation list structure.
* Every CRL may have multiple entries.
*/
-typedef struct mbedtls_x509_crl
-{
+typedef struct mbedtls_x509_crl {
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
@@ -104,8 +102,8 @@
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
-int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
- const unsigned char *buf, size_t buflen );
+int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain,
+ const unsigned char *buf, size_t buflen);
/**
* \brief Parse one or more CRLs and append them to the chained list
*
@@ -118,7 +116,7 @@
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
-int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen );
+int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen);
#if defined(MBEDTLS_FS_IO)
/**
@@ -131,7 +129,7 @@
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
-int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
+int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path);
#endif /* MBEDTLS_FS_IO */
/**
@@ -145,22 +143,22 @@
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
-int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
- const mbedtls_x509_crl *crl );
+int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix,
+ const mbedtls_x509_crl *crl);
/**
* \brief Initialize a CRL (chain)
*
* \param crl CRL chain to initialize
*/
-void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
+void mbedtls_x509_crl_init(mbedtls_x509_crl *crl);
/**
* \brief Unallocate all CRL data
*
* \param crl CRL chain to free
*/
-void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
+void mbedtls_x509_crl_free(mbedtls_x509_crl *crl);
/** \} name Structures and functions for parsing CRLs */
/** \} addtogroup x509_module */
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 0f2885a..235e00c 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -49,8 +49,7 @@
/**
* Container for an X.509 certificate. The certificate may be chained.
*/
-typedef struct mbedtls_x509_crt
-{
+typedef struct mbedtls_x509_crt {
int own_buffer; /**< Indicates if \c raw is owned
* by the structure or not. */
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
@@ -104,24 +103,21 @@
* type-id OBJECT IDENTIFIER,
* value [0] EXPLICIT ANY DEFINED BY type-id }
*/
-typedef struct mbedtls_x509_san_other_name
-{
+typedef struct mbedtls_x509_san_other_name {
/**
* The type_id is an OID as defined in RFC 5280.
* To check the value of the type id, you should use
* \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
*/
mbedtls_x509_buf type_id; /**< The type id. */
- union
- {
+ union {
/**
* From RFC 4108 section 5:
* HardwareModuleName ::= SEQUENCE {
* hwType OBJECT IDENTIFIER,
* hwSerialNum OCTET STRING }
*/
- struct
- {
+ struct {
mbedtls_x509_buf oid; /**< The object identifier. */
mbedtls_x509_buf val; /**< The named value. */
}
@@ -134,8 +130,7 @@
/**
* A structure for holding the parsed Subject Alternative Name, according to type
*/
-typedef struct mbedtls_x509_subject_alternative_name
-{
+typedef struct mbedtls_x509_subject_alternative_name {
int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
union {
mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
@@ -149,15 +144,14 @@
* Build flag from an algorithm/curve identifier (pk, md, ecp)
* Since 0 is always XXX_NONE, ignore it.
*/
-#define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( (id) - 1 ) )
+#define MBEDTLS_X509_ID_FLAG(id) (1 << ((id) - 1))
/**
* Security profile for certificate verification.
*
* All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
*/
-typedef struct mbedtls_x509_crt_profile
-{
+typedef struct mbedtls_x509_crt_profile {
uint32_t allowed_mds; /**< MDs for signatures */
uint32_t allowed_pks; /**< PK algs for public keys;
* this applies to all certificates
@@ -174,15 +168,14 @@
#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
-#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
+#if !defined(MBEDTLS_X509_MAX_FILE_PATH_LEN)
#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
#endif
/**
* Container for writing a certificate (CRT)
*/
-typedef struct mbedtls_x509write_cert
-{
+typedef struct mbedtls_x509write_cert {
int version;
mbedtls_mpi serial;
mbedtls_pk_context *subject_key;
@@ -207,13 +200,12 @@
/**
* Max size of verification chain: end-entity + intermediates + trusted root
*/
-#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
+#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2)
/**
* Verification chain as built by \c mbedtls_crt_verify_chain()
*/
-typedef struct
-{
+typedef struct {
mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
unsigned len;
@@ -231,8 +223,7 @@
/**
* \brief Context for resuming X.509 verify operations
*/
-typedef struct
-{
+typedef struct {
/* for check_signature() */
mbedtls_pk_restart_ctx pk;
@@ -308,9 +299,9 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
- const unsigned char *buf,
- size_t buflen );
+int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen);
/**
* \brief The type of certificate extension callbacks.
@@ -342,12 +333,12 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx,
- mbedtls_x509_crt const *crt,
- mbedtls_x509_buf const *oid,
- int critical,
- const unsigned char *p,
- const unsigned char *end );
+typedef int (*mbedtls_x509_crt_ext_cb_t)(void *p_ctx,
+ mbedtls_x509_crt const *crt,
+ mbedtls_x509_buf const *oid,
+ int critical,
+ const unsigned char *p,
+ const unsigned char *end);
/**
* \brief Parse a single DER formatted certificate and add it
@@ -389,12 +380,12 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
- const unsigned char *buf,
- size_t buflen,
- int make_copy,
- mbedtls_x509_crt_ext_cb_t cb,
- void *p_ctx );
+int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen,
+ int make_copy,
+ mbedtls_x509_crt_ext_cb_t cb,
+ void *p_ctx);
/**
* \brief Parse a single DER formatted certificate and add it
@@ -423,9 +414,9 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
- const unsigned char *buf,
- size_t buflen );
+int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen);
/**
* \brief Parse one DER-encoded or one or more concatenated PEM-encoded
@@ -457,7 +448,7 @@
* \return A negative X509 or PEM error code otherwise.
*
*/
-int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
+int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen);
#if defined(MBEDTLS_FS_IO)
/**
@@ -473,7 +464,7 @@
* \return 0 if all certificates parsed successfully, a positive number
* if partly successful or a specific X509 or PEM error code
*/
-int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
+int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path);
/**
* \brief Load one or more certificate files from a path and add them
@@ -488,7 +479,7 @@
* \return 0 if all certificates parsed successfully, a positive number
* if partly successful or a specific X509 or PEM error code
*/
-int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
+int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path);
#endif /* MBEDTLS_FS_IO */
/**
@@ -518,8 +509,8 @@
* SAN type.
* \return Another negative value for any other failure.
*/
-int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
- mbedtls_x509_subject_alternative_name *san );
+int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf,
+ mbedtls_x509_subject_alternative_name *san);
/**
* \brief Returns an informational string about the
* certificate.
@@ -532,8 +523,8 @@
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
-int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
- const mbedtls_x509_crt *crt );
+int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix,
+ const mbedtls_x509_crt *crt);
/**
* \brief Returns an informational string about the
@@ -547,8 +538,8 @@
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
-int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
- uint32_t flags );
+int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix,
+ uint32_t flags);
/**
* \brief Verify a chain of certificates.
@@ -616,12 +607,12 @@
* \return Another negative error code in case of a fatal error
* encountered during the verification process.
*/
-int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
- mbedtls_x509_crt *trust_ca,
- mbedtls_x509_crl *ca_crl,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy );
+int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crl *ca_crl,
+ const char *cn, uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy);
/**
* \brief Verify a chain of certificates with respect to
@@ -657,13 +648,13 @@
* \return Another negative error code in case of a fatal error
* encountered during the verification process.
*/
-int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
- mbedtls_x509_crt *trust_ca,
- mbedtls_x509_crl *ca_crl,
- const mbedtls_x509_crt_profile *profile,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy );
+int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crl *ca_crl,
+ const mbedtls_x509_crt_profile *profile,
+ const char *cn, uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy);
/**
* \brief Restartable version of \c mbedtls_crt_verify_with_profile()
@@ -691,14 +682,14 @@
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
* operations was reached: see \c mbedtls_ecp_set_max_ops().
*/
-int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
- mbedtls_x509_crt *trust_ca,
- mbedtls_x509_crl *ca_crl,
- const mbedtls_x509_crt_profile *profile,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy,
- mbedtls_x509_crt_restart_ctx *rs_ctx );
+int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crl *ca_crl,
+ const mbedtls_x509_crt_profile *profile,
+ const char *cn, uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy,
+ mbedtls_x509_crt_restart_ctx *rs_ctx);
/**
* \brief The type of trusted certificate callbacks.
@@ -730,9 +721,9 @@
* to the caller.
* \return A negative error code on failure.
*/
-typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx,
- mbedtls_x509_crt const *child,
- mbedtls_x509_crt **candidate_cas );
+typedef int (*mbedtls_x509_crt_ca_cb_t)(void *p_ctx,
+ mbedtls_x509_crt const *child,
+ mbedtls_x509_crt **candidate_cas);
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/**
@@ -757,13 +748,13 @@
*
* \return See \c mbedtls_crt_verify_with_profile().
*/
-int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt,
- mbedtls_x509_crt_ca_cb_t f_ca_cb,
- void *p_ca_cb,
- const mbedtls_x509_crt_profile *profile,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy );
+int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt,
+ mbedtls_x509_crt_ca_cb_t f_ca_cb,
+ void *p_ca_cb,
+ const mbedtls_x509_crt_profile *profile,
+ const char *cn, uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
@@ -789,8 +780,8 @@
* (intermediate) CAs the keyUsage extension is automatically
* checked by \c mbedtls_x509_crt_verify().
*/
-int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
- unsigned int usage );
+int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt,
+ unsigned int usage);
#endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */
#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
@@ -807,9 +798,9 @@
*
* \note Usually only makes sense on leaf certificates.
*/
-int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
- const char *usage_oid,
- size_t usage_len );
+int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt,
+ const char *usage_oid,
+ size_t usage_len);
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
#if defined(MBEDTLS_X509_CRL_PARSE_C)
@@ -822,7 +813,7 @@
* \return 1 if the certificate is revoked, 0 otherwise
*
*/
-int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
+int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl);
#endif /* MBEDTLS_X509_CRL_PARSE_C */
/**
@@ -830,25 +821,25 @@
*
* \param crt Certificate chain to initialize
*/
-void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
+void mbedtls_x509_crt_init(mbedtls_x509_crt *crt);
/**
* \brief Unallocate all certificate data
*
* \param crt Certificate chain to free
*/
-void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
+void mbedtls_x509_crt_free(mbedtls_x509_crt *crt);
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/**
* \brief Initialize a restart context
*/
-void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx );
+void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx);
/**
* \brief Free the components of a restart context
*/
-void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
+void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx);
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@@ -860,7 +851,7 @@
*
* \param ctx CRT context to initialize
*/
-void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
+void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx);
/**
* \brief Set the version for a Certificate
@@ -870,7 +861,7 @@
* \param version version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or
* MBEDTLS_X509_CRT_VERSION_3)
*/
-void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
+void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version);
/**
* \brief Set the serial number for a Certificate.
@@ -880,7 +871,7 @@
*
* \return 0 if successful
*/
-int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
+int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial);
/**
* \brief Set the validity period for a Certificate
@@ -896,8 +887,8 @@
* \return 0 if timestamp was parsed successfully, or
* a specific error code
*/
-int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
- const char *not_after );
+int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before,
+ const char *not_after);
/**
* \brief Set the issuer name for a Certificate
@@ -911,8 +902,8 @@
* \return 0 if issuer name was parsed successfully, or
* a specific error code
*/
-int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
- const char *issuer_name );
+int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx,
+ const char *issuer_name);
/**
* \brief Set the subject name for a Certificate
@@ -926,8 +917,8 @@
* \return 0 if subject name was parsed successfully, or
* a specific error code
*/
-int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
- const char *subject_name );
+int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx,
+ const char *subject_name);
/**
* \brief Set the subject public key for the certificate
@@ -935,7 +926,7 @@
* \param ctx CRT context to use
* \param key public key to include
*/
-void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
+void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key);
/**
* \brief Set the issuer key used for signing the certificate
@@ -943,7 +934,7 @@
* \param ctx CRT context to use
* \param key private key to sign with
*/
-void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
+void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key);
/**
* \brief Set the MD algorithm to use for the signature
@@ -952,7 +943,7 @@
* \param ctx CRT context to use
* \param md_alg MD algorithm to use
*/
-void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
+void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg);
/**
* \brief Generic function to add to or replace an extension in the
@@ -967,10 +958,10 @@
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
-int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
- const char *oid, size_t oid_len,
- int critical,
- const unsigned char *val, size_t val_len );
+int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx,
+ const char *oid, size_t oid_len,
+ int critical,
+ const unsigned char *val, size_t val_len);
/**
* \brief Set the basicConstraints extension for a CRT
@@ -983,8 +974,8 @@
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
-int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
- int is_ca, int max_pathlen );
+int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx,
+ int is_ca, int max_pathlen);
#if defined(MBEDTLS_SHA1_C)
/**
@@ -996,7 +987,7 @@
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
-int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
+int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx);
/**
* \brief Set the authorityKeyIdentifier extension for a CRT
@@ -1007,7 +998,7 @@
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
-int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
+int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx);
#endif /* MBEDTLS_SHA1_C */
/**
@@ -1019,8 +1010,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
*/
-int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
- unsigned int key_usage );
+int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx,
+ unsigned int key_usage);
/**
* \brief Set the Netscape Cert Type flags
@@ -1031,15 +1022,15 @@
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
*/
-int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
- unsigned char ns_cert_type );
+int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx,
+ unsigned char ns_cert_type);
/**
* \brief Free the contents of a CRT write context
*
* \param ctx CRT context to free
*/
-void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
+void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx);
/**
* \brief Write a built up certificate to a X509 DER structure
@@ -1061,9 +1052,9 @@
* for countermeasures against timing attacks).
* ECDSA signatures always require a non-NULL f_rng.
*/
-int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
#if defined(MBEDTLS_PEM_WRITE_C)
/**
@@ -1082,9 +1073,9 @@
* for countermeasures against timing attacks).
* ECDSA signatures always require a non-NULL f_rng.
*/
-int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_X509_CRT_WRITE_C */
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 2a1c046..fa7ef04 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -46,8 +46,7 @@
/**
* Certificate Signing Request (CSR) structure.
*/
-typedef struct mbedtls_x509_csr
-{
+typedef struct mbedtls_x509_csr {
mbedtls_x509_buf raw; /**< The raw CSR data (DER). */
mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
@@ -69,8 +68,7 @@
/**
* Container for writing a CSR
*/
-typedef struct mbedtls_x509write_csr
-{
+typedef struct mbedtls_x509write_csr {
mbedtls_pk_context *key;
mbedtls_asn1_named_data *subject;
mbedtls_md_type_t md_alg;
@@ -90,8 +88,8 @@
*
* \return 0 if successful, or a specific X509 error code
*/
-int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
- const unsigned char *buf, size_t buflen );
+int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr,
+ const unsigned char *buf, size_t buflen);
/**
* \brief Load a Certificate Signing Request (CSR), DER or PEM format
@@ -105,7 +103,7 @@
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
-int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen );
+int mbedtls_x509_csr_parse(mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen);
#if defined(MBEDTLS_FS_IO)
/**
@@ -118,7 +116,7 @@
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
-int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path );
+int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path);
#endif /* MBEDTLS_FS_IO */
/**
@@ -133,22 +131,22 @@
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
-int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
- const mbedtls_x509_csr *csr );
+int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix,
+ const mbedtls_x509_csr *csr);
/**
* \brief Initialize a CSR
*
* \param csr CSR to initialize
*/
-void mbedtls_x509_csr_init( mbedtls_x509_csr *csr );
+void mbedtls_x509_csr_init(mbedtls_x509_csr *csr);
/**
* \brief Unallocate all CSR data
*
* \param csr CSR to free
*/
-void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
+void mbedtls_x509_csr_free(mbedtls_x509_csr *csr);
#endif /* MBEDTLS_X509_CSR_PARSE_C */
/** \} name Structures and functions for X.509 Certificate Signing Requests (CSR) */
@@ -159,7 +157,7 @@
*
* \param ctx CSR context to initialize
*/
-void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx );
+void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx);
/**
* \brief Set the subject name for a CSR
@@ -173,8 +171,8 @@
* \return 0 if subject name was parsed successfully, or
* a specific error code
*/
-int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
- const char *subject_name );
+int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx,
+ const char *subject_name);
/**
* \brief Set the key for a CSR (public key will be included,
@@ -183,7 +181,7 @@
* \param ctx CSR context to use
* \param key Asymmetric key to include
*/
-void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
+void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx, mbedtls_pk_context *key);
/**
* \brief Set the MD algorithm to use for the signature
@@ -192,7 +190,7 @@
* \param ctx CSR context to use
* \param md_alg MD algorithm to use
*/
-void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg );
+void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg);
/**
* \brief Set the Key Usage Extension flags
@@ -211,7 +209,7 @@
* #MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this
* function.
*/
-int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage );
+int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned char key_usage);
/**
* \brief Set the Netscape Cert Type flags
@@ -222,8 +220,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
*/
-int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
- unsigned char ns_cert_type );
+int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx,
+ unsigned char ns_cert_type);
/**
* \brief Generic function to add to or replace an extension in the
@@ -237,16 +235,16 @@
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
-int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
- const char *oid, size_t oid_len,
- const unsigned char *val, size_t val_len );
+int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx,
+ const char *oid, size_t oid_len,
+ const unsigned char *val, size_t val_len);
/**
* \brief Free the contents of a CSR context
*
* \param ctx CSR context to free
*/
-void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx );
+void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx);
/**
* \brief Write a CSR (Certificate Signing Request) to a
@@ -269,9 +267,9 @@
* for countermeasures against timing attacks).
* ECDSA signatures always require a non-NULL f_rng.
*/
-int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
#if defined(MBEDTLS_PEM_WRITE_C)
/**
@@ -291,9 +289,9 @@
* for countermeasures against timing attacks).
* ECDSA signatures always require a non-NULL f_rng.
*/
-int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_X509_CSR_WRITE_C */
diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h
index 4bdc711..9b12a1b 100644
--- a/include/mbedtls/xtea.h
+++ b/include/mbedtls/xtea.h
@@ -52,8 +52,7 @@
/**
* \brief XTEA context structure
*/
-typedef struct mbedtls_xtea_context
-{
+typedef struct mbedtls_xtea_context {
uint32_t k[4]; /*!< key */
}
mbedtls_xtea_context;
@@ -67,14 +66,14 @@
*
* \param ctx XTEA context to be initialized
*/
-void mbedtls_xtea_init( mbedtls_xtea_context *ctx );
+void mbedtls_xtea_init(mbedtls_xtea_context *ctx);
/**
* \brief Clear XTEA context
*
* \param ctx XTEA context to be cleared
*/
-void mbedtls_xtea_free( mbedtls_xtea_context *ctx );
+void mbedtls_xtea_free(mbedtls_xtea_context *ctx);
/**
* \brief XTEA key schedule
@@ -82,7 +81,7 @@
* \param ctx XTEA context to be initialized
* \param key the secret key
*/
-void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] );
+void mbedtls_xtea_setup(mbedtls_xtea_context *ctx, const unsigned char key[16]);
/**
* \brief XTEA cipher function
@@ -94,10 +93,10 @@
*
* \return 0 if successful
*/
-int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx,
- int mode,
- const unsigned char input[8],
- unsigned char output[8] );
+int mbedtls_xtea_crypt_ecb(mbedtls_xtea_context *ctx,
+ int mode,
+ const unsigned char input[8],
+ unsigned char output[8]);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
@@ -113,12 +112,12 @@
* \return 0 if successful,
* MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0
*/
-int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[8],
- const unsigned char *input,
- unsigned char *output);
+int mbedtls_xtea_crypt_cbc(mbedtls_xtea_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[8],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_SELF_TEST)
@@ -128,7 +127,7 @@
*
* \return 0 if successful, or 1 if the test failed
*/
-int mbedtls_xtea_self_test( int verbose );
+int mbedtls_xtea_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index b75947c..a6875ac 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -116,7 +116,7 @@
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
-#define PSA_KEY_ATTRIBUTES_INIT {0}
+#define PSA_KEY_ATTRIBUTES_INIT { 0 }
#endif
/** Return an initial value for a key attributes structure.
@@ -143,8 +143,8 @@
* \param[out] attributes The attribute structure to write to.
* \param key The persistent identifier for the key.
*/
-static void psa_set_key_id( psa_key_attributes_t *attributes,
- mbedtls_svc_key_id_t key );
+static void psa_set_key_id(psa_key_attributes_t *attributes,
+ mbedtls_svc_key_id_t key);
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
/** Set the owner identifier of a key.
@@ -161,8 +161,8 @@
* \param[out] attributes The attribute structure to write to.
* \param owner The key owner identifier.
*/
-static void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes,
- mbedtls_key_owner_id_t owner );
+static void mbedtls_set_key_owner_id(psa_key_attributes_t *attributes,
+ mbedtls_key_owner_id_t owner);
#endif
/** Set the location of a persistent key.
@@ -944,7 +944,7 @@
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
-#define PSA_HASH_OPERATION_INIT {0}
+#define PSA_HASH_OPERATION_INIT { 0 }
#endif
/** Return an initial value for a hash operation object.
@@ -1308,7 +1308,7 @@
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
-#define PSA_MAC_OPERATION_INIT {0}
+#define PSA_MAC_OPERATION_INIT { 0 }
#endif
/** Return an initial value for a MAC operation object.
@@ -1727,7 +1727,7 @@
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
-#define PSA_CIPHER_OPERATION_INIT {0}
+#define PSA_CIPHER_OPERATION_INIT { 0 }
#endif
/** Return an initial value for a cipher operation object.
@@ -2251,7 +2251,7 @@
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
-#define PSA_AEAD_OPERATION_INIT {0}
+#define PSA_AEAD_OPERATION_INIT { 0 }
#endif
/** Return an initial value for an AEAD operation object.
@@ -2913,13 +2913,13 @@
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_sign_message( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t * input,
- size_t input_length,
- uint8_t * signature,
- size_t signature_size,
- size_t * signature_length );
+psa_status_t psa_sign_message(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length);
/** \brief Verify the signature of a message with a public key, using
* a hash-and-sign verification algorithm.
@@ -2965,12 +2965,12 @@
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_verify_message( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t * input,
- size_t input_length,
- const uint8_t * signature,
- size_t signature_length );
+psa_status_t psa_verify_message(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *signature,
+ size_t signature_length);
/**
* \brief Sign a hash or short message with a private key.
@@ -3244,7 +3244,7 @@
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
-#define PSA_KEY_DERIVATION_OPERATION_INIT {0}
+#define PSA_KEY_DERIVATION_OPERATION_INIT { 0 }
#endif
/** Return an initial value for a key derivation operation object.
@@ -3371,7 +3371,7 @@
* The value of the maximum possible capacity depends on the key derivation
* algorithm.
*/
-#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t)(-1))
+#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t) (-1))
/** Provide an input for key derivation or key agreement.
*
diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h
index 711c43d..63cb173 100644
--- a/include/psa/crypto_builtin_composites.h
+++ b/include/psa/crypto_builtin_composites.h
@@ -50,8 +50,7 @@
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
-typedef struct
-{
+typedef struct {
/** The HMAC algorithm in use */
psa_algorithm_t alg;
/** The hash context. */
@@ -60,16 +59,14 @@
uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
} mbedtls_psa_hmac_operation_t;
-#define MBEDTLS_PSA_HMAC_OPERATION_INIT {0, PSA_HASH_OPERATION_INIT, {0}}
+#define MBEDTLS_PSA_HMAC_OPERATION_INIT { 0, PSA_HASH_OPERATION_INIT, { 0 } }
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
#include "mbedtls/cmac.h"
-typedef struct
-{
+typedef struct {
psa_algorithm_t alg;
- union
- {
+ union {
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
mbedtls_psa_hmac_operation_t hmac;
@@ -80,6 +77,6 @@
} ctx;
} mbedtls_psa_mac_operation_t;
-#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}}
+#define MBEDTLS_PSA_MAC_OPERATION_INIT { 0, { 0 } }
#endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */
diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h
index 96c4529..6989cfe 100644
--- a/include/psa/crypto_builtin_primitives.h
+++ b/include/psa/crypto_builtin_primitives.h
@@ -59,11 +59,9 @@
#define MBEDTLS_PSA_BUILTIN_HASH
#endif
-typedef struct
-{
+typedef struct {
psa_algorithm_t alg;
- union
- {
+ union {
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
mbedtls_md2_context md2;
@@ -81,17 +79,17 @@
mbedtls_sha1_context sha1;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
mbedtls_sha256_context sha256;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
mbedtls_sha512_context sha512;
#endif
} ctx;
} mbedtls_psa_hash_operation_t;
-#define MBEDTLS_PSA_HASH_OPERATION_INIT {0, {0}}
+#define MBEDTLS_PSA_HASH_OPERATION_INIT { 0, { 0 } }
/*
* Cipher multi-part operation definitions.
@@ -120,6 +118,6 @@
} ctx;
} mbedtls_psa_cipher_operation_t;
-#define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}
+#define MBEDTLS_PSA_CIPHER_OPERATION_INIT { 0, 0, 0, { 0 } }
#endif /* PSA_CRYPTO_BUILTIN_PRIMITIVES_H */
diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h
index 0d18404..7ae6cbb 100644
--- a/include/psa/crypto_compat.h
+++ b/include/psa/crypto_compat.h
@@ -50,9 +50,9 @@
*
* \return Non-zero if the handle is null, zero otherwise.
*/
-static inline int psa_key_handle_is_null( psa_key_handle_t handle )
+static inline int psa_key_handle_is_null(psa_key_handle_t handle)
{
- return( mbedtls_svc_key_id_is_null( handle ) );
+ return mbedtls_svc_key_id_is_null(handle);
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -78,196 +78,197 @@
#define PSA_KEY_TYPE_GET_CURVE PSA_KEY_TYPE_ECC_GET_FAMILY
#define PSA_KEY_TYPE_GET_GROUP PSA_KEY_TYPE_DH_GET_FAMILY
-#define MBEDTLS_DEPRECATED_CONSTANT( type, value ) \
- ( (mbedtls_deprecated_##type) ( value ) )
+#define MBEDTLS_DEPRECATED_CONSTANT(type, value) \
+ ((mbedtls_deprecated_##type) (value))
/*
* Deprecated PSA Crypto error code definitions (PSA Crypto API <= 1.0 beta2)
*/
#define PSA_ERROR_UNKNOWN_ERROR \
- MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_GENERIC_ERROR )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_status_t, PSA_ERROR_GENERIC_ERROR)
#define PSA_ERROR_OCCUPIED_SLOT \
- MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_ALREADY_EXISTS )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_status_t, PSA_ERROR_ALREADY_EXISTS)
#define PSA_ERROR_EMPTY_SLOT \
- MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_DOES_NOT_EXIST )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_status_t, PSA_ERROR_DOES_NOT_EXIST)
#define PSA_ERROR_INSUFFICIENT_CAPACITY \
- MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_INSUFFICIENT_DATA )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_status_t, PSA_ERROR_INSUFFICIENT_DATA)
#define PSA_ERROR_TAMPERING_DETECTED \
- MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_CORRUPTION_DETECTED )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_status_t, PSA_ERROR_CORRUPTION_DETECTED)
/*
* Deprecated PSA Crypto numerical encodings (PSA Crypto API <= 1.0 beta3)
*/
#define PSA_KEY_USAGE_SIGN \
- MBEDTLS_DEPRECATED_CONSTANT( psa_key_usage_t, PSA_KEY_USAGE_SIGN_HASH )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_key_usage_t, PSA_KEY_USAGE_SIGN_HASH)
#define PSA_KEY_USAGE_VERIFY \
- MBEDTLS_DEPRECATED_CONSTANT( psa_key_usage_t, PSA_KEY_USAGE_VERIFY_HASH )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_key_usage_t, PSA_KEY_USAGE_VERIFY_HASH)
/*
* Deprecated PSA Crypto size calculation macros (PSA Crypto API <= 1.0 beta3)
*/
#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGNATURE_MAX_SIZE )
-#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) )
-#define PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits ) \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ) )
-#define PSA_BLOCK_CIPHER_BLOCK_SIZE( type ) \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ) )
+ MBEDTLS_DEPRECATED_CONSTANT(size_t, PSA_SIGNATURE_MAX_SIZE)
+#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
+ MBEDTLS_DEPRECATED_CONSTANT(size_t, PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg))
+#define PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits) \
+ MBEDTLS_DEPRECATED_CONSTANT(size_t, PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits))
+#define PSA_BLOCK_CIPHER_BLOCK_SIZE(type) \
+ MBEDTLS_DEPRECATED_CONSTANT(size_t, PSA_BLOCK_CIPHER_BLOCK_LENGTH(type))
#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE )
-#define PSA_HASH_SIZE( alg ) \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_HASH_LENGTH( alg ) )
-#define PSA_MAC_FINAL_SIZE( key_type, key_bits, alg ) \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_MAC_LENGTH( key_type, key_bits, alg ) )
+ MBEDTLS_DEPRECATED_CONSTANT(size_t, PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
+#define PSA_HASH_SIZE(alg) \
+ MBEDTLS_DEPRECATED_CONSTANT(size_t, PSA_HASH_LENGTH(alg))
+#define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) \
+ MBEDTLS_DEPRECATED_CONSTANT(size_t, PSA_MAC_LENGTH(key_type, key_bits, alg))
#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE )
+ MBEDTLS_DEPRECATED_CONSTANT(size_t, PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE)
/*
* Deprecated PSA Crypto function names (PSA Crypto API <= 1.0 beta3)
*/
-MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_sign( psa_key_handle_t key,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length )
+MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_sign(psa_key_handle_t key,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length)
{
- return psa_sign_hash( key, alg, hash, hash_length, signature, signature_size, signature_length );
+ return psa_sign_hash(key, alg, hash, hash_length, signature, signature_size, signature_length);
}
-MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key_handle_t key,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length )
+MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify(psa_key_handle_t key,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length)
{
- return psa_verify_hash( key, alg, hash, hash_length, signature, signature_length );
+ return psa_verify_hash(key, alg, hash, hash_length, signature, signature_length);
}
/*
* Size-specific elliptic curve families.
*/
#define PSA_ECC_CURVE_SECP160K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1)
#define PSA_ECC_CURVE_SECP192K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1)
#define PSA_ECC_CURVE_SECP224K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1)
#define PSA_ECC_CURVE_SECP256K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1)
#define PSA_ECC_CURVE_SECP160R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1)
#define PSA_ECC_CURVE_SECP192R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1)
#define PSA_ECC_CURVE_SECP224R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1)
#define PSA_ECC_CURVE_SECP256R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1)
#define PSA_ECC_CURVE_SECP384R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1)
#define PSA_ECC_CURVE_SECP521R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1)
#define PSA_ECC_CURVE_SECP160R2 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R2 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R2)
#define PSA_ECC_CURVE_SECT163K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1)
#define PSA_ECC_CURVE_SECT233K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1)
#define PSA_ECC_CURVE_SECT239K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1)
#define PSA_ECC_CURVE_SECT283K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1)
#define PSA_ECC_CURVE_SECT409K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1)
#define PSA_ECC_CURVE_SECT571K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1)
#define PSA_ECC_CURVE_SECT163R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1)
#define PSA_ECC_CURVE_SECT193R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1)
#define PSA_ECC_CURVE_SECT233R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1)
#define PSA_ECC_CURVE_SECT283R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1)
#define PSA_ECC_CURVE_SECT409R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1)
#define PSA_ECC_CURVE_SECT571R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1)
#define PSA_ECC_CURVE_SECT163R2 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2)
#define PSA_ECC_CURVE_SECT193R2 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2)
#define PSA_ECC_CURVE_BRAINPOOL_P256R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1)
#define PSA_ECC_CURVE_BRAINPOOL_P384R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1)
#define PSA_ECC_CURVE_BRAINPOOL_P512R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1)
#define PSA_ECC_CURVE_CURVE25519 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY)
#define PSA_ECC_CURVE_CURVE448 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY)
/*
* Curves that changed name due to PSA specification.
*/
#define PSA_ECC_CURVE_SECP_K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1)
#define PSA_ECC_CURVE_SECP_R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1)
#define PSA_ECC_CURVE_SECP_R2 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R2 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R2)
#define PSA_ECC_CURVE_SECT_K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1)
#define PSA_ECC_CURVE_SECT_R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1)
#define PSA_ECC_CURVE_SECT_R2 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2)
#define PSA_ECC_CURVE_BRAINPOOL_P_R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1)
#define PSA_ECC_CURVE_MONTGOMERY \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY)
/*
* Finite-field Diffie-Hellman families.
*/
#define PSA_DH_GROUP_FFDHE2048 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_dh_family_t, PSA_DH_FAMILY_RFC7919)
#define PSA_DH_GROUP_FFDHE3072 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_dh_family_t, PSA_DH_FAMILY_RFC7919)
#define PSA_DH_GROUP_FFDHE4096 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_dh_family_t, PSA_DH_FAMILY_RFC7919)
#define PSA_DH_GROUP_FFDHE6144 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_dh_family_t, PSA_DH_FAMILY_RFC7919)
#define PSA_DH_GROUP_FFDHE8192 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_dh_family_t, PSA_DH_FAMILY_RFC7919)
/*
* Diffie-Hellman families that changed name due to PSA specification.
*/
#define PSA_DH_GROUP_RFC7919 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_dh_family_t, PSA_DH_FAMILY_RFC7919)
#define PSA_DH_GROUP_CUSTOM \
- MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_CUSTOM )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_dh_family_t, PSA_DH_FAMILY_CUSTOM)
/*
* Deprecated PSA Crypto stream cipher algorithms (PSA Crypto API <= 1.0 beta3)
*/
#define PSA_ALG_ARC4 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_STREAM_CIPHER )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_algorithm_t, PSA_ALG_STREAM_CIPHER)
#define PSA_ALG_CHACHA20 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_STREAM_CIPHER )
+ MBEDTLS_DEPRECATED_CONSTANT(psa_algorithm_t, PSA_ALG_STREAM_CIPHER)
/*
* Renamed AEAD tag length macros (PSA Crypto API <= 1.0 beta3)
*/
-#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH( aead_alg ) \
- MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( aead_alg ) )
-#define PSA_ALG_AEAD_WITH_TAG_LENGTH( aead_alg, tag_length ) \
- MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_AEAD_WITH_SHORTENED_TAG( aead_alg, tag_length ) )
+#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(aead_alg) \
+ MBEDTLS_DEPRECATED_CONSTANT(psa_algorithm_t, PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(aead_alg))
+#define PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, tag_length) \
+ MBEDTLS_DEPRECATED_CONSTANT(psa_algorithm_t, \
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length))
/*
* Deprecated PSA AEAD output size macros (PSA Crypto API <= 1.0 beta3)
@@ -285,11 +286,11 @@
* the ciphertext, return 0.
* If the AEAD algorithm is not recognized, return 0.
*/
-#define PSA_AEAD_TAG_LENGTH_1_ARG( alg ) \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, \
- PSA_ALG_IS_AEAD( alg ) ? \
- PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) : \
- 0 )
+#define PSA_AEAD_TAG_LENGTH_1_ARG(alg) \
+ MBEDTLS_DEPRECATED_CONSTANT(size_t, \
+ PSA_ALG_IS_AEAD(alg) ? \
+ PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
+ 0)
/** The maximum size of the output of psa_aead_encrypt(), in bytes.
*
@@ -311,11 +312,11 @@
* algorithm.
* If the AEAD algorithm is not recognized, return 0.
*/
-#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE_2_ARG( alg, plaintext_length ) \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, \
- PSA_ALG_IS_AEAD( alg ) ? \
- (plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) : \
- 0 )
+#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE_2_ARG(alg, plaintext_length) \
+ MBEDTLS_DEPRECATED_CONSTANT(size_t, \
+ PSA_ALG_IS_AEAD(alg) ? \
+ (plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
+ 0)
/** The maximum size of the output of psa_aead_decrypt(), in bytes.
*
@@ -337,12 +338,12 @@
* algorithm.
* If the AEAD algorithm is not recognized, return 0.
*/
-#define PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG( alg, ciphertext_length ) \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, \
- PSA_ALG_IS_AEAD( alg ) && \
- (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) ? \
- (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) : \
- 0 )
+#define PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG(alg, ciphertext_length) \
+ MBEDTLS_DEPRECATED_CONSTANT(size_t, \
+ PSA_ALG_IS_AEAD(alg) && \
+ (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
+ (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
+ 0)
/** A sufficient output buffer size for psa_aead_update().
*
@@ -368,11 +369,12 @@
* to emit output without delay. However, hardware may not always be
* capable of this. So for modes based on a block cipher, allow the
* implementation to delay the output until it has a full block. */
-#define PSA_AEAD_UPDATE_OUTPUT_SIZE_2_ARG( alg, input_length ) \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, \
- PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER( alg ) ? \
- PSA_ROUND_UP_TO_MULTIPLE( PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length) ) : \
- (input_length) )
+#define PSA_AEAD_UPDATE_OUTPUT_SIZE_2_ARG(alg, input_length) \
+ MBEDTLS_DEPRECATED_CONSTANT(size_t, \
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
+ (input_length)) : \
+ (input_length))
/** A sufficient ciphertext buffer size for psa_aead_finish().
*
@@ -389,11 +391,11 @@
* specified algorithm.
* If the AEAD algorithm is not recognized, return 0.
*/
-#define PSA_AEAD_FINISH_OUTPUT_SIZE_1_ARG( alg ) \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, \
- PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER( alg ) ? \
- PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
- 0 )
+#define PSA_AEAD_FINISH_OUTPUT_SIZE_1_ARG(alg) \
+ MBEDTLS_DEPRECATED_CONSTANT(size_t, \
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
+ 0)
/** A sufficient plaintext buffer size for psa_aead_verify().
*
@@ -410,11 +412,11 @@
* specified algorithm.
* If the AEAD algorithm is not recognized, return 0.
*/
-#define PSA_AEAD_VERIFY_OUTPUT_SIZE_1_ARG( alg ) \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, \
- PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER( alg ) ? \
- PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
- 0 )
+#define PSA_AEAD_VERIFY_OUTPUT_SIZE_1_ARG(alg) \
+ MBEDTLS_DEPRECATED_CONSTANT(size_t, \
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
+ 0)
#endif /* MBEDTLS_DEPRECATED_REMOVED */
@@ -478,8 +480,8 @@
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_open_key( mbedtls_svc_key_id_t key,
- psa_key_handle_t *handle );
+psa_status_t psa_open_key(mbedtls_svc_key_id_t key,
+ psa_key_handle_t *handle);
/** Close a key handle.
*
diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h
index a722009..34e6fd6 100644
--- a/include/psa/crypto_driver_contexts_composites.h
+++ b/include/psa/crypto_driver_contexts_composites.h
@@ -50,25 +50,25 @@
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
typedef libtestdriver1_mbedtls_psa_mac_operation_t
- mbedtls_transparent_test_driver_mac_operation_t;
+ mbedtls_transparent_test_driver_mac_operation_t;
typedef libtestdriver1_mbedtls_psa_mac_operation_t
- mbedtls_opaque_test_driver_mac_operation_t;
+ mbedtls_opaque_test_driver_mac_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT \
- LIBTESTDRIVER1_MBEDTLS_PSA_MAC_OPERATION_INIT
+ LIBTESTDRIVER1_MBEDTLS_PSA_MAC_OPERATION_INIT
#define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT \
- LIBTESTDRIVER1_MBEDTLS_PSA_MAC_OPERATION_INIT
+ LIBTESTDRIVER1_MBEDTLS_PSA_MAC_OPERATION_INIT
#else
typedef mbedtls_psa_mac_operation_t
- mbedtls_transparent_test_driver_mac_operation_t;
+ mbedtls_transparent_test_driver_mac_operation_t;
typedef mbedtls_psa_mac_operation_t
- mbedtls_opaque_test_driver_mac_operation_t;
+ mbedtls_opaque_test_driver_mac_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT \
- MBEDTLS_PSA_MAC_OPERATION_INIT
+ MBEDTLS_PSA_MAC_OPERATION_INIT
#define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT \
- MBEDTLS_PSA_MAC_OPERATION_INIT
+ MBEDTLS_PSA_MAC_OPERATION_INIT
#endif /* MBEDTLS_TEST_LIBTESTDRIVER1 */
#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h
index 2bb01ed..620a4b3 100644
--- a/include/psa/crypto_driver_contexts_primitives.h
+++ b/include/psa/crypto_driver_contexts_primitives.h
@@ -50,32 +50,32 @@
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
typedef libtestdriver1_mbedtls_psa_cipher_operation_t
- mbedtls_transparent_test_driver_cipher_operation_t;
+ mbedtls_transparent_test_driver_cipher_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT \
- LIBTESTDRIVER1_MBEDTLS_PSA_CIPHER_OPERATION_INIT
+ LIBTESTDRIVER1_MBEDTLS_PSA_CIPHER_OPERATION_INIT
#else
typedef mbedtls_psa_cipher_operation_t
- mbedtls_transparent_test_driver_cipher_operation_t;
+ mbedtls_transparent_test_driver_cipher_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT \
- MBEDTLS_PSA_CIPHER_OPERATION_INIT
+ MBEDTLS_PSA_CIPHER_OPERATION_INIT
#endif /* MBEDTLS_TEST_LIBTESTDRIVER1 &&
LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER */
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
typedef libtestdriver1_mbedtls_psa_hash_operation_t
- mbedtls_transparent_test_driver_hash_operation_t;
+ mbedtls_transparent_test_driver_hash_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_HASH_OPERATION_INIT \
- LIBTESTDRIVER1_MBEDTLS_PSA_HASH_OPERATION_INIT
+ LIBTESTDRIVER1_MBEDTLS_PSA_HASH_OPERATION_INIT
#else
typedef mbedtls_psa_hash_operation_t
- mbedtls_transparent_test_driver_hash_operation_t;
+ mbedtls_transparent_test_driver_hash_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_HASH_OPERATION_INIT \
- MBEDTLS_PSA_HASH_OPERATION_INIT
+ MBEDTLS_PSA_HASH_OPERATION_INIT
#endif /* MBEDTLS_TEST_LIBTESTDRIVER1 &&
LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH */
@@ -85,7 +85,7 @@
} mbedtls_opaque_test_driver_cipher_operation_t;
#define MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT \
- { 0, MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT }
+ { 0, MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT }
#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index a34d551..b62acdb 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -84,7 +84,7 @@
static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.policy.alg2 );
+ return attributes->core.policy.alg2;
}
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -113,7 +113,7 @@
*/
psa_status_t psa_get_key_slot_number(
const psa_key_attributes_t *attributes,
- psa_key_slot_number_t *slot_number );
+ psa_key_slot_number_t *slot_number);
/** Choose the slot number where a key is stored.
*
@@ -140,7 +140,7 @@
*/
static inline void psa_set_key_slot_number(
psa_key_attributes_t *attributes,
- psa_key_slot_number_t slot_number )
+ psa_key_slot_number_t slot_number)
{
attributes->core.flags |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
attributes->slot_number = slot_number;
@@ -153,7 +153,7 @@
* \param[out] attributes The attribute structure to write to.
*/
static inline void psa_clear_key_slot_number(
- psa_key_attributes_t *attributes )
+ psa_key_attributes_t *attributes)
{
attributes->core.flags &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
}
@@ -213,7 +213,7 @@
*
* This is an Mbed TLS extension.
*/
-void mbedtls_psa_crypto_free( void );
+void mbedtls_psa_crypto_free(void);
/** \brief Statistics about
* resource consumption related to the PSA keystore.
@@ -221,8 +221,7 @@
* \note The content of this structure is not part of the stable API and ABI
* of Mbed Crypto and may change arbitrarily from version to version.
*/
-typedef struct mbedtls_psa_stats_s
-{
+typedef struct mbedtls_psa_stats_s {
/** Number of slots containing key material for a volatile key. */
size_t volatile_slots;
/** Number of slots containing key material for a key which is in
@@ -253,7 +252,7 @@
* between the application and the keystore, the service may or
* may not expose this function.
*/
-void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats );
+void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats);
/**
* \brief Inject an initial entropy seed for the random generator into
@@ -336,7 +335,7 @@
* string. The length of the byte string is the length of the base prime `p`
* in bytes.
*/
-#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x4002)
+#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t) 0x4002)
/** DSA key pair (private and public key).
*
@@ -354,13 +353,13 @@
* Add 1 to the resulting integer and use this as the private key *x*.
*
*/
-#define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x7002)
+#define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t) 0x7002)
/** Whether a key type is a DSA key (pair or public-only). */
#define PSA_KEY_TYPE_IS_DSA(type) \
(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
-#define PSA_ALG_DSA_BASE ((psa_algorithm_t)0x06000400)
+#define PSA_ALG_DSA_BASE ((psa_algorithm_t) 0x06000400)
/** DSA signature with hashing.
*
* This is the signature scheme defined by FIPS 186-4,
@@ -377,7 +376,7 @@
*/
#define PSA_ALG_DSA(hash_alg) \
(PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x06000500)
+#define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t) 0x06000500)
#define PSA_ALG_DSA_DETERMINISTIC_FLAG PSA_ALG_ECDSA_DETERMINISTIC_FLAG
/** Deterministic DSA signature with hashing.
*
@@ -584,53 +583,52 @@
* (`PSA_ECC_FAMILY_xxx`).
* \return \c 0 on failure (\p grpid is not recognized).
*/
-static inline psa_ecc_family_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid,
- size_t *bits )
+static inline psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
+ size_t *bits)
{
- switch( grpid )
- {
+ switch (grpid) {
case MBEDTLS_ECP_DP_SECP192R1:
*bits = 192;
- return( PSA_ECC_FAMILY_SECP_R1 );
+ return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP224R1:
*bits = 224;
- return( PSA_ECC_FAMILY_SECP_R1 );
+ return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP256R1:
*bits = 256;
- return( PSA_ECC_FAMILY_SECP_R1 );
+ return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP384R1:
*bits = 384;
- return( PSA_ECC_FAMILY_SECP_R1 );
+ return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP521R1:
*bits = 521;
- return( PSA_ECC_FAMILY_SECP_R1 );
+ return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_BP256R1:
*bits = 256;
- return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
+ return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_BP384R1:
*bits = 384;
- return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
+ return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_BP512R1:
*bits = 512;
- return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
+ return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_CURVE25519:
*bits = 255;
- return( PSA_ECC_FAMILY_MONTGOMERY );
+ return PSA_ECC_FAMILY_MONTGOMERY;
case MBEDTLS_ECP_DP_SECP192K1:
*bits = 192;
- return( PSA_ECC_FAMILY_SECP_K1 );
+ return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_SECP224K1:
*bits = 224;
- return( PSA_ECC_FAMILY_SECP_K1 );
+ return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_SECP256K1:
*bits = 256;
- return( PSA_ECC_FAMILY_SECP_K1 );
+ return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_CURVE448:
*bits = 448;
- return( PSA_ECC_FAMILY_MONTGOMERY );
+ return PSA_ECC_FAMILY_MONTGOMERY;
default:
*bits = 0;
- return( 0 );
+ return 0;
}
}
@@ -653,9 +651,9 @@
* \return #MBEDTLS_ECP_DP_NONE if \p bits is not
* correct for \p curve.
*/
-mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
- size_t bits,
- int bits_is_sloppy );
+mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
+ size_t bits,
+ int bits_is_sloppy);
#endif /* MBEDTLS_ECP_C */
/**@}*/
@@ -706,7 +704,7 @@
*/
psa_status_t mbedtls_psa_external_get_random(
mbedtls_psa_external_random_context_t *context,
- uint8_t *output, size_t output_size, size_t *output_length );
+ uint8_t *output, size_t output_size, size_t *output_length);
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
/**@}*/
@@ -726,14 +724,14 @@
* This value is part of the library's ABI since changing it would invalidate
* the values of built-in key identifiers in applications.
*/
-#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t)0x7fff0000)
+#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t) 0x7fff0000)
/** The maximum value for a key identifier that is built into the
* implementation.
*
* See #MBEDTLS_PSA_KEY_ID_BUILTIN_MIN for more information.
*/
-#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ((psa_key_id_t)0x7fffefff)
+#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ((psa_key_id_t) 0x7fffefff)
/** A slot number identifying a key in a driver.
*
@@ -751,10 +749,10 @@
* \retval 0
* The key identifier is not a builtin key identifier.
*/
-static inline int psa_key_id_is_builtin( psa_key_id_t key_id )
+static inline int psa_key_id_is_builtin(psa_key_id_t key_id)
{
- return( ( key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ) &&
- ( key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ) );
+ return (key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN) &&
+ (key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX);
}
/** Platform function to obtain the location and slot number of a built-in key.
@@ -804,7 +802,7 @@
psa_status_t mbedtls_psa_platform_get_builtin_key(
mbedtls_svc_key_id_t key_id,
psa_key_lifetime_t *lifetime,
- psa_drv_slot_number_t *slot_number );
+ psa_drv_slot_number_t *slot_number);
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
/** @} */
diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
index d3f518e..a173c78 100644
--- a/include/psa/crypto_platform.h
+++ b/include/psa/crypto_platform.h
@@ -48,7 +48,7 @@
/* PSA requires several types which C99 provides in stdint.h. */
#include <stdint.h>
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
@@ -73,10 +73,10 @@
*
* \return Non-zero if the two key owner identifiers are equal, zero otherwise.
*/
-static inline int mbedtls_key_owner_id_equal( mbedtls_key_owner_id_t id1,
- mbedtls_key_owner_id_t id2 )
+static inline int mbedtls_key_owner_id_equal(mbedtls_key_owner_id_t id1,
+ mbedtls_key_owner_id_t id2)
{
- return( id1 == id2 );
+ return id1 == id2;
}
#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index f8f8c92..bffebdd 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -322,7 +322,7 @@
typedef struct {
/**The size in bytes of the hardware-specific secure element MAC context
* structure
- */
+ */
size_t context_size;
/** Function that performs a MAC setup operation
*/
@@ -814,8 +814,7 @@
/** An enumeration indicating how a key is created.
*/
-typedef enum
-{
+typedef enum {
PSA_KEY_CREATION_IMPORT, /**< During psa_import_key() */
PSA_KEY_CREATION_GENERATE, /**< During psa_generate_key() */
PSA_KEY_CREATION_DERIVE, /**< During psa_key_derivation_output_key() */
@@ -1234,7 +1233,7 @@
* \retval #PSA_SUCCESS
*/
typedef psa_status_t (*psa_drv_se_key_derivation_derive_t)(void *op_context,
- psa_key_slot_number_t dest_key);
+ psa_key_slot_number_t dest_key);
/** \brief A function that performs the final step of a secure element key
* agreement and place the generated key material in a buffer
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index a0a5287..9f58c7f 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -275,7 +275,7 @@
((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
- ((void)(key_type), (void)(key_bits), 0))
+ ((void) (key_type), (void) (key_bits), 0))
/** The maximum size of the output of psa_aead_encrypt(), in bytes.
*
@@ -358,8 +358,8 @@
*/
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
- (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
- (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
+ (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
+ (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
0)
/** A sufficient output buffer size for psa_aead_decrypt(), for any of the
@@ -381,7 +381,7 @@
*
*/
#define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length) \
- (ciphertext_length)
+ (ciphertext_length)
/** The default nonce size for an AEAD algorithm, in bytes.
*
@@ -410,11 +410,11 @@
*/
#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
- MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13 : \
- MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12 : \
- 0 : \
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13 : \
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12 : \
+ 0 : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
- MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12 : \
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12 : \
0)
/** The maximum default nonce size among all supported pairs of key types and
@@ -462,9 +462,9 @@
* implementation to delay the output until it has a full block. */
#define PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
- PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
- PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
- (input_length) : \
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
+ (input_length) : \
0)
/** A sufficient output buffer size for psa_aead_update(), for any of the
@@ -503,8 +503,8 @@
*/
#define PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg) \
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
- PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
- PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
0)
/** A sufficient ciphertext buffer size for psa_aead_finish(), for any of the
@@ -537,8 +537,8 @@
*/
#define PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg) \
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
- PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
- PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
0)
/** A sufficient plaintext buffer size for psa_aead_verify(), for any of the
@@ -590,9 +590,9 @@
* return value is unspecified.
*/
#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
- (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
+ (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
- ((void)alg, 0))
+ ((void) alg, 0))
#define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
@@ -636,7 +636,7 @@
*/
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
- ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
+ ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
0)
/** A sufficient output buffer size for psa_asymmetric_encrypt(), for any
@@ -991,14 +991,14 @@
*/
#define PSA_CIPHER_IV_LENGTH(key_type, alg) \
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
- ((alg) == PSA_ALG_CTR || \
- (alg) == PSA_ALG_CFB || \
- (alg) == PSA_ALG_OFB || \
- (alg) == PSA_ALG_XTS || \
- (alg) == PSA_ALG_CBC_NO_PADDING || \
- (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
+ ((alg) == PSA_ALG_CTR || \
+ (alg) == PSA_ALG_CFB || \
+ (alg) == PSA_ALG_OFB || \
+ (alg) == PSA_ALG_XTS || \
+ (alg) == PSA_ALG_CBC_NO_PADDING || \
+ (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
- (alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
+ (alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
0)
/** The maximum IV size for all supported cipher algorithms, in bytes.
@@ -1033,12 +1033,12 @@
#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
(alg == PSA_ALG_CBC_PKCS7 ? \
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
- PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
- (input_length) + 1) + \
- PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0) : \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
+ (input_length) + 1) + \
+ PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0) : \
(PSA_ALG_IS_CIPHER(alg) ? \
(input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
- 0))
+ 0))
/** A sufficient output buffer size for psa_cipher_encrypt(), for any of the
* supported key types and cipher algorithms.
@@ -1114,13 +1114,13 @@
*/
#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
(PSA_ALG_IS_CIPHER(alg) ? \
- (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
- (((alg) == PSA_ALG_CBC_PKCS7 || \
- (alg) == PSA_ALG_CBC_NO_PADDING || \
- (alg) == PSA_ALG_ECB_NO_PADDING) ? \
- PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
+ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
+ (((alg) == PSA_ALG_CBC_PKCS7 || \
+ (alg) == PSA_ALG_CBC_NO_PADDING || \
+ (alg) == PSA_ALG_ECB_NO_PADDING) ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
input_length) : \
- (input_length)) : 0) : \
+ (input_length)) : 0) : \
0)
/** A sufficient output buffer size for psa_cipher_update(), for any of the
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 511b397..743c6ad 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -80,8 +80,7 @@
* algorithms. */
#include "psa/crypto_driver_contexts_primitives.h"
-struct psa_hash_operation_s
-{
+struct psa_hash_operation_s {
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
@@ -92,15 +91,14 @@
psa_driver_hash_context_t ctx;
};
-#define PSA_HASH_OPERATION_INIT {0, {0}}
-static inline struct psa_hash_operation_s psa_hash_operation_init( void )
+#define PSA_HASH_OPERATION_INIT { 0, { 0 } }
+static inline struct psa_hash_operation_s psa_hash_operation_init(void)
{
const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
- return( v );
+ return v;
}
-struct psa_cipher_operation_s
-{
+struct psa_cipher_operation_s {
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
@@ -117,19 +115,18 @@
psa_driver_cipher_context_t ctx;
};
-#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, {0}}
-static inline struct psa_cipher_operation_s psa_cipher_operation_init( void )
+#define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } }
+static inline struct psa_cipher_operation_s psa_cipher_operation_init(void)
{
const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
- return( v );
+ return v;
}
/* Include the context definition for the compiled-in drivers for the composite
* algorithms. */
#include "psa/crypto_driver_contexts_composites.h"
-struct psa_mac_operation_s
-{
+struct psa_mac_operation_s {
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
@@ -142,37 +139,34 @@
psa_driver_mac_context_t ctx;
};
-#define PSA_MAC_OPERATION_INIT {0, 0, 0, {0}}
-static inline struct psa_mac_operation_s psa_mac_operation_init( void )
+#define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } }
+static inline struct psa_mac_operation_s psa_mac_operation_init(void)
{
const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
- return( v );
+ return v;
}
-struct psa_aead_operation_s
-{
+struct psa_aead_operation_s {
psa_algorithm_t alg;
unsigned int key_set : 1;
unsigned int iv_set : 1;
uint8_t iv_size;
uint8_t block_size;
- union
- {
+ union {
unsigned dummy; /* Enable easier initializing of the union. */
mbedtls_cipher_context_t cipher;
} ctx;
};
-#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, {0}}
-static inline struct psa_aead_operation_s psa_aead_operation_init( void )
+#define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, { 0 } }
+static inline struct psa_aead_operation_s psa_aead_operation_init(void)
{
const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
- return( v );
+ return v;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
-typedef struct
-{
+typedef struct {
uint8_t *info;
size_t info_length;
#if PSA_HASH_MAX_SIZE > 0xff
@@ -190,8 +184,7 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-typedef enum
-{
+typedef enum {
PSA_TLS12_PRF_STATE_INIT, /* no input provided */
PSA_TLS12_PRF_STATE_SEED_SET, /* seed has been set */
PSA_TLS12_PRF_STATE_KEY_SET, /* key has been set */
@@ -199,8 +192,7 @@
PSA_TLS12_PRF_STATE_OUTPUT /* output has been started */
} psa_tls12_prf_key_derivation_state_t;
-typedef struct psa_tls12_prf_key_derivation_s
-{
+typedef struct psa_tls12_prf_key_derivation_s {
#if PSA_HASH_MAX_SIZE > 0xff
#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
#endif
@@ -229,46 +221,43 @@
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
-struct psa_key_derivation_s
-{
+struct psa_key_derivation_s {
psa_algorithm_t alg;
unsigned int can_output_key : 1;
size_t capacity;
- union
- {
+ union {
/* Make the union non-empty even with no supported algorithms. */
uint8_t dummy;
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
psa_hkdf_key_derivation_t hkdf;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
+ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
psa_tls12_prf_key_derivation_t tls12_prf;
#endif
} ctx;
};
/* This only zeroes out the first byte in the union, the rest is unspecified. */
-#define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, 0, {0}}
-static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void )
+#define PSA_KEY_DERIVATION_OPERATION_INIT { 0, 0, 0, { 0 } }
+static inline struct psa_key_derivation_s psa_key_derivation_operation_init(void)
{
const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT;
- return( v );
+ return v;
}
-struct psa_key_policy_s
-{
+struct psa_key_policy_s {
psa_key_usage_t usage;
psa_algorithm_t alg;
psa_algorithm_t alg2;
};
typedef struct psa_key_policy_s psa_key_policy_t;
-#define PSA_KEY_POLICY_INIT {0, 0, 0}
-static inline struct psa_key_policy_s psa_key_policy_init( void )
+#define PSA_KEY_POLICY_INIT { 0, 0, 0 }
+static inline struct psa_key_policy_s psa_key_policy_init(void)
{
const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT;
- return( v );
+ return v;
}
/* The type used internally for key sizes.
@@ -276,7 +265,7 @@
typedef uint16_t psa_key_bits_t;
/* The maximum value of the type used to represent bit-sizes.
* This is used to mark an invalid key size. */
-#define PSA_KEY_BITS_TOO_LARGE ( (psa_key_bits_t) ( -1 ) )
+#define PSA_KEY_BITS_TOO_LARGE ((psa_key_bits_t) (-1))
/* The maximum size of a key in bits.
* Currently defined as the maximum that can be represented, rounded down
* to a whole number of bytes.
@@ -294,21 +283,20 @@
typedef uint16_t psa_key_attributes_flag_t;
#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER \
- ( (psa_key_attributes_flag_t) 0x0001 )
+ ((psa_key_attributes_flag_t) 0x0001)
/* A mask of key attribute flags used externally only.
* Only meant for internal checks inside the library. */
#define MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ( \
MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER | \
- 0 )
+ 0)
/* A mask of key attribute flags used both internally and externally.
* Currently there aren't any. */
#define MBEDTLS_PSA_KA_MASK_DUAL_USE ( \
- 0 )
+ 0)
-typedef struct
-{
+typedef struct {
psa_key_type_t type;
psa_key_bits_t bits;
psa_key_lifetime_t lifetime;
@@ -317,10 +305,10 @@
psa_key_attributes_flag_t flags;
} psa_core_key_attributes_t;
-#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0}
+#define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, \
+ MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0 }
-struct psa_key_attributes_s
-{
+struct psa_key_attributes_s {
psa_core_key_attributes_t core;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
psa_key_slot_number_t slot_number;
@@ -330,42 +318,41 @@
};
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0}
+#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0 }
#else
-#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0}
+#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0 }
#endif
-static inline struct psa_key_attributes_s psa_key_attributes_init( void )
+static inline struct psa_key_attributes_s psa_key_attributes_init(void)
{
const struct psa_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT;
- return( v );
+ return v;
}
-static inline void psa_set_key_id( psa_key_attributes_t *attributes,
- mbedtls_svc_key_id_t key )
+static inline void psa_set_key_id(psa_key_attributes_t *attributes,
+ mbedtls_svc_key_id_t key)
{
psa_key_lifetime_t lifetime = attributes->core.lifetime;
attributes->core.id = key;
- if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
- {
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
attributes->core.lifetime =
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_LIFETIME_PERSISTENT,
- PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) );
+ PSA_KEY_LIFETIME_GET_LOCATION(lifetime));
}
}
static inline mbedtls_svc_key_id_t psa_get_key_id(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.id );
+ return attributes->core.id;
}
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
-static inline void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes,
- mbedtls_key_owner_id_t owner )
+static inline void mbedtls_set_key_owner_id(psa_key_attributes_t *attributes,
+ mbedtls_key_owner_id_t owner)
{
attributes->core.id.owner = owner;
}
@@ -375,8 +362,7 @@
psa_key_lifetime_t lifetime)
{
attributes->core.lifetime = lifetime;
- if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
- {
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
attributes->core.id.key_id = 0;
#else
@@ -388,29 +374,31 @@
static inline psa_key_lifetime_t psa_get_key_lifetime(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.lifetime );
+ return attributes->core.lifetime;
}
-static inline void psa_extend_key_usage_flags( psa_key_usage_t *usage_flags )
+static inline void psa_extend_key_usage_flags(psa_key_usage_t *usage_flags)
{
- if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH )
+ if (*usage_flags & PSA_KEY_USAGE_SIGN_HASH) {
*usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
+ }
- if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
+ if (*usage_flags & PSA_KEY_USAGE_VERIFY_HASH) {
*usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
+ }
}
static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
psa_key_usage_t usage_flags)
{
- psa_extend_key_usage_flags( &usage_flags );
+ psa_extend_key_usage_flags(&usage_flags);
attributes->core.policy.usage = usage_flags;
}
static inline psa_key_usage_t psa_get_key_usage_flags(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.policy.usage );
+ return attributes->core.policy.usage;
}
static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
@@ -422,7 +410,7 @@
static inline psa_algorithm_t psa_get_key_algorithm(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.policy.alg );
+ return attributes->core.policy.alg;
}
/* This function is declared in crypto_extra.h, which comes after this
@@ -435,40 +423,38 @@
static inline void psa_set_key_type(psa_key_attributes_t *attributes,
psa_key_type_t type)
{
- if( attributes->domain_parameters == NULL )
- {
+ if (attributes->domain_parameters == NULL) {
/* Common case: quick path */
attributes->core.type = type;
- }
- else
- {
+ } else {
/* Call the bigger function to free the old domain parameters.
* Ignore any errors which may arise due to type requiring
* non-default domain parameters, since this function can't
* report errors. */
- (void) psa_set_key_domain_parameters( attributes, type, NULL, 0 );
+ (void) psa_set_key_domain_parameters(attributes, type, NULL, 0);
}
}
static inline psa_key_type_t psa_get_key_type(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.type );
+ return attributes->core.type;
}
static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
size_t bits)
{
- if( bits > PSA_MAX_KEY_BITS )
+ if (bits > PSA_MAX_KEY_BITS) {
attributes->core.bits = PSA_KEY_BITS_TOO_LARGE;
- else
+ } else {
attributes->core.bits = (psa_key_bits_t) bits;
+ }
}
static inline size_t psa_get_key_bits(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.bits );
+ return attributes->core.bits;
}
#ifdef __cplusplus
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
index 679cbc4..54662a5 100644
--- a/include/psa/crypto_types.h
+++ b/include/psa/crypto_types.h
@@ -290,7 +290,7 @@
* Any changes to existing values will require bumping the storage
* format version and providing a translation when reading the old
* format.
-*/
+ */
#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
typedef psa_key_id_t mbedtls_svc_key_id_t;
@@ -300,8 +300,7 @@
* client and encodes the client identity in the key identifier argument of
* functions such as psa_open_key().
*/
-typedef struct
-{
+typedef struct {
psa_key_id_t key_id;
mbedtls_key_owner_id_t owner;
} mbedtls_svc_key_id_t;
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 4df4fe4..36815cc 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -58,14 +58,14 @@
* domains aren't already using. */
/** The action was completed successfully. */
-#define PSA_SUCCESS ((psa_status_t)0)
+#define PSA_SUCCESS ((psa_status_t) 0)
/** An error occurred that does not correspond to any defined
* failure cause.
*
* Implementations may use this error code if none of the other standard
* error codes are applicable. */
-#define PSA_ERROR_GENERIC_ERROR ((psa_status_t)-132)
+#define PSA_ERROR_GENERIC_ERROR ((psa_status_t) -132)
/** The requested operation or a parameter is not supported
* by this implementation.
@@ -74,7 +74,7 @@
* parameter such as a key type, algorithm, etc. is not recognized.
* If a combination of parameters is recognized and identified as
* not valid, return #PSA_ERROR_INVALID_ARGUMENT instead. */
-#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134)
+#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t) -134)
/** The requested action is denied by a policy.
*
@@ -87,7 +87,7 @@
* not valid or not supported, it is unspecified whether the function
* returns #PSA_ERROR_NOT_PERMITTED, #PSA_ERROR_NOT_SUPPORTED or
* #PSA_ERROR_INVALID_ARGUMENT. */
-#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133)
+#define PSA_ERROR_NOT_PERMITTED ((psa_status_t) -133)
/** An output buffer is too small.
*
@@ -99,19 +99,19 @@
* buffer would succeed. However implementations may return this
* error if a function has invalid or unsupported parameters in addition
* to the parameters that determine the necessary output buffer size. */
-#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138)
+#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t) -138)
/** Asking for an item that already exists
*
* Implementations should return this error, when attempting
* to write an item (like a key) that already exists. */
-#define PSA_ERROR_ALREADY_EXISTS ((psa_status_t)-139)
+#define PSA_ERROR_ALREADY_EXISTS ((psa_status_t) -139)
/** Asking for an item that doesn't exist
*
* Implementations should return this error, if a requested item (like
* a key) does not exist. */
-#define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t)-140)
+#define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t) -140)
/** The requested action cannot be performed in the current state.
*
@@ -127,7 +127,7 @@
* Implementations shall not return this error code to indicate that a
* key identifier is invalid, but shall return #PSA_ERROR_INVALID_HANDLE
* instead. */
-#define PSA_ERROR_BAD_STATE ((psa_status_t)-137)
+#define PSA_ERROR_BAD_STATE ((psa_status_t) -137)
/** The parameters passed to the function are invalid.
*
@@ -138,13 +138,13 @@
* key identifier is invalid, but shall return #PSA_ERROR_INVALID_HANDLE
* instead.
*/
-#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135)
+#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t) -135)
/** There is not enough runtime memory.
*
* If the action is carried out across multiple security realms, this
* error can refer to available memory in any of the security realms. */
-#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141)
+#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t) -141)
/** There is not enough persistent storage.
*
@@ -153,7 +153,7 @@
* many functions that do not otherwise access storage may return this
* error code if the implementation requires a mandatory log entry for
* the requested action and the log storage space is full. */
-#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)-142)
+#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t) -142)
/** There was a communication failure inside the implementation.
*
@@ -170,7 +170,7 @@
* cryptoprocessor but there was a breakdown of communication before
* the cryptoprocessor could report the status to the application.
*/
-#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145)
+#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t) -145)
/** There was a storage failure that may have led to data loss.
*
@@ -195,13 +195,13 @@
* permanent storage corruption. However application writers should
* keep in mind that transient errors while reading the storage may be
* reported using this error code. */
-#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146)
+#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t) -146)
/** A hardware failure was detected.
*
* A hardware failure may be transient or permanent depending on the
* cause. */
-#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147)
+#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t) -147)
/** A tampering attempt was detected.
*
@@ -232,7 +232,7 @@
* This error indicates an attack against the application. Implementations
* shall not return this error code as a consequence of the behavior of
* the application itself. */
-#define PSA_ERROR_CORRUPTION_DETECTED ((psa_status_t)-151)
+#define PSA_ERROR_CORRUPTION_DETECTED ((psa_status_t) -151)
/** There is not enough entropy to generate random data needed
* for the requested action.
@@ -251,7 +251,7 @@
* secure pseudorandom generator (PRNG). However implementations may return
* this error at any time if a policy requires the PRNG to be reseeded
* during normal operation. */
-#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148)
+#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t) -148)
/** The signature, MAC or hash is incorrect.
*
@@ -261,7 +261,7 @@
*
* If the value to verify has an invalid size, implementations may return
* either #PSA_ERROR_INVALID_ARGUMENT or #PSA_ERROR_INVALID_SIGNATURE. */
-#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149)
+#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t) -149)
/** The decrypted padding is incorrect.
*
@@ -277,15 +277,15 @@
* as close as possible to indistinguishable to an external observer.
* In particular, the timing of a decryption operation should not
* depend on the validity of the padding. */
-#define PSA_ERROR_INVALID_PADDING ((psa_status_t)-150)
+#define PSA_ERROR_INVALID_PADDING ((psa_status_t) -150)
/** Return this error when there's insufficient data when attempting
* to read from a resource. */
-#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143)
+#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t) -143)
/** The key identifier is not valid. See also :ref:\`key-handles\`.
*/
-#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136)
+#define PSA_ERROR_INVALID_HANDLE ((psa_status_t) -136)
/** Stored data has been corrupted.
*
@@ -309,7 +309,7 @@
* When a storage failure occurs, it is no longer possible to ensure the
* global integrity of the keystore.
*/
-#define PSA_ERROR_DATA_CORRUPT ((psa_status_t)-152)
+#define PSA_ERROR_DATA_CORRUPT ((psa_status_t) -152)
/** Data read from storage is not valid for the implementation.
*
@@ -325,7 +325,7 @@
* cleartext storage backend, or an attempt to read data that was
* written by an incompatible version of the library.
*/
-#define PSA_ERROR_DATA_INVALID ((psa_status_t)-153)
+#define PSA_ERROR_DATA_INVALID ((psa_status_t) -153)
/**@}*/
@@ -343,7 +343,7 @@
*
* Zero is not the encoding of any key type.
*/
-#define PSA_KEY_TYPE_NONE ((psa_key_type_t)0x0000)
+#define PSA_KEY_TYPE_NONE ((psa_key_type_t) 0x0000)
/** Vendor-defined key type flag.
*
@@ -352,15 +352,15 @@
* must use an encoding with the #PSA_KEY_TYPE_VENDOR_FLAG bit set and should
* respect the bitwise structure used by standard encodings whenever practical.
*/
-#define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t)0x8000)
+#define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t) 0x8000)
-#define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x7000)
-#define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t)0x1000)
-#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x2000)
-#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t)0x4000)
-#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t)0x7000)
+#define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t) 0x7000)
+#define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t) 0x1000)
+#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t) 0x2000)
+#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t) 0x4000)
+#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t) 0x7000)
-#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t)0x3000)
+#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t) 0x3000)
/** Whether a key type is vendor-defined.
*
@@ -418,7 +418,7 @@
*
* A "key" of this type cannot be used for any cryptographic operation.
* Applications may use this type to store arbitrary data in the keystore. */
-#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x1001)
+#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t) 0x1001)
/** HMAC key.
*
@@ -428,25 +428,25 @@
* HMAC keys should generally have the same size as the underlying hash.
* This size can be calculated with #PSA_HASH_LENGTH(\c alg) where
* \c alg is the HMAC algorithm or the underlying hash algorithm. */
-#define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x1100)
+#define PSA_KEY_TYPE_HMAC ((psa_key_type_t) 0x1100)
/** A secret for key derivation.
*
* The key policy determines which key derivation algorithm the key
* can be used for.
*/
-#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x1200)
+#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t) 0x1200)
/** Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.
*
* The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or
* 32 bytes (AES-256).
*/
-#define PSA_KEY_TYPE_AES ((psa_key_type_t)0x2400)
+#define PSA_KEY_TYPE_AES ((psa_key_type_t) 0x2400)
/** Key for a cipher, AEAD or MAC algorithm based on the
* ARIA block cipher. */
-#define PSA_KEY_TYPE_ARIA ((psa_key_type_t)0x2406)
+#define PSA_KEY_TYPE_ARIA ((psa_key_type_t) 0x2406)
/** Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
*
@@ -457,17 +457,17 @@
* deprecated and should only be used to decrypt legacy data. 3-key 3DES
* is weak and deprecated and should only be used in legacy protocols.
*/
-#define PSA_KEY_TYPE_DES ((psa_key_type_t)0x2301)
+#define PSA_KEY_TYPE_DES ((psa_key_type_t) 0x2301)
/** Key for a cipher, AEAD or MAC algorithm based on the
* Camellia block cipher. */
-#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x2403)
+#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t) 0x2403)
/** Key for the ARC4 stream cipher (also known as RC4 or ARCFOUR).
*
* Note that ARC4 is weak and deprecated and should only be used in
* legacy protocols. */
-#define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x2002)
+#define PSA_KEY_TYPE_ARC4 ((psa_key_type_t) 0x2002)
/** Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.
*
@@ -476,25 +476,25 @@
* Implementations must support 12-byte nonces, may support 8-byte nonces,
* and should reject other sizes.
*/
-#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x2004)
+#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t) 0x2004)
/** RSA public key.
*
* The size of an RSA key is the bit size of the modulus.
*/
-#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x4001)
+#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t) 0x4001)
/** RSA key pair (private and public key).
*
* The size of an RSA key is the bit size of the modulus.
*/
-#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x7001)
+#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t) 0x7001)
/** Whether a key type is an RSA key (pair or public-only). */
#define PSA_KEY_TYPE_IS_RSA(type) \
(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
-#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x4100)
-#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t)0x7100)
-#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x00ff)
+#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4100)
+#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t) 0x7100)
+#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t) 0x00ff)
/** Elliptic curve key pair.
*
* The size of an elliptic curve key is the bit size associated with the curve,
@@ -534,8 +534,8 @@
/** Extract the curve from an elliptic curve key type. */
#define PSA_KEY_TYPE_ECC_GET_FAMILY(type) \
((psa_ecc_family_t) (PSA_KEY_TYPE_IS_ECC(type) ? \
- ((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
- 0))
+ ((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
+ 0))
/** SEC Koblitz curves over prime fields.
*
@@ -626,9 +626,9 @@
*/
#define PSA_ECC_FAMILY_TWISTED_EDWARDS ((psa_ecc_family_t) 0x42)
-#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x4200)
-#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x7200)
-#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x00ff)
+#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4200)
+#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t) 0x7200)
+#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t) 0x00ff)
/** Diffie-Hellman key pair.
*
* \param group A value of type ::psa_dh_family_t that identifies the
@@ -660,8 +660,8 @@
/** Extract the group from a Diffie-Hellman key type. */
#define PSA_KEY_TYPE_DH_GET_FAMILY(type) \
((psa_dh_family_t) (PSA_KEY_TYPE_IS_DH(type) ? \
- ((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \
- 0))
+ ((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \
+ 0))
/** Diffie-Hellman groups defined in RFC 7919 Appendix A.
*
@@ -694,7 +694,7 @@
#define PSA_BLOCK_CIPHER_BLOCK_LENGTH(type) \
(((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) : \
- 0u)
+ 0u)
/* Note that algorithm values are embedded in the persistent key store,
* as part of key metadata. As a consequence, they must not be changed
@@ -708,17 +708,17 @@
* the #PSA_ALG_VENDOR_FLAG bit set and should respect the bitwise structure
* used by standard encodings whenever practical.
*/
-#define PSA_ALG_VENDOR_FLAG ((psa_algorithm_t)0x80000000)
+#define PSA_ALG_VENDOR_FLAG ((psa_algorithm_t) 0x80000000)
-#define PSA_ALG_CATEGORY_MASK ((psa_algorithm_t)0x7f000000)
-#define PSA_ALG_CATEGORY_HASH ((psa_algorithm_t)0x02000000)
-#define PSA_ALG_CATEGORY_MAC ((psa_algorithm_t)0x03000000)
-#define PSA_ALG_CATEGORY_CIPHER ((psa_algorithm_t)0x04000000)
-#define PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t)0x05000000)
-#define PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t)0x06000000)
-#define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t)0x07000000)
-#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x08000000)
-#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x09000000)
+#define PSA_ALG_CATEGORY_MASK ((psa_algorithm_t) 0x7f000000)
+#define PSA_ALG_CATEGORY_HASH ((psa_algorithm_t) 0x02000000)
+#define PSA_ALG_CATEGORY_MAC ((psa_algorithm_t) 0x03000000)
+#define PSA_ALG_CATEGORY_CIPHER ((psa_algorithm_t) 0x04000000)
+#define PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t) 0x05000000)
+#define PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t) 0x06000000)
+#define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t) 0x07000000)
+#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t) 0x08000000)
+#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t) 0x09000000)
/** Whether an algorithm is vendor-defined.
*
@@ -819,46 +819,46 @@
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)
/** An invalid algorithm identifier value. */
-#define PSA_ALG_NONE ((psa_algorithm_t)0)
+#define PSA_ALG_NONE ((psa_algorithm_t) 0)
-#define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff)
+#define PSA_ALG_HASH_MASK ((psa_algorithm_t) 0x000000ff)
/** MD2 */
-#define PSA_ALG_MD2 ((psa_algorithm_t)0x02000001)
+#define PSA_ALG_MD2 ((psa_algorithm_t) 0x02000001)
/** MD4 */
-#define PSA_ALG_MD4 ((psa_algorithm_t)0x02000002)
+#define PSA_ALG_MD4 ((psa_algorithm_t) 0x02000002)
/** MD5 */
-#define PSA_ALG_MD5 ((psa_algorithm_t)0x02000003)
+#define PSA_ALG_MD5 ((psa_algorithm_t) 0x02000003)
/** PSA_ALG_RIPEMD160 */
-#define PSA_ALG_RIPEMD160 ((psa_algorithm_t)0x02000004)
+#define PSA_ALG_RIPEMD160 ((psa_algorithm_t) 0x02000004)
/** SHA1 */
-#define PSA_ALG_SHA_1 ((psa_algorithm_t)0x02000005)
+#define PSA_ALG_SHA_1 ((psa_algorithm_t) 0x02000005)
/** SHA2-224 */
-#define PSA_ALG_SHA_224 ((psa_algorithm_t)0x02000008)
+#define PSA_ALG_SHA_224 ((psa_algorithm_t) 0x02000008)
/** SHA2-256 */
-#define PSA_ALG_SHA_256 ((psa_algorithm_t)0x02000009)
+#define PSA_ALG_SHA_256 ((psa_algorithm_t) 0x02000009)
/** SHA2-384 */
-#define PSA_ALG_SHA_384 ((psa_algorithm_t)0x0200000a)
+#define PSA_ALG_SHA_384 ((psa_algorithm_t) 0x0200000a)
/** SHA2-512 */
-#define PSA_ALG_SHA_512 ((psa_algorithm_t)0x0200000b)
+#define PSA_ALG_SHA_512 ((psa_algorithm_t) 0x0200000b)
/** SHA2-512/224 */
-#define PSA_ALG_SHA_512_224 ((psa_algorithm_t)0x0200000c)
+#define PSA_ALG_SHA_512_224 ((psa_algorithm_t) 0x0200000c)
/** SHA2-512/256 */
-#define PSA_ALG_SHA_512_256 ((psa_algorithm_t)0x0200000d)
+#define PSA_ALG_SHA_512_256 ((psa_algorithm_t) 0x0200000d)
/** SHA3-224 */
-#define PSA_ALG_SHA3_224 ((psa_algorithm_t)0x02000010)
+#define PSA_ALG_SHA3_224 ((psa_algorithm_t) 0x02000010)
/** SHA3-256 */
-#define PSA_ALG_SHA3_256 ((psa_algorithm_t)0x02000011)
+#define PSA_ALG_SHA3_256 ((psa_algorithm_t) 0x02000011)
/** SHA3-384 */
-#define PSA_ALG_SHA3_384 ((psa_algorithm_t)0x02000012)
+#define PSA_ALG_SHA3_384 ((psa_algorithm_t) 0x02000012)
/** SHA3-512 */
-#define PSA_ALG_SHA3_512 ((psa_algorithm_t)0x02000013)
+#define PSA_ALG_SHA3_512 ((psa_algorithm_t) 0x02000013)
/** The first 512 bits (64 bytes) of the SHAKE256 output.
*
* This is the prehashing for Ed448ph (see #PSA_ALG_ED448PH). For other
* scenarios where a hash function based on SHA3/SHAKE is desired, SHA3-512
* has the same output size and a (theoretically) higher security strength.
*/
-#define PSA_ALG_SHAKE256_512 ((psa_algorithm_t)0x02000015)
+#define PSA_ALG_SHAKE256_512 ((psa_algorithm_t) 0x02000015)
/** In a hash-and-sign algorithm policy, allow any hash algorithm.
*
@@ -893,10 +893,10 @@
* This value may not be used to build an algorithm specification to
* perform an operation. It is only valid to build policies.
*/
-#define PSA_ALG_ANY_HASH ((psa_algorithm_t)0x020000ff)
+#define PSA_ALG_ANY_HASH ((psa_algorithm_t) 0x020000ff)
-#define PSA_ALG_MAC_SUBCATEGORY_MASK ((psa_algorithm_t)0x00c00000)
-#define PSA_ALG_HMAC_BASE ((psa_algorithm_t)0x03800000)
+#define PSA_ALG_MAC_SUBCATEGORY_MASK ((psa_algorithm_t) 0x00c00000)
+#define PSA_ALG_HMAC_BASE ((psa_algorithm_t) 0x03800000)
/** Macro to build an HMAC algorithm.
*
* For example, #PSA_ALG_HMAC(#PSA_ALG_SHA_256) is HMAC-SHA-256.
@@ -935,7 +935,7 @@
* reach up to 63; the largest MAC is 64 bytes so its trivial truncation
* to full length is correctly encoded as 0 and any non-trivial truncation
* is correctly encoded as a value between 1 and 63. */
-#define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t)0x003f0000)
+#define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t) 0x003f0000)
#define PSA_MAC_TRUNCATION_OFFSET 16
/* In the encoding of a MAC algorithm, the bit corresponding to
@@ -944,7 +944,7 @@
* algorithm policy can be used with any algorithm corresponding to the
* same base class and having a (potentially truncated) MAC length greater or
* equal than the one encoded in #PSA_ALG_MAC_TRUNCATION_MASK. */
-#define PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
+#define PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t) 0x00008000)
/** Macro to build a truncated MAC algorithm.
*
@@ -1039,18 +1039,18 @@
* too large for the specified MAC algorithm.
*/
#define PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(mac_alg, min_mac_length) \
- ( PSA_ALG_TRUNCATED_MAC(mac_alg, min_mac_length) | \
- PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG )
+ (PSA_ALG_TRUNCATED_MAC(mac_alg, min_mac_length) | \
+ PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG)
-#define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x03c00000)
+#define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t) 0x03c00000)
/** The CBC-MAC construction over a block cipher
*
* \warning CBC-MAC is insecure in many cases.
* A more secure mode, such as #PSA_ALG_CMAC, is recommended.
*/
-#define PSA_ALG_CBC_MAC ((psa_algorithm_t)0x03c00100)
+#define PSA_ALG_CBC_MAC ((psa_algorithm_t) 0x03c00100)
/** The CMAC construction over a block cipher */
-#define PSA_ALG_CMAC ((psa_algorithm_t)0x03c00200)
+#define PSA_ALG_CMAC ((psa_algorithm_t) 0x03c00200)
/** Whether the specified algorithm is a MAC algorithm based on a block cipher.
*
@@ -1064,8 +1064,8 @@
(((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
PSA_ALG_CIPHER_MAC_BASE)
-#define PSA_ALG_CIPHER_STREAM_FLAG ((psa_algorithm_t)0x00800000)
-#define PSA_ALG_CIPHER_FROM_BLOCK_FLAG ((psa_algorithm_t)0x00400000)
+#define PSA_ALG_CIPHER_STREAM_FLAG ((psa_algorithm_t) 0x00800000)
+#define PSA_ALG_CIPHER_FROM_BLOCK_FLAG ((psa_algorithm_t) 0x00400000)
/** Whether the specified algorithm is a stream cipher.
*
@@ -1081,7 +1081,7 @@
*/
#define PSA_ALG_IS_STREAM_CIPHER(alg) \
(((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_STREAM_FLAG)) == \
- (PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG))
+ (PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG))
/** The stream cipher mode of a stream cipher algorithm.
*
@@ -1089,7 +1089,7 @@
* - To use ChaCha20, use a key type of #PSA_KEY_TYPE_CHACHA20.
* - To use ARC4, use a key type of #PSA_KEY_TYPE_ARC4.
*/
-#define PSA_ALG_STREAM_CIPHER ((psa_algorithm_t)0x04800100)
+#define PSA_ALG_STREAM_CIPHER ((psa_algorithm_t) 0x04800100)
/** The CTR stream cipher mode.
*
@@ -1098,19 +1098,19 @@
* For example, to use AES-128-CTR, use this algorithm with
* a key of type #PSA_KEY_TYPE_AES and a length of 128 bits (16 bytes).
*/
-#define PSA_ALG_CTR ((psa_algorithm_t)0x04c01000)
+#define PSA_ALG_CTR ((psa_algorithm_t) 0x04c01000)
/** The CFB stream cipher mode.
*
* The underlying block cipher is determined by the key type.
*/
-#define PSA_ALG_CFB ((psa_algorithm_t)0x04c01100)
+#define PSA_ALG_CFB ((psa_algorithm_t) 0x04c01100)
/** The OFB stream cipher mode.
*
* The underlying block cipher is determined by the key type.
*/
-#define PSA_ALG_OFB ((psa_algorithm_t)0x04c01200)
+#define PSA_ALG_OFB ((psa_algorithm_t) 0x04c01200)
/** The XTS cipher mode.
*
@@ -1118,7 +1118,7 @@
* least one full block of input, but beyond this minimum the input
* does not need to be a whole number of blocks.
*/
-#define PSA_ALG_XTS ((psa_algorithm_t)0x0440ff00)
+#define PSA_ALG_XTS ((psa_algorithm_t) 0x0440ff00)
/** The Electronic Code Book (ECB) mode of a block cipher, with no padding.
*
@@ -1138,7 +1138,7 @@
* multi-part cipher operation with this algorithm, psa_cipher_generate_iv()
* and psa_cipher_set_iv() must not be called.
*/
-#define PSA_ALG_ECB_NO_PADDING ((psa_algorithm_t)0x04404400)
+#define PSA_ALG_ECB_NO_PADDING ((psa_algorithm_t) 0x04404400)
/** The CBC block cipher chaining mode, with no padding.
*
@@ -1147,7 +1147,7 @@
* This symmetric cipher mode can only be used with messages whose lengths
* are whole number of blocks for the chosen block cipher.
*/
-#define PSA_ALG_CBC_NO_PADDING ((psa_algorithm_t)0x04404000)
+#define PSA_ALG_CBC_NO_PADDING ((psa_algorithm_t) 0x04404000)
/** The CBC block cipher chaining mode with PKCS#7 padding.
*
@@ -1155,9 +1155,9 @@
*
* This is the padding method defined by PKCS#7 (RFC 2315) §10.3.
*/
-#define PSA_ALG_CBC_PKCS7 ((psa_algorithm_t)0x04404100)
+#define PSA_ALG_CBC_PKCS7 ((psa_algorithm_t) 0x04404100)
-#define PSA_ALG_AEAD_FROM_BLOCK_FLAG ((psa_algorithm_t)0x00400000)
+#define PSA_ALG_AEAD_FROM_BLOCK_FLAG ((psa_algorithm_t) 0x00400000)
/** Whether the specified algorithm is an AEAD mode on a block cipher.
*
@@ -1176,13 +1176,13 @@
*
* The underlying block cipher is determined by the key type.
*/
-#define PSA_ALG_CCM ((psa_algorithm_t)0x05500100)
+#define PSA_ALG_CCM ((psa_algorithm_t) 0x05500100)
/** The GCM authenticated encryption algorithm.
*
* The underlying block cipher is determined by the key type.
*/
-#define PSA_ALG_GCM ((psa_algorithm_t)0x05500200)
+#define PSA_ALG_GCM ((psa_algorithm_t) 0x05500200)
/** The Chacha20-Poly1305 AEAD algorithm.
*
@@ -1193,13 +1193,13 @@
*
* Implementations must support 16-byte tags and should reject other sizes.
*/
-#define PSA_ALG_CHACHA20_POLY1305 ((psa_algorithm_t)0x05100500)
+#define PSA_ALG_CHACHA20_POLY1305 ((psa_algorithm_t) 0x05100500)
/* In the encoding of an AEAD algorithm, the bits corresponding to
* PSA_ALG_AEAD_TAG_LENGTH_MASK encode the length of the AEAD tag.
* The constants for default lengths follow this encoding.
*/
-#define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t)0x003f0000)
+#define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t) 0x003f0000)
#define PSA_AEAD_TAG_LENGTH_OFFSET 16
/* In the encoding of an AEAD algorithm, the bit corresponding to
@@ -1208,7 +1208,7 @@
* algorithm policy can be used with any algorithm corresponding to the
* same base class and having a tag length greater than or equal to the one
* encoded in #PSA_ALG_AEAD_TAG_LENGTH_MASK. */
-#define PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
+#define PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t) 0x00008000)
/** Macro to build a shortened AEAD algorithm.
*
@@ -1232,7 +1232,7 @@
(((aead_alg) & ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | \
PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)) | \
((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET & \
- PSA_ALG_AEAD_TAG_LENGTH_MASK))
+ PSA_ALG_AEAD_TAG_LENGTH_MASK))
/** Retrieve the tag length of a specified AEAD algorithm
*
@@ -1246,7 +1246,7 @@
*/
#define PSA_ALG_AEAD_GET_TAG_LENGTH(aead_alg) \
(((aead_alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> \
- PSA_AEAD_TAG_LENGTH_OFFSET )
+ PSA_AEAD_TAG_LENGTH_OFFSET)
/** Calculate the corresponding AEAD algorithm with the default tag length.
*
@@ -1292,10 +1292,10 @@
* or too large for the specified AEAD algorithm.
*/
#define PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(aead_alg, min_tag_length) \
- ( PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, min_tag_length) | \
- PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG )
+ (PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, min_tag_length) | \
+ PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)
-#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t)0x06000200)
+#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t) 0x06000200)
/** RSA PKCS#1 v1.5 signature with hashing.
*
* This is the signature scheme defined by RFC 8017
@@ -1323,8 +1323,8 @@
#define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) \
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)
-#define PSA_ALG_RSA_PSS_BASE ((psa_algorithm_t)0x06000300)
-#define PSA_ALG_RSA_PSS_ANY_SALT_BASE ((psa_algorithm_t)0x06001300)
+#define PSA_ALG_RSA_PSS_BASE ((psa_algorithm_t) 0x06000300)
+#define PSA_ALG_RSA_PSS_ANY_SALT_BASE ((psa_algorithm_t) 0x06001300)
/** RSA PSS signature with hashing.
*
* This is the signature scheme defined by RFC 8017
@@ -1413,7 +1413,7 @@
(PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) || \
PSA_ALG_IS_RSA_PSS_ANY_SALT(alg))
-#define PSA_ALG_ECDSA_BASE ((psa_algorithm_t)0x06000600)
+#define PSA_ALG_ECDSA_BASE ((psa_algorithm_t) 0x06000600)
/** ECDSA signature with hashing.
*
* This is the ECDSA signature scheme defined by ANSI X9.62,
@@ -1446,7 +1446,7 @@
* the curve size.
*/
#define PSA_ALG_ECDSA_ANY PSA_ALG_ECDSA_BASE
-#define PSA_ALG_DETERMINISTIC_ECDSA_BASE ((psa_algorithm_t)0x06000700)
+#define PSA_ALG_DETERMINISTIC_ECDSA_BASE ((psa_algorithm_t) 0x06000700)
/** Deterministic ECDSA signature with hashing.
*
* This is the deterministic ECDSA signature scheme defined by RFC 6979.
@@ -1471,7 +1471,7 @@
*/
#define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg) \
(PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_ECDSA_DETERMINISTIC_FLAG ((psa_algorithm_t)0x00000100)
+#define PSA_ALG_ECDSA_DETERMINISTIC_FLAG ((psa_algorithm_t) 0x00000100)
#define PSA_ALG_IS_ECDSA(alg) \
(((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_ECDSA_DETERMINISTIC_FLAG) == \
PSA_ALG_ECDSA_BASE)
@@ -1510,9 +1510,9 @@
* RFC 8032 §5.1.6 and §5.2.6 (a 64-byte string for Ed25519, a 114-byte
* string for Ed448).
*/
-#define PSA_ALG_PURE_EDDSA ((psa_algorithm_t)0x06000800)
+#define PSA_ALG_PURE_EDDSA ((psa_algorithm_t) 0x06000800)
-#define PSA_ALG_HASH_EDDSA_BASE ((psa_algorithm_t)0x06000900)
+#define PSA_ALG_HASH_EDDSA_BASE ((psa_algorithm_t) 0x06000900)
#define PSA_ALG_IS_HASH_EDDSA(alg) \
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HASH_EDDSA_BASE)
@@ -1604,7 +1604,7 @@
* supported algorithm identifier.
*/
#define PSA_ALG_IS_SIGN_MESSAGE(alg) \
- (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA )
+ (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA)
/** Whether the specified algorithm is a hash-and-sign algorithm.
*
@@ -1661,9 +1661,9 @@
/** RSA PKCS#1 v1.5 encryption.
*/
-#define PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t)0x07000200)
+#define PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t) 0x07000200)
-#define PSA_ALG_RSA_OAEP_BASE ((psa_algorithm_t)0x07000300)
+#define PSA_ALG_RSA_OAEP_BASE ((psa_algorithm_t) 0x07000300)
/** RSA OAEP encryption.
*
* This is the encryption scheme defined by RFC 8017
@@ -1687,7 +1687,7 @@
((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
0)
-#define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x08000100)
+#define PSA_ALG_HKDF_BASE ((psa_algorithm_t) 0x08000100)
/** Macro to build an HKDF algorithm.
*
* For example, `PSA_ALG_HKDF(PSA_ALG_SHA_256)` is HKDF using HMAC-SHA-256.
@@ -1726,7 +1726,7 @@
#define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x08000200)
+#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t) 0x08000200)
/** Macro to build a TLS-1.2 PRF algorithm.
*
* TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule,
@@ -1769,7 +1769,7 @@
#define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg) \
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x08000300)
+#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t) 0x08000300)
/** Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm.
*
* In a pure-PSK handshake in TLS 1.2, the master secret is derived
@@ -1815,8 +1815,8 @@
#define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0xfe00ffff)
-#define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t)0xffff0000)
+#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t) 0xfe00ffff)
+#define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t) 0xffff0000)
/** Macro to build a combined algorithm that chains a key agreement with
* a key derivation.
@@ -1869,7 +1869,7 @@
* It is `ceiling(m / 8)` bytes long where `m` is the size of the prime `p`
* in bits.
*/
-#define PSA_ALG_FFDH ((psa_algorithm_t)0x09010000)
+#define PSA_ALG_FFDH ((psa_algorithm_t) 0x09010000)
/** Whether the specified algorithm is a finite field Diffie-Hellman algorithm.
*
@@ -1911,7 +1911,7 @@
* in big-endian byte order.
* The bit size is `m` for the field `F_{2^m}`.
*/
-#define PSA_ALG_ECDH ((psa_algorithm_t)0x09020000)
+#define PSA_ALG_ECDH ((psa_algorithm_t) 0x09020000)
/** Whether the specified algorithm is an elliptic curve Diffie-Hellman
* algorithm.
@@ -1974,7 +1974,7 @@
* it must release all the resources associated with the key and erase the
* key material if the calling application terminates.
*/
-#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000)
+#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t) 0x00000000)
/** The default lifetime for persistent keys.
*
@@ -1988,31 +1988,31 @@
* application. Integrations of Mbed TLS may support other persistent lifetimes.
* See ::psa_key_lifetime_t for more information.
*/
-#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
+#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t) 0x00000001)
/** The persistence level of volatile keys.
*
* See ::psa_key_persistence_t for more information.
*/
-#define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t)0x00)
+#define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t) 0x00)
/** The default persistence level for persistent keys.
*
* See ::psa_key_persistence_t for more information.
*/
-#define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t)0x01)
+#define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t) 0x01)
/** A persistence level indicating that a key is never destroyed.
*
* See ::psa_key_persistence_t for more information.
*/
-#define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t)0xff)
+#define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t) 0xff)
#define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \
- ((psa_key_persistence_t)((lifetime) & 0x000000ff))
+ ((psa_key_persistence_t) ((lifetime) & 0x000000ff))
#define PSA_KEY_LIFETIME_GET_LOCATION(lifetime) \
- ((psa_key_location_t)((lifetime) >> 8))
+ ((psa_key_location_t) ((lifetime) >> 8))
/** Whether a key lifetime indicates that the key is volatile.
*
@@ -2074,9 +2074,9 @@
*
* See ::psa_key_location_t for more information.
*/
-#define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t)0x000000)
+#define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t) 0x000000)
-#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000)
+#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t) 0x800000)
/* Note that key identifier values are embedded in the
* persistent key store, as part of key metadata. As a consequence, they
@@ -2085,26 +2085,26 @@
/** The null key identifier.
*/
-#define PSA_KEY_ID_NULL ((psa_key_id_t)0)
+#define PSA_KEY_ID_NULL ((psa_key_id_t) 0)
/** The minimum value for a key identifier chosen by the application.
*/
-#define PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000001)
+#define PSA_KEY_ID_USER_MIN ((psa_key_id_t) 0x00000001)
/** The maximum value for a key identifier chosen by the application.
*/
-#define PSA_KEY_ID_USER_MAX ((psa_key_id_t)0x3fffffff)
+#define PSA_KEY_ID_USER_MAX ((psa_key_id_t) 0x3fffffff)
/** The minimum value for a key identifier chosen by the implementation.
*/
-#define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t)0x40000000)
+#define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t) 0x40000000)
/** The maximum value for a key identifier chosen by the implementation.
*/
-#define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t)0x7fffffff)
+#define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t) 0x7fffffff)
#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
-#define MBEDTLS_SVC_KEY_ID_INIT ( (psa_key_id_t)0 )
-#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( id )
-#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( 0 )
+#define MBEDTLS_SVC_KEY_ID_INIT ((psa_key_id_t) 0)
+#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) (id)
+#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(id) (0)
/** Utility to initialize a key identifier at runtime.
*
@@ -2112,11 +2112,11 @@
* \param key_id Identifier of the key.
*/
static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
- unsigned int unused, psa_key_id_t key_id )
+ unsigned int unused, psa_key_id_t key_id)
{
- (void)unused;
+ (void) unused;
- return( key_id );
+ return key_id;
}
/** Compare two key identifiers.
@@ -2126,10 +2126,10 @@
*
* \return Non-zero if the two key identifier are equal, zero otherwise.
*/
-static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
- mbedtls_svc_key_id_t id2 )
+static inline int mbedtls_svc_key_id_equal(mbedtls_svc_key_id_t id1,
+ mbedtls_svc_key_id_t id2)
{
- return( id1 == id2 );
+ return id1 == id2;
}
/** Check whether a key identifier is null.
@@ -2138,16 +2138,16 @@
*
* \return Non-zero if the key identifier is null, zero otherwise.
*/
-static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
+static inline int mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key)
{
- return( key == 0 );
+ return key == 0;
}
#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
-#define MBEDTLS_SVC_KEY_ID_INIT ( (mbedtls_svc_key_id_t){ 0, 0 } )
-#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).key_id )
-#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).owner )
+#define MBEDTLS_SVC_KEY_ID_INIT ((mbedtls_svc_key_id_t){ 0, 0 })
+#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) ((id).key_id)
+#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(id) ((id).owner)
/** Utility to initialize a key identifier at runtime.
*
@@ -2155,10 +2155,10 @@
* \param key_id Identifier of the key.
*/
static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
- mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id )
+ mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id)
{
- return( (mbedtls_svc_key_id_t){ .key_id = key_id,
- .owner = owner_id } );
+ return (mbedtls_svc_key_id_t){ .key_id = key_id,
+ .owner = owner_id };
}
/** Compare two key identifiers.
@@ -2168,11 +2168,11 @@
*
* \return Non-zero if the two key identifier are equal, zero otherwise.
*/
-static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
- mbedtls_svc_key_id_t id2 )
+static inline int mbedtls_svc_key_id_equal(mbedtls_svc_key_id_t id1,
+ mbedtls_svc_key_id_t id2)
{
- return( ( id1.key_id == id2.key_id ) &&
- mbedtls_key_owner_id_equal( id1.owner, id2.owner ) );
+ return (id1.key_id == id2.key_id) &&
+ mbedtls_key_owner_id_equal(id1.owner, id2.owner);
}
/** Check whether a key identifier is null.
@@ -2181,9 +2181,9 @@
*
* \return Non-zero if the key identifier is null, zero otherwise.
*/
-static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
+static inline int mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key)
{
- return( key.key_id == 0 );
+ return key.key_id == 0;
}
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
@@ -2210,7 +2210,7 @@
* The key may however be exportable in a wrapped form, i.e. in a form
* where it is encrypted by another key.
*/
-#define PSA_KEY_USAGE_EXPORT ((psa_key_usage_t)0x00000001)
+#define PSA_KEY_USAGE_EXPORT ((psa_key_usage_t) 0x00000001)
/** Whether the key may be copied.
*
@@ -2226,7 +2226,7 @@
* #PSA_KEY_LIFETIME_PERSISTENT, the usage flag #PSA_KEY_USAGE_COPY
* is sufficient to permit the copy.
*/
-#define PSA_KEY_USAGE_COPY ((psa_key_usage_t)0x00000002)
+#define PSA_KEY_USAGE_COPY ((psa_key_usage_t) 0x00000002)
/** Whether the key may be used to encrypt a message.
*
@@ -2237,7 +2237,7 @@
*
* For a key pair, this concerns the public key.
*/
-#define PSA_KEY_USAGE_ENCRYPT ((psa_key_usage_t)0x00000100)
+#define PSA_KEY_USAGE_ENCRYPT ((psa_key_usage_t) 0x00000100)
/** Whether the key may be used to decrypt a message.
*
@@ -2248,7 +2248,7 @@
*
* For a key pair, this concerns the private key.
*/
-#define PSA_KEY_USAGE_DECRYPT ((psa_key_usage_t)0x00000200)
+#define PSA_KEY_USAGE_DECRYPT ((psa_key_usage_t) 0x00000200)
/** Whether the key may be used to sign a message.
*
@@ -2258,7 +2258,7 @@
*
* For a key pair, this concerns the private key.
*/
-#define PSA_KEY_USAGE_SIGN_MESSAGE ((psa_key_usage_t)0x00000400)
+#define PSA_KEY_USAGE_SIGN_MESSAGE ((psa_key_usage_t) 0x00000400)
/** Whether the key may be used to verify a message.
*
@@ -2268,7 +2268,7 @@
*
* For a key pair, this concerns the public key.
*/
-#define PSA_KEY_USAGE_VERIFY_MESSAGE ((psa_key_usage_t)0x00000800)
+#define PSA_KEY_USAGE_VERIFY_MESSAGE ((psa_key_usage_t) 0x00000800)
/** Whether the key may be used to sign a message.
*
@@ -2278,7 +2278,7 @@
*
* For a key pair, this concerns the private key.
*/
-#define PSA_KEY_USAGE_SIGN_HASH ((psa_key_usage_t)0x00001000)
+#define PSA_KEY_USAGE_SIGN_HASH ((psa_key_usage_t) 0x00001000)
/** Whether the key may be used to verify a message signature.
*
@@ -2288,11 +2288,11 @@
*
* For a key pair, this concerns the public key.
*/
-#define PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t)0x00002000)
+#define PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t) 0x00002000)
/** Whether the key may be used to derive other keys.
*/
-#define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00004000)
+#define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t) 0x00004000)
/**@}*/
@@ -2315,35 +2315,35 @@
* may not be used to derive keys: the operation will only allow
* psa_key_derivation_output_bytes(), not psa_key_derivation_output_key().
*/
-#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101)
+#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t) 0x0101)
/** A label for key derivation.
*
* This should be a direct input.
* It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
*/
-#define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t)0x0201)
+#define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t) 0x0201)
/** A salt for key derivation.
*
* This should be a direct input.
* It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
*/
-#define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t)0x0202)
+#define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t) 0x0202)
/** An information string for key derivation.
*
* This should be a direct input.
* It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
*/
-#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t)0x0203)
+#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t) 0x0203)
/** A seed for key derivation.
*
* This should be a direct input.
* It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
*/
-#define PSA_KEY_DERIVATION_INPUT_SEED ((psa_key_derivation_step_t)0x0204)
+#define PSA_KEY_DERIVATION_INPUT_SEED ((psa_key_derivation_step_t) 0x0204)
/**@}*/
diff --git a/library/aes.c b/library/aes.c
index 74ea267..bcdf3c7 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -45,13 +45,13 @@
#if !defined(MBEDTLS_AES_ALT)
/* Parameter validation macros based on platform_util.h */
-#define AES_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA )
-#define AES_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define AES_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA)
+#define AES_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
#if defined(MBEDTLS_PADLOCK_C) && \
- ( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
+ (defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16))
static int aes_padlock_ace = -1;
#endif
@@ -100,86 +100,86 @@
*/
#define FT \
\
- V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \
- V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \
- V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \
- V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \
- V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \
- V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \
- V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \
- V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \
- V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \
- V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \
- V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \
- V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \
- V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \
- V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \
- V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \
- V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \
- V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \
- V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \
- V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \
- V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \
- V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \
- V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \
- V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \
- V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \
- V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \
- V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \
- V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \
- V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \
- V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \
- V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \
- V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \
- V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \
- V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \
- V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \
- V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \
- V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \
- V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \
- V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \
- V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \
- V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \
- V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \
- V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \
- V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \
- V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \
- V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \
- V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \
- V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \
- V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \
- V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \
- V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \
- V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \
- V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \
- V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \
- V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \
- V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \
- V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \
- V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \
- V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \
- V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \
- V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \
- V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \
- V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \
- V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \
- V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C)
+ V(A5, 63, 63, C6), V(84, 7C, 7C, F8), V(99, 77, 77, EE), V(8D, 7B, 7B, F6), \
+ V(0D, F2, F2, FF), V(BD, 6B, 6B, D6), V(B1, 6F, 6F, DE), V(54, C5, C5, 91), \
+ V(50, 30, 30, 60), V(03, 01, 01, 02), V(A9, 67, 67, CE), V(7D, 2B, 2B, 56), \
+ V(19, FE, FE, E7), V(62, D7, D7, B5), V(E6, AB, AB, 4D), V(9A, 76, 76, EC), \
+ V(45, CA, CA, 8F), V(9D, 82, 82, 1F), V(40, C9, C9, 89), V(87, 7D, 7D, FA), \
+ V(15, FA, FA, EF), V(EB, 59, 59, B2), V(C9, 47, 47, 8E), V(0B, F0, F0, FB), \
+ V(EC, AD, AD, 41), V(67, D4, D4, B3), V(FD, A2, A2, 5F), V(EA, AF, AF, 45), \
+ V(BF, 9C, 9C, 23), V(F7, A4, A4, 53), V(96, 72, 72, E4), V(5B, C0, C0, 9B), \
+ V(C2, B7, B7, 75), V(1C, FD, FD, E1), V(AE, 93, 93, 3D), V(6A, 26, 26, 4C), \
+ V(5A, 36, 36, 6C), V(41, 3F, 3F, 7E), V(02, F7, F7, F5), V(4F, CC, CC, 83), \
+ V(5C, 34, 34, 68), V(F4, A5, A5, 51), V(34, E5, E5, D1), V(08, F1, F1, F9), \
+ V(93, 71, 71, E2), V(73, D8, D8, AB), V(53, 31, 31, 62), V(3F, 15, 15, 2A), \
+ V(0C, 04, 04, 08), V(52, C7, C7, 95), V(65, 23, 23, 46), V(5E, C3, C3, 9D), \
+ V(28, 18, 18, 30), V(A1, 96, 96, 37), V(0F, 05, 05, 0A), V(B5, 9A, 9A, 2F), \
+ V(09, 07, 07, 0E), V(36, 12, 12, 24), V(9B, 80, 80, 1B), V(3D, E2, E2, DF), \
+ V(26, EB, EB, CD), V(69, 27, 27, 4E), V(CD, B2, B2, 7F), V(9F, 75, 75, EA), \
+ V(1B, 09, 09, 12), V(9E, 83, 83, 1D), V(74, 2C, 2C, 58), V(2E, 1A, 1A, 34), \
+ V(2D, 1B, 1B, 36), V(B2, 6E, 6E, DC), V(EE, 5A, 5A, B4), V(FB, A0, A0, 5B), \
+ V(F6, 52, 52, A4), V(4D, 3B, 3B, 76), V(61, D6, D6, B7), V(CE, B3, B3, 7D), \
+ V(7B, 29, 29, 52), V(3E, E3, E3, DD), V(71, 2F, 2F, 5E), V(97, 84, 84, 13), \
+ V(F5, 53, 53, A6), V(68, D1, D1, B9), V(00, 00, 00, 00), V(2C, ED, ED, C1), \
+ V(60, 20, 20, 40), V(1F, FC, FC, E3), V(C8, B1, B1, 79), V(ED, 5B, 5B, B6), \
+ V(BE, 6A, 6A, D4), V(46, CB, CB, 8D), V(D9, BE, BE, 67), V(4B, 39, 39, 72), \
+ V(DE, 4A, 4A, 94), V(D4, 4C, 4C, 98), V(E8, 58, 58, B0), V(4A, CF, CF, 85), \
+ V(6B, D0, D0, BB), V(2A, EF, EF, C5), V(E5, AA, AA, 4F), V(16, FB, FB, ED), \
+ V(C5, 43, 43, 86), V(D7, 4D, 4D, 9A), V(55, 33, 33, 66), V(94, 85, 85, 11), \
+ V(CF, 45, 45, 8A), V(10, F9, F9, E9), V(06, 02, 02, 04), V(81, 7F, 7F, FE), \
+ V(F0, 50, 50, A0), V(44, 3C, 3C, 78), V(BA, 9F, 9F, 25), V(E3, A8, A8, 4B), \
+ V(F3, 51, 51, A2), V(FE, A3, A3, 5D), V(C0, 40, 40, 80), V(8A, 8F, 8F, 05), \
+ V(AD, 92, 92, 3F), V(BC, 9D, 9D, 21), V(48, 38, 38, 70), V(04, F5, F5, F1), \
+ V(DF, BC, BC, 63), V(C1, B6, B6, 77), V(75, DA, DA, AF), V(63, 21, 21, 42), \
+ V(30, 10, 10, 20), V(1A, FF, FF, E5), V(0E, F3, F3, FD), V(6D, D2, D2, BF), \
+ V(4C, CD, CD, 81), V(14, 0C, 0C, 18), V(35, 13, 13, 26), V(2F, EC, EC, C3), \
+ V(E1, 5F, 5F, BE), V(A2, 97, 97, 35), V(CC, 44, 44, 88), V(39, 17, 17, 2E), \
+ V(57, C4, C4, 93), V(F2, A7, A7, 55), V(82, 7E, 7E, FC), V(47, 3D, 3D, 7A), \
+ V(AC, 64, 64, C8), V(E7, 5D, 5D, BA), V(2B, 19, 19, 32), V(95, 73, 73, E6), \
+ V(A0, 60, 60, C0), V(98, 81, 81, 19), V(D1, 4F, 4F, 9E), V(7F, DC, DC, A3), \
+ V(66, 22, 22, 44), V(7E, 2A, 2A, 54), V(AB, 90, 90, 3B), V(83, 88, 88, 0B), \
+ V(CA, 46, 46, 8C), V(29, EE, EE, C7), V(D3, B8, B8, 6B), V(3C, 14, 14, 28), \
+ V(79, DE, DE, A7), V(E2, 5E, 5E, BC), V(1D, 0B, 0B, 16), V(76, DB, DB, AD), \
+ V(3B, E0, E0, DB), V(56, 32, 32, 64), V(4E, 3A, 3A, 74), V(1E, 0A, 0A, 14), \
+ V(DB, 49, 49, 92), V(0A, 06, 06, 0C), V(6C, 24, 24, 48), V(E4, 5C, 5C, B8), \
+ V(5D, C2, C2, 9F), V(6E, D3, D3, BD), V(EF, AC, AC, 43), V(A6, 62, 62, C4), \
+ V(A8, 91, 91, 39), V(A4, 95, 95, 31), V(37, E4, E4, D3), V(8B, 79, 79, F2), \
+ V(32, E7, E7, D5), V(43, C8, C8, 8B), V(59, 37, 37, 6E), V(B7, 6D, 6D, DA), \
+ V(8C, 8D, 8D, 01), V(64, D5, D5, B1), V(D2, 4E, 4E, 9C), V(E0, A9, A9, 49), \
+ V(B4, 6C, 6C, D8), V(FA, 56, 56, AC), V(07, F4, F4, F3), V(25, EA, EA, CF), \
+ V(AF, 65, 65, CA), V(8E, 7A, 7A, F4), V(E9, AE, AE, 47), V(18, 08, 08, 10), \
+ V(D5, BA, BA, 6F), V(88, 78, 78, F0), V(6F, 25, 25, 4A), V(72, 2E, 2E, 5C), \
+ V(24, 1C, 1C, 38), V(F1, A6, A6, 57), V(C7, B4, B4, 73), V(51, C6, C6, 97), \
+ V(23, E8, E8, CB), V(7C, DD, DD, A1), V(9C, 74, 74, E8), V(21, 1F, 1F, 3E), \
+ V(DD, 4B, 4B, 96), V(DC, BD, BD, 61), V(86, 8B, 8B, 0D), V(85, 8A, 8A, 0F), \
+ V(90, 70, 70, E0), V(42, 3E, 3E, 7C), V(C4, B5, B5, 71), V(AA, 66, 66, CC), \
+ V(D8, 48, 48, 90), V(05, 03, 03, 06), V(01, F6, F6, F7), V(12, 0E, 0E, 1C), \
+ V(A3, 61, 61, C2), V(5F, 35, 35, 6A), V(F9, 57, 57, AE), V(D0, B9, B9, 69), \
+ V(91, 86, 86, 17), V(58, C1, C1, 99), V(27, 1D, 1D, 3A), V(B9, 9E, 9E, 27), \
+ V(38, E1, E1, D9), V(13, F8, F8, EB), V(B3, 98, 98, 2B), V(33, 11, 11, 22), \
+ V(BB, 69, 69, D2), V(70, D9, D9, A9), V(89, 8E, 8E, 07), V(A7, 94, 94, 33), \
+ V(B6, 9B, 9B, 2D), V(22, 1E, 1E, 3C), V(92, 87, 87, 15), V(20, E9, E9, C9), \
+ V(49, CE, CE, 87), V(FF, 55, 55, AA), V(78, 28, 28, 50), V(7A, DF, DF, A5), \
+ V(8F, 8C, 8C, 03), V(F8, A1, A1, 59), V(80, 89, 89, 09), V(17, 0D, 0D, 1A), \
+ V(DA, BF, BF, 65), V(31, E6, E6, D7), V(C6, 42, 42, 84), V(B8, 68, 68, D0), \
+ V(C3, 41, 41, 82), V(B0, 99, 99, 29), V(77, 2D, 2D, 5A), V(11, 0F, 0F, 1E), \
+ V(CB, B0, B0, 7B), V(FC, 54, 54, A8), V(D6, BB, BB, 6D), V(3A, 16, 16, 2C)
-#define V(a,b,c,d) 0x##a##b##c##d
+#define V(a, b, c, d) 0x##a##b##c##d
static const uint32_t FT0[256] = { FT };
#undef V
#if !defined(MBEDTLS_AES_FEWER_TABLES)
-#define V(a,b,c,d) 0x##b##c##d##a
+#define V(a, b, c, d) 0x##b##c##d##a
static const uint32_t FT1[256] = { FT };
#undef V
-#define V(a,b,c,d) 0x##c##d##a##b
+#define V(a, b, c, d) 0x##c##d##a##b
static const uint32_t FT2[256] = { FT };
#undef V
-#define V(a,b,c,d) 0x##d##a##b##c
+#define V(a, b, c, d) 0x##d##a##b##c
static const uint32_t FT3[256] = { FT };
#undef V
@@ -231,86 +231,86 @@
*/
#define RT \
\
- V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \
- V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \
- V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \
- V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \
- V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \
- V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \
- V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \
- V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \
- V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \
- V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \
- V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \
- V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \
- V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \
- V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \
- V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \
- V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \
- V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \
- V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \
- V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \
- V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \
- V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \
- V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \
- V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \
- V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \
- V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \
- V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \
- V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \
- V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \
- V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \
- V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \
- V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \
- V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \
- V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \
- V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \
- V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \
- V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \
- V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \
- V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \
- V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \
- V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \
- V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \
- V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \
- V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \
- V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \
- V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \
- V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \
- V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \
- V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \
- V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \
- V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \
- V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \
- V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \
- V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \
- V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \
- V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \
- V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \
- V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \
- V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \
- V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \
- V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \
- V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \
- V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \
- V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
- V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
+ V(50, A7, F4, 51), V(53, 65, 41, 7E), V(C3, A4, 17, 1A), V(96, 5E, 27, 3A), \
+ V(CB, 6B, AB, 3B), V(F1, 45, 9D, 1F), V(AB, 58, FA, AC), V(93, 03, E3, 4B), \
+ V(55, FA, 30, 20), V(F6, 6D, 76, AD), V(91, 76, CC, 88), V(25, 4C, 02, F5), \
+ V(FC, D7, E5, 4F), V(D7, CB, 2A, C5), V(80, 44, 35, 26), V(8F, A3, 62, B5), \
+ V(49, 5A, B1, DE), V(67, 1B, BA, 25), V(98, 0E, EA, 45), V(E1, C0, FE, 5D), \
+ V(02, 75, 2F, C3), V(12, F0, 4C, 81), V(A3, 97, 46, 8D), V(C6, F9, D3, 6B), \
+ V(E7, 5F, 8F, 03), V(95, 9C, 92, 15), V(EB, 7A, 6D, BF), V(DA, 59, 52, 95), \
+ V(2D, 83, BE, D4), V(D3, 21, 74, 58), V(29, 69, E0, 49), V(44, C8, C9, 8E), \
+ V(6A, 89, C2, 75), V(78, 79, 8E, F4), V(6B, 3E, 58, 99), V(DD, 71, B9, 27), \
+ V(B6, 4F, E1, BE), V(17, AD, 88, F0), V(66, AC, 20, C9), V(B4, 3A, CE, 7D), \
+ V(18, 4A, DF, 63), V(82, 31, 1A, E5), V(60, 33, 51, 97), V(45, 7F, 53, 62), \
+ V(E0, 77, 64, B1), V(84, AE, 6B, BB), V(1C, A0, 81, FE), V(94, 2B, 08, F9), \
+ V(58, 68, 48, 70), V(19, FD, 45, 8F), V(87, 6C, DE, 94), V(B7, F8, 7B, 52), \
+ V(23, D3, 73, AB), V(E2, 02, 4B, 72), V(57, 8F, 1F, E3), V(2A, AB, 55, 66), \
+ V(07, 28, EB, B2), V(03, C2, B5, 2F), V(9A, 7B, C5, 86), V(A5, 08, 37, D3), \
+ V(F2, 87, 28, 30), V(B2, A5, BF, 23), V(BA, 6A, 03, 02), V(5C, 82, 16, ED), \
+ V(2B, 1C, CF, 8A), V(92, B4, 79, A7), V(F0, F2, 07, F3), V(A1, E2, 69, 4E), \
+ V(CD, F4, DA, 65), V(D5, BE, 05, 06), V(1F, 62, 34, D1), V(8A, FE, A6, C4), \
+ V(9D, 53, 2E, 34), V(A0, 55, F3, A2), V(32, E1, 8A, 05), V(75, EB, F6, A4), \
+ V(39, EC, 83, 0B), V(AA, EF, 60, 40), V(06, 9F, 71, 5E), V(51, 10, 6E, BD), \
+ V(F9, 8A, 21, 3E), V(3D, 06, DD, 96), V(AE, 05, 3E, DD), V(46, BD, E6, 4D), \
+ V(B5, 8D, 54, 91), V(05, 5D, C4, 71), V(6F, D4, 06, 04), V(FF, 15, 50, 60), \
+ V(24, FB, 98, 19), V(97, E9, BD, D6), V(CC, 43, 40, 89), V(77, 9E, D9, 67), \
+ V(BD, 42, E8, B0), V(88, 8B, 89, 07), V(38, 5B, 19, E7), V(DB, EE, C8, 79), \
+ V(47, 0A, 7C, A1), V(E9, 0F, 42, 7C), V(C9, 1E, 84, F8), V(00, 00, 00, 00), \
+ V(83, 86, 80, 09), V(48, ED, 2B, 32), V(AC, 70, 11, 1E), V(4E, 72, 5A, 6C), \
+ V(FB, FF, 0E, FD), V(56, 38, 85, 0F), V(1E, D5, AE, 3D), V(27, 39, 2D, 36), \
+ V(64, D9, 0F, 0A), V(21, A6, 5C, 68), V(D1, 54, 5B, 9B), V(3A, 2E, 36, 24), \
+ V(B1, 67, 0A, 0C), V(0F, E7, 57, 93), V(D2, 96, EE, B4), V(9E, 91, 9B, 1B), \
+ V(4F, C5, C0, 80), V(A2, 20, DC, 61), V(69, 4B, 77, 5A), V(16, 1A, 12, 1C), \
+ V(0A, BA, 93, E2), V(E5, 2A, A0, C0), V(43, E0, 22, 3C), V(1D, 17, 1B, 12), \
+ V(0B, 0D, 09, 0E), V(AD, C7, 8B, F2), V(B9, A8, B6, 2D), V(C8, A9, 1E, 14), \
+ V(85, 19, F1, 57), V(4C, 07, 75, AF), V(BB, DD, 99, EE), V(FD, 60, 7F, A3), \
+ V(9F, 26, 01, F7), V(BC, F5, 72, 5C), V(C5, 3B, 66, 44), V(34, 7E, FB, 5B), \
+ V(76, 29, 43, 8B), V(DC, C6, 23, CB), V(68, FC, ED, B6), V(63, F1, E4, B8), \
+ V(CA, DC, 31, D7), V(10, 85, 63, 42), V(40, 22, 97, 13), V(20, 11, C6, 84), \
+ V(7D, 24, 4A, 85), V(F8, 3D, BB, D2), V(11, 32, F9, AE), V(6D, A1, 29, C7), \
+ V(4B, 2F, 9E, 1D), V(F3, 30, B2, DC), V(EC, 52, 86, 0D), V(D0, E3, C1, 77), \
+ V(6C, 16, B3, 2B), V(99, B9, 70, A9), V(FA, 48, 94, 11), V(22, 64, E9, 47), \
+ V(C4, 8C, FC, A8), V(1A, 3F, F0, A0), V(D8, 2C, 7D, 56), V(EF, 90, 33, 22), \
+ V(C7, 4E, 49, 87), V(C1, D1, 38, D9), V(FE, A2, CA, 8C), V(36, 0B, D4, 98), \
+ V(CF, 81, F5, A6), V(28, DE, 7A, A5), V(26, 8E, B7, DA), V(A4, BF, AD, 3F), \
+ V(E4, 9D, 3A, 2C), V(0D, 92, 78, 50), V(9B, CC, 5F, 6A), V(62, 46, 7E, 54), \
+ V(C2, 13, 8D, F6), V(E8, B8, D8, 90), V(5E, F7, 39, 2E), V(F5, AF, C3, 82), \
+ V(BE, 80, 5D, 9F), V(7C, 93, D0, 69), V(A9, 2D, D5, 6F), V(B3, 12, 25, CF), \
+ V(3B, 99, AC, C8), V(A7, 7D, 18, 10), V(6E, 63, 9C, E8), V(7B, BB, 3B, DB), \
+ V(09, 78, 26, CD), V(F4, 18, 59, 6E), V(01, B7, 9A, EC), V(A8, 9A, 4F, 83), \
+ V(65, 6E, 95, E6), V(7E, E6, FF, AA), V(08, CF, BC, 21), V(E6, E8, 15, EF), \
+ V(D9, 9B, E7, BA), V(CE, 36, 6F, 4A), V(D4, 09, 9F, EA), V(D6, 7C, B0, 29), \
+ V(AF, B2, A4, 31), V(31, 23, 3F, 2A), V(30, 94, A5, C6), V(C0, 66, A2, 35), \
+ V(37, BC, 4E, 74), V(A6, CA, 82, FC), V(B0, D0, 90, E0), V(15, D8, A7, 33), \
+ V(4A, 98, 04, F1), V(F7, DA, EC, 41), V(0E, 50, CD, 7F), V(2F, F6, 91, 17), \
+ V(8D, D6, 4D, 76), V(4D, B0, EF, 43), V(54, 4D, AA, CC), V(DF, 04, 96, E4), \
+ V(E3, B5, D1, 9E), V(1B, 88, 6A, 4C), V(B8, 1F, 2C, C1), V(7F, 51, 65, 46), \
+ V(04, EA, 5E, 9D), V(5D, 35, 8C, 01), V(73, 74, 87, FA), V(2E, 41, 0B, FB), \
+ V(5A, 1D, 67, B3), V(52, D2, DB, 92), V(33, 56, 10, E9), V(13, 47, D6, 6D), \
+ V(8C, 61, D7, 9A), V(7A, 0C, A1, 37), V(8E, 14, F8, 59), V(89, 3C, 13, EB), \
+ V(EE, 27, A9, CE), V(35, C9, 61, B7), V(ED, E5, 1C, E1), V(3C, B1, 47, 7A), \
+ V(59, DF, D2, 9C), V(3F, 73, F2, 55), V(79, CE, 14, 18), V(BF, 37, C7, 73), \
+ V(EA, CD, F7, 53), V(5B, AA, FD, 5F), V(14, 6F, 3D, DF), V(86, DB, 44, 78), \
+ V(81, F3, AF, CA), V(3E, C4, 68, B9), V(2C, 34, 24, 38), V(5F, 40, A3, C2), \
+ V(72, C3, 1D, 16), V(0C, 25, E2, BC), V(8B, 49, 3C, 28), V(41, 95, 0D, FF), \
+ V(71, 01, A8, 39), V(DE, B3, 0C, 08), V(9C, E4, B4, D8), V(90, C1, 56, 64), \
+ V(61, 84, CB, 7B), V(70, B6, 32, D5), V(74, 5C, 6C, 48), V(42, 57, B8, D0)
-#define V(a,b,c,d) 0x##a##b##c##d
+#define V(a, b, c, d) 0x##a##b##c##d
static const uint32_t RT0[256] = { RT };
#undef V
#if !defined(MBEDTLS_AES_FEWER_TABLES)
-#define V(a,b,c,d) 0x##b##c##d##a
+#define V(a, b, c, d) 0x##b##c##d##a
static const uint32_t RT1[256] = { RT };
#undef V
-#define V(a,b,c,d) 0x##c##d##a##b
+#define V(a, b, c, d) 0x##c##d##a##b
static const uint32_t RT2[256] = { RT };
#undef V
-#define V(a,b,c,d) 0x##d##a##b##c
+#define V(a, b, c, d) 0x##d##a##b##c
static const uint32_t RT3[256] = { RT };
#undef V
@@ -360,13 +360,13 @@
/*
* Tables generation code
*/
-#define ROTL8(x) ( ( (x) << 8 ) & 0xFFFFFFFF ) | ( (x) >> 24 )
-#define XTIME(x) ( ( (x) << 1 ) ^ ( ( (x) & 0x80 ) ? 0x1B : 0x00 ) )
-#define MUL(x,y) ( ( (x) && (y) ) ? pow[(log[(x)]+log[(y)]) % 255] : 0 )
+#define ROTL8(x) (((x) << 8) & 0xFFFFFFFF) | ((x) >> 24)
+#define XTIME(x) (((x) << 1) ^ (((x) & 0x80) ? 0x1B : 0x00))
+#define MUL(x, y) (((x) && (y)) ? pow[(log[(x)]+log[(y)]) % 255] : 0)
static int aes_init_done = 0;
-static void aes_gen_tables( void )
+static void aes_gen_tables(void)
{
int i, x, y, z;
int pow[256];
@@ -375,20 +375,18 @@
/*
* compute pow and log tables over GF(2^8)
*/
- for( i = 0, x = 1; i < 256; i++ )
- {
+ for (i = 0, x = 1; i < 256; i++) {
pow[i] = x;
log[x] = i;
- x = MBEDTLS_BYTE_0( x ^ XTIME( x ) );
+ x = MBEDTLS_BYTE_0(x ^ XTIME(x));
}
/*
* calculate the round constants
*/
- for( i = 0, x = 1; i < 10; i++ )
- {
+ for (i = 0, x = 1; i < 10; i++) {
RCON[i] = (uint32_t) x;
- x = MBEDTLS_BYTE_0( XTIME( x ) );
+ x = MBEDTLS_BYTE_0(XTIME(x));
}
/*
@@ -397,14 +395,13 @@
FSb[0x00] = 0x63;
RSb[0x63] = 0x00;
- for( i = 1; i < 256; i++ )
- {
+ for (i = 1; i < 256; i++) {
x = pow[255 - log[i]];
- y = x; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
- x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
- x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
- x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
+ y = x; y = MBEDTLS_BYTE_0((y << 1) | (y >> 7));
+ x ^= y; y = MBEDTLS_BYTE_0((y << 1) | (y >> 7));
+ x ^= y; y = MBEDTLS_BYTE_0((y << 1) | (y >> 7));
+ x ^= y; y = MBEDTLS_BYTE_0((y << 1) | (y >> 7));
x ^= y ^ 0x63;
FSb[i] = (unsigned char) x;
@@ -414,34 +411,33 @@
/*
* generate the forward and reverse tables
*/
- for( i = 0; i < 256; i++ )
- {
+ for (i = 0; i < 256; i++) {
x = FSb[i];
- y = MBEDTLS_BYTE_0( XTIME( x ) );
- z = MBEDTLS_BYTE_0( y ^ x );
+ y = MBEDTLS_BYTE_0(XTIME(x));
+ z = MBEDTLS_BYTE_0(y ^ x);
- FT0[i] = ( (uint32_t) y ) ^
- ( (uint32_t) x << 8 ) ^
- ( (uint32_t) x << 16 ) ^
- ( (uint32_t) z << 24 );
+ FT0[i] = ((uint32_t) y) ^
+ ((uint32_t) x << 8) ^
+ ((uint32_t) x << 16) ^
+ ((uint32_t) z << 24);
#if !defined(MBEDTLS_AES_FEWER_TABLES)
- FT1[i] = ROTL8( FT0[i] );
- FT2[i] = ROTL8( FT1[i] );
- FT3[i] = ROTL8( FT2[i] );
+ FT1[i] = ROTL8(FT0[i]);
+ FT2[i] = ROTL8(FT1[i]);
+ FT3[i] = ROTL8(FT2[i]);
#endif /* !MBEDTLS_AES_FEWER_TABLES */
x = RSb[i];
- RT0[i] = ( (uint32_t) MUL( 0x0E, x ) ) ^
- ( (uint32_t) MUL( 0x09, x ) << 8 ) ^
- ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^
- ( (uint32_t) MUL( 0x0B, x ) << 24 );
+ RT0[i] = ((uint32_t) MUL(0x0E, x)) ^
+ ((uint32_t) MUL(0x09, x) << 8) ^
+ ((uint32_t) MUL(0x0D, x) << 16) ^
+ ((uint32_t) MUL(0x0B, x) << 24);
#if !defined(MBEDTLS_AES_FEWER_TABLES)
- RT1[i] = ROTL8( RT0[i] );
- RT2[i] = ROTL8( RT1[i] );
- RT3[i] = ROTL8( RT2[i] );
+ RT1[i] = ROTL8(RT0[i]);
+ RT2[i] = ROTL8(RT1[i]);
+ RT3[i] = ROTL8(RT2[i]);
#endif /* !MBEDTLS_AES_FEWER_TABLES */
}
}
@@ -452,19 +448,19 @@
#if defined(MBEDTLS_AES_FEWER_TABLES)
-#define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) )
-#define ROTL16(x) ( (uint32_t)( ( x ) << 16 ) + (uint32_t)( ( x ) >> 16 ) )
-#define ROTL24(x) ( (uint32_t)( ( x ) << 24 ) + (uint32_t)( ( x ) >> 8 ) )
+#define ROTL8(x) ((uint32_t) ((x) << 8) + (uint32_t) ((x) >> 24))
+#define ROTL16(x) ((uint32_t) ((x) << 16) + (uint32_t) ((x) >> 16))
+#define ROTL24(x) ((uint32_t) ((x) << 24) + (uint32_t) ((x) >> 8))
#define AES_RT0(idx) RT0[idx]
-#define AES_RT1(idx) ROTL8( RT0[idx] )
-#define AES_RT2(idx) ROTL16( RT0[idx] )
-#define AES_RT3(idx) ROTL24( RT0[idx] )
+#define AES_RT1(idx) ROTL8(RT0[idx])
+#define AES_RT2(idx) ROTL16(RT0[idx])
+#define AES_RT3(idx) ROTL24(RT0[idx])
#define AES_FT0(idx) FT0[idx]
-#define AES_FT1(idx) ROTL8( FT0[idx] )
-#define AES_FT2(idx) ROTL16( FT0[idx] )
-#define AES_FT3(idx) ROTL24( FT0[idx] )
+#define AES_FT1(idx) ROTL8(FT0[idx])
+#define AES_FT2(idx) ROTL16(FT0[idx])
+#define AES_FT3(idx) ROTL24(FT0[idx])
#else /* MBEDTLS_AES_FEWER_TABLES */
@@ -480,37 +476,39 @@
#endif /* MBEDTLS_AES_FEWER_TABLES */
-void mbedtls_aes_init( mbedtls_aes_context *ctx )
+void mbedtls_aes_init(mbedtls_aes_context *ctx)
{
- AES_VALIDATE( ctx != NULL );
+ AES_VALIDATE(ctx != NULL);
- memset( ctx, 0, sizeof( mbedtls_aes_context ) );
+ memset(ctx, 0, sizeof(mbedtls_aes_context));
}
-void mbedtls_aes_free( mbedtls_aes_context *ctx )
+void mbedtls_aes_free(mbedtls_aes_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_aes_context));
}
#if defined(MBEDTLS_CIPHER_MODE_XTS)
-void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx )
+void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx)
{
- AES_VALIDATE( ctx != NULL );
+ AES_VALIDATE(ctx != NULL);
- mbedtls_aes_init( &ctx->crypt );
- mbedtls_aes_init( &ctx->tweak );
+ mbedtls_aes_init(&ctx->crypt);
+ mbedtls_aes_init(&ctx->tweak);
}
-void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx )
+void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_aes_free( &ctx->crypt );
- mbedtls_aes_free( &ctx->tweak );
+ mbedtls_aes_free(&ctx->crypt);
+ mbedtls_aes_free(&ctx->tweak);
}
#endif /* MBEDTLS_CIPHER_MODE_XTS */
@@ -518,62 +516,59 @@
* AES key schedule (encryption)
*/
#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
-int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
- unsigned int keybits )
+int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
+ unsigned int keybits)
{
unsigned int i;
uint32_t *RK;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( key != NULL );
+ AES_VALIDATE_RET(ctx != NULL);
+ AES_VALIDATE_RET(key != NULL);
- switch( keybits )
- {
+ switch (keybits) {
case 128: ctx->nr = 10; break;
case 192: ctx->nr = 12; break;
case 256: ctx->nr = 14; break;
- default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
+ default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
}
#if !defined(MBEDTLS_AES_ROM_TABLES)
- if( aes_init_done == 0 )
- {
+ if (aes_init_done == 0) {
aes_gen_tables();
aes_init_done = 1;
}
#endif
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
- if( aes_padlock_ace == -1 )
- aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
+ if (aes_padlock_ace == -1) {
+ aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
+ }
- if( aes_padlock_ace )
- ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf );
- else
+ if (aes_padlock_ace) {
+ ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16(ctx->buf);
+ } else
#endif
ctx->rk = RK = ctx->buf;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
- if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
- return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) );
+ if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
+ return mbedtls_aesni_setkey_enc((unsigned char *) ctx->rk, key, keybits);
+ }
#endif
- for( i = 0; i < ( keybits >> 5 ); i++ )
- {
- RK[i] = MBEDTLS_GET_UINT32_LE( key, i << 2 );
+ for (i = 0; i < (keybits >> 5); i++) {
+ RK[i] = MBEDTLS_GET_UINT32_LE(key, i << 2);
}
- switch( ctx->nr )
- {
+ switch (ctx->nr) {
case 10:
- for( i = 0; i < 10; i++, RK += 4 )
- {
+ for (i = 0; i < 10; i++, RK += 4) {
RK[4] = RK[0] ^ RCON[i] ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[3] ) ] ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[3] ) ] << 8 ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[3] ) ] << 16 ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[3] ) ] << 24 );
+ ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[3])]) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[3])] << 8) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[3])] << 16) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[3])] << 24);
RK[5] = RK[1] ^ RK[4];
RK[6] = RK[2] ^ RK[5];
@@ -583,13 +578,12 @@
case 12:
- for( i = 0; i < 8; i++, RK += 6 )
- {
+ for (i = 0; i < 8; i++, RK += 6) {
RK[6] = RK[0] ^ RCON[i] ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[5] ) ] ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[5] ) ] << 8 ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[5] ) ] << 16 ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[5] ) ] << 24 );
+ ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[5])]) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[5])] << 8) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[5])] << 16) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[5])] << 24);
RK[7] = RK[1] ^ RK[6];
RK[8] = RK[2] ^ RK[7];
@@ -601,23 +595,22 @@
case 14:
- for( i = 0; i < 7; i++, RK += 8 )
- {
+ for (i = 0; i < 7; i++, RK += 8) {
RK[8] = RK[0] ^ RCON[i] ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[7] ) ] ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[7] ) ] << 8 ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[7] ) ] << 16 ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[7] ) ] << 24 );
+ ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[7])]) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[7])] << 8) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[7])] << 16) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[7])] << 24);
RK[9] = RK[1] ^ RK[8];
RK[10] = RK[2] ^ RK[9];
RK[11] = RK[3] ^ RK[10];
RK[12] = RK[4] ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[11] ) ] ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[11] ) ] << 8 ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[11] ) ] << 16 ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[11] ) ] << 24 );
+ ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[11])]) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[11])] << 8) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[11])] << 16) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[11])] << 24);
RK[13] = RK[5] ^ RK[12];
RK[14] = RK[6] ^ RK[13];
@@ -626,7 +619,7 @@
break;
}
- return( 0 );
+ return 0;
}
#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */
@@ -634,40 +627,41 @@
* AES key schedule (decryption)
*/
#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
-int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
- unsigned int keybits )
+int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key,
+ unsigned int keybits)
{
int i, j, ret;
mbedtls_aes_context cty;
uint32_t *RK;
uint32_t *SK;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( key != NULL );
+ AES_VALIDATE_RET(ctx != NULL);
+ AES_VALIDATE_RET(key != NULL);
- mbedtls_aes_init( &cty );
+ mbedtls_aes_init(&cty);
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
- if( aes_padlock_ace == -1 )
- aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
+ if (aes_padlock_ace == -1) {
+ aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
+ }
- if( aes_padlock_ace )
- ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf );
- else
+ if (aes_padlock_ace) {
+ ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16(ctx->buf);
+ } else
#endif
ctx->rk = RK = ctx->buf;
/* Also checks keybits */
- if( ( ret = mbedtls_aes_setkey_enc( &cty, key, keybits ) ) != 0 )
+ if ((ret = mbedtls_aes_setkey_enc(&cty, key, keybits)) != 0) {
goto exit;
+ }
ctx->nr = cty.nr;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
- if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
- {
- mbedtls_aesni_inverse_key( (unsigned char *) ctx->rk,
- (const unsigned char *) cty.rk, ctx->nr );
+ if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
+ mbedtls_aesni_inverse_key((unsigned char *) ctx->rk,
+ (const unsigned char *) cty.rk, ctx->nr);
goto exit;
}
#endif
@@ -679,14 +673,12 @@
*RK++ = *SK++;
*RK++ = *SK++;
- for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 )
- {
- for( j = 0; j < 4; j++, SK++ )
- {
- *RK++ = AES_RT0( FSb[ MBEDTLS_BYTE_0( *SK ) ] ) ^
- AES_RT1( FSb[ MBEDTLS_BYTE_1( *SK ) ] ) ^
- AES_RT2( FSb[ MBEDTLS_BYTE_2( *SK ) ] ) ^
- AES_RT3( FSb[ MBEDTLS_BYTE_3( *SK ) ] );
+ for (i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8) {
+ for (j = 0; j < 4; j++, SK++) {
+ *RK++ = AES_RT0(FSb[MBEDTLS_BYTE_0(*SK)]) ^
+ AES_RT1(FSb[MBEDTLS_BYTE_1(*SK)]) ^
+ AES_RT2(FSb[MBEDTLS_BYTE_2(*SK)]) ^
+ AES_RT3(FSb[MBEDTLS_BYTE_3(*SK)]);
}
}
@@ -696,28 +688,27 @@
*RK++ = *SK++;
exit:
- mbedtls_aes_free( &cty );
+ mbedtls_aes_free(&cty);
- return( ret );
+ return ret;
}
#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
-static int mbedtls_aes_xts_decode_keys( const unsigned char *key,
- unsigned int keybits,
- const unsigned char **key1,
- unsigned int *key1bits,
- const unsigned char **key2,
- unsigned int *key2bits )
+static int mbedtls_aes_xts_decode_keys(const unsigned char *key,
+ unsigned int keybits,
+ const unsigned char **key1,
+ unsigned int *key1bits,
+ const unsigned char **key2,
+ unsigned int *key2bits)
{
const unsigned int half_keybits = keybits / 2;
const unsigned int half_keybytes = half_keybits / 8;
- switch( keybits )
- {
+ switch (keybits) {
case 256: break;
case 512: break;
- default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
+ default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
}
*key1bits = half_keybits;
@@ -728,175 +719,177 @@
return 0;
}
-int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
- const unsigned char *key,
- unsigned int keybits)
+int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( key != NULL );
+ AES_VALIDATE_RET(ctx != NULL);
+ AES_VALIDATE_RET(key != NULL);
- ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
- &key2, &key2bits );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_aes_xts_decode_keys(key, keybits, &key1, &key1bits,
+ &key2, &key2bits);
+ if (ret != 0) {
+ return ret;
+ }
/* Set the tweak key. Always set tweak key for the encryption mode. */
- ret = mbedtls_aes_setkey_enc( &ctx->tweak, key2, key2bits );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_aes_setkey_enc(&ctx->tweak, key2, key2bits);
+ if (ret != 0) {
+ return ret;
+ }
/* Set crypt key for encryption. */
- return mbedtls_aes_setkey_enc( &ctx->crypt, key1, key1bits );
+ return mbedtls_aes_setkey_enc(&ctx->crypt, key1, key1bits);
}
-int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
- const unsigned char *key,
- unsigned int keybits)
+int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( key != NULL );
+ AES_VALIDATE_RET(ctx != NULL);
+ AES_VALIDATE_RET(key != NULL);
- ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
- &key2, &key2bits );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_aes_xts_decode_keys(key, keybits, &key1, &key1bits,
+ &key2, &key2bits);
+ if (ret != 0) {
+ return ret;
+ }
/* Set the tweak key. Always set tweak key for encryption. */
- ret = mbedtls_aes_setkey_enc( &ctx->tweak, key2, key2bits );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_aes_setkey_enc(&ctx->tweak, key2, key2bits);
+ if (ret != 0) {
+ return ret;
+ }
/* Set crypt key for decryption. */
- return mbedtls_aes_setkey_dec( &ctx->crypt, key1, key1bits );
+ return mbedtls_aes_setkey_dec(&ctx->crypt, key1, key1bits);
}
#endif /* MBEDTLS_CIPHER_MODE_XTS */
-#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
+#define AES_FROUND(X0, X1, X2, X3, Y0, Y1, Y2, Y3) \
do \
{ \
- (X0) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y0 ) ) ^ \
- AES_FT1( MBEDTLS_BYTE_1( Y1 ) ) ^ \
- AES_FT2( MBEDTLS_BYTE_2( Y2 ) ) ^ \
- AES_FT3( MBEDTLS_BYTE_3( Y3 ) ); \
+ (X0) = *RK++ ^ AES_FT0(MBEDTLS_BYTE_0(Y0)) ^ \
+ AES_FT1(MBEDTLS_BYTE_1(Y1)) ^ \
+ AES_FT2(MBEDTLS_BYTE_2(Y2)) ^ \
+ AES_FT3(MBEDTLS_BYTE_3(Y3)); \
\
- (X1) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y1 ) ) ^ \
- AES_FT1( MBEDTLS_BYTE_1( Y2 ) ) ^ \
- AES_FT2( MBEDTLS_BYTE_2( Y3 ) ) ^ \
- AES_FT3( MBEDTLS_BYTE_3( Y0 ) ); \
+ (X1) = *RK++ ^ AES_FT0(MBEDTLS_BYTE_0(Y1)) ^ \
+ AES_FT1(MBEDTLS_BYTE_1(Y2)) ^ \
+ AES_FT2(MBEDTLS_BYTE_2(Y3)) ^ \
+ AES_FT3(MBEDTLS_BYTE_3(Y0)); \
\
- (X2) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y2 ) ) ^ \
- AES_FT1( MBEDTLS_BYTE_1( Y3 ) ) ^ \
- AES_FT2( MBEDTLS_BYTE_2( Y0 ) ) ^ \
- AES_FT3( MBEDTLS_BYTE_3( Y1 ) ); \
+ (X2) = *RK++ ^ AES_FT0(MBEDTLS_BYTE_0(Y2)) ^ \
+ AES_FT1(MBEDTLS_BYTE_1(Y3)) ^ \
+ AES_FT2(MBEDTLS_BYTE_2(Y0)) ^ \
+ AES_FT3(MBEDTLS_BYTE_3(Y1)); \
\
- (X3) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y3 ) ) ^ \
- AES_FT1( MBEDTLS_BYTE_1( Y0 ) ) ^ \
- AES_FT2( MBEDTLS_BYTE_2( Y1 ) ) ^ \
- AES_FT3( MBEDTLS_BYTE_3( Y2 ) ); \
- } while( 0 )
+ (X3) = *RK++ ^ AES_FT0(MBEDTLS_BYTE_0(Y3)) ^ \
+ AES_FT1(MBEDTLS_BYTE_1(Y0)) ^ \
+ AES_FT2(MBEDTLS_BYTE_2(Y1)) ^ \
+ AES_FT3(MBEDTLS_BYTE_3(Y2)); \
+ } while (0)
-#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
+#define AES_RROUND(X0, X1, X2, X3, Y0, Y1, Y2, Y3) \
do \
{ \
- (X0) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y0 ) ) ^ \
- AES_RT1( MBEDTLS_BYTE_1( Y3 ) ) ^ \
- AES_RT2( MBEDTLS_BYTE_2( Y2 ) ) ^ \
- AES_RT3( MBEDTLS_BYTE_3( Y1 ) ); \
+ (X0) = *RK++ ^ AES_RT0(MBEDTLS_BYTE_0(Y0)) ^ \
+ AES_RT1(MBEDTLS_BYTE_1(Y3)) ^ \
+ AES_RT2(MBEDTLS_BYTE_2(Y2)) ^ \
+ AES_RT3(MBEDTLS_BYTE_3(Y1)); \
\
- (X1) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y1 ) ) ^ \
- AES_RT1( MBEDTLS_BYTE_1( Y0 ) ) ^ \
- AES_RT2( MBEDTLS_BYTE_2( Y3 ) ) ^ \
- AES_RT3( MBEDTLS_BYTE_3( Y2 ) ); \
+ (X1) = *RK++ ^ AES_RT0(MBEDTLS_BYTE_0(Y1)) ^ \
+ AES_RT1(MBEDTLS_BYTE_1(Y0)) ^ \
+ AES_RT2(MBEDTLS_BYTE_2(Y3)) ^ \
+ AES_RT3(MBEDTLS_BYTE_3(Y2)); \
\
- (X2) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y2 ) ) ^ \
- AES_RT1( MBEDTLS_BYTE_1( Y1 ) ) ^ \
- AES_RT2( MBEDTLS_BYTE_2( Y0 ) ) ^ \
- AES_RT3( MBEDTLS_BYTE_3( Y3 ) ); \
+ (X2) = *RK++ ^ AES_RT0(MBEDTLS_BYTE_0(Y2)) ^ \
+ AES_RT1(MBEDTLS_BYTE_1(Y1)) ^ \
+ AES_RT2(MBEDTLS_BYTE_2(Y0)) ^ \
+ AES_RT3(MBEDTLS_BYTE_3(Y3)); \
\
- (X3) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y3 ) ) ^ \
- AES_RT1( MBEDTLS_BYTE_1( Y2 ) ) ^ \
- AES_RT2( MBEDTLS_BYTE_2( Y1 ) ) ^ \
- AES_RT3( MBEDTLS_BYTE_3( Y0 ) ); \
- } while( 0 )
+ (X3) = *RK++ ^ AES_RT0(MBEDTLS_BYTE_0(Y3)) ^ \
+ AES_RT1(MBEDTLS_BYTE_1(Y2)) ^ \
+ AES_RT2(MBEDTLS_BYTE_2(Y1)) ^ \
+ AES_RT3(MBEDTLS_BYTE_3(Y0)); \
+ } while (0)
/*
* AES-ECB block encryption
*/
#if !defined(MBEDTLS_AES_ENCRYPT_ALT)
-int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] )
+int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx,
+ const unsigned char input[16],
+ unsigned char output[16])
{
int i;
uint32_t *RK = ctx->rk;
- struct
- {
+ struct {
uint32_t X[4];
uint32_t Y[4];
} t;
- t.X[0] = MBEDTLS_GET_UINT32_LE( input, 0 ); t.X[0] ^= *RK++;
- t.X[1] = MBEDTLS_GET_UINT32_LE( input, 4 ); t.X[1] ^= *RK++;
- t.X[2] = MBEDTLS_GET_UINT32_LE( input, 8 ); t.X[2] ^= *RK++;
- t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++;
+ t.X[0] = MBEDTLS_GET_UINT32_LE(input, 0); t.X[0] ^= *RK++;
+ t.X[1] = MBEDTLS_GET_UINT32_LE(input, 4); t.X[1] ^= *RK++;
+ t.X[2] = MBEDTLS_GET_UINT32_LE(input, 8); t.X[2] ^= *RK++;
+ t.X[3] = MBEDTLS_GET_UINT32_LE(input, 12); t.X[3] ^= *RK++;
- for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
- {
- AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
- AES_FROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] );
+ for (i = (ctx->nr >> 1) - 1; i > 0; i--) {
+ AES_FROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]);
+ AES_FROUND(t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3]);
}
- AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
+ AES_FROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]);
t.X[0] = *RK++ ^ \
- ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[0] ) ] ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] << 8 ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 );
+ ((uint32_t) FSb[MBEDTLS_BYTE_0(t.Y[0])]) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_1(t.Y[1])] << 8) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_2(t.Y[2])] << 16) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_3(t.Y[3])] << 24);
t.X[1] = *RK++ ^ \
- ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[1] ) ] ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] << 8 ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 );
+ ((uint32_t) FSb[MBEDTLS_BYTE_0(t.Y[1])]) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_1(t.Y[2])] << 8) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_2(t.Y[3])] << 16) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_3(t.Y[0])] << 24);
t.X[2] = *RK++ ^ \
- ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[2] ) ] ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] << 8 ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 );
+ ((uint32_t) FSb[MBEDTLS_BYTE_0(t.Y[2])]) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_1(t.Y[3])] << 8) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_2(t.Y[0])] << 16) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_3(t.Y[1])] << 24);
t.X[3] = *RK++ ^ \
- ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[3] ) ] ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] << 8 ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^
- ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 );
+ ((uint32_t) FSb[MBEDTLS_BYTE_0(t.Y[3])]) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_1(t.Y[0])] << 8) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_2(t.Y[1])] << 16) ^
+ ((uint32_t) FSb[MBEDTLS_BYTE_3(t.Y[2])] << 24);
- MBEDTLS_PUT_UINT32_LE( t.X[0], output, 0 );
- MBEDTLS_PUT_UINT32_LE( t.X[1], output, 4 );
- MBEDTLS_PUT_UINT32_LE( t.X[2], output, 8 );
- MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 );
+ MBEDTLS_PUT_UINT32_LE(t.X[0], output, 0);
+ MBEDTLS_PUT_UINT32_LE(t.X[1], output, 4);
+ MBEDTLS_PUT_UINT32_LE(t.X[2], output, 8);
+ MBEDTLS_PUT_UINT32_LE(t.X[3], output, 12);
- mbedtls_platform_zeroize( &t, sizeof( t ) );
+ mbedtls_platform_zeroize(&t, sizeof(t));
- return( 0 );
+ return 0;
}
#endif /* !MBEDTLS_AES_ENCRYPT_ALT */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] )
+void mbedtls_aes_encrypt(mbedtls_aes_context *ctx,
+ const unsigned char input[16],
+ unsigned char output[16])
{
- MBEDTLS_IGNORE_RETURN( mbedtls_internal_aes_encrypt( ctx, input, output ) );
+ MBEDTLS_IGNORE_RETURN(mbedtls_internal_aes_encrypt(ctx, input, output));
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -904,99 +897,98 @@
* AES-ECB block decryption
*/
#if !defined(MBEDTLS_AES_DECRYPT_ALT)
-int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] )
+int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
+ const unsigned char input[16],
+ unsigned char output[16])
{
int i;
uint32_t *RK = ctx->rk;
- struct
- {
+ struct {
uint32_t X[4];
uint32_t Y[4];
} t;
- t.X[0] = MBEDTLS_GET_UINT32_LE( input, 0 ); t.X[0] ^= *RK++;
- t.X[1] = MBEDTLS_GET_UINT32_LE( input, 4 ); t.X[1] ^= *RK++;
- t.X[2] = MBEDTLS_GET_UINT32_LE( input, 8 ); t.X[2] ^= *RK++;
- t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++;
+ t.X[0] = MBEDTLS_GET_UINT32_LE(input, 0); t.X[0] ^= *RK++;
+ t.X[1] = MBEDTLS_GET_UINT32_LE(input, 4); t.X[1] ^= *RK++;
+ t.X[2] = MBEDTLS_GET_UINT32_LE(input, 8); t.X[2] ^= *RK++;
+ t.X[3] = MBEDTLS_GET_UINT32_LE(input, 12); t.X[3] ^= *RK++;
- for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
- {
- AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
- AES_RROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] );
+ for (i = (ctx->nr >> 1) - 1; i > 0; i--) {
+ AES_RROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]);
+ AES_RROUND(t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3]);
}
- AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
+ AES_RROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]);
t.X[0] = *RK++ ^ \
- ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[0] ) ] ) ^
- ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] << 8 ) ^
- ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^
- ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 );
+ ((uint32_t) RSb[MBEDTLS_BYTE_0(t.Y[0])]) ^
+ ((uint32_t) RSb[MBEDTLS_BYTE_1(t.Y[3])] << 8) ^
+ ((uint32_t) RSb[MBEDTLS_BYTE_2(t.Y[2])] << 16) ^
+ ((uint32_t) RSb[MBEDTLS_BYTE_3(t.Y[1])] << 24);
t.X[1] = *RK++ ^ \
- ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[1] ) ] ) ^
- ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] << 8 ) ^
- ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^
- ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 );
+ ((uint32_t) RSb[MBEDTLS_BYTE_0(t.Y[1])]) ^
+ ((uint32_t) RSb[MBEDTLS_BYTE_1(t.Y[0])] << 8) ^
+ ((uint32_t) RSb[MBEDTLS_BYTE_2(t.Y[3])] << 16) ^
+ ((uint32_t) RSb[MBEDTLS_BYTE_3(t.Y[2])] << 24);
t.X[2] = *RK++ ^ \
- ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[2] ) ] ) ^
- ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] << 8 ) ^
- ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^
- ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 );
+ ((uint32_t) RSb[MBEDTLS_BYTE_0(t.Y[2])]) ^
+ ((uint32_t) RSb[MBEDTLS_BYTE_1(t.Y[1])] << 8) ^
+ ((uint32_t) RSb[MBEDTLS_BYTE_2(t.Y[0])] << 16) ^
+ ((uint32_t) RSb[MBEDTLS_BYTE_3(t.Y[3])] << 24);
t.X[3] = *RK++ ^ \
- ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[3] ) ] ) ^
- ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] << 8 ) ^
- ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^
- ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 );
+ ((uint32_t) RSb[MBEDTLS_BYTE_0(t.Y[3])]) ^
+ ((uint32_t) RSb[MBEDTLS_BYTE_1(t.Y[2])] << 8) ^
+ ((uint32_t) RSb[MBEDTLS_BYTE_2(t.Y[1])] << 16) ^
+ ((uint32_t) RSb[MBEDTLS_BYTE_3(t.Y[0])] << 24);
- MBEDTLS_PUT_UINT32_LE( t.X[0], output, 0 );
- MBEDTLS_PUT_UINT32_LE( t.X[1], output, 4 );
- MBEDTLS_PUT_UINT32_LE( t.X[2], output, 8 );
- MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 );
+ MBEDTLS_PUT_UINT32_LE(t.X[0], output, 0);
+ MBEDTLS_PUT_UINT32_LE(t.X[1], output, 4);
+ MBEDTLS_PUT_UINT32_LE(t.X[2], output, 8);
+ MBEDTLS_PUT_UINT32_LE(t.X[3], output, 12);
- mbedtls_platform_zeroize( &t, sizeof( t ) );
+ mbedtls_platform_zeroize(&t, sizeof(t));
- return( 0 );
+ return 0;
}
#endif /* !MBEDTLS_AES_DECRYPT_ALT */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] )
+void mbedtls_aes_decrypt(mbedtls_aes_context *ctx,
+ const unsigned char input[16],
+ unsigned char output[16])
{
- MBEDTLS_IGNORE_RETURN( mbedtls_internal_aes_decrypt( ctx, input, output ) );
+ MBEDTLS_IGNORE_RETURN(mbedtls_internal_aes_decrypt(ctx, input, output));
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
/*
* AES-ECB block encryption/decryption
*/
-int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] )
+int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16])
{
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
+ AES_VALIDATE_RET(ctx != NULL);
+ AES_VALIDATE_RET(input != NULL);
+ AES_VALIDATE_RET(output != NULL);
+ AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT ||
+ mode == MBEDTLS_AES_DECRYPT);
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
- if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
- return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) );
+ if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
+ return mbedtls_aesni_crypt_ecb(ctx, mode, input, output);
+ }
#endif
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
- if( aes_padlock_ace )
- {
- if( mbedtls_padlock_xcryptecb( ctx, mode, input, output ) == 0 )
- return( 0 );
+ if (aes_padlock_ace) {
+ if (mbedtls_padlock_xcryptecb(ctx, mode, input, output) == 0) {
+ return 0;
+ }
// If padlock data misaligned, we just fall back to
// unaccelerated mode
@@ -1004,42 +996,44 @@
}
#endif
- if( mode == MBEDTLS_AES_ENCRYPT )
- return( mbedtls_internal_aes_encrypt( ctx, input, output ) );
- else
- return( mbedtls_internal_aes_decrypt( ctx, input, output ) );
+ if (mode == MBEDTLS_AES_ENCRYPT) {
+ return mbedtls_internal_aes_encrypt(ctx, input, output);
+ } else {
+ return mbedtls_internal_aes_decrypt(ctx, input, output);
+ }
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/*
* AES-CBC buffer encryption/decryption
*/
-int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output)
{
int i;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char temp[16];
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
- AES_VALIDATE_RET( iv != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
+ AES_VALIDATE_RET(ctx != NULL);
+ AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT ||
+ mode == MBEDTLS_AES_DECRYPT);
+ AES_VALIDATE_RET(iv != NULL);
+ AES_VALIDATE_RET(input != NULL);
+ AES_VALIDATE_RET(output != NULL);
- if( length % 16 )
- return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
+ if (length % 16) {
+ return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
+ }
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
- if( aes_padlock_ace )
- {
- if( mbedtls_padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 )
- return( 0 );
+ if (aes_padlock_ace) {
+ if (mbedtls_padlock_xcryptcbc(ctx, mode, length, iv, input, output) == 0) {
+ return 0;
+ }
// If padlock data misaligned, we just fall back to
// unaccelerated mode
@@ -1047,36 +1041,35 @@
}
#endif
- if( mode == MBEDTLS_AES_DECRYPT )
- {
- while( length > 0 )
- {
- memcpy( temp, input, 16 );
- ret = mbedtls_aes_crypt_ecb( ctx, mode, input, output );
- if( ret != 0 )
+ if (mode == MBEDTLS_AES_DECRYPT) {
+ while (length > 0) {
+ memcpy(temp, input, 16);
+ ret = mbedtls_aes_crypt_ecb(ctx, mode, input, output);
+ if (ret != 0) {
goto exit;
+ }
- for( i = 0; i < 16; i++ )
- output[i] = (unsigned char)( output[i] ^ iv[i] );
+ for (i = 0; i < 16; i++) {
+ output[i] = (unsigned char) (output[i] ^ iv[i]);
+ }
- memcpy( iv, temp, 16 );
+ memcpy(iv, temp, 16);
input += 16;
output += 16;
length -= 16;
}
- }
- else
- {
- while( length > 0 )
- {
- for( i = 0; i < 16; i++ )
- output[i] = (unsigned char)( input[i] ^ iv[i] );
+ } else {
+ while (length > 0) {
+ for (i = 0; i < 16; i++) {
+ output[i] = (unsigned char) (input[i] ^ iv[i]);
+ }
- ret = mbedtls_aes_crypt_ecb( ctx, mode, output, output );
- if( ret != 0 )
+ ret = mbedtls_aes_crypt_ecb(ctx, mode, output, output);
+ if (ret != 0) {
goto exit;
- memcpy( iv, output, 16 );
+ }
+ memcpy(iv, output, 16);
input += 16;
output += 16;
@@ -1086,7 +1079,7 @@
ret = 0;
exit:
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -1102,30 +1095,30 @@
* for machine endianness and hence works correctly on both big and little
* endian machines.
*/
-static void mbedtls_gf128mul_x_ble( unsigned char r[16],
- const unsigned char x[16] )
+static void mbedtls_gf128mul_x_ble(unsigned char r[16],
+ const unsigned char x[16])
{
uint64_t a, b, ra, rb;
- a = MBEDTLS_GET_UINT64_LE( x, 0 );
- b = MBEDTLS_GET_UINT64_LE( x, 8 );
+ a = MBEDTLS_GET_UINT64_LE(x, 0);
+ b = MBEDTLS_GET_UINT64_LE(x, 8);
- ra = ( a << 1 ) ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) );
- rb = ( a >> 63 ) | ( b << 1 );
+ ra = (a << 1) ^ 0x0087 >> (8 - ((b >> 63) << 3));
+ rb = (a >> 63) | (b << 1);
- MBEDTLS_PUT_UINT64_LE( ra, r, 0 );
- MBEDTLS_PUT_UINT64_LE( rb, r, 8 );
+ MBEDTLS_PUT_UINT64_LE(ra, r, 0);
+ MBEDTLS_PUT_UINT64_LE(rb, r, 8);
}
/*
* AES-XTS buffer encryption/decryption
*/
-int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
- int mode,
- size_t length,
- const unsigned char data_unit[16],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx,
+ int mode,
+ size_t length,
+ const unsigned char data_unit[16],
+ const unsigned char *input,
+ unsigned char *output)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t blocks = length / 16;
@@ -1134,61 +1127,64 @@
unsigned char prev_tweak[16];
unsigned char tmp[16];
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
- AES_VALIDATE_RET( data_unit != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
+ AES_VALIDATE_RET(ctx != NULL);
+ AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT ||
+ mode == MBEDTLS_AES_DECRYPT);
+ AES_VALIDATE_RET(data_unit != NULL);
+ AES_VALIDATE_RET(input != NULL);
+ AES_VALIDATE_RET(output != NULL);
/* Data units must be at least 16 bytes long. */
- if( length < 16 )
+ if (length < 16) {
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
+ }
/* NIST SP 800-38E disallows data units larger than 2**20 blocks. */
- if( length > ( 1 << 20 ) * 16 )
+ if (length > (1 << 20) * 16) {
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
+ }
/* Compute the tweak. */
- ret = mbedtls_aes_crypt_ecb( &ctx->tweak, MBEDTLS_AES_ENCRYPT,
- data_unit, tweak );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_aes_crypt_ecb(&ctx->tweak, MBEDTLS_AES_ENCRYPT,
+ data_unit, tweak);
+ if (ret != 0) {
+ return ret;
+ }
- while( blocks-- )
- {
+ while (blocks--) {
size_t i;
- if( leftover && ( mode == MBEDTLS_AES_DECRYPT ) && blocks == 0 )
- {
+ if (leftover && (mode == MBEDTLS_AES_DECRYPT) && blocks == 0) {
/* We are on the last block in a decrypt operation that has
* leftover bytes, so we need to use the next tweak for this block,
* and this tweak for the leftover bytes. Save the current tweak for
* the leftovers and then update the current tweak for use on this,
* the last full block. */
- memcpy( prev_tweak, tweak, sizeof( tweak ) );
- mbedtls_gf128mul_x_ble( tweak, tweak );
+ memcpy(prev_tweak, tweak, sizeof(tweak));
+ mbedtls_gf128mul_x_ble(tweak, tweak);
}
- for( i = 0; i < 16; i++ )
+ for (i = 0; i < 16; i++) {
tmp[i] = input[i] ^ tweak[i];
+ }
- ret = mbedtls_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_aes_crypt_ecb(&ctx->crypt, mode, tmp, tmp);
+ if (ret != 0) {
+ return ret;
+ }
- for( i = 0; i < 16; i++ )
+ for (i = 0; i < 16; i++) {
output[i] = tmp[i] ^ tweak[i];
+ }
/* Update the tweak for the next block. */
- mbedtls_gf128mul_x_ble( tweak, tweak );
+ mbedtls_gf128mul_x_ble(tweak, tweak);
output += 16;
input += 16;
}
- if( leftover )
- {
+ if (leftover) {
/* If we are on the leftover bytes in a decrypt operation, we need to
* use the previous tweak for these bytes (as saved in prev_tweak). */
unsigned char *t = mode == MBEDTLS_AES_DECRYPT ? prev_tweak : tweak;
@@ -1202,28 +1198,30 @@
* byte of ciphertext we won't steal. At the same time, copy the
* remainder of the input for this final round (since the loop bounds
* are the same). */
- for( i = 0; i < leftover; i++ )
- {
+ for (i = 0; i < leftover; i++) {
output[i] = prev_output[i];
tmp[i] = input[i] ^ t[i];
}
/* Copy ciphertext bytes from the previous block for input in this
* round. */
- for( ; i < 16; i++ )
+ for (; i < 16; i++) {
tmp[i] = prev_output[i] ^ t[i];
+ }
- ret = mbedtls_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp );
- if( ret != 0 )
+ ret = mbedtls_aes_crypt_ecb(&ctx->crypt, mode, tmp, tmp);
+ if (ret != 0) {
return ret;
+ }
/* Write the result back to the previous block, overriding the previous
* output we copied. */
- for( i = 0; i < 16; i++ )
+ for (i = 0; i < 16; i++) {
prev_output[i] = tmp[i] ^ t[i];
+ }
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_XTS */
@@ -1231,63 +1229,59 @@
/*
* AES-CFB128 buffer encryption/decryption
*/
-int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output)
{
int c;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
- AES_VALIDATE_RET( iv_off != NULL );
- AES_VALIDATE_RET( iv != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
+ AES_VALIDATE_RET(ctx != NULL);
+ AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT ||
+ mode == MBEDTLS_AES_DECRYPT);
+ AES_VALIDATE_RET(iv_off != NULL);
+ AES_VALIDATE_RET(iv != NULL);
+ AES_VALIDATE_RET(input != NULL);
+ AES_VALIDATE_RET(output != NULL);
n = *iv_off;
- if( n > 15 )
- return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+ if (n > 15) {
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+ }
- if( mode == MBEDTLS_AES_DECRYPT )
- {
- while( length-- )
- {
- if( n == 0 )
- {
- ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
- if( ret != 0 )
+ if (mode == MBEDTLS_AES_DECRYPT) {
+ while (length--) {
+ if (n == 0) {
+ ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv);
+ if (ret != 0) {
goto exit;
+ }
}
c = *input++;
- *output++ = (unsigned char)( c ^ iv[n] );
+ *output++ = (unsigned char) (c ^ iv[n]);
iv[n] = (unsigned char) c;
- n = ( n + 1 ) & 0x0F;
+ n = (n + 1) & 0x0F;
}
- }
- else
- {
- while( length-- )
- {
- if( n == 0 )
- {
- ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
- if( ret != 0 )
+ } else {
+ while (length--) {
+ if (n == 0) {
+ ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv);
+ if (ret != 0) {
goto exit;
+ }
}
- iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
+ iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);
- n = ( n + 1 ) & 0x0F;
+ n = (n + 1) & 0x0F;
}
}
@@ -1295,50 +1289,52 @@
ret = 0;
exit:
- return( ret );
+ return ret;
}
/*
* AES-CFB8 buffer encryption/decryption
*/
-int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char c;
unsigned char ov[17];
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
- AES_VALIDATE_RET( iv != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
- while( length-- )
- {
- memcpy( ov, iv, 16 );
- ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
- if( ret != 0 )
+ AES_VALIDATE_RET(ctx != NULL);
+ AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT ||
+ mode == MBEDTLS_AES_DECRYPT);
+ AES_VALIDATE_RET(iv != NULL);
+ AES_VALIDATE_RET(input != NULL);
+ AES_VALIDATE_RET(output != NULL);
+ while (length--) {
+ memcpy(ov, iv, 16);
+ ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv);
+ if (ret != 0) {
goto exit;
+ }
- if( mode == MBEDTLS_AES_DECRYPT )
+ if (mode == MBEDTLS_AES_DECRYPT) {
ov[16] = *input;
+ }
- c = *output++ = (unsigned char)( iv[0] ^ *input++ );
+ c = *output++ = (unsigned char) (iv[0] ^ *input++);
- if( mode == MBEDTLS_AES_ENCRYPT )
+ if (mode == MBEDTLS_AES_ENCRYPT) {
ov[16] = c;
+ }
- memcpy( iv, ov + 1, 16 );
+ memcpy(iv, ov + 1, 16);
}
ret = 0;
exit:
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
@@ -1346,44 +1342,44 @@
/*
* AES-OFB (Output Feedback Mode) buffer encryption/decryption
*/
-int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output)
{
int ret = 0;
size_t n;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( iv_off != NULL );
- AES_VALIDATE_RET( iv != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
+ AES_VALIDATE_RET(ctx != NULL);
+ AES_VALIDATE_RET(iv_off != NULL);
+ AES_VALIDATE_RET(iv != NULL);
+ AES_VALIDATE_RET(input != NULL);
+ AES_VALIDATE_RET(output != NULL);
n = *iv_off;
- if( n > 15 )
- return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+ if (n > 15) {
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+ }
- while( length-- )
- {
- if( n == 0 )
- {
- ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
- if( ret != 0 )
+ while (length--) {
+ if (n == 0) {
+ ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv);
+ if (ret != 0) {
goto exit;
+ }
}
*output++ = *input++ ^ iv[n];
- n = ( n + 1 ) & 0x0F;
+ n = (n + 1) & 0x0F;
}
*iv_off = n;
exit:
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_CIPHER_MODE_OFB */
@@ -1391,52 +1387,55 @@
/*
* AES-CTR buffer encryption/decryption
*/
-int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[16],
- unsigned char stream_block[16],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx,
+ size_t length,
+ size_t *nc_off,
+ unsigned char nonce_counter[16],
+ unsigned char stream_block[16],
+ const unsigned char *input,
+ unsigned char *output)
{
int c, i;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( nc_off != NULL );
- AES_VALIDATE_RET( nonce_counter != NULL );
- AES_VALIDATE_RET( stream_block != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
+ AES_VALIDATE_RET(ctx != NULL);
+ AES_VALIDATE_RET(nc_off != NULL);
+ AES_VALIDATE_RET(nonce_counter != NULL);
+ AES_VALIDATE_RET(stream_block != NULL);
+ AES_VALIDATE_RET(input != NULL);
+ AES_VALIDATE_RET(output != NULL);
n = *nc_off;
- if ( n > 0x0F )
- return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+ if (n > 0x0F) {
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+ }
- while( length-- )
- {
- if( n == 0 ) {
- ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
- if( ret != 0 )
+ while (length--) {
+ if (n == 0) {
+ ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block);
+ if (ret != 0) {
goto exit;
+ }
- for( i = 16; i > 0; i-- )
- if( ++nonce_counter[i - 1] != 0 )
+ for (i = 16; i > 0; i--) {
+ if (++nonce_counter[i - 1] != 0) {
break;
+ }
+ }
}
c = *input++;
- *output++ = (unsigned char)( c ^ stream_block[n] );
+ *output++ = (unsigned char) (c ^ stream_block[n]);
- n = ( n + 1 ) & 0x0F;
+ n = (n + 1) & 0x0F;
}
*nc_off = n;
ret = 0;
exit:
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
@@ -1682,7 +1681,7 @@
};
static const int aes_test_ctr_len[3] =
- { 16, 32, 36 };
+{ 16, 32, 36 };
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
@@ -1743,12 +1742,12 @@
static const unsigned char aes_test_xts_data_unit[][16] =
{
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
};
#endif /* MBEDTLS_CIPHER_MODE_XTS */
@@ -1756,7 +1755,7 @@
/*
* Checkup routine
*/
-int mbedtls_aes_self_test( int verbose )
+int mbedtls_aes_self_test(int verbose)
{
int ret = 0, i, j, u, mode;
unsigned int keybits;
@@ -1783,32 +1782,29 @@
#endif
mbedtls_aes_context ctx;
- memset( key, 0, 32 );
- mbedtls_aes_init( &ctx );
+ memset(key, 0, 32);
+ mbedtls_aes_init(&ctx);
/*
* ECB mode
*/
- for( i = 0; i < 6; i++ )
- {
+ for (i = 0; i < 6; i++) {
u = i >> 1;
keybits = 128 + u * 64;
mode = i & 1;
- if( verbose != 0 )
- mbedtls_printf( " AES-ECB-%3u (%s): ", keybits,
- ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
-
- memset( buf, 0, 16 );
-
- if( mode == MBEDTLS_AES_DECRYPT )
- {
- ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
- aes_tests = aes_test_ecb_dec[u];
+ if (verbose != 0) {
+ mbedtls_printf(" AES-ECB-%3u (%s): ", keybits,
+ (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc");
}
- else
- {
- ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
+
+ memset(buf, 0, 16);
+
+ if (mode == MBEDTLS_AES_DECRYPT) {
+ ret = mbedtls_aes_setkey_dec(&ctx, key, keybits);
+ aes_tests = aes_test_ecb_dec[u];
+ } else {
+ ret = mbedtls_aes_setkey_enc(&ctx, key, keybits);
aes_tests = aes_test_ecb_enc[u];
}
@@ -1817,62 +1813,57 @@
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
*/
- if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
- {
- mbedtls_printf( "skipped\n" );
+ if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) {
+ mbedtls_printf("skipped\n");
continue;
- }
- else if( ret != 0 )
- {
+ } else if (ret != 0) {
goto exit;
}
- for( j = 0; j < 10000; j++ )
- {
- ret = mbedtls_aes_crypt_ecb( &ctx, mode, buf, buf );
- if( ret != 0 )
+ for (j = 0; j < 10000; j++) {
+ ret = mbedtls_aes_crypt_ecb(&ctx, mode, buf, buf);
+ if (ret != 0) {
goto exit;
+ }
}
- if( memcmp( buf, aes_tests, 16 ) != 0 )
- {
+ if (memcmp(buf, aes_tests, 16) != 0) {
ret = 1;
goto exit;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/*
* CBC mode
*/
- for( i = 0; i < 6; i++ )
- {
+ for (i = 0; i < 6; i++) {
u = i >> 1;
keybits = 128 + u * 64;
mode = i & 1;
- if( verbose != 0 )
- mbedtls_printf( " AES-CBC-%3u (%s): ", keybits,
- ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
-
- memset( iv , 0, 16 );
- memset( prv, 0, 16 );
- memset( buf, 0, 16 );
-
- if( mode == MBEDTLS_AES_DECRYPT )
- {
- ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
- aes_tests = aes_test_cbc_dec[u];
+ if (verbose != 0) {
+ mbedtls_printf(" AES-CBC-%3u (%s): ", keybits,
+ (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc");
}
- else
- {
- ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
+
+ memset(iv, 0, 16);
+ memset(prv, 0, 16);
+ memset(buf, 0, 16);
+
+ if (mode == MBEDTLS_AES_DECRYPT) {
+ ret = mbedtls_aes_setkey_dec(&ctx, key, keybits);
+ aes_tests = aes_test_cbc_dec[u];
+ } else {
+ ret = mbedtls_aes_setkey_enc(&ctx, key, keybits);
aes_tests = aes_test_cbc_enc[u];
}
@@ -1881,301 +1872,292 @@
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
*/
- if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
- {
- mbedtls_printf( "skipped\n" );
+ if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) {
+ mbedtls_printf("skipped\n");
continue;
- }
- else if( ret != 0 )
- {
+ } else if (ret != 0) {
goto exit;
}
- for( j = 0; j < 10000; j++ )
- {
- if( mode == MBEDTLS_AES_ENCRYPT )
- {
+ for (j = 0; j < 10000; j++) {
+ if (mode == MBEDTLS_AES_ENCRYPT) {
unsigned char tmp[16];
- memcpy( tmp, prv, 16 );
- memcpy( prv, buf, 16 );
- memcpy( buf, tmp, 16 );
+ memcpy(tmp, prv, 16);
+ memcpy(prv, buf, 16);
+ memcpy(buf, tmp, 16);
}
- ret = mbedtls_aes_crypt_cbc( &ctx, mode, 16, iv, buf, buf );
- if( ret != 0 )
+ ret = mbedtls_aes_crypt_cbc(&ctx, mode, 16, iv, buf, buf);
+ if (ret != 0) {
goto exit;
+ }
}
- if( memcmp( buf, aes_tests, 16 ) != 0 )
- {
+ if (memcmp(buf, aes_tests, 16) != 0) {
ret = 1;
goto exit;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
/*
* CFB128 mode
*/
- for( i = 0; i < 6; i++ )
- {
+ for (i = 0; i < 6; i++) {
u = i >> 1;
keybits = 128 + u * 64;
mode = i & 1;
- if( verbose != 0 )
- mbedtls_printf( " AES-CFB128-%3u (%s): ", keybits,
- ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+ if (verbose != 0) {
+ mbedtls_printf(" AES-CFB128-%3u (%s): ", keybits,
+ (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc");
+ }
- memcpy( iv, aes_test_cfb128_iv, 16 );
- memcpy( key, aes_test_cfb128_key[u], keybits / 8 );
+ memcpy(iv, aes_test_cfb128_iv, 16);
+ memcpy(key, aes_test_cfb128_key[u], keybits / 8);
offset = 0;
- ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
+ ret = mbedtls_aes_setkey_enc(&ctx, key, keybits);
/*
* AES-192 is an optional feature that may be unavailable when
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
*/
- if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
- {
- mbedtls_printf( "skipped\n" );
+ if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) {
+ mbedtls_printf("skipped\n");
continue;
- }
- else if( ret != 0 )
- {
+ } else if (ret != 0) {
goto exit;
}
- if( mode == MBEDTLS_AES_DECRYPT )
- {
- memcpy( buf, aes_test_cfb128_ct[u], 64 );
+ if (mode == MBEDTLS_AES_DECRYPT) {
+ memcpy(buf, aes_test_cfb128_ct[u], 64);
aes_tests = aes_test_cfb128_pt;
- }
- else
- {
- memcpy( buf, aes_test_cfb128_pt, 64 );
+ } else {
+ memcpy(buf, aes_test_cfb128_pt, 64);
aes_tests = aes_test_cfb128_ct[u];
}
- ret = mbedtls_aes_crypt_cfb128( &ctx, mode, 64, &offset, iv, buf, buf );
- if( ret != 0 )
+ ret = mbedtls_aes_crypt_cfb128(&ctx, mode, 64, &offset, iv, buf, buf);
+ if (ret != 0) {
goto exit;
+ }
- if( memcmp( buf, aes_tests, 64 ) != 0 )
- {
+ if (memcmp(buf, aes_tests, 64) != 0) {
ret = 1;
goto exit;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
/*
* OFB mode
*/
- for( i = 0; i < 6; i++ )
- {
+ for (i = 0; i < 6; i++) {
u = i >> 1;
keybits = 128 + u * 64;
mode = i & 1;
- if( verbose != 0 )
- mbedtls_printf( " AES-OFB-%3u (%s): ", keybits,
- ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+ if (verbose != 0) {
+ mbedtls_printf(" AES-OFB-%3u (%s): ", keybits,
+ (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc");
+ }
- memcpy( iv, aes_test_ofb_iv, 16 );
- memcpy( key, aes_test_ofb_key[u], keybits / 8 );
+ memcpy(iv, aes_test_ofb_iv, 16);
+ memcpy(key, aes_test_ofb_key[u], keybits / 8);
offset = 0;
- ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
+ ret = mbedtls_aes_setkey_enc(&ctx, key, keybits);
/*
* AES-192 is an optional feature that may be unavailable when
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
*/
- if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
- {
- mbedtls_printf( "skipped\n" );
+ if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) {
+ mbedtls_printf("skipped\n");
continue;
- }
- else if( ret != 0 )
- {
+ } else if (ret != 0) {
goto exit;
}
- if( mode == MBEDTLS_AES_DECRYPT )
- {
- memcpy( buf, aes_test_ofb_ct[u], 64 );
+ if (mode == MBEDTLS_AES_DECRYPT) {
+ memcpy(buf, aes_test_ofb_ct[u], 64);
aes_tests = aes_test_ofb_pt;
- }
- else
- {
- memcpy( buf, aes_test_ofb_pt, 64 );
+ } else {
+ memcpy(buf, aes_test_ofb_pt, 64);
aes_tests = aes_test_ofb_ct[u];
}
- ret = mbedtls_aes_crypt_ofb( &ctx, 64, &offset, iv, buf, buf );
- if( ret != 0 )
+ ret = mbedtls_aes_crypt_ofb(&ctx, 64, &offset, iv, buf, buf);
+ if (ret != 0) {
goto exit;
+ }
- if( memcmp( buf, aes_tests, 64 ) != 0 )
- {
+ if (memcmp(buf, aes_tests, 64) != 0) {
ret = 1;
goto exit;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
#endif /* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
/*
* CTR mode
*/
- for( i = 0; i < 6; i++ )
- {
+ for (i = 0; i < 6; i++) {
u = i >> 1;
mode = i & 1;
- if( verbose != 0 )
- mbedtls_printf( " AES-CTR-128 (%s): ",
- ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+ if (verbose != 0) {
+ mbedtls_printf(" AES-CTR-128 (%s): ",
+ (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc");
+ }
- memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
- memcpy( key, aes_test_ctr_key[u], 16 );
+ memcpy(nonce_counter, aes_test_ctr_nonce_counter[u], 16);
+ memcpy(key, aes_test_ctr_key[u], 16);
offset = 0;
- if( ( ret = mbedtls_aes_setkey_enc( &ctx, key, 128 ) ) != 0 )
+ if ((ret = mbedtls_aes_setkey_enc(&ctx, key, 128)) != 0) {
goto exit;
+ }
len = aes_test_ctr_len[u];
- if( mode == MBEDTLS_AES_DECRYPT )
- {
- memcpy( buf, aes_test_ctr_ct[u], len );
+ if (mode == MBEDTLS_AES_DECRYPT) {
+ memcpy(buf, aes_test_ctr_ct[u], len);
aes_tests = aes_test_ctr_pt[u];
- }
- else
- {
- memcpy( buf, aes_test_ctr_pt[u], len );
+ } else {
+ memcpy(buf, aes_test_ctr_pt[u], len);
aes_tests = aes_test_ctr_ct[u];
}
- ret = mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter,
- stream_block, buf, buf );
- if( ret != 0 )
+ ret = mbedtls_aes_crypt_ctr(&ctx, len, &offset, nonce_counter,
+ stream_block, buf, buf);
+ if (ret != 0) {
goto exit;
+ }
- if( memcmp( buf, aes_tests, len ) != 0 )
- {
+ if (memcmp(buf, aes_tests, len) != 0) {
ret = 1;
goto exit;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
{
- static const int num_tests =
- sizeof(aes_test_xts_key) / sizeof(*aes_test_xts_key);
- mbedtls_aes_xts_context ctx_xts;
+ static const int num_tests =
+ sizeof(aes_test_xts_key) / sizeof(*aes_test_xts_key);
+ mbedtls_aes_xts_context ctx_xts;
- /*
- * XTS mode
- */
- mbedtls_aes_xts_init( &ctx_xts );
+ /*
+ * XTS mode
+ */
+ mbedtls_aes_xts_init(&ctx_xts);
- for( i = 0; i < num_tests << 1; i++ )
- {
- const unsigned char *data_unit;
- u = i >> 1;
- mode = i & 1;
+ for (i = 0; i < num_tests << 1; i++) {
+ const unsigned char *data_unit;
+ u = i >> 1;
+ mode = i & 1;
- if( verbose != 0 )
- mbedtls_printf( " AES-XTS-128 (%s): ",
- ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+ if (verbose != 0) {
+ mbedtls_printf(" AES-XTS-128 (%s): ",
+ (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc");
+ }
- memset( key, 0, sizeof( key ) );
- memcpy( key, aes_test_xts_key[u], 32 );
- data_unit = aes_test_xts_data_unit[u];
+ memset(key, 0, sizeof(key));
+ memcpy(key, aes_test_xts_key[u], 32);
+ data_unit = aes_test_xts_data_unit[u];
- len = sizeof( *aes_test_xts_ct32 );
+ len = sizeof(*aes_test_xts_ct32);
- if( mode == MBEDTLS_AES_DECRYPT )
- {
- ret = mbedtls_aes_xts_setkey_dec( &ctx_xts, key, 256 );
- if( ret != 0)
+ if (mode == MBEDTLS_AES_DECRYPT) {
+ ret = mbedtls_aes_xts_setkey_dec(&ctx_xts, key, 256);
+ if (ret != 0) {
+ goto exit;
+ }
+ memcpy(buf, aes_test_xts_ct32[u], len);
+ aes_tests = aes_test_xts_pt32[u];
+ } else {
+ ret = mbedtls_aes_xts_setkey_enc(&ctx_xts, key, 256);
+ if (ret != 0) {
+ goto exit;
+ }
+ memcpy(buf, aes_test_xts_pt32[u], len);
+ aes_tests = aes_test_xts_ct32[u];
+ }
+
+
+ ret = mbedtls_aes_crypt_xts(&ctx_xts, mode, len, data_unit,
+ buf, buf);
+ if (ret != 0) {
goto exit;
- memcpy( buf, aes_test_xts_ct32[u], len );
- aes_tests = aes_test_xts_pt32[u];
- }
- else
- {
- ret = mbedtls_aes_xts_setkey_enc( &ctx_xts, key, 256 );
- if( ret != 0)
+ }
+
+ if (memcmp(buf, aes_tests, len) != 0) {
+ ret = 1;
goto exit;
- memcpy( buf, aes_test_xts_pt32[u], len );
- aes_tests = aes_test_xts_ct32[u];
+ }
+
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
-
- ret = mbedtls_aes_crypt_xts( &ctx_xts, mode, len, data_unit,
- buf, buf );
- if( ret != 0 )
- goto exit;
-
- if( memcmp( buf, aes_tests, len ) != 0 )
- {
- ret = 1;
- goto exit;
+ if (verbose != 0) {
+ mbedtls_printf("\n");
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
- }
-
- if( verbose != 0 )
- mbedtls_printf( "\n" );
-
- mbedtls_aes_xts_free( &ctx_xts );
+ mbedtls_aes_xts_free(&ctx_xts);
}
#endif /* MBEDTLS_CIPHER_MODE_XTS */
ret = 0;
exit:
- if( ret != 0 && verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (ret != 0 && verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
- mbedtls_aes_free( &ctx );
+ mbedtls_aes_free(&ctx);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/aesni.c b/library/aesni.c
index 4b16d92..2a44b0e 100644
--- a/library/aesni.c
+++ b/library/aesni.c
@@ -28,7 +28,8 @@
#if defined(__has_feature)
#if __has_feature(memory_sanitizer)
-#warning "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
+#warning \
+ "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
#endif
#endif
@@ -47,22 +48,21 @@
/*
* AES-NI support detection routine
*/
-int mbedtls_aesni_has_support( unsigned int what )
+int mbedtls_aesni_has_support(unsigned int what)
{
static int done = 0;
static unsigned int c = 0;
- if( ! done )
- {
- asm( "movl $1, %%eax \n\t"
+ if (!done) {
+ asm ("movl $1, %%eax \n\t"
"cpuid \n\t"
: "=c" (c)
:
- : "eax", "ebx", "edx" );
+ : "eax", "ebx", "edx");
done = 1;
}
- return( ( c & what ) != 0 );
+ return (c & what) != 0;
}
/*
@@ -94,12 +94,12 @@
/*
* AES-NI AES-ECB block en(de)cryption
*/
-int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] )
+int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx,
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16])
{
- asm( "movdqu (%3), %%xmm0 \n\t" // load input
+ asm ("movdqu (%3), %%xmm0 \n\t" // load input
"movdqu (%1), %%xmm1 \n\t" // load round key 0
"pxor %%xmm1, %%xmm0 \n\t" // round 0
"add $16, %1 \n\t" // point to next round key
@@ -110,51 +110,50 @@
"1: \n\t" // encryption loop
"movdqu (%1), %%xmm1 \n\t" // load round key
AESENC xmm1_xmm0 "\n\t" // do round
- "add $16, %1 \n\t" // point to next round key
- "subl $1, %0 \n\t" // loop
- "jnz 1b \n\t"
- "movdqu (%1), %%xmm1 \n\t" // load round key
+ "add $16, %1 \n\t" // point to next round key
+ "subl $1, %0 \n\t" // loop
+ "jnz 1b \n\t"
+ "movdqu (%1), %%xmm1 \n\t" // load round key
AESENCLAST xmm1_xmm0 "\n\t" // last round
- "jmp 3f \n\t"
+ "jmp 3f \n\t"
- "2: \n\t" // decryption loop
- "movdqu (%1), %%xmm1 \n\t"
+ "2: \n\t" // decryption loop
+ "movdqu (%1), %%xmm1 \n\t"
AESDEC xmm1_xmm0 "\n\t" // do round
- "add $16, %1 \n\t"
- "subl $1, %0 \n\t"
- "jnz 2b \n\t"
- "movdqu (%1), %%xmm1 \n\t" // load round key
+ "add $16, %1 \n\t"
+ "subl $1, %0 \n\t"
+ "jnz 2b \n\t"
+ "movdqu (%1), %%xmm1 \n\t" // load round key
AESDECLAST xmm1_xmm0 "\n\t" // last round
- "3: \n\t"
- "movdqu %%xmm0, (%4) \n\t" // export output
+ "3: \n\t"
+ "movdqu %%xmm0, (%4) \n\t" // export output
:
: "r" (ctx->nr), "r" (ctx->rk), "r" (mode), "r" (input), "r" (output)
- : "memory", "cc", "xmm0", "xmm1" );
+ : "memory", "cc", "xmm0", "xmm1");
- return( 0 );
+ return 0;
}
/*
* GCM multiplication: c = a times b in GF(2^128)
* Based on [CLMUL-WP] algorithms 1 (with equation 27) and 5.
*/
-void mbedtls_aesni_gcm_mult( unsigned char c[16],
- const unsigned char a[16],
- const unsigned char b[16] )
+void mbedtls_aesni_gcm_mult(unsigned char c[16],
+ const unsigned char a[16],
+ const unsigned char b[16])
{
unsigned char aa[16], bb[16], cc[16];
size_t i;
/* The inputs are in big-endian order, so byte-reverse them */
- for( i = 0; i < 16; i++ )
- {
+ for (i = 0; i < 16; i++) {
aa[i] = a[15 - i];
bb[i] = b[15 - i];
}
- asm( "movdqu (%0), %%xmm0 \n\t" // a1:a0
+ asm ("movdqu (%0), %%xmm0 \n\t" // a1:a0
"movdqu (%1), %%xmm1 \n\t" // b1:b0
/*
@@ -168,30 +167,30 @@
PCLMULQDQ xmm0_xmm2 ",0x11 \n\t" // a1*b1 = d1:d0
PCLMULQDQ xmm0_xmm3 ",0x10 \n\t" // a0*b1 = e1:e0
PCLMULQDQ xmm0_xmm4 ",0x01 \n\t" // a1*b0 = f1:f0
- "pxor %%xmm3, %%xmm4 \n\t" // e1+f1:e0+f0
- "movdqa %%xmm4, %%xmm3 \n\t" // same
- "psrldq $8, %%xmm4 \n\t" // 0:e1+f1
- "pslldq $8, %%xmm3 \n\t" // e0+f0:0
- "pxor %%xmm4, %%xmm2 \n\t" // d1:d0+e1+f1
- "pxor %%xmm3, %%xmm1 \n\t" // c1+e0+f1:c0
+ "pxor %%xmm3, %%xmm4 \n\t" // e1+f1:e0+f0
+ "movdqa %%xmm4, %%xmm3 \n\t" // same
+ "psrldq $8, %%xmm4 \n\t" // 0:e1+f1
+ "pslldq $8, %%xmm3 \n\t" // e0+f0:0
+ "pxor %%xmm4, %%xmm2 \n\t" // d1:d0+e1+f1
+ "pxor %%xmm3, %%xmm1 \n\t" // c1+e0+f1:c0
/*
* Now shift the result one bit to the left,
* taking advantage of [CLMUL-WP] eq 27 (p. 20)
*/
- "movdqa %%xmm1, %%xmm3 \n\t" // r1:r0
- "movdqa %%xmm2, %%xmm4 \n\t" // r3:r2
- "psllq $1, %%xmm1 \n\t" // r1<<1:r0<<1
- "psllq $1, %%xmm2 \n\t" // r3<<1:r2<<1
- "psrlq $63, %%xmm3 \n\t" // r1>>63:r0>>63
- "psrlq $63, %%xmm4 \n\t" // r3>>63:r2>>63
- "movdqa %%xmm3, %%xmm5 \n\t" // r1>>63:r0>>63
- "pslldq $8, %%xmm3 \n\t" // r0>>63:0
- "pslldq $8, %%xmm4 \n\t" // r2>>63:0
- "psrldq $8, %%xmm5 \n\t" // 0:r1>>63
- "por %%xmm3, %%xmm1 \n\t" // r1<<1|r0>>63:r0<<1
- "por %%xmm4, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1
- "por %%xmm5, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1|r1>>63
+ "movdqa %%xmm1, %%xmm3 \n\t" // r1:r0
+ "movdqa %%xmm2, %%xmm4 \n\t" // r3:r2
+ "psllq $1, %%xmm1 \n\t" // r1<<1:r0<<1
+ "psllq $1, %%xmm2 \n\t" // r3<<1:r2<<1
+ "psrlq $63, %%xmm3 \n\t" // r1>>63:r0>>63
+ "psrlq $63, %%xmm4 \n\t" // r3>>63:r2>>63
+ "movdqa %%xmm3, %%xmm5 \n\t" // r1>>63:r0>>63
+ "pslldq $8, %%xmm3 \n\t" // r0>>63:0
+ "pslldq $8, %%xmm4 \n\t" // r2>>63:0
+ "psrldq $8, %%xmm5 \n\t" // 0:r1>>63
+ "por %%xmm3, %%xmm1 \n\t" // r1<<1|r0>>63:r0<<1
+ "por %%xmm4, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1
+ "por %%xmm5, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1|r1>>63
/*
* Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1
@@ -199,51 +198,52 @@
* Currently xmm2:xmm1 holds x3:x2:x1:x0 (already shifted).
*/
/* Step 2 (1) */
- "movdqa %%xmm1, %%xmm3 \n\t" // x1:x0
- "movdqa %%xmm1, %%xmm4 \n\t" // same
- "movdqa %%xmm1, %%xmm5 \n\t" // same
- "psllq $63, %%xmm3 \n\t" // x1<<63:x0<<63 = stuff:a
- "psllq $62, %%xmm4 \n\t" // x1<<62:x0<<62 = stuff:b
- "psllq $57, %%xmm5 \n\t" // x1<<57:x0<<57 = stuff:c
+ "movdqa %%xmm1, %%xmm3 \n\t" // x1:x0
+ "movdqa %%xmm1, %%xmm4 \n\t" // same
+ "movdqa %%xmm1, %%xmm5 \n\t" // same
+ "psllq $63, %%xmm3 \n\t" // x1<<63:x0<<63 = stuff:a
+ "psllq $62, %%xmm4 \n\t" // x1<<62:x0<<62 = stuff:b
+ "psllq $57, %%xmm5 \n\t" // x1<<57:x0<<57 = stuff:c
/* Step 2 (2) */
- "pxor %%xmm4, %%xmm3 \n\t" // stuff:a+b
- "pxor %%xmm5, %%xmm3 \n\t" // stuff:a+b+c
- "pslldq $8, %%xmm3 \n\t" // a+b+c:0
- "pxor %%xmm3, %%xmm1 \n\t" // x1+a+b+c:x0 = d:x0
+ "pxor %%xmm4, %%xmm3 \n\t" // stuff:a+b
+ "pxor %%xmm5, %%xmm3 \n\t" // stuff:a+b+c
+ "pslldq $8, %%xmm3 \n\t" // a+b+c:0
+ "pxor %%xmm3, %%xmm1 \n\t" // x1+a+b+c:x0 = d:x0
/* Steps 3 and 4 */
- "movdqa %%xmm1,%%xmm0 \n\t" // d:x0
- "movdqa %%xmm1,%%xmm4 \n\t" // same
- "movdqa %%xmm1,%%xmm5 \n\t" // same
- "psrlq $1, %%xmm0 \n\t" // e1:x0>>1 = e1:e0'
- "psrlq $2, %%xmm4 \n\t" // f1:x0>>2 = f1:f0'
- "psrlq $7, %%xmm5 \n\t" // g1:x0>>7 = g1:g0'
- "pxor %%xmm4, %%xmm0 \n\t" // e1+f1:e0'+f0'
- "pxor %%xmm5, %%xmm0 \n\t" // e1+f1+g1:e0'+f0'+g0'
+ "movdqa %%xmm1,%%xmm0 \n\t" // d:x0
+ "movdqa %%xmm1,%%xmm4 \n\t" // same
+ "movdqa %%xmm1,%%xmm5 \n\t" // same
+ "psrlq $1, %%xmm0 \n\t" // e1:x0>>1 = e1:e0'
+ "psrlq $2, %%xmm4 \n\t" // f1:x0>>2 = f1:f0'
+ "psrlq $7, %%xmm5 \n\t" // g1:x0>>7 = g1:g0'
+ "pxor %%xmm4, %%xmm0 \n\t" // e1+f1:e0'+f0'
+ "pxor %%xmm5, %%xmm0 \n\t" // e1+f1+g1:e0'+f0'+g0'
// e0'+f0'+g0' is almost e0+f0+g0, ex\tcept for some missing
// bits carried from d. Now get those\t bits back in.
- "movdqa %%xmm1,%%xmm3 \n\t" // d:x0
- "movdqa %%xmm1,%%xmm4 \n\t" // same
- "movdqa %%xmm1,%%xmm5 \n\t" // same
- "psllq $63, %%xmm3 \n\t" // d<<63:stuff
- "psllq $62, %%xmm4 \n\t" // d<<62:stuff
- "psllq $57, %%xmm5 \n\t" // d<<57:stuff
- "pxor %%xmm4, %%xmm3 \n\t" // d<<63+d<<62:stuff
- "pxor %%xmm5, %%xmm3 \n\t" // missing bits of d:stuff
- "psrldq $8, %%xmm3 \n\t" // 0:missing bits of d
- "pxor %%xmm3, %%xmm0 \n\t" // e1+f1+g1:e0+f0+g0
- "pxor %%xmm1, %%xmm0 \n\t" // h1:h0
- "pxor %%xmm2, %%xmm0 \n\t" // x3+h1:x2+h0
+ "movdqa %%xmm1,%%xmm3 \n\t" // d:x0
+ "movdqa %%xmm1,%%xmm4 \n\t" // same
+ "movdqa %%xmm1,%%xmm5 \n\t" // same
+ "psllq $63, %%xmm3 \n\t" // d<<63:stuff
+ "psllq $62, %%xmm4 \n\t" // d<<62:stuff
+ "psllq $57, %%xmm5 \n\t" // d<<57:stuff
+ "pxor %%xmm4, %%xmm3 \n\t" // d<<63+d<<62:stuff
+ "pxor %%xmm5, %%xmm3 \n\t" // missing bits of d:stuff
+ "psrldq $8, %%xmm3 \n\t" // 0:missing bits of d
+ "pxor %%xmm3, %%xmm0 \n\t" // e1+f1+g1:e0+f0+g0
+ "pxor %%xmm1, %%xmm0 \n\t" // h1:h0
+ "pxor %%xmm2, %%xmm0 \n\t" // x3+h1:x2+h0
- "movdqu %%xmm0, (%2) \n\t" // done
+ "movdqu %%xmm0, (%2) \n\t" // done
:
: "r" (aa), "r" (bb), "r" (cc)
- : "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5" );
+ : "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5");
/* Now byte-reverse the outputs */
- for( i = 0; i < 16; i++ )
+ for (i = 0; i < 16; i++) {
c[i] = cc[15 - i];
+ }
return;
}
@@ -251,32 +251,33 @@
/*
* Compute decryption round keys from encryption round keys
*/
-void mbedtls_aesni_inverse_key( unsigned char *invkey,
- const unsigned char *fwdkey, int nr )
+void mbedtls_aesni_inverse_key(unsigned char *invkey,
+ const unsigned char *fwdkey, int nr)
{
unsigned char *ik = invkey;
const unsigned char *fk = fwdkey + 16 * nr;
- memcpy( ik, fk, 16 );
+ memcpy(ik, fk, 16);
- for( fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16 )
- asm( "movdqu (%0), %%xmm0 \n\t"
+ for (fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16) {
+ asm ("movdqu (%0), %%xmm0 \n\t"
AESIMC xmm0_xmm0 "\n\t"
- "movdqu %%xmm0, (%1) \n\t"
+ "movdqu %%xmm0, (%1) \n\t"
:
: "r" (fk), "r" (ik)
- : "memory", "xmm0" );
+ : "memory", "xmm0");
+ }
- memcpy( ik, fk, 16 );
+ memcpy(ik, fk, 16);
}
/*
* Key expansion, 128-bit case
*/
-static void aesni_setkey_enc_128( unsigned char *rk,
- const unsigned char *key )
+static void aesni_setkey_enc_128(unsigned char *rk,
+ const unsigned char *key)
{
- asm( "movdqu (%1), %%xmm0 \n\t" // copy the original key
+ asm ("movdqu (%1), %%xmm0 \n\t" // copy the original key
"movdqu %%xmm0, (%0) \n\t" // as round key 0
"jmp 2f \n\t" // skip auxiliary routine
@@ -317,16 +318,16 @@
AESKEYGENA xmm0_xmm1 ",0x36 \n\tcall 1b \n\t"
:
: "r" (rk), "r" (key)
- : "memory", "cc", "0" );
+ : "memory", "cc", "0");
}
/*
* Key expansion, 192-bit case
*/
-static void aesni_setkey_enc_192( unsigned char *rk,
- const unsigned char *key )
+static void aesni_setkey_enc_192(unsigned char *rk,
+ const unsigned char *key)
{
- asm( "movdqu (%1), %%xmm0 \n\t" // copy original round key
+ asm ("movdqu (%1), %%xmm0 \n\t" // copy original round key
"movdqu %%xmm0, (%0) \n\t"
"add $16, %0 \n\t"
"movq 16(%1), %%xmm1 \n\t"
@@ -374,16 +375,16 @@
:
: "r" (rk), "r" (key)
- : "memory", "cc", "0" );
+ : "memory", "cc", "0");
}
/*
* Key expansion, 256-bit case
*/
-static void aesni_setkey_enc_256( unsigned char *rk,
- const unsigned char *key )
+static void aesni_setkey_enc_256(unsigned char *rk,
+ const unsigned char *key)
{
- asm( "movdqu (%1), %%xmm0 \n\t"
+ asm ("movdqu (%1), %%xmm0 \n\t"
"movdqu %%xmm0, (%0) \n\t"
"add $16, %0 \n\t"
"movdqu 16(%1), %%xmm1 \n\t"
@@ -414,23 +415,23 @@
/* Set xmm2 to stuff:Y:stuff:stuff with Y = subword( r11 )
* and proceed to generate next round key from there */
AESKEYGENA xmm0_xmm2 ",0x00 \n\t"
- "pshufd $0xaa, %%xmm2, %%xmm2 \n\t"
- "pxor %%xmm1, %%xmm2 \n\t"
- "pslldq $4, %%xmm1 \n\t"
- "pxor %%xmm1, %%xmm2 \n\t"
- "pslldq $4, %%xmm1 \n\t"
- "pxor %%xmm1, %%xmm2 \n\t"
- "pslldq $4, %%xmm1 \n\t"
- "pxor %%xmm2, %%xmm1 \n\t"
- "add $16, %0 \n\t"
- "movdqu %%xmm1, (%0) \n\t"
- "ret \n\t"
+ "pshufd $0xaa, %%xmm2, %%xmm2 \n\t"
+ "pxor %%xmm1, %%xmm2 \n\t"
+ "pslldq $4, %%xmm1 \n\t"
+ "pxor %%xmm1, %%xmm2 \n\t"
+ "pslldq $4, %%xmm1 \n\t"
+ "pxor %%xmm1, %%xmm2 \n\t"
+ "pslldq $4, %%xmm1 \n\t"
+ "pxor %%xmm2, %%xmm1 \n\t"
+ "add $16, %0 \n\t"
+ "movdqu %%xmm1, (%0) \n\t"
+ "ret \n\t"
/*
* Main "loop" - Generating one more key than necessary,
* see definition of mbedtls_aes_context.buf
*/
- "2: \n\t"
+ "2: \n\t"
AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t"
@@ -440,25 +441,24 @@
AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t"
:
: "r" (rk), "r" (key)
- : "memory", "cc", "0" );
+ : "memory", "cc", "0");
}
/*
* Key expansion, wrapper
*/
-int mbedtls_aesni_setkey_enc( unsigned char *rk,
- const unsigned char *key,
- size_t bits )
+int mbedtls_aesni_setkey_enc(unsigned char *rk,
+ const unsigned char *key,
+ size_t bits)
{
- switch( bits )
- {
- case 128: aesni_setkey_enc_128( rk, key ); break;
- case 192: aesni_setkey_enc_192( rk, key ); break;
- case 256: aesni_setkey_enc_256( rk, key ); break;
- default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
+ switch (bits) {
+ case 128: aesni_setkey_enc_128(rk, key); break;
+ case 192: aesni_setkey_enc_192(rk, key); break;
+ case 256: aesni_setkey_enc_256(rk, key); break;
+ default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_HAVE_X86_64 */
diff --git a/library/arc4.c b/library/arc4.c
index dcc13d5..aa5e3a2 100644
--- a/library/arc4.c
+++ b/library/arc4.c
@@ -35,24 +35,25 @@
#if !defined(MBEDTLS_ARC4_ALT)
-void mbedtls_arc4_init( mbedtls_arc4_context *ctx )
+void mbedtls_arc4_init(mbedtls_arc4_context *ctx)
{
- memset( ctx, 0, sizeof( mbedtls_arc4_context ) );
+ memset(ctx, 0, sizeof(mbedtls_arc4_context));
}
-void mbedtls_arc4_free( mbedtls_arc4_context *ctx )
+void mbedtls_arc4_free(mbedtls_arc4_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_arc4_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_arc4_context));
}
/*
* ARC4 key schedule
*/
-void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
- unsigned int keylen )
+void mbedtls_arc4_setup(mbedtls_arc4_context *ctx, const unsigned char *key,
+ unsigned int keylen)
{
int i, j, a;
unsigned int k;
@@ -62,17 +63,19 @@
ctx->y = 0;
m = ctx->m;
- for( i = 0; i < 256; i++ )
+ for (i = 0; i < 256; i++) {
m[i] = (unsigned char) i;
+ }
j = k = 0;
- for( i = 0; i < 256; i++, k++ )
- {
- if( k >= keylen ) k = 0;
+ for (i = 0; i < 256; i++, k++) {
+ if (k >= keylen) {
+ k = 0;
+ }
a = m[i];
- j = ( j + a + key[k] ) & 0xFF;
+ j = (j + a + key[k]) & 0xFF;
m[i] = m[j];
m[j] = (unsigned char) a;
}
@@ -81,8 +84,8 @@
/*
* ARC4 cipher function
*/
-int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
- unsigned char *output )
+int mbedtls_arc4_crypt(mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
+ unsigned char *output)
{
int x, y, a, b;
size_t i;
@@ -92,22 +95,21 @@
y = ctx->y;
m = ctx->m;
- for( i = 0; i < length; i++ )
- {
- x = ( x + 1 ) & 0xFF; a = m[x];
- y = ( y + a ) & 0xFF; b = m[y];
+ for (i = 0; i < length; i++) {
+ x = (x + 1) & 0xFF; a = m[x];
+ y = (y + a) & 0xFF; b = m[y];
m[x] = (unsigned char) b;
m[y] = (unsigned char) a;
output[i] = (unsigned char)
- ( input[i] ^ m[(unsigned char)( a + b )] );
+ (input[i] ^ m[(unsigned char) (a + b)]);
}
ctx->x = x;
ctx->y = y;
- return( 0 );
+ return 0;
}
#endif /* !MBEDTLS_ARC4_ALT */
@@ -142,45 +144,47 @@
/*
* Checkup routine
*/
-int mbedtls_arc4_self_test( int verbose )
+int mbedtls_arc4_self_test(int verbose)
{
int i, ret = 0;
unsigned char ibuf[8];
unsigned char obuf[8];
mbedtls_arc4_context ctx;
- mbedtls_arc4_init( &ctx );
+ mbedtls_arc4_init(&ctx);
- for( i = 0; i < 3; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " ARC4 test #%d: ", i + 1 );
+ for (i = 0; i < 3; i++) {
+ if (verbose != 0) {
+ mbedtls_printf(" ARC4 test #%d: ", i + 1);
+ }
- memcpy( ibuf, arc4_test_pt[i], 8 );
+ memcpy(ibuf, arc4_test_pt[i], 8);
- mbedtls_arc4_setup( &ctx, arc4_test_key[i], 8 );
- mbedtls_arc4_crypt( &ctx, 8, ibuf, obuf );
+ mbedtls_arc4_setup(&ctx, arc4_test_key[i], 8);
+ mbedtls_arc4_crypt(&ctx, 8, ibuf, obuf);
- if( memcmp( obuf, arc4_test_ct[i], 8 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (memcmp(obuf, arc4_test_ct[i], 8) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
goto exit;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
exit:
- mbedtls_arc4_free( &ctx );
+ mbedtls_arc4_free(&ctx);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/aria.c b/library/aria.c
index 5e52eea..d958ef6 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -38,10 +38,10 @@
#include "mbedtls/platform_util.h"
/* Parameter validation macros */
-#define ARIA_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA )
-#define ARIA_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define ARIA_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA)
+#define ARIA_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
/*
* modify byte order: ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes
@@ -55,30 +55,30 @@
#if defined(__arm__) /* rev16 available from v6 up */
/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
#if defined(__GNUC__) && \
- ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) && \
+ (!defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000) && \
__ARM_ARCH >= 6
-static inline uint32_t aria_p1( uint32_t x )
+static inline uint32_t aria_p1(uint32_t x)
{
uint32_t r;
- __asm( "rev16 %0, %1" : "=l" (r) : "l" (x) );
- return( r );
+ __asm("rev16 %0, %1" : "=l" (r) : "l" (x));
+ return r;
}
#define ARIA_P1 aria_p1
#elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \
- ( __TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3 )
-static inline uint32_t aria_p1( uint32_t x )
+ (__TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3)
+static inline uint32_t aria_p1(uint32_t x)
{
uint32_t r;
- __asm( "rev16 r, x" );
- return( r );
+ __asm("rev16 r, x");
+ return r;
}
#define ARIA_P1 aria_p1
#endif
#endif /* arm */
#if defined(__GNUC__) && \
- defined(__i386__) || defined(__amd64__) || defined( __x86_64__)
+ defined(__i386__) || defined(__amd64__) || defined(__x86_64__)
/* I couldn't find an Intel equivalent of rev16, so two instructions */
-#define ARIA_P1(x) ARIA_P2( ARIA_P3( x ) )
+#define ARIA_P1(x) ARIA_P2(ARIA_P3(x))
#endif /* x86 gnuc */
#endif /* MBEDTLS_HAVE_ASM && GNUC */
#if !defined(ARIA_P1)
@@ -106,38 +106,38 @@
#if defined(__arm__) /* rev available from v6 up */
/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
#if defined(__GNUC__) && \
- ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) && \
+ (!defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000) && \
__ARM_ARCH >= 6
-static inline uint32_t aria_p3( uint32_t x )
+static inline uint32_t aria_p3(uint32_t x)
{
uint32_t r;
- __asm( "rev %0, %1" : "=l" (r) : "l" (x) );
- return( r );
+ __asm("rev %0, %1" : "=l" (r) : "l" (x));
+ return r;
}
#define ARIA_P3 aria_p3
#elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \
- ( __TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3 )
-static inline uint32_t aria_p3( uint32_t x )
+ (__TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3)
+static inline uint32_t aria_p3(uint32_t x)
{
uint32_t r;
- __asm( "rev r, x" );
- return( r );
+ __asm("rev r, x");
+ return r;
}
#define ARIA_P3 aria_p3
#endif
#endif /* arm */
#if defined(__GNUC__) && \
- defined(__i386__) || defined(__amd64__) || defined( __x86_64__)
-static inline uint32_t aria_p3( uint32_t x )
+ defined(__i386__) || defined(__amd64__) || defined(__x86_64__)
+static inline uint32_t aria_p3(uint32_t x)
{
- __asm( "bswap %0" : "=r" (x) : "0" (x) );
- return( x );
+ __asm("bswap %0" : "=r" (x) : "0" (x));
+ return x;
}
#define ARIA_P3 aria_p3
#endif /* x86 gnuc */
#endif /* MBEDTLS_HAVE_ASM && GNUC */
#if !defined(ARIA_P3)
-#define ARIA_P3(x) ARIA_P2( ARIA_P1 ( x ) )
+#define ARIA_P3(x) ARIA_P2(ARIA_P1(x))
#endif
/*
@@ -163,28 +163,28 @@
* half of App. B.1 in [1] in terms of 4-byte operators P1, P2, P3 and P4.
* The implementation below uses only P1 and P2 as they are sufficient.
*/
-static inline void aria_a( uint32_t *a, uint32_t *b,
- uint32_t *c, uint32_t *d )
+static inline void aria_a(uint32_t *a, uint32_t *b,
+ uint32_t *c, uint32_t *d)
{
uint32_t ta, tb, tc;
ta = *b; // 4567
*b = *a; // 0123
- *a = ARIA_P2( ta ); // 6745
- tb = ARIA_P2( *d ); // efcd
- *d = ARIA_P1( *c ); // 98ba
- *c = ARIA_P1( tb ); // fedc
+ *a = ARIA_P2(ta); // 6745
+ tb = ARIA_P2(*d); // efcd
+ *d = ARIA_P1(*c); // 98ba
+ *c = ARIA_P1(tb); // fedc
ta ^= *d; // 4567+98ba
- tc = ARIA_P2( *b ); // 2301
- ta = ARIA_P1( ta ) ^ tc ^ *c; // 2301+5476+89ab+fedc
- tb ^= ARIA_P2( *d ); // ba98+efcd
- tc ^= ARIA_P1( *a ); // 2301+7654
+ tc = ARIA_P2(*b); // 2301
+ ta = ARIA_P1(ta) ^ tc ^ *c; // 2301+5476+89ab+fedc
+ tb ^= ARIA_P2(*d); // ba98+efcd
+ tc ^= ARIA_P1(*a); // 2301+7654
*b ^= ta ^ tb; // 0123+2301+5476+89ab+ba98+efcd+fedc OUT
- tb = ARIA_P2( tb ) ^ ta; // 2301+5476+89ab+98ba+cdef+fedc
- *a ^= ARIA_P1( tb ); // 3210+4567+6745+89ab+98ba+dcfe+efcd OUT
- ta = ARIA_P2( ta ); // 0123+7654+ab89+dcfe
- *d ^= ARIA_P1( ta ) ^ tc; // 1032+2301+6745+7654+98ba+ba98+cdef OUT
- tc = ARIA_P2( tc ); // 0123+5476
- *c ^= ARIA_P1( tc ) ^ ta; // 0123+1032+4567+7654+ab89+dcfe+fedc OUT
+ tb = ARIA_P2(tb) ^ ta; // 2301+5476+89ab+98ba+cdef+fedc
+ *a ^= ARIA_P1(tb); // 3210+4567+6745+89ab+98ba+dcfe+efcd OUT
+ ta = ARIA_P2(ta); // 0123+7654+ab89+dcfe
+ *d ^= ARIA_P1(ta) ^ tc; // 1032+2301+6745+7654+98ba+ba98+cdef OUT
+ tc = ARIA_P2(tc); // 0123+5476
+ *c ^= ARIA_P1(tc) ^ ta; // 0123+1032+4567+7654+ab89+dcfe+fedc OUT
}
/*
@@ -195,27 +195,27 @@
* By passing sb1, sb2, is1, is2 as S-Boxes you get SL1
* By passing is1, is2, sb1, sb2 as S-Boxes you get SL2
*/
-static inline void aria_sl( uint32_t *a, uint32_t *b,
- uint32_t *c, uint32_t *d,
- const uint8_t sa[256], const uint8_t sb[256],
- const uint8_t sc[256], const uint8_t sd[256] )
+static inline void aria_sl(uint32_t *a, uint32_t *b,
+ uint32_t *c, uint32_t *d,
+ const uint8_t sa[256], const uint8_t sb[256],
+ const uint8_t sc[256], const uint8_t sd[256])
{
- *a = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *a ) ] ) ^
- (((uint32_t) sb[ MBEDTLS_BYTE_1( *a ) ]) << 8) ^
- (((uint32_t) sc[ MBEDTLS_BYTE_2( *a ) ]) << 16) ^
- (((uint32_t) sd[ MBEDTLS_BYTE_3( *a ) ]) << 24);
- *b = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *b ) ] ) ^
- (((uint32_t) sb[ MBEDTLS_BYTE_1( *b ) ]) << 8) ^
- (((uint32_t) sc[ MBEDTLS_BYTE_2( *b ) ]) << 16) ^
- (((uint32_t) sd[ MBEDTLS_BYTE_3( *b ) ]) << 24);
- *c = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *c ) ] ) ^
- (((uint32_t) sb[ MBEDTLS_BYTE_1( *c ) ]) << 8) ^
- (((uint32_t) sc[ MBEDTLS_BYTE_2( *c ) ]) << 16) ^
- (((uint32_t) sd[ MBEDTLS_BYTE_3( *c ) ]) << 24);
- *d = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *d ) ] ) ^
- (((uint32_t) sb[ MBEDTLS_BYTE_1( *d ) ]) << 8) ^
- (((uint32_t) sc[ MBEDTLS_BYTE_2( *d ) ]) << 16) ^
- (((uint32_t) sd[ MBEDTLS_BYTE_3( *d ) ]) << 24);
+ *a = ((uint32_t) sa[MBEDTLS_BYTE_0(*a)]) ^
+ (((uint32_t) sb[MBEDTLS_BYTE_1(*a)]) << 8) ^
+ (((uint32_t) sc[MBEDTLS_BYTE_2(*a)]) << 16) ^
+ (((uint32_t) sd[MBEDTLS_BYTE_3(*a)]) << 24);
+ *b = ((uint32_t) sa[MBEDTLS_BYTE_0(*b)]) ^
+ (((uint32_t) sb[MBEDTLS_BYTE_1(*b)]) << 8) ^
+ (((uint32_t) sc[MBEDTLS_BYTE_2(*b)]) << 16) ^
+ (((uint32_t) sd[MBEDTLS_BYTE_3(*b)]) << 24);
+ *c = ((uint32_t) sa[MBEDTLS_BYTE_0(*c)]) ^
+ (((uint32_t) sb[MBEDTLS_BYTE_1(*c)]) << 8) ^
+ (((uint32_t) sc[MBEDTLS_BYTE_2(*c)]) << 16) ^
+ (((uint32_t) sd[MBEDTLS_BYTE_3(*c)]) << 24);
+ *d = ((uint32_t) sa[MBEDTLS_BYTE_0(*d)]) ^
+ (((uint32_t) sb[MBEDTLS_BYTE_1(*d)]) << 8) ^
+ (((uint32_t) sc[MBEDTLS_BYTE_2(*d)]) << 16) ^
+ (((uint32_t) sd[MBEDTLS_BYTE_3(*d)]) << 24);
}
/*
@@ -328,8 +328,8 @@
/*
* Helper for key schedule: r = FO( p, k ) ^ x
*/
-static void aria_fo_xor( uint32_t r[4], const uint32_t p[4],
- const uint32_t k[4], const uint32_t x[4] )
+static void aria_fo_xor(uint32_t r[4], const uint32_t p[4],
+ const uint32_t k[4], const uint32_t x[4])
{
uint32_t a, b, c, d;
@@ -338,8 +338,8 @@
c = p[2] ^ k[2];
d = p[3] ^ k[3];
- aria_sl( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 );
- aria_a( &a, &b, &c, &d );
+ aria_sl(&a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2);
+ aria_a(&a, &b, &c, &d);
r[0] = a ^ x[0];
r[1] = b ^ x[1];
@@ -350,8 +350,8 @@
/*
* Helper for key schedule: r = FE( p, k ) ^ x
*/
-static void aria_fe_xor( uint32_t r[4], const uint32_t p[4],
- const uint32_t k[4], const uint32_t x[4] )
+static void aria_fe_xor(uint32_t r[4], const uint32_t p[4],
+ const uint32_t k[4], const uint32_t x[4])
{
uint32_t a, b, c, d;
@@ -360,8 +360,8 @@
c = p[2] ^ k[2];
d = p[3] ^ k[3];
- aria_sl( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 );
- aria_a( &a, &b, &c, &d );
+ aria_sl(&a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2);
+ aria_a(&a, &b, &c, &d);
r[0] = a ^ x[0];
r[1] = b ^ x[1];
@@ -376,8 +376,8 @@
* MBEDTLS_GET_UINT32_LE / MBEDTLS_PUT_UINT32_LE ) so we need to reverse
* bytes here.
*/
-static void aria_rot128( uint32_t r[4], const uint32_t a[4],
- const uint32_t b[4], uint8_t n )
+static void aria_rot128(uint32_t r[4], const uint32_t a[4],
+ const uint32_t b[4], uint8_t n)
{
uint8_t i, j;
uint32_t t, u;
@@ -385,15 +385,14 @@
const uint8_t n1 = n % 32; // bit offset
const uint8_t n2 = n1 ? 32 - n1 : 0; // reverse bit offset
- j = ( n / 32 ) % 4; // initial word offset
- t = ARIA_P3( b[j] ); // big endian
- for( i = 0; i < 4; i++ )
- {
- j = ( j + 1 ) % 4; // get next word, big endian
- u = ARIA_P3( b[j] );
+ j = (n / 32) % 4; // initial word offset
+ t = ARIA_P3(b[j]); // big endian
+ for (i = 0; i < 4; i++) {
+ j = (j + 1) % 4; // get next word, big endian
+ u = ARIA_P3(b[j]);
t <<= n1; // rotate
t |= u >> n2;
- t = ARIA_P3( t ); // back to little endian
+ t = ARIA_P3(t); // back to little endian
r[i] = a[i] ^ t; // store
t = u; // move to next word
}
@@ -402,8 +401,8 @@
/*
* Set encryption key
*/
-int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
- const unsigned char *key, unsigned int keybits )
+int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx,
+ const unsigned char *key, unsigned int keybits)
{
/* round constant masks */
const uint32_t rc[3][4] =
@@ -415,74 +414,71 @@
int i;
uint32_t w[4][4], *w2;
- ARIA_VALIDATE_RET( ctx != NULL );
- ARIA_VALIDATE_RET( key != NULL );
+ ARIA_VALIDATE_RET(ctx != NULL);
+ ARIA_VALIDATE_RET(key != NULL);
- if( keybits != 128 && keybits != 192 && keybits != 256 )
- return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
+ if (keybits != 128 && keybits != 192 && keybits != 256) {
+ return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
+ }
/* Copy key to W0 (and potential remainder to W1) */
- w[0][0] = MBEDTLS_GET_UINT32_LE( key, 0 );
- w[0][1] = MBEDTLS_GET_UINT32_LE( key, 4 );
- w[0][2] = MBEDTLS_GET_UINT32_LE( key, 8 );
- w[0][3] = MBEDTLS_GET_UINT32_LE( key, 12 );
+ w[0][0] = MBEDTLS_GET_UINT32_LE(key, 0);
+ w[0][1] = MBEDTLS_GET_UINT32_LE(key, 4);
+ w[0][2] = MBEDTLS_GET_UINT32_LE(key, 8);
+ w[0][3] = MBEDTLS_GET_UINT32_LE(key, 12);
- memset( w[1], 0, 16 );
- if( keybits >= 192 )
- {
- w[1][0] = MBEDTLS_GET_UINT32_LE( key, 16 ); // 192 bit key
- w[1][1] = MBEDTLS_GET_UINT32_LE( key, 20 );
+ memset(w[1], 0, 16);
+ if (keybits >= 192) {
+ w[1][0] = MBEDTLS_GET_UINT32_LE(key, 16); // 192 bit key
+ w[1][1] = MBEDTLS_GET_UINT32_LE(key, 20);
}
- if( keybits == 256 )
- {
- w[1][2] = MBEDTLS_GET_UINT32_LE( key, 24 ); // 256 bit key
- w[1][3] = MBEDTLS_GET_UINT32_LE( key, 28 );
+ if (keybits == 256) {
+ w[1][2] = MBEDTLS_GET_UINT32_LE(key, 24); // 256 bit key
+ w[1][3] = MBEDTLS_GET_UINT32_LE(key, 28);
}
- i = ( keybits - 128 ) >> 6; // index: 0, 1, 2
+ i = (keybits - 128) >> 6; // index: 0, 1, 2
ctx->nr = 12 + 2 * i; // no. rounds: 12, 14, 16
- aria_fo_xor( w[1], w[0], rc[i], w[1] ); // W1 = FO(W0, CK1) ^ KR
+ aria_fo_xor(w[1], w[0], rc[i], w[1]); // W1 = FO(W0, CK1) ^ KR
i = i < 2 ? i + 1 : 0;
- aria_fe_xor( w[2], w[1], rc[i], w[0] ); // W2 = FE(W1, CK2) ^ W0
+ aria_fe_xor(w[2], w[1], rc[i], w[0]); // W2 = FE(W1, CK2) ^ W0
i = i < 2 ? i + 1 : 0;
- aria_fo_xor( w[3], w[2], rc[i], w[1] ); // W3 = FO(W2, CK3) ^ W1
+ aria_fo_xor(w[3], w[2], rc[i], w[1]); // W3 = FO(W2, CK3) ^ W1
- for( i = 0; i < 4; i++ ) // create round keys
- {
+ for (i = 0; i < 4; i++) { // create round keys
w2 = w[(i + 1) & 3];
- aria_rot128( ctx->rk[i ], w[i], w2, 128 - 19 );
- aria_rot128( ctx->rk[i + 4], w[i], w2, 128 - 31 );
- aria_rot128( ctx->rk[i + 8], w[i], w2, 61 );
- aria_rot128( ctx->rk[i + 12], w[i], w2, 31 );
+ aria_rot128(ctx->rk[i], w[i], w2, 128 - 19);
+ aria_rot128(ctx->rk[i + 4], w[i], w2, 128 - 31);
+ aria_rot128(ctx->rk[i + 8], w[i], w2, 61);
+ aria_rot128(ctx->rk[i + 12], w[i], w2, 31);
}
- aria_rot128( ctx->rk[16], w[0], w[1], 19 );
+ aria_rot128(ctx->rk[16], w[0], w[1], 19);
/* w holds enough info to reconstruct the round keys */
- mbedtls_platform_zeroize( w, sizeof( w ) );
+ mbedtls_platform_zeroize(w, sizeof(w));
- return( 0 );
+ return 0;
}
/*
* Set decryption key
*/
-int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
- const unsigned char *key, unsigned int keybits )
+int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx,
+ const unsigned char *key, unsigned int keybits)
{
int i, j, k, ret;
- ARIA_VALIDATE_RET( ctx != NULL );
- ARIA_VALIDATE_RET( key != NULL );
+ ARIA_VALIDATE_RET(ctx != NULL);
+ ARIA_VALIDATE_RET(key != NULL);
- ret = mbedtls_aria_setkey_enc( ctx, key, keybits );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_aria_setkey_enc(ctx, key, keybits);
+ if (ret != 0) {
+ return ret;
+ }
/* flip the order of round keys */
- for( i = 0, j = ctx->nr; i < j; i++, j-- )
- {
- for( k = 0; k < 4; k++ )
- {
+ for (i = 0, j = ctx->nr; i < j; i++, j--) {
+ for (k = 0; k < 4; k++) {
uint32_t t = ctx->rk[i][k];
ctx->rk[i][k] = ctx->rk[j][k];
ctx->rk[j][k] = t;
@@ -490,45 +486,43 @@
}
/* apply affine transform to middle keys */
- for( i = 1; i < ctx->nr; i++ )
- {
- aria_a( &ctx->rk[i][0], &ctx->rk[i][1],
- &ctx->rk[i][2], &ctx->rk[i][3] );
+ for (i = 1; i < ctx->nr; i++) {
+ aria_a(&ctx->rk[i][0], &ctx->rk[i][1],
+ &ctx->rk[i][2], &ctx->rk[i][3]);
}
- return( 0 );
+ return 0;
}
/*
* Encrypt a block
*/
-int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
- const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
- unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] )
+int mbedtls_aria_crypt_ecb(mbedtls_aria_context *ctx,
+ const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
+ unsigned char output[MBEDTLS_ARIA_BLOCKSIZE])
{
int i;
uint32_t a, b, c, d;
- ARIA_VALIDATE_RET( ctx != NULL );
- ARIA_VALIDATE_RET( input != NULL );
- ARIA_VALIDATE_RET( output != NULL );
+ ARIA_VALIDATE_RET(ctx != NULL);
+ ARIA_VALIDATE_RET(input != NULL);
+ ARIA_VALIDATE_RET(output != NULL);
- a = MBEDTLS_GET_UINT32_LE( input, 0 );
- b = MBEDTLS_GET_UINT32_LE( input, 4 );
- c = MBEDTLS_GET_UINT32_LE( input, 8 );
- d = MBEDTLS_GET_UINT32_LE( input, 12 );
+ a = MBEDTLS_GET_UINT32_LE(input, 0);
+ b = MBEDTLS_GET_UINT32_LE(input, 4);
+ c = MBEDTLS_GET_UINT32_LE(input, 8);
+ d = MBEDTLS_GET_UINT32_LE(input, 12);
i = 0;
- while( 1 )
- {
+ while (1) {
a ^= ctx->rk[i][0];
b ^= ctx->rk[i][1];
c ^= ctx->rk[i][2];
d ^= ctx->rk[i][3];
i++;
- aria_sl( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 );
- aria_a( &a, &b, &c, &d );
+ aria_sl(&a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2);
+ aria_a(&a, &b, &c, &d);
a ^= ctx->rk[i][0];
b ^= ctx->rk[i][1];
@@ -536,10 +530,11 @@
d ^= ctx->rk[i][3];
i++;
- aria_sl( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 );
- if( i >= ctx->nr )
+ aria_sl(&a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2);
+ if (i >= ctx->nr) {
break;
- aria_a( &a, &b, &c, &d );
+ }
+ aria_a(&a, &b, &c, &d);
}
/* final key mixing */
@@ -548,80 +543,79 @@
c ^= ctx->rk[i][2];
d ^= ctx->rk[i][3];
- MBEDTLS_PUT_UINT32_LE( a, output, 0 );
- MBEDTLS_PUT_UINT32_LE( b, output, 4 );
- MBEDTLS_PUT_UINT32_LE( c, output, 8 );
- MBEDTLS_PUT_UINT32_LE( d, output, 12 );
+ MBEDTLS_PUT_UINT32_LE(a, output, 0);
+ MBEDTLS_PUT_UINT32_LE(b, output, 4);
+ MBEDTLS_PUT_UINT32_LE(c, output, 8);
+ MBEDTLS_PUT_UINT32_LE(d, output, 12);
- return( 0 );
+ return 0;
}
/* Initialize context */
-void mbedtls_aria_init( mbedtls_aria_context *ctx )
+void mbedtls_aria_init(mbedtls_aria_context *ctx)
{
- ARIA_VALIDATE( ctx != NULL );
- memset( ctx, 0, sizeof( mbedtls_aria_context ) );
+ ARIA_VALIDATE(ctx != NULL);
+ memset(ctx, 0, sizeof(mbedtls_aria_context));
}
/* Clear context */
-void mbedtls_aria_free( mbedtls_aria_context *ctx )
+void mbedtls_aria_free(mbedtls_aria_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aria_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_aria_context));
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/*
* ARIA-CBC buffer encryption/decryption
*/
-int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_aria_crypt_cbc(mbedtls_aria_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output)
{
int i;
unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE];
- ARIA_VALIDATE_RET( ctx != NULL );
- ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT ||
- mode == MBEDTLS_ARIA_DECRYPT );
- ARIA_VALIDATE_RET( length == 0 || input != NULL );
- ARIA_VALIDATE_RET( length == 0 || output != NULL );
- ARIA_VALIDATE_RET( iv != NULL );
+ ARIA_VALIDATE_RET(ctx != NULL);
+ ARIA_VALIDATE_RET(mode == MBEDTLS_ARIA_ENCRYPT ||
+ mode == MBEDTLS_ARIA_DECRYPT);
+ ARIA_VALIDATE_RET(length == 0 || input != NULL);
+ ARIA_VALIDATE_RET(length == 0 || output != NULL);
+ ARIA_VALIDATE_RET(iv != NULL);
- if( length % MBEDTLS_ARIA_BLOCKSIZE )
- return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH );
+ if (length % MBEDTLS_ARIA_BLOCKSIZE) {
+ return MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH;
+ }
- if( mode == MBEDTLS_ARIA_DECRYPT )
- {
- while( length > 0 )
- {
- memcpy( temp, input, MBEDTLS_ARIA_BLOCKSIZE );
- mbedtls_aria_crypt_ecb( ctx, input, output );
+ if (mode == MBEDTLS_ARIA_DECRYPT) {
+ while (length > 0) {
+ memcpy(temp, input, MBEDTLS_ARIA_BLOCKSIZE);
+ mbedtls_aria_crypt_ecb(ctx, input, output);
- for( i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++ )
- output[i] = (unsigned char)( output[i] ^ iv[i] );
+ for (i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++) {
+ output[i] = (unsigned char) (output[i] ^ iv[i]);
+ }
- memcpy( iv, temp, MBEDTLS_ARIA_BLOCKSIZE );
+ memcpy(iv, temp, MBEDTLS_ARIA_BLOCKSIZE);
input += MBEDTLS_ARIA_BLOCKSIZE;
output += MBEDTLS_ARIA_BLOCKSIZE;
length -= MBEDTLS_ARIA_BLOCKSIZE;
}
- }
- else
- {
- while( length > 0 )
- {
- for( i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++ )
- output[i] = (unsigned char)( input[i] ^ iv[i] );
+ } else {
+ while (length > 0) {
+ for (i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++) {
+ output[i] = (unsigned char) (input[i] ^ iv[i]);
+ }
- mbedtls_aria_crypt_ecb( ctx, output, output );
- memcpy( iv, output, MBEDTLS_ARIA_BLOCKSIZE );
+ mbedtls_aria_crypt_ecb(ctx, output, output);
+ memcpy(iv, output, MBEDTLS_ARIA_BLOCKSIZE);
input += MBEDTLS_ARIA_BLOCKSIZE;
output += MBEDTLS_ARIA_BLOCKSIZE;
@@ -629,7 +623,7 @@
}
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -637,63 +631,61 @@
/*
* ARIA-CFB128 buffer encryption/decryption
*/
-int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_aria_crypt_cfb128(mbedtls_aria_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output)
{
unsigned char c;
size_t n;
- ARIA_VALIDATE_RET( ctx != NULL );
- ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT ||
- mode == MBEDTLS_ARIA_DECRYPT );
- ARIA_VALIDATE_RET( length == 0 || input != NULL );
- ARIA_VALIDATE_RET( length == 0 || output != NULL );
- ARIA_VALIDATE_RET( iv != NULL );
- ARIA_VALIDATE_RET( iv_off != NULL );
+ ARIA_VALIDATE_RET(ctx != NULL);
+ ARIA_VALIDATE_RET(mode == MBEDTLS_ARIA_ENCRYPT ||
+ mode == MBEDTLS_ARIA_DECRYPT);
+ ARIA_VALIDATE_RET(length == 0 || input != NULL);
+ ARIA_VALIDATE_RET(length == 0 || output != NULL);
+ ARIA_VALIDATE_RET(iv != NULL);
+ ARIA_VALIDATE_RET(iv_off != NULL);
n = *iv_off;
/* An overly large value of n can lead to an unlimited
* buffer overflow. Therefore, guard against this
* outside of parameter validation. */
- if( n >= MBEDTLS_ARIA_BLOCKSIZE )
- return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
+ if (n >= MBEDTLS_ARIA_BLOCKSIZE) {
+ return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
+ }
- if( mode == MBEDTLS_ARIA_DECRYPT )
- {
- while( length-- )
- {
- if( n == 0 )
- mbedtls_aria_crypt_ecb( ctx, iv, iv );
+ if (mode == MBEDTLS_ARIA_DECRYPT) {
+ while (length--) {
+ if (n == 0) {
+ mbedtls_aria_crypt_ecb(ctx, iv, iv);
+ }
c = *input++;
*output++ = c ^ iv[n];
iv[n] = c;
- n = ( n + 1 ) & 0x0F;
+ n = (n + 1) & 0x0F;
}
- }
- else
- {
- while( length-- )
- {
- if( n == 0 )
- mbedtls_aria_crypt_ecb( ctx, iv, iv );
+ } else {
+ while (length--) {
+ if (n == 0) {
+ mbedtls_aria_crypt_ecb(ctx, iv, iv);
+ }
- iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
+ iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);
- n = ( n + 1 ) & 0x0F;
+ n = (n + 1) & 0x0F;
}
}
*iv_off = n;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
@@ -701,50 +693,52 @@
/*
* ARIA-CTR buffer encryption/decryption
*/
-int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
- unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_aria_crypt_ctr(mbedtls_aria_context *ctx,
+ size_t length,
+ size_t *nc_off,
+ unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
+ unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output)
{
int c, i;
size_t n;
- ARIA_VALIDATE_RET( ctx != NULL );
- ARIA_VALIDATE_RET( length == 0 || input != NULL );
- ARIA_VALIDATE_RET( length == 0 || output != NULL );
- ARIA_VALIDATE_RET( nonce_counter != NULL );
- ARIA_VALIDATE_RET( stream_block != NULL );
- ARIA_VALIDATE_RET( nc_off != NULL );
+ ARIA_VALIDATE_RET(ctx != NULL);
+ ARIA_VALIDATE_RET(length == 0 || input != NULL);
+ ARIA_VALIDATE_RET(length == 0 || output != NULL);
+ ARIA_VALIDATE_RET(nonce_counter != NULL);
+ ARIA_VALIDATE_RET(stream_block != NULL);
+ ARIA_VALIDATE_RET(nc_off != NULL);
n = *nc_off;
/* An overly large value of n can lead to an unlimited
* buffer overflow. Therefore, guard against this
* outside of parameter validation. */
- if( n >= MBEDTLS_ARIA_BLOCKSIZE )
- return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
+ if (n >= MBEDTLS_ARIA_BLOCKSIZE) {
+ return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
+ }
- while( length-- )
- {
- if( n == 0 ) {
- mbedtls_aria_crypt_ecb( ctx, nonce_counter,
- stream_block );
+ while (length--) {
+ if (n == 0) {
+ mbedtls_aria_crypt_ecb(ctx, nonce_counter,
+ stream_block);
- for( i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i-- )
- if( ++nonce_counter[i - 1] != 0 )
+ for (i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i--) {
+ if (++nonce_counter[i - 1] != 0) {
break;
+ }
+ }
}
c = *input++;
- *output++ = (unsigned char)( c ^ stream_block[n] );
+ *output++ = (unsigned char) (c ^ stream_block[n]);
- n = ( n + 1 ) & 0x0F;
+ n = (n + 1) & 0x0F;
}
*nc_off = n;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#endif /* !MBEDTLS_ARIA_ALT */
@@ -883,22 +877,22 @@
};
#endif /* MBEDTLS_CIPHER_MODE_CFB */
-#define ARIA_SELF_TEST_ASSERT( cond ) \
- do { \
- if( cond ) { \
- if( verbose ) \
- mbedtls_printf( "failed\n" ); \
- goto exit; \
- } else { \
- if( verbose ) \
- mbedtls_printf( "passed\n" ); \
- } \
- } while( 0 )
+#define ARIA_SELF_TEST_ASSERT(cond) \
+ do { \
+ if (cond) { \
+ if (verbose) \
+ mbedtls_printf("failed\n"); \
+ goto exit; \
+ } else { \
+ if (verbose) \
+ mbedtls_printf("passed\n"); \
+ } \
+ } while (0)
/*
* Checkup routine
*/
-int mbedtls_aria_self_test( int verbose )
+int mbedtls_aria_self_test(int verbose)
{
int i;
uint8_t blk[MBEDTLS_ARIA_BLOCKSIZE];
@@ -910,134 +904,142 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) || \
- defined(MBEDTLS_CIPHER_MODE_CFB) || \
- defined(MBEDTLS_CIPHER_MODE_CTR))
+ defined(MBEDTLS_CIPHER_MODE_CFB) || \
+ defined(MBEDTLS_CIPHER_MODE_CTR))
uint8_t buf[48], iv[MBEDTLS_ARIA_BLOCKSIZE];
#endif
- mbedtls_aria_init( &ctx );
+ mbedtls_aria_init(&ctx);
/*
* Test set 1
*/
- for( i = 0; i < 3; i++ )
- {
+ for (i = 0; i < 3; i++) {
/* test ECB encryption */
- if( verbose )
- mbedtls_printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i );
- mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i );
- mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_pt, blk );
+ if (verbose) {
+ mbedtls_printf(" ARIA-ECB-%d (enc): ", 128 + 64 * i);
+ }
+ mbedtls_aria_setkey_enc(&ctx, aria_test1_ecb_key, 128 + 64 * i);
+ mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_pt, blk);
ARIA_SELF_TEST_ASSERT(
- memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE )
- != 0 );
+ memcmp(blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE)
+ != 0);
/* test ECB decryption */
- if( verbose )
- mbedtls_printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i );
- mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i );
- mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_ct[i], blk );
+ if (verbose) {
+ mbedtls_printf(" ARIA-ECB-%d (dec): ", 128 + 64 * i);
+ }
+ mbedtls_aria_setkey_dec(&ctx, aria_test1_ecb_key, 128 + 64 * i);
+ mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_ct[i], blk);
ARIA_SELF_TEST_ASSERT(
- memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE )
- != 0 );
+ memcmp(blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE)
+ != 0);
}
- if( verbose )
- mbedtls_printf( "\n" );
+ if (verbose) {
+ mbedtls_printf("\n");
+ }
/*
* Test set 2
*/
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- for( i = 0; i < 3; i++ )
- {
+ for (i = 0; i < 3; i++) {
/* Test CBC encryption */
- if( verbose )
- mbedtls_printf( " ARIA-CBC-%d (enc): ", 128 + 64 * i );
- mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
- memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
- memset( buf, 0x55, sizeof( buf ) );
- mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv,
- aria_test2_pt, buf );
- ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cbc_ct[i], 48 )
- != 0 );
+ if (verbose) {
+ mbedtls_printf(" ARIA-CBC-%d (enc): ", 128 + 64 * i);
+ }
+ mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
+ memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
+ memset(buf, 0x55, sizeof(buf));
+ mbedtls_aria_crypt_cbc(&ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv,
+ aria_test2_pt, buf);
+ ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_cbc_ct[i], 48)
+ != 0);
/* Test CBC decryption */
- if( verbose )
- mbedtls_printf( " ARIA-CBC-%d (dec): ", 128 + 64 * i );
- mbedtls_aria_setkey_dec( &ctx, aria_test2_key, 128 + 64 * i );
- memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
- memset( buf, 0xAA, sizeof( buf ) );
- mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv,
- aria_test2_cbc_ct[i], buf );
- ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
+ if (verbose) {
+ mbedtls_printf(" ARIA-CBC-%d (dec): ", 128 + 64 * i);
+ }
+ mbedtls_aria_setkey_dec(&ctx, aria_test2_key, 128 + 64 * i);
+ memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
+ memset(buf, 0xAA, sizeof(buf));
+ mbedtls_aria_crypt_cbc(&ctx, MBEDTLS_ARIA_DECRYPT, 48, iv,
+ aria_test2_cbc_ct[i], buf);
+ ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0);
}
- if( verbose )
- mbedtls_printf( "\n" );
+ if (verbose) {
+ mbedtls_printf("\n");
+ }
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
- for( i = 0; i < 3; i++ )
- {
+ for (i = 0; i < 3; i++) {
/* Test CFB encryption */
- if( verbose )
- mbedtls_printf( " ARIA-CFB-%d (enc): ", 128 + 64 * i );
- mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
- memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
- memset( buf, 0x55, sizeof( buf ) );
+ if (verbose) {
+ mbedtls_printf(" ARIA-CFB-%d (enc): ", 128 + 64 * i);
+ }
+ mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
+ memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
+ memset(buf, 0x55, sizeof(buf));
j = 0;
- mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv,
- aria_test2_pt, buf );
- ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 );
+ mbedtls_aria_crypt_cfb128(&ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv,
+ aria_test2_pt, buf);
+ ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_cfb_ct[i], 48) != 0);
/* Test CFB decryption */
- if( verbose )
- mbedtls_printf( " ARIA-CFB-%d (dec): ", 128 + 64 * i );
- mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
- memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
- memset( buf, 0xAA, sizeof( buf ) );
+ if (verbose) {
+ mbedtls_printf(" ARIA-CFB-%d (dec): ", 128 + 64 * i);
+ }
+ mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
+ memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
+ memset(buf, 0xAA, sizeof(buf));
j = 0;
- mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j,
- iv, aria_test2_cfb_ct[i], buf );
- ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
+ mbedtls_aria_crypt_cfb128(&ctx, MBEDTLS_ARIA_DECRYPT, 48, &j,
+ iv, aria_test2_cfb_ct[i], buf);
+ ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0);
}
- if( verbose )
- mbedtls_printf( "\n" );
+ if (verbose) {
+ mbedtls_printf("\n");
+ }
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
- for( i = 0; i < 3; i++ )
- {
+ for (i = 0; i < 3; i++) {
/* Test CTR encryption */
- if( verbose )
- mbedtls_printf( " ARIA-CTR-%d (enc): ", 128 + 64 * i );
- mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
- memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE ); // IV = 0
- memset( buf, 0x55, sizeof( buf ) );
+ if (verbose) {
+ mbedtls_printf(" ARIA-CTR-%d (enc): ", 128 + 64 * i);
+ }
+ mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
+ memset(iv, 0, MBEDTLS_ARIA_BLOCKSIZE); // IV = 0
+ memset(buf, 0x55, sizeof(buf));
j = 0;
- mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
- aria_test2_pt, buf );
- ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 );
+ mbedtls_aria_crypt_ctr(&ctx, 48, &j, iv, blk,
+ aria_test2_pt, buf);
+ ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_ctr_ct[i], 48) != 0);
/* Test CTR decryption */
- if( verbose )
- mbedtls_printf( " ARIA-CTR-%d (dec): ", 128 + 64 * i );
- mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
- memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE ); // IV = 0
- memset( buf, 0xAA, sizeof( buf ) );
+ if (verbose) {
+ mbedtls_printf(" ARIA-CTR-%d (dec): ", 128 + 64 * i);
+ }
+ mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
+ memset(iv, 0, MBEDTLS_ARIA_BLOCKSIZE); // IV = 0
+ memset(buf, 0xAA, sizeof(buf));
j = 0;
- mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
- aria_test2_ctr_ct[i], buf );
- ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
+ mbedtls_aria_crypt_ctr(&ctx, 48, &j, iv, blk,
+ aria_test2_ctr_ct[i], buf);
+ ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0);
}
- if( verbose )
- mbedtls_printf( "\n" );
+ if (verbose) {
+ mbedtls_printf("\n");
+ }
#endif /* MBEDTLS_CIPHER_MODE_CTR */
ret = 0;
exit:
- mbedtls_aria_free( &ctx );
- return( ret );
+ mbedtls_aria_free(&ctx);
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/asn1parse.c b/library/asn1parse.c
index bf97585..6a8cd6c 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -36,203 +36,219 @@
/*
* ASN.1 DER decoding routines
*/
-int mbedtls_asn1_get_len( unsigned char **p,
- const unsigned char *end,
- size_t *len )
+int mbedtls_asn1_get_len(unsigned char **p,
+ const unsigned char *end,
+ size_t *len)
{
- if( ( end - *p ) < 1 )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+ if ((end - *p) < 1) {
+ return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+ }
- if( ( **p & 0x80 ) == 0 )
+ if ((**p & 0x80) == 0) {
*len = *(*p)++;
- else
- {
- switch( **p & 0x7F )
- {
- case 1:
- if( ( end - *p ) < 2 )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+ } else {
+ switch (**p & 0x7F) {
+ case 1:
+ if ((end - *p) < 2) {
+ return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+ }
- *len = (*p)[1];
- (*p) += 2;
- break;
+ *len = (*p)[1];
+ (*p) += 2;
+ break;
- case 2:
- if( ( end - *p ) < 3 )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+ case 2:
+ if ((end - *p) < 3) {
+ return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+ }
- *len = ( (size_t)(*p)[1] << 8 ) | (*p)[2];
- (*p) += 3;
- break;
+ *len = ((size_t) (*p)[1] << 8) | (*p)[2];
+ (*p) += 3;
+ break;
- case 3:
- if( ( end - *p ) < 4 )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+ case 3:
+ if ((end - *p) < 4) {
+ return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+ }
- *len = ( (size_t)(*p)[1] << 16 ) |
- ( (size_t)(*p)[2] << 8 ) | (*p)[3];
- (*p) += 4;
- break;
+ *len = ((size_t) (*p)[1] << 16) |
+ ((size_t) (*p)[2] << 8) | (*p)[3];
+ (*p) += 4;
+ break;
- case 4:
- if( ( end - *p ) < 5 )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+ case 4:
+ if ((end - *p) < 5) {
+ return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+ }
- *len = ( (size_t)(*p)[1] << 24 ) | ( (size_t)(*p)[2] << 16 ) |
- ( (size_t)(*p)[3] << 8 ) | (*p)[4];
- (*p) += 5;
- break;
+ *len = ((size_t) (*p)[1] << 24) | ((size_t) (*p)[2] << 16) |
+ ((size_t) (*p)[3] << 8) | (*p)[4];
+ (*p) += 5;
+ break;
- default:
- return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+ default:
+ return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
}
- if( *len > (size_t) ( end - *p ) )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+ if (*len > (size_t) (end - *p)) {
+ return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+ }
- return( 0 );
+ return 0;
}
-int mbedtls_asn1_get_tag( unsigned char **p,
- const unsigned char *end,
- size_t *len, int tag )
+int mbedtls_asn1_get_tag(unsigned char **p,
+ const unsigned char *end,
+ size_t *len, int tag)
{
- if( ( end - *p ) < 1 )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+ if ((end - *p) < 1) {
+ return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+ }
- if( **p != tag )
- return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+ if (**p != tag) {
+ return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG;
+ }
(*p)++;
- return( mbedtls_asn1_get_len( p, end, len ) );
+ return mbedtls_asn1_get_len(p, end, len);
}
-int mbedtls_asn1_get_bool( unsigned char **p,
- const unsigned char *end,
- int *val )
+int mbedtls_asn1_get_bool(unsigned char **p,
+ const unsigned char *end,
+ int *val)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_BOOLEAN ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_BOOLEAN)) != 0) {
+ return ret;
+ }
- if( len != 1 )
- return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+ if (len != 1) {
+ return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+ }
- *val = ( **p != 0 ) ? 1 : 0;
+ *val = (**p != 0) ? 1 : 0;
(*p)++;
- return( 0 );
+ return 0;
}
-static int asn1_get_tagged_int( unsigned char **p,
- const unsigned char *end,
- int tag, int *val )
+static int asn1_get_tagged_int(unsigned char **p,
+ const unsigned char *end,
+ int tag, int *val)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len, tag ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len, tag)) != 0) {
+ return ret;
+ }
/*
* len==0 is malformed (0 must be represented as 020100 for INTEGER,
* or 0A0100 for ENUMERATED tags
*/
- if( len == 0 )
- return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+ if (len == 0) {
+ return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+ }
/* This is a cryptography library. Reject negative integers. */
- if( ( **p & 0x80 ) != 0 )
- return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+ if ((**p & 0x80) != 0) {
+ return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+ }
/* Skip leading zeros. */
- while( len > 0 && **p == 0 )
- {
- ++( *p );
+ while (len > 0 && **p == 0) {
+ ++(*p);
--len;
}
/* Reject integers that don't fit in an int. This code assumes that
* the int type has no padding bit. */
- if( len > sizeof( int ) )
- return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
- if( len == sizeof( int ) && ( **p & 0x80 ) != 0 )
- return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+ if (len > sizeof(int)) {
+ return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+ }
+ if (len == sizeof(int) && (**p & 0x80) != 0) {
+ return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+ }
*val = 0;
- while( len-- > 0 )
- {
- *val = ( *val << 8 ) | **p;
+ while (len-- > 0) {
+ *val = (*val << 8) | **p;
(*p)++;
}
- return( 0 );
+ return 0;
}
-int mbedtls_asn1_get_int( unsigned char **p,
+int mbedtls_asn1_get_int(unsigned char **p,
+ const unsigned char *end,
+ int *val)
+{
+ return asn1_get_tagged_int(p, end, MBEDTLS_ASN1_INTEGER, val);
+}
+
+int mbedtls_asn1_get_enum(unsigned char **p,
const unsigned char *end,
- int *val )
+ int *val)
{
- return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_INTEGER, val) );
-}
-
-int mbedtls_asn1_get_enum( unsigned char **p,
- const unsigned char *end,
- int *val )
-{
- return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_ENUMERATED, val) );
+ return asn1_get_tagged_int(p, end, MBEDTLS_ASN1_ENUMERATED, val);
}
#if defined(MBEDTLS_BIGNUM_C)
-int mbedtls_asn1_get_mpi( unsigned char **p,
- const unsigned char *end,
- mbedtls_mpi *X )
+int mbedtls_asn1_get_mpi(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_mpi *X)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
+ return ret;
+ }
- ret = mbedtls_mpi_read_binary( X, *p, len );
+ ret = mbedtls_mpi_read_binary(X, *p, len);
*p += len;
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_BIGNUM_C */
-int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
- mbedtls_asn1_bitstring *bs)
+int mbedtls_asn1_get_bitstring(unsigned char **p, const unsigned char *end,
+ mbedtls_asn1_bitstring *bs)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Certificate type is a single byte bitstring */
- if( ( ret = mbedtls_asn1_get_tag( p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING)) != 0) {
+ return ret;
+ }
/* Check length, subtract one for actual bit string length */
- if( bs->len < 1 )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+ if (bs->len < 1) {
+ return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+ }
bs->len -= 1;
/* Get number of unused bits, ensure unused bits <= 7 */
bs->unused_bits = **p;
- if( bs->unused_bits > 7 )
- return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+ if (bs->unused_bits > 7) {
+ return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+ }
(*p)++;
/* Get actual bitstring */
bs->p = *p;
*p += bs->len;
- if( *p != end )
- return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ if (*p != end) {
+ return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+ }
- return( 0 );
+ return 0;
}
/*
@@ -244,105 +260,106 @@
const unsigned char *end,
unsigned char tag_must_mask, unsigned char tag_must_val,
unsigned char tag_may_mask, unsigned char tag_may_val,
- int (*cb)( void *ctx, int tag,
- unsigned char *start, size_t len ),
- void *ctx )
+ int (*cb)(void *ctx, int tag,
+ unsigned char *start, size_t len),
+ void *ctx)
{
int ret;
size_t len;
/* Get main sequence tag */
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return ret;
}
- if( *p + len != end )
- return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ if (*p + len != end) {
+ return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+ }
- while( *p < end )
- {
+ while (*p < end) {
unsigned char const tag = *(*p)++;
- if( ( tag & tag_must_mask ) != tag_must_val )
- return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+ if ((tag & tag_must_mask) != tag_must_val) {
+ return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG;
+ }
- if( ( ret = mbedtls_asn1_get_len( p, end, &len ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_asn1_get_len(p, end, &len)) != 0) {
+ return ret;
+ }
- if( ( tag & tag_may_mask ) == tag_may_val )
- {
- if( cb != NULL )
- {
- ret = cb( ctx, tag, *p, len );
- if( ret != 0 )
- return( ret );
+ if ((tag & tag_may_mask) == tag_may_val) {
+ if (cb != NULL) {
+ ret = cb(ctx, tag, *p, len);
+ if (ret != 0) {
+ return ret;
+ }
}
}
*p += len;
}
- return( 0 );
+ return 0;
}
/*
* Get a bit string without unused bits
*/
-int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
- size_t *len )
+int mbedtls_asn1_get_bitstring_null(unsigned char **p, const unsigned char *end,
+ size_t *len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_asn1_get_tag(p, end, len, MBEDTLS_ASN1_BIT_STRING)) != 0) {
+ return ret;
+ }
- if( *len == 0 )
- return( MBEDTLS_ERR_ASN1_INVALID_DATA );
- --( *len );
+ if (*len == 0) {
+ return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ }
+ --(*len);
- if( **p != 0 )
- return( MBEDTLS_ERR_ASN1_INVALID_DATA );
- ++( *p );
+ if (**p != 0) {
+ return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ }
+ ++(*p);
- return( 0 );
+ return 0;
}
-void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq )
+void mbedtls_asn1_sequence_free(mbedtls_asn1_sequence *seq)
{
- while( seq != NULL )
- {
+ while (seq != NULL) {
mbedtls_asn1_sequence *next = seq->next;
- mbedtls_platform_zeroize( seq, sizeof( *seq ) );
- mbedtls_free( seq );
+ mbedtls_platform_zeroize(seq, sizeof(*seq));
+ mbedtls_free(seq);
seq = next;
}
}
-typedef struct
-{
+typedef struct {
int tag;
mbedtls_asn1_sequence *cur;
} asn1_get_sequence_of_cb_ctx_t;
-static int asn1_get_sequence_of_cb( void *ctx,
- int tag,
- unsigned char *start,
- size_t len )
+static int asn1_get_sequence_of_cb(void *ctx,
+ int tag,
+ unsigned char *start,
+ size_t len)
{
asn1_get_sequence_of_cb_ctx_t *cb_ctx =
(asn1_get_sequence_of_cb_ctx_t *) ctx;
mbedtls_asn1_sequence *cur =
cb_ctx->cur;
- if( cur->buf.p != NULL )
- {
+ if (cur->buf.p != NULL) {
cur->next =
- mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
+ mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence));
- if( cur->next == NULL )
- return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
+ if (cur->next == NULL) {
+ return MBEDTLS_ERR_ASN1_ALLOC_FAILED;
+ }
cur = cur->next;
}
@@ -352,124 +369,128 @@
cur->buf.tag = tag;
cb_ctx->cur = cur;
- return( 0 );
+ return 0;
}
/*
* Parses and splits an ASN.1 "SEQUENCE OF <tag>"
*/
-int mbedtls_asn1_get_sequence_of( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_sequence *cur,
- int tag)
+int mbedtls_asn1_get_sequence_of(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_asn1_sequence *cur,
+ int tag)
{
asn1_get_sequence_of_cb_ctx_t cb_ctx = { tag, cur };
- memset( cur, 0, sizeof( mbedtls_asn1_sequence ) );
- return( mbedtls_asn1_traverse_sequence_of(
- p, end, 0xFF, tag, 0, 0,
- asn1_get_sequence_of_cb, &cb_ctx ) );
+ memset(cur, 0, sizeof(mbedtls_asn1_sequence));
+ return mbedtls_asn1_traverse_sequence_of(
+ p, end, 0xFF, tag, 0, 0,
+ asn1_get_sequence_of_cb, &cb_ctx);
}
-int mbedtls_asn1_get_alg( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params )
+int mbedtls_asn1_get_alg(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return ret;
+ }
- if( ( end - *p ) < 1 )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+ if ((end - *p) < 1) {
+ return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+ }
alg->tag = **p;
end = *p + len;
- if( ( ret = mbedtls_asn1_get_tag( p, end, &alg->len, MBEDTLS_ASN1_OID ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &alg->len, MBEDTLS_ASN1_OID)) != 0) {
+ return ret;
+ }
alg->p = *p;
*p += alg->len;
- if( *p == end )
- {
- mbedtls_platform_zeroize( params, sizeof(mbedtls_asn1_buf) );
- return( 0 );
+ if (*p == end) {
+ mbedtls_platform_zeroize(params, sizeof(mbedtls_asn1_buf));
+ return 0;
}
params->tag = **p;
(*p)++;
- if( ( ret = mbedtls_asn1_get_len( p, end, ¶ms->len ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_asn1_get_len(p, end, ¶ms->len)) != 0) {
+ return ret;
+ }
params->p = *p;
*p += params->len;
- if( *p != end )
- return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ if (*p != end) {
+ return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+ }
- return( 0 );
+ return 0;
}
-int mbedtls_asn1_get_alg_null( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_buf *alg )
+int mbedtls_asn1_get_alg_null(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_asn1_buf *alg)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_asn1_buf params;
- memset( ¶ms, 0, sizeof(mbedtls_asn1_buf) );
+ memset(¶ms, 0, sizeof(mbedtls_asn1_buf));
- if( ( ret = mbedtls_asn1_get_alg( p, end, alg, ¶ms ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_asn1_get_alg(p, end, alg, ¶ms)) != 0) {
+ return ret;
+ }
- if( ( params.tag != MBEDTLS_ASN1_NULL && params.tag != 0 ) || params.len != 0 )
- return( MBEDTLS_ERR_ASN1_INVALID_DATA );
+ if ((params.tag != MBEDTLS_ASN1_NULL && params.tag != 0) || params.len != 0) {
+ return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ }
- return( 0 );
+ return 0;
}
-void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur )
+void mbedtls_asn1_free_named_data(mbedtls_asn1_named_data *cur)
{
- if( cur == NULL )
+ if (cur == NULL) {
return;
+ }
- mbedtls_free( cur->oid.p );
- mbedtls_free( cur->val.p );
+ mbedtls_free(cur->oid.p);
+ mbedtls_free(cur->val.p);
- mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
+ mbedtls_platform_zeroize(cur, sizeof(mbedtls_asn1_named_data));
}
-void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
+void mbedtls_asn1_free_named_data_list(mbedtls_asn1_named_data **head)
{
mbedtls_asn1_named_data *cur;
- while( ( cur = *head ) != NULL )
- {
+ while ((cur = *head) != NULL) {
*head = cur->next;
- mbedtls_asn1_free_named_data( cur );
- mbedtls_free( cur );
+ mbedtls_asn1_free_named_data(cur);
+ mbedtls_free(cur);
}
}
-mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
- const char *oid, size_t len )
+mbedtls_asn1_named_data *mbedtls_asn1_find_named_data(mbedtls_asn1_named_data *list,
+ const char *oid, size_t len)
{
- while( list != NULL )
- {
- if( list->oid.len == len &&
- memcmp( list->oid.p, oid, len ) == 0 )
- {
+ while (list != NULL) {
+ if (list->oid.len == len &&
+ memcmp(list->oid.p, oid, len) == 0) {
break;
}
list = list->next;
}
- return( list );
+ return list;
}
#endif /* MBEDTLS_ASN1_PARSE_C */
diff --git a/library/asn1write.c b/library/asn1write.c
index 4b59927..0b487dc 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -28,452 +28,454 @@
#include "mbedtls/platform.h"
-int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len )
+int mbedtls_asn1_write_len(unsigned char **p, unsigned char *start, size_t len)
{
- if( len < 0x80 )
- {
- if( *p - start < 1 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (len < 0x80) {
+ if (*p - start < 1) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
*--(*p) = (unsigned char) len;
- return( 1 );
+ return 1;
}
- if( len <= 0xFF )
- {
- if( *p - start < 2 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (len <= 0xFF) {
+ if (*p - start < 2) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
*--(*p) = (unsigned char) len;
*--(*p) = 0x81;
- return( 2 );
+ return 2;
}
- if( len <= 0xFFFF )
- {
- if( *p - start < 3 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (len <= 0xFFFF) {
+ if (*p - start < 3) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
- *--(*p) = MBEDTLS_BYTE_0( len );
- *--(*p) = MBEDTLS_BYTE_1( len );
+ *--(*p) = MBEDTLS_BYTE_0(len);
+ *--(*p) = MBEDTLS_BYTE_1(len);
*--(*p) = 0x82;
- return( 3 );
+ return 3;
}
- if( len <= 0xFFFFFF )
- {
- if( *p - start < 4 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (len <= 0xFFFFFF) {
+ if (*p - start < 4) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
- *--(*p) = MBEDTLS_BYTE_0( len );
- *--(*p) = MBEDTLS_BYTE_1( len );
- *--(*p) = MBEDTLS_BYTE_2( len );
+ *--(*p) = MBEDTLS_BYTE_0(len);
+ *--(*p) = MBEDTLS_BYTE_1(len);
+ *--(*p) = MBEDTLS_BYTE_2(len);
*--(*p) = 0x83;
- return( 4 );
+ return 4;
}
int len_is_valid = 1;
#if SIZE_MAX > 0xFFFFFFFF
- len_is_valid = ( len <= 0xFFFFFFFF );
+ len_is_valid = (len <= 0xFFFFFFFF);
#endif
- if( len_is_valid )
- {
- if( *p - start < 5 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (len_is_valid) {
+ if (*p - start < 5) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
- *--(*p) = MBEDTLS_BYTE_0( len );
- *--(*p) = MBEDTLS_BYTE_1( len );
- *--(*p) = MBEDTLS_BYTE_2( len );
- *--(*p) = MBEDTLS_BYTE_3( len );
+ *--(*p) = MBEDTLS_BYTE_0(len);
+ *--(*p) = MBEDTLS_BYTE_1(len);
+ *--(*p) = MBEDTLS_BYTE_2(len);
+ *--(*p) = MBEDTLS_BYTE_3(len);
*--(*p) = 0x84;
- return( 5 );
+ return 5;
}
- return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+ return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
-int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag )
+int mbedtls_asn1_write_tag(unsigned char **p, unsigned char *start, unsigned char tag)
{
- if( *p - start < 1 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (*p - start < 1) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
*--(*p) = tag;
- return( 1 );
+ return 1;
}
-int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
- const unsigned char *buf, size_t size )
+int mbedtls_asn1_write_raw_buffer(unsigned char **p, unsigned char *start,
+ const unsigned char *buf, size_t size)
{
size_t len = 0;
- if( *p < start || (size_t)( *p - start ) < size )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (*p < start || (size_t) (*p - start) < size) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
len = size;
(*p) -= len;
- memcpy( *p, buf, len );
+ memcpy(*p, buf, len);
- return( (int) len );
+ return (int) len;
}
#if defined(MBEDTLS_BIGNUM_C)
-int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X )
+int mbedtls_asn1_write_mpi(unsigned char **p, unsigned char *start, const mbedtls_mpi *X)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
// Write the MPI
//
- len = mbedtls_mpi_size( X );
+ len = mbedtls_mpi_size(X);
/* DER represents 0 with a sign bit (0=nonnegative) and 7 value bits, not
* as 0 digits. We need to end up with 020100, not with 0200. */
- if( len == 0 )
+ if (len == 0) {
len = 1;
+ }
- if( *p < start || (size_t)( *p - start ) < len )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (*p < start || (size_t) (*p - start) < len) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
(*p) -= len;
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( X, *p, len ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(X, *p, len));
// DER format assumes 2s complement for numbers, so the leftmost bit
// should be 0 for positive numbers and 1 for negative numbers.
//
- if( X->s ==1 && **p & 0x80 )
- {
- if( *p - start < 1 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (X->s == 1 && **p & 0x80) {
+ if (*p - start < 1) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
*--(*p) = 0x00;
len += 1;
}
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_INTEGER));
ret = (int) len;
cleanup:
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_BIGNUM_C */
-int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start )
+int mbedtls_asn1_write_null(unsigned char **p, unsigned char *start)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
// Write NULL
//
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, 0) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_NULL ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, 0));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_NULL));
- return( (int) len );
+ return (int) len;
}
-int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
- const char *oid, size_t oid_len )
+int mbedtls_asn1_write_oid(unsigned char **p, unsigned char *start,
+ const char *oid, size_t oid_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
- (const unsigned char *) oid, oid_len ) );
- MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OID ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
+ (const unsigned char *) oid, oid_len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID));
- return( (int) len );
+ return (int) len;
}
-int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
- const char *oid, size_t oid_len,
- size_t par_len )
+int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, unsigned char *start,
+ const char *oid, size_t oid_len,
+ size_t par_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- if( par_len == 0 )
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_null( p, start ) );
- else
+ if (par_len == 0) {
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_null(p, start));
+ } else {
len += par_len;
+ }
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
- return( (int) len );
+ return (int) len;
}
-int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean )
+int mbedtls_asn1_write_bool(unsigned char **p, unsigned char *start, int boolean)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- if( *p - start < 1 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (*p - start < 1) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
*--(*p) = (boolean) ? 255 : 0;
len++;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BOOLEAN ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BOOLEAN));
- return( (int) len );
+ return (int) len;
}
-static int asn1_write_tagged_int( unsigned char **p, unsigned char *start, int val, int tag )
+static int asn1_write_tagged_int(unsigned char **p, unsigned char *start, int val, int tag)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- do
- {
- if( *p - start < 1 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ do {
+ if (*p - start < 1) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
len += 1;
*--(*p) = val & 0xff;
val >>= 8;
- }
- while( val > 0 );
+ } while (val > 0);
- if( **p & 0x80 )
- {
- if( *p - start < 1 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (**p & 0x80) {
+ if (*p - start < 1) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
*--(*p) = 0x00;
len += 1;
}
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, tag ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
- return( (int) len );
+ return (int) len;
}
-int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val )
+int mbedtls_asn1_write_int(unsigned char **p, unsigned char *start, int val)
{
- return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_INTEGER ) );
+ return asn1_write_tagged_int(p, start, val, MBEDTLS_ASN1_INTEGER);
}
-int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val )
+int mbedtls_asn1_write_enum(unsigned char **p, unsigned char *start, int val)
{
- return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_ENUMERATED ) );
+ return asn1_write_tagged_int(p, start, val, MBEDTLS_ASN1_ENUMERATED);
}
-int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, int tag,
- const char *text, size_t text_len )
+int mbedtls_asn1_write_tagged_string(unsigned char **p, unsigned char *start, int tag,
+ const char *text, size_t text_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
- (const unsigned char *) text, text_len ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
+ (const unsigned char *) text,
+ text_len));
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, tag ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
- return( (int) len );
+ return (int) len;
}
-int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start,
- const char *text, size_t text_len )
+int mbedtls_asn1_write_utf8_string(unsigned char **p, unsigned char *start,
+ const char *text, size_t text_len)
{
- return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len) );
+ return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len);
}
-int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start,
- const char *text, size_t text_len )
+int mbedtls_asn1_write_printable_string(unsigned char **p, unsigned char *start,
+ const char *text, size_t text_len)
{
- return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text, text_len) );
+ return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text,
+ text_len);
}
-int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
- const char *text, size_t text_len )
+int mbedtls_asn1_write_ia5_string(unsigned char **p, unsigned char *start,
+ const char *text, size_t text_len)
{
- return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len) );
+ return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len);
}
-int mbedtls_asn1_write_named_bitstring( unsigned char **p,
- unsigned char *start,
- const unsigned char *buf,
- size_t bits )
+int mbedtls_asn1_write_named_bitstring(unsigned char **p,
+ unsigned char *start,
+ const unsigned char *buf,
+ size_t bits)
{
size_t unused_bits, byte_len;
const unsigned char *cur_byte;
unsigned char cur_byte_shifted;
unsigned char bit;
- byte_len = ( bits + 7 ) / 8;
- unused_bits = ( byte_len * 8 ) - bits;
+ byte_len = (bits + 7) / 8;
+ unused_bits = (byte_len * 8) - bits;
/*
* Named bitstrings require that trailing 0s are excluded in the encoding
* of the bitstring. Trailing 0s are considered part of the 'unused' bits
* when encoding this value in the first content octet
*/
- if( bits != 0 )
- {
+ if (bits != 0) {
cur_byte = buf + byte_len - 1;
cur_byte_shifted = *cur_byte >> unused_bits;
- for( ; ; )
- {
+ for (;;) {
bit = cur_byte_shifted & 0x1;
cur_byte_shifted >>= 1;
- if( bit != 0 )
+ if (bit != 0) {
break;
+ }
bits--;
- if( bits == 0 )
+ if (bits == 0) {
break;
+ }
- if( bits % 8 == 0 )
+ if (bits % 8 == 0) {
cur_byte_shifted = *--cur_byte;
+ }
}
}
- return( mbedtls_asn1_write_bitstring( p, start, buf, bits ) );
+ return mbedtls_asn1_write_bitstring(p, start, buf, bits);
}
-int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
- const unsigned char *buf, size_t bits )
+int mbedtls_asn1_write_bitstring(unsigned char **p, unsigned char *start,
+ const unsigned char *buf, size_t bits)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
size_t unused_bits, byte_len;
- byte_len = ( bits + 7 ) / 8;
- unused_bits = ( byte_len * 8 ) - bits;
+ byte_len = (bits + 7) / 8;
+ unused_bits = (byte_len * 8) - bits;
- if( *p < start || (size_t)( *p - start ) < byte_len + 1 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (*p < start || (size_t) (*p - start) < byte_len + 1) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
len = byte_len + 1;
/* Write the bitstring. Ensure the unused bits are zeroed */
- if( byte_len > 0 )
- {
+ if (byte_len > 0) {
byte_len--;
- *--( *p ) = buf[byte_len] & ~( ( 0x1 << unused_bits ) - 1 );
- ( *p ) -= byte_len;
- memcpy( *p, buf, byte_len );
+ *--(*p) = buf[byte_len] & ~((0x1 << unused_bits) - 1);
+ (*p) -= byte_len;
+ memcpy(*p, buf, byte_len);
}
/* Write unused bits */
- *--( *p ) = (unsigned char)unused_bits;
+ *--(*p) = (unsigned char) unused_bits;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING));
- return( (int) len );
+ return (int) len;
}
-int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
- const unsigned char *buf, size_t size )
+int mbedtls_asn1_write_octet_string(unsigned char **p, unsigned char *start,
+ const unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, buf, size ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, buf, size));
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OCTET_STRING ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING));
- return( (int) len );
+ return (int) len;
}
/* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(),
* which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */
static mbedtls_asn1_named_data *asn1_find_named_data(
- mbedtls_asn1_named_data *list,
- const char *oid, size_t len )
+ mbedtls_asn1_named_data *list,
+ const char *oid, size_t len)
{
- while( list != NULL )
- {
- if( list->oid.len == len &&
- memcmp( list->oid.p, oid, len ) == 0 )
- {
+ while (list != NULL) {
+ if (list->oid.len == len &&
+ memcmp(list->oid.p, oid, len) == 0) {
break;
}
list = list->next;
}
- return( list );
+ return list;
}
mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
- mbedtls_asn1_named_data **head,
- const char *oid, size_t oid_len,
- const unsigned char *val,
- size_t val_len )
+ mbedtls_asn1_named_data **head,
+ const char *oid, size_t oid_len,
+ const unsigned char *val,
+ size_t val_len)
{
mbedtls_asn1_named_data *cur;
- if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
- {
+ if ((cur = asn1_find_named_data(*head, oid, oid_len)) == NULL) {
// Add new entry if not present yet based on OID
//
- cur = (mbedtls_asn1_named_data*)mbedtls_calloc( 1,
- sizeof(mbedtls_asn1_named_data) );
- if( cur == NULL )
- return( NULL );
-
- cur->oid.len = oid_len;
- cur->oid.p = mbedtls_calloc( 1, oid_len );
- if( cur->oid.p == NULL )
- {
- mbedtls_free( cur );
- return( NULL );
+ cur = (mbedtls_asn1_named_data *) mbedtls_calloc(1,
+ sizeof(mbedtls_asn1_named_data));
+ if (cur == NULL) {
+ return NULL;
}
- memcpy( cur->oid.p, oid, oid_len );
+ cur->oid.len = oid_len;
+ cur->oid.p = mbedtls_calloc(1, oid_len);
+ if (cur->oid.p == NULL) {
+ mbedtls_free(cur);
+ return NULL;
+ }
+
+ memcpy(cur->oid.p, oid, oid_len);
cur->val.len = val_len;
- if( val_len != 0 )
- {
- cur->val.p = mbedtls_calloc( 1, val_len );
- if( cur->val.p == NULL )
- {
- mbedtls_free( cur->oid.p );
- mbedtls_free( cur );
- return( NULL );
+ if (val_len != 0) {
+ cur->val.p = mbedtls_calloc(1, val_len);
+ if (cur->val.p == NULL) {
+ mbedtls_free(cur->oid.p);
+ mbedtls_free(cur);
+ return NULL;
}
}
cur->next = *head;
*head = cur;
- }
- else if( val_len == 0 )
- {
- mbedtls_free( cur->val.p );
+ } else if (val_len == 0) {
+ mbedtls_free(cur->val.p);
cur->val.p = NULL;
- }
- else if( cur->val.len != val_len )
- {
+ } else if (cur->val.len != val_len) {
/*
* Enlarge existing value buffer if needed
* Preserve old data until the allocation succeeded, to leave list in
* a consistent state in case allocation fails.
*/
- void *p = mbedtls_calloc( 1, val_len );
- if( p == NULL )
- return( NULL );
+ void *p = mbedtls_calloc(1, val_len);
+ if (p == NULL) {
+ return NULL;
+ }
- mbedtls_free( cur->val.p );
+ mbedtls_free(cur->val.p);
cur->val.p = p;
cur->val.len = val_len;
}
- if( val != NULL && val_len != 0 )
- memcpy( cur->val.p, val, val_len );
+ if (val != NULL && val_len != 0) {
+ memcpy(cur->val.p, val, val_len);
+ }
- return( cur );
+ return cur;
}
#endif /* MBEDTLS_ASN1_WRITE_C */
diff --git a/library/base64.c b/library/base64.c
index 9021a04..4170610 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -31,68 +31,65 @@
#include "mbedtls/platform.h"
#endif /* MBEDTLS_SELF_TEST */
-#define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
+#define BASE64_SIZE_T_MAX ((size_t) -1) /* SIZE_T_MAX is not standard */
/*
* Encode a buffer into base64 format
*/
-int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
- const unsigned char *src, size_t slen )
+int mbedtls_base64_encode(unsigned char *dst, size_t dlen, size_t *olen,
+ const unsigned char *src, size_t slen)
{
size_t i, n;
int C1, C2, C3;
unsigned char *p;
- if( slen == 0 )
- {
+ if (slen == 0) {
*olen = 0;
- return( 0 );
+ return 0;
}
- n = slen / 3 + ( slen % 3 != 0 );
+ n = slen / 3 + (slen % 3 != 0);
- if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 )
- {
+ if (n > (BASE64_SIZE_T_MAX - 1) / 4) {
*olen = BASE64_SIZE_T_MAX;
- return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+ return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
}
n *= 4;
- if( ( dlen < n + 1 ) || ( NULL == dst ) )
- {
+ if ((dlen < n + 1) || (NULL == dst)) {
*olen = n + 1;
- return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+ return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
}
- n = ( slen / 3 ) * 3;
+ n = (slen / 3) * 3;
- for( i = 0, p = dst; i < n; i += 3 )
- {
+ for (i = 0, p = dst; i < n; i += 3) {
C1 = *src++;
C2 = *src++;
C3 = *src++;
- *p++ = mbedtls_ct_base64_enc_char( ( C1 >> 2 ) & 0x3F );
- *p++ = mbedtls_ct_base64_enc_char( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) )
- & 0x3F );
- *p++ = mbedtls_ct_base64_enc_char( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) )
- & 0x3F );
- *p++ = mbedtls_ct_base64_enc_char( C3 & 0x3F );
+ *p++ = mbedtls_ct_base64_enc_char((C1 >> 2) & 0x3F);
+ *p++ = mbedtls_ct_base64_enc_char((((C1 & 3) << 4) + (C2 >> 4))
+ & 0x3F);
+ *p++ = mbedtls_ct_base64_enc_char((((C2 & 15) << 2) + (C3 >> 6))
+ & 0x3F);
+ *p++ = mbedtls_ct_base64_enc_char(C3 & 0x3F);
}
- if( i < slen )
- {
+ if (i < slen) {
C1 = *src++;
- C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
+ C2 = ((i + 1) < slen) ? *src++ : 0;
- *p++ = mbedtls_ct_base64_enc_char( ( C1 >> 2 ) & 0x3F );
- *p++ = mbedtls_ct_base64_enc_char( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) )
- & 0x3F );
+ *p++ = mbedtls_ct_base64_enc_char((C1 >> 2) & 0x3F);
+ *p++ = mbedtls_ct_base64_enc_char((((C1 & 3) << 4) + (C2 >> 4))
+ & 0x3F);
- if( ( i + 1 ) < slen )
- *p++ = mbedtls_ct_base64_enc_char( ( ( C2 & 15 ) << 2 ) & 0x3F );
- else *p++ = '=';
+ if ((i + 1) < slen) {
+ *p++ = mbedtls_ct_base64_enc_char(((C2 & 15) << 2) & 0x3F);
+ } else {
+ *p++ = '=';
+ }
*p++ = '=';
}
@@ -100,14 +97,14 @@
*olen = p - dst;
*p = 0;
- return( 0 );
+ return 0;
}
/*
* Decode a base64-formatted buffer
*/
-int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
- const unsigned char *src, size_t slen )
+int mbedtls_base64_decode(unsigned char *dst, size_t dlen, size_t *olen,
+ const unsigned char *src, size_t slen)
{
size_t i; /* index in source */
size_t n; /* number of digits or trailing = in source */
@@ -118,92 +115,97 @@
unsigned char *p;
/* First pass: check for validity and get output length */
- for( i = n = 0; i < slen; i++ )
- {
+ for (i = n = 0; i < slen; i++) {
/* Skip spaces before checking for EOL */
spaces_present = 0;
- while( i < slen && src[i] == ' ' )
- {
+ while (i < slen && src[i] == ' ') {
++i;
spaces_present = 1;
}
/* Spaces at end of buffer are OK */
- if( i == slen )
+ if (i == slen) {
break;
+ }
- if( ( slen - i ) >= 2 &&
- src[i] == '\r' && src[i + 1] == '\n' )
+ if ((slen - i) >= 2 &&
+ src[i] == '\r' && src[i + 1] == '\n') {
continue;
+ }
- if( src[i] == '\n' )
+ if (src[i] == '\n') {
continue;
+ }
/* Space inside a line is an error */
- if( spaces_present )
- return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-
- if( src[i] > 127 )
- return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-
- if( src[i] == '=' )
- {
- if( ++equals > 2 )
- return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
+ if (spaces_present) {
+ return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
}
- else
- {
- if( equals != 0 )
- return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
- if( mbedtls_ct_base64_dec_value( src[i] ) < 0 )
- return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
+
+ if (src[i] > 127) {
+ return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
+ }
+
+ if (src[i] == '=') {
+ if (++equals > 2) {
+ return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
+ }
+ } else {
+ if (equals != 0) {
+ return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
+ }
+ if (mbedtls_ct_base64_dec_value(src[i]) < 0) {
+ return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
+ }
}
n++;
}
- if( n == 0 )
- {
+ if (n == 0) {
*olen = 0;
- return( 0 );
+ return 0;
}
/* The following expression is to calculate the following formula without
* risk of integer overflow in n:
* n = ( ( n * 6 ) + 7 ) >> 3;
*/
- n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 );
+ n = (6 * (n >> 3)) + ((6 * (n & 0x7) + 7) >> 3);
n -= equals;
- if( dst == NULL || dlen < n )
- {
+ if (dst == NULL || dlen < n) {
*olen = n;
- return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+ return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
}
equals = 0;
- for( x = 0, p = dst; i > 0; i--, src++ )
- {
- if( *src == '\r' || *src == '\n' || *src == ' ' )
+ for (x = 0, p = dst; i > 0; i--, src++) {
+ if (*src == '\r' || *src == '\n' || *src == ' ') {
continue;
+ }
x = x << 6;
- if( *src == '=' )
+ if (*src == '=') {
++equals;
- else
- x |= mbedtls_ct_base64_dec_value( *src );
+ } else {
+ x |= mbedtls_ct_base64_dec_value(*src);
+ }
- if( ++accumulated_digits == 4 )
- {
+ if (++accumulated_digits == 4) {
accumulated_digits = 0;
- *p++ = MBEDTLS_BYTE_2( x );
- if( equals <= 1 ) *p++ = MBEDTLS_BYTE_1( x );
- if( equals <= 0 ) *p++ = MBEDTLS_BYTE_0( x );
+ *p++ = MBEDTLS_BYTE_2(x);
+ if (equals <= 1) {
+ *p++ = MBEDTLS_BYTE_1(x);
+ }
+ if (equals <= 0) {
+ *p++ = MBEDTLS_BYTE_0(x);
+ }
}
}
*olen = p - dst;
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SELF_TEST)
@@ -227,44 +229,47 @@
/*
* Checkup routine
*/
-int mbedtls_base64_self_test( int verbose )
+int mbedtls_base64_self_test(int verbose)
{
size_t len;
const unsigned char *src;
unsigned char buffer[128];
- if( verbose != 0 )
- mbedtls_printf( " Base64 encoding test: " );
+ if (verbose != 0) {
+ mbedtls_printf(" Base64 encoding test: ");
+ }
src = base64_test_dec;
- if( mbedtls_base64_encode( buffer, sizeof( buffer ), &len, src, 64 ) != 0 ||
- memcmp( base64_test_enc, buffer, 88 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (mbedtls_base64_encode(buffer, sizeof(buffer), &len, src, 64) != 0 ||
+ memcmp(base64_test_enc, buffer, 88) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
- return( 1 );
+ return 1;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n Base64 decoding test: " );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n Base64 decoding test: ");
+ }
src = base64_test_enc;
- if( mbedtls_base64_decode( buffer, sizeof( buffer ), &len, src, 88 ) != 0 ||
- memcmp( base64_test_dec, buffer, 64 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (mbedtls_base64_decode(buffer, sizeof(buffer), &len, src, 88) != 0 ||
+ memcmp(base64_test_dec, buffer, 64) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
- return( 1 );
+ return 1;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n\n");
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/bignum.c b/library/bignum.c
index 37193f5..6d62e9f 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -48,36 +48,36 @@
#include "mbedtls/platform.h"
-#define MPI_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA )
-#define MPI_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define MPI_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA)
+#define MPI_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
#define biL (ciL << 3) /* bits in limb */
#define biH (ciL << 2) /* half limb size */
-#define MPI_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
+#define MPI_SIZE_T_MAX ((size_t) -1) /* SIZE_T_MAX is not standard */
/*
* Convert between bits/chars and number of limbs
* Divide first in order to avoid potential overflows
*/
-#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) )
-#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
+#define BITS_TO_LIMBS(i) ((i) / biL + ((i) % biL != 0))
+#define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0))
/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n )
+static void mbedtls_mpi_zeroize(mbedtls_mpi_uint *v, size_t n)
{
- mbedtls_platform_zeroize( v, ciL * n );
+ mbedtls_platform_zeroize(v, ciL * n);
}
/*
* Initialize one MPI
*/
-void mbedtls_mpi_init( mbedtls_mpi *X )
+void mbedtls_mpi_init(mbedtls_mpi *X)
{
- MPI_VALIDATE( X != NULL );
+ MPI_VALIDATE(X != NULL);
X->s = 1;
X->n = 0;
@@ -87,15 +87,15 @@
/*
* Unallocate one MPI
*/
-void mbedtls_mpi_free( mbedtls_mpi *X )
+void mbedtls_mpi_free(mbedtls_mpi *X)
{
- if( X == NULL )
+ if (X == NULL) {
return;
+ }
- if( X->p != NULL )
- {
- mbedtls_mpi_zeroize( X->p, X->n );
- mbedtls_free( X->p );
+ if (X->p != NULL) {
+ mbedtls_mpi_zeroize(X->p, X->n);
+ mbedtls_free(X->p);
}
X->s = 1;
@@ -106,93 +106,93 @@
/*
* Enlarge to the specified number of limbs
*/
-int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs )
+int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs)
{
mbedtls_mpi_uint *p;
- MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET(X != NULL);
- if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
- return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+ if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) {
+ return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+ }
- if( X->n < nblimbs )
- {
- if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( nblimbs, ciL ) ) == NULL )
- return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+ if (X->n < nblimbs) {
+ if ((p = (mbedtls_mpi_uint *) mbedtls_calloc(nblimbs, ciL)) == NULL) {
+ return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+ }
- if( X->p != NULL )
- {
- memcpy( p, X->p, X->n * ciL );
- mbedtls_mpi_zeroize( X->p, X->n );
- mbedtls_free( X->p );
+ if (X->p != NULL) {
+ memcpy(p, X->p, X->n * ciL);
+ mbedtls_mpi_zeroize(X->p, X->n);
+ mbedtls_free(X->p);
}
X->n = nblimbs;
X->p = p;
}
- return( 0 );
+ return 0;
}
/*
* Resize down as much as possible,
* while keeping at least the specified number of limbs
*/
-int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs )
+int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs)
{
mbedtls_mpi_uint *p;
size_t i;
- MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET(X != NULL);
- if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
- return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+ if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) {
+ return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+ }
/* Actually resize up if there are currently fewer than nblimbs limbs. */
- if( X->n <= nblimbs )
- return( mbedtls_mpi_grow( X, nblimbs ) );
+ if (X->n <= nblimbs) {
+ return mbedtls_mpi_grow(X, nblimbs);
+ }
/* After this point, then X->n > nblimbs and in particular X->n > 0. */
- for( i = X->n - 1; i > 0; i-- )
- if( X->p[i] != 0 )
+ for (i = X->n - 1; i > 0; i--) {
+ if (X->p[i] != 0) {
break;
+ }
+ }
i++;
- if( i < nblimbs )
+ if (i < nblimbs) {
i = nblimbs;
+ }
- if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( i, ciL ) ) == NULL )
- return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+ if ((p = (mbedtls_mpi_uint *) mbedtls_calloc(i, ciL)) == NULL) {
+ return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+ }
- if( X->p != NULL )
- {
- memcpy( p, X->p, i * ciL );
- mbedtls_mpi_zeroize( X->p, X->n );
- mbedtls_free( X->p );
+ if (X->p != NULL) {
+ memcpy(p, X->p, i * ciL);
+ mbedtls_mpi_zeroize(X->p, X->n);
+ mbedtls_free(X->p);
}
X->n = i;
X->p = p;
- return( 0 );
+ return 0;
}
/* Resize X to have exactly n limbs and set it to 0. */
-static int mbedtls_mpi_resize_clear( mbedtls_mpi *X, size_t limbs )
+static int mbedtls_mpi_resize_clear(mbedtls_mpi *X, size_t limbs)
{
- if( limbs == 0 )
- {
- mbedtls_mpi_free( X );
- return( 0 );
- }
- else if( X->n == limbs )
- {
- memset( X->p, 0, limbs * ciL );
+ if (limbs == 0) {
+ mbedtls_mpi_free(X);
+ return 0;
+ } else if (X->n == limbs) {
+ memset(X->p, 0, limbs * ciL);
X->s = 1;
- return( 0 );
- }
- else
- {
- mbedtls_mpi_free( X );
- return( mbedtls_mpi_grow( X, limbs ) );
+ return 0;
+ } else {
+ mbedtls_mpi_free(X);
+ return mbedtls_mpi_grow(X, limbs);
}
}
@@ -205,166 +205,171 @@
* but some code in the bignum module relies on this property, for example
* in mbedtls_mpi_exp_mod().
*/
-int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
+int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y)
{
int ret = 0;
size_t i;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( Y != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(Y != NULL);
- if( X == Y )
- return( 0 );
-
- if( Y->n == 0 )
- {
- if( X->n != 0 )
- {
- X->s = 1;
- memset( X->p, 0, X->n * ciL );
- }
- return( 0 );
+ if (X == Y) {
+ return 0;
}
- for( i = Y->n - 1; i > 0; i-- )
- if( Y->p[i] != 0 )
+ if (Y->n == 0) {
+ if (X->n != 0) {
+ X->s = 1;
+ memset(X->p, 0, X->n * ciL);
+ }
+ return 0;
+ }
+
+ for (i = Y->n - 1; i > 0; i--) {
+ if (Y->p[i] != 0) {
break;
+ }
+ }
i++;
X->s = Y->s;
- if( X->n < i )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) );
- }
- else
- {
- memset( X->p + i, 0, ( X->n - i ) * ciL );
+ if (X->n < i) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i));
+ } else {
+ memset(X->p + i, 0, (X->n - i) * ciL);
}
- memcpy( X->p, Y->p, i * ciL );
+ memcpy(X->p, Y->p, i * ciL);
cleanup:
- return( ret );
+ return ret;
}
/*
* Swap the contents of X and Y
*/
-void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
+void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y)
{
mbedtls_mpi T;
- MPI_VALIDATE( X != NULL );
- MPI_VALIDATE( Y != NULL );
+ MPI_VALIDATE(X != NULL);
+ MPI_VALIDATE(Y != NULL);
- memcpy( &T, X, sizeof( mbedtls_mpi ) );
- memcpy( X, Y, sizeof( mbedtls_mpi ) );
- memcpy( Y, &T, sizeof( mbedtls_mpi ) );
+ memcpy(&T, X, sizeof(mbedtls_mpi));
+ memcpy(X, Y, sizeof(mbedtls_mpi));
+ memcpy(Y, &T, sizeof(mbedtls_mpi));
}
-static inline mbedtls_mpi_uint mpi_sint_abs( mbedtls_mpi_sint z )
+static inline mbedtls_mpi_uint mpi_sint_abs(mbedtls_mpi_sint z)
{
- if( z >= 0 )
- return( z );
+ if (z >= 0) {
+ return z;
+ }
/* Take care to handle the most negative value (-2^(biL-1)) correctly.
* A naive -z would have undefined behavior.
* Write this in a way that makes popular compilers happy (GCC, Clang,
* MSVC). */
- return( (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z );
+ return (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z;
}
/*
* Set value from integer
*/
-int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z )
+int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET(X != NULL);
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) );
- memset( X->p, 0, X->n * ciL );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, 1));
+ memset(X->p, 0, X->n * ciL);
- X->p[0] = mpi_sint_abs( z );
- X->s = ( z < 0 ) ? -1 : 1;
+ X->p[0] = mpi_sint_abs(z);
+ X->s = (z < 0) ? -1 : 1;
cleanup:
- return( ret );
+ return ret;
}
/*
* Get a specific bit
*/
-int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos )
+int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos)
{
- MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET(X != NULL);
- if( X->n * biL <= pos )
- return( 0 );
+ if (X->n * biL <= pos) {
+ return 0;
+ }
- return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 );
+ return (X->p[pos / biL] >> (pos % biL)) & 0x01;
}
/* Get a specific byte, without range checks. */
-#define GET_BYTE( X, i ) \
- ( ( ( X )->p[( i ) / ciL] >> ( ( ( i ) % ciL ) * 8 ) ) & 0xff )
+#define GET_BYTE(X, i) \
+ (((X)->p[(i) / ciL] >> (((i) % ciL) * 8)) & 0xff)
/*
* Set a bit to a specific value of 0 or 1
*/
-int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val )
+int mbedtls_mpi_set_bit(mbedtls_mpi *X, size_t pos, unsigned char val)
{
int ret = 0;
size_t off = pos / biL;
size_t idx = pos % biL;
- MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET(X != NULL);
- if( val != 0 && val != 1 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
- if( X->n * biL <= pos )
- {
- if( val == 0 )
- return( 0 );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, off + 1 ) );
+ if (val != 0 && val != 1) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
- X->p[off] &= ~( (mbedtls_mpi_uint) 0x01 << idx );
+ if (X->n * biL <= pos) {
+ if (val == 0) {
+ return 0;
+ }
+
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, off + 1));
+ }
+
+ X->p[off] &= ~((mbedtls_mpi_uint) 0x01 << idx);
X->p[off] |= (mbedtls_mpi_uint) val << idx;
cleanup:
- return( ret );
+ return ret;
}
/*
* Return the number of less significant zero-bits
*/
-size_t mbedtls_mpi_lsb( const mbedtls_mpi *X )
+size_t mbedtls_mpi_lsb(const mbedtls_mpi *X)
{
size_t i, j, count = 0;
- MBEDTLS_INTERNAL_VALIDATE_RET( X != NULL, 0 );
+ MBEDTLS_INTERNAL_VALIDATE_RET(X != NULL, 0);
- for( i = 0; i < X->n; i++ )
- for( j = 0; j < biL; j++, count++ )
- if( ( ( X->p[i] >> j ) & 1 ) != 0 )
- return( count );
+ for (i = 0; i < X->n; i++) {
+ for (j = 0; j < biL; j++, count++) {
+ if (((X->p[i] >> j) & 1) != 0) {
+ return count;
+ }
+ }
+ }
- return( 0 );
+ return 0;
}
/*
* Count leading zero bits in a given integer
*/
-static size_t mbedtls_clz( const mbedtls_mpi_uint x )
+static size_t mbedtls_clz(const mbedtls_mpi_uint x)
{
size_t j;
mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1);
- for( j = 0; j < biL; j++ )
- {
- if( x & mask ) break;
+ for (j = 0; j < biL; j++) {
+ if (x & mask) {
+ break;
+ }
mask >>= 1;
}
@@ -375,231 +380,236 @@
/*
* Return the number of bits
*/
-size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X )
+size_t mbedtls_mpi_bitlen(const mbedtls_mpi *X)
{
size_t i, j;
- if( X->n == 0 )
- return( 0 );
+ if (X->n == 0) {
+ return 0;
+ }
- for( i = X->n - 1; i > 0; i-- )
- if( X->p[i] != 0 )
+ for (i = X->n - 1; i > 0; i--) {
+ if (X->p[i] != 0) {
break;
+ }
+ }
- j = biL - mbedtls_clz( X->p[i] );
+ j = biL - mbedtls_clz(X->p[i]);
- return( ( i * biL ) + j );
+ return (i * biL) + j;
}
/*
* Return the total size in bytes
*/
-size_t mbedtls_mpi_size( const mbedtls_mpi *X )
+size_t mbedtls_mpi_size(const mbedtls_mpi *X)
{
- return( ( mbedtls_mpi_bitlen( X ) + 7 ) >> 3 );
+ return (mbedtls_mpi_bitlen(X) + 7) >> 3;
}
/*
* Convert an ASCII character to digit value
*/
-static int mpi_get_digit( mbedtls_mpi_uint *d, int radix, char c )
+static int mpi_get_digit(mbedtls_mpi_uint *d, int radix, char c)
{
*d = 255;
- if( c >= 0x30 && c <= 0x39 ) *d = c - 0x30;
- if( c >= 0x41 && c <= 0x46 ) *d = c - 0x37;
- if( c >= 0x61 && c <= 0x66 ) *d = c - 0x57;
+ if (c >= 0x30 && c <= 0x39) {
+ *d = c - 0x30;
+ }
+ if (c >= 0x41 && c <= 0x46) {
+ *d = c - 0x37;
+ }
+ if (c >= 0x61 && c <= 0x66) {
+ *d = c - 0x57;
+ }
- if( *d >= (mbedtls_mpi_uint) radix )
- return( MBEDTLS_ERR_MPI_INVALID_CHARACTER );
+ if (*d >= (mbedtls_mpi_uint) radix) {
+ return MBEDTLS_ERR_MPI_INVALID_CHARACTER;
+ }
- return( 0 );
+ return 0;
}
/*
* Import from an ASCII string
*/
-int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
+int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, j, slen, n;
int sign = 1;
mbedtls_mpi_uint d;
mbedtls_mpi T;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( s != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(s != NULL);
- if( radix < 2 || radix > 16 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
- mbedtls_mpi_init( &T );
-
- if( s[0] == 0 )
- {
- mbedtls_mpi_free( X );
- return( 0 );
+ if (radix < 2 || radix > 16) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
- if( s[0] == '-' )
- {
+ mbedtls_mpi_init(&T);
+
+ if (s[0] == 0) {
+ mbedtls_mpi_free(X);
+ return 0;
+ }
+
+ if (s[0] == '-') {
++s;
sign = -1;
}
- slen = strlen( s );
+ slen = strlen(s);
- if( radix == 16 )
- {
- if( slen > MPI_SIZE_T_MAX >> 2 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
- n = BITS_TO_LIMBS( slen << 2 );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
-
- for( i = slen, j = 0; i > 0; i--, j++ )
- {
- MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) );
- X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 );
+ if (radix == 16) {
+ if (slen > MPI_SIZE_T_MAX >> 2) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
- for( i = 0; i < slen; i++ )
- {
- MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
+ n = BITS_TO_LIMBS(slen << 2);
+
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, n));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0));
+
+ for (i = slen, j = 0; i > 0; i--, j++) {
+ MBEDTLS_MPI_CHK(mpi_get_digit(&d, radix, s[i - 1]));
+ X->p[j / (2 * ciL)] |= d << ((j % (2 * ciL)) << 2);
+ }
+ } else {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0));
+
+ for (i = 0; i < slen; i++) {
+ MBEDTLS_MPI_CHK(mpi_get_digit(&d, radix, s[i]));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T, X, radix));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, &T, d));
}
}
- if( sign < 0 && mbedtls_mpi_bitlen( X ) != 0 )
+ if (sign < 0 && mbedtls_mpi_bitlen(X) != 0) {
X->s = -1;
+ }
cleanup:
- mbedtls_mpi_free( &T );
+ mbedtls_mpi_free(&T);
- return( ret );
+ return ret;
}
/*
* Helper to write the digits high-order first.
*/
-static int mpi_write_hlp( mbedtls_mpi *X, int radix,
- char **p, const size_t buflen )
+static int mpi_write_hlp(mbedtls_mpi *X, int radix,
+ char **p, const size_t buflen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi_uint r;
size_t length = 0;
char *p_end = *p + buflen;
- do
- {
- if( length >= buflen )
- {
- return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+ do {
+ if (length >= buflen) {
+ return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, radix));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_div_int(X, NULL, X, radix));
/*
* Write the residue in the current position, as an ASCII character.
*/
- if( r < 0xA )
- *(--p_end) = (char)( '0' + r );
- else
- *(--p_end) = (char)( 'A' + ( r - 0xA ) );
+ if (r < 0xA) {
+ *(--p_end) = (char) ('0' + r);
+ } else {
+ *(--p_end) = (char) ('A' + (r - 0xA));
+ }
length++;
- } while( mbedtls_mpi_cmp_int( X, 0 ) != 0 );
+ } while (mbedtls_mpi_cmp_int(X, 0) != 0);
- memmove( *p, p_end, length );
+ memmove(*p, p_end, length);
*p += length;
cleanup:
- return( ret );
+ return ret;
}
/*
* Export into an ASCII string
*/
-int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
- char *buf, size_t buflen, size_t *olen )
+int mbedtls_mpi_write_string(const mbedtls_mpi *X, int radix,
+ char *buf, size_t buflen, size_t *olen)
{
int ret = 0;
size_t n;
char *p;
mbedtls_mpi T;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( olen != NULL );
- MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(olen != NULL);
+ MPI_VALIDATE_RET(buflen == 0 || buf != NULL);
- if( radix < 2 || radix > 16 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ if (radix < 2 || radix > 16) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ }
- n = mbedtls_mpi_bitlen( X ); /* Number of bits necessary to present `n`. */
- if( radix >= 4 ) n >>= 1; /* Number of 4-adic digits necessary to present
+ n = mbedtls_mpi_bitlen(X); /* Number of bits necessary to present `n`. */
+ if (radix >= 4) {
+ n >>= 1; /* Number of 4-adic digits necessary to present
* `n`. If radix > 4, this might be a strict
* overapproximation of the number of
* radix-adic digits needed to present `n`. */
- if( radix >= 16 ) n >>= 1; /* Number of hexadecimal digits necessary to
+ }
+ if (radix >= 16) {
+ n >>= 1; /* Number of hexadecimal digits necessary to
* present `n`. */
+ }
n += 1; /* Terminating null byte */
n += 1; /* Compensate for the divisions above, which round down `n`
* in case it's not even. */
n += 1; /* Potential '-'-sign. */
- n += ( n & 1 ); /* Make n even to have enough space for hexadecimal writing,
+ n += (n & 1); /* Make n even to have enough space for hexadecimal writing,
* which always uses an even number of hex-digits. */
- if( buflen < n )
- {
+ if (buflen < n) {
*olen = n;
- return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+ return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL;
}
p = buf;
- mbedtls_mpi_init( &T );
+ mbedtls_mpi_init(&T);
- if( X->s == -1 )
- {
+ if (X->s == -1) {
*p++ = '-';
buflen--;
}
- if( radix == 16 )
- {
+ if (radix == 16) {
int c;
size_t i, j, k;
- for( i = X->n, k = 0; i > 0; i-- )
- {
- for( j = ciL; j > 0; j-- )
- {
- c = ( X->p[i - 1] >> ( ( j - 1 ) << 3) ) & 0xFF;
+ for (i = X->n, k = 0; i > 0; i--) {
+ for (j = ciL; j > 0; j--) {
+ c = (X->p[i - 1] >> ((j - 1) << 3)) & 0xFF;
- if( c == 0 && k == 0 && ( i + j ) != 2 )
+ if (c == 0 && k == 0 && (i + j) != 2) {
continue;
+ }
*(p++) = "0123456789ABCDEF" [c / 16];
*(p++) = "0123456789ABCDEF" [c % 16];
k = 1;
}
}
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T, X ) );
+ } else {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&T, X));
- if( T.s == -1 )
+ if (T.s == -1) {
T.s = 1;
+ }
- MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p, buflen ) );
+ MBEDTLS_MPI_CHK(mpi_write_hlp(&T, radix, &p, buflen));
}
*p++ = '\0';
@@ -607,16 +617,16 @@
cleanup:
- mbedtls_mpi_free( &T );
+ mbedtls_mpi_free(&T);
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_FS_IO)
/*
* Read X from an opened file
*/
-int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin )
+int mbedtls_mpi_read_file(mbedtls_mpi *X, int radix, FILE *fin)
{
mbedtls_mpi_uint d;
size_t slen;
@@ -625,37 +635,46 @@
* Buffer should have space for (short) label and decimal formatted MPI,
* newline characters and '\0'
*/
- char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
+ char s[MBEDTLS_MPI_RW_BUFFER_SIZE];
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( fin != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(fin != NULL);
- if( radix < 2 || radix > 16 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ if (radix < 2 || radix > 16) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ }
- memset( s, 0, sizeof( s ) );
- if( fgets( s, sizeof( s ) - 1, fin ) == NULL )
- return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
+ memset(s, 0, sizeof(s));
+ if (fgets(s, sizeof(s) - 1, fin) == NULL) {
+ return MBEDTLS_ERR_MPI_FILE_IO_ERROR;
+ }
- slen = strlen( s );
- if( slen == sizeof( s ) - 2 )
- return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+ slen = strlen(s);
+ if (slen == sizeof(s) - 2) {
+ return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL;
+ }
- if( slen > 0 && s[slen - 1] == '\n' ) { slen--; s[slen] = '\0'; }
- if( slen > 0 && s[slen - 1] == '\r' ) { slen--; s[slen] = '\0'; }
+ if (slen > 0 && s[slen - 1] == '\n') {
+ slen--; s[slen] = '\0';
+ }
+ if (slen > 0 && s[slen - 1] == '\r') {
+ slen--; s[slen] = '\0';
+ }
p = s + slen;
- while( p-- > s )
- if( mpi_get_digit( &d, radix, *p ) != 0 )
+ while (p-- > s) {
+ if (mpi_get_digit(&d, radix, *p) != 0) {
break;
+ }
+ }
- return( mbedtls_mpi_read_string( X, radix, p + 1 ) );
+ return mbedtls_mpi_read_string(X, radix, p + 1);
}
/*
* Write X into an opened file (or stdout if fout == NULL)
*/
-int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout )
+int mbedtls_mpi_write_file(const char *p, const mbedtls_mpi *X, int radix, FILE *fout)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n, slen, plen;
@@ -663,35 +682,38 @@
* Buffer should have space for (short) label and decimal formatted MPI,
* newline characters and '\0'
*/
- char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
- MPI_VALIDATE_RET( X != NULL );
+ char s[MBEDTLS_MPI_RW_BUFFER_SIZE];
+ MPI_VALIDATE_RET(X != NULL);
- if( radix < 2 || radix > 16 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ if (radix < 2 || radix > 16) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ }
- memset( s, 0, sizeof( s ) );
+ memset(s, 0, sizeof(s));
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_string( X, radix, s, sizeof( s ) - 2, &n ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_string(X, radix, s, sizeof(s) - 2, &n));
- if( p == NULL ) p = "";
+ if (p == NULL) {
+ p = "";
+ }
- plen = strlen( p );
- slen = strlen( s );
+ plen = strlen(p);
+ slen = strlen(s);
s[slen++] = '\r';
s[slen++] = '\n';
- if( fout != NULL )
- {
- if( fwrite( p, 1, plen, fout ) != plen ||
- fwrite( s, 1, slen, fout ) != slen )
- return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
+ if (fout != NULL) {
+ if (fwrite(p, 1, plen, fout) != plen ||
+ fwrite(s, 1, slen, fout) != slen) {
+ return MBEDTLS_ERR_MPI_FILE_IO_ERROR;
+ }
+ } else {
+ mbedtls_printf("%s%s", p, s);
}
- else
- mbedtls_printf( "%s%s", p, s );
cleanup:
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_FS_IO */
@@ -699,35 +721,34 @@
/* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint
* into the storage form used by mbedtls_mpi. */
-static mbedtls_mpi_uint mpi_uint_bigendian_to_host_c( mbedtls_mpi_uint x )
+static mbedtls_mpi_uint mpi_uint_bigendian_to_host_c(mbedtls_mpi_uint x)
{
uint8_t i;
unsigned char *x_ptr;
mbedtls_mpi_uint tmp = 0;
- for( i = 0, x_ptr = (unsigned char*) &x; i < ciL; i++, x_ptr++ )
- {
+ for (i = 0, x_ptr = (unsigned char *) &x; i < ciL; i++, x_ptr++) {
tmp <<= CHAR_BIT;
tmp |= (mbedtls_mpi_uint) *x_ptr;
}
- return( tmp );
+ return tmp;
}
-static mbedtls_mpi_uint mpi_uint_bigendian_to_host( mbedtls_mpi_uint x )
+static mbedtls_mpi_uint mpi_uint_bigendian_to_host(mbedtls_mpi_uint x)
{
#if defined(__BYTE_ORDER__)
/* Nothing to do on bigendian systems. */
-#if ( __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ )
- return( x );
+#if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)
+ return x;
#endif /* __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ */
-#if ( __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ )
+#if (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)
/* For GCC and Clang, have builtins for byte swapping. */
#if defined(__GNUC__) && defined(__GNUC_PREREQ)
-#if __GNUC_PREREQ(4,3)
+#if __GNUC_PREREQ(4, 3)
#define have_bswap
#endif
#endif
@@ -741,12 +762,11 @@
#if defined(have_bswap)
/* The compiler is hopefully able to statically evaluate this! */
- switch( sizeof(mbedtls_mpi_uint) )
- {
+ switch (sizeof(mbedtls_mpi_uint)) {
case 4:
- return( __builtin_bswap32(x) );
+ return __builtin_bswap32(x);
case 8:
- return( __builtin_bswap64(x) );
+ return __builtin_bswap64(x);
}
#endif
#endif /* __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ */
@@ -754,15 +774,16 @@
/* Fall back to C-based reordering if we don't know the byte order
* or we couldn't use a compiler-specific builtin. */
- return( mpi_uint_bigendian_to_host_c( x ) );
+ return mpi_uint_bigendian_to_host_c(x);
}
-static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs )
+static void mpi_bigendian_to_host(mbedtls_mpi_uint * const p, size_t limbs)
{
mbedtls_mpi_uint *cur_limb_left;
mbedtls_mpi_uint *cur_limb_right;
- if( limbs == 0 )
+ if (limbs == 0) {
return;
+ }
/*
* Traverse limbs and
@@ -773,15 +794,14 @@
* than the right index (it's not a problem if limbs is odd and the
* indices coincide in the last iteration).
*/
- for( cur_limb_left = p, cur_limb_right = p + ( limbs - 1 );
+ for (cur_limb_left = p, cur_limb_right = p + (limbs - 1);
cur_limb_left <= cur_limb_right;
- cur_limb_left++, cur_limb_right-- )
- {
+ cur_limb_left++, cur_limb_right--) {
mbedtls_mpi_uint tmp;
/* Note that if cur_limb_left == cur_limb_right,
* this code effectively swaps the bytes only once. */
- tmp = mpi_uint_bigendian_to_host( *cur_limb_left );
- *cur_limb_left = mpi_uint_bigendian_to_host( *cur_limb_right );
+ tmp = mpi_uint_bigendian_to_host(*cur_limb_left);
+ *cur_limb_left = mpi_uint_bigendian_to_host(*cur_limb_right);
*cur_limb_right = tmp;
}
}
@@ -789,18 +809,19 @@
/*
* Import X from unsigned binary data, little endian
*/
-int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
- const unsigned char *buf, size_t buflen )
+int mbedtls_mpi_read_binary_le(mbedtls_mpi *X,
+ const unsigned char *buf, size_t buflen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
- size_t const limbs = CHARS_TO_LIMBS( buflen );
+ size_t const limbs = CHARS_TO_LIMBS(buflen);
/* Ensure that target MPI has exactly the necessary number of limbs */
- MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs));
- for( i = 0; i < buflen; i++ )
+ for (i = 0; i < buflen; i++) {
X->p[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3);
+ }
cleanup:
@@ -809,33 +830,32 @@
* upon failure is not necessary because failure only can happen before any
* input is copied.
*/
- return( ret );
+ return ret;
}
/*
* Import X from unsigned binary data, big endian
*/
-int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen )
+int mbedtls_mpi_read_binary(mbedtls_mpi *X, const unsigned char *buf, size_t buflen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t const limbs = CHARS_TO_LIMBS( buflen );
- size_t const overhead = ( limbs * ciL ) - buflen;
+ size_t const limbs = CHARS_TO_LIMBS(buflen);
+ size_t const overhead = (limbs * ciL) - buflen;
unsigned char *Xp;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(buflen == 0 || buf != NULL);
/* Ensure that target MPI has exactly the necessary number of limbs */
- MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs));
/* Avoid calling `memcpy` with NULL source or destination argument,
* even if buflen is 0. */
- if( buflen != 0 )
- {
- Xp = (unsigned char*) X->p;
- memcpy( Xp + overhead, buf, buflen );
+ if (buflen != 0) {
+ Xp = (unsigned char *) X->p;
+ memcpy(Xp + overhead, buf, buflen);
- mpi_bigendian_to_host( X->p, limbs );
+ mpi_bigendian_to_host(X->p, limbs);
}
cleanup:
@@ -845,66 +865,62 @@
* upon failure is not necessary because failure only can happen before any
* input is copied.
*/
- return( ret );
+ return ret;
}
/*
* Export X into unsigned binary data, little endian
*/
-int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,
- unsigned char *buf, size_t buflen )
+int mbedtls_mpi_write_binary_le(const mbedtls_mpi *X,
+ unsigned char *buf, size_t buflen)
{
size_t stored_bytes = X->n * ciL;
size_t bytes_to_copy;
size_t i;
- if( stored_bytes < buflen )
- {
+ if (stored_bytes < buflen) {
bytes_to_copy = stored_bytes;
- }
- else
- {
+ } else {
bytes_to_copy = buflen;
/* The output buffer is smaller than the allocated size of X.
* However X may fit if its leading bytes are zero. */
- for( i = bytes_to_copy; i < stored_bytes; i++ )
- {
- if( GET_BYTE( X, i ) != 0 )
- return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+ for (i = bytes_to_copy; i < stored_bytes; i++) {
+ if (GET_BYTE(X, i) != 0) {
+ return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL;
+ }
}
}
- for( i = 0; i < bytes_to_copy; i++ )
- buf[i] = GET_BYTE( X, i );
-
- if( stored_bytes < buflen )
- {
- /* Write trailing 0 bytes */
- memset( buf + stored_bytes, 0, buflen - stored_bytes );
+ for (i = 0; i < bytes_to_copy; i++) {
+ buf[i] = GET_BYTE(X, i);
}
- return( 0 );
+ if (stored_bytes < buflen) {
+ /* Write trailing 0 bytes */
+ memset(buf + stored_bytes, 0, buflen - stored_bytes);
+ }
+
+ return 0;
}
/*
* Export X into unsigned binary data, big endian
*/
-int mbedtls_mpi_write_binary( const mbedtls_mpi *X,
- unsigned char *buf, size_t buflen )
+int mbedtls_mpi_write_binary(const mbedtls_mpi *X,
+ unsigned char *buf, size_t buflen)
{
size_t stored_bytes;
size_t bytes_to_copy;
unsigned char *p;
size_t i;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(buflen == 0 || buf != NULL);
stored_bytes = X->n * ciL;
- if( stored_bytes < buflen )
- {
+ if (stored_bytes < buflen) {
/* There is enough space in the output buffer. Write initial
* null bytes and record the position at which to start
* writing the significant bytes. In this case, the execution
@@ -912,66 +928,65 @@
* number. */
bytes_to_copy = stored_bytes;
p = buf + buflen - stored_bytes;
- memset( buf, 0, buflen - stored_bytes );
- }
- else
- {
+ memset(buf, 0, buflen - stored_bytes);
+ } else {
/* The output buffer is smaller than the allocated size of X.
* However X may fit if its leading bytes are zero. */
bytes_to_copy = buflen;
p = buf;
- for( i = bytes_to_copy; i < stored_bytes; i++ )
- {
- if( GET_BYTE( X, i ) != 0 )
- return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+ for (i = bytes_to_copy; i < stored_bytes; i++) {
+ if (GET_BYTE(X, i) != 0) {
+ return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL;
+ }
}
}
- for( i = 0; i < bytes_to_copy; i++ )
- p[bytes_to_copy - i - 1] = GET_BYTE( X, i );
+ for (i = 0; i < bytes_to_copy; i++) {
+ p[bytes_to_copy - i - 1] = GET_BYTE(X, i);
+ }
- return( 0 );
+ return 0;
}
/*
* Left-shift: X <<= count
*/
-int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count )
+int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, v0, t1;
mbedtls_mpi_uint r0 = 0, r1;
- MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET(X != NULL);
- v0 = count / (biL );
+ v0 = count / (biL);
t1 = count & (biL - 1);
- i = mbedtls_mpi_bitlen( X ) + count;
+ i = mbedtls_mpi_bitlen(X) + count;
- if( X->n * biL < i )
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, BITS_TO_LIMBS( i ) ) );
+ if (X->n * biL < i) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, BITS_TO_LIMBS(i)));
+ }
ret = 0;
/*
* shift by count / limb_size
*/
- if( v0 > 0 )
- {
- for( i = X->n; i > v0; i-- )
+ if (v0 > 0) {
+ for (i = X->n; i > v0; i--) {
X->p[i - 1] = X->p[i - v0 - 1];
+ }
- for( ; i > 0; i-- )
+ for (; i > 0; i--) {
X->p[i - 1] = 0;
+ }
}
/*
* shift by count % limb_size
*/
- if( t1 > 0 )
- {
- for( i = v0; i < X->n; i++ )
- {
+ if (t1 > 0) {
+ for (i = v0; i < X->n; i++) {
r1 = X->p[i] >> (biL - t1);
X->p[i] <<= t1;
X->p[i] |= r0;
@@ -981,43 +996,43 @@
cleanup:
- return( ret );
+ return ret;
}
/*
* Right-shift: X >>= count
*/
-int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count )
+int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count)
{
size_t i, v0, v1;
mbedtls_mpi_uint r0 = 0, r1;
- MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET(X != NULL);
v0 = count / biL;
v1 = count & (biL - 1);
- if( v0 > X->n || ( v0 == X->n && v1 > 0 ) )
- return mbedtls_mpi_lset( X, 0 );
+ if (v0 > X->n || (v0 == X->n && v1 > 0)) {
+ return mbedtls_mpi_lset(X, 0);
+ }
/*
* shift by count / limb_size
*/
- if( v0 > 0 )
- {
- for( i = 0; i < X->n - v0; i++ )
+ if (v0 > 0) {
+ for (i = 0; i < X->n - v0; i++) {
X->p[i] = X->p[i + v0];
+ }
- for( ; i < X->n; i++ )
+ for (; i < X->n; i++) {
X->p[i] = 0;
+ }
}
/*
* shift by count % limb_size
*/
- if( v1 > 0 )
- {
- for( i = X->n; i > 0; i-- )
- {
+ if (v1 > 0) {
+ for (i = X->n; i > 0; i--) {
r1 = X->p[i - 1] << (biL - v1);
X->p[i - 1] >>= v1;
X->p[i - 1] |= r0;
@@ -1025,155 +1040,183 @@
}
}
- return( 0 );
+ return 0;
}
/*
* Compare unsigned values
*/
-int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y )
+int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y)
{
size_t i, j;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( Y != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(Y != NULL);
- for( i = X->n; i > 0; i-- )
- if( X->p[i - 1] != 0 )
+ for (i = X->n; i > 0; i--) {
+ if (X->p[i - 1] != 0) {
break;
-
- for( j = Y->n; j > 0; j-- )
- if( Y->p[j - 1] != 0 )
- break;
-
- if( i == 0 && j == 0 )
- return( 0 );
-
- if( i > j ) return( 1 );
- if( j > i ) return( -1 );
-
- for( ; i > 0; i-- )
- {
- if( X->p[i - 1] > Y->p[i - 1] ) return( 1 );
- if( X->p[i - 1] < Y->p[i - 1] ) return( -1 );
+ }
}
- return( 0 );
+ for (j = Y->n; j > 0; j--) {
+ if (Y->p[j - 1] != 0) {
+ break;
+ }
+ }
+
+ if (i == 0 && j == 0) {
+ return 0;
+ }
+
+ if (i > j) {
+ return 1;
+ }
+ if (j > i) {
+ return -1;
+ }
+
+ for (; i > 0; i--) {
+ if (X->p[i - 1] > Y->p[i - 1]) {
+ return 1;
+ }
+ if (X->p[i - 1] < Y->p[i - 1]) {
+ return -1;
+ }
+ }
+
+ return 0;
}
/*
* Compare signed values
*/
-int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y )
+int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y)
{
size_t i, j;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( Y != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(Y != NULL);
- for( i = X->n; i > 0; i-- )
- if( X->p[i - 1] != 0 )
+ for (i = X->n; i > 0; i--) {
+ if (X->p[i - 1] != 0) {
break;
-
- for( j = Y->n; j > 0; j-- )
- if( Y->p[j - 1] != 0 )
- break;
-
- if( i == 0 && j == 0 )
- return( 0 );
-
- if( i > j ) return( X->s );
- if( j > i ) return( -Y->s );
-
- if( X->s > 0 && Y->s < 0 ) return( 1 );
- if( Y->s > 0 && X->s < 0 ) return( -1 );
-
- for( ; i > 0; i-- )
- {
- if( X->p[i - 1] > Y->p[i - 1] ) return( X->s );
- if( X->p[i - 1] < Y->p[i - 1] ) return( -X->s );
+ }
}
- return( 0 );
+ for (j = Y->n; j > 0; j--) {
+ if (Y->p[j - 1] != 0) {
+ break;
+ }
+ }
+
+ if (i == 0 && j == 0) {
+ return 0;
+ }
+
+ if (i > j) {
+ return X->s;
+ }
+ if (j > i) {
+ return -Y->s;
+ }
+
+ if (X->s > 0 && Y->s < 0) {
+ return 1;
+ }
+ if (Y->s > 0 && X->s < 0) {
+ return -1;
+ }
+
+ for (; i > 0; i--) {
+ if (X->p[i - 1] > Y->p[i - 1]) {
+ return X->s;
+ }
+ if (X->p[i - 1] < Y->p[i - 1]) {
+ return -X->s;
+ }
+ }
+
+ return 0;
}
/*
* Compare signed values
*/
-int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z )
+int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z)
{
mbedtls_mpi Y;
mbedtls_mpi_uint p[1];
- MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET(X != NULL);
- *p = mpi_sint_abs( z );
- Y.s = ( z < 0 ) ? -1 : 1;
+ *p = mpi_sint_abs(z);
+ Y.s = (z < 0) ? -1 : 1;
Y.n = 1;
Y.p = p;
- return( mbedtls_mpi_cmp_mpi( X, &Y ) );
+ return mbedtls_mpi_cmp_mpi(X, &Y);
}
/*
* Unsigned addition: X = |A| + |B| (HAC 14.7)
*/
-int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+int mbedtls_mpi_add_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, j;
mbedtls_mpi_uint *o, *p, c, tmp;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( A != NULL );
- MPI_VALIDATE_RET( B != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(A != NULL);
+ MPI_VALIDATE_RET(B != NULL);
- if( X == B )
- {
+ if (X == B) {
const mbedtls_mpi *T = A; A = X; B = T;
}
- if( X != A )
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
+ if (X != A) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A));
+ }
/*
* X should always be positive as a result of unsigned additions.
*/
X->s = 1;
- for( j = B->n; j > 0; j-- )
- if( B->p[j - 1] != 0 )
+ for (j = B->n; j > 0; j--) {
+ if (B->p[j - 1] != 0) {
break;
+ }
+ }
/* Exit early to avoid undefined behavior on NULL+0 when X->n == 0
* and B is 0 (of any size). */
- if( j == 0 )
- return( 0 );
+ if (j == 0) {
+ return 0;
+ }
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, j));
o = B->p; p = X->p; c = 0;
/*
* tmp is used because it might happen that p == o
*/
- for( i = 0; i < j; i++, o++, p++ )
- {
- tmp= *o;
- *p += c; c = ( *p < c );
- *p += tmp; c += ( *p < tmp );
+ for (i = 0; i < j; i++, o++, p++) {
+ tmp = *o;
+ *p += c; c = (*p < c);
+ *p += tmp; c += (*p < tmp);
}
- while( c != 0 )
- {
- if( i >= X->n )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + 1 ) );
+ while (c != 0) {
+ if (i >= X->n) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i + 1));
p = X->p + i;
}
- *p += c; c = ( *p < c ); i++; p++;
+ *p += c; c = (*p < c); i++; p++;
}
cleanup:
- return( ret );
+ return ret;
}
/**
@@ -1193,65 +1236,66 @@
* \return 1 if `l < r`.
* 0 if `l >= r`.
*/
-static mbedtls_mpi_uint mpi_sub_hlp( size_t n,
- mbedtls_mpi_uint *d,
- const mbedtls_mpi_uint *l,
- const mbedtls_mpi_uint *r )
+static mbedtls_mpi_uint mpi_sub_hlp(size_t n,
+ mbedtls_mpi_uint *d,
+ const mbedtls_mpi_uint *l,
+ const mbedtls_mpi_uint *r)
{
size_t i;
mbedtls_mpi_uint c = 0, t, z;
- for( i = 0; i < n; i++ )
- {
- z = ( l[i] < c ); t = l[i] - c;
- c = ( t < r[i] ) + z; d[i] = t - r[i];
+ for (i = 0; i < n; i++) {
+ z = (l[i] < c); t = l[i] - c;
+ c = (t < r[i]) + z; d[i] = t - r[i];
}
- return( c );
+ return c;
}
/*
* Unsigned subtraction: X = |A| - |B| (HAC 14.9, 14.10)
*/
-int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+int mbedtls_mpi_sub_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
mbedtls_mpi_uint carry;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( A != NULL );
- MPI_VALIDATE_RET( B != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(A != NULL);
+ MPI_VALIDATE_RET(B != NULL);
- for( n = B->n; n > 0; n-- )
- if( B->p[n - 1] != 0 )
+ for (n = B->n; n > 0; n--) {
+ if (B->p[n - 1] != 0) {
break;
- if( n > A->n )
- {
+ }
+ }
+ if (n > A->n) {
/* B >= (2^ciL)^n > A */
ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE;
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, A->n ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, A->n));
/* Set the high limbs of X to match A. Don't touch the lower limbs
* because X might be aliased to B, and we must not overwrite the
* significant digits of B. */
- if( A->n > n )
- memcpy( X->p + n, A->p + n, ( A->n - n ) * ciL );
- if( X->n > A->n )
- memset( X->p + A->n, 0, ( X->n - A->n ) * ciL );
+ if (A->n > n) {
+ memcpy(X->p + n, A->p + n, (A->n - n) * ciL);
+ }
+ if (X->n > A->n) {
+ memset(X->p + A->n, 0, (X->n - A->n) * ciL);
+ }
- carry = mpi_sub_hlp( n, X->p, A->p, B->p );
- if( carry != 0 )
- {
+ carry = mpi_sub_hlp(n, X->p, A->p, B->p);
+ if (carry != 0) {
/* Propagate the carry to the first nonzero limb of X. */
- for( ; n < X->n && X->p[n] == 0; n++ )
+ for (; n < X->n && X->p[n] == 0; n++) {
--X->p[n];
+ }
/* If we ran out of space for the carry, it means that the result
* is negative. */
- if( n == X->n )
- {
+ if (n == X->n) {
ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE;
goto cleanup;
}
@@ -1262,101 +1306,95 @@
X->s = 1;
cleanup:
- return( ret );
+ return ret;
}
/* Common function for signed addition and subtraction.
* Calculate A + B * flip_B where flip_B is 1 or -1.
*/
-static int add_sub_mpi( mbedtls_mpi *X,
- const mbedtls_mpi *A, const mbedtls_mpi *B,
- int flip_B )
+static int add_sub_mpi(mbedtls_mpi *X,
+ const mbedtls_mpi *A, const mbedtls_mpi *B,
+ int flip_B)
{
int ret, s;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( A != NULL );
- MPI_VALIDATE_RET( B != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(A != NULL);
+ MPI_VALIDATE_RET(B != NULL);
s = A->s;
- if( A->s * B->s * flip_B < 0 )
- {
- int cmp = mbedtls_mpi_cmp_abs( A, B );
- if( cmp >= 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
+ if (A->s * B->s * flip_B < 0) {
+ int cmp = mbedtls_mpi_cmp_abs(A, B);
+ if (cmp >= 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(X, A, B));
/* If |A| = |B|, the result is 0 and we must set the sign bit
* to +1 regardless of which of A or B was negative. Otherwise,
* since |A| > |B|, the sign is the sign of A. */
X->s = cmp == 0 ? 1 : s;
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
+ } else {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(X, B, A));
/* Since |A| < |B|, the sign is the opposite of A. */
X->s = -s;
}
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) );
+ } else {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(X, A, B));
X->s = s;
}
cleanup:
- return( ret );
+ return ret;
}
/*
* Signed addition: X = A + B
*/
-int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+int mbedtls_mpi_add_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
{
- return( add_sub_mpi( X, A, B, 1 ) );
+ return add_sub_mpi(X, A, B, 1);
}
/*
* Signed subtraction: X = A - B
*/
-int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+int mbedtls_mpi_sub_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
{
- return( add_sub_mpi( X, A, B, -1 ) );
+ return add_sub_mpi(X, A, B, -1);
}
/*
* Signed addition: X = A + b
*/
-int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b )
+int mbedtls_mpi_add_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b)
{
mbedtls_mpi B;
mbedtls_mpi_uint p[1];
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( A != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(A != NULL);
- p[0] = mpi_sint_abs( b );
- B.s = ( b < 0 ) ? -1 : 1;
+ p[0] = mpi_sint_abs(b);
+ B.s = (b < 0) ? -1 : 1;
B.n = 1;
B.p = p;
- return( mbedtls_mpi_add_mpi( X, A, &B ) );
+ return mbedtls_mpi_add_mpi(X, A, &B);
}
/*
* Signed subtraction: X = A - b
*/
-int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b )
+int mbedtls_mpi_sub_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b)
{
mbedtls_mpi B;
mbedtls_mpi_uint p[1];
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( A != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(A != NULL);
- p[0] = mpi_sint_abs( b );
- B.s = ( b < 0 ) ? -1 : 1;
+ p[0] = mpi_sint_abs(b);
+ B.s = (b < 0) ? -1 : 1;
B.n = 1;
B.p = p;
- return( mbedtls_mpi_sub_mpi( X, A, &B ) );
+ return mbedtls_mpi_sub_mpi(X, A, &B);
}
/** Helper for mbedtls_mpi multiplication.
@@ -1381,32 +1419,29 @@
* Apple LLVM version 4.2 (clang-425.0.24) (based on LLVM 3.2svn)
* appears to need this to prevent bad ARM code generation at -O3.
*/
-__attribute__ ((noinline))
+__attribute__((noinline))
#endif
-void mpi_mul_hlp( size_t i,
- const mbedtls_mpi_uint *s,
- mbedtls_mpi_uint *d,
- mbedtls_mpi_uint b )
+void mpi_mul_hlp(size_t i,
+ const mbedtls_mpi_uint *s,
+ mbedtls_mpi_uint *d,
+ mbedtls_mpi_uint b)
{
mbedtls_mpi_uint c = 0, t = 0;
#if defined(MULADDC_HUIT)
- for( ; i >= 8; i -= 8 )
- {
+ for (; i >= 8; i -= 8) {
MULADDC_INIT
MULADDC_HUIT
- MULADDC_STOP
+ MULADDC_STOP
}
- for( ; i > 0; i-- )
- {
+ for (; i > 0; i--) {
MULADDC_INIT
MULADDC_CORE
- MULADDC_STOP
+ MULADDC_STOP
}
#else /* MULADDC_HUIT */
- for( ; i >= 16; i -= 16 )
- {
+ for (; i >= 16; i -= 16) {
MULADDC_INIT
MULADDC_CORE MULADDC_CORE
MULADDC_CORE MULADDC_CORE
@@ -1417,106 +1452,115 @@
MULADDC_CORE MULADDC_CORE
MULADDC_CORE MULADDC_CORE
MULADDC_CORE MULADDC_CORE
- MULADDC_STOP
+ MULADDC_STOP
}
- for( ; i >= 8; i -= 8 )
- {
+ for (; i >= 8; i -= 8) {
MULADDC_INIT
MULADDC_CORE MULADDC_CORE
MULADDC_CORE MULADDC_CORE
MULADDC_CORE MULADDC_CORE
MULADDC_CORE MULADDC_CORE
- MULADDC_STOP
+ MULADDC_STOP
}
- for( ; i > 0; i-- )
- {
+ for (; i > 0; i--) {
MULADDC_INIT
MULADDC_CORE
- MULADDC_STOP
+ MULADDC_STOP
}
#endif /* MULADDC_HUIT */
t++;
- while( c != 0 )
- {
- *d += c; c = ( *d < c ); d++;
+ while (c != 0) {
+ *d += c; c = (*d < c); d++;
}
}
/*
* Baseline multiplication: X = A * B (HAC 14.12)
*/
-int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, j;
mbedtls_mpi TA, TB;
int result_is_zero = 0;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( A != NULL );
- MPI_VALIDATE_RET( B != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(A != NULL);
+ MPI_VALIDATE_RET(B != NULL);
- mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
+ mbedtls_mpi_init(&TA); mbedtls_mpi_init(&TB);
- if( X == A ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); A = &TA; }
- if( X == B ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); B = &TB; }
+ if (X == A) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TA, A)); A = &TA;
+ }
+ if (X == B) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, B)); B = &TB;
+ }
- for( i = A->n; i > 0; i-- )
- if( A->p[i - 1] != 0 )
+ for (i = A->n; i > 0; i--) {
+ if (A->p[i - 1] != 0) {
break;
- if( i == 0 )
+ }
+ }
+ if (i == 0) {
result_is_zero = 1;
+ }
- for( j = B->n; j > 0; j-- )
- if( B->p[j - 1] != 0 )
+ for (j = B->n; j > 0; j--) {
+ if (B->p[j - 1] != 0) {
break;
- if( j == 0 )
+ }
+ }
+ if (j == 0) {
result_is_zero = 1;
+ }
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i + j));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0));
- for( ; j > 0; j-- )
- mpi_mul_hlp( i, A->p, X->p + j - 1, B->p[j - 1] );
+ for (; j > 0; j--) {
+ mpi_mul_hlp(i, A->p, X->p + j - 1, B->p[j - 1]);
+ }
/* If the result is 0, we don't shortcut the operation, which reduces
* but does not eliminate side channels leaking the zero-ness. We do
* need to take care to set the sign bit properly since the library does
* not fully support an MPI object with a value of 0 and s == -1. */
- if( result_is_zero )
+ if (result_is_zero) {
X->s = 1;
- else
+ } else {
X->s = A->s * B->s;
+ }
cleanup:
- mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TA );
+ mbedtls_mpi_free(&TB); mbedtls_mpi_free(&TA);
- return( ret );
+ return ret;
}
/*
* Baseline multiplication: X = A * b
*/
-int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b )
+int mbedtls_mpi_mul_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b)
{
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( A != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(A != NULL);
/* mpi_mul_hlp can't deal with a leading 0. */
size_t n = A->n;
- while( n > 0 && A->p[n - 1] == 0 )
+ while (n > 0 && A->p[n - 1] == 0) {
--n;
+ }
/* The general method below doesn't work if n==0 or b==0. By chance
* calculating the result is trivial in those cases. */
- if( b == 0 || n == 0 )
- {
- return( mbedtls_mpi_lset( X, 0 ) );
+ if (b == 0 || n == 0) {
+ return mbedtls_mpi_lset(X, 0);
}
/* Calculate A*b as A + A*(b-1) to take advantage of mpi_mul_hlp */
@@ -1529,26 +1573,28 @@
* calls to calloc() in ECP code, presumably because it reuses the
* same mpi for a while and this way the mpi is more likely to directly
* grow to its final size. */
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n + 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
- mpi_mul_hlp( n, A->p, X->p, b - 1 );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, n + 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A));
+ mpi_mul_hlp(n, A->p, X->p, b - 1);
cleanup:
- return( ret );
+ return ret;
}
/*
* Unsigned integer divide - double mbedtls_mpi_uint dividend, u1/u0, and
* mbedtls_mpi_uint divisor, d
*/
-static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1,
- mbedtls_mpi_uint u0, mbedtls_mpi_uint d, mbedtls_mpi_uint *r )
+static mbedtls_mpi_uint mbedtls_int_div_int(mbedtls_mpi_uint u1,
+ mbedtls_mpi_uint u0,
+ mbedtls_mpi_uint d,
+ mbedtls_mpi_uint *r)
{
#if defined(MBEDTLS_HAVE_UDBL)
mbedtls_t_udbl dividend, quotient;
#else
const mbedtls_mpi_uint radix = (mbedtls_mpi_uint) 1 << biH;
- const mbedtls_mpi_uint uint_halfword_mask = ( (mbedtls_mpi_uint) 1 << biH ) - 1;
+ const mbedtls_mpi_uint uint_halfword_mask = ((mbedtls_mpi_uint) 1 << biH) - 1;
mbedtls_mpi_uint d0, d1, q0, q1, rAX, r0, quotient;
mbedtls_mpi_uint u0_msw, u0_lsw;
size_t s;
@@ -1557,22 +1603,25 @@
/*
* Check for overflow
*/
- if( 0 == d || u1 >= d )
- {
- if (r != NULL) *r = ~0;
+ if (0 == d || u1 >= d) {
+ if (r != NULL) {
+ *r = ~0;
+ }
- return ( ~0 );
+ return ~0;
}
#if defined(MBEDTLS_HAVE_UDBL)
dividend = (mbedtls_t_udbl) u1 << biL;
dividend |= (mbedtls_t_udbl) u0;
quotient = dividend / d;
- if( quotient > ( (mbedtls_t_udbl) 1 << biL ) - 1 )
- quotient = ( (mbedtls_t_udbl) 1 << biL ) - 1;
+ if (quotient > ((mbedtls_t_udbl) 1 << biL) - 1) {
+ quotient = ((mbedtls_t_udbl) 1 << biL) - 1;
+ }
- if( r != NULL )
- *r = (mbedtls_mpi_uint)( dividend - (quotient * d ) );
+ if (r != NULL) {
+ *r = (mbedtls_mpi_uint) (dividend - (quotient * d));
+ }
return (mbedtls_mpi_uint) quotient;
#else
@@ -1585,11 +1634,11 @@
/*
* Normalize the divisor, d, and dividend, u0, u1
*/
- s = mbedtls_clz( d );
+ s = mbedtls_clz(d);
d = d << s;
u1 = u1 << s;
- u1 |= ( u0 >> ( biL - s ) ) & ( -(mbedtls_mpi_sint)s >> ( biL - 1 ) );
+ u1 |= (u0 >> (biL - s)) & (-(mbedtls_mpi_sint) s >> (biL - 1));
u0 = u0 << s;
d1 = d >> biH;
@@ -1604,28 +1653,31 @@
q1 = u1 / d1;
r0 = u1 - d1 * q1;
- while( q1 >= radix || ( q1 * d0 > radix * r0 + u0_msw ) )
- {
+ while (q1 >= radix || (q1 * d0 > radix * r0 + u0_msw)) {
q1 -= 1;
r0 += d1;
- if ( r0 >= radix ) break;
+ if (r0 >= radix) {
+ break;
+ }
}
- rAX = ( u1 * radix ) + ( u0_msw - q1 * d );
+ rAX = (u1 * radix) + (u0_msw - q1 * d);
q0 = rAX / d1;
r0 = rAX - q0 * d1;
- while( q0 >= radix || ( q0 * d0 > radix * r0 + u0_lsw ) )
- {
+ while (q0 >= radix || (q0 * d0 > radix * r0 + u0_lsw)) {
q0 -= 1;
r0 += d1;
- if ( r0 >= radix ) break;
+ if (r0 >= radix) {
+ break;
+ }
}
- if (r != NULL)
- *r = ( rAX * radix + u0_lsw - q0 * d ) >> s;
+ if (r != NULL) {
+ *r = (rAX * radix + u0_lsw - q0 * d) >> s;
+ }
quotient = q1 * radix + q0;
@@ -1636,21 +1688,22 @@
/*
* Division by mbedtls_mpi: A = Q * B + R (HAC 14.20)
*/
-int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
- const mbedtls_mpi *B )
+int mbedtls_mpi_div_mpi(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
+ const mbedtls_mpi *B)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, n, t, k;
mbedtls_mpi X, Y, Z, T1, T2;
mbedtls_mpi_uint TP2[3];
- MPI_VALIDATE_RET( A != NULL );
- MPI_VALIDATE_RET( B != NULL );
+ MPI_VALIDATE_RET(A != NULL);
+ MPI_VALIDATE_RET(B != NULL);
- if( mbedtls_mpi_cmp_int( B, 0 ) == 0 )
- return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
+ if (mbedtls_mpi_cmp_int(B, 0) == 0) {
+ return MBEDTLS_ERR_MPI_DIVISION_BY_ZERO;
+ }
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
- mbedtls_mpi_init( &T1 );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z);
+ mbedtls_mpi_init(&T1);
/*
* Avoid dynamic memory allocations for constant-size T2.
*
@@ -1659,196 +1712,194 @@
* buffer.
*/
T2.s = 1;
- T2.n = sizeof( TP2 ) / sizeof( *TP2 );
+ T2.n = sizeof(TP2) / sizeof(*TP2);
T2.p = TP2;
- if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
- {
- if( Q != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_lset( Q, 0 ) );
- if( R != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, A ) );
- return( 0 );
+ if (mbedtls_mpi_cmp_abs(A, B) < 0) {
+ if (Q != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(Q, 0));
+ }
+ if (R != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(R, A));
+ }
+ return 0;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &X, A ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, B ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&X, A));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Y, B));
X.s = Y.s = 1;
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Z, A->n + 2 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Z, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T1, A->n + 2 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&Z, A->n + 2));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&Z, 0));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&T1, A->n + 2));
- k = mbedtls_mpi_bitlen( &Y ) % biL;
- if( k < biL - 1 )
- {
+ k = mbedtls_mpi_bitlen(&Y) % biL;
+ if (k < biL - 1) {
k = biL - 1 - k;
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &X, k ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, k ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&X, k));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&Y, k));
+ } else {
+ k = 0;
}
- else k = 0;
n = X.n - 1;
t = Y.n - 1;
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, biL * ( n - t ) ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&Y, biL * (n - t)));
- while( mbedtls_mpi_cmp_mpi( &X, &Y ) >= 0 )
- {
+ while (mbedtls_mpi_cmp_mpi(&X, &Y) >= 0) {
Z.p[n - t]++;
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &Y ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&X, &X, &Y));
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, biL * ( n - t ) ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Y, biL * (n - t)));
- for( i = n; i > t ; i-- )
- {
- if( X.p[i] >= Y.p[t] )
+ for (i = n; i > t; i--) {
+ if (X.p[i] >= Y.p[t]) {
Z.p[i - t - 1] = ~0;
- else
- {
- Z.p[i - t - 1] = mbedtls_int_div_int( X.p[i], X.p[i - 1],
- Y.p[t], NULL);
+ } else {
+ Z.p[i - t - 1] = mbedtls_int_div_int(X.p[i], X.p[i - 1],
+ Y.p[t], NULL);
}
- T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2];
- T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1];
+ T2.p[0] = (i < 2) ? 0 : X.p[i - 2];
+ T2.p[1] = (i < 1) ? 0 : X.p[i - 1];
T2.p[2] = X.p[i];
Z.p[i - t - 1]++;
- do
- {
+ do {
Z.p[i - t - 1]--;
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T1, 0 ) );
- T1.p[0] = ( t < 1 ) ? 0 : Y.p[t - 1];
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&T1, 0));
+ T1.p[0] = (t < 1) ? 0 : Y.p[t - 1];
T1.p[1] = Y.p[t];
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) );
- }
- while( mbedtls_mpi_cmp_mpi( &T1, &T2 ) > 0 );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T1, &T1, Z.p[i - t - 1]));
+ } while (mbedtls_mpi_cmp_mpi(&T1, &T2) > 0);
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T1, &Y, Z.p[i - t - 1]));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&T1, biL * (i - t - 1)));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&X, &X, &T1));
- if( mbedtls_mpi_cmp_int( &X, 0 ) < 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &Y ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &X, &X, &T1 ) );
+ if (mbedtls_mpi_cmp_int(&X, 0) < 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&T1, &Y));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&T1, biL * (i - t - 1)));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&X, &X, &T1));
Z.p[i - t - 1]--;
}
}
- if( Q != NULL )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( Q, &Z ) );
+ if (Q != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(Q, &Z));
Q->s = A->s * B->s;
}
- if( R != NULL )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &X, k ) );
+ if (R != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&X, k));
X.s = A->s;
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, &X ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(R, &X));
- if( mbedtls_mpi_cmp_int( R, 0 ) == 0 )
+ if (mbedtls_mpi_cmp_int(R, 0) == 0) {
R->s = 1;
+ }
}
cleanup:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
- mbedtls_mpi_free( &T1 );
- mbedtls_platform_zeroize( TP2, sizeof( TP2 ) );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z);
+ mbedtls_mpi_free(&T1);
+ mbedtls_platform_zeroize(TP2, sizeof(TP2));
- return( ret );
+ return ret;
}
/*
* Division by int: A = Q * b + R
*/
-int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R,
- const mbedtls_mpi *A,
- mbedtls_mpi_sint b )
+int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R,
+ const mbedtls_mpi *A,
+ mbedtls_mpi_sint b)
{
mbedtls_mpi B;
mbedtls_mpi_uint p[1];
- MPI_VALIDATE_RET( A != NULL );
+ MPI_VALIDATE_RET(A != NULL);
- p[0] = mpi_sint_abs( b );
- B.s = ( b < 0 ) ? -1 : 1;
+ p[0] = mpi_sint_abs(b);
+ B.s = (b < 0) ? -1 : 1;
B.n = 1;
B.p = p;
- return( mbedtls_mpi_div_mpi( Q, R, A, &B ) );
+ return mbedtls_mpi_div_mpi(Q, R, A, &B);
}
/*
* Modulo: R = A mod B
*/
-int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
+int mbedtls_mpi_mod_mpi(mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MPI_VALIDATE_RET( R != NULL );
- MPI_VALIDATE_RET( A != NULL );
- MPI_VALIDATE_RET( B != NULL );
+ MPI_VALIDATE_RET(R != NULL);
+ MPI_VALIDATE_RET(A != NULL);
+ MPI_VALIDATE_RET(B != NULL);
- if( mbedtls_mpi_cmp_int( B, 0 ) < 0 )
- return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
+ if (mbedtls_mpi_cmp_int(B, 0) < 0) {
+ return MBEDTLS_ERR_MPI_NEGATIVE_VALUE;
+ }
- MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( NULL, R, A, B ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(NULL, R, A, B));
- while( mbedtls_mpi_cmp_int( R, 0 ) < 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( R, R, B ) );
+ while (mbedtls_mpi_cmp_int(R, 0) < 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(R, R, B));
+ }
- while( mbedtls_mpi_cmp_mpi( R, B ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( R, R, B ) );
+ while (mbedtls_mpi_cmp_mpi(R, B) >= 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(R, R, B));
+ }
cleanup:
- return( ret );
+ return ret;
}
/*
* Modulo: r = A mod b
*/
-int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b )
+int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b)
{
size_t i;
mbedtls_mpi_uint x, y, z;
- MPI_VALIDATE_RET( r != NULL );
- MPI_VALIDATE_RET( A != NULL );
+ MPI_VALIDATE_RET(r != NULL);
+ MPI_VALIDATE_RET(A != NULL);
- if( b == 0 )
- return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
+ if (b == 0) {
+ return MBEDTLS_ERR_MPI_DIVISION_BY_ZERO;
+ }
- if( b < 0 )
- return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
+ if (b < 0) {
+ return MBEDTLS_ERR_MPI_NEGATIVE_VALUE;
+ }
/*
* handle trivial cases
*/
- if( b == 1 || A->n == 0 )
- {
+ if (b == 1 || A->n == 0) {
*r = 0;
- return( 0 );
+ return 0;
}
- if( b == 2 )
- {
+ if (b == 2) {
*r = A->p[0] & 1;
- return( 0 );
+ return 0;
}
/*
* general case
*/
- for( i = A->n, y = 0; i > 0; i-- )
- {
+ for (i = A->n, y = 0; i > 0; i--) {
x = A->p[i - 1];
- y = ( y << biH ) | ( x >> biH );
+ y = (y << biH) | (x >> biH);
z = y / b;
y -= z * b;
x <<= biH;
- y = ( y << biH ) | ( x >> biH );
+ y = (y << biH) | (x >> biH);
z = y / b;
y -= z * b;
}
@@ -1857,27 +1908,29 @@
* If A is negative, then the current y represents a negative value.
* Flipping it to the positive side.
*/
- if( A->s < 0 && y != 0 )
+ if (A->s < 0 && y != 0) {
y = b - y;
+ }
*r = y;
- return( 0 );
+ return 0;
}
/*
* Fast Montgomery initialization (thanks to Tom St Denis)
*/
-static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N )
+static void mpi_montg_init(mbedtls_mpi_uint *mm, const mbedtls_mpi *N)
{
mbedtls_mpi_uint x, m0 = N->p[0];
unsigned int i;
x = m0;
- x += ( ( m0 + 2 ) & 4 ) << 1;
+ x += ((m0 + 2) & 4) << 1;
- for( i = biL; i >= 8; i /= 2 )
- x *= ( 2 - ( m0 * x ) );
+ for (i = biL; i >= 8; i /= 2) {
+ x *= (2 - (m0 * x));
+ }
*mm = ~x + 1;
}
@@ -1904,28 +1957,30 @@
* Note that unlike the usual convention in the library
* for `const mbedtls_mpi*`, the content of T can change.
*/
-static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
- const mbedtls_mpi *T )
+static void mpi_montmul(mbedtls_mpi *A,
+ const mbedtls_mpi *B,
+ const mbedtls_mpi *N,
+ mbedtls_mpi_uint mm,
+ const mbedtls_mpi *T)
{
size_t i, n, m;
mbedtls_mpi_uint u0, u1, *d;
- memset( T->p, 0, T->n * ciL );
+ memset(T->p, 0, T->n * ciL);
d = T->p;
n = N->n;
- m = ( B->n < n ) ? B->n : n;
+ m = (B->n < n) ? B->n : n;
- for( i = 0; i < n; i++ )
- {
+ for (i = 0; i < n; i++) {
/*
* T = (T + u0*B + u1*N) / 2^biL
*/
u0 = A->p[i];
- u1 = ( d[0] + u0 * B->p[0] ) * mm;
+ u1 = (d[0] + u0 * B->p[0]) * mm;
- mpi_mul_hlp( m, B->p, d, u0 );
- mpi_mul_hlp( n, N->p, d, u1 );
+ mpi_mul_hlp(m, B->p, d, u0);
+ mpi_mul_hlp(n, N->p, d, u1);
*d++ = u0; d[n + 1] = 0;
}
@@ -1936,19 +1991,19 @@
/* Copy the n least significant limbs of d to A, so that
* A = d if d < N (recall that N has n limbs). */
- memcpy( A->p, d, n * ciL );
+ memcpy(A->p, d, n * ciL);
/* If d >= N then we want to set A to d - N. To prevent timing attacks,
* do the calculation without using conditional tests. */
/* Set d to d0 + (2^biL)^n - N where d0 is the current value of d. */
d[n] += 1;
- d[n] -= mpi_sub_hlp( n, d, d, N->p );
+ d[n] -= mpi_sub_hlp(n, d, d, N->p);
/* If d0 < N then d < (2^biL)^n
* so d[n] == 0 and we want to keep A as it is.
* If d0 >= N then d >= (2^biL)^n, and d <= (2^biL)^n + N < 2 * (2^biL)^n
* so d[n] == 1 and we want to set A to the result of the subtraction
* which is d - (2^biL)^n, i.e. the n least significant limbs of d.
* This exactly corresponds to a conditional assignment. */
- mbedtls_ct_mpi_uint_cond_assign( n, A->p, d, (unsigned char) d[n] );
+ mbedtls_ct_mpi_uint_cond_assign(n, A->p, d, (unsigned char) d[n]);
}
/*
@@ -1956,8 +2011,8 @@
*
* See mpi_montmul() regarding constraints and guarantees on the parameters.
*/
-static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N,
- mbedtls_mpi_uint mm, const mbedtls_mpi *T )
+static void mpi_montred(mbedtls_mpi *A, const mbedtls_mpi *N,
+ mbedtls_mpi_uint mm, const mbedtls_mpi *T)
{
mbedtls_mpi_uint z = 1;
mbedtls_mpi U;
@@ -1965,7 +2020,7 @@
U.n = U.s = (int) z;
U.p = &z;
- mpi_montmul( A, &U, N, mm, T );
+ mpi_montmul(A, &U, N, mm, T);
}
/**
@@ -1983,67 +2038,71 @@
*
* \return \c 0 on success, or a negative error code.
*/
-static int mpi_select( mbedtls_mpi *R, const mbedtls_mpi *T, size_t T_size, size_t idx )
+static int mpi_select(mbedtls_mpi *R, const mbedtls_mpi *T, size_t T_size, size_t idx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- for( size_t i = 0; i < T_size; i++ )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( R, &T[i],
- (unsigned char) mbedtls_ct_size_bool_eq( i, idx ) ) );
+ for (size_t i = 0; i < T_size; i++) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(R, &T[i],
+ (unsigned char) mbedtls_ct_size_bool_eq(i,
+ idx)));
}
cleanup:
- return( ret );
+ return ret;
}
/*
* Sliding-window exponentiation: X = A^E mod N (HAC 14.85)
*/
-int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *E, const mbedtls_mpi *N,
- mbedtls_mpi *prec_RR )
+int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A,
+ const mbedtls_mpi *E, const mbedtls_mpi *N,
+ mbedtls_mpi *prec_RR)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t window_bitsize;
size_t i, j, nblimbs;
size_t bufsize, nbits;
mbedtls_mpi_uint ei, mm, state;
- mbedtls_mpi RR, T, W[ (size_t) 1 << MBEDTLS_MPI_WINDOW_SIZE ], WW, Apos;
+ mbedtls_mpi RR, T, W[(size_t) 1 << MBEDTLS_MPI_WINDOW_SIZE], WW, Apos;
int neg;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( A != NULL );
- MPI_VALIDATE_RET( E != NULL );
- MPI_VALIDATE_RET( N != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(A != NULL);
+ MPI_VALIDATE_RET(E != NULL);
+ MPI_VALIDATE_RET(N != NULL);
- if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ if (mbedtls_mpi_cmp_int(N, 0) <= 0 || (N->p[0] & 1) == 0) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ }
- if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ if (mbedtls_mpi_cmp_int(E, 0) < 0) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ }
- if( mbedtls_mpi_bitlen( E ) > MBEDTLS_MPI_MAX_BITS ||
- mbedtls_mpi_bitlen( N ) > MBEDTLS_MPI_MAX_BITS )
- return ( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ if (mbedtls_mpi_bitlen(E) > MBEDTLS_MPI_MAX_BITS ||
+ mbedtls_mpi_bitlen(N) > MBEDTLS_MPI_MAX_BITS) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ }
/*
* Init temps and window size
*/
- mpi_montg_init( &mm, N );
- mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &T );
- mbedtls_mpi_init( &Apos );
- mbedtls_mpi_init( &WW );
- memset( W, 0, sizeof( W ) );
+ mpi_montg_init(&mm, N);
+ mbedtls_mpi_init(&RR); mbedtls_mpi_init(&T);
+ mbedtls_mpi_init(&Apos);
+ mbedtls_mpi_init(&WW);
+ memset(W, 0, sizeof(W));
- i = mbedtls_mpi_bitlen( E );
+ i = mbedtls_mpi_bitlen(E);
- window_bitsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 :
- ( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1;
+ window_bitsize = (i > 671) ? 6 : (i > 239) ? 5 :
+ (i > 79) ? 4 : (i > 23) ? 3 : 1;
-#if( MBEDTLS_MPI_WINDOW_SIZE < 6 )
- if( window_bitsize > MBEDTLS_MPI_WINDOW_SIZE )
+#if (MBEDTLS_MPI_WINDOW_SIZE < 6)
+ if (window_bitsize > MBEDTLS_MPI_WINDOW_SIZE) {
window_bitsize = MBEDTLS_MPI_WINDOW_SIZE;
+ }
#endif
const size_t w_table_used_size = (size_t) 1 << window_bitsize;
@@ -2081,8 +2140,8 @@
* calculation from this point on.
*/
const size_t x_index = 0;
- mbedtls_mpi_init( &W[x_index] );
- mbedtls_mpi_copy( &W[x_index], X );
+ mbedtls_mpi_init(&W[x_index]);
+ mbedtls_mpi_copy(&W[x_index], X);
j = N->n + 1;
/* All W[i] and X must have at least N->n limbs for the mpi_montmul()
@@ -2090,17 +2149,16 @@
* large enough, and later we'll grow other W[i] to the same length.
* They must not be shrunk midway through this function!
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[x_index], j ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], j ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[x_index], j));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[1], j));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&T, j * 2));
/*
* Compensate for negative A (and correct at the end)
*/
- neg = ( A->s == -1 );
- if( neg )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Apos, A ) );
+ neg = (A->s == -1);
+ if (neg) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Apos, A));
Apos.s = 1;
A = &Apos;
}
@@ -2108,45 +2166,43 @@
/*
* If 1st call, pre-compute R^2 mod N
*/
- if( prec_RR == NULL || prec_RR->p == NULL )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &RR, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &RR, N->n * 2 * biL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &RR, &RR, N ) );
+ if (prec_RR == NULL || prec_RR->p == NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&RR, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&RR, N->n * 2 * biL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&RR, &RR, N));
- if( prec_RR != NULL )
- memcpy( prec_RR, &RR, sizeof( mbedtls_mpi ) );
+ if (prec_RR != NULL) {
+ memcpy(prec_RR, &RR, sizeof(mbedtls_mpi));
+ }
+ } else {
+ memcpy(&RR, prec_RR, sizeof(mbedtls_mpi));
}
- else
- memcpy( &RR, prec_RR, sizeof( mbedtls_mpi ) );
/*
* W[1] = A * R^2 * R^-1 mod N = A * R mod N
*/
- if( mbedtls_mpi_cmp_mpi( A, N ) >= 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &W[1], A, N ) );
+ if (mbedtls_mpi_cmp_mpi(A, N) >= 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&W[1], A, N));
/* This should be a no-op because W[1] is already that large before
* mbedtls_mpi_mod_mpi(), but it's necessary to avoid an overflow
* in mpi_montmul() below, so let's make sure. */
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], N->n + 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[1], N->n + 1));
+ } else {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[1], A));
}
- else
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) );
/* Note that this is safe because W[1] always has at least N->n limbs
* (it grew above and was preserved by mbedtls_mpi_copy()). */
- mpi_montmul( &W[1], &RR, N, mm, &T );
+ mpi_montmul(&W[1], &RR, N, mm, &T);
/*
* W[x_index] = R^2 * R^-1 mod N = R mod N
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[x_index], &RR ) );
- mpi_montred( &W[x_index], N, mm, &T );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[x_index], &RR));
+ mpi_montred(&W[x_index], N, mm, &T);
- if( window_bitsize > 1 )
- {
+ if (window_bitsize > 1) {
/*
* W[i] = W[1] ^ i
*
@@ -2159,21 +2215,21 @@
*/
j = w_table_used_size / 2;
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[j], N->n + 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[j], N->n + 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[j], &W[1]));
- for( i = 0; i < window_bitsize - 1; i++ )
- mpi_montmul( &W[j], &W[j], N, mm, &T );
+ for (i = 0; i < window_bitsize - 1; i++) {
+ mpi_montmul(&W[j], &W[j], N, mm, &T);
+ }
/*
* W[i] = W[i - 1] * W[1]
*/
- for( i = j + 1; i < w_table_used_size; i++ )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) );
+ for (i = j + 1; i < w_table_used_size; i++) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[i], N->n + 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[i], &W[i - 1]));
- mpi_montmul( &W[i], &W[1], N, mm, &T );
+ mpi_montmul(&W[i], &W[1], N, mm, &T);
}
}
@@ -2183,16 +2239,15 @@
size_t exponent_bits_in_window = 0;
state = 0;
- while( 1 )
- {
- if( bufsize == 0 )
- {
- if( nblimbs == 0 )
+ while (1) {
+ if (bufsize == 0) {
+ if (nblimbs == 0) {
break;
+ }
nblimbs--;
- bufsize = sizeof( mbedtls_mpi_uint ) << 3;
+ bufsize = sizeof(mbedtls_mpi_uint) << 3;
}
bufsize--;
@@ -2202,16 +2257,16 @@
/*
* skip leading 0s
*/
- if( ei == 0 && state == 0 )
+ if (ei == 0 && state == 0) {
continue;
+ }
- if( ei == 0 && state == 1 )
- {
+ if (ei == 0 && state == 1) {
/*
* out of window, square W[x_index]
*/
- MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, x_index ) );
- mpi_montmul( &W[x_index], &WW, N, mm, &T );
+ MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size, x_index));
+ mpi_montmul(&W[x_index], &WW, N, mm, &T);
continue;
}
@@ -2221,26 +2276,24 @@
state = 2;
nbits++;
- exponent_bits_in_window |= ( ei << ( window_bitsize - nbits ) );
+ exponent_bits_in_window |= (ei << (window_bitsize - nbits));
- if( nbits == window_bitsize )
- {
+ if (nbits == window_bitsize) {
/*
* W[x_index] = W[x_index]^window_bitsize R^-1 mod N
*/
- for( i = 0; i < window_bitsize; i++ )
- {
- MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size,
- x_index ) );
- mpi_montmul( &W[x_index], &WW, N, mm, &T );
+ for (i = 0; i < window_bitsize; i++) {
+ MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size,
+ x_index));
+ mpi_montmul(&W[x_index], &WW, N, mm, &T);
}
/*
* W[x_index] = W[x_index] * W[exponent_bits_in_window] R^-1 mod N
*/
- MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size,
- exponent_bits_in_window ) );
- mpi_montmul( &W[x_index], &WW, N, mm, &T );
+ MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size,
+ exponent_bits_in_window));
+ mpi_montmul(&W[x_index], &WW, N, mm, &T);
state--;
nbits = 0;
@@ -2251,88 +2304,87 @@
/*
* process the remaining bits
*/
- for( i = 0; i < nbits; i++ )
- {
- MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, x_index ) );
- mpi_montmul( &W[x_index], &WW, N, mm, &T );
+ for (i = 0; i < nbits; i++) {
+ MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size, x_index));
+ mpi_montmul(&W[x_index], &WW, N, mm, &T);
exponent_bits_in_window <<= 1;
- if( ( exponent_bits_in_window & ( (size_t) 1 << window_bitsize ) ) != 0 )
- {
- MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, 1 ) );
- mpi_montmul( &W[x_index], &WW, N, mm, &T );
+ if ((exponent_bits_in_window & ((size_t) 1 << window_bitsize)) != 0) {
+ MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size, 1));
+ mpi_montmul(&W[x_index], &WW, N, mm, &T);
}
}
/*
* W[x_index] = A^E * R * R^-1 mod N = A^E mod N
*/
- mpi_montred( &W[x_index], N, mm, &T );
+ mpi_montred(&W[x_index], N, mm, &T);
- if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 )
- {
+ if (neg && E->n != 0 && (E->p[0] & 1) != 0) {
W[x_index].s = -1;
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &W[x_index], N, &W[x_index] ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&W[x_index], N, &W[x_index]));
}
/*
* Load the result in the output variable.
*/
- mbedtls_mpi_copy( X, &W[x_index] );
+ mbedtls_mpi_copy(X, &W[x_index]);
cleanup:
/* The first bit of the sliding window is always 1 and therefore the first
* half of the table was unused. */
- for( i = w_table_used_size/2; i < w_table_used_size; i++ )
- mbedtls_mpi_free( &W[i] );
+ for (i = w_table_used_size/2; i < w_table_used_size; i++) {
+ mbedtls_mpi_free(&W[i]);
+ }
- mbedtls_mpi_free( &W[x_index] );
- mbedtls_mpi_free( &W[1] );
- mbedtls_mpi_free( &T );
- mbedtls_mpi_free( &Apos );
- mbedtls_mpi_free( &WW );
+ mbedtls_mpi_free(&W[x_index]);
+ mbedtls_mpi_free(&W[1]);
+ mbedtls_mpi_free(&T);
+ mbedtls_mpi_free(&Apos);
+ mbedtls_mpi_free(&WW);
- if( prec_RR == NULL || prec_RR->p == NULL )
- mbedtls_mpi_free( &RR );
+ if (prec_RR == NULL || prec_RR->p == NULL) {
+ mbedtls_mpi_free(&RR);
+ }
- return( ret );
+ return ret;
}
/*
* Greatest common divisor: G = gcd(A, B) (HAC 14.54)
*/
-int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B )
+int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t lz, lzt;
mbedtls_mpi TA, TB;
- MPI_VALIDATE_RET( G != NULL );
- MPI_VALIDATE_RET( A != NULL );
- MPI_VALIDATE_RET( B != NULL );
+ MPI_VALIDATE_RET(G != NULL);
+ MPI_VALIDATE_RET(A != NULL);
+ MPI_VALIDATE_RET(B != NULL);
- mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
+ mbedtls_mpi_init(&TA); mbedtls_mpi_init(&TB);
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TA, A));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, B));
- lz = mbedtls_mpi_lsb( &TA );
- lzt = mbedtls_mpi_lsb( &TB );
+ lz = mbedtls_mpi_lsb(&TA);
+ lzt = mbedtls_mpi_lsb(&TB);
/* The loop below gives the correct result when A==0 but not when B==0.
* So have a special case for B==0. Leverage the fact that we just
* calculated the lsb and lsb(B)==0 iff B is odd or 0 to make the test
* slightly more efficient than cmp_int(). */
- if( lzt == 0 && mbedtls_mpi_get_bit( &TB, 0 ) == 0 )
- {
- ret = mbedtls_mpi_copy( G, A );
+ if (lzt == 0 && mbedtls_mpi_get_bit(&TB, 0) == 0) {
+ ret = mbedtls_mpi_copy(G, A);
goto cleanup;
}
- if( lzt < lz )
+ if (lzt < lz) {
lz = lzt;
+ }
TA.s = TB.s = 1;
@@ -2369,11 +2421,10 @@
* TA becomes 0 which ends the loop (TB cannot be 0 if it is right-shifted
* since in that case TB is calculated from TB-TA with the condition TB>TA).
*/
- while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 )
- {
+ while (mbedtls_mpi_cmp_int(&TA, 0) != 0) {
/* Divisions by 2 preserve the invariant (I). */
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, mbedtls_mpi_lsb( &TB ) ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TA, mbedtls_mpi_lsb(&TA)));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TB, mbedtls_mpi_lsb(&TB)));
/* Set either TA or TB to |TA-TB|/2. Since TA and TB are both odd,
* TA-TB is even so the division by 2 has an integer result.
@@ -2382,15 +2433,12 @@
* also divides TB, and any odd divisor of both TB and |TA-TB|/2 also
* divides TA.
*/
- if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TA, &TA, &TB ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, 1 ) );
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TB, &TB, &TA ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, 1 ) );
+ if (mbedtls_mpi_cmp_mpi(&TA, &TB) >= 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(&TA, &TA, &TB));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TA, 1));
+ } else {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(&TB, &TB, &TA));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TB, 1));
}
/* Note that one of TA or TB is still odd. */
}
@@ -2404,14 +2452,14 @@
* In this case, lz = 0 and B = TB so gcd(A,B) = B = 2^lz * TB as well.
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &TB, lz ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( G, &TB ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&TB, lz));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(G, &TB));
cleanup:
- mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TB );
+ mbedtls_mpi_free(&TA); mbedtls_mpi_free(&TB);
- return( ret );
+ return ret;
}
/* Fill X with n_bytes random bytes.
@@ -2423,22 +2471,23 @@
*/
static int mpi_fill_random_internal(
mbedtls_mpi *X, size_t n_bytes,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- const size_t limbs = CHARS_TO_LIMBS( n_bytes );
- const size_t overhead = ( limbs * ciL ) - n_bytes;
+ const size_t limbs = CHARS_TO_LIMBS(n_bytes);
+ const size_t overhead = (limbs * ciL) - n_bytes;
- if( X->n < limbs )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ if (X->n < limbs) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ }
- memset( X->p, 0, overhead );
- memset( (unsigned char *) X->p + limbs * ciL, 0, ( X->n - limbs ) * ciL );
- MBEDTLS_MPI_CHK( f_rng( p_rng, (unsigned char *) X->p + overhead, n_bytes ) );
- mpi_bigendian_to_host( X->p, limbs );
+ memset(X->p, 0, overhead);
+ memset((unsigned char *) X->p + limbs * ciL, 0, (X->n - limbs) * ciL);
+ MBEDTLS_MPI_CHK(f_rng(p_rng, (unsigned char *) X->p + overhead, n_bytes));
+ mpi_bigendian_to_host(X->p, limbs);
cleanup:
- return( ret );
+ return ret;
}
/*
@@ -2448,44 +2497,47 @@
* regardless of the platform endianness (useful when f_rng is actually
* deterministic, eg for tests).
*/
-int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t const limbs = CHARS_TO_LIMBS( size );
+ size_t const limbs = CHARS_TO_LIMBS(size);
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( f_rng != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(f_rng != NULL);
/* Ensure that target MPI has exactly the necessary number of limbs */
- MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) );
- if( size == 0 )
- return( 0 );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs));
+ if (size == 0) {
+ return 0;
+ }
- ret = mpi_fill_random_internal( X, size, f_rng, p_rng );
+ ret = mpi_fill_random_internal(X, size, f_rng, p_rng);
cleanup:
- return( ret );
+ return ret;
}
-int mbedtls_mpi_random( mbedtls_mpi *X,
- mbedtls_mpi_sint min,
- const mbedtls_mpi *N,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_mpi_random(mbedtls_mpi *X,
+ mbedtls_mpi_sint min,
+ const mbedtls_mpi *N,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
int count;
unsigned lt_lower = 1, lt_upper = 0;
- size_t n_bits = mbedtls_mpi_bitlen( N );
- size_t n_bytes = ( n_bits + 7 ) / 8;
+ size_t n_bits = mbedtls_mpi_bitlen(N);
+ size_t n_bytes = (n_bits + 7) / 8;
mbedtls_mpi lower_bound;
- if( min < 0 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
- if( mbedtls_mpi_cmp_int( N, min ) <= 0 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ if (min < 0) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ }
+ if (mbedtls_mpi_cmp_int(N, min) <= 0) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ }
/*
* When min == 0, each try has at worst a probability 1/2 of failing
@@ -2504,16 +2556,16 @@
* is small, use a higher repeat count, otherwise the probability of
* failure is macroscopic.
*/
- count = ( n_bytes > 4 ? 30 : 250 );
+ count = (n_bytes > 4 ? 30 : 250);
- mbedtls_mpi_init( &lower_bound );
+ mbedtls_mpi_init(&lower_bound);
/* Ensure that target MPI has exactly the same number of limbs
* as the upper bound, even if the upper bound has leading zeros.
* This is necessary for the mbedtls_mpi_lt_mpi_ct() check. */
- MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, N->n ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &lower_bound, N->n ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &lower_bound, min ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, N->n));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&lower_bound, N->n));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&lower_bound, min));
/*
* Match the procedure given in RFC 6979 §3.3 (deterministic ECDSA)
@@ -2523,150 +2575,140 @@
* - try until result is in the desired range.
* This also avoids any bias, which is especially important for ECDSA.
*/
- do
- {
- MBEDTLS_MPI_CHK( mpi_fill_random_internal( X, n_bytes, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, 8 * n_bytes - n_bits ) );
+ do {
+ MBEDTLS_MPI_CHK(mpi_fill_random_internal(X, n_bytes, f_rng, p_rng));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(X, 8 * n_bytes - n_bits));
- if( --count == 0 )
- {
+ if (--count == 0) {
ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( X, &lower_bound, <_lower ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( X, N, <_upper ) );
- }
- while( lt_lower != 0 || lt_upper == 0 );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lt_mpi_ct(X, &lower_bound, <_lower));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lt_mpi_ct(X, N, <_upper));
+ } while (lt_lower != 0 || lt_upper == 0);
cleanup:
- mbedtls_mpi_free( &lower_bound );
- return( ret );
+ mbedtls_mpi_free(&lower_bound);
+ return ret;
}
/*
* Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64)
*/
-int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N )
+int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( A != NULL );
- MPI_VALIDATE_RET( N != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(A != NULL);
+ MPI_VALIDATE_RET(N != NULL);
- if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ if (mbedtls_mpi_cmp_int(N, 1) <= 0) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ }
- mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TU ); mbedtls_mpi_init( &U1 ); mbedtls_mpi_init( &U2 );
- mbedtls_mpi_init( &G ); mbedtls_mpi_init( &TB ); mbedtls_mpi_init( &TV );
- mbedtls_mpi_init( &V1 ); mbedtls_mpi_init( &V2 );
+ mbedtls_mpi_init(&TA); mbedtls_mpi_init(&TU); mbedtls_mpi_init(&U1); mbedtls_mpi_init(&U2);
+ mbedtls_mpi_init(&G); mbedtls_mpi_init(&TB); mbedtls_mpi_init(&TV);
+ mbedtls_mpi_init(&V1); mbedtls_mpi_init(&V2);
- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, A, N ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, A, N));
- if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
- {
+ if (mbedtls_mpi_cmp_int(&G, 1) != 0) {
ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &TA, A, N ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TU, &TA ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, N ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TV, N ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&TA, A, N));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TU, &TA));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, N));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TV, N));
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U1, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U2, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V1, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V2, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&U1, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&U2, 0));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&V1, 0));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&V2, 1));
- do
- {
- while( ( TU.p[0] & 1 ) == 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TU, 1 ) );
+ do {
+ while ((TU.p[0] & 1) == 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TU, 1));
- if( ( U1.p[0] & 1 ) != 0 || ( U2.p[0] & 1 ) != 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &U1, &U1, &TB ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &TA ) );
+ if ((U1.p[0] & 1) != 0 || (U2.p[0] & 1) != 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&U1, &U1, &TB));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U2, &U2, &TA));
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U1, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U2, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&U1, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&U2, 1));
}
- while( ( TV.p[0] & 1 ) == 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TV, 1 ) );
+ while ((TV.p[0] & 1) == 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TV, 1));
- if( ( V1.p[0] & 1 ) != 0 || ( V2.p[0] & 1 ) != 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, &TB ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &TA ) );
+ if ((V1.p[0] & 1) != 0 || (V2.p[0] & 1) != 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&V1, &V1, &TB));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V2, &V2, &TA));
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V1, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V2, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&V1, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&V2, 1));
}
- if( mbedtls_mpi_cmp_mpi( &TU, &TV ) >= 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TU, &TU, &TV ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U1, &U1, &V1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &V2 ) );
+ if (mbedtls_mpi_cmp_mpi(&TU, &TV) >= 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&TU, &TU, &TV));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U1, &U1, &V1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U2, &U2, &V2));
+ } else {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&TV, &TV, &TU));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V1, &V1, &U1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V2, &V2, &U2));
}
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TV, &TV, &TU ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, &U1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &U2 ) );
- }
+ } while (mbedtls_mpi_cmp_int(&TU, 0) != 0);
+
+ while (mbedtls_mpi_cmp_int(&V1, 0) < 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&V1, &V1, N));
}
- while( mbedtls_mpi_cmp_int( &TU, 0 ) != 0 );
- while( mbedtls_mpi_cmp_int( &V1, 0 ) < 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, N ) );
+ while (mbedtls_mpi_cmp_mpi(&V1, N) >= 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V1, &V1, N));
+ }
- while( mbedtls_mpi_cmp_mpi( &V1, N ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, N ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &V1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, &V1));
cleanup:
- mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TU ); mbedtls_mpi_free( &U1 ); mbedtls_mpi_free( &U2 );
- mbedtls_mpi_free( &G ); mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TV );
- mbedtls_mpi_free( &V1 ); mbedtls_mpi_free( &V2 );
+ mbedtls_mpi_free(&TA); mbedtls_mpi_free(&TU); mbedtls_mpi_free(&U1); mbedtls_mpi_free(&U2);
+ mbedtls_mpi_free(&G); mbedtls_mpi_free(&TB); mbedtls_mpi_free(&TV);
+ mbedtls_mpi_free(&V1); mbedtls_mpi_free(&V2);
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_GENPRIME)
static const int small_prime[] =
{
- 3, 5, 7, 11, 13, 17, 19, 23,
- 29, 31, 37, 41, 43, 47, 53, 59,
- 61, 67, 71, 73, 79, 83, 89, 97,
- 101, 103, 107, 109, 113, 127, 131, 137,
- 139, 149, 151, 157, 163, 167, 173, 179,
- 181, 191, 193, 197, 199, 211, 223, 227,
- 229, 233, 239, 241, 251, 257, 263, 269,
- 271, 277, 281, 283, 293, 307, 311, 313,
- 317, 331, 337, 347, 349, 353, 359, 367,
- 373, 379, 383, 389, 397, 401, 409, 419,
- 421, 431, 433, 439, 443, 449, 457, 461,
- 463, 467, 479, 487, 491, 499, 503, 509,
- 521, 523, 541, 547, 557, 563, 569, 571,
- 577, 587, 593, 599, 601, 607, 613, 617,
- 619, 631, 641, 643, 647, 653, 659, 661,
- 673, 677, 683, 691, 701, 709, 719, 727,
- 733, 739, 743, 751, 757, 761, 769, 773,
- 787, 797, 809, 811, 821, 823, 827, 829,
- 839, 853, 857, 859, 863, 877, 881, 883,
- 887, 907, 911, 919, 929, 937, 941, 947,
- 953, 967, 971, 977, 983, 991, 997, -103
+ 3, 5, 7, 11, 13, 17, 19, 23,
+ 29, 31, 37, 41, 43, 47, 53, 59,
+ 61, 67, 71, 73, 79, 83, 89, 97,
+ 101, 103, 107, 109, 113, 127, 131, 137,
+ 139, 149, 151, 157, 163, 167, 173, 179,
+ 181, 191, 193, 197, 199, 211, 223, 227,
+ 229, 233, 239, 241, 251, 257, 263, 269,
+ 271, 277, 281, 283, 293, 307, 311, 313,
+ 317, 331, 337, 347, 349, 353, 359, 367,
+ 373, 379, 383, 389, 397, 401, 409, 419,
+ 421, 431, 433, 439, 443, 449, 457, 461,
+ 463, 467, 479, 487, 491, 499, 503, 509,
+ 521, 523, 541, 547, 557, 563, 569, 571,
+ 577, 587, 593, 599, 601, 607, 613, 617,
+ 619, 631, 641, 643, 647, 653, 659, 661,
+ 673, 677, 683, 691, 701, 709, 719, 727,
+ 733, 739, 743, 751, 757, 761, 769, 773,
+ 787, 797, 809, 811, 821, 823, 827, 829,
+ 839, 853, 857, 859, 863, 877, 881, 883,
+ 887, 907, 911, 919, 929, 937, 941, 947,
+ 953, 967, 971, 977, 983, 991, 997, -103
};
/*
@@ -2678,70 +2720,71 @@
* MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: certain non-prime
* other negative: error
*/
-static int mpi_check_small_factors( const mbedtls_mpi *X )
+static int mpi_check_small_factors(const mbedtls_mpi *X)
{
int ret = 0;
size_t i;
mbedtls_mpi_uint r;
- if( ( X->p[0] & 1 ) == 0 )
- return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
+ if ((X->p[0] & 1) == 0) {
+ return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+ }
- for( i = 0; small_prime[i] > 0; i++ )
- {
- if( mbedtls_mpi_cmp_int( X, small_prime[i] ) <= 0 )
- return( 1 );
+ for (i = 0; small_prime[i] > 0; i++) {
+ if (mbedtls_mpi_cmp_int(X, small_prime[i]) <= 0) {
+ return 1;
+ }
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, small_prime[i] ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, small_prime[i]));
- if( r == 0 )
- return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
+ if (r == 0) {
+ return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+ }
}
cleanup:
- return( ret );
+ return ret;
}
/*
* Miller-Rabin pseudo-primality test (HAC 4.24)
*/
-static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+static int mpi_miller_rabin(const mbedtls_mpi *X, size_t rounds,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret, count;
size_t i, j, k, s;
mbedtls_mpi W, R, T, A, RR;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( f_rng != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(f_rng != NULL);
- mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R );
- mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A );
- mbedtls_mpi_init( &RR );
+ mbedtls_mpi_init(&W); mbedtls_mpi_init(&R);
+ mbedtls_mpi_init(&T); mbedtls_mpi_init(&A);
+ mbedtls_mpi_init(&RR);
/*
* W = |X| - 1
* R = W >> lsb( W )
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &W, X, 1 ) );
- s = mbedtls_mpi_lsb( &W );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R, &W ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &R, s ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&W, X, 1));
+ s = mbedtls_mpi_lsb(&W);
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R, &W));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&R, s));
- for( i = 0; i < rounds; i++ )
- {
+ for (i = 0; i < rounds; i++) {
/*
* pick a random A, 1 < A < |X| - 1
*/
count = 0;
do {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&A, X->n * ciL, f_rng, p_rng));
- j = mbedtls_mpi_bitlen( &A );
- k = mbedtls_mpi_bitlen( &W );
+ j = mbedtls_mpi_bitlen(&A);
+ k = mbedtls_mpi_bitlen(&W);
if (j > k) {
- A.p[A.n - 1] &= ( (mbedtls_mpi_uint) 1 << ( k - ( A.n - 1 ) * biL - 1 ) ) - 1;
+ A.p[A.n - 1] &= ((mbedtls_mpi_uint) 1 << (k - (A.n - 1) * biL - 1)) - 1;
}
if (count++ > 30) {
@@ -2749,29 +2792,30 @@
goto cleanup;
}
- } while ( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 ||
- mbedtls_mpi_cmp_int( &A, 1 ) <= 0 );
+ } while (mbedtls_mpi_cmp_mpi(&A, &W) >= 0 ||
+ mbedtls_mpi_cmp_int(&A, 1) <= 0);
/*
* A = A^R mod |X|
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &A, &A, &R, X, &RR ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&A, &A, &R, X, &RR));
- if( mbedtls_mpi_cmp_mpi( &A, &W ) == 0 ||
- mbedtls_mpi_cmp_int( &A, 1 ) == 0 )
+ if (mbedtls_mpi_cmp_mpi(&A, &W) == 0 ||
+ mbedtls_mpi_cmp_int(&A, 1) == 0) {
continue;
+ }
j = 1;
- while( j < s && mbedtls_mpi_cmp_mpi( &A, &W ) != 0 )
- {
+ while (j < s && mbedtls_mpi_cmp_mpi(&A, &W) != 0) {
/*
* A = A * A mod |X|
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &A, &A ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &A, &T, X ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &A, &A));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&A, &T, X));
- if( mbedtls_mpi_cmp_int( &A, 1 ) == 0 )
+ if (mbedtls_mpi_cmp_int(&A, 1) == 0) {
break;
+ }
j++;
}
@@ -2779,73 +2823,74 @@
/*
* not prime if A != |X| - 1 or A == 1
*/
- if( mbedtls_mpi_cmp_mpi( &A, &W ) != 0 ||
- mbedtls_mpi_cmp_int( &A, 1 ) == 0 )
- {
+ if (mbedtls_mpi_cmp_mpi(&A, &W) != 0 ||
+ mbedtls_mpi_cmp_int(&A, 1) == 0) {
ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
break;
}
}
cleanup:
- mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R );
- mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A );
- mbedtls_mpi_free( &RR );
+ mbedtls_mpi_free(&W); mbedtls_mpi_free(&R);
+ mbedtls_mpi_free(&T); mbedtls_mpi_free(&A);
+ mbedtls_mpi_free(&RR);
- return( ret );
+ return ret;
}
/*
* Pseudo-primality test: small factors, then Miller-Rabin
*/
-int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X, int rounds,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi XX;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( f_rng != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(f_rng != NULL);
XX.s = 1;
XX.n = X->n;
XX.p = X->p;
- if( mbedtls_mpi_cmp_int( &XX, 0 ) == 0 ||
- mbedtls_mpi_cmp_int( &XX, 1 ) == 0 )
- return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
-
- if( mbedtls_mpi_cmp_int( &XX, 2 ) == 0 )
- return( 0 );
-
- if( ( ret = mpi_check_small_factors( &XX ) ) != 0 )
- {
- if( ret == 1 )
- return( 0 );
-
- return( ret );
+ if (mbedtls_mpi_cmp_int(&XX, 0) == 0 ||
+ mbedtls_mpi_cmp_int(&XX, 1) == 0) {
+ return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
}
- return( mpi_miller_rabin( &XX, rounds, f_rng, p_rng ) );
+ if (mbedtls_mpi_cmp_int(&XX, 2) == 0) {
+ return 0;
+ }
+
+ if ((ret = mpi_check_small_factors(&XX)) != 0) {
+ if (ret == 1) {
+ return 0;
+ }
+
+ return ret;
+ }
+
+ return mpi_miller_rabin(&XX, rounds, f_rng, p_rng);
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/*
* Pseudo-primality test, error probability 2^-80
*/
-int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_mpi_is_prime(const mbedtls_mpi *X,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( f_rng != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(f_rng != NULL);
/*
* In the past our key generation aimed for an error rate of at most
* 2^-80. Since this function is deprecated, aim for the same certainty
* here as well.
*/
- return( mbedtls_mpi_is_prime_ext( X, 40, f_rng, p_rng ) );
+ return mbedtls_mpi_is_prime_ext(X, 40, f_rng, p_rng);
}
#endif
@@ -2856,9 +2901,9 @@
* be either 1024 bits or 1536 bits long, and flags must contain
* MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR.
*/
-int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
#ifdef MBEDTLS_HAVE_INT64
// ceil(2^63.5)
@@ -2873,56 +2918,55 @@
mbedtls_mpi_uint r;
mbedtls_mpi Y;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( f_rng != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(f_rng != NULL);
- if( nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ if (nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ }
- mbedtls_mpi_init( &Y );
+ mbedtls_mpi_init(&Y);
- n = BITS_TO_LIMBS( nbits );
+ n = BITS_TO_LIMBS(nbits);
- if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR ) == 0 )
- {
+ if ((flags & MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR) == 0) {
/*
* 2^-80 error probability, number of rounds chosen per HAC, table 4.4
*/
- rounds = ( ( nbits >= 1300 ) ? 2 : ( nbits >= 850 ) ? 3 :
- ( nbits >= 650 ) ? 4 : ( nbits >= 350 ) ? 8 :
- ( nbits >= 250 ) ? 12 : ( nbits >= 150 ) ? 18 : 27 );
- }
- else
- {
+ rounds = ((nbits >= 1300) ? 2 : (nbits >= 850) ? 3 :
+ (nbits >= 650) ? 4 : (nbits >= 350) ? 8 :
+ (nbits >= 250) ? 12 : (nbits >= 150) ? 18 : 27);
+ } else {
/*
* 2^-100 error probability, number of rounds computed based on HAC,
* fact 4.48
*/
- rounds = ( ( nbits >= 1450 ) ? 4 : ( nbits >= 1150 ) ? 5 :
- ( nbits >= 1000 ) ? 6 : ( nbits >= 850 ) ? 7 :
- ( nbits >= 750 ) ? 8 : ( nbits >= 500 ) ? 13 :
- ( nbits >= 250 ) ? 28 : ( nbits >= 150 ) ? 40 : 51 );
+ rounds = ((nbits >= 1450) ? 4 : (nbits >= 1150) ? 5 :
+ (nbits >= 1000) ? 6 : (nbits >= 850) ? 7 :
+ (nbits >= 750) ? 8 : (nbits >= 500) ? 13 :
+ (nbits >= 250) ? 28 : (nbits >= 150) ? 40 : 51);
}
- while( 1 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) );
+ while (1) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(X, n * ciL, f_rng, p_rng));
/* make sure generated number is at least (nbits-1)+0.5 bits (FIPS 186-4 §B.3.3 steps 4.4, 5.5) */
- if( X->p[n-1] < CEIL_MAXUINT_DIV_SQRT2 ) continue;
+ if (X->p[n-1] < CEIL_MAXUINT_DIV_SQRT2) {
+ continue;
+ }
k = n * biL;
- if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits ) );
+ if (k > nbits) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(X, k - nbits));
+ }
X->p[0] |= 1;
- if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) == 0 )
- {
- ret = mbedtls_mpi_is_prime_ext( X, rounds, f_rng, p_rng );
+ if ((flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH) == 0) {
+ ret = mbedtls_mpi_is_prime_ext(X, rounds, f_rng, p_rng);
- if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+ if (ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) {
goto cleanup;
- }
- else
- {
+ }
+ } else {
/*
* A necessary condition for Y and X = 2Y + 1 to be prime
* is X = 2 mod 3 (which is equivalent to Y = 2 mod 3).
@@ -2931,49 +2975,51 @@
X->p[0] |= 2;
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) );
- if( r == 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) );
- else if( r == 1 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, 3));
+ if (r == 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, X, 8));
+ } else if (r == 1) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, X, 4));
+ }
/* Set Y = (X-1) / 2, which is X / 2 because X is odd */
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Y, X));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Y, 1));
- while( 1 )
- {
+ while (1) {
/*
* First, check small factors for X and Y
* before doing Miller-Rabin on any of them
*/
- if( ( ret = mpi_check_small_factors( X ) ) == 0 &&
- ( ret = mpi_check_small_factors( &Y ) ) == 0 &&
- ( ret = mpi_miller_rabin( X, rounds, f_rng, p_rng ) )
- == 0 &&
- ( ret = mpi_miller_rabin( &Y, rounds, f_rng, p_rng ) )
- == 0 )
+ if ((ret = mpi_check_small_factors(X)) == 0 &&
+ (ret = mpi_check_small_factors(&Y)) == 0 &&
+ (ret = mpi_miller_rabin(X, rounds, f_rng, p_rng))
+ == 0 &&
+ (ret = mpi_miller_rabin(&Y, rounds, f_rng, p_rng))
+ == 0) {
goto cleanup;
+ }
- if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+ if (ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) {
goto cleanup;
+ }
/*
* Next candidates. We want to preserve Y = (X-1) / 2 and
* Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3)
* so up Y by 6 and X by 12.
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 12 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, X, 12));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&Y, &Y, 6));
}
}
}
cleanup:
- mbedtls_mpi_free( &Y );
+ mbedtls_mpi_free(&Y);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_GENPRIME */
@@ -2992,162 +3038,173 @@
/*
* Checkup routine
*/
-int mbedtls_mpi_self_test( int verbose )
+int mbedtls_mpi_self_test(int verbose)
{
int ret, i;
mbedtls_mpi A, E, N, X, Y, U, V;
- mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &X );
- mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &U ); mbedtls_mpi_init( &V );
+ mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); mbedtls_mpi_init(&X);
+ mbedtls_mpi_init(&Y); mbedtls_mpi_init(&U); mbedtls_mpi_init(&V);
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &A, 16,
- "EFE021C2645FD1DC586E69184AF4A31E" \
- "D5F53E93B5F123FA41680867BA110131" \
- "944FE7952E2517337780CB0DB80E61AA" \
- "E7C8DDC6C5C6AADEB34EB38A2F40D5E6" ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&A, 16,
+ "EFE021C2645FD1DC586E69184AF4A31E" \
+ "D5F53E93B5F123FA41680867BA110131" \
+ "944FE7952E2517337780CB0DB80E61AA" \
+ "E7C8DDC6C5C6AADEB34EB38A2F40D5E6"));
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &E, 16,
- "B2E7EFD37075B9F03FF989C7C5051C20" \
- "34D2A323810251127E7BF8625A4F49A5" \
- "F3E27F4DA8BD59C47D6DAABA4C8127BD" \
- "5B5C25763222FEFCCFC38B832366C29E" ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&E, 16,
+ "B2E7EFD37075B9F03FF989C7C5051C20" \
+ "34D2A323810251127E7BF8625A4F49A5" \
+ "F3E27F4DA8BD59C47D6DAABA4C8127BD" \
+ "5B5C25763222FEFCCFC38B832366C29E"));
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &N, 16,
- "0066A198186C18C10B2F5ED9B522752A" \
- "9830B69916E535C8F047518A889A43A5" \
- "94B6BED27A168D31D4A52F88925AA8F5" ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&N, 16,
+ "0066A198186C18C10B2F5ED9B522752A" \
+ "9830B69916E535C8F047518A889A43A5" \
+ "94B6BED27A168D31D4A52F88925AA8F5"));
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &X, &A, &N ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&X, &A, &N));
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
- "602AB7ECA597A3D6B56FF9829A5E8B85" \
- "9E857EA95A03512E2BAE7391688D264A" \
- "A5663B0341DB9CCFD2C4C5F421FEC814" \
- "8001B72E848A38CAE1C65F78E56ABDEF" \
- "E12D3C039B8A02D6BE593F0BBBDA56F1" \
- "ECF677152EF804370C1A305CAF3B5BF1" \
- "30879B56C61DE584A0F53A2447A51E" ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16,
+ "602AB7ECA597A3D6B56FF9829A5E8B85" \
+ "9E857EA95A03512E2BAE7391688D264A" \
+ "A5663B0341DB9CCFD2C4C5F421FEC814" \
+ "8001B72E848A38CAE1C65F78E56ABDEF" \
+ "E12D3C039B8A02D6BE593F0BBBDA56F1" \
+ "ECF677152EF804370C1A305CAF3B5BF1" \
+ "30879B56C61DE584A0F53A2447A51E"));
- if( verbose != 0 )
- mbedtls_printf( " MPI test #1 (mul_mpi): " );
+ if (verbose != 0) {
+ mbedtls_printf(" MPI test #1 (mul_mpi): ");
+ }
- if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (mbedtls_mpi_cmp_mpi(&X, &U) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
goto cleanup;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
- MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &X, &Y, &A, &N ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(&X, &Y, &A, &N));
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
- "256567336059E52CAE22925474705F39A94" ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16,
+ "256567336059E52CAE22925474705F39A94"));
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &V, 16,
- "6613F26162223DF488E9CD48CC132C7A" \
- "0AC93C701B001B092E4E5B9F73BCD27B" \
- "9EE50D0657C77F374E903CDFA4C642" ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&V, 16,
+ "6613F26162223DF488E9CD48CC132C7A" \
+ "0AC93C701B001B092E4E5B9F73BCD27B" \
+ "9EE50D0657C77F374E903CDFA4C642"));
- if( verbose != 0 )
- mbedtls_printf( " MPI test #2 (div_mpi): " );
+ if (verbose != 0) {
+ mbedtls_printf(" MPI test #2 (div_mpi): ");
+ }
- if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 ||
- mbedtls_mpi_cmp_mpi( &Y, &V ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (mbedtls_mpi_cmp_mpi(&X, &U) != 0 ||
+ mbedtls_mpi_cmp_mpi(&Y, &V) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
goto cleanup;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &X, &A, &E, &N, NULL ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&X, &A, &E, &N, NULL));
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
- "36E139AEA55215609D2816998ED020BB" \
- "BD96C37890F65171D948E9BC7CBAA4D9" \
- "325D24D6A3C12710F10A09FA08AB87" ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16,
+ "36E139AEA55215609D2816998ED020BB" \
+ "BD96C37890F65171D948E9BC7CBAA4D9" \
+ "325D24D6A3C12710F10A09FA08AB87"));
- if( verbose != 0 )
- mbedtls_printf( " MPI test #3 (exp_mod): " );
+ if (verbose != 0) {
+ mbedtls_printf(" MPI test #3 (exp_mod): ");
+ }
- if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (mbedtls_mpi_cmp_mpi(&X, &U) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
goto cleanup;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &X, &A, &N ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&X, &A, &N));
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
- "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \
- "C3DBA76456363A10869622EAC2DD84EC" \
- "C5B8A74DAC4D09E03B5E0BE779F2DF61" ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16,
+ "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \
+ "C3DBA76456363A10869622EAC2DD84EC" \
+ "C5B8A74DAC4D09E03B5E0BE779F2DF61"));
- if( verbose != 0 )
- mbedtls_printf( " MPI test #4 (inv_mod): " );
+ if (verbose != 0) {
+ mbedtls_printf(" MPI test #4 (inv_mod): ");
+ }
- if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (mbedtls_mpi_cmp_mpi(&X, &U) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
goto cleanup;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
- if( verbose != 0 )
- mbedtls_printf( " MPI test #5 (simple gcd): " );
+ if (verbose != 0) {
+ mbedtls_printf(" MPI test #5 (simple gcd): ");
+ }
- for( i = 0; i < GCD_PAIR_COUNT; i++ )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &X, gcd_pairs[i][0] ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Y, gcd_pairs[i][1] ) );
+ for (i = 0; i < GCD_PAIR_COUNT; i++) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&X, gcd_pairs[i][0]));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&Y, gcd_pairs[i][1]));
- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &A, &X, &Y ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&A, &X, &Y));
- if( mbedtls_mpi_cmp_int( &A, gcd_pairs[i][2] ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed at %d\n", i );
+ if (mbedtls_mpi_cmp_int(&A, gcd_pairs[i][2]) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed at %d\n", i);
+ }
ret = 1;
goto cleanup;
}
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
cleanup:
- if( ret != 0 && verbose != 0 )
- mbedtls_printf( "Unexpected error, return code = %08X\n", (unsigned int) ret );
+ if (ret != 0 && verbose != 0) {
+ mbedtls_printf("Unexpected error, return code = %08X\n", (unsigned int) ret);
+ }
- mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &X );
- mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &U ); mbedtls_mpi_free( &V );
+ mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); mbedtls_mpi_free(&X);
+ mbedtls_mpi_free(&Y); mbedtls_mpi_free(&U); mbedtls_mpi_free(&V);
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/blowfish.c b/library/blowfish.c
index 621e9f7..f56bb65 100644
--- a/library/blowfish.c
+++ b/library/blowfish.c
@@ -35,42 +35,42 @@
#if !defined(MBEDTLS_BLOWFISH_ALT)
/* Parameter validation macros */
-#define BLOWFISH_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA )
-#define BLOWFISH_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define BLOWFISH_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA)
+#define BLOWFISH_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
static const uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2] = {
- 0x243F6A88L, 0x85A308D3L, 0x13198A2EL, 0x03707344L,
- 0xA4093822L, 0x299F31D0L, 0x082EFA98L, 0xEC4E6C89L,
- 0x452821E6L, 0x38D01377L, 0xBE5466CFL, 0x34E90C6CL,
- 0xC0AC29B7L, 0xC97C50DDL, 0x3F84D5B5L, 0xB5470917L,
- 0x9216D5D9L, 0x8979FB1BL
+ 0x243F6A88L, 0x85A308D3L, 0x13198A2EL, 0x03707344L,
+ 0xA4093822L, 0x299F31D0L, 0x082EFA98L, 0xEC4E6C89L,
+ 0x452821E6L, 0x38D01377L, 0xBE5466CFL, 0x34E90C6CL,
+ 0xC0AC29B7L, 0xC97C50DDL, 0x3F84D5B5L, 0xB5470917L,
+ 0x9216D5D9L, 0x8979FB1BL
};
/* declarations of data at the end of this file */
static const uint32_t S[4][256];
-static uint32_t F( mbedtls_blowfish_context *ctx, uint32_t x )
+static uint32_t F(mbedtls_blowfish_context *ctx, uint32_t x)
{
- unsigned short a, b, c, d;
- uint32_t y;
+ unsigned short a, b, c, d;
+ uint32_t y;
- d = MBEDTLS_BYTE_0( x );
- x >>= 8;
- c = MBEDTLS_BYTE_0( x );
- x >>= 8;
- b = MBEDTLS_BYTE_0( x );
- x >>= 8;
- a = MBEDTLS_BYTE_0( x );
- y = ctx->S[0][a] + ctx->S[1][b];
- y = y ^ ctx->S[2][c];
- y = y + ctx->S[3][d];
+ d = MBEDTLS_BYTE_0(x);
+ x >>= 8;
+ c = MBEDTLS_BYTE_0(x);
+ x >>= 8;
+ b = MBEDTLS_BYTE_0(x);
+ x >>= 8;
+ a = MBEDTLS_BYTE_0(x);
+ y = ctx->S[0][a] + ctx->S[1][b];
+ y = y ^ ctx->S[2][c];
+ y = y + ctx->S[3][d];
- return( y );
+ return y;
}
-static void blowfish_enc( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr )
+static void blowfish_enc(mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr)
{
uint32_t Xl, Xr, temp;
short i;
@@ -78,10 +78,9 @@
Xl = *xl;
Xr = *xr;
- for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i )
- {
+ for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i) {
Xl = Xl ^ ctx->P[i];
- Xr = F( ctx, Xl ) ^ Xr;
+ Xr = F(ctx, Xl) ^ Xr;
temp = Xl;
Xl = Xr;
@@ -99,7 +98,7 @@
*xr = Xr;
}
-static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr )
+static void blowfish_dec(mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr)
{
uint32_t Xl, Xr, temp;
short i;
@@ -107,10 +106,9 @@
Xl = *xl;
Xr = *xr;
- for( i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i )
- {
+ for (i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i) {
Xl = Xl ^ ctx->P[i];
- Xr = F( ctx, Xl ) ^ Xr;
+ Xr = F(ctx, Xl) ^ Xr;
temp = Xl;
Xl = Xr;
@@ -128,56 +126,55 @@
*xr = Xr;
}
-void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx )
+void mbedtls_blowfish_init(mbedtls_blowfish_context *ctx)
{
- BLOWFISH_VALIDATE( ctx != NULL );
- memset( ctx, 0, sizeof( mbedtls_blowfish_context ) );
+ BLOWFISH_VALIDATE(ctx != NULL);
+ memset(ctx, 0, sizeof(mbedtls_blowfish_context));
}
-void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx )
+void mbedtls_blowfish_free(mbedtls_blowfish_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_blowfish_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_blowfish_context));
}
/*
* Blowfish key schedule
*/
-int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx,
- const unsigned char *key,
- unsigned int keybits )
+int mbedtls_blowfish_setkey(mbedtls_blowfish_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits)
{
unsigned int i, j, k;
uint32_t data, datal, datar;
- BLOWFISH_VALIDATE_RET( ctx != NULL );
- BLOWFISH_VALIDATE_RET( key != NULL );
+ BLOWFISH_VALIDATE_RET(ctx != NULL);
+ BLOWFISH_VALIDATE_RET(key != NULL);
- if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS ||
+ if (keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS ||
keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS ||
- keybits % 8 != 0 )
- {
- return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
+ keybits % 8 != 0) {
+ return MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA;
}
keybits >>= 3;
- for( i = 0; i < 4; i++ )
- {
- for( j = 0; j < 256; j++ )
+ for (i = 0; i < 4; i++) {
+ for (j = 0; j < 256; j++) {
ctx->S[i][j] = S[i][j];
+ }
}
j = 0;
- for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i )
- {
+ for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i) {
data = 0x00000000;
- for( k = 0; k < 4; ++k )
- {
- data = ( data << 8 ) | key[j++];
- if( j >= keybits )
+ for (k = 0; k < 4; ++k) {
+ data = (data << 8) | key[j++];
+ if (j >= keybits) {
j = 0;
+ }
}
ctx->P[i] = P[i] ^ data;
}
@@ -185,107 +182,99 @@
datal = 0x00000000;
datar = 0x00000000;
- for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2 )
- {
- blowfish_enc( ctx, &datal, &datar );
+ for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2) {
+ blowfish_enc(ctx, &datal, &datar);
ctx->P[i] = datal;
ctx->P[i + 1] = datar;
}
- for( i = 0; i < 4; i++ )
- {
- for( j = 0; j < 256; j += 2 )
- {
- blowfish_enc( ctx, &datal, &datar );
+ for (i = 0; i < 4; i++) {
+ for (j = 0; j < 256; j += 2) {
+ blowfish_enc(ctx, &datal, &datar);
ctx->S[i][j] = datal;
ctx->S[i][j + 1] = datar;
}
}
- return( 0 );
+ return 0;
}
/*
* Blowfish-ECB block encryption/decryption
*/
-int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
- int mode,
- const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
- unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] )
+int mbedtls_blowfish_crypt_ecb(mbedtls_blowfish_context *ctx,
+ int mode,
+ const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
+ unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE])
{
uint32_t X0, X1;
- BLOWFISH_VALIDATE_RET( ctx != NULL );
- BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
- mode == MBEDTLS_BLOWFISH_DECRYPT );
- BLOWFISH_VALIDATE_RET( input != NULL );
- BLOWFISH_VALIDATE_RET( output != NULL );
+ BLOWFISH_VALIDATE_RET(ctx != NULL);
+ BLOWFISH_VALIDATE_RET(mode == MBEDTLS_BLOWFISH_ENCRYPT ||
+ mode == MBEDTLS_BLOWFISH_DECRYPT);
+ BLOWFISH_VALIDATE_RET(input != NULL);
+ BLOWFISH_VALIDATE_RET(output != NULL);
- X0 = MBEDTLS_GET_UINT32_BE( input, 0 );
- X1 = MBEDTLS_GET_UINT32_BE( input, 4 );
+ X0 = MBEDTLS_GET_UINT32_BE(input, 0);
+ X1 = MBEDTLS_GET_UINT32_BE(input, 4);
- if( mode == MBEDTLS_BLOWFISH_DECRYPT )
- {
- blowfish_dec( ctx, &X0, &X1 );
- }
- else /* MBEDTLS_BLOWFISH_ENCRYPT */
- {
- blowfish_enc( ctx, &X0, &X1 );
+ if (mode == MBEDTLS_BLOWFISH_DECRYPT) {
+ blowfish_dec(ctx, &X0, &X1);
+ } else { /* MBEDTLS_BLOWFISH_ENCRYPT */
+ blowfish_enc(ctx, &X0, &X1);
}
- MBEDTLS_PUT_UINT32_BE( X0, output, 0 );
- MBEDTLS_PUT_UINT32_BE( X1, output, 4 );
+ MBEDTLS_PUT_UINT32_BE(X0, output, 0);
+ MBEDTLS_PUT_UINT32_BE(X1, output, 4);
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/*
* Blowfish-CBC buffer encryption/decryption
*/
-int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_blowfish_crypt_cbc(mbedtls_blowfish_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output)
{
int i;
unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE];
- BLOWFISH_VALIDATE_RET( ctx != NULL );
- BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
- mode == MBEDTLS_BLOWFISH_DECRYPT );
- BLOWFISH_VALIDATE_RET( iv != NULL );
- BLOWFISH_VALIDATE_RET( length == 0 || input != NULL );
- BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
+ BLOWFISH_VALIDATE_RET(ctx != NULL);
+ BLOWFISH_VALIDATE_RET(mode == MBEDTLS_BLOWFISH_ENCRYPT ||
+ mode == MBEDTLS_BLOWFISH_DECRYPT);
+ BLOWFISH_VALIDATE_RET(iv != NULL);
+ BLOWFISH_VALIDATE_RET(length == 0 || input != NULL);
+ BLOWFISH_VALIDATE_RET(length == 0 || output != NULL);
- if( length % MBEDTLS_BLOWFISH_BLOCKSIZE )
- return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH );
+ if (length % MBEDTLS_BLOWFISH_BLOCKSIZE) {
+ return MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH;
+ }
- if( mode == MBEDTLS_BLOWFISH_DECRYPT )
- {
- while( length > 0 )
- {
- memcpy( temp, input, MBEDTLS_BLOWFISH_BLOCKSIZE );
- mbedtls_blowfish_crypt_ecb( ctx, mode, input, output );
+ if (mode == MBEDTLS_BLOWFISH_DECRYPT) {
+ while (length > 0) {
+ memcpy(temp, input, MBEDTLS_BLOWFISH_BLOCKSIZE);
+ mbedtls_blowfish_crypt_ecb(ctx, mode, input, output);
- for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE;i++ )
- output[i] = (unsigned char)( output[i] ^ iv[i] );
+ for (i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++) {
+ output[i] = (unsigned char) (output[i] ^ iv[i]);
+ }
- memcpy( iv, temp, MBEDTLS_BLOWFISH_BLOCKSIZE );
+ memcpy(iv, temp, MBEDTLS_BLOWFISH_BLOCKSIZE);
input += MBEDTLS_BLOWFISH_BLOCKSIZE;
output += MBEDTLS_BLOWFISH_BLOCKSIZE;
length -= MBEDTLS_BLOWFISH_BLOCKSIZE;
}
- }
- else
- {
- while( length > 0 )
- {
- for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++ )
- output[i] = (unsigned char)( input[i] ^ iv[i] );
+ } else {
+ while (length > 0) {
+ for (i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++) {
+ output[i] = (unsigned char) (input[i] ^ iv[i]);
+ }
- mbedtls_blowfish_crypt_ecb( ctx, mode, output, output );
- memcpy( iv, output, MBEDTLS_BLOWFISH_BLOCKSIZE );
+ mbedtls_blowfish_crypt_ecb(ctx, mode, output, output);
+ memcpy(iv, output, MBEDTLS_BLOWFISH_BLOCKSIZE);
input += MBEDTLS_BLOWFISH_BLOCKSIZE;
output += MBEDTLS_BLOWFISH_BLOCKSIZE;
@@ -293,7 +282,7 @@
}
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -301,59 +290,57 @@
/*
* Blowfish CFB buffer encryption/decryption
*/
-int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_blowfish_crypt_cfb64(mbedtls_blowfish_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output)
{
int c;
size_t n;
- BLOWFISH_VALIDATE_RET( ctx != NULL );
- BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
- mode == MBEDTLS_BLOWFISH_DECRYPT );
- BLOWFISH_VALIDATE_RET( iv != NULL );
- BLOWFISH_VALIDATE_RET( iv_off != NULL );
- BLOWFISH_VALIDATE_RET( length == 0 || input != NULL );
- BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
+ BLOWFISH_VALIDATE_RET(ctx != NULL);
+ BLOWFISH_VALIDATE_RET(mode == MBEDTLS_BLOWFISH_ENCRYPT ||
+ mode == MBEDTLS_BLOWFISH_DECRYPT);
+ BLOWFISH_VALIDATE_RET(iv != NULL);
+ BLOWFISH_VALIDATE_RET(iv_off != NULL);
+ BLOWFISH_VALIDATE_RET(length == 0 || input != NULL);
+ BLOWFISH_VALIDATE_RET(length == 0 || output != NULL);
n = *iv_off;
- if( n >= 8 )
- return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
+ if (n >= 8) {
+ return MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA;
+ }
- if( mode == MBEDTLS_BLOWFISH_DECRYPT )
- {
- while( length-- )
- {
- if( n == 0 )
- mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv );
+ if (mode == MBEDTLS_BLOWFISH_DECRYPT) {
+ while (length--) {
+ if (n == 0) {
+ mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv);
+ }
c = *input++;
- *output++ = (unsigned char)( c ^ iv[n] );
+ *output++ = (unsigned char) (c ^ iv[n]);
iv[n] = (unsigned char) c;
- n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
+ n = (n + 1) % MBEDTLS_BLOWFISH_BLOCKSIZE;
}
- }
- else
- {
- while( length-- )
- {
- if( n == 0 )
- mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv );
+ } else {
+ while (length--) {
+ if (n == 0) {
+ mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv);
+ }
- iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
+ iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);
- n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
+ n = (n + 1) % MBEDTLS_BLOWFISH_BLOCKSIZE;
}
}
*iv_off = n;
- return( 0 );
+ return 0;
}
#endif /*MBEDTLS_CIPHER_MODE_CFB */
@@ -361,46 +348,48 @@
/*
* Blowfish CTR buffer encryption/decryption
*/
-int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
- unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_blowfish_crypt_ctr(mbedtls_blowfish_context *ctx,
+ size_t length,
+ size_t *nc_off,
+ unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
+ unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output)
{
int c, i;
size_t n;
- BLOWFISH_VALIDATE_RET( ctx != NULL );
- BLOWFISH_VALIDATE_RET( nonce_counter != NULL );
- BLOWFISH_VALIDATE_RET( stream_block != NULL );
- BLOWFISH_VALIDATE_RET( nc_off != NULL );
- BLOWFISH_VALIDATE_RET( length == 0 || input != NULL );
- BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
+ BLOWFISH_VALIDATE_RET(ctx != NULL);
+ BLOWFISH_VALIDATE_RET(nonce_counter != NULL);
+ BLOWFISH_VALIDATE_RET(stream_block != NULL);
+ BLOWFISH_VALIDATE_RET(nc_off != NULL);
+ BLOWFISH_VALIDATE_RET(length == 0 || input != NULL);
+ BLOWFISH_VALIDATE_RET(length == 0 || output != NULL);
n = *nc_off;
- if( n >= 8 )
- return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
+ if (n >= 8) {
+ return MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA;
+ }
- while( length-- )
- {
- if( n == 0 ) {
- mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, nonce_counter,
- stream_block );
+ while (length--) {
+ if (n == 0) {
+ mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, nonce_counter,
+ stream_block);
- for( i = MBEDTLS_BLOWFISH_BLOCKSIZE; i > 0; i-- )
- if( ++nonce_counter[i - 1] != 0 )
+ for (i = MBEDTLS_BLOWFISH_BLOCKSIZE; i > 0; i--) {
+ if (++nonce_counter[i - 1] != 0) {
break;
+ }
+ }
}
c = *input++;
- *output++ = (unsigned char)( c ^ stream_block[n] );
+ *output++ = (unsigned char) (c ^ stream_block[n]);
- n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
+ n = (n + 1) % MBEDTLS_BLOWFISH_BLOCKSIZE;
}
*nc_off = n;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
diff --git a/library/camellia.c b/library/camellia.c
index e90cd7f..ce034d7 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -37,10 +37,10 @@
#if !defined(MBEDTLS_CAMELLIA_ALT)
/* Parameter validation macros */
-#define CAMELLIA_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA )
-#define CAMELLIA_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define CAMELLIA_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA)
+#define CAMELLIA_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
static const unsigned char SIGMA_CHARS[6][8] =
{
@@ -56,109 +56,109 @@
static const unsigned char FSb[256] =
{
- 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
- 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
- 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
- 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
- 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
- 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
- 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
- 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
- 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
- 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
- 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
- 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
- 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
- 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
- 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
- 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
+ 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
+ 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
+ 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
+ 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
+ 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
+ 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
+ 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
+ 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
+ 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
+ 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
+ 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
+ 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
+ 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
+ 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
+ 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
+ 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
};
#define SBOX1(n) FSb[(n)]
-#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
-#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
+#define SBOX2(n) (unsigned char) ((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
+#define SBOX3(n) (unsigned char) ((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
static const unsigned char FSb[256] =
{
- 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
- 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
- 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
- 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
- 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
- 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
- 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
- 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
- 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
- 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
- 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
- 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
- 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
- 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
- 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
- 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
+ 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
+ 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
+ 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
+ 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
+ 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
+ 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
+ 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
+ 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
+ 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
+ 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
+ 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
+ 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
+ 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
+ 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
+ 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
+ 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
};
static const unsigned char FSb2[256] =
{
- 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
- 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
- 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
- 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
- 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
- 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
- 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
- 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
- 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
- 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
- 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
- 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
- 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
- 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
- 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
- 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
+ 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
+ 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
+ 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
+ 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
+ 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
+ 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
+ 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
+ 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
+ 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
+ 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
+ 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
+ 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
+ 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
+ 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
+ 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
+ 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
};
static const unsigned char FSb3[256] =
{
- 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
- 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
- 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
- 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
- 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
- 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
- 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
- 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
- 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
- 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
- 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
- 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
- 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
- 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
- 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
- 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
+ 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
+ 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
+ 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
+ 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
+ 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
+ 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
+ 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
+ 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
+ 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
+ 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
+ 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
+ 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
+ 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
+ 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
+ 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
+ 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
};
static const unsigned char FSb4[256] =
{
- 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
- 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
- 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
- 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
- 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
- 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
- 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
- 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
- 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
- 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
- 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
- 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
- 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
- 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
- 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
- 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
+ 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
+ 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
+ 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
+ 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
+ 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
+ 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
+ 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
+ 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
+ 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
+ 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
+ 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
+ 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
+ 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
+ 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
+ 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
+ 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
};
#define SBOX1(n) FSb[(n)]
@@ -188,23 +188,23 @@
{
{
{ 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
- 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
+ 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
{ 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
- 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
+ 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
},
{
{ 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
- -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
+ -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
{ -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
{ -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
{ 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
- 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
+ 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
}
};
@@ -228,57 +228,57 @@
/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
#define ROTL(DEST, SRC, SHIFT) \
-{ \
- (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
- (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
- (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
- (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
-}
+ { \
+ (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
+ (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
+ (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
+ (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
+ }
#define FL(XL, XR, KL, KR) \
-{ \
- (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
- (XL) = ((XR) | (KR)) ^ (XL); \
-}
+ { \
+ (XR) = ((((XL) &(KL)) << 1) | (((XL) &(KL)) >> 31)) ^ (XR); \
+ (XL) = ((XR) | (KR)) ^ (XL); \
+ }
#define FLInv(YL, YR, KL, KR) \
-{ \
- (YL) = ((YR) | (KR)) ^ (YL); \
- (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
-}
+ { \
+ (YL) = ((YR) | (KR)) ^ (YL); \
+ (YR) = ((((YL) &(KL)) << 1) | (((YL) &(KL)) >> 31)) ^ (YR); \
+ }
#define SHIFT_AND_PLACE(INDEX, OFFSET) \
-{ \
- TK[0] = KC[(OFFSET) * 4 + 0]; \
- TK[1] = KC[(OFFSET) * 4 + 1]; \
- TK[2] = KC[(OFFSET) * 4 + 2]; \
- TK[3] = KC[(OFFSET) * 4 + 3]; \
+ { \
+ TK[0] = KC[(OFFSET) * 4 + 0]; \
+ TK[1] = KC[(OFFSET) * 4 + 1]; \
+ TK[2] = KC[(OFFSET) * 4 + 2]; \
+ TK[3] = KC[(OFFSET) * 4 + 3]; \
\
- for( i = 1; i <= 4; i++ ) \
- if( shifts[(INDEX)][(OFFSET)][i -1] ) \
- ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \
+ for (i = 1; i <= 4; i++) \
+ if (shifts[(INDEX)][(OFFSET)][i -1]) \
+ ROTL(TK + i * 4, TK, (15 * i) % 32); \
\
- for( i = 0; i < 20; i++ ) \
- if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \
- RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
+ for (i = 0; i < 20; i++) \
+ if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
+ RK[indexes[(INDEX)][(OFFSET)][i]] = TK[i]; \
} \
-}
+ }
-static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
- uint32_t z[2])
+static void camellia_feistel(const uint32_t x[2], const uint32_t k[2],
+ uint32_t z[2])
{
uint32_t I0, I1;
I0 = x[0] ^ k[0];
I1 = x[1] ^ k[1];
- I0 = ((uint32_t) SBOX1( MBEDTLS_BYTE_3( I0 )) << 24) |
- ((uint32_t) SBOX2( MBEDTLS_BYTE_2( I0 )) << 16) |
- ((uint32_t) SBOX3( MBEDTLS_BYTE_1( I0 )) << 8) |
- ((uint32_t) SBOX4( MBEDTLS_BYTE_0( I0 )) );
- I1 = ((uint32_t) SBOX2( MBEDTLS_BYTE_3( I1 )) << 24) |
- ((uint32_t) SBOX3( MBEDTLS_BYTE_2( I1 )) << 16) |
- ((uint32_t) SBOX4( MBEDTLS_BYTE_1( I1 )) << 8) |
- ((uint32_t) SBOX1( MBEDTLS_BYTE_0( I1 )) );
+ I0 = ((uint32_t) SBOX1(MBEDTLS_BYTE_3(I0)) << 24) |
+ ((uint32_t) SBOX2(MBEDTLS_BYTE_2(I0)) << 16) |
+ ((uint32_t) SBOX3(MBEDTLS_BYTE_1(I0)) << 8) |
+ ((uint32_t) SBOX4(MBEDTLS_BYTE_0(I0)));
+ I1 = ((uint32_t) SBOX2(MBEDTLS_BYTE_3(I1)) << 24) |
+ ((uint32_t) SBOX3(MBEDTLS_BYTE_2(I1)) << 16) |
+ ((uint32_t) SBOX4(MBEDTLS_BYTE_1(I1)) << 8) |
+ ((uint32_t) SBOX1(MBEDTLS_BYTE_0(I1)));
I0 ^= (I1 << 8) | (I1 >> 24);
I1 ^= (I0 << 16) | (I0 >> 16);
@@ -289,26 +289,27 @@
z[1] ^= I0;
}
-void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
+void mbedtls_camellia_init(mbedtls_camellia_context *ctx)
{
- CAMELLIA_VALIDATE( ctx != NULL );
- memset( ctx, 0, sizeof( mbedtls_camellia_context ) );
+ CAMELLIA_VALIDATE(ctx != NULL);
+ memset(ctx, 0, sizeof(mbedtls_camellia_context));
}
-void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
+void mbedtls_camellia_free(mbedtls_camellia_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context));
}
/*
* Camellia key schedule (encryption)
*/
-int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
- const unsigned char *key,
- unsigned int keybits )
+int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits)
{
int idx;
size_t i;
@@ -318,68 +319,73 @@
uint32_t KC[16];
uint32_t TK[20];
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( key != NULL );
+ CAMELLIA_VALIDATE_RET(ctx != NULL);
+ CAMELLIA_VALIDATE_RET(key != NULL);
RK = ctx->rk;
- memset( t, 0, 64 );
- memset( RK, 0, sizeof(ctx->rk) );
+ memset(t, 0, 64);
+ memset(RK, 0, sizeof(ctx->rk));
- switch( keybits )
- {
+ switch (keybits) {
case 128: ctx->nr = 3; idx = 0; break;
case 192:
case 256: ctx->nr = 4; idx = 1; break;
- default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
+ default: return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
}
- for( i = 0; i < keybits / 8; ++i )
+ for (i = 0; i < keybits / 8; ++i) {
t[i] = key[i];
+ }
- if( keybits == 192 ) {
- for( i = 0; i < 8; i++ )
+ if (keybits == 192) {
+ for (i = 0; i < 8; i++) {
t[24 + i] = ~t[16 + i];
+ }
}
/*
* Prepare SIGMA values
*/
- for( i = 0; i < 6; i++ ) {
- SIGMA[i][0] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 0 );
- SIGMA[i][1] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 4 );
+ for (i = 0; i < 6; i++) {
+ SIGMA[i][0] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 0);
+ SIGMA[i][1] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 4);
}
/*
* Key storage in KC
* Order: KL, KR, KA, KB
*/
- memset( KC, 0, sizeof(KC) );
+ memset(KC, 0, sizeof(KC));
/* Store KL, KR */
- for( i = 0; i < 8; i++ )
- KC[i] = MBEDTLS_GET_UINT32_BE( t, i * 4 );
+ for (i = 0; i < 8; i++) {
+ KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4);
+ }
/* Generate KA */
- for( i = 0; i < 4; ++i )
+ for (i = 0; i < 4; ++i) {
KC[8 + i] = KC[i] ^ KC[4 + i];
+ }
- camellia_feistel( KC + 8, SIGMA[0], KC + 10 );
- camellia_feistel( KC + 10, SIGMA[1], KC + 8 );
+ camellia_feistel(KC + 8, SIGMA[0], KC + 10);
+ camellia_feistel(KC + 10, SIGMA[1], KC + 8);
- for( i = 0; i < 4; ++i )
+ for (i = 0; i < 4; ++i) {
KC[8 + i] ^= KC[i];
+ }
- camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
- camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
+ camellia_feistel(KC + 8, SIGMA[2], KC + 10);
+ camellia_feistel(KC + 10, SIGMA[3], KC + 8);
- if( keybits > 128 ) {
+ if (keybits > 128) {
/* Generate KB */
- for( i = 0; i < 4; ++i )
+ for (i = 0; i < 4; ++i) {
KC[12 + i] = KC[4 + i] ^ KC[8 + i];
+ }
- camellia_feistel( KC + 12, SIGMA[4], KC + 14 );
- camellia_feistel( KC + 14, SIGMA[5], KC + 12 );
+ camellia_feistel(KC + 12, SIGMA[4], KC + 14);
+ camellia_feistel(KC + 14, SIGMA[5], KC + 12);
}
/*
@@ -387,54 +393,55 @@
*/
/* Manipulating KL */
- SHIFT_AND_PLACE( idx, 0 );
+ SHIFT_AND_PLACE(idx, 0);
/* Manipulating KR */
- if( keybits > 128 ) {
- SHIFT_AND_PLACE( idx, 1 );
+ if (keybits > 128) {
+ SHIFT_AND_PLACE(idx, 1);
}
/* Manipulating KA */
- SHIFT_AND_PLACE( idx, 2 );
+ SHIFT_AND_PLACE(idx, 2);
/* Manipulating KB */
- if( keybits > 128 ) {
- SHIFT_AND_PLACE( idx, 3 );
+ if (keybits > 128) {
+ SHIFT_AND_PLACE(idx, 3);
}
/* Do transpositions */
- for( i = 0; i < 20; i++ ) {
- if( transposes[idx][i] != -1 ) {
+ for (i = 0; i < 20; i++) {
+ if (transposes[idx][i] != -1) {
RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
}
}
- return( 0 );
+ return 0;
}
/*
* Camellia key schedule (decryption)
*/
-int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
- const unsigned char *key,
- unsigned int keybits )
+int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits)
{
int idx, ret;
size_t i;
mbedtls_camellia_context cty;
uint32_t *RK;
uint32_t *SK;
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( key != NULL );
+ CAMELLIA_VALIDATE_RET(ctx != NULL);
+ CAMELLIA_VALIDATE_RET(key != NULL);
- mbedtls_camellia_init( &cty );
+ mbedtls_camellia_init(&cty);
/* Also checks keybits */
- if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 )
+ if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0) {
goto exit;
+ }
ctx->nr = cty.nr;
- idx = ( ctx->nr == 4 );
+ idx = (ctx->nr == 4);
RK = ctx->rk;
SK = cty.rk + 24 * 2 + 8 * idx * 2;
@@ -444,8 +451,7 @@
*RK++ = *SK++;
*RK++ = *SK++;
- for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
- {
+ for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {
*RK++ = *SK++;
*RK++ = *SK++;
}
@@ -458,58 +464,58 @@
*RK++ = *SK++;
exit:
- mbedtls_camellia_free( &cty );
+ mbedtls_camellia_free(&cty);
- return( ret );
+ return ret;
}
/*
* Camellia-ECB block encryption/decryption
*/
-int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] )
+int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16])
{
int NR;
uint32_t *RK, X[4];
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
- mode == MBEDTLS_CAMELLIA_DECRYPT );
- CAMELLIA_VALIDATE_RET( input != NULL );
- CAMELLIA_VALIDATE_RET( output != NULL );
+ CAMELLIA_VALIDATE_RET(ctx != NULL);
+ CAMELLIA_VALIDATE_RET(mode == MBEDTLS_CAMELLIA_ENCRYPT ||
+ mode == MBEDTLS_CAMELLIA_DECRYPT);
+ CAMELLIA_VALIDATE_RET(input != NULL);
+ CAMELLIA_VALIDATE_RET(output != NULL);
- ( (void) mode );
+ ((void) mode);
NR = ctx->nr;
RK = ctx->rk;
- X[0] = MBEDTLS_GET_UINT32_BE( input, 0 );
- X[1] = MBEDTLS_GET_UINT32_BE( input, 4 );
- X[2] = MBEDTLS_GET_UINT32_BE( input, 8 );
- X[3] = MBEDTLS_GET_UINT32_BE( input, 12 );
+ X[0] = MBEDTLS_GET_UINT32_BE(input, 0);
+ X[1] = MBEDTLS_GET_UINT32_BE(input, 4);
+ X[2] = MBEDTLS_GET_UINT32_BE(input, 8);
+ X[3] = MBEDTLS_GET_UINT32_BE(input, 12);
X[0] ^= *RK++;
X[1] ^= *RK++;
X[2] ^= *RK++;
X[3] ^= *RK++;
- while( NR ) {
+ while (NR) {
--NR;
- camellia_feistel( X, RK, X + 2 );
+ camellia_feistel(X, RK, X + 2);
RK += 2;
- camellia_feistel( X + 2, RK, X );
+ camellia_feistel(X + 2, RK, X);
RK += 2;
- camellia_feistel( X, RK, X + 2 );
+ camellia_feistel(X, RK, X + 2);
RK += 2;
- camellia_feistel( X + 2, RK, X );
+ camellia_feistel(X + 2, RK, X);
RK += 2;
- camellia_feistel( X, RK, X + 2 );
+ camellia_feistel(X, RK, X + 2);
RK += 2;
- camellia_feistel( X + 2, RK, X );
+ camellia_feistel(X + 2, RK, X);
RK += 2;
- if( NR ) {
+ if (NR) {
FL(X[0], X[1], RK[0], RK[1]);
RK += 2;
FLInv(X[2], X[3], RK[0], RK[1]);
@@ -522,63 +528,61 @@
X[0] ^= *RK++;
X[1] ^= *RK++;
- MBEDTLS_PUT_UINT32_BE( X[2], output, 0 );
- MBEDTLS_PUT_UINT32_BE( X[3], output, 4 );
- MBEDTLS_PUT_UINT32_BE( X[0], output, 8 );
- MBEDTLS_PUT_UINT32_BE( X[1], output, 12 );
+ MBEDTLS_PUT_UINT32_BE(X[2], output, 0);
+ MBEDTLS_PUT_UINT32_BE(X[3], output, 4);
+ MBEDTLS_PUT_UINT32_BE(X[0], output, 8);
+ MBEDTLS_PUT_UINT32_BE(X[1], output, 12);
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/*
* Camellia-CBC buffer encryption/decryption
*/
-int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output)
{
int i;
unsigned char temp[16];
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
- mode == MBEDTLS_CAMELLIA_DECRYPT );
- CAMELLIA_VALIDATE_RET( iv != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
+ CAMELLIA_VALIDATE_RET(ctx != NULL);
+ CAMELLIA_VALIDATE_RET(mode == MBEDTLS_CAMELLIA_ENCRYPT ||
+ mode == MBEDTLS_CAMELLIA_DECRYPT);
+ CAMELLIA_VALIDATE_RET(iv != NULL);
+ CAMELLIA_VALIDATE_RET(length == 0 || input != NULL);
+ CAMELLIA_VALIDATE_RET(length == 0 || output != NULL);
- if( length % 16 )
- return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
+ if (length % 16) {
+ return MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH;
+ }
- if( mode == MBEDTLS_CAMELLIA_DECRYPT )
- {
- while( length > 0 )
- {
- memcpy( temp, input, 16 );
- mbedtls_camellia_crypt_ecb( ctx, mode, input, output );
+ if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
+ while (length > 0) {
+ memcpy(temp, input, 16);
+ mbedtls_camellia_crypt_ecb(ctx, mode, input, output);
- for( i = 0; i < 16; i++ )
- output[i] = (unsigned char)( output[i] ^ iv[i] );
+ for (i = 0; i < 16; i++) {
+ output[i] = (unsigned char) (output[i] ^ iv[i]);
+ }
- memcpy( iv, temp, 16 );
+ memcpy(iv, temp, 16);
input += 16;
output += 16;
length -= 16;
}
- }
- else
- {
- while( length > 0 )
- {
- for( i = 0; i < 16; i++ )
- output[i] = (unsigned char)( input[i] ^ iv[i] );
+ } else {
+ while (length > 0) {
+ for (i = 0; i < 16; i++) {
+ output[i] = (unsigned char) (input[i] ^ iv[i]);
+ }
- mbedtls_camellia_crypt_ecb( ctx, mode, output, output );
- memcpy( iv, output, 16 );
+ mbedtls_camellia_crypt_ecb(ctx, mode, output, output);
+ memcpy(iv, output, 16);
input += 16;
output += 16;
@@ -586,7 +590,7 @@
}
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -594,58 +598,56 @@
/*
* Camellia-CFB128 buffer encryption/decryption
*/
-int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output)
{
int c;
size_t n;
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
- mode == MBEDTLS_CAMELLIA_DECRYPT );
- CAMELLIA_VALIDATE_RET( iv != NULL );
- CAMELLIA_VALIDATE_RET( iv_off != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
+ CAMELLIA_VALIDATE_RET(ctx != NULL);
+ CAMELLIA_VALIDATE_RET(mode == MBEDTLS_CAMELLIA_ENCRYPT ||
+ mode == MBEDTLS_CAMELLIA_DECRYPT);
+ CAMELLIA_VALIDATE_RET(iv != NULL);
+ CAMELLIA_VALIDATE_RET(iv_off != NULL);
+ CAMELLIA_VALIDATE_RET(length == 0 || input != NULL);
+ CAMELLIA_VALIDATE_RET(length == 0 || output != NULL);
n = *iv_off;
- if( n >= 16 )
- return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
+ if (n >= 16) {
+ return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
+ }
- if( mode == MBEDTLS_CAMELLIA_DECRYPT )
- {
- while( length-- )
- {
- if( n == 0 )
- mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
+ if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
+ while (length--) {
+ if (n == 0) {
+ mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
+ }
c = *input++;
- *output++ = (unsigned char)( c ^ iv[n] );
+ *output++ = (unsigned char) (c ^ iv[n]);
iv[n] = (unsigned char) c;
- n = ( n + 1 ) & 0x0F;
+ n = (n + 1) & 0x0F;
}
- }
- else
- {
- while( length-- )
- {
- if( n == 0 )
- mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
+ } else {
+ while (length--) {
+ if (n == 0) {
+ mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
+ }
- iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
+ iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);
- n = ( n + 1 ) & 0x0F;
+ n = (n + 1) & 0x0F;
}
}
*iv_off = n;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
@@ -653,46 +655,48 @@
/*
* Camellia-CTR buffer encryption/decryption
*/
-int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[16],
- unsigned char stream_block[16],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
+ size_t length,
+ size_t *nc_off,
+ unsigned char nonce_counter[16],
+ unsigned char stream_block[16],
+ const unsigned char *input,
+ unsigned char *output)
{
int c, i;
size_t n;
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( nonce_counter != NULL );
- CAMELLIA_VALIDATE_RET( stream_block != NULL );
- CAMELLIA_VALIDATE_RET( nc_off != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
+ CAMELLIA_VALIDATE_RET(ctx != NULL);
+ CAMELLIA_VALIDATE_RET(nonce_counter != NULL);
+ CAMELLIA_VALIDATE_RET(stream_block != NULL);
+ CAMELLIA_VALIDATE_RET(nc_off != NULL);
+ CAMELLIA_VALIDATE_RET(length == 0 || input != NULL);
+ CAMELLIA_VALIDATE_RET(length == 0 || output != NULL);
n = *nc_off;
- if( n >= 16 )
- return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
+ if (n >= 16) {
+ return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
+ }
- while( length-- )
- {
- if( n == 0 ) {
- mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
- stream_block );
+ while (length--) {
+ if (n == 0) {
+ mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
+ stream_block);
- for( i = 16; i > 0; i-- )
- if( ++nonce_counter[i - 1] != 0 )
+ for (i = 16; i > 0; i--) {
+ if (++nonce_counter[i - 1] != 0) {
break;
+ }
+ }
}
c = *input++;
- *output++ = (unsigned char)( c ^ stream_block[n] );
+ *output++ = (unsigned char) (c ^ stream_block[n]);
- n = ( n + 1 ) & 0x0F;
+ n = (n + 1) & 0x0F;
}
*nc_off = n;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#endif /* !MBEDTLS_CAMELLIA_ALT */
@@ -772,23 +776,23 @@
static const unsigned char camellia_test_cbc_key[3][32] =
{
- { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
- 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
+ { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
+ 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
,
- { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
- 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
- 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
+ { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
+ 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
+ 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
,
- { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
- 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
- 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
- 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
+ { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
+ 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
+ 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
+ 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
};
static const unsigned char camellia_test_cbc_iv[16] =
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
+{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
;
static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
@@ -891,13 +895,13 @@
};
static const int camellia_test_ctr_len[3] =
- { 16, 32, 36 };
+{ 16, 32, 36 };
#endif /* MBEDTLS_CIPHER_MODE_CTR */
/*
* Checkup routine
*/
-int mbedtls_camellia_self_test( int verbose )
+int mbedtls_camellia_self_test(int verbose)
{
int i, j, u, v;
unsigned char key[32];
@@ -916,163 +920,167 @@
mbedtls_camellia_context ctx;
- mbedtls_camellia_init( &ctx );
- memset( key, 0, 32 );
+ mbedtls_camellia_init(&ctx);
+ memset(key, 0, 32);
- for( j = 0; j < 6; j++ ) {
+ for (j = 0; j < 6; j++) {
u = j >> 1;
- v = j & 1;
+ v = j & 1;
- if( verbose != 0 )
- mbedtls_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
- (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
-
- for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
- memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
-
- if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
- mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
- memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
- memcpy( dst, camellia_test_ecb_plain[i], 16 );
- } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
- mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
- memcpy( src, camellia_test_ecb_plain[i], 16 );
- memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
+ if (verbose != 0) {
+ mbedtls_printf(" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
+ (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
}
- mbedtls_camellia_crypt_ecb( &ctx, v, src, buf );
+ for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {
+ memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);
- if( memcmp( buf, dst, 16 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
- goto exit;
+ if (v == MBEDTLS_CAMELLIA_DECRYPT) {
+ mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
+ memcpy(src, camellia_test_ecb_cipher[u][i], 16);
+ memcpy(dst, camellia_test_ecb_plain[i], 16);
+ } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
+ mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
+ memcpy(src, camellia_test_ecb_plain[i], 16);
+ memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
+ }
+
+ mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);
+
+ if (memcmp(buf, dst, 16) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
+ goto exit;
+ }
+ }
+
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
}
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
-
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/*
* CBC mode
*/
- for( j = 0; j < 6; j++ )
- {
+ for (j = 0; j < 6; j++) {
u = j >> 1;
v = j & 1;
- if( verbose != 0 )
- mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
- ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
-
- memcpy( src, camellia_test_cbc_iv, 16 );
- memcpy( dst, camellia_test_cbc_iv, 16 );
- memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
-
- if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
- mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
- } else {
- mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
+ if (verbose != 0) {
+ mbedtls_printf(" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
+ (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
}
- for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
+ memcpy(src, camellia_test_cbc_iv, 16);
+ memcpy(dst, camellia_test_cbc_iv, 16);
+ memcpy(key, camellia_test_cbc_key[u], 16 + 8 * u);
- if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
- memcpy( iv , src, 16 );
- memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
- memcpy( dst, camellia_test_cbc_plain[i], 16 );
+ if (v == MBEDTLS_CAMELLIA_DECRYPT) {
+ mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
+ } else {
+ mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
+ }
+
+ for (i = 0; i < CAMELLIA_TESTS_CBC; i++) {
+
+ if (v == MBEDTLS_CAMELLIA_DECRYPT) {
+ memcpy(iv, src, 16);
+ memcpy(src, camellia_test_cbc_cipher[u][i], 16);
+ memcpy(dst, camellia_test_cbc_plain[i], 16);
} else { /* MBEDTLS_CAMELLIA_ENCRYPT */
- memcpy( iv , dst, 16 );
- memcpy( src, camellia_test_cbc_plain[i], 16 );
- memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
+ memcpy(iv, dst, 16);
+ memcpy(src, camellia_test_cbc_plain[i], 16);
+ memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
}
- mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
+ mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
- if( memcmp( buf, dst, 16 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (memcmp(buf, dst, 16) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
goto exit;
}
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
#if defined(MBEDTLS_CIPHER_MODE_CTR)
/*
* CTR mode
*/
- for( i = 0; i < 6; i++ )
- {
+ for (i = 0; i < 6; i++) {
u = i >> 1;
v = i & 1;
- if( verbose != 0 )
- mbedtls_printf( " CAMELLIA-CTR-128 (%s): ",
- ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
+ if (verbose != 0) {
+ mbedtls_printf(" CAMELLIA-CTR-128 (%s): ",
+ (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
+ }
- memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
- memcpy( key, camellia_test_ctr_key[u], 16 );
+ memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16);
+ memcpy(key, camellia_test_ctr_key[u], 16);
offset = 0;
- mbedtls_camellia_setkey_enc( &ctx, key, 128 );
+ mbedtls_camellia_setkey_enc(&ctx, key, 128);
- if( v == MBEDTLS_CAMELLIA_DECRYPT )
- {
+ if (v == MBEDTLS_CAMELLIA_DECRYPT) {
len = camellia_test_ctr_len[u];
- memcpy( buf, camellia_test_ctr_ct[u], len );
+ memcpy(buf, camellia_test_ctr_ct[u], len);
- mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
- buf, buf );
+ mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
+ buf, buf);
- if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
goto exit;
}
- }
- else
- {
+ } else {
len = camellia_test_ctr_len[u];
- memcpy( buf, camellia_test_ctr_pt[u], len );
+ memcpy(buf, camellia_test_ctr_pt[u], len);
- mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
- buf, buf );
+ mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
+ buf, buf);
- if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
goto exit;
}
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
#endif /* MBEDTLS_CIPHER_MODE_CTR */
ret = 0;
exit:
- mbedtls_camellia_free( &ctx );
- return( ret );
+ mbedtls_camellia_free(&ctx);
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/ccm.c b/library/ccm.c
index e0d4333..82c308a 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -40,10 +40,10 @@
#if !defined(MBEDTLS_CCM_ALT)
-#define CCM_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CCM_BAD_INPUT )
-#define CCM_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define CCM_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_CCM_BAD_INPUT)
+#define CCM_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
#define CCM_ENCRYPT 0
#define CCM_DECRYPT 1
@@ -51,54 +51,57 @@
/*
* Initialize context
*/
-void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
+void mbedtls_ccm_init(mbedtls_ccm_context *ctx)
{
- CCM_VALIDATE( ctx != NULL );
- memset( ctx, 0, sizeof( mbedtls_ccm_context ) );
+ CCM_VALIDATE(ctx != NULL);
+ memset(ctx, 0, sizeof(mbedtls_ccm_context));
}
-int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
- mbedtls_cipher_id_t cipher,
- const unsigned char *key,
- unsigned int keybits )
+int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx,
+ mbedtls_cipher_id_t cipher,
+ const unsigned char *key,
+ unsigned int keybits)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
- CCM_VALIDATE_RET( ctx != NULL );
- CCM_VALIDATE_RET( key != NULL );
+ CCM_VALIDATE_RET(ctx != NULL);
+ CCM_VALIDATE_RET(key != NULL);
- cipher_info = mbedtls_cipher_info_from_values( cipher, keybits,
- MBEDTLS_MODE_ECB );
- if( cipher_info == NULL )
- return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
- if( cipher_info->block_size != 16 )
- return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
- mbedtls_cipher_free( &ctx->cipher_ctx );
-
- if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
- return( ret );
-
- if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
- MBEDTLS_ENCRYPT ) ) != 0 )
- {
- return( ret );
+ cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
+ MBEDTLS_MODE_ECB);
+ if (cipher_info == NULL) {
+ return MBEDTLS_ERR_CCM_BAD_INPUT;
}
- return( 0 );
+ if (cipher_info->block_size != 16) {
+ return MBEDTLS_ERR_CCM_BAD_INPUT;
+ }
+
+ mbedtls_cipher_free(&ctx->cipher_ctx);
+
+ if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) {
+ return ret;
+ }
+
+ if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits,
+ MBEDTLS_ENCRYPT)) != 0) {
+ return ret;
+ }
+
+ return 0;
}
/*
* Free context
*/
-void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
+void mbedtls_ccm_free(mbedtls_ccm_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
- mbedtls_cipher_free( &ctx->cipher_ctx );
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
+ }
+ mbedtls_cipher_free(&ctx->cipher_ctx);
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ccm_context));
}
/*
@@ -111,38 +114,38 @@
* (Always using b as the source helps the compiler optimise a bit better.)
*/
#define UPDATE_CBC_MAC \
- for( i = 0; i < 16; i++ ) \
- y[i] ^= b[i]; \
+ for (i = 0; i < 16; i++) \
+ y[i] ^= b[i]; \
\
- if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, y, 16, y, &olen ) ) != 0 ) \
- return( ret );
+ if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, y, 16, y, &olen)) != 0) \
+ return ret;
/*
* Encrypt or decrypt a partial block with CTR
* Warning: using b for temporary storage! src and dst must not be b!
* This avoids allocating one more 16 bytes buffer while allowing src == dst.
*/
-#define CTR_CRYPT( dst, src, len ) \
+#define CTR_CRYPT(dst, src, len) \
do \
{ \
- if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctr, \
- 16, b, &olen ) ) != 0 ) \
+ if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctr, \
+ 16, b, &olen)) != 0) \
{ \
- return( ret ); \
+ return ret; \
} \
- \
- for( i = 0; i < (len); i++ ) \
- (dst)[i] = (src)[i] ^ b[i]; \
- } while( 0 )
+ \
+ for (i = 0; i < (len); i++) \
+ (dst)[i] = (src)[i] ^ b[i]; \
+ } while (0)
/*
* Authenticated encryption or decryption
*/
-static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *add, size_t add_len,
- const unsigned char *input, unsigned char *output,
- unsigned char *tag, size_t tag_len )
+static int ccm_auth_crypt(mbedtls_ccm_context *ctx, int mode, size_t length,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *add, size_t add_len,
+ const unsigned char *input, unsigned char *output,
+ unsigned char *tag, size_t tag_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char i;
@@ -161,15 +164,18 @@
*
* Also, loosen the requirements to enable support for CCM* (IEEE 802.15.4).
*/
- if( tag_len == 2 || tag_len > 16 || tag_len % 2 != 0 )
- return( MBEDTLS_ERR_CCM_BAD_INPUT );
+ if (tag_len == 2 || tag_len > 16 || tag_len % 2 != 0) {
+ return MBEDTLS_ERR_CCM_BAD_INPUT;
+ }
/* Also implies q is within bounds */
- if( iv_len < 7 || iv_len > 13 )
- return( MBEDTLS_ERR_CCM_BAD_INPUT );
+ if (iv_len < 7 || iv_len > 13) {
+ return MBEDTLS_ERR_CCM_BAD_INPUT;
+ }
- if( add_len >= 0xFF00 )
- return( MBEDTLS_ERR_CCM_BAD_INPUT );
+ if (add_len >= 0xFF00) {
+ return MBEDTLS_ERR_CCM_BAD_INPUT;
+ }
q = 16 - 1 - (unsigned char) iv_len;
@@ -186,49 +192,49 @@
* 2 .. 0 q - 1
*/
b[0] = 0;
- b[0] |= ( add_len > 0 ) << 6;
- b[0] |= ( ( tag_len - 2 ) / 2 ) << 3;
+ b[0] |= (add_len > 0) << 6;
+ b[0] |= ((tag_len - 2) / 2) << 3;
b[0] |= q - 1;
- memcpy( b + 1, iv, iv_len );
+ memcpy(b + 1, iv, iv_len);
- for( i = 0, len_left = length; i < q; i++, len_left >>= 8 )
- b[15-i] = MBEDTLS_BYTE_0( len_left );
+ for (i = 0, len_left = length; i < q; i++, len_left >>= 8) {
+ b[15-i] = MBEDTLS_BYTE_0(len_left);
+ }
- if( len_left > 0 )
- return( MBEDTLS_ERR_CCM_BAD_INPUT );
+ if (len_left > 0) {
+ return MBEDTLS_ERR_CCM_BAD_INPUT;
+ }
/* Start CBC-MAC with first block */
- memset( y, 0, 16 );
+ memset(y, 0, 16);
UPDATE_CBC_MAC;
/*
* If there is additional data, update CBC-MAC with
* add_len, add, 0 (padding to a block boundary)
*/
- if( add_len > 0 )
- {
+ if (add_len > 0) {
size_t use_len;
len_left = add_len;
src = add;
- memset( b, 0, 16 );
- MBEDTLS_PUT_UINT16_BE( add_len, b, 0 );
+ memset(b, 0, 16);
+ MBEDTLS_PUT_UINT16_BE(add_len, b, 0);
use_len = len_left < 16 - 2 ? len_left : 16 - 2;
- memcpy( b + 2, src, use_len );
+ memcpy(b + 2, src, use_len);
len_left -= use_len;
src += use_len;
UPDATE_CBC_MAC;
- while( len_left > 0 )
- {
+ while (len_left > 0) {
use_len = len_left > 16 ? 16 : len_left;
- memset( b, 0, 16 );
- memcpy( b, src, use_len );
+ memset(b, 0, 16);
+ memcpy(b, src, use_len);
UPDATE_CBC_MAC;
len_left -= use_len;
@@ -247,8 +253,8 @@
* 2 .. 0 q - 1
*/
ctr[0] = q - 1;
- memcpy( ctr + 1, iv, iv_len );
- memset( ctr + 1 + iv_len, 0, q );
+ memcpy(ctr + 1, iv, iv_len);
+ memset(ctr + 1 + iv_len, 0, q);
ctr[15] = 1;
/*
@@ -261,23 +267,20 @@
src = input;
dst = output;
- while( len_left > 0 )
- {
+ while (len_left > 0) {
size_t use_len = len_left > 16 ? 16 : len_left;
- if( mode == CCM_ENCRYPT )
- {
- memset( b, 0, 16 );
- memcpy( b, src, use_len );
+ if (mode == CCM_ENCRYPT) {
+ memset(b, 0, 16);
+ memcpy(b, src, use_len);
UPDATE_CBC_MAC;
}
- CTR_CRYPT( dst, src, use_len );
+ CTR_CRYPT(dst, src, use_len);
- if( mode == CCM_DECRYPT )
- {
- memset( b, 0, 16 );
- memcpy( b, dst, use_len );
+ if (mode == CCM_DECRYPT) {
+ memset(b, 0, 16);
+ memcpy(b, dst, use_len);
UPDATE_CBC_MAC;
}
@@ -289,120 +292,124 @@
* Increment counter.
* No need to check for overflow thanks to the length check above.
*/
- for( i = 0; i < q; i++ )
- if( ++ctr[15-i] != 0 )
+ for (i = 0; i < q; i++) {
+ if (++ctr[15-i] != 0) {
break;
+ }
+ }
}
/*
* Authentication: reset counter and crypt/mask internal tag
*/
- for( i = 0; i < q; i++ )
+ for (i = 0; i < q; i++) {
ctr[15-i] = 0;
+ }
- CTR_CRYPT( y, y, 16 );
- memcpy( tag, y, tag_len );
+ CTR_CRYPT(y, y, 16);
+ memcpy(tag, y, tag_len);
- return( 0 );
+ return 0;
}
/*
* Authenticated encryption
*/
-int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *add, size_t add_len,
- const unsigned char *input, unsigned char *output,
- unsigned char *tag, size_t tag_len )
+int mbedtls_ccm_star_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *add, size_t add_len,
+ const unsigned char *input, unsigned char *output,
+ unsigned char *tag, size_t tag_len)
{
- CCM_VALIDATE_RET( ctx != NULL );
- CCM_VALIDATE_RET( iv != NULL );
- CCM_VALIDATE_RET( add_len == 0 || add != NULL );
- CCM_VALIDATE_RET( length == 0 || input != NULL );
- CCM_VALIDATE_RET( length == 0 || output != NULL );
- CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
- return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
- add, add_len, input, output, tag, tag_len ) );
+ CCM_VALIDATE_RET(ctx != NULL);
+ CCM_VALIDATE_RET(iv != NULL);
+ CCM_VALIDATE_RET(add_len == 0 || add != NULL);
+ CCM_VALIDATE_RET(length == 0 || input != NULL);
+ CCM_VALIDATE_RET(length == 0 || output != NULL);
+ CCM_VALIDATE_RET(tag_len == 0 || tag != NULL);
+ return ccm_auth_crypt(ctx, CCM_ENCRYPT, length, iv, iv_len,
+ add, add_len, input, output, tag, tag_len);
}
-int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *add, size_t add_len,
- const unsigned char *input, unsigned char *output,
- unsigned char *tag, size_t tag_len )
+int mbedtls_ccm_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *add, size_t add_len,
+ const unsigned char *input, unsigned char *output,
+ unsigned char *tag, size_t tag_len)
{
- CCM_VALIDATE_RET( ctx != NULL );
- CCM_VALIDATE_RET( iv != NULL );
- CCM_VALIDATE_RET( add_len == 0 || add != NULL );
- CCM_VALIDATE_RET( length == 0 || input != NULL );
- CCM_VALIDATE_RET( length == 0 || output != NULL );
- CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
- if( tag_len == 0 )
- return( MBEDTLS_ERR_CCM_BAD_INPUT );
+ CCM_VALIDATE_RET(ctx != NULL);
+ CCM_VALIDATE_RET(iv != NULL);
+ CCM_VALIDATE_RET(add_len == 0 || add != NULL);
+ CCM_VALIDATE_RET(length == 0 || input != NULL);
+ CCM_VALIDATE_RET(length == 0 || output != NULL);
+ CCM_VALIDATE_RET(tag_len == 0 || tag != NULL);
+ if (tag_len == 0) {
+ return MBEDTLS_ERR_CCM_BAD_INPUT;
+ }
- return( mbedtls_ccm_star_encrypt_and_tag( ctx, length, iv, iv_len, add,
- add_len, input, output, tag, tag_len ) );
+ return mbedtls_ccm_star_encrypt_and_tag(ctx, length, iv, iv_len, add,
+ add_len, input, output, tag, tag_len);
}
/*
* Authenticated decryption
*/
-int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *add, size_t add_len,
- const unsigned char *input, unsigned char *output,
- const unsigned char *tag, size_t tag_len )
+int mbedtls_ccm_star_auth_decrypt(mbedtls_ccm_context *ctx, size_t length,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *add, size_t add_len,
+ const unsigned char *input, unsigned char *output,
+ const unsigned char *tag, size_t tag_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char check_tag[16];
unsigned char i;
int diff;
- CCM_VALIDATE_RET( ctx != NULL );
- CCM_VALIDATE_RET( iv != NULL );
- CCM_VALIDATE_RET( add_len == 0 || add != NULL );
- CCM_VALIDATE_RET( length == 0 || input != NULL );
- CCM_VALIDATE_RET( length == 0 || output != NULL );
- CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
+ CCM_VALIDATE_RET(ctx != NULL);
+ CCM_VALIDATE_RET(iv != NULL);
+ CCM_VALIDATE_RET(add_len == 0 || add != NULL);
+ CCM_VALIDATE_RET(length == 0 || input != NULL);
+ CCM_VALIDATE_RET(length == 0 || output != NULL);
+ CCM_VALIDATE_RET(tag_len == 0 || tag != NULL);
- if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
- iv, iv_len, add, add_len,
- input, output, check_tag, tag_len ) ) != 0 )
- {
- return( ret );
+ if ((ret = ccm_auth_crypt(ctx, CCM_DECRYPT, length,
+ iv, iv_len, add, add_len,
+ input, output, check_tag, tag_len)) != 0) {
+ return ret;
}
/* Check tag in "constant-time" */
- for( diff = 0, i = 0; i < tag_len; i++ )
+ for (diff = 0, i = 0; i < tag_len; i++) {
diff |= tag[i] ^ check_tag[i];
-
- if( diff != 0 )
- {
- mbedtls_platform_zeroize( output, length );
- return( MBEDTLS_ERR_CCM_AUTH_FAILED );
}
- return( 0 );
+ if (diff != 0) {
+ mbedtls_platform_zeroize(output, length);
+ return MBEDTLS_ERR_CCM_AUTH_FAILED;
+ }
+
+ return 0;
}
-int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *add, size_t add_len,
- const unsigned char *input, unsigned char *output,
- const unsigned char *tag, size_t tag_len )
+int mbedtls_ccm_auth_decrypt(mbedtls_ccm_context *ctx, size_t length,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *add, size_t add_len,
+ const unsigned char *input, unsigned char *output,
+ const unsigned char *tag, size_t tag_len)
{
- CCM_VALIDATE_RET( ctx != NULL );
- CCM_VALIDATE_RET( iv != NULL );
- CCM_VALIDATE_RET( add_len == 0 || add != NULL );
- CCM_VALIDATE_RET( length == 0 || input != NULL );
- CCM_VALIDATE_RET( length == 0 || output != NULL );
- CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
+ CCM_VALIDATE_RET(ctx != NULL);
+ CCM_VALIDATE_RET(iv != NULL);
+ CCM_VALIDATE_RET(add_len == 0 || add != NULL);
+ CCM_VALIDATE_RET(length == 0 || input != NULL);
+ CCM_VALIDATE_RET(length == 0 || output != NULL);
+ CCM_VALIDATE_RET(tag_len == 0 || tag != NULL);
- if( tag_len == 0 )
- return( MBEDTLS_ERR_CCM_BAD_INPUT );
+ if (tag_len == 0) {
+ return MBEDTLS_ERR_CCM_BAD_INPUT;
+ }
- return( mbedtls_ccm_star_auth_decrypt( ctx, length, iv, iv_len, add,
- add_len, input, output, tag, tag_len ) );
+ return mbedtls_ccm_star_auth_decrypt(ctx, length, iv, iv_len, add,
+ add_len, input, output, tag, tag_len);
}
#endif /* !MBEDTLS_CCM_ALT */
@@ -439,7 +446,7 @@
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
};
-static const size_t iv_len_test_data [NB_TESTS] = { 7, 8, 12 };
+static const size_t iv_len_test_data[NB_TESTS] = { 7, 8, 12 };
static const size_t add_len_test_data[NB_TESTS] = { 8, 16, 20 };
static const size_t msg_len_test_data[NB_TESTS] = { 4, 16, 24 };
static const size_t tag_len_test_data[NB_TESTS] = { 4, 6, 8 };
@@ -455,7 +462,7 @@
0x48, 0x43, 0x92, 0xfb, 0xc1, 0xb0, 0x99, 0x51 }
};
-int mbedtls_ccm_self_test( int verbose )
+int mbedtls_ccm_self_test(int verbose)
{
mbedtls_ccm_context ctx;
/*
@@ -468,70 +475,72 @@
size_t i;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_ccm_init( &ctx );
+ mbedtls_ccm_init(&ctx);
- if( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key_test_data,
- 8 * sizeof key_test_data ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( " CCM: setup failed" );
-
- return( 1 );
- }
-
- for( i = 0; i < NB_TESTS; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " CCM-AES #%u: ", (unsigned int) i + 1 );
-
- memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
- memset( ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN );
- memcpy( plaintext, msg_test_data, msg_len_test_data[i] );
-
- ret = mbedtls_ccm_encrypt_and_tag( &ctx, msg_len_test_data[i],
- iv_test_data, iv_len_test_data[i],
- ad_test_data, add_len_test_data[i],
- plaintext, ciphertext,
- ciphertext + msg_len_test_data[i],
- tag_len_test_data[i] );
-
- if( ret != 0 ||
- memcmp( ciphertext, res_test_data[i],
- msg_len_test_data[i] + tag_len_test_data[i] ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
- memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
-
- ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len_test_data[i],
- iv_test_data, iv_len_test_data[i],
- ad_test_data, add_len_test_data[i],
- ciphertext, plaintext,
- ciphertext + msg_len_test_data[i],
- tag_len_test_data[i] );
-
- if( ret != 0 ||
- memcmp( plaintext, msg_test_data, msg_len_test_data[i] ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
+ if (mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, key_test_data,
+ 8 * sizeof key_test_data) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf(" CCM: setup failed");
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ return 1;
}
- mbedtls_ccm_free( &ctx );
+ for (i = 0; i < NB_TESTS; i++) {
+ if (verbose != 0) {
+ mbedtls_printf(" CCM-AES #%u: ", (unsigned int) i + 1);
+ }
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ memset(plaintext, 0, CCM_SELFTEST_PT_MAX_LEN);
+ memset(ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN);
+ memcpy(plaintext, msg_test_data, msg_len_test_data[i]);
- return( 0 );
+ ret = mbedtls_ccm_encrypt_and_tag(&ctx, msg_len_test_data[i],
+ iv_test_data, iv_len_test_data[i],
+ ad_test_data, add_len_test_data[i],
+ plaintext, ciphertext,
+ ciphertext + msg_len_test_data[i],
+ tag_len_test_data[i]);
+
+ if (ret != 0 ||
+ memcmp(ciphertext, res_test_data[i],
+ msg_len_test_data[i] + tag_len_test_data[i]) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
+
+ return 1;
+ }
+ memset(plaintext, 0, CCM_SELFTEST_PT_MAX_LEN);
+
+ ret = mbedtls_ccm_auth_decrypt(&ctx, msg_len_test_data[i],
+ iv_test_data, iv_len_test_data[i],
+ ad_test_data, add_len_test_data[i],
+ ciphertext, plaintext,
+ ciphertext + msg_len_test_data[i],
+ tag_len_test_data[i]);
+
+ if (ret != 0 ||
+ memcmp(plaintext, msg_test_data, msg_len_test_data[i]) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
+
+ return 1;
+ }
+
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
+ }
+
+ mbedtls_ccm_free(&ctx);
+
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
+
+ return 0;
}
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
diff --git a/library/certs.c b/library/certs.c
index a5695e3..af1f98c 100644
--- a/library/certs.c
+++ b/library/certs.c
@@ -57,50 +57,50 @@
/* This is generated from tests/data_files/test-ca2.crt.der using `xxd -i`. */
/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER tests/data_files/test-ca2.crt.der */
#define TEST_CA_CRT_EC_DER { \
- 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \
- 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \
- 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \
- 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \
- 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \
- 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \
- 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \
- 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \
- 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \
- 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \
- 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \
- 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \
- 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \
- 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \
- 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \
- 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \
- 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \
- 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \
- 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \
- 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \
- 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \
- 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \
- 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \
- 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \
- 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \
- 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \
- 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \
- 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \
- 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \
- 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
- 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \
- 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \
- 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \
- 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \
- 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \
- 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \
- 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \
- 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \
- 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \
- 0xf5, 0xae, 0x1c, 0x42 \
+ 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \
+ 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \
+ 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \
+ 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \
+ 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \
+ 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \
+ 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \
+ 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \
+ 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \
+ 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \
+ 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \
+ 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \
+ 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \
+ 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \
+ 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \
+ 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \
+ 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \
+ 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \
+ 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \
+ 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \
+ 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \
+ 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \
+ 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \
+ 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \
+ 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \
+ 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \
+ 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \
+ 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \
+ 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \
+ 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
+ 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \
+ 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \
+ 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \
+ 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \
+ 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \
+ 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \
+ 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \
+ 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \
+ 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \
+ 0xf5, 0xae, 0x1c, 0x42 \
}
/* END FILE */
@@ -123,20 +123,20 @@
/* This is generated from tests/data_files/test-ca2.key.der using `xxd -i`. */
/* BEGIN FILE binary macro TEST_CA_KEY_EC_DER tests/data_files/test-ca2.key.der */
#define TEST_CA_KEY_EC_DER { \
- 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \
- 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \
- 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \
- 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \
- 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \
- 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \
- 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \
- 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \
- 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \
- 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \
- 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \
- 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \
- 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \
- 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \
+ 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \
+ 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \
+ 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \
+ 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \
+ 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \
+ 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \
+ 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \
+ 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \
+ 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \
+ 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \
+ 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \
+ 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \
+ 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \
+ 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \
}
/* END FILE */
@@ -169,76 +169,76 @@
* using `xxd -i`. */
/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER tests/data_files/test-ca-sha256.crt.der */
#define TEST_CA_CRT_RSA_SHA256_DER { \
- 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
- 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
- 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
- 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
- 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
- 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
- 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \
- 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \
- 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
- 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \
- 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \
- 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \
- 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \
- 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \
- 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \
- 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \
- 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \
- 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \
- 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \
- 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \
- 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \
- 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \
- 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \
- 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \
- 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \
- 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \
- 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \
- 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \
- 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \
- 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \
- 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \
- 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \
- 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \
- 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \
- 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \
- 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \
- 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \
- 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \
- 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \
- 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \
- 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \
- 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \
- 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \
- 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \
- 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \
- 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \
- 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \
- 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \
- 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \
- 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \
- 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \
- 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \
- 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \
- 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \
- 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \
- 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \
- 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \
- 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \
- 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \
- 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \
- 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \
- 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \
- 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \
- 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \
- 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \
+ 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
+ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
+ 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
+ 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
+ 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
+ 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \
+ 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \
+ 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
+ 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \
+ 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \
+ 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \
+ 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \
+ 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \
+ 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \
+ 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \
+ 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \
+ 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \
+ 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \
+ 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \
+ 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \
+ 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \
+ 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \
+ 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \
+ 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \
+ 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \
+ 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \
+ 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \
+ 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \
+ 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \
+ 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \
+ 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \
+ 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \
+ 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \
+ 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \
+ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \
+ 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \
+ 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \
+ 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \
+ 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \
+ 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \
+ 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \
+ 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \
+ 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \
+ 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \
+ 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \
+ 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \
+ 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \
+ 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \
+ 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \
+ 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \
+ 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \
+ 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \
+ 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \
+ 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \
+ 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \
+ 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \
+ 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \
+ 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \
+ 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \
+ 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \
+ 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \
+ 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \
}
/* END FILE */
@@ -270,76 +270,76 @@
/* This is taken from tests/data_files/test-ca-sha1.crt.der. */
/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER tests/data_files/test-ca-sha1.crt.der */
#define TEST_CA_CRT_RSA_SHA1_DER { \
- 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
- 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
- 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
- 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
- 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
- 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
- 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \
- 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \
- 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
- 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \
- 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \
- 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \
- 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \
- 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \
- 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \
- 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \
- 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \
- 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \
- 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \
- 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \
- 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \
- 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \
- 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \
- 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \
- 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \
- 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \
- 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \
- 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \
- 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \
- 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \
- 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \
- 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \
- 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \
- 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \
- 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \
- 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \
- 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \
- 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \
- 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \
- 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \
- 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \
- 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \
- 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \
- 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x13, 0x73, 0x84, 0x3d, 0xf1, 0x1d, \
- 0xfd, 0xb7, 0x09, 0x5b, 0x96, 0x5d, 0x53, 0x7f, 0xd5, 0x80, 0xf3, 0x52, \
- 0xe2, 0xd3, 0x33, 0x87, 0xc8, 0x27, 0x24, 0xff, 0xd5, 0xd8, 0x57, 0x2f, \
- 0x16, 0xd1, 0xb2, 0x94, 0xca, 0x50, 0xab, 0xa6, 0x27, 0x10, 0x16, 0x08, \
- 0xc8, 0x11, 0xc0, 0x2f, 0x80, 0xd1, 0xbe, 0x53, 0x18, 0xe6, 0xb9, 0xd7, \
- 0x18, 0x1a, 0x77, 0x38, 0x34, 0x7c, 0x32, 0x9a, 0x87, 0x0b, 0xa0, 0x2a, \
- 0xb9, 0x14, 0xc2, 0x2f, 0x38, 0xd2, 0xe7, 0xb8, 0x98, 0x7d, 0xff, 0xff, \
- 0xe1, 0x01, 0x50, 0xa9, 0x6f, 0x67, 0xf7, 0x6c, 0xdc, 0xb6, 0xca, 0x6f, \
- 0x73, 0x39, 0x1a, 0x3c, 0xa8, 0x23, 0xaa, 0x8d, 0x4d, 0xa3, 0x75, 0x2a, \
- 0xd1, 0x76, 0xb3, 0xd7, 0x4a, 0xdc, 0xc7, 0x24, 0xd4, 0x3e, 0xb7, 0xf9, \
- 0xc0, 0xd5, 0x51, 0x67, 0x65, 0x74, 0x2a, 0xf9, 0x65, 0xbc, 0x00, 0x15, \
- 0x4b, 0x36, 0xc8, 0xe2, 0x6a, 0x5d, 0x51, 0x7c, 0xed, 0x8e, 0x14, 0x93, \
- 0x4b, 0x90, 0x36, 0x05, 0xe5, 0x90, 0x00, 0x03, 0xab, 0xd3, 0x3a, 0xb5, \
- 0x17, 0xb4, 0xd2, 0x45, 0x52, 0x69, 0x26, 0xce, 0xe3, 0x98, 0x1d, 0x9a, \
- 0x8b, 0xf8, 0xa0, 0x92, 0x1d, 0x48, 0x02, 0x37, 0x2e, 0xc1, 0x5e, 0x95, \
- 0xc2, 0x53, 0xfe, 0xb1, 0xbc, 0x34, 0x82, 0x34, 0x34, 0x36, 0x91, 0x8c, \
- 0x88, 0x7a, 0x67, 0x97, 0x34, 0x40, 0x8b, 0xfb, 0x48, 0x6e, 0xd3, 0xaf, \
- 0x30, 0x81, 0x8e, 0x05, 0x4d, 0x93, 0x21, 0xf6, 0xb1, 0xff, 0x98, 0xea, \
- 0xd5, 0xa8, 0x14, 0xc7, 0x96, 0x8f, 0x99, 0x3e, 0x53, 0x58, 0x08, 0x89, \
- 0x3c, 0xe3, 0x8f, 0xea, 0x5e, 0x71, 0x5e, 0x70, 0xf0, 0xc5, 0xe6, 0x12, \
- 0x35, 0x6a, 0xa2, 0x5f, 0xd1, 0xb2, 0xba, 0xc0, 0x59, 0x8d, 0xec, 0xda, \
- 0x09, 0xa1, 0xda, 0x6e, 0x30, 0xcb, 0x53, 0x4a, 0x90 \
+ 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
+ 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
+ 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
+ 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
+ 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
+ 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \
+ 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \
+ 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
+ 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \
+ 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \
+ 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \
+ 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \
+ 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \
+ 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \
+ 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \
+ 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \
+ 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \
+ 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \
+ 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \
+ 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \
+ 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \
+ 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \
+ 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \
+ 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \
+ 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \
+ 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \
+ 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \
+ 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \
+ 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \
+ 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \
+ 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \
+ 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \
+ 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \
+ 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \
+ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \
+ 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \
+ 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \
+ 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \
+ 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \
+ 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \
+ 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x13, 0x73, 0x84, 0x3d, 0xf1, 0x1d, \
+ 0xfd, 0xb7, 0x09, 0x5b, 0x96, 0x5d, 0x53, 0x7f, 0xd5, 0x80, 0xf3, 0x52, \
+ 0xe2, 0xd3, 0x33, 0x87, 0xc8, 0x27, 0x24, 0xff, 0xd5, 0xd8, 0x57, 0x2f, \
+ 0x16, 0xd1, 0xb2, 0x94, 0xca, 0x50, 0xab, 0xa6, 0x27, 0x10, 0x16, 0x08, \
+ 0xc8, 0x11, 0xc0, 0x2f, 0x80, 0xd1, 0xbe, 0x53, 0x18, 0xe6, 0xb9, 0xd7, \
+ 0x18, 0x1a, 0x77, 0x38, 0x34, 0x7c, 0x32, 0x9a, 0x87, 0x0b, 0xa0, 0x2a, \
+ 0xb9, 0x14, 0xc2, 0x2f, 0x38, 0xd2, 0xe7, 0xb8, 0x98, 0x7d, 0xff, 0xff, \
+ 0xe1, 0x01, 0x50, 0xa9, 0x6f, 0x67, 0xf7, 0x6c, 0xdc, 0xb6, 0xca, 0x6f, \
+ 0x73, 0x39, 0x1a, 0x3c, 0xa8, 0x23, 0xaa, 0x8d, 0x4d, 0xa3, 0x75, 0x2a, \
+ 0xd1, 0x76, 0xb3, 0xd7, 0x4a, 0xdc, 0xc7, 0x24, 0xd4, 0x3e, 0xb7, 0xf9, \
+ 0xc0, 0xd5, 0x51, 0x67, 0x65, 0x74, 0x2a, 0xf9, 0x65, 0xbc, 0x00, 0x15, \
+ 0x4b, 0x36, 0xc8, 0xe2, 0x6a, 0x5d, 0x51, 0x7c, 0xed, 0x8e, 0x14, 0x93, \
+ 0x4b, 0x90, 0x36, 0x05, 0xe5, 0x90, 0x00, 0x03, 0xab, 0xd3, 0x3a, 0xb5, \
+ 0x17, 0xb4, 0xd2, 0x45, 0x52, 0x69, 0x26, 0xce, 0xe3, 0x98, 0x1d, 0x9a, \
+ 0x8b, 0xf8, 0xa0, 0x92, 0x1d, 0x48, 0x02, 0x37, 0x2e, 0xc1, 0x5e, 0x95, \
+ 0xc2, 0x53, 0xfe, 0xb1, 0xbc, 0x34, 0x82, 0x34, 0x34, 0x36, 0x91, 0x8c, \
+ 0x88, 0x7a, 0x67, 0x97, 0x34, 0x40, 0x8b, 0xfb, 0x48, 0x6e, 0xd3, 0xaf, \
+ 0x30, 0x81, 0x8e, 0x05, 0x4d, 0x93, 0x21, 0xf6, 0xb1, 0xff, 0x98, 0xea, \
+ 0xd5, 0xa8, 0x14, 0xc7, 0x96, 0x8f, 0x99, 0x3e, 0x53, 0x58, 0x08, 0x89, \
+ 0x3c, 0xe3, 0x8f, 0xea, 0x5e, 0x71, 0x5e, 0x70, 0xf0, 0xc5, 0xe6, 0x12, \
+ 0x35, 0x6a, 0xa2, 0x5f, 0xd1, 0xb2, 0xba, 0xc0, 0x59, 0x8d, 0xec, 0xda, \
+ 0x09, 0xa1, 0xda, 0x6e, 0x30, 0xcb, 0x53, 0x4a, 0x90 \
}
/* END FILE */
@@ -383,106 +383,106 @@
/* This was generated from test-ca.key.der using `xxd -i`. */
/* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER tests/data_files/test-ca.key.der */
#define TEST_CA_KEY_RSA_DER { \
- 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \
- 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \
- 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \
- 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \
- 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \
- 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \
- 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \
- 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \
- 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \
- 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \
- 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \
- 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \
- 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \
- 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \
- 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \
- 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \
- 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \
- 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \
- 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \
- 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \
- 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \
- 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \
- 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \
- 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \
- 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \
- 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \
- 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \
- 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \
- 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \
- 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \
- 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \
- 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \
- 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \
- 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \
- 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \
- 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \
- 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \
- 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \
- 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \
- 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \
- 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \
- 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \
- 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \
- 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \
- 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \
- 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \
- 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \
- 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \
- 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \
- 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \
- 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \
- 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \
- 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \
- 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \
- 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \
- 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \
- 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \
- 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \
- 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \
- 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \
- 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \
- 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \
- 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \
- 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \
- 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \
- 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \
- 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \
- 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \
- 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \
- 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \
- 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \
- 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \
- 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \
- 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \
- 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \
- 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \
- 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \
- 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \
- 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \
- 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \
- 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \
- 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \
- 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \
- 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \
- 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \
- 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \
- 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \
- 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \
- 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \
- 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \
- 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \
- 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \
- 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \
- 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \
- 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \
- 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \
- 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \
- 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \
- 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \
- 0xa8, 0xc2, 0x8f, 0x0d \
+ 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \
+ 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \
+ 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \
+ 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \
+ 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \
+ 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \
+ 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \
+ 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \
+ 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \
+ 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \
+ 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \
+ 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \
+ 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \
+ 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \
+ 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \
+ 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \
+ 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \
+ 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \
+ 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \
+ 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \
+ 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \
+ 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \
+ 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \
+ 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \
+ 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \
+ 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \
+ 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \
+ 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \
+ 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \
+ 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \
+ 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \
+ 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \
+ 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \
+ 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \
+ 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \
+ 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \
+ 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \
+ 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \
+ 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \
+ 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \
+ 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \
+ 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \
+ 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \
+ 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \
+ 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \
+ 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \
+ 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \
+ 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \
+ 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \
+ 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \
+ 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \
+ 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \
+ 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \
+ 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \
+ 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \
+ 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \
+ 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \
+ 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \
+ 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \
+ 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \
+ 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \
+ 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \
+ 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \
+ 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \
+ 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \
+ 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \
+ 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \
+ 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \
+ 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \
+ 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \
+ 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \
+ 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \
+ 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \
+ 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \
+ 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \
+ 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \
+ 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \
+ 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \
+ 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \
+ 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \
+ 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \
+ 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \
+ 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \
+ 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \
+ 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \
+ 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \
+ 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \
+ 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \
+ 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \
+ 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \
+ 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \
+ 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \
+ 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \
+ 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \
+ 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \
+ 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \
+ 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \
+ 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \
+ 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \
+ 0xa8, 0xc2, 0x8f, 0x0d \
}
/* END FILE */
@@ -521,52 +521,52 @@
/* This is generated from tests/data_files/server5.crt.der using `xxd -i`. */
/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER tests/data_files/server5.crt.der */
#define TEST_SRV_CRT_EC_DER { \
- 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
- 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \
- 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \
- 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
- 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \
- 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \
- 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \
- 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \
- 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \
- 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \
- 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \
- 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \
- 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \
- 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \
- 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \
- 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \
- 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \
- 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \
- 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \
- 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \
- 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \
- 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \
- 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \
- 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \
- 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \
- 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \
- 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \
- 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \
- 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \
- 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \
- 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \
- 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \
- 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \
- 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \
- 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \
- 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \
- 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \
- 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \
+ 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
+ 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \
+ 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \
+ 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
+ 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \
+ 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \
+ 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \
+ 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \
+ 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \
+ 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \
+ 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \
+ 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \
+ 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \
+ 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \
+ 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \
+ 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \
+ 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \
+ 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \
+ 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \
+ 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \
+ 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \
+ 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \
+ 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \
+ 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \
+ 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \
+ 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \
+ 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \
+ 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \
+ 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \
+ 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \
+ 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \
+ 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \
+ 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \
+ 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \
+ 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \
+ 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \
+ 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \
+ 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \
}
/* END FILE */
@@ -583,17 +583,17 @@
/* This is generated from tests/data_files/server5.key.der using `xxd -i`. */
/* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER tests/data_files/server5.key.der */
#define TEST_SRV_KEY_EC_DER { \
- 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \
- 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \
- 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \
- 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \
- 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \
- 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \
- 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \
- 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \
- 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \
- 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \
- 0xff \
+ 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \
+ 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \
+ 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \
+ 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \
+ 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \
+ 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \
+ 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \
+ 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \
+ 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \
+ 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \
+ 0xff \
}
/* END FILE */
@@ -625,175 +625,175 @@
/* This is taken from tests/data_files/server2-sha256.crt.der. */
/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER tests/data_files/server2-sha256.crt.der */
#define TEST_SRV_CRT_RSA_SHA256_DER { \
- 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
- 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
- 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
- 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
- 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
- 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
- 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \
- 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \
- 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
- 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \
- 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \
- 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \
- 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \
- 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \
- 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \
- 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \
- 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \
- 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \
- 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \
- 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \
- 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \
- 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \
- 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \
- 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \
- 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \
- 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \
- 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \
- 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \
- 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \
- 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \
- 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \
- 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \
- 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \
- 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \
- 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \
- 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \
- 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \
- 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \
- 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \
- 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \
- 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \
- 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \
- 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \
- 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \
- 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \
- 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \
- 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \
- 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \
- 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \
- 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \
- 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \
- 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \
- 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \
- 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \
- 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \
- 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \
- 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \
- 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \
- 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \
- 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \
- 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \
- 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \
- 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \
+ 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
+ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
+ 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
+ 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
+ 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
+ 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \
+ 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \
+ 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
+ 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \
+ 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \
+ 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \
+ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \
+ 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \
+ 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \
+ 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \
+ 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \
+ 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \
+ 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \
+ 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \
+ 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \
+ 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \
+ 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \
+ 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \
+ 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \
+ 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \
+ 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \
+ 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \
+ 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \
+ 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \
+ 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \
+ 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \
+ 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \
+ 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \
+ 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \
+ 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \
+ 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \
+ 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \
+ 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \
+ 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \
+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \
+ 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \
+ 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \
+ 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \
+ 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \
+ 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \
+ 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \
+ 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \
+ 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \
+ 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \
+ 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \
+ 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \
+ 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \
+ 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \
+ 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \
+ 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \
+ 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \
+ 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \
+ 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \
+ 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \
+ 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \
+ 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \
+ 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \
}
/* END FILE */
/* This is taken from tests/data_files/server2.crt. */
/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM tests/data_files/server2.crt */
#define TEST_SRV_CRT_RSA_SHA1_PEM \
-"-----BEGIN CERTIFICATE-----\r\n" \
-"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \
-"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
-"MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
-"A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \
-"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \
-"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \
-"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \
-"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \
-"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \
-"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \
-"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \
-"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \
-"cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \
-"O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \
-"KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \
-"iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \
-"HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \
-"Awgk0+4m0T25cNs=\r\n" \
-"-----END CERTIFICATE-----\r\n"
+ "-----BEGIN CERTIFICATE-----\r\n" \
+ "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \
+ "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
+ "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
+ "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \
+ "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \
+ "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \
+ "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \
+ "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \
+ "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \
+ "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \
+ "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \
+ "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \
+ "cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \
+ "O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \
+ "KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \
+ "iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \
+ "HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \
+ "Awgk0+4m0T25cNs=\r\n" \
+ "-----END CERTIFICATE-----\r\n"
/* END FILE */
/* This is taken from tests/data_files/server2.crt.der. */
/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER tests/data_files/server2.crt.der */
#define TEST_SRV_CRT_RSA_SHA1_DER { \
- 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
- 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
- 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
- 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
- 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
- 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
- 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \
- 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \
- 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
- 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \
- 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \
- 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \
- 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \
- 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \
- 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \
- 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \
- 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \
- 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \
- 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \
- 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \
- 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \
- 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \
- 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \
- 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \
- 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \
- 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \
- 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \
- 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \
- 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \
- 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \
- 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \
- 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \
- 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \
- 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \
- 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \
- 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \
- 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \
- 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \
- 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \
- 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \
- 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \
- 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x73, 0x0b, 0x4a, 0xc5, \
- 0xcb, 0xa0, 0xde, 0xf1, 0x63, 0x1c, 0x76, 0x04, 0x2b, 0x13, 0x0d, 0xc0, \
- 0x84, 0x11, 0xc5, 0x8f, 0x3a, 0xa7, 0xc5, 0x9c, 0x35, 0x7a, 0x77, 0xb8, \
- 0x20, 0x14, 0x82, 0xee, 0x54, 0xf0, 0xf2, 0xb0, 0x52, 0xcb, 0x78, 0xce, \
- 0x59, 0x07, 0x4f, 0x51, 0x69, 0xfe, 0xd3, 0x2f, 0xe9, 0x09, 0xe7, 0x85, \
- 0x92, 0xd8, 0xba, 0xb1, 0xeb, 0xc5, 0x76, 0x5d, 0x61, 0x2d, 0xe9, 0x86, \
- 0xb5, 0xde, 0x2a, 0xf9, 0x3f, 0x53, 0x28, 0x42, 0x86, 0x83, 0x73, 0x43, \
- 0xe0, 0x04, 0x5f, 0x07, 0x90, 0x14, 0x65, 0x9f, 0x6e, 0x10, 0x7a, 0xbc, \
- 0x58, 0x19, 0x22, 0xc2, 0xeb, 0x39, 0x72, 0x51, 0x92, 0xd7, 0xb4, 0x1d, \
- 0x75, 0x2f, 0xd3, 0x3a, 0x2b, 0x01, 0xe7, 0xdb, 0x50, 0xae, 0xe2, 0xf1, \
- 0xd4, 0x4d, 0x5b, 0x3c, 0xbb, 0x41, 0x2b, 0x2a, 0xa4, 0xe2, 0x4a, 0x02, \
- 0xe5, 0x60, 0x14, 0x2c, 0x9c, 0x1f, 0xa6, 0xcc, 0x06, 0x4b, 0x25, 0x89, \
- 0x4e, 0x96, 0x30, 0x22, 0x9c, 0x5c, 0x58, 0x4d, 0xc3, 0xda, 0xd0, 0x6e, \
- 0x50, 0x1e, 0x8c, 0x65, 0xf5, 0xd9, 0x17, 0x35, 0xa6, 0x58, 0x43, 0xb2, \
- 0x29, 0xb7, 0xa8, 0x5e, 0x35, 0xde, 0xf0, 0x60, 0x42, 0x1a, 0x01, 0xcb, \
- 0xcb, 0x0b, 0xd8, 0x0e, 0xc1, 0x90, 0xdf, 0xa1, 0xd2, 0x1a, 0xd1, 0x2c, \
- 0x02, 0xf4, 0x76, 0x41, 0xa4, 0xcb, 0x4b, 0x15, 0x98, 0x71, 0xf9, 0x35, \
- 0x7d, 0xb0, 0xe7, 0xe2, 0x34, 0x96, 0x91, 0xbe, 0x32, 0x67, 0x2d, 0x6b, \
- 0xd3, 0x55, 0x04, 0x8a, 0x01, 0x50, 0xb4, 0xe3, 0x62, 0x78, 0x6c, 0x11, \
- 0x15, 0xa5, 0x2a, 0x11, 0xc1, 0x49, 0x1c, 0x9b, 0xc4, 0x10, 0x65, 0x60, \
- 0x87, 0xd9, 0x1e, 0x69, 0x59, 0x4e, 0x8f, 0x6b, 0xeb, 0xc1, 0xfe, 0x6b, \
- 0xe2, 0x63, 0x78, 0x95, 0x6e, 0xe0, 0x2d, 0xd7, 0xa7, 0x37, 0xa8 \
+ 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
+ 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
+ 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
+ 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
+ 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
+ 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \
+ 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \
+ 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
+ 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \
+ 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \
+ 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \
+ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \
+ 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \
+ 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \
+ 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \
+ 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \
+ 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \
+ 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \
+ 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \
+ 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \
+ 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \
+ 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \
+ 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \
+ 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \
+ 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \
+ 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \
+ 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \
+ 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \
+ 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \
+ 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \
+ 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \
+ 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \
+ 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \
+ 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \
+ 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \
+ 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \
+ 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \
+ 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \
+ 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \
+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \
+ 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x73, 0x0b, 0x4a, 0xc5, \
+ 0xcb, 0xa0, 0xde, 0xf1, 0x63, 0x1c, 0x76, 0x04, 0x2b, 0x13, 0x0d, 0xc0, \
+ 0x84, 0x11, 0xc5, 0x8f, 0x3a, 0xa7, 0xc5, 0x9c, 0x35, 0x7a, 0x77, 0xb8, \
+ 0x20, 0x14, 0x82, 0xee, 0x54, 0xf0, 0xf2, 0xb0, 0x52, 0xcb, 0x78, 0xce, \
+ 0x59, 0x07, 0x4f, 0x51, 0x69, 0xfe, 0xd3, 0x2f, 0xe9, 0x09, 0xe7, 0x85, \
+ 0x92, 0xd8, 0xba, 0xb1, 0xeb, 0xc5, 0x76, 0x5d, 0x61, 0x2d, 0xe9, 0x86, \
+ 0xb5, 0xde, 0x2a, 0xf9, 0x3f, 0x53, 0x28, 0x42, 0x86, 0x83, 0x73, 0x43, \
+ 0xe0, 0x04, 0x5f, 0x07, 0x90, 0x14, 0x65, 0x9f, 0x6e, 0x10, 0x7a, 0xbc, \
+ 0x58, 0x19, 0x22, 0xc2, 0xeb, 0x39, 0x72, 0x51, 0x92, 0xd7, 0xb4, 0x1d, \
+ 0x75, 0x2f, 0xd3, 0x3a, 0x2b, 0x01, 0xe7, 0xdb, 0x50, 0xae, 0xe2, 0xf1, \
+ 0xd4, 0x4d, 0x5b, 0x3c, 0xbb, 0x41, 0x2b, 0x2a, 0xa4, 0xe2, 0x4a, 0x02, \
+ 0xe5, 0x60, 0x14, 0x2c, 0x9c, 0x1f, 0xa6, 0xcc, 0x06, 0x4b, 0x25, 0x89, \
+ 0x4e, 0x96, 0x30, 0x22, 0x9c, 0x5c, 0x58, 0x4d, 0xc3, 0xda, 0xd0, 0x6e, \
+ 0x50, 0x1e, 0x8c, 0x65, 0xf5, 0xd9, 0x17, 0x35, 0xa6, 0x58, 0x43, 0xb2, \
+ 0x29, 0xb7, 0xa8, 0x5e, 0x35, 0xde, 0xf0, 0x60, 0x42, 0x1a, 0x01, 0xcb, \
+ 0xcb, 0x0b, 0xd8, 0x0e, 0xc1, 0x90, 0xdf, 0xa1, 0xd2, 0x1a, 0xd1, 0x2c, \
+ 0x02, 0xf4, 0x76, 0x41, 0xa4, 0xcb, 0x4b, 0x15, 0x98, 0x71, 0xf9, 0x35, \
+ 0x7d, 0xb0, 0xe7, 0xe2, 0x34, 0x96, 0x91, 0xbe, 0x32, 0x67, 0x2d, 0x6b, \
+ 0xd3, 0x55, 0x04, 0x8a, 0x01, 0x50, 0xb4, 0xe3, 0x62, 0x78, 0x6c, 0x11, \
+ 0x15, 0xa5, 0x2a, 0x11, 0xc1, 0x49, 0x1c, 0x9b, 0xc4, 0x10, 0x65, 0x60, \
+ 0x87, 0xd9, 0x1e, 0x69, 0x59, 0x4e, 0x8f, 0x6b, 0xeb, 0xc1, 0xfe, 0x6b, \
+ 0xe2, 0x63, 0x78, 0x95, 0x6e, 0xe0, 0x2d, 0xd7, 0xa7, 0x37, 0xa8 \
}
/* END FILE */
@@ -832,106 +832,106 @@
/* This was generated from tests/data_files/server2.key.der using `xxd -i`. */
/* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER tests/data_files/server2.key.der */
#define TEST_SRV_KEY_RSA_DER { \
- 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \
- 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \
- 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \
- 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \
- 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \
- 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \
- 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \
- 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \
- 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \
- 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \
- 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \
- 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \
- 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \
- 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \
- 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \
- 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \
- 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \
- 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \
- 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \
- 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \
- 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \
- 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \
- 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \
- 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \
- 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \
- 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \
- 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \
- 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \
- 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \
- 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \
- 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \
- 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \
- 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \
- 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \
- 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \
- 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \
- 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \
- 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \
- 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \
- 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \
- 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \
- 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \
- 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \
- 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \
- 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \
- 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \
- 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \
- 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \
- 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \
- 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \
- 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \
- 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \
- 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \
- 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \
- 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \
- 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \
- 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \
- 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \
- 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \
- 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \
- 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \
- 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \
- 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \
- 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \
- 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \
- 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \
- 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \
- 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \
- 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \
- 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \
- 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \
- 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \
- 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \
- 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \
- 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \
- 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \
- 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \
- 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \
- 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \
- 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \
- 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \
- 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \
- 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \
- 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \
- 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \
- 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \
- 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \
- 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \
- 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \
- 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \
- 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \
- 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \
- 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \
- 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \
- 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \
- 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \
- 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \
- 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \
- 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \
- 0x06, 0x21, 0x2e, 0x56 \
+ 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \
+ 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \
+ 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \
+ 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \
+ 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \
+ 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \
+ 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \
+ 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \
+ 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \
+ 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \
+ 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \
+ 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \
+ 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \
+ 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \
+ 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \
+ 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \
+ 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \
+ 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \
+ 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \
+ 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \
+ 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \
+ 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \
+ 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \
+ 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \
+ 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \
+ 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \
+ 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \
+ 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \
+ 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \
+ 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \
+ 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \
+ 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \
+ 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \
+ 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \
+ 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \
+ 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \
+ 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \
+ 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \
+ 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \
+ 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \
+ 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \
+ 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \
+ 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \
+ 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \
+ 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \
+ 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \
+ 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \
+ 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \
+ 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \
+ 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \
+ 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \
+ 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \
+ 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \
+ 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \
+ 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \
+ 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \
+ 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \
+ 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \
+ 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \
+ 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \
+ 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \
+ 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \
+ 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \
+ 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \
+ 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \
+ 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \
+ 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \
+ 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \
+ 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \
+ 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \
+ 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \
+ 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \
+ 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \
+ 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \
+ 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \
+ 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \
+ 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \
+ 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \
+ 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \
+ 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \
+ 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \
+ 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \
+ 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \
+ 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \
+ 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \
+ 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \
+ 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \
+ 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \
+ 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \
+ 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \
+ 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \
+ 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \
+ 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \
+ 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \
+ 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \
+ 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \
+ 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \
+ 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \
+ 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \
+ 0x06, 0x21, 0x2e, 0x56 \
}
/* END FILE */
@@ -969,47 +969,47 @@
/* This is generated from tests/data_files/cli2.crt.der using `xxd -i`. */
/* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER tests/data_files/cli2.crt.der */
#define TEST_CLI_CRT_EC_DER { \
- 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
- 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \
- 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \
- 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \
- 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \
- 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \
- 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \
- 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \
- 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \
- 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \
- 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \
- 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \
- 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \
- 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \
- 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \
- 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \
- 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \
- 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \
- 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \
- 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \
- 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \
- 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \
- 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \
- 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \
- 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \
- 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \
- 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \
- 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \
- 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \
- 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \
- 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \
- 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \
- 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \
- 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \
- 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \
- 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \
- 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \
- 0x6b, 0xd5, 0x64 \
+ 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
+ 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \
+ 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \
+ 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \
+ 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \
+ 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \
+ 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \
+ 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \
+ 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \
+ 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \
+ 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \
+ 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \
+ 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \
+ 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \
+ 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \
+ 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \
+ 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \
+ 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \
+ 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \
+ 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \
+ 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \
+ 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \
+ 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \
+ 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \
+ 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \
+ 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \
+ 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \
+ 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \
+ 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \
+ 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \
+ 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \
+ 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \
+ 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \
+ 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \
+ 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \
+ 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \
+ 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \
+ 0x6b, 0xd5, 0x64 \
}
/* END FILE */
@@ -1026,17 +1026,17 @@
/* This is generated from tests/data_files/cli2.key.der using `xxd -i`. */
/* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER tests/data_files/cli2.key.der */
#define TEST_CLI_KEY_EC_DER { \
- 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \
- 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \
- 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \
- 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \
- 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \
- 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \
- 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \
- 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \
- 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \
- 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \
- 0xc7 \
+ 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \
+ 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \
+ 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \
+ 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \
+ 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \
+ 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \
+ 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \
+ 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \
+ 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \
+ 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \
+ 0xc7 \
}
/* END FILE */
@@ -1069,76 +1069,76 @@
using `xxd -i.` */
/* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER tests/data_files/cli-rsa-sha256.crt.der */
#define TEST_CLI_CRT_RSA_DER { \
- 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
- 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
- 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
- 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
- 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
- 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
- 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \
- 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \
- 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
- 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \
- 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \
- 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \
- 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \
- 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \
- 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \
- 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \
- 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \
- 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \
- 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \
- 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \
- 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \
- 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \
- 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \
- 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \
- 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \
- 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \
- 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \
- 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \
- 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \
- 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \
- 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \
- 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \
- 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \
- 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \
- 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \
- 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \
- 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \
- 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \
- 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \
- 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \
- 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \
- 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \
- 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \
- 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \
- 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \
- 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \
- 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \
- 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \
- 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \
- 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \
- 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \
- 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \
- 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \
- 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \
- 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \
- 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \
- 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \
- 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \
- 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \
- 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \
- 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \
- 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \
- 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \
- 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \
+ 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
+ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
+ 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
+ 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
+ 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
+ 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \
+ 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \
+ 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
+ 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \
+ 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \
+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \
+ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \
+ 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \
+ 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \
+ 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \
+ 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \
+ 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \
+ 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \
+ 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \
+ 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \
+ 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \
+ 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \
+ 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \
+ 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \
+ 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \
+ 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \
+ 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \
+ 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \
+ 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \
+ 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \
+ 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \
+ 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \
+ 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \
+ 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \
+ 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \
+ 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \
+ 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \
+ 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \
+ 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \
+ 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \
+ 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \
+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \
+ 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \
+ 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \
+ 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \
+ 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \
+ 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \
+ 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \
+ 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \
+ 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \
+ 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \
+ 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \
+ 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \
+ 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \
+ 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \
+ 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \
+ 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \
+ 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \
+ 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \
+ 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \
+ 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \
+ 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \
+ 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \
+ 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \
}
/* END FILE */
@@ -1176,106 +1176,106 @@
/* This was generated from tests/data_files/cli-rsa.key.der using `xxd -i`. */
/* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER tests/data_files/cli-rsa.key.der */
#define TEST_CLI_KEY_RSA_DER { \
- 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \
- 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \
- 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \
- 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \
- 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \
- 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \
- 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \
- 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \
- 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \
- 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \
- 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \
- 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \
- 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \
- 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \
- 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \
- 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \
- 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \
- 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \
- 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \
- 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \
- 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \
- 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \
- 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \
- 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \
- 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \
- 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \
- 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \
- 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \
- 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \
- 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \
- 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \
- 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \
- 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \
- 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \
- 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \
- 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \
- 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \
- 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \
- 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \
- 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \
- 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \
- 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \
- 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \
- 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \
- 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \
- 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \
- 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \
- 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \
- 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \
- 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \
- 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \
- 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \
- 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \
- 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \
- 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \
- 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \
- 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \
- 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \
- 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \
- 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \
- 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \
- 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \
- 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \
- 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \
- 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \
- 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \
- 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \
- 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \
- 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \
- 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \
- 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \
- 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \
- 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \
- 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \
- 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \
- 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \
- 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \
- 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \
- 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \
- 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \
- 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \
- 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \
- 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \
- 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \
- 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \
- 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \
- 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \
- 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \
- 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \
- 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \
- 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \
- 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \
- 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \
- 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \
- 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \
- 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \
- 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \
- 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \
- 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \
- 0x8b, 0x87, 0xc3, 0x00 \
+ 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \
+ 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \
+ 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \
+ 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \
+ 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \
+ 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \
+ 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \
+ 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \
+ 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \
+ 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \
+ 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \
+ 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \
+ 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \
+ 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \
+ 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \
+ 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \
+ 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \
+ 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \
+ 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \
+ 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \
+ 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \
+ 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \
+ 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \
+ 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \
+ 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \
+ 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \
+ 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \
+ 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \
+ 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \
+ 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \
+ 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \
+ 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \
+ 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \
+ 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \
+ 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \
+ 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \
+ 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \
+ 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \
+ 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \
+ 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \
+ 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \
+ 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \
+ 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \
+ 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \
+ 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \
+ 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \
+ 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \
+ 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \
+ 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \
+ 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \
+ 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \
+ 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \
+ 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \
+ 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \
+ 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \
+ 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \
+ 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \
+ 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \
+ 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \
+ 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \
+ 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \
+ 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \
+ 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \
+ 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \
+ 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \
+ 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \
+ 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \
+ 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \
+ 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \
+ 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \
+ 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \
+ 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \
+ 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \
+ 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \
+ 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \
+ 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \
+ 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \
+ 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \
+ 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \
+ 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \
+ 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \
+ 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \
+ 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \
+ 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \
+ 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \
+ 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \
+ 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \
+ 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \
+ 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \
+ 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \
+ 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \
+ 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \
+ 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \
+ 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \
+ 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \
+ 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \
+ 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \
+ 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \
+ 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \
+ 0x8b, 0x87, 0xc3, 0x00 \
}
/* END FILE */
@@ -1306,32 +1306,32 @@
TEST_CA_CRT_RSA_SHA256_DER;
const size_t mbedtls_test_ca_crt_ec_pem_len =
- sizeof( mbedtls_test_ca_crt_ec_pem );
+ sizeof(mbedtls_test_ca_crt_ec_pem);
const size_t mbedtls_test_ca_key_ec_pem_len =
- sizeof( mbedtls_test_ca_key_ec_pem );
+ sizeof(mbedtls_test_ca_key_ec_pem);
const size_t mbedtls_test_ca_pwd_ec_pem_len =
- sizeof( mbedtls_test_ca_pwd_ec_pem ) - 1;
+ sizeof(mbedtls_test_ca_pwd_ec_pem) - 1;
const size_t mbedtls_test_ca_key_rsa_pem_len =
- sizeof( mbedtls_test_ca_key_rsa_pem );
+ sizeof(mbedtls_test_ca_key_rsa_pem);
const size_t mbedtls_test_ca_pwd_rsa_pem_len =
- sizeof( mbedtls_test_ca_pwd_rsa_pem ) - 1;
+ sizeof(mbedtls_test_ca_pwd_rsa_pem) - 1;
const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len =
- sizeof( mbedtls_test_ca_crt_rsa_sha1_pem );
+ sizeof(mbedtls_test_ca_crt_rsa_sha1_pem);
const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len =
- sizeof( mbedtls_test_ca_crt_rsa_sha256_pem );
+ sizeof(mbedtls_test_ca_crt_rsa_sha256_pem);
const size_t mbedtls_test_ca_crt_ec_der_len =
- sizeof( mbedtls_test_ca_crt_ec_der );
+ sizeof(mbedtls_test_ca_crt_ec_der);
const size_t mbedtls_test_ca_key_ec_der_len =
- sizeof( mbedtls_test_ca_key_ec_der );
+ sizeof(mbedtls_test_ca_key_ec_der);
const size_t mbedtls_test_ca_pwd_ec_der_len = 0;
const size_t mbedtls_test_ca_key_rsa_der_len =
- sizeof( mbedtls_test_ca_key_rsa_der );
+ sizeof(mbedtls_test_ca_key_rsa_der);
const size_t mbedtls_test_ca_pwd_rsa_der_len = 0;
const size_t mbedtls_test_ca_crt_rsa_sha1_der_len =
- sizeof( mbedtls_test_ca_crt_rsa_sha1_der );
+ sizeof(mbedtls_test_ca_crt_rsa_sha1_der);
const size_t mbedtls_test_ca_crt_rsa_sha256_der_len =
- sizeof( mbedtls_test_ca_crt_rsa_sha256_der );
+ sizeof(mbedtls_test_ca_crt_rsa_sha256_der);
/*
* Server
@@ -1354,32 +1354,32 @@
TEST_SRV_CRT_RSA_SHA256_DER;
const size_t mbedtls_test_srv_crt_ec_pem_len =
- sizeof( mbedtls_test_srv_crt_ec_pem );
+ sizeof(mbedtls_test_srv_crt_ec_pem);
const size_t mbedtls_test_srv_key_ec_pem_len =
- sizeof( mbedtls_test_srv_key_ec_pem );
+ sizeof(mbedtls_test_srv_key_ec_pem);
const size_t mbedtls_test_srv_pwd_ec_pem_len =
- sizeof( mbedtls_test_srv_pwd_ec_pem ) - 1;
+ sizeof(mbedtls_test_srv_pwd_ec_pem) - 1;
const size_t mbedtls_test_srv_key_rsa_pem_len =
- sizeof( mbedtls_test_srv_key_rsa_pem );
+ sizeof(mbedtls_test_srv_key_rsa_pem);
const size_t mbedtls_test_srv_pwd_rsa_pem_len =
- sizeof( mbedtls_test_srv_pwd_rsa_pem ) - 1;
+ sizeof(mbedtls_test_srv_pwd_rsa_pem) - 1;
const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len =
- sizeof( mbedtls_test_srv_crt_rsa_sha1_pem );
+ sizeof(mbedtls_test_srv_crt_rsa_sha1_pem);
const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len =
- sizeof( mbedtls_test_srv_crt_rsa_sha256_pem );
+ sizeof(mbedtls_test_srv_crt_rsa_sha256_pem);
const size_t mbedtls_test_srv_crt_ec_der_len =
- sizeof( mbedtls_test_srv_crt_ec_der );
+ sizeof(mbedtls_test_srv_crt_ec_der);
const size_t mbedtls_test_srv_key_ec_der_len =
- sizeof( mbedtls_test_srv_key_ec_der );
+ sizeof(mbedtls_test_srv_key_ec_der);
const size_t mbedtls_test_srv_pwd_ec_der_len = 0;
const size_t mbedtls_test_srv_key_rsa_der_len =
- sizeof( mbedtls_test_srv_key_rsa_der );
+ sizeof(mbedtls_test_srv_key_rsa_der);
const size_t mbedtls_test_srv_pwd_rsa_der_len = 0;
const size_t mbedtls_test_srv_crt_rsa_sha1_der_len =
- sizeof( mbedtls_test_srv_crt_rsa_sha1_der );
+ sizeof(mbedtls_test_srv_crt_rsa_sha1_der);
const size_t mbedtls_test_srv_crt_rsa_sha256_der_len =
- sizeof( mbedtls_test_srv_crt_rsa_sha256_der );
+ sizeof(mbedtls_test_srv_crt_rsa_sha256_der);
/*
* Client
@@ -1398,26 +1398,26 @@
const unsigned char mbedtls_test_cli_crt_rsa_der[] = TEST_CLI_CRT_RSA_DER;
const size_t mbedtls_test_cli_crt_ec_pem_len =
- sizeof( mbedtls_test_cli_crt_ec_pem );
+ sizeof(mbedtls_test_cli_crt_ec_pem);
const size_t mbedtls_test_cli_key_ec_pem_len =
- sizeof( mbedtls_test_cli_key_ec_pem );
+ sizeof(mbedtls_test_cli_key_ec_pem);
const size_t mbedtls_test_cli_pwd_ec_pem_len =
- sizeof( mbedtls_test_cli_pwd_ec_pem ) - 1;
+ sizeof(mbedtls_test_cli_pwd_ec_pem) - 1;
const size_t mbedtls_test_cli_key_rsa_pem_len =
- sizeof( mbedtls_test_cli_key_rsa_pem );
+ sizeof(mbedtls_test_cli_key_rsa_pem);
const size_t mbedtls_test_cli_pwd_rsa_pem_len =
- sizeof( mbedtls_test_cli_pwd_rsa_pem ) - 1;
+ sizeof(mbedtls_test_cli_pwd_rsa_pem) - 1;
const size_t mbedtls_test_cli_crt_rsa_pem_len =
- sizeof( mbedtls_test_cli_crt_rsa_pem );
+ sizeof(mbedtls_test_cli_crt_rsa_pem);
const size_t mbedtls_test_cli_crt_ec_der_len =
- sizeof( mbedtls_test_cli_crt_ec_der );
+ sizeof(mbedtls_test_cli_crt_ec_der);
const size_t mbedtls_test_cli_key_ec_der_len =
- sizeof( mbedtls_test_cli_key_ec_der );
+ sizeof(mbedtls_test_cli_key_ec_der);
const size_t mbedtls_test_cli_key_rsa_der_len =
- sizeof( mbedtls_test_cli_key_rsa_der );
+ sizeof(mbedtls_test_cli_key_rsa_der);
const size_t mbedtls_test_cli_crt_rsa_der_len =
- sizeof( mbedtls_test_cli_crt_rsa_der );
+ sizeof(mbedtls_test_cli_crt_rsa_der);
/*
*
@@ -1519,47 +1519,47 @@
const char mbedtls_test_cli_crt_ec[] = TEST_CLI_CRT_EC;
const size_t mbedtls_test_ca_key_rsa_len =
- sizeof( mbedtls_test_ca_key_rsa );
+ sizeof(mbedtls_test_ca_key_rsa);
const size_t mbedtls_test_ca_pwd_rsa_len =
- sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
+ sizeof(mbedtls_test_ca_pwd_rsa) - 1;
const size_t mbedtls_test_ca_crt_rsa_sha256_len =
- sizeof( mbedtls_test_ca_crt_rsa_sha256 );
+ sizeof(mbedtls_test_ca_crt_rsa_sha256);
const size_t mbedtls_test_ca_crt_rsa_sha1_len =
- sizeof( mbedtls_test_ca_crt_rsa_sha1 );
+ sizeof(mbedtls_test_ca_crt_rsa_sha1);
const size_t mbedtls_test_ca_key_ec_len =
- sizeof( mbedtls_test_ca_key_ec );
+ sizeof(mbedtls_test_ca_key_ec);
const size_t mbedtls_test_ca_pwd_ec_len =
- sizeof( mbedtls_test_ca_pwd_ec ) - 1;
+ sizeof(mbedtls_test_ca_pwd_ec) - 1;
const size_t mbedtls_test_ca_crt_ec_len =
- sizeof( mbedtls_test_ca_crt_ec );
+ sizeof(mbedtls_test_ca_crt_ec);
const size_t mbedtls_test_srv_key_rsa_len =
- sizeof( mbedtls_test_srv_key_rsa );
+ sizeof(mbedtls_test_srv_key_rsa);
const size_t mbedtls_test_srv_pwd_rsa_len =
- sizeof( mbedtls_test_srv_pwd_rsa ) -1;
+ sizeof(mbedtls_test_srv_pwd_rsa) -1;
const size_t mbedtls_test_srv_crt_rsa_sha256_len =
- sizeof( mbedtls_test_srv_crt_rsa_sha256 );
+ sizeof(mbedtls_test_srv_crt_rsa_sha256);
const size_t mbedtls_test_srv_crt_rsa_sha1_len =
- sizeof( mbedtls_test_srv_crt_rsa_sha1 );
+ sizeof(mbedtls_test_srv_crt_rsa_sha1);
const size_t mbedtls_test_srv_key_ec_len =
- sizeof( mbedtls_test_srv_key_ec );
+ sizeof(mbedtls_test_srv_key_ec);
const size_t mbedtls_test_srv_pwd_ec_len =
- sizeof( mbedtls_test_srv_pwd_ec ) - 1;
+ sizeof(mbedtls_test_srv_pwd_ec) - 1;
const size_t mbedtls_test_srv_crt_ec_len =
- sizeof( mbedtls_test_srv_crt_ec );
+ sizeof(mbedtls_test_srv_crt_ec);
const size_t mbedtls_test_cli_key_rsa_len =
- sizeof( mbedtls_test_cli_key_rsa );
+ sizeof(mbedtls_test_cli_key_rsa);
const size_t mbedtls_test_cli_pwd_rsa_len =
- sizeof( mbedtls_test_cli_pwd_rsa ) - 1;
+ sizeof(mbedtls_test_cli_pwd_rsa) - 1;
const size_t mbedtls_test_cli_crt_rsa_len =
- sizeof( mbedtls_test_cli_crt_rsa );
+ sizeof(mbedtls_test_cli_crt_rsa);
const size_t mbedtls_test_cli_key_ec_len =
- sizeof( mbedtls_test_cli_key_ec );
+ sizeof(mbedtls_test_cli_key_ec);
const size_t mbedtls_test_cli_pwd_ec_len =
- sizeof( mbedtls_test_cli_pwd_ec ) - 1;
+ sizeof(mbedtls_test_cli_pwd_ec) - 1;
const size_t mbedtls_test_cli_crt_ec_len =
- sizeof( mbedtls_test_cli_crt_ec );
+ sizeof(mbedtls_test_cli_crt_ec);
/*
* Dispatch between SHA-1 and SHA-256
@@ -1577,9 +1577,9 @@
const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA;
const size_t mbedtls_test_ca_crt_rsa_len =
- sizeof( mbedtls_test_ca_crt_rsa );
+ sizeof(mbedtls_test_ca_crt_rsa);
const size_t mbedtls_test_srv_crt_rsa_len =
- sizeof( mbedtls_test_srv_crt_rsa );
+ sizeof(mbedtls_test_srv_crt_rsa);
/*
* Dispatch between RSA and EC
@@ -1642,25 +1642,25 @@
const char *mbedtls_test_cli_crt = test_cli_crt;
const size_t mbedtls_test_ca_key_len =
- sizeof( test_ca_key );
+ sizeof(test_ca_key);
const size_t mbedtls_test_ca_pwd_len =
- sizeof( test_ca_pwd ) - 1;
+ sizeof(test_ca_pwd) - 1;
const size_t mbedtls_test_ca_crt_len =
- sizeof( test_ca_crt );
+ sizeof(test_ca_crt);
const size_t mbedtls_test_srv_key_len =
- sizeof( test_srv_key );
+ sizeof(test_srv_key);
const size_t mbedtls_test_srv_pwd_len =
- sizeof( test_srv_pwd ) - 1;
+ sizeof(test_srv_pwd) - 1;
const size_t mbedtls_test_srv_crt_len =
- sizeof( test_srv_crt );
+ sizeof(test_srv_crt);
const size_t mbedtls_test_cli_key_len =
- sizeof( test_cli_key );
+ sizeof(test_cli_key);
const size_t mbedtls_test_cli_pwd_len =
- sizeof( test_cli_pwd ) - 1;
+ sizeof(test_cli_pwd) - 1;
const size_t mbedtls_test_cli_crt_len =
- sizeof( test_cli_crt );
+ sizeof(test_cli_crt);
/*
*
@@ -1669,7 +1669,7 @@
*/
/* List of CAs in PEM or DER, depending on config */
-const char * mbedtls_test_cas[] = {
+const char *mbedtls_test_cas[] = {
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C)
mbedtls_test_ca_crt_rsa_sha1,
#endif
@@ -1683,19 +1683,19 @@
};
const size_t mbedtls_test_cas_len[] = {
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C)
- sizeof( mbedtls_test_ca_crt_rsa_sha1 ),
+ sizeof(mbedtls_test_ca_crt_rsa_sha1),
#endif
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
- sizeof( mbedtls_test_ca_crt_rsa_sha256 ),
+ sizeof(mbedtls_test_ca_crt_rsa_sha256),
#endif
#if defined(MBEDTLS_ECDSA_C)
- sizeof( mbedtls_test_ca_crt_ec ),
+ sizeof(mbedtls_test_ca_crt_ec),
#endif
0
};
/* List of all available CA certificates in DER format */
-const unsigned char * mbedtls_test_cas_der[] = {
+const unsigned char *mbedtls_test_cas_der[] = {
#if defined(MBEDTLS_RSA_C)
#if defined(MBEDTLS_SHA256_C)
mbedtls_test_ca_crt_rsa_sha256_der,
@@ -1713,14 +1713,14 @@
const size_t mbedtls_test_cas_der_len[] = {
#if defined(MBEDTLS_RSA_C)
#if defined(MBEDTLS_SHA256_C)
- sizeof( mbedtls_test_ca_crt_rsa_sha256_der ),
+ sizeof(mbedtls_test_ca_crt_rsa_sha256_der),
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA1_C)
- sizeof( mbedtls_test_ca_crt_rsa_sha1_der ),
+ sizeof(mbedtls_test_ca_crt_rsa_sha1_der),
#endif /* MBEDTLS_SHA1_C */
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECDSA_C)
- sizeof( mbedtls_test_ca_crt_ec_der ),
+ sizeof(mbedtls_test_ca_crt_ec_der),
#endif /* MBEDTLS_ECDSA_C */
0
};
@@ -1740,7 +1740,7 @@
TEST_CA_CRT_EC_PEM
#endif /* MBEDTLS_ECDSA_C */
"";
-const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem );
+const size_t mbedtls_test_cas_pem_len = sizeof(mbedtls_test_cas_pem);
#endif /* MBEDTLS_PEM_PARSE_C */
#endif /* MBEDTLS_CERTS_C */
diff --git a/library/chacha20.c b/library/chacha20.c
index bd07014..53f1d39 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -37,17 +37,17 @@
#if !defined(MBEDTLS_CHACHA20_ALT)
/* Parameter validation macros */
-#define CHACHA20_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
-#define CHACHA20_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define CHACHA20_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA)
+#define CHACHA20_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
-#define ROTL32( value, amount ) \
- ( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) )
+#define ROTL32(value, amount) \
+ ((uint32_t) ((value) << (amount)) | ((value) >> (32 - (amount))))
-#define CHACHA20_CTR_INDEX ( 12U )
+#define CHACHA20_CTR_INDEX (12U)
-#define CHACHA20_BLOCK_SIZE_BYTES ( 4U * 16U )
+#define CHACHA20_BLOCK_SIZE_BYTES (4U * 16U)
/**
* \brief ChaCha20 quarter round operation.
@@ -64,31 +64,31 @@
* \param c The index of 'c' in the state.
* \param d The index of 'd' in the state.
*/
-static inline void chacha20_quarter_round( uint32_t state[16],
- size_t a,
- size_t b,
- size_t c,
- size_t d )
+static inline void chacha20_quarter_round(uint32_t state[16],
+ size_t a,
+ size_t b,
+ size_t c,
+ size_t d)
{
/* a += b; d ^= a; d <<<= 16; */
state[a] += state[b];
state[d] ^= state[a];
- state[d] = ROTL32( state[d], 16 );
+ state[d] = ROTL32(state[d], 16);
/* c += d; b ^= c; b <<<= 12 */
state[c] += state[d];
state[b] ^= state[c];
- state[b] = ROTL32( state[b], 12 );
+ state[b] = ROTL32(state[b], 12);
/* a += b; d ^= a; d <<<= 8; */
state[a] += state[b];
state[d] ^= state[a];
- state[d] = ROTL32( state[d], 8 );
+ state[d] = ROTL32(state[d], 8);
/* c += d; b ^= c; b <<<= 7; */
state[c] += state[d];
state[b] ^= state[c];
- state[b] = ROTL32( state[b], 7 );
+ state[b] = ROTL32(state[b], 7);
}
/**
@@ -99,17 +99,17 @@
*
* \param state The ChaCha20 state to update.
*/
-static void chacha20_inner_block( uint32_t state[16] )
+static void chacha20_inner_block(uint32_t state[16])
{
- chacha20_quarter_round( state, 0, 4, 8, 12 );
- chacha20_quarter_round( state, 1, 5, 9, 13 );
- chacha20_quarter_round( state, 2, 6, 10, 14 );
- chacha20_quarter_round( state, 3, 7, 11, 15 );
+ chacha20_quarter_round(state, 0, 4, 8, 12);
+ chacha20_quarter_round(state, 1, 5, 9, 13);
+ chacha20_quarter_round(state, 2, 6, 10, 14);
+ chacha20_quarter_round(state, 3, 7, 11, 15);
- chacha20_quarter_round( state, 0, 5, 10, 15 );
- chacha20_quarter_round( state, 1, 6, 11, 12 );
- chacha20_quarter_round( state, 2, 7, 8, 13 );
- chacha20_quarter_round( state, 3, 4, 9, 14 );
+ chacha20_quarter_round(state, 0, 5, 10, 15);
+ chacha20_quarter_round(state, 1, 6, 11, 12);
+ chacha20_quarter_round(state, 2, 7, 8, 13);
+ chacha20_quarter_round(state, 3, 4, 9, 14);
}
/**
@@ -118,29 +118,30 @@
* \param initial_state The initial ChaCha20 state (key, nonce, counter).
* \param keystream Generated keystream bytes are written to this buffer.
*/
-static void chacha20_block( const uint32_t initial_state[16],
- unsigned char keystream[64] )
+static void chacha20_block(const uint32_t initial_state[16],
+ unsigned char keystream[64])
{
uint32_t working_state[16];
size_t i;
- memcpy( working_state,
- initial_state,
- CHACHA20_BLOCK_SIZE_BYTES );
+ memcpy(working_state,
+ initial_state,
+ CHACHA20_BLOCK_SIZE_BYTES);
- for( i = 0U; i < 10U; i++ )
- chacha20_inner_block( working_state );
+ for (i = 0U; i < 10U; i++) {
+ chacha20_inner_block(working_state);
+ }
- working_state[ 0] += initial_state[ 0];
- working_state[ 1] += initial_state[ 1];
- working_state[ 2] += initial_state[ 2];
- working_state[ 3] += initial_state[ 3];
- working_state[ 4] += initial_state[ 4];
- working_state[ 5] += initial_state[ 5];
- working_state[ 6] += initial_state[ 6];
- working_state[ 7] += initial_state[ 7];
- working_state[ 8] += initial_state[ 8];
- working_state[ 9] += initial_state[ 9];
+ working_state[0] += initial_state[0];
+ working_state[1] += initial_state[1];
+ working_state[2] += initial_state[2];
+ working_state[3] += initial_state[3];
+ working_state[4] += initial_state[4];
+ working_state[5] += initial_state[5];
+ working_state[6] += initial_state[6];
+ working_state[7] += initial_state[7];
+ working_state[8] += initial_state[8];
+ working_state[9] += initial_state[9];
working_state[10] += initial_state[10];
working_state[11] += initial_state[11];
working_state[12] += initial_state[12];
@@ -148,40 +149,38 @@
working_state[14] += initial_state[14];
working_state[15] += initial_state[15];
- for( i = 0U; i < 16; i++ )
- {
+ for (i = 0U; i < 16; i++) {
size_t offset = i * 4U;
MBEDTLS_PUT_UINT32_LE(working_state[i], keystream, offset);
}
- mbedtls_platform_zeroize( working_state, sizeof( working_state ) );
+ mbedtls_platform_zeroize(working_state, sizeof(working_state));
}
-void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
+void mbedtls_chacha20_init(mbedtls_chacha20_context *ctx)
{
- CHACHA20_VALIDATE( ctx != NULL );
+ CHACHA20_VALIDATE(ctx != NULL);
- mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
- mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
+ mbedtls_platform_zeroize(ctx->state, sizeof(ctx->state));
+ mbedtls_platform_zeroize(ctx->keystream8, sizeof(ctx->keystream8));
/* Initially, there's no keystream bytes available */
ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
}
-void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
+void mbedtls_chacha20_free(mbedtls_chacha20_context *ctx)
{
- if( ctx != NULL )
- {
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_chacha20_context ) );
+ if (ctx != NULL) {
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_chacha20_context));
}
}
-int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
- const unsigned char key[32] )
+int mbedtls_chacha20_setkey(mbedtls_chacha20_context *ctx,
+ const unsigned char key[32])
{
- CHACHA20_VALIDATE_RET( ctx != NULL );
- CHACHA20_VALIDATE_RET( key != NULL );
+ CHACHA20_VALIDATE_RET(ctx != NULL);
+ CHACHA20_VALIDATE_RET(key != NULL);
/* ChaCha20 constants - the string "expand 32-byte k" */
ctx->state[0] = 0x61707865;
@@ -190,58 +189,57 @@
ctx->state[3] = 0x6b206574;
/* Set key */
- ctx->state[4] = MBEDTLS_GET_UINT32_LE( key, 0 );
- ctx->state[5] = MBEDTLS_GET_UINT32_LE( key, 4 );
- ctx->state[6] = MBEDTLS_GET_UINT32_LE( key, 8 );
- ctx->state[7] = MBEDTLS_GET_UINT32_LE( key, 12 );
- ctx->state[8] = MBEDTLS_GET_UINT32_LE( key, 16 );
- ctx->state[9] = MBEDTLS_GET_UINT32_LE( key, 20 );
- ctx->state[10] = MBEDTLS_GET_UINT32_LE( key, 24 );
- ctx->state[11] = MBEDTLS_GET_UINT32_LE( key, 28 );
+ ctx->state[4] = MBEDTLS_GET_UINT32_LE(key, 0);
+ ctx->state[5] = MBEDTLS_GET_UINT32_LE(key, 4);
+ ctx->state[6] = MBEDTLS_GET_UINT32_LE(key, 8);
+ ctx->state[7] = MBEDTLS_GET_UINT32_LE(key, 12);
+ ctx->state[8] = MBEDTLS_GET_UINT32_LE(key, 16);
+ ctx->state[9] = MBEDTLS_GET_UINT32_LE(key, 20);
+ ctx->state[10] = MBEDTLS_GET_UINT32_LE(key, 24);
+ ctx->state[11] = MBEDTLS_GET_UINT32_LE(key, 28);
- return( 0 );
+ return 0;
}
-int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
- const unsigned char nonce[12],
- uint32_t counter )
+int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx,
+ const unsigned char nonce[12],
+ uint32_t counter)
{
- CHACHA20_VALIDATE_RET( ctx != NULL );
- CHACHA20_VALIDATE_RET( nonce != NULL );
+ CHACHA20_VALIDATE_RET(ctx != NULL);
+ CHACHA20_VALIDATE_RET(nonce != NULL);
/* Counter */
ctx->state[12] = counter;
/* Nonce */
- ctx->state[13] = MBEDTLS_GET_UINT32_LE( nonce, 0 );
- ctx->state[14] = MBEDTLS_GET_UINT32_LE( nonce, 4 );
- ctx->state[15] = MBEDTLS_GET_UINT32_LE( nonce, 8 );
+ ctx->state[13] = MBEDTLS_GET_UINT32_LE(nonce, 0);
+ ctx->state[14] = MBEDTLS_GET_UINT32_LE(nonce, 4);
+ ctx->state[15] = MBEDTLS_GET_UINT32_LE(nonce, 8);
- mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
+ mbedtls_platform_zeroize(ctx->keystream8, sizeof(ctx->keystream8));
/* Initially, there's no keystream bytes available */
ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
- return( 0 );
+ return 0;
}
-int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
- size_t size,
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_chacha20_update(mbedtls_chacha20_context *ctx,
+ size_t size,
+ const unsigned char *input,
+ unsigned char *output)
{
size_t offset = 0U;
size_t i;
- CHACHA20_VALIDATE_RET( ctx != NULL );
- CHACHA20_VALIDATE_RET( size == 0 || input != NULL );
- CHACHA20_VALIDATE_RET( size == 0 || output != NULL );
+ CHACHA20_VALIDATE_RET(ctx != NULL);
+ CHACHA20_VALIDATE_RET(size == 0 || input != NULL);
+ CHACHA20_VALIDATE_RET(size == 0 || output != NULL);
/* Use leftover keystream bytes, if available */
- while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
- {
+ while (size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES) {
output[offset] = input[offset]
- ^ ctx->keystream8[ctx->keystream_bytes_used];
+ ^ ctx->keystream8[ctx->keystream_bytes_used];
ctx->keystream_bytes_used++;
offset++;
@@ -249,15 +247,13 @@
}
/* Process full blocks */
- while( size >= CHACHA20_BLOCK_SIZE_BYTES )
- {
+ while (size >= CHACHA20_BLOCK_SIZE_BYTES) {
/* Generate new keystream block and increment counter */
- chacha20_block( ctx->state, ctx->keystream8 );
+ chacha20_block(ctx->state, ctx->keystream8);
ctx->state[CHACHA20_CTR_INDEX]++;
- for( i = 0U; i < 64U; i += 8U )
- {
- output[offset + i ] = input[offset + i ] ^ ctx->keystream8[i ];
+ for (i = 0U; i < 64U; i += 8U) {
+ output[offset + i] = input[offset + i] ^ ctx->keystream8[i];
output[offset + i+1] = input[offset + i+1] ^ ctx->keystream8[i+1];
output[offset + i+2] = input[offset + i+2] ^ ctx->keystream8[i+2];
output[offset + i+3] = input[offset + i+3] ^ ctx->keystream8[i+3];
@@ -272,14 +268,12 @@
}
/* Last (partial) block */
- if( size > 0U )
- {
+ if (size > 0U) {
/* Generate new keystream block and increment counter */
- chacha20_block( ctx->state, ctx->keystream8 );
+ chacha20_block(ctx->state, ctx->keystream8);
ctx->state[CHACHA20_CTR_INDEX]++;
- for( i = 0U; i < size; i++)
- {
+ for (i = 0U; i < size; i++) {
output[offset + i] = input[offset + i] ^ ctx->keystream8[i];
}
@@ -287,39 +281,41 @@
}
- return( 0 );
+ return 0;
}
-int mbedtls_chacha20_crypt( const unsigned char key[32],
- const unsigned char nonce[12],
- uint32_t counter,
- size_t data_len,
- const unsigned char* input,
- unsigned char* output )
+int mbedtls_chacha20_crypt(const unsigned char key[32],
+ const unsigned char nonce[12],
+ uint32_t counter,
+ size_t data_len,
+ const unsigned char *input,
+ unsigned char *output)
{
mbedtls_chacha20_context ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- CHACHA20_VALIDATE_RET( key != NULL );
- CHACHA20_VALIDATE_RET( nonce != NULL );
- CHACHA20_VALIDATE_RET( data_len == 0 || input != NULL );
- CHACHA20_VALIDATE_RET( data_len == 0 || output != NULL );
+ CHACHA20_VALIDATE_RET(key != NULL);
+ CHACHA20_VALIDATE_RET(nonce != NULL);
+ CHACHA20_VALIDATE_RET(data_len == 0 || input != NULL);
+ CHACHA20_VALIDATE_RET(data_len == 0 || output != NULL);
- mbedtls_chacha20_init( &ctx );
+ mbedtls_chacha20_init(&ctx);
- ret = mbedtls_chacha20_setkey( &ctx, key );
- if( ret != 0 )
+ ret = mbedtls_chacha20_setkey(&ctx, key);
+ if (ret != 0) {
goto cleanup;
+ }
- ret = mbedtls_chacha20_starts( &ctx, nonce, counter );
- if( ret != 0 )
+ ret = mbedtls_chacha20_starts(&ctx, nonce, counter);
+ if (ret != 0) {
goto cleanup;
+ }
- ret = mbedtls_chacha20_update( &ctx, data_len, input, output );
+ ret = mbedtls_chacha20_update(&ctx, data_len, input, output);
cleanup:
- mbedtls_chacha20_free( &ctx );
- return( ret );
+ mbedtls_chacha20_free(&ctx);
+ return ret;
}
#endif /* !MBEDTLS_CHACHA20_ALT */
@@ -495,50 +491,52 @@
/* Make sure no other definition is already present. */
#undef ASSERT
-#define ASSERT( cond, args ) \
+#define ASSERT(cond, args) \
do \
{ \
- if( ! ( cond ) ) \
+ if (!(cond)) \
{ \
- if( verbose != 0 ) \
- mbedtls_printf args; \
+ if (verbose != 0) \
+ mbedtls_printf args; \
\
- return( -1 ); \
+ return -1; \
} \
} \
- while( 0 )
+ while (0)
-int mbedtls_chacha20_self_test( int verbose )
+int mbedtls_chacha20_self_test(int verbose)
{
unsigned char output[381];
unsigned i;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- for( i = 0U; i < 2U; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " ChaCha20 test %u ", i );
+ for (i = 0U; i < 2U; i++) {
+ if (verbose != 0) {
+ mbedtls_printf(" ChaCha20 test %u ", i);
+ }
- ret = mbedtls_chacha20_crypt( test_keys[i],
- test_nonces[i],
- test_counters[i],
- test_lengths[i],
- test_input[i],
- output );
+ ret = mbedtls_chacha20_crypt(test_keys[i],
+ test_nonces[i],
+ test_counters[i],
+ test_lengths[i],
+ test_input[i],
+ output);
- ASSERT( 0 == ret, ( "error code: %i\n", ret ) );
+ ASSERT(0 == ret, ("error code: %i\n", ret));
- ASSERT( 0 == memcmp( output, test_output[i], test_lengths[i] ),
- ( "failed (output)\n" ) );
+ ASSERT(0 == memcmp(output, test_output[i], test_lengths[i]),
+ ("failed (output)\n"));
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/chachapoly.c b/library/chachapoly.c
index 4adf846..ceb4292 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -33,34 +33,35 @@
#if !defined(MBEDTLS_CHACHAPOLY_ALT)
/* Parameter validation macros */
-#define CHACHAPOLY_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )
-#define CHACHAPOLY_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define CHACHAPOLY_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA)
+#define CHACHAPOLY_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
-#define CHACHAPOLY_STATE_INIT ( 0 )
-#define CHACHAPOLY_STATE_AAD ( 1 )
-#define CHACHAPOLY_STATE_CIPHERTEXT ( 2 ) /* Encrypting or decrypting */
-#define CHACHAPOLY_STATE_FINISHED ( 3 )
+#define CHACHAPOLY_STATE_INIT (0)
+#define CHACHAPOLY_STATE_AAD (1)
+#define CHACHAPOLY_STATE_CIPHERTEXT (2) /* Encrypting or decrypting */
+#define CHACHAPOLY_STATE_FINISHED (3)
/**
* \brief Adds nul bytes to pad the AAD for Poly1305.
*
* \param ctx The ChaCha20-Poly1305 context.
*/
-static int chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
+static int chachapoly_pad_aad(mbedtls_chachapoly_context *ctx)
{
- uint32_t partial_block_len = (uint32_t) ( ctx->aad_len % 16U );
+ uint32_t partial_block_len = (uint32_t) (ctx->aad_len % 16U);
unsigned char zeroes[15];
- if( partial_block_len == 0U )
- return( 0 );
+ if (partial_block_len == 0U) {
+ return 0;
+ }
- memset( zeroes, 0, sizeof( zeroes ) );
+ memset(zeroes, 0, sizeof(zeroes));
- return( mbedtls_poly1305_update( &ctx->poly1305_ctx,
- zeroes,
- 16U - partial_block_len ) );
+ return mbedtls_poly1305_update(&ctx->poly1305_ctx,
+ zeroes,
+ 16U - partial_block_len);
}
/**
@@ -68,86 +69,89 @@
*
* \param ctx The ChaCha20-Poly1305 context.
*/
-static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
+static int chachapoly_pad_ciphertext(mbedtls_chachapoly_context *ctx)
{
- uint32_t partial_block_len = (uint32_t) ( ctx->ciphertext_len % 16U );
+ uint32_t partial_block_len = (uint32_t) (ctx->ciphertext_len % 16U);
unsigned char zeroes[15];
- if( partial_block_len == 0U )
- return( 0 );
+ if (partial_block_len == 0U) {
+ return 0;
+ }
- memset( zeroes, 0, sizeof( zeroes ) );
- return( mbedtls_poly1305_update( &ctx->poly1305_ctx,
- zeroes,
- 16U - partial_block_len ) );
+ memset(zeroes, 0, sizeof(zeroes));
+ return mbedtls_poly1305_update(&ctx->poly1305_ctx,
+ zeroes,
+ 16U - partial_block_len);
}
-void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
+void mbedtls_chachapoly_init(mbedtls_chachapoly_context *ctx)
{
- CHACHAPOLY_VALIDATE( ctx != NULL );
+ CHACHAPOLY_VALIDATE(ctx != NULL);
- mbedtls_chacha20_init( &ctx->chacha20_ctx );
- mbedtls_poly1305_init( &ctx->poly1305_ctx );
+ mbedtls_chacha20_init(&ctx->chacha20_ctx);
+ mbedtls_poly1305_init(&ctx->poly1305_ctx);
ctx->aad_len = 0U;
ctx->ciphertext_len = 0U;
ctx->state = CHACHAPOLY_STATE_INIT;
ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
}
-void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx )
+void mbedtls_chachapoly_free(mbedtls_chachapoly_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_chacha20_free( &ctx->chacha20_ctx );
- mbedtls_poly1305_free( &ctx->poly1305_ctx );
+ mbedtls_chacha20_free(&ctx->chacha20_ctx);
+ mbedtls_poly1305_free(&ctx->poly1305_ctx);
ctx->aad_len = 0U;
ctx->ciphertext_len = 0U;
ctx->state = CHACHAPOLY_STATE_INIT;
ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
}
-int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
- const unsigned char key[32] )
+int mbedtls_chachapoly_setkey(mbedtls_chachapoly_context *ctx,
+ const unsigned char key[32])
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- CHACHAPOLY_VALIDATE_RET( ctx != NULL );
- CHACHAPOLY_VALIDATE_RET( key != NULL );
+ CHACHAPOLY_VALIDATE_RET(ctx != NULL);
+ CHACHAPOLY_VALIDATE_RET(key != NULL);
- ret = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key );
+ ret = mbedtls_chacha20_setkey(&ctx->chacha20_ctx, key);
- return( ret );
+ return ret;
}
-int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
- const unsigned char nonce[12],
- mbedtls_chachapoly_mode_t mode )
+int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx,
+ const unsigned char nonce[12],
+ mbedtls_chachapoly_mode_t mode)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char poly1305_key[64];
- CHACHAPOLY_VALIDATE_RET( ctx != NULL );
- CHACHAPOLY_VALIDATE_RET( nonce != NULL );
+ CHACHAPOLY_VALIDATE_RET(ctx != NULL);
+ CHACHAPOLY_VALIDATE_RET(nonce != NULL);
/* Set counter = 0, will be update to 1 when generating Poly1305 key */
- ret = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U );
- if( ret != 0 )
+ ret = mbedtls_chacha20_starts(&ctx->chacha20_ctx, nonce, 0U);
+ if (ret != 0) {
goto cleanup;
+ }
/* Generate the Poly1305 key by getting the ChaCha20 keystream output with
* counter = 0. This is the same as encrypting a buffer of zeroes.
* Only the first 256-bits (32 bytes) of the key is used for Poly1305.
* The other 256 bits are discarded.
*/
- memset( poly1305_key, 0, sizeof( poly1305_key ) );
- ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, sizeof( poly1305_key ),
- poly1305_key, poly1305_key );
- if( ret != 0 )
+ memset(poly1305_key, 0, sizeof(poly1305_key));
+ ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, sizeof(poly1305_key),
+ poly1305_key, poly1305_key);
+ if (ret != 0) {
goto cleanup;
+ }
- ret = mbedtls_poly1305_starts( &ctx->poly1305_ctx, poly1305_key );
+ ret = mbedtls_poly1305_starts(&ctx->poly1305_ctx, poly1305_key);
- if( ret == 0 )
- {
+ if (ret == 0) {
ctx->aad_len = 0U;
ctx->ciphertext_len = 0U;
ctx->state = CHACHAPOLY_STATE_AAD;
@@ -155,100 +159,99 @@
}
cleanup:
- mbedtls_platform_zeroize( poly1305_key, 64U );
- return( ret );
+ mbedtls_platform_zeroize(poly1305_key, 64U);
+ return ret;
}
-int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
- const unsigned char *aad,
- size_t aad_len )
+int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx,
+ const unsigned char *aad,
+ size_t aad_len)
{
- CHACHAPOLY_VALIDATE_RET( ctx != NULL );
- CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
+ CHACHAPOLY_VALIDATE_RET(ctx != NULL);
+ CHACHAPOLY_VALIDATE_RET(aad_len == 0 || aad != NULL);
- if( ctx->state != CHACHAPOLY_STATE_AAD )
- return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+ if (ctx->state != CHACHAPOLY_STATE_AAD) {
+ return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE;
+ }
ctx->aad_len += aad_len;
- return( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad, aad_len ) );
+ return mbedtls_poly1305_update(&ctx->poly1305_ctx, aad, aad_len);
}
-int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
- size_t len,
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx,
+ size_t len,
+ const unsigned char *input,
+ unsigned char *output)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- CHACHAPOLY_VALIDATE_RET( ctx != NULL );
- CHACHAPOLY_VALIDATE_RET( len == 0 || input != NULL );
- CHACHAPOLY_VALIDATE_RET( len == 0 || output != NULL );
+ CHACHAPOLY_VALIDATE_RET(ctx != NULL);
+ CHACHAPOLY_VALIDATE_RET(len == 0 || input != NULL);
+ CHACHAPOLY_VALIDATE_RET(len == 0 || output != NULL);
- if( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
- ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
- {
- return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+ if ((ctx->state != CHACHAPOLY_STATE_AAD) &&
+ (ctx->state != CHACHAPOLY_STATE_CIPHERTEXT)) {
+ return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE;
}
- if( ctx->state == CHACHAPOLY_STATE_AAD )
- {
+ if (ctx->state == CHACHAPOLY_STATE_AAD) {
ctx->state = CHACHAPOLY_STATE_CIPHERTEXT;
- ret = chachapoly_pad_aad( ctx );
- if( ret != 0 )
- return( ret );
+ ret = chachapoly_pad_aad(ctx);
+ if (ret != 0) {
+ return ret;
+ }
}
ctx->ciphertext_len += len;
- if( ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT )
- {
- ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
- if( ret != 0 )
- return( ret );
+ if (ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT) {
+ ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output);
+ if (ret != 0) {
+ return ret;
+ }
- ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, output, len );
- if( ret != 0 )
- return( ret );
- }
- else /* DECRYPT */
- {
- ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, input, len );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, output, len);
+ if (ret != 0) {
+ return ret;
+ }
+ } else { /* DECRYPT */
+ ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, input, len);
+ if (ret != 0) {
+ return ret;
+ }
- ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output);
+ if (ret != 0) {
+ return ret;
+ }
}
- return( 0 );
+ return 0;
}
-int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
- unsigned char mac[16] )
+int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx,
+ unsigned char mac[16])
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char len_block[16];
- CHACHAPOLY_VALIDATE_RET( ctx != NULL );
- CHACHAPOLY_VALIDATE_RET( mac != NULL );
+ CHACHAPOLY_VALIDATE_RET(ctx != NULL);
+ CHACHAPOLY_VALIDATE_RET(mac != NULL);
- if( ctx->state == CHACHAPOLY_STATE_INIT )
- {
- return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+ if (ctx->state == CHACHAPOLY_STATE_INIT) {
+ return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE;
}
- if( ctx->state == CHACHAPOLY_STATE_AAD )
- {
- ret = chachapoly_pad_aad( ctx );
- if( ret != 0 )
- return( ret );
- }
- else if( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT )
- {
- ret = chachapoly_pad_ciphertext( ctx );
- if( ret != 0 )
- return( ret );
+ if (ctx->state == CHACHAPOLY_STATE_AAD) {
+ ret = chachapoly_pad_aad(ctx);
+ if (ret != 0) {
+ return ret;
+ }
+ } else if (ctx->state == CHACHAPOLY_STATE_CIPHERTEXT) {
+ ret = chachapoly_pad_ciphertext(ctx);
+ if (ret != 0) {
+ return ret;
+ }
}
ctx->state = CHACHAPOLY_STATE_FINISHED;
@@ -259,104 +262,107 @@
MBEDTLS_PUT_UINT64_LE(ctx->aad_len, len_block, 0);
MBEDTLS_PUT_UINT64_LE(ctx->ciphertext_len, len_block, 8);
- ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, len_block, 16U);
+ if (ret != 0) {
+ return ret;
+ }
- ret = mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac );
+ ret = mbedtls_poly1305_finish(&ctx->poly1305_ctx, mac);
- return( ret );
+ return ret;
}
-static int chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
- mbedtls_chachapoly_mode_t mode,
- size_t length,
- const unsigned char nonce[12],
- const unsigned char *aad,
- size_t aad_len,
- const unsigned char *input,
- unsigned char *output,
- unsigned char tag[16] )
+static int chachapoly_crypt_and_tag(mbedtls_chachapoly_context *ctx,
+ mbedtls_chachapoly_mode_t mode,
+ size_t length,
+ const unsigned char nonce[12],
+ const unsigned char *aad,
+ size_t aad_len,
+ const unsigned char *input,
+ unsigned char *output,
+ unsigned char tag[16])
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ret = mbedtls_chachapoly_starts( ctx, nonce, mode );
- if( ret != 0 )
+ ret = mbedtls_chachapoly_starts(ctx, nonce, mode);
+ if (ret != 0) {
goto cleanup;
+ }
- ret = mbedtls_chachapoly_update_aad( ctx, aad, aad_len );
- if( ret != 0 )
+ ret = mbedtls_chachapoly_update_aad(ctx, aad, aad_len);
+ if (ret != 0) {
goto cleanup;
+ }
- ret = mbedtls_chachapoly_update( ctx, length, input, output );
- if( ret != 0 )
+ ret = mbedtls_chachapoly_update(ctx, length, input, output);
+ if (ret != 0) {
goto cleanup;
+ }
- ret = mbedtls_chachapoly_finish( ctx, tag );
+ ret = mbedtls_chachapoly_finish(ctx, tag);
cleanup:
- return( ret );
+ return ret;
}
-int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
- size_t length,
- const unsigned char nonce[12],
- const unsigned char *aad,
- size_t aad_len,
- const unsigned char *input,
- unsigned char *output,
- unsigned char tag[16] )
+int mbedtls_chachapoly_encrypt_and_tag(mbedtls_chachapoly_context *ctx,
+ size_t length,
+ const unsigned char nonce[12],
+ const unsigned char *aad,
+ size_t aad_len,
+ const unsigned char *input,
+ unsigned char *output,
+ unsigned char tag[16])
{
- CHACHAPOLY_VALIDATE_RET( ctx != NULL );
- CHACHAPOLY_VALIDATE_RET( nonce != NULL );
- CHACHAPOLY_VALIDATE_RET( tag != NULL );
- CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
- CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL );
- CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL );
+ CHACHAPOLY_VALIDATE_RET(ctx != NULL);
+ CHACHAPOLY_VALIDATE_RET(nonce != NULL);
+ CHACHAPOLY_VALIDATE_RET(tag != NULL);
+ CHACHAPOLY_VALIDATE_RET(aad_len == 0 || aad != NULL);
+ CHACHAPOLY_VALIDATE_RET(length == 0 || input != NULL);
+ CHACHAPOLY_VALIDATE_RET(length == 0 || output != NULL);
- return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
- length, nonce, aad, aad_len,
- input, output, tag ) );
+ return chachapoly_crypt_and_tag(ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
+ length, nonce, aad, aad_len,
+ input, output, tag);
}
-int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
- size_t length,
- const unsigned char nonce[12],
- const unsigned char *aad,
- size_t aad_len,
- const unsigned char tag[16],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx,
+ size_t length,
+ const unsigned char nonce[12],
+ const unsigned char *aad,
+ size_t aad_len,
+ const unsigned char tag[16],
+ const unsigned char *input,
+ unsigned char *output)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char check_tag[16];
size_t i;
int diff;
- CHACHAPOLY_VALIDATE_RET( ctx != NULL );
- CHACHAPOLY_VALIDATE_RET( nonce != NULL );
- CHACHAPOLY_VALIDATE_RET( tag != NULL );
- CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
- CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL );
- CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL );
+ CHACHAPOLY_VALIDATE_RET(ctx != NULL);
+ CHACHAPOLY_VALIDATE_RET(nonce != NULL);
+ CHACHAPOLY_VALIDATE_RET(tag != NULL);
+ CHACHAPOLY_VALIDATE_RET(aad_len == 0 || aad != NULL);
+ CHACHAPOLY_VALIDATE_RET(length == 0 || input != NULL);
+ CHACHAPOLY_VALIDATE_RET(length == 0 || output != NULL);
- if( ( ret = chachapoly_crypt_and_tag( ctx,
- MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
- aad, aad_len, input, output, check_tag ) ) != 0 )
- {
- return( ret );
+ if ((ret = chachapoly_crypt_and_tag(ctx,
+ MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
+ aad, aad_len, input, output, check_tag)) != 0) {
+ return ret;
}
/* Check tag in "constant-time" */
- for( diff = 0, i = 0; i < sizeof( check_tag ); i++ )
+ for (diff = 0, i = 0; i < sizeof(check_tag); i++) {
diff |= tag[i] ^ check_tag[i];
-
- if( diff != 0 )
- {
- mbedtls_platform_zeroize( output, length );
- return( MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED );
}
- return( 0 );
+ if (diff != 0) {
+ mbedtls_platform_zeroize(output, length);
+ return MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED;
+ }
+
+ return 0;
}
#endif /* MBEDTLS_CHACHAPOLY_ALT */
@@ -452,20 +458,20 @@
/* Make sure no other definition is already present. */
#undef ASSERT
-#define ASSERT( cond, args ) \
+#define ASSERT(cond, args) \
do \
{ \
- if( ! ( cond ) ) \
+ if (!(cond)) \
{ \
- if( verbose != 0 ) \
- mbedtls_printf args; \
+ if (verbose != 0) \
+ mbedtls_printf args; \
\
- return( -1 ); \
+ return -1; \
} \
} \
- while( 0 )
+ while (0)
-int mbedtls_chachapoly_self_test( int verbose )
+int mbedtls_chachapoly_self_test(int verbose)
{
mbedtls_chachapoly_context ctx;
unsigned i;
@@ -473,43 +479,45 @@
unsigned char output[200];
unsigned char mac[16];
- for( i = 0U; i < 1U; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " ChaCha20-Poly1305 test %u ", i );
+ for (i = 0U; i < 1U; i++) {
+ if (verbose != 0) {
+ mbedtls_printf(" ChaCha20-Poly1305 test %u ", i);
+ }
- mbedtls_chachapoly_init( &ctx );
+ mbedtls_chachapoly_init(&ctx);
- ret = mbedtls_chachapoly_setkey( &ctx, test_key[i] );
- ASSERT( 0 == ret, ( "setkey() error code: %i\n", ret ) );
+ ret = mbedtls_chachapoly_setkey(&ctx, test_key[i]);
+ ASSERT(0 == ret, ("setkey() error code: %i\n", ret));
- ret = mbedtls_chachapoly_encrypt_and_tag( &ctx,
- test_input_len[i],
- test_nonce[i],
- test_aad[i],
- test_aad_len[i],
- test_input[i],
- output,
- mac );
+ ret = mbedtls_chachapoly_encrypt_and_tag(&ctx,
+ test_input_len[i],
+ test_nonce[i],
+ test_aad[i],
+ test_aad_len[i],
+ test_input[i],
+ output,
+ mac);
- ASSERT( 0 == ret, ( "crypt_and_tag() error code: %i\n", ret ) );
+ ASSERT(0 == ret, ("crypt_and_tag() error code: %i\n", ret));
- ASSERT( 0 == memcmp( output, test_output[i], test_input_len[i] ),
- ( "failure (wrong output)\n" ) );
+ ASSERT(0 == memcmp(output, test_output[i], test_input_len[i]),
+ ("failure (wrong output)\n"));
- ASSERT( 0 == memcmp( mac, test_mac[i], 16U ),
- ( "failure (wrong MAC)\n" ) );
+ ASSERT(0 == memcmp(mac, test_mac[i], 16U),
+ ("failure (wrong MAC)\n"));
- mbedtls_chachapoly_free( &ctx );
+ mbedtls_chachapoly_free(&ctx);
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/check_crypto_config.h b/library/check_crypto_config.h
index d7ad16a..b72de80 100644
--- a/library/check_crypto_config.h
+++ b/library/check_crypto_config.h
@@ -29,57 +29,57 @@
#define MBEDTLS_CHECK_CRYPTO_CONFIG_H
#if defined(PSA_WANT_ALG_CCM) && \
- !( defined(PSA_WANT_KEY_TYPE_AES) || \
- defined(PSA_WANT_KEY_TYPE_CAMELLIA) )
+ !(defined(PSA_WANT_KEY_TYPE_AES) || \
+ defined(PSA_WANT_KEY_TYPE_CAMELLIA))
#error "PSA_WANT_ALG_CCM defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_CMAC) && \
- !( defined(PSA_WANT_KEY_TYPE_AES) || \
- defined(PSA_WANT_KEY_TYPE_CAMELLIA) || \
- defined(PSA_WANT_KEY_TYPE_DES) )
+ !(defined(PSA_WANT_KEY_TYPE_AES) || \
+ defined(PSA_WANT_KEY_TYPE_CAMELLIA) || \
+ defined(PSA_WANT_KEY_TYPE_DES))
#error "PSA_WANT_ALG_CMAC defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \
- !( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) )
+ !(defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
#error "PSA_WANT_ALG_DETERMINISTIC_ECDSA defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_ECDSA) && \
- !( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) )
+ !(defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
#error "PSA_WANT_ALG_ECDSA defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_GCM) && \
- !( defined(PSA_WANT_KEY_TYPE_AES) || \
- defined(PSA_WANT_KEY_TYPE_CAMELLIA) )
+ !(defined(PSA_WANT_KEY_TYPE_AES) || \
+ defined(PSA_WANT_KEY_TYPE_CAMELLIA))
#error "PSA_WANT_ALG_GCM defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) && \
- !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
+ !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY))
#error "PSA_WANT_ALG_RSA_PKCS1V15_CRYPT defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) && \
- !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
+ !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY))
#error "PSA_WANT_ALG_RSA_PKCS1V15_SIGN defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_RSA_OAEP) && \
- !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
+ !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY))
#error "PSA_WANT_ALG_RSA_OAEP defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_RSA_PSS) && \
- !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
+ !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY))
#error "PSA_WANT_ALG_RSA_PSS defined, but not all prerequisites"
#endif
diff --git a/library/cipher.c b/library/cipher.c
index 67e3274..36f87c3 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -65,137 +65,144 @@
#include "mbedtls/platform.h"
-#define CIPHER_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA )
-#define CIPHER_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define CIPHER_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA)
+#define CIPHER_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
static int supported_init = 0;
-const int *mbedtls_cipher_list( void )
+const int *mbedtls_cipher_list(void)
{
const mbedtls_cipher_definition_t *def;
int *type;
- if( ! supported_init )
- {
+ if (!supported_init) {
def = mbedtls_cipher_definitions;
type = mbedtls_cipher_supported;
- while( def->type != 0 )
+ while (def->type != 0) {
*type++ = (*def++).type;
+ }
*type = 0;
supported_init = 1;
}
- return( mbedtls_cipher_supported );
+ return mbedtls_cipher_supported;
}
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type(
- const mbedtls_cipher_type_t cipher_type )
+ const mbedtls_cipher_type_t cipher_type)
{
const mbedtls_cipher_definition_t *def;
- for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
- if( def->type == cipher_type )
- return( def->info );
+ for (def = mbedtls_cipher_definitions; def->info != NULL; def++) {
+ if (def->type == cipher_type) {
+ return def->info;
+ }
+ }
- return( NULL );
+ return NULL;
}
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string(
- const char *cipher_name )
+ const char *cipher_name)
{
const mbedtls_cipher_definition_t *def;
- if( NULL == cipher_name )
- return( NULL );
+ if (NULL == cipher_name) {
+ return NULL;
+ }
- for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
- if( ! strcmp( def->info->name, cipher_name ) )
- return( def->info );
+ for (def = mbedtls_cipher_definitions; def->info != NULL; def++) {
+ if (!strcmp(def->info->name, cipher_name)) {
+ return def->info;
+ }
+ }
- return( NULL );
+ return NULL;
}
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values(
const mbedtls_cipher_id_t cipher_id,
int key_bitlen,
- const mbedtls_cipher_mode_t mode )
+ const mbedtls_cipher_mode_t mode)
{
const mbedtls_cipher_definition_t *def;
- for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
- if( def->info->base->cipher == cipher_id &&
+ for (def = mbedtls_cipher_definitions; def->info != NULL; def++) {
+ if (def->info->base->cipher == cipher_id &&
def->info->key_bitlen == (unsigned) key_bitlen &&
- def->info->mode == mode )
- return( def->info );
+ def->info->mode == mode) {
+ return def->info;
+ }
+ }
- return( NULL );
+ return NULL;
}
-void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx )
+void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx)
{
- CIPHER_VALIDATE( ctx != NULL );
- memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
+ CIPHER_VALIDATE(ctx != NULL);
+ memset(ctx, 0, sizeof(mbedtls_cipher_context_t));
}
-void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
+void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ctx->psa_enabled == 1 )
- {
- if( ctx->cipher_ctx != NULL )
- {
+ if (ctx->psa_enabled == 1) {
+ if (ctx->cipher_ctx != NULL) {
mbedtls_cipher_context_psa * const cipher_psa =
(mbedtls_cipher_context_psa *) ctx->cipher_ctx;
- if( cipher_psa->slot_state == MBEDTLS_CIPHER_PSA_KEY_OWNED )
- {
+ if (cipher_psa->slot_state == MBEDTLS_CIPHER_PSA_KEY_OWNED) {
/* xxx_free() doesn't allow to return failures. */
- (void) psa_destroy_key( cipher_psa->slot );
+ (void) psa_destroy_key(cipher_psa->slot);
}
- mbedtls_platform_zeroize( cipher_psa, sizeof( *cipher_psa ) );
- mbedtls_free( cipher_psa );
+ mbedtls_platform_zeroize(cipher_psa, sizeof(*cipher_psa));
+ mbedtls_free(cipher_psa);
}
- mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t));
return;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_CMAC_C)
- if( ctx->cmac_ctx )
- {
- mbedtls_platform_zeroize( ctx->cmac_ctx,
- sizeof( mbedtls_cmac_context_t ) );
- mbedtls_free( ctx->cmac_ctx );
+ if (ctx->cmac_ctx) {
+ mbedtls_platform_zeroize(ctx->cmac_ctx,
+ sizeof(mbedtls_cmac_context_t));
+ mbedtls_free(ctx->cmac_ctx);
}
#endif
- if( ctx->cipher_ctx )
- ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
+ if (ctx->cipher_ctx) {
+ ctx->cipher_info->base->ctx_free_func(ctx->cipher_ctx);
+ }
- mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t));
}
-int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
- const mbedtls_cipher_info_t *cipher_info )
+int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx,
+ const mbedtls_cipher_info_t *cipher_info)
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- if( cipher_info == NULL )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ CIPHER_VALIDATE_RET(ctx != NULL);
+ if (cipher_info == NULL) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
- memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
+ memset(ctx, 0, sizeof(mbedtls_cipher_context_t));
- if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
- return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
+ if (NULL == (ctx->cipher_ctx = cipher_info->base->ctx_alloc_func())) {
+ return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
+ }
ctx->cipher_info = cipher_info;
@@ -204,106 +211,112 @@
* Ignore possible errors caused by a cipher mode that doesn't use padding
*/
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
- (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_PKCS7 );
+ (void) mbedtls_cipher_set_padding_mode(ctx, MBEDTLS_PADDING_PKCS7);
#else
- (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_NONE );
+ (void) mbedtls_cipher_set_padding_mode(ctx, MBEDTLS_PADDING_NONE);
#endif
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
- const mbedtls_cipher_info_t *cipher_info,
- size_t taglen )
+int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
+ const mbedtls_cipher_info_t *cipher_info,
+ size_t taglen)
{
psa_algorithm_t alg;
mbedtls_cipher_context_psa *cipher_psa;
- if( NULL == cipher_info || NULL == ctx )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (NULL == cipher_info || NULL == ctx) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
/* Check that the underlying cipher mode and cipher type are
* supported by the underlying PSA Crypto implementation. */
- alg = mbedtls_psa_translate_cipher_mode( cipher_info->mode, taglen );
- if( alg == 0 )
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
- if( mbedtls_psa_translate_cipher_type( cipher_info->type ) == 0 )
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ alg = mbedtls_psa_translate_cipher_mode(cipher_info->mode, taglen);
+ if (alg == 0) {
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+ }
+ if (mbedtls_psa_translate_cipher_type(cipher_info->type) == 0) {
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+ }
- memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
+ memset(ctx, 0, sizeof(mbedtls_cipher_context_t));
- cipher_psa = mbedtls_calloc( 1, sizeof(mbedtls_cipher_context_psa ) );
- if( cipher_psa == NULL )
- return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
+ cipher_psa = mbedtls_calloc(1, sizeof(mbedtls_cipher_context_psa));
+ if (cipher_psa == NULL) {
+ return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
+ }
cipher_psa->alg = alg;
ctx->cipher_ctx = cipher_psa;
ctx->cipher_info = cipher_info;
ctx->psa_enabled = 1;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
- const unsigned char *key,
- int key_bitlen,
- const mbedtls_operation_t operation )
+int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
+ const unsigned char *key,
+ int key_bitlen,
+ const mbedtls_operation_t operation)
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( key != NULL );
- CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT ||
- operation == MBEDTLS_DECRYPT );
- if( ctx->cipher_info == NULL )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ CIPHER_VALIDATE_RET(ctx != NULL);
+ CIPHER_VALIDATE_RET(key != NULL);
+ CIPHER_VALIDATE_RET(operation == MBEDTLS_ENCRYPT ||
+ operation == MBEDTLS_DECRYPT);
+ if (ctx->cipher_info == NULL) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ctx->psa_enabled == 1 )
- {
+ if (ctx->psa_enabled == 1) {
mbedtls_cipher_context_psa * const cipher_psa =
(mbedtls_cipher_context_psa *) ctx->cipher_ctx;
- size_t const key_bytelen = ( (size_t) key_bitlen + 7 ) / 8;
+ size_t const key_bytelen = ((size_t) key_bitlen + 7) / 8;
psa_status_t status;
psa_key_type_t key_type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
/* PSA Crypto API only accepts byte-aligned keys. */
- if( key_bitlen % 8 != 0 )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (key_bitlen % 8 != 0) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
/* Don't allow keys to be set multiple times. */
- if( cipher_psa->slot_state != MBEDTLS_CIPHER_PSA_KEY_UNSET )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (cipher_psa->slot_state != MBEDTLS_CIPHER_PSA_KEY_UNSET) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
key_type = mbedtls_psa_translate_cipher_type(
- ctx->cipher_info->type );
- if( key_type == 0 )
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
- psa_set_key_type( &attributes, key_type );
+ ctx->cipher_info->type);
+ if (key_type == 0) {
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+ }
+ psa_set_key_type(&attributes, key_type);
/* Mbed TLS' cipher layer doesn't enforce the mode of operation
* (encrypt vs. decrypt): it is possible to setup a key for encryption
* and use it for AEAD decryption. Until tests relying on this
* are changed, allow any usage in PSA. */
- psa_set_key_usage_flags( &attributes,
- /* mbedtls_psa_translate_cipher_operation( operation ); */
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, cipher_psa->alg );
+ psa_set_key_usage_flags(&attributes,
+ /* mbedtls_psa_translate_cipher_operation( operation ); */
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, cipher_psa->alg);
- status = psa_import_key( &attributes, key, key_bytelen,
- &cipher_psa->slot );
- switch( status )
- {
+ status = psa_import_key(&attributes, key, key_bytelen,
+ &cipher_psa->slot);
+ switch (status) {
case PSA_SUCCESS:
break;
case PSA_ERROR_INSUFFICIENT_MEMORY:
- return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
+ return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
case PSA_ERROR_NOT_SUPPORTED:
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
default:
- return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+ return MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED;
}
/* Indicate that we own the key slot and need to
* destroy it in mbedtls_cipher_free(). */
@@ -311,14 +324,13 @@
ctx->key_bitlen = key_bitlen;
ctx->operation = operation;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
- (int) ctx->cipher_info->key_bitlen != key_bitlen )
- {
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN) == 0 &&
+ (int) ctx->cipher_info->key_bitlen != key_bitlen) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
ctx->key_bitlen = key_bitlen;
@@ -327,268 +339,258 @@
/*
* For OFB, CFB and CTR mode always use the encryption key schedule
*/
- if( MBEDTLS_ENCRYPT == operation ||
+ if (MBEDTLS_ENCRYPT == operation ||
MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
- MBEDTLS_MODE_CTR == ctx->cipher_info->mode )
- {
- return( ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
- ctx->key_bitlen ) );
+ MBEDTLS_MODE_CTR == ctx->cipher_info->mode) {
+ return ctx->cipher_info->base->setkey_enc_func(ctx->cipher_ctx, key,
+ ctx->key_bitlen);
}
- if( MBEDTLS_DECRYPT == operation )
- return( ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
- ctx->key_bitlen ) );
+ if (MBEDTLS_DECRYPT == operation) {
+ return ctx->cipher_info->base->setkey_dec_func(ctx->cipher_ctx, key,
+ ctx->key_bitlen);
+ }
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
-int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv,
- size_t iv_len )
+int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv,
+ size_t iv_len)
{
size_t actual_iv_size;
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
- if( ctx->cipher_info == NULL )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ CIPHER_VALIDATE_RET(ctx != NULL);
+ CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL);
+ if (ctx->cipher_info == NULL) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ctx->psa_enabled == 1 )
- {
+ if (ctx->psa_enabled == 1) {
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* avoid buffer overflow in ctx->iv */
- if( iv_len > MBEDTLS_MAX_IV_LENGTH )
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ if (iv_len > MBEDTLS_MAX_IV_LENGTH) {
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+ }
- if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN ) != 0 )
+ if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN) != 0) {
actual_iv_size = iv_len;
- else
- {
+ } else {
actual_iv_size = ctx->cipher_info->iv_size;
/* avoid reading past the end of input buffer */
- if( actual_iv_size > iv_len )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (actual_iv_size > iv_len) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
}
#if defined(MBEDTLS_CHACHA20_C)
- if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
- {
+ if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20) {
/* Even though the actual_iv_size is overwritten with a correct value
* of 12 from the cipher info, return an error to indicate that
* the input iv_len is wrong. */
- if( iv_len != 12 )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (iv_len != 12) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
- if ( 0 != mbedtls_chacha20_starts( (mbedtls_chacha20_context*)ctx->cipher_ctx,
- iv,
- 0U ) ) /* Initial counter value */
- {
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (0 != mbedtls_chacha20_starts((mbedtls_chacha20_context *) ctx->cipher_ctx,
+ iv,
+ 0U)) { /* Initial counter value */
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
}
#if defined(MBEDTLS_CHACHAPOLY_C)
- if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 &&
- iv_len != 12 )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 &&
+ iv_len != 12) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
#endif
#endif
- if ( actual_iv_size != 0 )
- {
- memcpy( ctx->iv, iv, actual_iv_size );
+ if (actual_iv_size != 0) {
+ memcpy(ctx->iv, iv, actual_iv_size);
ctx->iv_size = actual_iv_size;
}
- return( 0 );
+ return 0;
}
-int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
+int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx)
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- if( ctx->cipher_info == NULL )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ CIPHER_VALIDATE_RET(ctx != NULL);
+ if (ctx->cipher_info == NULL) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ctx->psa_enabled == 1 )
- {
+ if (ctx->psa_enabled == 1) {
/* We don't support resetting PSA-based
* cipher contexts, yet. */
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
ctx->unprocessed_len = 0;
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
- const unsigned char *ad, size_t ad_len )
+int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx,
+ const unsigned char *ad, size_t ad_len)
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
- if( ctx->cipher_info == NULL )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ CIPHER_VALIDATE_RET(ctx != NULL);
+ CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL);
+ if (ctx->cipher_info == NULL) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ctx->psa_enabled == 1 )
- {
+ if (ctx->psa_enabled == 1) {
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
- if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
- {
- return( mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation,
- ctx->iv, ctx->iv_size, ad, ad_len ) );
+ if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
+ return mbedtls_gcm_starts((mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation,
+ ctx->iv, ctx->iv_size, ad, ad_len);
}
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
- if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
- {
+ if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
int result;
mbedtls_chachapoly_mode_t mode;
- mode = ( ctx->operation == MBEDTLS_ENCRYPT )
+ mode = (ctx->operation == MBEDTLS_ENCRYPT)
? MBEDTLS_CHACHAPOLY_ENCRYPT
: MBEDTLS_CHACHAPOLY_DECRYPT;
- result = mbedtls_chachapoly_starts( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
- ctx->iv,
- mode );
- if ( result != 0 )
- return( result );
+ result = mbedtls_chachapoly_starts((mbedtls_chachapoly_context *) ctx->cipher_ctx,
+ ctx->iv,
+ mode);
+ if (result != 0) {
+ return result;
+ }
- return( mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
- ad, ad_len ) );
+ return mbedtls_chachapoly_update_aad((mbedtls_chachapoly_context *) ctx->cipher_ctx,
+ ad, ad_len);
}
#endif
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
-int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
- size_t ilen, unsigned char *output, size_t *olen )
+int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *input,
+ size_t ilen, unsigned char *output, size_t *olen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t block_size;
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
- if( ctx->cipher_info == NULL )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ CIPHER_VALIDATE_RET(ctx != NULL);
+ CIPHER_VALIDATE_RET(ilen == 0 || input != NULL);
+ CIPHER_VALIDATE_RET(output != NULL);
+ CIPHER_VALIDATE_RET(olen != NULL);
+ if (ctx->cipher_info == NULL) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ctx->psa_enabled == 1 )
- {
+ if (ctx->psa_enabled == 1) {
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
*olen = 0;
- block_size = mbedtls_cipher_get_block_size( ctx );
- if ( 0 == block_size )
- {
- return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
+ block_size = mbedtls_cipher_get_block_size(ctx);
+ if (0 == block_size) {
+ return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
}
- if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
- {
- if( ilen != block_size )
- return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
+ if (ctx->cipher_info->mode == MBEDTLS_MODE_ECB) {
+ if (ilen != block_size) {
+ return MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
+ }
*olen = ilen;
- if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
- ctx->operation, input, output ) ) )
- {
- return( ret );
+ if (0 != (ret = ctx->cipher_info->base->ecb_func(ctx->cipher_ctx,
+ ctx->operation, input, output))) {
+ return ret;
}
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_GCM_C)
- if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM )
- {
+ if (ctx->cipher_info->mode == MBEDTLS_MODE_GCM) {
*olen = ilen;
- return( mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input,
- output ) );
+ return mbedtls_gcm_update((mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input,
+ output);
}
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
- if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
- {
+ if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) {
*olen = ilen;
- return( mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
- ilen, input, output ) );
+ return mbedtls_chachapoly_update((mbedtls_chachapoly_context *) ctx->cipher_ctx,
+ ilen, input, output);
}
#endif
- if( input == output &&
- ( ctx->unprocessed_len != 0 || ilen % block_size ) )
- {
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (input == output &&
+ (ctx->unprocessed_len != 0 || ilen % block_size)) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC )
- {
+ if (ctx->cipher_info->mode == MBEDTLS_MODE_CBC) {
size_t copy_len = 0;
/*
* If there is not enough data for a full block, cache it.
*/
- if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding &&
- ilen <= block_size - ctx->unprocessed_len ) ||
- ( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding &&
- ilen < block_size - ctx->unprocessed_len ) ||
- ( ctx->operation == MBEDTLS_ENCRYPT &&
- ilen < block_size - ctx->unprocessed_len ) )
- {
- memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
- ilen );
+ if ((ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding &&
+ ilen <= block_size - ctx->unprocessed_len) ||
+ (ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding &&
+ ilen < block_size - ctx->unprocessed_len) ||
+ (ctx->operation == MBEDTLS_ENCRYPT &&
+ ilen < block_size - ctx->unprocessed_len)) {
+ memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]), input,
+ ilen);
ctx->unprocessed_len += ilen;
- return( 0 );
+ return 0;
}
/*
* Process cached data first
*/
- if( 0 != ctx->unprocessed_len )
- {
+ if (0 != ctx->unprocessed_len) {
copy_len = block_size - ctx->unprocessed_len;
- memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
- copy_len );
+ memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]), input,
+ copy_len);
- if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
- ctx->operation, block_size, ctx->iv,
- ctx->unprocessed_data, output ) ) )
- {
- return( ret );
+ if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx,
+ ctx->operation, block_size, ctx->iv,
+ ctx->unprocessed_data, output))) {
+ return ret;
}
*olen += block_size;
@@ -602,22 +604,20 @@
/*
* Cache final, incomplete block
*/
- if( 0 != ilen )
- {
+ if (0 != ilen) {
/* Encryption: only cache partial blocks
* Decryption w/ padding: always keep at least one whole block
* Decryption w/o padding: only cache partial blocks
*/
copy_len = ilen % block_size;
- if( copy_len == 0 &&
+ if (copy_len == 0 &&
ctx->operation == MBEDTLS_DECRYPT &&
- NULL != ctx->add_padding)
- {
+ NULL != ctx->add_padding) {
copy_len = block_size;
}
- memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
- copy_len );
+ memcpy(ctx->unprocessed_data, &(input[ilen - copy_len]),
+ copy_len);
ctx->unprocessed_len += copy_len;
ilen -= copy_len;
@@ -626,105 +626,96 @@
/*
* Process remaining full blocks
*/
- if( ilen )
- {
- if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
- ctx->operation, ilen, ctx->iv, input, output ) ) )
- {
- return( ret );
+ if (ilen) {
+ if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx,
+ ctx->operation, ilen, ctx->iv, input,
+ output))) {
+ return ret;
}
*olen += ilen;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
- if( ctx->cipher_info->mode == MBEDTLS_MODE_CFB )
- {
- if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
- ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
- input, output ) ) )
- {
- return( ret );
+ if (ctx->cipher_info->mode == MBEDTLS_MODE_CFB) {
+ if (0 != (ret = ctx->cipher_info->base->cfb_func(ctx->cipher_ctx,
+ ctx->operation, ilen,
+ &ctx->unprocessed_len, ctx->iv,
+ input, output))) {
+ return ret;
}
*olen = ilen;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
- if( ctx->cipher_info->mode == MBEDTLS_MODE_OFB )
- {
- if( 0 != ( ret = ctx->cipher_info->base->ofb_func( ctx->cipher_ctx,
- ilen, &ctx->unprocessed_len, ctx->iv, input, output ) ) )
- {
- return( ret );
+ if (ctx->cipher_info->mode == MBEDTLS_MODE_OFB) {
+ if (0 != (ret = ctx->cipher_info->base->ofb_func(ctx->cipher_ctx,
+ ilen, &ctx->unprocessed_len, ctx->iv,
+ input, output))) {
+ return ret;
}
*olen = ilen;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
- if( ctx->cipher_info->mode == MBEDTLS_MODE_CTR )
- {
- if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
- ilen, &ctx->unprocessed_len, ctx->iv,
- ctx->unprocessed_data, input, output ) ) )
- {
- return( ret );
+ if (ctx->cipher_info->mode == MBEDTLS_MODE_CTR) {
+ if (0 != (ret = ctx->cipher_info->base->ctr_func(ctx->cipher_ctx,
+ ilen, &ctx->unprocessed_len, ctx->iv,
+ ctx->unprocessed_data, input, output))) {
+ return ret;
}
*olen = ilen;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
- if( ctx->cipher_info->mode == MBEDTLS_MODE_XTS )
- {
- if( ctx->unprocessed_len > 0 ) {
+ if (ctx->cipher_info->mode == MBEDTLS_MODE_XTS) {
+ if (ctx->unprocessed_len > 0) {
/* We can only process an entire data unit at a time. */
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
- ret = ctx->cipher_info->base->xts_func( ctx->cipher_ctx,
- ctx->operation, ilen, ctx->iv, input, output );
- if( ret != 0 )
- {
- return( ret );
+ ret = ctx->cipher_info->base->xts_func(ctx->cipher_ctx,
+ ctx->operation, ilen, ctx->iv, input, output);
+ if (ret != 0) {
+ return ret;
}
*olen = ilen;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
- if( ctx->cipher_info->mode == MBEDTLS_MODE_STREAM )
- {
- if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
- ilen, input, output ) ) )
- {
- return( ret );
+ if (ctx->cipher_info->mode == MBEDTLS_MODE_STREAM) {
+ if (0 != (ret = ctx->cipher_info->base->stream_func(ctx->cipher_ctx,
+ ilen, input, output))) {
+ return ret;
}
*olen = ilen;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_STREAM */
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
@@ -732,24 +723,26 @@
/*
* PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
*/
-static void add_pkcs_padding( unsigned char *output, size_t output_len,
- size_t data_len )
+static void add_pkcs_padding(unsigned char *output, size_t output_len,
+ size_t data_len)
{
size_t padding_len = output_len - data_len;
unsigned char i;
- for( i = 0; i < padding_len; i++ )
+ for (i = 0; i < padding_len; i++) {
output[data_len + i] = (unsigned char) padding_len;
+ }
}
-static int get_pkcs_padding( unsigned char *input, size_t input_len,
- size_t *data_len )
+static int get_pkcs_padding(unsigned char *input, size_t input_len,
+ size_t *data_len)
{
size_t i, pad_idx;
unsigned char padding_len, bad = 0;
- if( NULL == input || NULL == data_len )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (NULL == input || NULL == data_len) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
padding_len = input[input_len - 1];
*data_len = input_len - padding_len;
@@ -761,10 +754,11 @@
/* The number of bytes checked must be independent of padding_len,
* so pick input_len, which is usually 8 or 16 (one block) */
pad_idx = input_len - padding_len;
- for( i = 0; i < input_len; i++ )
- bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
+ for (i = 0; i < input_len; i++) {
+ bad |= (input[i] ^ padding_len) * (i >= pad_idx);
+ }
- return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
+ return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0);
}
#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
@@ -772,37 +766,38 @@
/*
* One and zeros padding: fill with 80 00 ... 00
*/
-static void add_one_and_zeros_padding( unsigned char *output,
- size_t output_len, size_t data_len )
+static void add_one_and_zeros_padding(unsigned char *output,
+ size_t output_len, size_t data_len)
{
size_t padding_len = output_len - data_len;
unsigned char i = 0;
output[data_len] = 0x80;
- for( i = 1; i < padding_len; i++ )
+ for (i = 1; i < padding_len; i++) {
output[data_len + i] = 0x00;
+ }
}
-static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
- size_t *data_len )
+static int get_one_and_zeros_padding(unsigned char *input, size_t input_len,
+ size_t *data_len)
{
size_t i;
unsigned char done = 0, prev_done, bad;
- if( NULL == input || NULL == data_len )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (NULL == input || NULL == data_len) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
bad = 0x80;
*data_len = 0;
- for( i = input_len; i > 0; i-- )
- {
+ for (i = input_len; i > 0; i--) {
prev_done = done;
- done |= ( input[i - 1] != 0 );
- *data_len |= ( i - 1 ) * ( done != prev_done );
- bad ^= input[i - 1] * ( done != prev_done );
+ done |= (input[i - 1] != 0);
+ *data_len |= (i - 1) * (done != prev_done);
+ bad ^= input[i - 1] * (done != prev_done);
}
- return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
+ return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0);
}
#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
@@ -811,25 +806,27 @@
/*
* Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
*/
-static void add_zeros_and_len_padding( unsigned char *output,
- size_t output_len, size_t data_len )
+static void add_zeros_and_len_padding(unsigned char *output,
+ size_t output_len, size_t data_len)
{
size_t padding_len = output_len - data_len;
unsigned char i = 0;
- for( i = 1; i < padding_len; i++ )
+ for (i = 1; i < padding_len; i++) {
output[data_len + i - 1] = 0x00;
+ }
output[output_len - 1] = (unsigned char) padding_len;
}
-static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
- size_t *data_len )
+static int get_zeros_and_len_padding(unsigned char *input, size_t input_len,
+ size_t *data_len)
{
size_t i, pad_idx;
unsigned char padding_len, bad = 0;
- if( NULL == input || NULL == data_len )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (NULL == input || NULL == data_len) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
padding_len = input[input_len - 1];
*data_len = input_len - padding_len;
@@ -840,10 +837,11 @@
/* The number of bytes checked must be independent of padding_len */
pad_idx = input_len - padding_len;
- for( i = 0; i < input_len - 1; i++ )
- bad |= input[i] * ( i >= pad_idx );
+ for (i = 0; i < input_len - 1; i++) {
+ bad |= input[i] * (i >= pad_idx);
+ }
- return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
+ return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0);
}
#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
@@ -851,33 +849,34 @@
/*
* Zero padding: fill with 00 ... 00
*/
-static void add_zeros_padding( unsigned char *output,
- size_t output_len, size_t data_len )
+static void add_zeros_padding(unsigned char *output,
+ size_t output_len, size_t data_len)
{
size_t i;
- for( i = data_len; i < output_len; i++ )
+ for (i = data_len; i < output_len; i++) {
output[i] = 0x00;
+ }
}
-static int get_zeros_padding( unsigned char *input, size_t input_len,
- size_t *data_len )
+static int get_zeros_padding(unsigned char *input, size_t input_len,
+ size_t *data_len)
{
size_t i;
unsigned char done = 0, prev_done;
- if( NULL == input || NULL == data_len )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
- *data_len = 0;
- for( i = input_len; i > 0; i-- )
- {
- prev_done = done;
- done |= ( input[i-1] != 0 );
- *data_len |= i * ( done != prev_done );
+ if (NULL == input || NULL == data_len) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
- return( 0 );
+ *data_len = 0;
+ for (i = input_len; i > 0; i--) {
+ prev_done = done;
+ done |= (input[i-1] != 0);
+ *data_len |= i * (done != prev_done);
+ }
+
+ return 0;
}
#endif /* MBEDTLS_CIPHER_PADDING_ZEROS */
@@ -887,247 +886,244 @@
* There is no add_padding function (check for NULL in mbedtls_cipher_finish)
* but a trivial get_padding function
*/
-static int get_no_padding( unsigned char *input, size_t input_len,
- size_t *data_len )
+static int get_no_padding(unsigned char *input, size_t input_len,
+ size_t *data_len)
{
- if( NULL == input || NULL == data_len )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (NULL == input || NULL == data_len) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
*data_len = input_len;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
-int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
- unsigned char *output, size_t *olen )
+int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx,
+ unsigned char *output, size_t *olen)
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
- if( ctx->cipher_info == NULL )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ CIPHER_VALIDATE_RET(ctx != NULL);
+ CIPHER_VALIDATE_RET(output != NULL);
+ CIPHER_VALIDATE_RET(olen != NULL);
+ if (ctx->cipher_info == NULL) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ctx->psa_enabled == 1 )
- {
+ if (ctx->psa_enabled == 1) {
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
*olen = 0;
- if( MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
+ if (MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
MBEDTLS_MODE_XTS == ctx->cipher_info->mode ||
- MBEDTLS_MODE_STREAM == ctx->cipher_info->mode )
- {
- return( 0 );
+ MBEDTLS_MODE_STREAM == ctx->cipher_info->mode) {
+ return 0;
}
- if ( ( MBEDTLS_CIPHER_CHACHA20 == ctx->cipher_info->type ) ||
- ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) )
- {
- return( 0 );
+ if ((MBEDTLS_CIPHER_CHACHA20 == ctx->cipher_info->type) ||
+ (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type)) {
+ return 0;
}
- if( MBEDTLS_MODE_ECB == ctx->cipher_info->mode )
- {
- if( ctx->unprocessed_len != 0 )
- return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
+ if (MBEDTLS_MODE_ECB == ctx->cipher_info->mode) {
+ if (ctx->unprocessed_len != 0) {
+ return MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
+ }
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- if( MBEDTLS_MODE_CBC == ctx->cipher_info->mode )
- {
+ if (MBEDTLS_MODE_CBC == ctx->cipher_info->mode) {
int ret = 0;
- if( MBEDTLS_ENCRYPT == ctx->operation )
- {
+ if (MBEDTLS_ENCRYPT == ctx->operation) {
/* check for 'no padding' mode */
- if( NULL == ctx->add_padding )
- {
- if( 0 != ctx->unprocessed_len )
- return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
+ if (NULL == ctx->add_padding) {
+ if (0 != ctx->unprocessed_len) {
+ return MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
+ }
- return( 0 );
+ return 0;
}
- ctx->add_padding( ctx->unprocessed_data, mbedtls_cipher_get_iv_size( ctx ),
- ctx->unprocessed_len );
- }
- else if( mbedtls_cipher_get_block_size( ctx ) != ctx->unprocessed_len )
- {
+ ctx->add_padding(ctx->unprocessed_data, mbedtls_cipher_get_iv_size(ctx),
+ ctx->unprocessed_len);
+ } else if (mbedtls_cipher_get_block_size(ctx) != ctx->unprocessed_len) {
/*
* For decrypt operations, expect a full block,
* or an empty block if no padding
*/
- if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
- return( 0 );
+ if (NULL == ctx->add_padding && 0 == ctx->unprocessed_len) {
+ return 0;
+ }
- return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
+ return MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
}
/* cipher block */
- if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
- ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv,
- ctx->unprocessed_data, output ) ) )
- {
- return( ret );
+ if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx,
+ ctx->operation,
+ mbedtls_cipher_get_block_size(ctx),
+ ctx->iv,
+ ctx->unprocessed_data, output))) {
+ return ret;
}
/* Set output size for decryption */
- if( MBEDTLS_DECRYPT == ctx->operation )
- return( ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ),
- olen ) );
+ if (MBEDTLS_DECRYPT == ctx->operation) {
+ return ctx->get_padding(output, mbedtls_cipher_get_block_size(ctx),
+ olen);
+ }
/* Set output size for encryption */
- *olen = mbedtls_cipher_get_block_size( ctx );
- return( 0 );
+ *olen = mbedtls_cipher_get_block_size(ctx);
+ return 0;
}
#else
((void) output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
- mbedtls_cipher_padding_t mode )
+int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx,
+ mbedtls_cipher_padding_t mode)
{
- CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET(ctx != NULL);
- if( NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
- {
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ctx->psa_enabled == 1 )
- {
+ if (ctx->psa_enabled == 1) {
/* While PSA Crypto knows about CBC padding
* schemes, we currently don't make them
* accessible through the cipher layer. */
- if( mode != MBEDTLS_PADDING_NONE )
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ if (mode != MBEDTLS_PADDING_NONE) {
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- switch( mode )
- {
+ switch (mode) {
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
- case MBEDTLS_PADDING_PKCS7:
- ctx->add_padding = add_pkcs_padding;
- ctx->get_padding = get_pkcs_padding;
- break;
+ case MBEDTLS_PADDING_PKCS7:
+ ctx->add_padding = add_pkcs_padding;
+ ctx->get_padding = get_pkcs_padding;
+ break;
#endif
#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
- case MBEDTLS_PADDING_ONE_AND_ZEROS:
- ctx->add_padding = add_one_and_zeros_padding;
- ctx->get_padding = get_one_and_zeros_padding;
- break;
+ case MBEDTLS_PADDING_ONE_AND_ZEROS:
+ ctx->add_padding = add_one_and_zeros_padding;
+ ctx->get_padding = get_one_and_zeros_padding;
+ break;
#endif
#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
- case MBEDTLS_PADDING_ZEROS_AND_LEN:
- ctx->add_padding = add_zeros_and_len_padding;
- ctx->get_padding = get_zeros_and_len_padding;
- break;
+ case MBEDTLS_PADDING_ZEROS_AND_LEN:
+ ctx->add_padding = add_zeros_and_len_padding;
+ ctx->get_padding = get_zeros_and_len_padding;
+ break;
#endif
#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
- case MBEDTLS_PADDING_ZEROS:
- ctx->add_padding = add_zeros_padding;
- ctx->get_padding = get_zeros_padding;
- break;
+ case MBEDTLS_PADDING_ZEROS:
+ ctx->add_padding = add_zeros_padding;
+ ctx->get_padding = get_zeros_padding;
+ break;
#endif
- case MBEDTLS_PADDING_NONE:
- ctx->add_padding = NULL;
- ctx->get_padding = get_no_padding;
- break;
+ case MBEDTLS_PADDING_NONE:
+ ctx->add_padding = NULL;
+ ctx->get_padding = get_no_padding;
+ break;
- default:
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ default:
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
- unsigned char *tag, size_t tag_len )
+int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx,
+ unsigned char *tag, size_t tag_len)
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
- if( ctx->cipher_info == NULL )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ CIPHER_VALIDATE_RET(ctx != NULL);
+ CIPHER_VALIDATE_RET(tag_len == 0 || tag != NULL);
+ if (ctx->cipher_info == NULL) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
- if( MBEDTLS_ENCRYPT != ctx->operation )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (MBEDTLS_ENCRYPT != ctx->operation) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ctx->psa_enabled == 1 )
- {
+ if (ctx->psa_enabled == 1) {
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
- if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
- return( mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx,
- tag, tag_len ) );
-#endif
-
-#if defined(MBEDTLS_CHACHAPOLY_C)
- if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
- {
- /* Don't allow truncated MAC for Poly1305 */
- if ( tag_len != 16U )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
- return( mbedtls_chachapoly_finish(
- (mbedtls_chachapoly_context*) ctx->cipher_ctx, tag ) );
+ if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
+ return mbedtls_gcm_finish((mbedtls_gcm_context *) ctx->cipher_ctx,
+ tag, tag_len);
}
#endif
- return( 0 );
+#if defined(MBEDTLS_CHACHAPOLY_C)
+ if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
+ /* Don't allow truncated MAC for Poly1305 */
+ if (tag_len != 16U) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
+
+ return mbedtls_chachapoly_finish(
+ (mbedtls_chachapoly_context *) ctx->cipher_ctx, tag);
+ }
+#endif
+
+ return 0;
}
-int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
- const unsigned char *tag, size_t tag_len )
+int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx,
+ const unsigned char *tag, size_t tag_len)
{
unsigned char check_tag[16];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
- if( ctx->cipher_info == NULL )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ CIPHER_VALIDATE_RET(ctx != NULL);
+ CIPHER_VALIDATE_RET(tag_len == 0 || tag != NULL);
+ if (ctx->cipher_info == NULL) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
- if( MBEDTLS_DECRYPT != ctx->operation )
- {
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (MBEDTLS_DECRYPT != ctx->operation) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ctx->psa_enabled == 1 )
- {
+ if (ctx->psa_enabled == 1) {
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -1138,21 +1134,19 @@
ret = 0;
#if defined(MBEDTLS_GCM_C)
- if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
- {
- if( tag_len > sizeof( check_tag ) )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
+ if (tag_len > sizeof(check_tag)) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
- if( 0 != ( ret = mbedtls_gcm_finish(
- (mbedtls_gcm_context *) ctx->cipher_ctx,
- check_tag, tag_len ) ) )
- {
- return( ret );
+ if (0 != (ret = mbedtls_gcm_finish(
+ (mbedtls_gcm_context *) ctx->cipher_ctx,
+ check_tag, tag_len))) {
+ return ret;
}
/* Check the tag in "constant-time" */
- if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
- {
+ if (mbedtls_ct_memcmp(tag, check_tag, tag_len) != 0) {
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
goto exit;
}
@@ -1160,22 +1154,20 @@
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
- if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
- {
+ if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
/* Don't allow truncated MAC for Poly1305 */
- if ( tag_len != sizeof( check_tag ) )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (tag_len != sizeof(check_tag)) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
ret = mbedtls_chachapoly_finish(
- (mbedtls_chachapoly_context*) ctx->cipher_ctx, check_tag );
- if ( ret != 0 )
- {
- return( ret );
+ (mbedtls_chachapoly_context *) ctx->cipher_ctx, check_tag);
+ if (ret != 0) {
+ return ret;
}
/* Check the tag in "constant-time" */
- if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
- {
+ if (mbedtls_ct_memcmp(tag, check_tag, tag_len) != 0) {
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
goto exit;
}
@@ -1183,31 +1175,30 @@
#endif /* MBEDTLS_CHACHAPOLY_C */
exit:
- mbedtls_platform_zeroize( check_tag, tag_len );
- return( ret );
+ mbedtls_platform_zeroize(check_tag, tag_len);
+ return ret;
}
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
/*
* Packet-oriented wrapper for non-AEAD modes
*/
-int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen )
+int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t finish_olen;
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
+ CIPHER_VALIDATE_RET(ctx != NULL);
+ CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL);
+ CIPHER_VALIDATE_RET(ilen == 0 || input != NULL);
+ CIPHER_VALIDATE_RET(output != NULL);
+ CIPHER_VALIDATE_RET(olen != NULL);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ctx->psa_enabled == 1 )
- {
+ if (ctx->psa_enabled == 1) {
/* As in the non-PSA case, we don't check that
* a key has been set. If not, the key slot will
* still be in its default state of 0, which is
@@ -1220,69 +1211,73 @@
psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
size_t part_len;
- if( ctx->operation == MBEDTLS_DECRYPT )
- {
- status = psa_cipher_decrypt_setup( &cipher_op,
- cipher_psa->slot,
- cipher_psa->alg );
+ if (ctx->operation == MBEDTLS_DECRYPT) {
+ status = psa_cipher_decrypt_setup(&cipher_op,
+ cipher_psa->slot,
+ cipher_psa->alg);
+ } else if (ctx->operation == MBEDTLS_ENCRYPT) {
+ status = psa_cipher_encrypt_setup(&cipher_op,
+ cipher_psa->slot,
+ cipher_psa->alg);
+ } else {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
- else if( ctx->operation == MBEDTLS_ENCRYPT )
- {
- status = psa_cipher_encrypt_setup( &cipher_op,
- cipher_psa->slot,
- cipher_psa->alg );
- }
- else
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
/* In the following, we can immediately return on an error,
* because the PSA Crypto API guarantees that cipher operations
* are terminated by unsuccessful calls to psa_cipher_update(),
* and by any call to psa_cipher_finish(). */
- if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
-
- if( ctx->cipher_info->mode != MBEDTLS_MODE_ECB )
- {
- status = psa_cipher_set_iv( &cipher_op, iv, iv_len );
- if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+ if (status != PSA_SUCCESS) {
+ return MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED;
}
- status = psa_cipher_update( &cipher_op,
- input, ilen,
- output, ilen, olen );
- if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+ if (ctx->cipher_info->mode != MBEDTLS_MODE_ECB) {
+ status = psa_cipher_set_iv(&cipher_op, iv, iv_len);
+ if (status != PSA_SUCCESS) {
+ return MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED;
+ }
+ }
- status = psa_cipher_finish( &cipher_op,
- output + *olen, ilen - *olen,
- &part_len );
- if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+ status = psa_cipher_update(&cipher_op,
+ input, ilen,
+ output, ilen, olen);
+ if (status != PSA_SUCCESS) {
+ return MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED;
+ }
+
+ status = psa_cipher_finish(&cipher_op,
+ output + *olen, ilen - *olen,
+ &part_len);
+ if (status != PSA_SUCCESS) {
+ return MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED;
+ }
*olen += part_len;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_cipher_set_iv(ctx, iv, iv_len)) != 0) {
+ return ret;
+ }
- if( ( ret = mbedtls_cipher_reset( ctx ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_cipher_reset(ctx)) != 0) {
+ return ret;
+ }
- if( ( ret = mbedtls_cipher_update( ctx, input, ilen,
- output, olen ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_cipher_update(ctx, input, ilen,
+ output, olen)) != 0) {
+ return ret;
+ }
- if( ( ret = mbedtls_cipher_finish( ctx, output + *olen,
- &finish_olen ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_cipher_finish(ctx, output + *olen,
+ &finish_olen)) != 0) {
+ return ret;
+ }
*olen += finish_olen;
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
@@ -1290,16 +1285,15 @@
* Packet-oriented encryption for AEAD modes: internal function shared by
* mbedtls_cipher_auth_encrypt() and mbedtls_cipher_auth_encrypt_ext().
*/
-static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen,
- unsigned char *tag, size_t tag_len )
+static int mbedtls_cipher_aead_encrypt(mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen,
+ unsigned char *tag, size_t tag_len)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ctx->psa_enabled == 1 )
- {
+ if (ctx->psa_enabled == 1) {
/* As in the non-PSA case, we don't check that
* a key has been set. If not, the key slot will
* still be in its default state of 0, which is
@@ -1312,74 +1306,71 @@
/* PSA Crypto API always writes the authentication tag
* at the end of the encrypted message. */
- if( output == NULL || tag != output + ilen )
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ if (output == NULL || tag != output + ilen) {
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+ }
- status = psa_aead_encrypt( cipher_psa->slot,
- cipher_psa->alg,
- iv, iv_len,
- ad, ad_len,
- input, ilen,
- output, ilen + tag_len, olen );
- if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+ status = psa_aead_encrypt(cipher_psa->slot,
+ cipher_psa->alg,
+ iv, iv_len,
+ ad, ad_len,
+ input, ilen,
+ output, ilen + tag_len, olen);
+ if (status != PSA_SUCCESS) {
+ return MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED;
+ }
*olen -= tag_len;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
- if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
- {
+ if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
*olen = ilen;
- return( mbedtls_gcm_crypt_and_tag( ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT,
- ilen, iv, iv_len, ad, ad_len,
- input, output, tag_len, tag ) );
+ return mbedtls_gcm_crypt_and_tag(ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT,
+ ilen, iv, iv_len, ad, ad_len,
+ input, output, tag_len, tag);
}
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
- if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
- {
+ if (MBEDTLS_MODE_CCM == ctx->cipher_info->mode) {
*olen = ilen;
- return( mbedtls_ccm_encrypt_and_tag( ctx->cipher_ctx, ilen,
- iv, iv_len, ad, ad_len, input, output,
- tag, tag_len ) );
+ return mbedtls_ccm_encrypt_and_tag(ctx->cipher_ctx, ilen,
+ iv, iv_len, ad, ad_len, input, output,
+ tag, tag_len);
}
#endif /* MBEDTLS_CCM_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
- if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
- {
+ if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
/* ChachaPoly has fixed length nonce and MAC (tag) */
- if ( ( iv_len != ctx->cipher_info->iv_size ) ||
- ( tag_len != 16U ) )
- {
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if ((iv_len != ctx->cipher_info->iv_size) ||
+ (tag_len != 16U)) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
*olen = ilen;
- return( mbedtls_chachapoly_encrypt_and_tag( ctx->cipher_ctx,
- ilen, iv, ad, ad_len, input, output, tag ) );
+ return mbedtls_chachapoly_encrypt_and_tag(ctx->cipher_ctx,
+ ilen, iv, ad, ad_len, input, output, tag);
}
#endif /* MBEDTLS_CHACHAPOLY_C */
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
/*
* Packet-oriented encryption for AEAD modes: internal function shared by
* mbedtls_cipher_auth_encrypt() and mbedtls_cipher_auth_encrypt_ext().
*/
-static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen,
- const unsigned char *tag, size_t tag_len )
+static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen,
+ const unsigned char *tag, size_t tag_len)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ctx->psa_enabled == 1 )
- {
+ if (ctx->psa_enabled == 1) {
/* As in the non-PSA case, we don't check that
* a key has been set. If not, the key slot will
* still be in its default state of 0, which is
@@ -1392,127 +1383,128 @@
/* PSA Crypto API always writes the authentication tag
* at the end of the encrypted message. */
- if( input == NULL || tag != input + ilen )
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ if (input == NULL || tag != input + ilen) {
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+ }
- status = psa_aead_decrypt( cipher_psa->slot,
- cipher_psa->alg,
- iv, iv_len,
- ad, ad_len,
- input, ilen + tag_len,
- output, ilen, olen );
- if( status == PSA_ERROR_INVALID_SIGNATURE )
- return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
- else if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+ status = psa_aead_decrypt(cipher_psa->slot,
+ cipher_psa->alg,
+ iv, iv_len,
+ ad, ad_len,
+ input, ilen + tag_len,
+ output, ilen, olen);
+ if (status == PSA_ERROR_INVALID_SIGNATURE) {
+ return MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+ } else if (status != PSA_SUCCESS) {
+ return MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED;
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
- if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
- {
+ if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
*olen = ilen;
- ret = mbedtls_gcm_auth_decrypt( ctx->cipher_ctx, ilen,
- iv, iv_len, ad, ad_len,
- tag, tag_len, input, output );
+ ret = mbedtls_gcm_auth_decrypt(ctx->cipher_ctx, ilen,
+ iv, iv_len, ad, ad_len,
+ tag, tag_len, input, output);
- if( ret == MBEDTLS_ERR_GCM_AUTH_FAILED )
+ if (ret == MBEDTLS_ERR_GCM_AUTH_FAILED) {
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+ }
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
- if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
- {
+ if (MBEDTLS_MODE_CCM == ctx->cipher_info->mode) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
*olen = ilen;
- ret = mbedtls_ccm_auth_decrypt( ctx->cipher_ctx, ilen,
- iv, iv_len, ad, ad_len,
- input, output, tag, tag_len );
+ ret = mbedtls_ccm_auth_decrypt(ctx->cipher_ctx, ilen,
+ iv, iv_len, ad, ad_len,
+ input, output, tag, tag_len);
- if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
+ if (ret == MBEDTLS_ERR_CCM_AUTH_FAILED) {
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+ }
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_CCM_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
- if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
- {
+ if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* ChachaPoly has fixed length nonce and MAC (tag) */
- if ( ( iv_len != ctx->cipher_info->iv_size ) ||
- ( tag_len != 16U ) )
- {
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if ((iv_len != ctx->cipher_info->iv_size) ||
+ (tag_len != 16U)) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
*olen = ilen;
- ret = mbedtls_chachapoly_auth_decrypt( ctx->cipher_ctx, ilen,
- iv, ad, ad_len, tag, input, output );
+ ret = mbedtls_chachapoly_auth_decrypt(ctx->cipher_ctx, ilen,
+ iv, ad, ad_len, tag, input, output);
- if( ret == MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED )
+ if (ret == MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED) {
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+ }
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_CHACHAPOLY_C */
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/*
* Packet-oriented encryption for AEAD modes: public legacy function.
*/
-int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen,
- unsigned char *tag, size_t tag_len )
+int mbedtls_cipher_auth_encrypt(mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen,
+ unsigned char *tag, size_t tag_len)
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
- CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
- CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
+ CIPHER_VALIDATE_RET(ctx != NULL);
+ CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL);
+ CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL);
+ CIPHER_VALIDATE_RET(ilen == 0 || input != NULL);
+ CIPHER_VALIDATE_RET(ilen == 0 || output != NULL);
+ CIPHER_VALIDATE_RET(olen != NULL);
+ CIPHER_VALIDATE_RET(tag_len == 0 || tag != NULL);
- return( mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len,
- input, ilen, output, olen,
- tag, tag_len ) );
+ return mbedtls_cipher_aead_encrypt(ctx, iv, iv_len, ad, ad_len,
+ input, ilen, output, olen,
+ tag, tag_len);
}
/*
* Packet-oriented decryption for AEAD modes: public legacy function.
*/
-int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen,
- const unsigned char *tag, size_t tag_len )
+int mbedtls_cipher_auth_decrypt(mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen,
+ const unsigned char *tag, size_t tag_len)
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
- CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
- CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
+ CIPHER_VALIDATE_RET(ctx != NULL);
+ CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL);
+ CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL);
+ CIPHER_VALIDATE_RET(ilen == 0 || input != NULL);
+ CIPHER_VALIDATE_RET(ilen == 0 || output != NULL);
+ CIPHER_VALIDATE_RET(olen != NULL);
+ CIPHER_VALIDATE_RET(tag_len == 0 || tag != NULL);
- return( mbedtls_cipher_aead_decrypt( ctx, iv, iv_len, ad, ad_len,
- input, ilen, output, olen,
- tag, tag_len ) );
+ return mbedtls_cipher_aead_decrypt(ctx, iv, iv_len, ad, ad_len,
+ input, ilen, output, olen,
+ tag, tag_len);
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_CIPHER_MODE_AEAD */
@@ -1521,110 +1513,112 @@
/*
* Packet-oriented encryption for AEAD/NIST_KW: public function.
*/
-int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t output_len,
- size_t *olen, size_t tag_len )
+int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t output_len,
+ size_t *olen, size_t tag_len)
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
- CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
+ CIPHER_VALIDATE_RET(ctx != NULL);
+ CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL);
+ CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL);
+ CIPHER_VALIDATE_RET(ilen == 0 || input != NULL);
+ CIPHER_VALIDATE_RET(output != NULL);
+ CIPHER_VALIDATE_RET(olen != NULL);
#if defined(MBEDTLS_NIST_KW_C)
- if(
+ if (
#if defined(MBEDTLS_USE_PSA_CRYPTO)
ctx->psa_enabled == 0 &&
#endif
- ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
- MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) )
- {
- mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ?
- MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
+ (MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
+ MBEDTLS_MODE_KWP == ctx->cipher_info->mode)) {
+ mbedtls_nist_kw_mode_t mode = (MBEDTLS_MODE_KW == ctx->cipher_info->mode) ?
+ MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
/* There is no iv, tag or ad associated with KW and KWP,
* so these length should be 0 as documented. */
- if( iv_len != 0 || tag_len != 0 || ad_len != 0 )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (iv_len != 0 || tag_len != 0 || ad_len != 0) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
(void) iv;
(void) ad;
- return( mbedtls_nist_kw_wrap( ctx->cipher_ctx, mode, input, ilen,
- output, olen, output_len ) );
+ return mbedtls_nist_kw_wrap(ctx->cipher_ctx, mode, input, ilen,
+ output, olen, output_len);
}
#endif /* MBEDTLS_NIST_KW_C */
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
/* AEAD case: check length before passing on to shared function */
- if( output_len < ilen + tag_len )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (output_len < ilen + tag_len) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
- int ret = mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len,
- input, ilen, output, olen,
- output + ilen, tag_len );
+ int ret = mbedtls_cipher_aead_encrypt(ctx, iv, iv_len, ad, ad_len,
+ input, ilen, output, olen,
+ output + ilen, tag_len);
*olen += tag_len;
- return( ret );
+ return ret;
#else
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
#endif /* MBEDTLS_CIPHER_MODE_AEAD */
}
/*
* Packet-oriented decryption for AEAD/NIST_KW: public function.
*/
-int mbedtls_cipher_auth_decrypt_ext( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t output_len,
- size_t *olen, size_t tag_len )
+int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t output_len,
+ size_t *olen, size_t tag_len)
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
- CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( output_len == 0 || output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
+ CIPHER_VALIDATE_RET(ctx != NULL);
+ CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL);
+ CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL);
+ CIPHER_VALIDATE_RET(ilen == 0 || input != NULL);
+ CIPHER_VALIDATE_RET(output_len == 0 || output != NULL);
+ CIPHER_VALIDATE_RET(olen != NULL);
#if defined(MBEDTLS_NIST_KW_C)
- if(
+ if (
#if defined(MBEDTLS_USE_PSA_CRYPTO)
ctx->psa_enabled == 0 &&
#endif
- ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
- MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) )
- {
- mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ?
- MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
+ (MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
+ MBEDTLS_MODE_KWP == ctx->cipher_info->mode)) {
+ mbedtls_nist_kw_mode_t mode = (MBEDTLS_MODE_KW == ctx->cipher_info->mode) ?
+ MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
/* There is no iv, tag or ad associated with KW and KWP,
* so these length should be 0 as documented. */
- if( iv_len != 0 || tag_len != 0 || ad_len != 0 )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (iv_len != 0 || tag_len != 0 || ad_len != 0) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
(void) iv;
(void) ad;
- return( mbedtls_nist_kw_unwrap( ctx->cipher_ctx, mode, input, ilen,
- output, olen, output_len ) );
+ return mbedtls_nist_kw_unwrap(ctx->cipher_ctx, mode, input, ilen,
+ output, olen, output_len);
}
#endif /* MBEDTLS_NIST_KW_C */
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
/* AEAD case: check length before passing on to shared function */
- if( ilen < tag_len || output_len < ilen - tag_len )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (ilen < tag_len || output_len < ilen - tag_len) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
- return( mbedtls_cipher_aead_decrypt( ctx, iv, iv_len, ad, ad_len,
- input, ilen - tag_len, output, olen,
- input + ilen - tag_len, tag_len ) );
+ return mbedtls_cipher_aead_decrypt(ctx, iv, iv_len, ad, ad_len,
+ input, ilen - tag_len, output, olen,
+ input + ilen - tag_len, tag_len);
#else
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
#endif /* MBEDTLS_CIPHER_MODE_AEAD */
}
#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index c76bdcc..737cf97 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -80,100 +80,101 @@
#if defined(MBEDTLS_GCM_C)
/* shared by all GCM ciphers */
-static void *gcm_ctx_alloc( void )
+static void *gcm_ctx_alloc(void)
{
- void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_gcm_context ) );
+ void *ctx = mbedtls_calloc(1, sizeof(mbedtls_gcm_context));
- if( ctx != NULL )
- mbedtls_gcm_init( (mbedtls_gcm_context *) ctx );
+ if (ctx != NULL) {
+ mbedtls_gcm_init((mbedtls_gcm_context *) ctx);
+ }
- return( ctx );
+ return ctx;
}
-static void gcm_ctx_free( void *ctx )
+static void gcm_ctx_free(void *ctx)
{
- mbedtls_gcm_free( ctx );
- mbedtls_free( ctx );
+ mbedtls_gcm_free(ctx);
+ mbedtls_free(ctx);
}
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
/* shared by all CCM ciphers */
-static void *ccm_ctx_alloc( void )
+static void *ccm_ctx_alloc(void)
{
- void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ccm_context ) );
+ void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ccm_context));
- if( ctx != NULL )
- mbedtls_ccm_init( (mbedtls_ccm_context *) ctx );
+ if (ctx != NULL) {
+ mbedtls_ccm_init((mbedtls_ccm_context *) ctx);
+ }
- return( ctx );
+ return ctx;
}
-static void ccm_ctx_free( void *ctx )
+static void ccm_ctx_free(void *ctx)
{
- mbedtls_ccm_free( ctx );
- mbedtls_free( ctx );
+ mbedtls_ccm_free(ctx);
+ mbedtls_free(ctx);
}
#endif /* MBEDTLS_CCM_C */
#if defined(MBEDTLS_AES_C)
-static int aes_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
- const unsigned char *input, unsigned char *output )
+static int aes_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation,
+ const unsigned char *input, unsigned char *output)
{
- return mbedtls_aes_crypt_ecb( (mbedtls_aes_context *) ctx, operation, input, output );
+ return mbedtls_aes_crypt_ecb((mbedtls_aes_context *) ctx, operation, input, output);
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int aes_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
- unsigned char *iv, const unsigned char *input, unsigned char *output )
+static int aes_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t length,
+ unsigned char *iv, const unsigned char *input, unsigned char *output)
{
- return mbedtls_aes_crypt_cbc( (mbedtls_aes_context *) ctx, operation, length, iv, input,
- output );
+ return mbedtls_aes_crypt_cbc((mbedtls_aes_context *) ctx, operation, length, iv, input,
+ output);
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static int aes_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
- size_t length, size_t *iv_off, unsigned char *iv,
- const unsigned char *input, unsigned char *output )
+static int aes_crypt_cfb128_wrap(void *ctx, mbedtls_operation_t operation,
+ size_t length, size_t *iv_off, unsigned char *iv,
+ const unsigned char *input, unsigned char *output)
{
- return mbedtls_aes_crypt_cfb128( (mbedtls_aes_context *) ctx, operation, length, iv_off, iv,
- input, output );
+ return mbedtls_aes_crypt_cfb128((mbedtls_aes_context *) ctx, operation, length, iv_off, iv,
+ input, output);
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
-static int aes_crypt_ofb_wrap( void *ctx, size_t length, size_t *iv_off,
- unsigned char *iv, const unsigned char *input, unsigned char *output )
+static int aes_crypt_ofb_wrap(void *ctx, size_t length, size_t *iv_off,
+ unsigned char *iv, const unsigned char *input, unsigned char *output)
{
- return mbedtls_aes_crypt_ofb( (mbedtls_aes_context *) ctx, length, iv_off,
- iv, input, output );
+ return mbedtls_aes_crypt_ofb((mbedtls_aes_context *) ctx, length, iv_off,
+ iv, input, output);
}
#endif /* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static int aes_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
- unsigned char *nonce_counter, unsigned char *stream_block,
- const unsigned char *input, unsigned char *output )
+static int aes_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off,
+ unsigned char *nonce_counter, unsigned char *stream_block,
+ const unsigned char *input, unsigned char *output)
{
- return mbedtls_aes_crypt_ctr( (mbedtls_aes_context *) ctx, length, nc_off, nonce_counter,
- stream_block, input, output );
+ return mbedtls_aes_crypt_ctr((mbedtls_aes_context *) ctx, length, nc_off, nonce_counter,
+ stream_block, input, output);
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
-static int aes_crypt_xts_wrap( void *ctx, mbedtls_operation_t operation,
- size_t length,
- const unsigned char data_unit[16],
- const unsigned char *input,
- unsigned char *output )
+static int aes_crypt_xts_wrap(void *ctx, mbedtls_operation_t operation,
+ size_t length,
+ const unsigned char data_unit[16],
+ const unsigned char *input,
+ unsigned char *output)
{
mbedtls_aes_xts_context *xts_ctx = ctx;
int mode;
- switch( operation )
- {
+ switch (operation) {
case MBEDTLS_ENCRYPT:
mode = MBEDTLS_AES_ENCRYPT;
break;
@@ -184,39 +185,40 @@
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
- return mbedtls_aes_crypt_xts( xts_ctx, mode, length,
- data_unit, input, output );
+ return mbedtls_aes_crypt_xts(xts_ctx, mode, length,
+ data_unit, input, output);
}
#endif /* MBEDTLS_CIPHER_MODE_XTS */
-static int aes_setkey_dec_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int aes_setkey_dec_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
- return mbedtls_aes_setkey_dec( (mbedtls_aes_context *) ctx, key, key_bitlen );
+ return mbedtls_aes_setkey_dec((mbedtls_aes_context *) ctx, key, key_bitlen);
}
-static int aes_setkey_enc_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int aes_setkey_enc_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
- return mbedtls_aes_setkey_enc( (mbedtls_aes_context *) ctx, key, key_bitlen );
+ return mbedtls_aes_setkey_enc((mbedtls_aes_context *) ctx, key, key_bitlen);
}
-static void * aes_ctx_alloc( void )
+static void *aes_ctx_alloc(void)
{
- mbedtls_aes_context *aes = mbedtls_calloc( 1, sizeof( mbedtls_aes_context ) );
+ mbedtls_aes_context *aes = mbedtls_calloc(1, sizeof(mbedtls_aes_context));
- if( aes == NULL )
- return( NULL );
+ if (aes == NULL) {
+ return NULL;
+ }
- mbedtls_aes_init( aes );
+ mbedtls_aes_init(aes);
- return( aes );
+ return aes;
}
-static void aes_ctx_free( void *ctx )
+static void aes_ctx_free(void *ctx)
{
- mbedtls_aes_free( (mbedtls_aes_context *) ctx );
- mbedtls_free( ctx );
+ mbedtls_aes_free((mbedtls_aes_context *) ctx);
+ mbedtls_free(ctx);
}
static const mbedtls_cipher_base_t aes_info = {
@@ -420,39 +422,41 @@
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
-static int xts_aes_setkey_enc_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int xts_aes_setkey_enc_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
mbedtls_aes_xts_context *xts_ctx = ctx;
- return( mbedtls_aes_xts_setkey_enc( xts_ctx, key, key_bitlen ) );
+ return mbedtls_aes_xts_setkey_enc(xts_ctx, key, key_bitlen);
}
-static int xts_aes_setkey_dec_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int xts_aes_setkey_dec_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
mbedtls_aes_xts_context *xts_ctx = ctx;
- return( mbedtls_aes_xts_setkey_dec( xts_ctx, key, key_bitlen ) );
+ return mbedtls_aes_xts_setkey_dec(xts_ctx, key, key_bitlen);
}
-static void *xts_aes_ctx_alloc( void )
+static void *xts_aes_ctx_alloc(void)
{
- mbedtls_aes_xts_context *xts_ctx = mbedtls_calloc( 1, sizeof( *xts_ctx ) );
+ mbedtls_aes_xts_context *xts_ctx = mbedtls_calloc(1, sizeof(*xts_ctx));
- if( xts_ctx != NULL )
- mbedtls_aes_xts_init( xts_ctx );
+ if (xts_ctx != NULL) {
+ mbedtls_aes_xts_init(xts_ctx);
+ }
- return( xts_ctx );
+ return xts_ctx;
}
-static void xts_aes_ctx_free( void *ctx )
+static void xts_aes_ctx_free(void *ctx)
{
mbedtls_aes_xts_context *xts_ctx = ctx;
- if( xts_ctx == NULL )
+ if (xts_ctx == NULL) {
return;
+ }
- mbedtls_aes_xts_free( xts_ctx );
- mbedtls_free( xts_ctx );
+ mbedtls_aes_xts_free(xts_ctx);
+ mbedtls_free(xts_ctx);
}
static const mbedtls_cipher_base_t xts_aes_info = {
@@ -506,11 +510,11 @@
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_GCM_C)
-static int gcm_aes_setkey_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int gcm_aes_setkey_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
- return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
- key, key_bitlen );
+ return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
+ key, key_bitlen);
}
static const mbedtls_cipher_base_t gcm_aes_info = {
@@ -575,11 +579,11 @@
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
-static int ccm_aes_setkey_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
- return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
- key, key_bitlen );
+ return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
+ key, key_bitlen);
}
static const mbedtls_cipher_base_t ccm_aes_info = {
@@ -647,72 +651,73 @@
#if defined(MBEDTLS_CAMELLIA_C)
-static int camellia_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
- const unsigned char *input, unsigned char *output )
+static int camellia_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation,
+ const unsigned char *input, unsigned char *output)
{
- return mbedtls_camellia_crypt_ecb( (mbedtls_camellia_context *) ctx, operation, input,
- output );
+ return mbedtls_camellia_crypt_ecb((mbedtls_camellia_context *) ctx, operation, input,
+ output);
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int camellia_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
- size_t length, unsigned char *iv,
- const unsigned char *input, unsigned char *output )
+static int camellia_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation,
+ size_t length, unsigned char *iv,
+ const unsigned char *input, unsigned char *output)
{
- return mbedtls_camellia_crypt_cbc( (mbedtls_camellia_context *) ctx, operation, length, iv,
- input, output );
+ return mbedtls_camellia_crypt_cbc((mbedtls_camellia_context *) ctx, operation, length, iv,
+ input, output);
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static int camellia_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
- size_t length, size_t *iv_off, unsigned char *iv,
- const unsigned char *input, unsigned char *output )
+static int camellia_crypt_cfb128_wrap(void *ctx, mbedtls_operation_t operation,
+ size_t length, size_t *iv_off, unsigned char *iv,
+ const unsigned char *input, unsigned char *output)
{
- return mbedtls_camellia_crypt_cfb128( (mbedtls_camellia_context *) ctx, operation, length,
- iv_off, iv, input, output );
+ return mbedtls_camellia_crypt_cfb128((mbedtls_camellia_context *) ctx, operation, length,
+ iv_off, iv, input, output);
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static int camellia_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
- unsigned char *nonce_counter, unsigned char *stream_block,
- const unsigned char *input, unsigned char *output )
+static int camellia_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off,
+ unsigned char *nonce_counter, unsigned char *stream_block,
+ const unsigned char *input, unsigned char *output)
{
- return mbedtls_camellia_crypt_ctr( (mbedtls_camellia_context *) ctx, length, nc_off,
- nonce_counter, stream_block, input, output );
+ return mbedtls_camellia_crypt_ctr((mbedtls_camellia_context *) ctx, length, nc_off,
+ nonce_counter, stream_block, input, output);
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
-static int camellia_setkey_dec_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int camellia_setkey_dec_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
- return mbedtls_camellia_setkey_dec( (mbedtls_camellia_context *) ctx, key, key_bitlen );
+ return mbedtls_camellia_setkey_dec((mbedtls_camellia_context *) ctx, key, key_bitlen);
}
-static int camellia_setkey_enc_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int camellia_setkey_enc_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
- return mbedtls_camellia_setkey_enc( (mbedtls_camellia_context *) ctx, key, key_bitlen );
+ return mbedtls_camellia_setkey_enc((mbedtls_camellia_context *) ctx, key, key_bitlen);
}
-static void * camellia_ctx_alloc( void )
+static void *camellia_ctx_alloc(void)
{
mbedtls_camellia_context *ctx;
- ctx = mbedtls_calloc( 1, sizeof( mbedtls_camellia_context ) );
+ ctx = mbedtls_calloc(1, sizeof(mbedtls_camellia_context));
- if( ctx == NULL )
- return( NULL );
+ if (ctx == NULL) {
+ return NULL;
+ }
- mbedtls_camellia_init( ctx );
+ mbedtls_camellia_init(ctx);
- return( ctx );
+ return ctx;
}
-static void camellia_ctx_free( void *ctx )
+static void camellia_ctx_free(void *ctx)
{
- mbedtls_camellia_free( (mbedtls_camellia_context *) ctx );
- mbedtls_free( ctx );
+ mbedtls_camellia_free((mbedtls_camellia_context *) ctx);
+ mbedtls_free(ctx);
}
static const mbedtls_cipher_base_t camellia_info = {
@@ -881,11 +886,11 @@
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_GCM_C)
-static int gcm_camellia_setkey_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int gcm_camellia_setkey_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
- return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
- key, key_bitlen );
+ return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
+ key, key_bitlen);
}
static const mbedtls_cipher_base_t gcm_camellia_info = {
@@ -950,11 +955,11 @@
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
-static int ccm_camellia_setkey_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int ccm_camellia_setkey_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
- return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
- key, key_bitlen );
+ return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
+ key, key_bitlen);
}
static const mbedtls_cipher_base_t ccm_camellia_info = {
@@ -1022,73 +1027,74 @@
#if defined(MBEDTLS_ARIA_C)
-static int aria_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
- const unsigned char *input, unsigned char *output )
+static int aria_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation,
+ const unsigned char *input, unsigned char *output)
{
(void) operation;
- return mbedtls_aria_crypt_ecb( (mbedtls_aria_context *) ctx, input,
- output );
+ return mbedtls_aria_crypt_ecb((mbedtls_aria_context *) ctx, input,
+ output);
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int aria_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
- size_t length, unsigned char *iv,
- const unsigned char *input, unsigned char *output )
+static int aria_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation,
+ size_t length, unsigned char *iv,
+ const unsigned char *input, unsigned char *output)
{
- return mbedtls_aria_crypt_cbc( (mbedtls_aria_context *) ctx, operation, length, iv,
- input, output );
+ return mbedtls_aria_crypt_cbc((mbedtls_aria_context *) ctx, operation, length, iv,
+ input, output);
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static int aria_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
- size_t length, size_t *iv_off, unsigned char *iv,
- const unsigned char *input, unsigned char *output )
+static int aria_crypt_cfb128_wrap(void *ctx, mbedtls_operation_t operation,
+ size_t length, size_t *iv_off, unsigned char *iv,
+ const unsigned char *input, unsigned char *output)
{
- return mbedtls_aria_crypt_cfb128( (mbedtls_aria_context *) ctx, operation, length,
- iv_off, iv, input, output );
+ return mbedtls_aria_crypt_cfb128((mbedtls_aria_context *) ctx, operation, length,
+ iv_off, iv, input, output);
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static int aria_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
- unsigned char *nonce_counter, unsigned char *stream_block,
- const unsigned char *input, unsigned char *output )
+static int aria_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off,
+ unsigned char *nonce_counter, unsigned char *stream_block,
+ const unsigned char *input, unsigned char *output)
{
- return mbedtls_aria_crypt_ctr( (mbedtls_aria_context *) ctx, length, nc_off,
- nonce_counter, stream_block, input, output );
+ return mbedtls_aria_crypt_ctr((mbedtls_aria_context *) ctx, length, nc_off,
+ nonce_counter, stream_block, input, output);
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
-static int aria_setkey_dec_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int aria_setkey_dec_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
- return mbedtls_aria_setkey_dec( (mbedtls_aria_context *) ctx, key, key_bitlen );
+ return mbedtls_aria_setkey_dec((mbedtls_aria_context *) ctx, key, key_bitlen);
}
-static int aria_setkey_enc_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int aria_setkey_enc_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
- return mbedtls_aria_setkey_enc( (mbedtls_aria_context *) ctx, key, key_bitlen );
+ return mbedtls_aria_setkey_enc((mbedtls_aria_context *) ctx, key, key_bitlen);
}
-static void * aria_ctx_alloc( void )
+static void *aria_ctx_alloc(void)
{
mbedtls_aria_context *ctx;
- ctx = mbedtls_calloc( 1, sizeof( mbedtls_aria_context ) );
+ ctx = mbedtls_calloc(1, sizeof(mbedtls_aria_context));
- if( ctx == NULL )
- return( NULL );
+ if (ctx == NULL) {
+ return NULL;
+ }
- mbedtls_aria_init( ctx );
+ mbedtls_aria_init(ctx);
- return( ctx );
+ return ctx;
}
-static void aria_ctx_free( void *ctx )
+static void aria_ctx_free(void *ctx)
{
- mbedtls_aria_free( (mbedtls_aria_context *) ctx );
- mbedtls_free( ctx );
+ mbedtls_aria_free((mbedtls_aria_context *) ctx);
+ mbedtls_free(ctx);
}
static const mbedtls_cipher_base_t aria_info = {
@@ -1257,11 +1263,11 @@
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_GCM_C)
-static int gcm_aria_setkey_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int gcm_aria_setkey_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
- return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
- key, key_bitlen );
+ return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
+ key, key_bitlen);
}
static const mbedtls_cipher_base_t gcm_aria_info = {
@@ -1326,11 +1332,11 @@
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
-static int ccm_aria_setkey_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int ccm_aria_setkey_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
- return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
- key, key_bitlen );
+ return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
+ key, key_bitlen);
}
static const mbedtls_cipher_base_t ccm_aria_info = {
@@ -1398,121 +1404,123 @@
#if defined(MBEDTLS_DES_C)
-static int des_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
- const unsigned char *input, unsigned char *output )
+static int des_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation,
+ const unsigned char *input, unsigned char *output)
{
((void) operation);
- return mbedtls_des_crypt_ecb( (mbedtls_des_context *) ctx, input, output );
+ return mbedtls_des_crypt_ecb((mbedtls_des_context *) ctx, input, output);
}
-static int des3_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
- const unsigned char *input, unsigned char *output )
+static int des3_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation,
+ const unsigned char *input, unsigned char *output)
{
((void) operation);
- return mbedtls_des3_crypt_ecb( (mbedtls_des3_context *) ctx, input, output );
+ return mbedtls_des3_crypt_ecb((mbedtls_des3_context *) ctx, input, output);
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int des_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
- unsigned char *iv, const unsigned char *input, unsigned char *output )
+static int des_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t length,
+ unsigned char *iv, const unsigned char *input, unsigned char *output)
{
- return mbedtls_des_crypt_cbc( (mbedtls_des_context *) ctx, operation, length, iv, input,
- output );
+ return mbedtls_des_crypt_cbc((mbedtls_des_context *) ctx, operation, length, iv, input,
+ output);
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int des3_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
- unsigned char *iv, const unsigned char *input, unsigned char *output )
+static int des3_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t length,
+ unsigned char *iv, const unsigned char *input, unsigned char *output)
{
- return mbedtls_des3_crypt_cbc( (mbedtls_des3_context *) ctx, operation, length, iv, input,
- output );
+ return mbedtls_des3_crypt_cbc((mbedtls_des3_context *) ctx, operation, length, iv, input,
+ output);
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
-static int des_setkey_dec_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int des_setkey_dec_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
((void) key_bitlen);
- return mbedtls_des_setkey_dec( (mbedtls_des_context *) ctx, key );
+ return mbedtls_des_setkey_dec((mbedtls_des_context *) ctx, key);
}
-static int des_setkey_enc_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int des_setkey_enc_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
((void) key_bitlen);
- return mbedtls_des_setkey_enc( (mbedtls_des_context *) ctx, key );
+ return mbedtls_des_setkey_enc((mbedtls_des_context *) ctx, key);
}
-static int des3_set2key_dec_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int des3_set2key_dec_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
((void) key_bitlen);
- return mbedtls_des3_set2key_dec( (mbedtls_des3_context *) ctx, key );
+ return mbedtls_des3_set2key_dec((mbedtls_des3_context *) ctx, key);
}
-static int des3_set2key_enc_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int des3_set2key_enc_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
((void) key_bitlen);
- return mbedtls_des3_set2key_enc( (mbedtls_des3_context *) ctx, key );
+ return mbedtls_des3_set2key_enc((mbedtls_des3_context *) ctx, key);
}
-static int des3_set3key_dec_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int des3_set3key_dec_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
((void) key_bitlen);
- return mbedtls_des3_set3key_dec( (mbedtls_des3_context *) ctx, key );
+ return mbedtls_des3_set3key_dec((mbedtls_des3_context *) ctx, key);
}
-static int des3_set3key_enc_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int des3_set3key_enc_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
((void) key_bitlen);
- return mbedtls_des3_set3key_enc( (mbedtls_des3_context *) ctx, key );
+ return mbedtls_des3_set3key_enc((mbedtls_des3_context *) ctx, key);
}
-static void * des_ctx_alloc( void )
+static void *des_ctx_alloc(void)
{
- mbedtls_des_context *des = mbedtls_calloc( 1, sizeof( mbedtls_des_context ) );
+ mbedtls_des_context *des = mbedtls_calloc(1, sizeof(mbedtls_des_context));
- if( des == NULL )
- return( NULL );
+ if (des == NULL) {
+ return NULL;
+ }
- mbedtls_des_init( des );
+ mbedtls_des_init(des);
- return( des );
+ return des;
}
-static void des_ctx_free( void *ctx )
+static void des_ctx_free(void *ctx)
{
- mbedtls_des_free( (mbedtls_des_context *) ctx );
- mbedtls_free( ctx );
+ mbedtls_des_free((mbedtls_des_context *) ctx);
+ mbedtls_free(ctx);
}
-static void * des3_ctx_alloc( void )
+static void *des3_ctx_alloc(void)
{
mbedtls_des3_context *des3;
- des3 = mbedtls_calloc( 1, sizeof( mbedtls_des3_context ) );
+ des3 = mbedtls_calloc(1, sizeof(mbedtls_des3_context));
- if( des3 == NULL )
- return( NULL );
+ if (des3 == NULL) {
+ return NULL;
+ }
- mbedtls_des3_init( des3 );
+ mbedtls_des3_init(des3);
- return( des3 );
+ return des3;
}
-static void des3_ctx_free( void *ctx )
+static void des3_ctx_free(void *ctx)
{
- mbedtls_des3_free( (mbedtls_des3_context *) ctx );
- mbedtls_free( ctx );
+ mbedtls_des3_free((mbedtls_des3_context *) ctx);
+ mbedtls_free(ctx);
}
static const mbedtls_cipher_base_t des_info = {
@@ -1670,66 +1678,67 @@
#if defined(MBEDTLS_BLOWFISH_C)
-static int blowfish_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
- const unsigned char *input, unsigned char *output )
+static int blowfish_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation,
+ const unsigned char *input, unsigned char *output)
{
- return mbedtls_blowfish_crypt_ecb( (mbedtls_blowfish_context *) ctx, operation, input,
- output );
+ return mbedtls_blowfish_crypt_ecb((mbedtls_blowfish_context *) ctx, operation, input,
+ output);
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int blowfish_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
- size_t length, unsigned char *iv, const unsigned char *input,
- unsigned char *output )
+static int blowfish_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation,
+ size_t length, unsigned char *iv, const unsigned char *input,
+ unsigned char *output)
{
- return mbedtls_blowfish_crypt_cbc( (mbedtls_blowfish_context *) ctx, operation, length, iv,
- input, output );
+ return mbedtls_blowfish_crypt_cbc((mbedtls_blowfish_context *) ctx, operation, length, iv,
+ input, output);
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static int blowfish_crypt_cfb64_wrap( void *ctx, mbedtls_operation_t operation,
- size_t length, size_t *iv_off, unsigned char *iv,
- const unsigned char *input, unsigned char *output )
+static int blowfish_crypt_cfb64_wrap(void *ctx, mbedtls_operation_t operation,
+ size_t length, size_t *iv_off, unsigned char *iv,
+ const unsigned char *input, unsigned char *output)
{
- return mbedtls_blowfish_crypt_cfb64( (mbedtls_blowfish_context *) ctx, operation, length,
- iv_off, iv, input, output );
+ return mbedtls_blowfish_crypt_cfb64((mbedtls_blowfish_context *) ctx, operation, length,
+ iv_off, iv, input, output);
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static int blowfish_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
- unsigned char *nonce_counter, unsigned char *stream_block,
- const unsigned char *input, unsigned char *output )
+static int blowfish_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off,
+ unsigned char *nonce_counter, unsigned char *stream_block,
+ const unsigned char *input, unsigned char *output)
{
- return mbedtls_blowfish_crypt_ctr( (mbedtls_blowfish_context *) ctx, length, nc_off,
- nonce_counter, stream_block, input, output );
+ return mbedtls_blowfish_crypt_ctr((mbedtls_blowfish_context *) ctx, length, nc_off,
+ nonce_counter, stream_block, input, output);
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
-static int blowfish_setkey_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int blowfish_setkey_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
- return mbedtls_blowfish_setkey( (mbedtls_blowfish_context *) ctx, key, key_bitlen );
+ return mbedtls_blowfish_setkey((mbedtls_blowfish_context *) ctx, key, key_bitlen);
}
-static void * blowfish_ctx_alloc( void )
+static void *blowfish_ctx_alloc(void)
{
mbedtls_blowfish_context *ctx;
- ctx = mbedtls_calloc( 1, sizeof( mbedtls_blowfish_context ) );
+ ctx = mbedtls_calloc(1, sizeof(mbedtls_blowfish_context));
- if( ctx == NULL )
- return( NULL );
+ if (ctx == NULL) {
+ return NULL;
+ }
- mbedtls_blowfish_init( ctx );
+ mbedtls_blowfish_init(ctx);
- return( ctx );
+ return ctx;
}
-static void blowfish_ctx_free( void *ctx )
+static void blowfish_ctx_free(void *ctx)
{
- mbedtls_blowfish_free( (mbedtls_blowfish_context *) ctx );
- mbedtls_free( ctx );
+ mbedtls_blowfish_free((mbedtls_blowfish_context *) ctx);
+ mbedtls_free(ctx);
}
static const mbedtls_cipher_base_t blowfish_info = {
@@ -1811,41 +1820,43 @@
#endif /* MBEDTLS_BLOWFISH_C */
#if defined(MBEDTLS_ARC4_C)
-static int arc4_crypt_stream_wrap( void *ctx, size_t length,
- const unsigned char *input,
- unsigned char *output )
+static int arc4_crypt_stream_wrap(void *ctx, size_t length,
+ const unsigned char *input,
+ unsigned char *output)
{
- return( mbedtls_arc4_crypt( (mbedtls_arc4_context *) ctx, length, input, output ) );
+ return mbedtls_arc4_crypt((mbedtls_arc4_context *) ctx, length, input, output);
}
-static int arc4_setkey_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int arc4_setkey_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
/* we get key_bitlen in bits, arc4 expects it in bytes */
- if( key_bitlen % 8 != 0 )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (key_bitlen % 8 != 0) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
- mbedtls_arc4_setup( (mbedtls_arc4_context *) ctx, key, key_bitlen / 8 );
- return( 0 );
+ mbedtls_arc4_setup((mbedtls_arc4_context *) ctx, key, key_bitlen / 8);
+ return 0;
}
-static void * arc4_ctx_alloc( void )
+static void *arc4_ctx_alloc(void)
{
mbedtls_arc4_context *ctx;
- ctx = mbedtls_calloc( 1, sizeof( mbedtls_arc4_context ) );
+ ctx = mbedtls_calloc(1, sizeof(mbedtls_arc4_context));
- if( ctx == NULL )
- return( NULL );
+ if (ctx == NULL) {
+ return NULL;
+ }
- mbedtls_arc4_init( ctx );
+ mbedtls_arc4_init(ctx);
- return( ctx );
+ return ctx;
}
-static void arc4_ctx_free( void *ctx )
+static void arc4_ctx_free(void *ctx)
{
- mbedtls_arc4_free( (mbedtls_arc4_context *) ctx );
- mbedtls_free( ctx );
+ mbedtls_arc4_free((mbedtls_arc4_context *) ctx);
+ mbedtls_free(ctx);
}
static const mbedtls_cipher_base_t arc4_base_info = {
@@ -1889,48 +1900,52 @@
#if defined(MBEDTLS_CHACHA20_C)
-static int chacha20_setkey_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int chacha20_setkey_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
- if( key_bitlen != 256U )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (key_bitlen != 256U) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
- if ( 0 != mbedtls_chacha20_setkey( (mbedtls_chacha20_context*)ctx, key ) )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (0 != mbedtls_chacha20_setkey((mbedtls_chacha20_context *) ctx, key)) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
- return( 0 );
+ return 0;
}
-static int chacha20_stream_wrap( void *ctx, size_t length,
- const unsigned char *input,
- unsigned char *output )
+static int chacha20_stream_wrap(void *ctx, size_t length,
+ const unsigned char *input,
+ unsigned char *output)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ret = mbedtls_chacha20_update( ctx, length, input, output );
- if( ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ ret = mbedtls_chacha20_update(ctx, length, input, output);
+ if (ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
- return( ret );
+ return ret;
}
-static void * chacha20_ctx_alloc( void )
+static void *chacha20_ctx_alloc(void)
{
mbedtls_chacha20_context *ctx;
- ctx = mbedtls_calloc( 1, sizeof( mbedtls_chacha20_context ) );
+ ctx = mbedtls_calloc(1, sizeof(mbedtls_chacha20_context));
- if( ctx == NULL )
- return( NULL );
+ if (ctx == NULL) {
+ return NULL;
+ }
- mbedtls_chacha20_init( ctx );
+ mbedtls_chacha20_init(ctx);
- return( ctx );
+ return ctx;
}
-static void chacha20_ctx_free( void *ctx )
+static void chacha20_ctx_free(void *ctx)
{
- mbedtls_chacha20_free( (mbedtls_chacha20_context *) ctx );
- mbedtls_free( ctx );
+ mbedtls_chacha20_free((mbedtls_chacha20_context *) ctx);
+ mbedtls_free(ctx);
}
static const mbedtls_cipher_base_t chacha20_base_info = {
@@ -1973,36 +1988,39 @@
#if defined(MBEDTLS_CHACHAPOLY_C)
-static int chachapoly_setkey_wrap( void *ctx,
- const unsigned char *key,
- unsigned int key_bitlen )
+static int chachapoly_setkey_wrap(void *ctx,
+ const unsigned char *key,
+ unsigned int key_bitlen)
{
- if( key_bitlen != 256U )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (key_bitlen != 256U) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
- if ( 0 != mbedtls_chachapoly_setkey( (mbedtls_chachapoly_context*)ctx, key ) )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (0 != mbedtls_chachapoly_setkey((mbedtls_chachapoly_context *) ctx, key)) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
- return( 0 );
+ return 0;
}
-static void * chachapoly_ctx_alloc( void )
+static void *chachapoly_ctx_alloc(void)
{
mbedtls_chachapoly_context *ctx;
- ctx = mbedtls_calloc( 1, sizeof( mbedtls_chachapoly_context ) );
+ ctx = mbedtls_calloc(1, sizeof(mbedtls_chachapoly_context));
- if( ctx == NULL )
- return( NULL );
+ if (ctx == NULL) {
+ return NULL;
+ }
- mbedtls_chachapoly_init( ctx );
+ mbedtls_chachapoly_init(ctx);
- return( ctx );
+ return ctx;
}
-static void chachapoly_ctx_free( void *ctx )
+static void chachapoly_ctx_free(void *ctx)
{
- mbedtls_chachapoly_free( (mbedtls_chachapoly_context *) ctx );
- mbedtls_free( ctx );
+ mbedtls_chachapoly_free((mbedtls_chachapoly_context *) ctx);
+ mbedtls_free(ctx);
}
static const mbedtls_cipher_base_t chachapoly_base_info = {
@@ -2044,31 +2062,31 @@
#endif /* MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-static int null_crypt_stream( void *ctx, size_t length,
- const unsigned char *input,
- unsigned char *output )
+static int null_crypt_stream(void *ctx, size_t length,
+ const unsigned char *input,
+ unsigned char *output)
{
((void) ctx);
- memmove( output, input, length );
- return( 0 );
+ memmove(output, input, length);
+ return 0;
}
-static int null_setkey( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int null_setkey(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
((void) ctx);
((void) key);
((void) key_bitlen);
- return( 0 );
+ return 0;
}
-static void * null_ctx_alloc( void )
+static void *null_ctx_alloc(void)
{
- return( (void *) 1 );
+ return (void *) 1;
}
-static void null_ctx_free( void *ctx )
+static void null_ctx_free(void *ctx)
{
((void) ctx);
}
@@ -2113,34 +2131,35 @@
#endif /* defined(MBEDTLS_CIPHER_NULL_CIPHER) */
#if defined(MBEDTLS_NIST_KW_C)
-static void *kw_ctx_alloc( void )
+static void *kw_ctx_alloc(void)
{
- void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_nist_kw_context ) );
+ void *ctx = mbedtls_calloc(1, sizeof(mbedtls_nist_kw_context));
- if( ctx != NULL )
- mbedtls_nist_kw_init( (mbedtls_nist_kw_context *) ctx );
+ if (ctx != NULL) {
+ mbedtls_nist_kw_init((mbedtls_nist_kw_context *) ctx);
+ }
- return( ctx );
+ return ctx;
}
-static void kw_ctx_free( void *ctx )
+static void kw_ctx_free(void *ctx)
{
- mbedtls_nist_kw_free( ctx );
- mbedtls_free( ctx );
+ mbedtls_nist_kw_free(ctx);
+ mbedtls_free(ctx);
}
-static int kw_aes_setkey_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int kw_aes_setkey_wrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
- return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx,
- MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 1 );
+ return mbedtls_nist_kw_setkey((mbedtls_nist_kw_context *) ctx,
+ MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 1);
}
-static int kw_aes_setkey_unwrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
+static int kw_aes_setkey_unwrap(void *ctx, const unsigned char *key,
+ unsigned int key_bitlen)
{
- return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx,
- MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 0 );
+ return mbedtls_nist_kw_setkey((mbedtls_nist_kw_context *) ctx,
+ MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 0);
}
static const mbedtls_cipher_base_t kw_aes_info = {
@@ -2393,8 +2412,8 @@
{ MBEDTLS_CIPHER_NONE, NULL }
};
-#define NUM_CIPHERS ( sizeof(mbedtls_cipher_definitions) / \
- sizeof(mbedtls_cipher_definitions[0]) )
+#define NUM_CIPHERS (sizeof(mbedtls_cipher_definitions) / \
+ sizeof(mbedtls_cipher_definitions[0]))
int mbedtls_cipher_supported[NUM_CIPHERS];
#endif /* MBEDTLS_CIPHER_C */
diff --git a/library/cmac.c b/library/cmac.c
index 3cc49d1..0c07de6 100644
--- a/library/cmac.c
+++ b/library/cmac.c
@@ -63,9 +63,9 @@
* Input and output MUST NOT point to the same buffer
* Block size must be 8 bytes or 16 bytes - the block sizes for DES and AES.
*/
-static int cmac_multiply_by_u( unsigned char *output,
- const unsigned char *input,
- size_t blocksize )
+static int cmac_multiply_by_u(unsigned char *output,
+ const unsigned char *input,
+ size_t blocksize)
{
const unsigned char R_128 = 0x87;
const unsigned char R_64 = 0x1B;
@@ -73,21 +73,15 @@
unsigned char overflow = 0x00;
int i;
- if( blocksize == MBEDTLS_AES_BLOCK_SIZE )
- {
+ if (blocksize == MBEDTLS_AES_BLOCK_SIZE) {
R_n = R_128;
- }
- else if( blocksize == MBEDTLS_DES3_BLOCK_SIZE )
- {
+ } else if (blocksize == MBEDTLS_DES3_BLOCK_SIZE) {
R_n = R_64;
- }
- else
- {
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ } else {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
- for( i = (int)blocksize - 1; i >= 0; i-- )
- {
+ for (i = (int) blocksize - 1; i >= 0; i--) {
output[i] = input[i] << 1 | overflow;
overflow = input[i] >> 7;
}
@@ -101,14 +95,14 @@
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
- mask = - ( input[0] >> 7 );
+ mask = -(input[0] >> 7);
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
- output[ blocksize - 1 ] ^= R_n & mask;
+ output[blocksize - 1] ^= R_n & mask;
- return( 0 );
+ return 0;
}
/*
@@ -116,46 +110,50 @@
*
* - as specified by RFC 4493, section 2.3 Subkey Generation Algorithm
*/
-static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx,
- unsigned char* K1, unsigned char* K2 )
+static int cmac_generate_subkeys(mbedtls_cipher_context_t *ctx,
+ unsigned char *K1, unsigned char *K2)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX];
size_t olen, block_size;
- mbedtls_platform_zeroize( L, sizeof( L ) );
+ mbedtls_platform_zeroize(L, sizeof(L));
block_size = ctx->cipher_info->block_size;
/* Calculate Ek(0) */
- if( ( ret = mbedtls_cipher_update( ctx, L, block_size, L, &olen ) ) != 0 )
+ if ((ret = mbedtls_cipher_update(ctx, L, block_size, L, &olen)) != 0) {
goto exit;
+ }
/*
* Generate K1 and K2
*/
- if( ( ret = cmac_multiply_by_u( K1, L , block_size ) ) != 0 )
+ if ((ret = cmac_multiply_by_u(K1, L, block_size)) != 0) {
goto exit;
+ }
- if( ( ret = cmac_multiply_by_u( K2, K1 , block_size ) ) != 0 )
+ if ((ret = cmac_multiply_by_u(K2, K1, block_size)) != 0) {
goto exit;
+ }
exit:
- mbedtls_platform_zeroize( L, sizeof( L ) );
+ mbedtls_platform_zeroize(L, sizeof(L));
- return( ret );
+ return ret;
}
#endif /* !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) */
#if !defined(MBEDTLS_CMAC_ALT)
-static void cmac_xor_block( unsigned char *output, const unsigned char *input1,
- const unsigned char *input2,
- const size_t block_size )
+static void cmac_xor_block(unsigned char *output, const unsigned char *input1,
+ const unsigned char *input2,
+ const size_t block_size)
{
size_t idx;
- for( idx = 0; idx < block_size; idx++ )
- output[ idx ] = input1[ idx ] ^ input2[ idx ];
+ for (idx = 0; idx < block_size; idx++) {
+ output[idx] = input1[idx] ^ input2[idx];
+ }
}
/*
@@ -164,75 +162,78 @@
* We can't use the padding option from the cipher layer, as it only works for
* CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition.
*/
-static void cmac_pad( unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX],
- size_t padded_block_len,
- const unsigned char *last_block,
- size_t last_block_len )
+static void cmac_pad(unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX],
+ size_t padded_block_len,
+ const unsigned char *last_block,
+ size_t last_block_len)
{
size_t j;
- for( j = 0; j < padded_block_len; j++ )
- {
- if( j < last_block_len )
+ for (j = 0; j < padded_block_len; j++) {
+ if (j < last_block_len) {
padded_block[j] = last_block[j];
- else if( j == last_block_len )
+ } else if (j == last_block_len) {
padded_block[j] = 0x80;
- else
+ } else {
padded_block[j] = 0x00;
+ }
}
}
-int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
- const unsigned char *key, size_t keybits )
+int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx,
+ const unsigned char *key, size_t keybits)
{
mbedtls_cipher_type_t type;
mbedtls_cmac_context_t *cmac_ctx;
int retval;
- if( ctx == NULL || ctx->cipher_info == NULL || key == NULL )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (ctx == NULL || ctx->cipher_info == NULL || key == NULL) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
- if( ( retval = mbedtls_cipher_setkey( ctx, key, (int)keybits,
- MBEDTLS_ENCRYPT ) ) != 0 )
- return( retval );
+ if ((retval = mbedtls_cipher_setkey(ctx, key, (int) keybits,
+ MBEDTLS_ENCRYPT)) != 0) {
+ return retval;
+ }
type = ctx->cipher_info->type;
- switch( type )
- {
+ switch (type) {
case MBEDTLS_CIPHER_AES_128_ECB:
case MBEDTLS_CIPHER_AES_192_ECB:
case MBEDTLS_CIPHER_AES_256_ECB:
case MBEDTLS_CIPHER_DES_EDE3_ECB:
break;
default:
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
/* Allocated and initialise in the cipher context memory for the CMAC
* context */
- cmac_ctx = mbedtls_calloc( 1, sizeof( mbedtls_cmac_context_t ) );
- if( cmac_ctx == NULL )
- return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
+ cmac_ctx = mbedtls_calloc(1, sizeof(mbedtls_cmac_context_t));
+ if (cmac_ctx == NULL) {
+ return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
+ }
ctx->cmac_ctx = cmac_ctx;
- mbedtls_platform_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) );
+ mbedtls_platform_zeroize(cmac_ctx->state, sizeof(cmac_ctx->state));
return 0;
}
-int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
- const unsigned char *input, size_t ilen )
+int mbedtls_cipher_cmac_update(mbedtls_cipher_context_t *ctx,
+ const unsigned char *input, size_t ilen)
{
- mbedtls_cmac_context_t* cmac_ctx;
+ mbedtls_cmac_context_t *cmac_ctx;
unsigned char *state;
int ret = 0;
size_t n, j, olen, block_size;
- if( ctx == NULL || ctx->cipher_info == NULL || input == NULL ||
- ctx->cmac_ctx == NULL )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (ctx == NULL || ctx->cipher_info == NULL || input == NULL ||
+ ctx->cmac_ctx == NULL) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
cmac_ctx = ctx->cmac_ctx;
block_size = ctx->cipher_info->block_size;
@@ -240,19 +241,17 @@
/* Is there data still to process from the last call, that's greater in
* size than a block? */
- if( cmac_ctx->unprocessed_len > 0 &&
- ilen > block_size - cmac_ctx->unprocessed_len )
- {
- memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
- input,
- block_size - cmac_ctx->unprocessed_len );
+ if (cmac_ctx->unprocessed_len > 0 &&
+ ilen > block_size - cmac_ctx->unprocessed_len) {
+ memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
+ input,
+ block_size - cmac_ctx->unprocessed_len);
- cmac_xor_block( state, cmac_ctx->unprocessed_block, state, block_size );
+ cmac_xor_block(state, cmac_ctx->unprocessed_block, state, block_size);
- if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state,
- &olen ) ) != 0 )
- {
- goto exit;
+ if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
+ &olen)) != 0) {
+ goto exit;
}
input += block_size - cmac_ctx->unprocessed_len;
@@ -261,39 +260,38 @@
}
/* n is the number of blocks including any final partial block */
- n = ( ilen + block_size - 1 ) / block_size;
+ n = (ilen + block_size - 1) / block_size;
/* Iterate across the input data in block sized chunks, excluding any
* final partial or complete block */
- for( j = 1; j < n; j++ )
- {
- cmac_xor_block( state, input, state, block_size );
+ for (j = 1; j < n; j++) {
+ cmac_xor_block(state, input, state, block_size);
- if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state,
- &olen ) ) != 0 )
- goto exit;
+ if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
+ &olen)) != 0) {
+ goto exit;
+ }
ilen -= block_size;
input += block_size;
}
/* If there is data left over that wasn't aligned to a block */
- if( ilen > 0 )
- {
- memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
- input,
- ilen );
+ if (ilen > 0) {
+ memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
+ input,
+ ilen);
cmac_ctx->unprocessed_len += ilen;
}
exit:
- return( ret );
+ return ret;
}
-int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
- unsigned char *output )
+int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx,
+ unsigned char *output)
{
- mbedtls_cmac_context_t* cmac_ctx;
+ mbedtls_cmac_context_t *cmac_ctx;
unsigned char *state, *last_block;
unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
@@ -301,153 +299,153 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen, block_size;
- if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ||
- output == NULL )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ||
+ output == NULL) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
cmac_ctx = ctx->cmac_ctx;
block_size = ctx->cipher_info->block_size;
state = cmac_ctx->state;
- mbedtls_platform_zeroize( K1, sizeof( K1 ) );
- mbedtls_platform_zeroize( K2, sizeof( K2 ) );
- cmac_generate_subkeys( ctx, K1, K2 );
+ mbedtls_platform_zeroize(K1, sizeof(K1));
+ mbedtls_platform_zeroize(K2, sizeof(K2));
+ cmac_generate_subkeys(ctx, K1, K2);
last_block = cmac_ctx->unprocessed_block;
/* Calculate last block */
- if( cmac_ctx->unprocessed_len < block_size )
- {
- cmac_pad( M_last, block_size, last_block, cmac_ctx->unprocessed_len );
- cmac_xor_block( M_last, M_last, K2, block_size );
- }
- else
- {
+ if (cmac_ctx->unprocessed_len < block_size) {
+ cmac_pad(M_last, block_size, last_block, cmac_ctx->unprocessed_len);
+ cmac_xor_block(M_last, M_last, K2, block_size);
+ } else {
/* Last block is complete block */
- cmac_xor_block( M_last, last_block, K1, block_size );
+ cmac_xor_block(M_last, last_block, K1, block_size);
}
- cmac_xor_block( state, M_last, state, block_size );
- if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state,
- &olen ) ) != 0 )
- {
+ cmac_xor_block(state, M_last, state, block_size);
+ if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
+ &olen)) != 0) {
goto exit;
}
- memcpy( output, state, block_size );
+ memcpy(output, state, block_size);
exit:
/* Wipe the generated keys on the stack, and any other transients to avoid
* side channel leakage */
- mbedtls_platform_zeroize( K1, sizeof( K1 ) );
- mbedtls_platform_zeroize( K2, sizeof( K2 ) );
+ mbedtls_platform_zeroize(K1, sizeof(K1));
+ mbedtls_platform_zeroize(K2, sizeof(K2));
cmac_ctx->unprocessed_len = 0;
- mbedtls_platform_zeroize( cmac_ctx->unprocessed_block,
- sizeof( cmac_ctx->unprocessed_block ) );
+ mbedtls_platform_zeroize(cmac_ctx->unprocessed_block,
+ sizeof(cmac_ctx->unprocessed_block));
- mbedtls_platform_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX );
- return( ret );
+ mbedtls_platform_zeroize(state, MBEDTLS_CIPHER_BLKSIZE_MAX);
+ return ret;
}
-int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx )
+int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx)
{
- mbedtls_cmac_context_t* cmac_ctx;
+ mbedtls_cmac_context_t *cmac_ctx;
- if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
cmac_ctx = ctx->cmac_ctx;
/* Reset the internal state */
cmac_ctx->unprocessed_len = 0;
- mbedtls_platform_zeroize( cmac_ctx->unprocessed_block,
- sizeof( cmac_ctx->unprocessed_block ) );
- mbedtls_platform_zeroize( cmac_ctx->state,
- sizeof( cmac_ctx->state ) );
+ mbedtls_platform_zeroize(cmac_ctx->unprocessed_block,
+ sizeof(cmac_ctx->unprocessed_block));
+ mbedtls_platform_zeroize(cmac_ctx->state,
+ sizeof(cmac_ctx->state));
- return( 0 );
+ return 0;
}
-int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
- const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char *output )
+int mbedtls_cipher_cmac(const mbedtls_cipher_info_t *cipher_info,
+ const unsigned char *key, size_t keylen,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output)
{
mbedtls_cipher_context_t ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( cipher_info == NULL || key == NULL || input == NULL || output == NULL )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (cipher_info == NULL || key == NULL || input == NULL || output == NULL) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
- mbedtls_cipher_init( &ctx );
+ mbedtls_cipher_init(&ctx);
- if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 )
+ if ((ret = mbedtls_cipher_setup(&ctx, cipher_info)) != 0) {
goto exit;
+ }
- ret = mbedtls_cipher_cmac_starts( &ctx, key, keylen );
- if( ret != 0 )
+ ret = mbedtls_cipher_cmac_starts(&ctx, key, keylen);
+ if (ret != 0) {
goto exit;
+ }
- ret = mbedtls_cipher_cmac_update( &ctx, input, ilen );
- if( ret != 0 )
+ ret = mbedtls_cipher_cmac_update(&ctx, input, ilen);
+ if (ret != 0) {
goto exit;
+ }
- ret = mbedtls_cipher_cmac_finish( &ctx, output );
+ ret = mbedtls_cipher_cmac_finish(&ctx, output);
exit:
- mbedtls_cipher_free( &ctx );
+ mbedtls_cipher_free(&ctx);
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_AES_C)
/*
* Implementation of AES-CMAC-PRF-128 defined in RFC 4615
*/
-int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
- const unsigned char *input, size_t in_len,
- unsigned char output[16] )
+int mbedtls_aes_cmac_prf_128(const unsigned char *key, size_t key_length,
+ const unsigned char *input, size_t in_len,
+ unsigned char output[16])
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE];
unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE];
- if( key == NULL || input == NULL || output == NULL )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (key == NULL || input == NULL || output == NULL) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
- cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB );
- if( cipher_info == NULL )
- {
+ cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB);
+ if (cipher_info == NULL) {
/* Failing at this point must be due to a build issue */
ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
goto exit;
}
- if( key_length == MBEDTLS_AES_BLOCK_SIZE )
- {
+ if (key_length == MBEDTLS_AES_BLOCK_SIZE) {
/* Use key as is */
- memcpy( int_key, key, MBEDTLS_AES_BLOCK_SIZE );
- }
- else
- {
- memset( zero_key, 0, MBEDTLS_AES_BLOCK_SIZE );
+ memcpy(int_key, key, MBEDTLS_AES_BLOCK_SIZE);
+ } else {
+ memset(zero_key, 0, MBEDTLS_AES_BLOCK_SIZE);
- ret = mbedtls_cipher_cmac( cipher_info, zero_key, 128, key,
- key_length, int_key );
- if( ret != 0 )
+ ret = mbedtls_cipher_cmac(cipher_info, zero_key, 128, key,
+ key_length, int_key);
+ if (ret != 0) {
goto exit;
+ }
}
- ret = mbedtls_cipher_cmac( cipher_info, int_key, 128, input, in_len,
- output );
+ ret = mbedtls_cipher_cmac(cipher_info, int_key, 128, input, in_len,
+ output);
exit:
- mbedtls_platform_zeroize( int_key, sizeof( int_key ) );
+ mbedtls_platform_zeroize(int_key, sizeof(int_key));
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_AES_C */
@@ -508,7 +506,8 @@
0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b
}
};
-static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
+static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] =
+{
{
/* Example #1 */
0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
@@ -549,7 +548,8 @@
0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c
}
};
-static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
+static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] =
+{
{
/* Example #1 */
0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
@@ -591,7 +591,8 @@
0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9
}
};
-static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
+static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] =
+{
{
/* Example #1 */
0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
@@ -643,7 +644,8 @@
0x1b, 0xa5, 0x96, 0xf4, 0x7b, 0x11, 0x11, 0xb2
}
};
-static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
+static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE]
+ = {
{
/* Sample #1 */
0x79, 0xce, 0x52, 0xa7, 0xf7, 0x86, 0xa9, 0x60
@@ -660,7 +662,7 @@
/* Sample #4 */
0x9c, 0xd3, 0x35, 0x80, 0xf9, 0xb6, 0x4d, 0xfb
}
-};
+ };
/* CMAC-TDES (Generation) - 3 Key Test Data */
static const unsigned char des3_3key_key[24] = {
@@ -681,7 +683,8 @@
0x3a, 0xe9, 0xce, 0x72, 0x66, 0x2f, 0x2d, 0x9b
}
};
-static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
+static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE]
+ = {
{
/* Sample #1 */
0x7d, 0xb0, 0xd3, 0x7d, 0xf9, 0x36, 0xc5, 0x50
@@ -698,7 +701,7 @@
/* Sample #4 */
0x99, 0x42, 0x9b, 0xd0, 0xbF, 0x79, 0x04, 0xe5
}
-};
+ };
#endif /* MBEDTLS_DES_C */
@@ -741,14 +744,14 @@
};
#endif /* MBEDTLS_AES_C */
-static int cmac_test_subkeys( int verbose,
- const char* testname,
- const unsigned char* key,
- int keybits,
- const unsigned char* subkeys,
- mbedtls_cipher_type_t cipher_type,
- int block_size,
- int num_tests )
+static int cmac_test_subkeys(int verbose,
+ const char *testname,
+ const unsigned char *key,
+ int keybits,
+ const unsigned char *subkeys,
+ mbedtls_cipher_type_t cipher_type,
+ int block_size,
+ int num_tests)
{
int i, ret = 0;
mbedtls_cipher_context_t ctx;
@@ -756,330 +759,321 @@
unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
- cipher_info = mbedtls_cipher_info_from_type( cipher_type );
- if( cipher_info == NULL )
- {
+ cipher_info = mbedtls_cipher_info_from_type(cipher_type);
+ if (cipher_info == NULL) {
/* Failing at this point must be due to a build issue */
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
- for( i = 0; i < num_tests; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " %s CMAC subkey #%d: ", testname, i + 1 );
+ for (i = 0; i < num_tests; i++) {
+ if (verbose != 0) {
+ mbedtls_printf(" %s CMAC subkey #%d: ", testname, i + 1);
+ }
- mbedtls_cipher_init( &ctx );
+ mbedtls_cipher_init(&ctx);
- if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "test execution failed\n" );
+ if ((ret = mbedtls_cipher_setup(&ctx, cipher_info)) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("test execution failed\n");
+ }
goto cleanup;
}
- if( ( ret = mbedtls_cipher_setkey( &ctx, key, keybits,
- MBEDTLS_ENCRYPT ) ) != 0 )
- {
+ if ((ret = mbedtls_cipher_setkey(&ctx, key, keybits,
+ MBEDTLS_ENCRYPT)) != 0) {
/* When CMAC is implemented by an alternative implementation, or
* the underlying primitive itself is implemented alternatively,
* AES-192 may be unavailable. This should not cause the selftest
* function to fail. */
- if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ||
- ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) &&
- cipher_type == MBEDTLS_CIPHER_AES_192_ECB ) {
- if( verbose != 0 )
- mbedtls_printf( "skipped\n" );
+ if ((ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ||
+ ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) &&
+ cipher_type == MBEDTLS_CIPHER_AES_192_ECB) {
+ if (verbose != 0) {
+ mbedtls_printf("skipped\n");
+ }
goto next_test;
}
- if( verbose != 0 )
- mbedtls_printf( "test execution failed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("test execution failed\n");
+ }
goto cleanup;
}
- ret = cmac_generate_subkeys( &ctx, K1, K2 );
- if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ ret = cmac_generate_subkeys(&ctx, K1, K2);
+ if (ret != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
goto cleanup;
}
- if( ( ret = memcmp( K1, subkeys, block_size ) ) != 0 ||
- ( ret = memcmp( K2, &subkeys[block_size], block_size ) ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if ((ret = memcmp(K1, subkeys, block_size)) != 0 ||
+ (ret = memcmp(K2, &subkeys[block_size], block_size)) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
goto cleanup;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
next_test:
- mbedtls_cipher_free( &ctx );
+ mbedtls_cipher_free(&ctx);
}
ret = 0;
goto exit;
cleanup:
- mbedtls_cipher_free( &ctx );
+ mbedtls_cipher_free(&ctx);
exit:
- return( ret );
+ return ret;
}
-static int cmac_test_wth_cipher( int verbose,
- const char* testname,
- const unsigned char* key,
- int keybits,
- const unsigned char* messages,
- const unsigned int message_lengths[4],
- const unsigned char* expected_result,
- mbedtls_cipher_type_t cipher_type,
- int block_size,
- int num_tests )
+static int cmac_test_wth_cipher(int verbose,
+ const char *testname,
+ const unsigned char *key,
+ int keybits,
+ const unsigned char *messages,
+ const unsigned int message_lengths[4],
+ const unsigned char *expected_result,
+ mbedtls_cipher_type_t cipher_type,
+ int block_size,
+ int num_tests)
{
const mbedtls_cipher_info_t *cipher_info;
int i, ret = 0;
unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
- cipher_info = mbedtls_cipher_info_from_type( cipher_type );
- if( cipher_info == NULL )
- {
+ cipher_info = mbedtls_cipher_info_from_type(cipher_type);
+ if (cipher_info == NULL) {
/* Failing at this point must be due to a build issue */
ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
goto exit;
}
- for( i = 0; i < num_tests; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " %s CMAC #%d: ", testname, i + 1 );
+ for (i = 0; i < num_tests; i++) {
+ if (verbose != 0) {
+ mbedtls_printf(" %s CMAC #%d: ", testname, i + 1);
+ }
- if( ( ret = mbedtls_cipher_cmac( cipher_info, key, keybits, messages,
- message_lengths[i], output ) ) != 0 )
- {
+ if ((ret = mbedtls_cipher_cmac(cipher_info, key, keybits, messages,
+ message_lengths[i], output)) != 0) {
/* When CMAC is implemented by an alternative implementation, or
* the underlying primitive itself is implemented alternatively,
* AES-192 and/or 3DES may be unavailable. This should not cause
* the selftest function to fail. */
- if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ||
- ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) &&
- ( cipher_type == MBEDTLS_CIPHER_AES_192_ECB ||
- cipher_type == MBEDTLS_CIPHER_DES_EDE3_ECB ) ) {
- if( verbose != 0 )
- mbedtls_printf( "skipped\n" );
+ if ((ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ||
+ ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) &&
+ (cipher_type == MBEDTLS_CIPHER_AES_192_ECB ||
+ cipher_type == MBEDTLS_CIPHER_DES_EDE3_ECB)) {
+ if (verbose != 0) {
+ mbedtls_printf("skipped\n");
+ }
continue;
}
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
goto exit;
}
- if( ( ret = memcmp( output, &expected_result[i * block_size], block_size ) ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if ((ret = memcmp(output, &expected_result[i * block_size], block_size)) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
goto exit;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
ret = 0;
exit:
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_AES_C)
-static int test_aes128_cmac_prf( int verbose )
+static int test_aes128_cmac_prf(int verbose)
{
int i;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char output[MBEDTLS_AES_BLOCK_SIZE];
- for( i = 0; i < NB_PRF_TESTS; i++ )
- {
- mbedtls_printf( " AES CMAC 128 PRF #%d: ", i );
- ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, output );
- if( ret != 0 ||
- memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 )
- {
+ for (i = 0; i < NB_PRF_TESTS; i++) {
+ mbedtls_printf(" AES CMAC 128 PRF #%d: ", i);
+ ret = mbedtls_aes_cmac_prf_128(PRFK, PRFKlen[i], PRFM, 20, output);
+ if (ret != 0 ||
+ memcmp(output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE) != 0) {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
- return( ret );
- }
- else if( verbose != 0 )
- {
- mbedtls_printf( "passed\n" );
+ return ret;
+ } else if (verbose != 0) {
+ mbedtls_printf("passed\n");
}
}
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_AES_C */
-int mbedtls_cmac_self_test( int verbose )
+int mbedtls_cmac_self_test(int verbose)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_AES_C)
/* AES-128 */
- if( ( ret = cmac_test_subkeys( verbose,
- "AES 128",
- aes_128_key,
- 128,
- (const unsigned char*)aes_128_subkeys,
- MBEDTLS_CIPHER_AES_128_ECB,
- MBEDTLS_AES_BLOCK_SIZE,
- NB_CMAC_TESTS_PER_KEY ) ) != 0 )
- {
- return( ret );
+ if ((ret = cmac_test_subkeys(verbose,
+ "AES 128",
+ aes_128_key,
+ 128,
+ (const unsigned char *) aes_128_subkeys,
+ MBEDTLS_CIPHER_AES_128_ECB,
+ MBEDTLS_AES_BLOCK_SIZE,
+ NB_CMAC_TESTS_PER_KEY)) != 0) {
+ return ret;
}
- if( ( ret = cmac_test_wth_cipher( verbose,
- "AES 128",
- aes_128_key,
- 128,
- test_message,
- aes_message_lengths,
- (const unsigned char*)aes_128_expected_result,
- MBEDTLS_CIPHER_AES_128_ECB,
- MBEDTLS_AES_BLOCK_SIZE,
- NB_CMAC_TESTS_PER_KEY ) ) != 0 )
- {
- return( ret );
+ if ((ret = cmac_test_wth_cipher(verbose,
+ "AES 128",
+ aes_128_key,
+ 128,
+ test_message,
+ aes_message_lengths,
+ (const unsigned char *) aes_128_expected_result,
+ MBEDTLS_CIPHER_AES_128_ECB,
+ MBEDTLS_AES_BLOCK_SIZE,
+ NB_CMAC_TESTS_PER_KEY)) != 0) {
+ return ret;
}
/* AES-192 */
- if( ( ret = cmac_test_subkeys( verbose,
- "AES 192",
- aes_192_key,
- 192,
- (const unsigned char*)aes_192_subkeys,
- MBEDTLS_CIPHER_AES_192_ECB,
- MBEDTLS_AES_BLOCK_SIZE,
- NB_CMAC_TESTS_PER_KEY ) ) != 0 )
- {
- return( ret );
+ if ((ret = cmac_test_subkeys(verbose,
+ "AES 192",
+ aes_192_key,
+ 192,
+ (const unsigned char *) aes_192_subkeys,
+ MBEDTLS_CIPHER_AES_192_ECB,
+ MBEDTLS_AES_BLOCK_SIZE,
+ NB_CMAC_TESTS_PER_KEY)) != 0) {
+ return ret;
}
- if( ( ret = cmac_test_wth_cipher( verbose,
- "AES 192",
- aes_192_key,
- 192,
- test_message,
- aes_message_lengths,
- (const unsigned char*)aes_192_expected_result,
- MBEDTLS_CIPHER_AES_192_ECB,
- MBEDTLS_AES_BLOCK_SIZE,
- NB_CMAC_TESTS_PER_KEY ) ) != 0 )
- {
- return( ret );
+ if ((ret = cmac_test_wth_cipher(verbose,
+ "AES 192",
+ aes_192_key,
+ 192,
+ test_message,
+ aes_message_lengths,
+ (const unsigned char *) aes_192_expected_result,
+ MBEDTLS_CIPHER_AES_192_ECB,
+ MBEDTLS_AES_BLOCK_SIZE,
+ NB_CMAC_TESTS_PER_KEY)) != 0) {
+ return ret;
}
/* AES-256 */
- if( ( ret = cmac_test_subkeys( verbose,
- "AES 256",
- aes_256_key,
- 256,
- (const unsigned char*)aes_256_subkeys,
- MBEDTLS_CIPHER_AES_256_ECB,
- MBEDTLS_AES_BLOCK_SIZE,
- NB_CMAC_TESTS_PER_KEY ) ) != 0 )
- {
- return( ret );
+ if ((ret = cmac_test_subkeys(verbose,
+ "AES 256",
+ aes_256_key,
+ 256,
+ (const unsigned char *) aes_256_subkeys,
+ MBEDTLS_CIPHER_AES_256_ECB,
+ MBEDTLS_AES_BLOCK_SIZE,
+ NB_CMAC_TESTS_PER_KEY)) != 0) {
+ return ret;
}
- if( ( ret = cmac_test_wth_cipher ( verbose,
- "AES 256",
- aes_256_key,
- 256,
- test_message,
- aes_message_lengths,
- (const unsigned char*)aes_256_expected_result,
- MBEDTLS_CIPHER_AES_256_ECB,
- MBEDTLS_AES_BLOCK_SIZE,
- NB_CMAC_TESTS_PER_KEY ) ) != 0 )
- {
- return( ret );
+ if ((ret = cmac_test_wth_cipher(verbose,
+ "AES 256",
+ aes_256_key,
+ 256,
+ test_message,
+ aes_message_lengths,
+ (const unsigned char *) aes_256_expected_result,
+ MBEDTLS_CIPHER_AES_256_ECB,
+ MBEDTLS_AES_BLOCK_SIZE,
+ NB_CMAC_TESTS_PER_KEY)) != 0) {
+ return ret;
}
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_DES_C)
/* 3DES 2 key */
- if( ( ret = cmac_test_subkeys( verbose,
- "3DES 2 key",
- des3_2key_key,
- 192,
- (const unsigned char*)des3_2key_subkeys,
- MBEDTLS_CIPHER_DES_EDE3_ECB,
- MBEDTLS_DES3_BLOCK_SIZE,
- NB_CMAC_TESTS_PER_KEY ) ) != 0 )
- {
- return( ret );
+ if ((ret = cmac_test_subkeys(verbose,
+ "3DES 2 key",
+ des3_2key_key,
+ 192,
+ (const unsigned char *) des3_2key_subkeys,
+ MBEDTLS_CIPHER_DES_EDE3_ECB,
+ MBEDTLS_DES3_BLOCK_SIZE,
+ NB_CMAC_TESTS_PER_KEY)) != 0) {
+ return ret;
}
- if( ( ret = cmac_test_wth_cipher( verbose,
- "3DES 2 key",
- des3_2key_key,
- 192,
- test_message,
- des3_message_lengths,
- (const unsigned char*)des3_2key_expected_result,
- MBEDTLS_CIPHER_DES_EDE3_ECB,
- MBEDTLS_DES3_BLOCK_SIZE,
- NB_CMAC_TESTS_PER_KEY ) ) != 0 )
- {
- return( ret );
+ if ((ret = cmac_test_wth_cipher(verbose,
+ "3DES 2 key",
+ des3_2key_key,
+ 192,
+ test_message,
+ des3_message_lengths,
+ (const unsigned char *) des3_2key_expected_result,
+ MBEDTLS_CIPHER_DES_EDE3_ECB,
+ MBEDTLS_DES3_BLOCK_SIZE,
+ NB_CMAC_TESTS_PER_KEY)) != 0) {
+ return ret;
}
/* 3DES 3 key */
- if( ( ret = cmac_test_subkeys( verbose,
- "3DES 3 key",
- des3_3key_key,
- 192,
- (const unsigned char*)des3_3key_subkeys,
- MBEDTLS_CIPHER_DES_EDE3_ECB,
- MBEDTLS_DES3_BLOCK_SIZE,
- NB_CMAC_TESTS_PER_KEY ) ) != 0 )
- {
- return( ret );
+ if ((ret = cmac_test_subkeys(verbose,
+ "3DES 3 key",
+ des3_3key_key,
+ 192,
+ (const unsigned char *) des3_3key_subkeys,
+ MBEDTLS_CIPHER_DES_EDE3_ECB,
+ MBEDTLS_DES3_BLOCK_SIZE,
+ NB_CMAC_TESTS_PER_KEY)) != 0) {
+ return ret;
}
- if( ( ret = cmac_test_wth_cipher( verbose,
- "3DES 3 key",
- des3_3key_key,
- 192,
- test_message,
- des3_message_lengths,
- (const unsigned char*)des3_3key_expected_result,
- MBEDTLS_CIPHER_DES_EDE3_ECB,
- MBEDTLS_DES3_BLOCK_SIZE,
- NB_CMAC_TESTS_PER_KEY ) ) != 0 )
- {
- return( ret );
+ if ((ret = cmac_test_wth_cipher(verbose,
+ "3DES 3 key",
+ des3_3key_key,
+ 192,
+ test_message,
+ des3_message_lengths,
+ (const unsigned char *) des3_3key_expected_result,
+ MBEDTLS_CIPHER_DES_EDE3_ECB,
+ MBEDTLS_DES3_BLOCK_SIZE,
+ NB_CMAC_TESTS_PER_KEY)) != 0) {
+ return ret;
}
#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_AES_C)
- if( ( ret = test_aes128_cmac_prf( verbose ) ) != 0 )
- return( ret );
+ if ((ret = test_aes128_cmac_prf(verbose)) != 0) {
+ return ret;
+ }
#endif /* MBEDTLS_AES_C */
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/common.h b/library/common.h
index 1663d50..2786c97 100644
--- a/library/common.h
+++ b/library/common.h
@@ -33,7 +33,7 @@
#include <stdint.h>
/* Define `inline` on some non-C99-compliant compilers. */
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
@@ -75,9 +75,9 @@
* buffer is at least \p n + 1.
*/
static inline unsigned char *mbedtls_buffer_offset(
- unsigned char *p, size_t n )
+ unsigned char *p, size_t n)
{
- return( p == NULL ? NULL : p + n );
+ return p == NULL ? NULL : p + n;
}
/** Return an offset into a read-only buffer.
@@ -92,9 +92,9 @@
* buffer is at least \p n + 1.
*/
static inline const unsigned char *mbedtls_buffer_offset_const(
- const unsigned char *p, size_t n )
+ const unsigned char *p, size_t n)
{
- return( p == NULL ? NULL : p + n );
+ return p == NULL ? NULL : p + n;
}
/** Byte Reading Macros
@@ -102,14 +102,14 @@
* Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th
* byte from x, where byte 0 is the least significant byte.
*/
-#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) )
-#define MBEDTLS_BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8 ) & 0xff ) )
-#define MBEDTLS_BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) )
-#define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) )
-#define MBEDTLS_BYTE_4( x ) ( (uint8_t) ( ( ( x ) >> 32 ) & 0xff ) )
-#define MBEDTLS_BYTE_5( x ) ( (uint8_t) ( ( ( x ) >> 40 ) & 0xff ) )
-#define MBEDTLS_BYTE_6( x ) ( (uint8_t) ( ( ( x ) >> 48 ) & 0xff ) )
-#define MBEDTLS_BYTE_7( x ) ( (uint8_t) ( ( ( x ) >> 56 ) & 0xff ) )
+#define MBEDTLS_BYTE_0(x) ((uint8_t) ((x) & 0xff))
+#define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >> 8) & 0xff))
+#define MBEDTLS_BYTE_2(x) ((uint8_t) (((x) >> 16) & 0xff))
+#define MBEDTLS_BYTE_3(x) ((uint8_t) (((x) >> 24) & 0xff))
+#define MBEDTLS_BYTE_4(x) ((uint8_t) (((x) >> 32) & 0xff))
+#define MBEDTLS_BYTE_5(x) ((uint8_t) (((x) >> 40) & 0xff))
+#define MBEDTLS_BYTE_6(x) ((uint8_t) (((x) >> 48) & 0xff))
+#define MBEDTLS_BYTE_7(x) ((uint8_t) (((x) >> 56) & 0xff))
/**
* Get the unsigned 32 bits integer corresponding to four bytes in
@@ -121,12 +121,12 @@
* integer from.
*/
#ifndef MBEDTLS_GET_UINT32_BE
-#define MBEDTLS_GET_UINT32_BE( data , offset ) \
+#define MBEDTLS_GET_UINT32_BE(data, offset) \
( \
- ( (uint32_t) ( data )[( offset ) ] << 24 ) \
- | ( (uint32_t) ( data )[( offset ) + 1] << 16 ) \
- | ( (uint32_t) ( data )[( offset ) + 2] << 8 ) \
- | ( (uint32_t) ( data )[( offset ) + 3] ) \
+ ((uint32_t) (data)[(offset)] << 24) \
+ | ((uint32_t) (data)[(offset) + 1] << 16) \
+ | ((uint32_t) (data)[(offset) + 2] << 8) \
+ | ((uint32_t) (data)[(offset) + 3]) \
)
#endif
@@ -140,13 +140,13 @@
* byte of the 32 bits unsigned integer \p n.
*/
#ifndef MBEDTLS_PUT_UINT32_BE
-#define MBEDTLS_PUT_UINT32_BE( n, data, offset ) \
-{ \
- ( data )[( offset ) ] = MBEDTLS_BYTE_3( n ); \
- ( data )[( offset ) + 1] = MBEDTLS_BYTE_2( n ); \
- ( data )[( offset ) + 2] = MBEDTLS_BYTE_1( n ); \
- ( data )[( offset ) + 3] = MBEDTLS_BYTE_0( n ); \
-}
+#define MBEDTLS_PUT_UINT32_BE(n, data, offset) \
+ { \
+ (data)[(offset)] = MBEDTLS_BYTE_3(n); \
+ (data)[(offset) + 1] = MBEDTLS_BYTE_2(n); \
+ (data)[(offset) + 2] = MBEDTLS_BYTE_1(n); \
+ (data)[(offset) + 3] = MBEDTLS_BYTE_0(n); \
+ }
#endif
/**
@@ -159,12 +159,12 @@
* integer from.
*/
#ifndef MBEDTLS_GET_UINT32_LE
-#define MBEDTLS_GET_UINT32_LE( data, offset ) \
+#define MBEDTLS_GET_UINT32_LE(data, offset) \
( \
- ( (uint32_t) ( data )[( offset ) ] ) \
- | ( (uint32_t) ( data )[( offset ) + 1] << 8 ) \
- | ( (uint32_t) ( data )[( offset ) + 2] << 16 ) \
- | ( (uint32_t) ( data )[( offset ) + 3] << 24 ) \
+ ((uint32_t) (data)[(offset)]) \
+ | ((uint32_t) (data)[(offset) + 1] << 8) \
+ | ((uint32_t) (data)[(offset) + 2] << 16) \
+ | ((uint32_t) (data)[(offset) + 3] << 24) \
)
#endif
@@ -178,13 +178,13 @@
* byte of the 32 bits unsigned integer \p n.
*/
#ifndef MBEDTLS_PUT_UINT32_LE
-#define MBEDTLS_PUT_UINT32_LE( n, data, offset ) \
-{ \
- ( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \
- ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
- ( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n ); \
- ( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n ); \
-}
+#define MBEDTLS_PUT_UINT32_LE(n, data, offset) \
+ { \
+ (data)[(offset)] = MBEDTLS_BYTE_0(n); \
+ (data)[(offset) + 1] = MBEDTLS_BYTE_1(n); \
+ (data)[(offset) + 2] = MBEDTLS_BYTE_2(n); \
+ (data)[(offset) + 3] = MBEDTLS_BYTE_3(n); \
+ }
#endif
/**
@@ -197,10 +197,10 @@
* integer from.
*/
#ifndef MBEDTLS_GET_UINT16_LE
-#define MBEDTLS_GET_UINT16_LE( data, offset ) \
+#define MBEDTLS_GET_UINT16_LE(data, offset) \
( \
- ( (uint16_t) ( data )[( offset ) ] ) \
- | ( (uint16_t) ( data )[( offset ) + 1] << 8 ) \
+ ((uint16_t) (data)[(offset)]) \
+ | ((uint16_t) (data)[(offset) + 1] << 8) \
)
#endif
@@ -214,11 +214,11 @@
* byte of the 16 bits unsigned integer \p n.
*/
#ifndef MBEDTLS_PUT_UINT16_LE
-#define MBEDTLS_PUT_UINT16_LE( n, data, offset ) \
-{ \
- ( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \
- ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
-}
+#define MBEDTLS_PUT_UINT16_LE(n, data, offset) \
+ { \
+ (data)[(offset)] = MBEDTLS_BYTE_0(n); \
+ (data)[(offset) + 1] = MBEDTLS_BYTE_1(n); \
+ }
#endif
/**
@@ -231,10 +231,10 @@
* integer from.
*/
#ifndef MBEDTLS_GET_UINT16_BE
-#define MBEDTLS_GET_UINT16_BE( data, offset ) \
+#define MBEDTLS_GET_UINT16_BE(data, offset) \
( \
- ( (uint16_t) ( data )[( offset ) ] << 8 ) \
- | ( (uint16_t) ( data )[( offset ) + 1] ) \
+ ((uint16_t) (data)[(offset)] << 8) \
+ | ((uint16_t) (data)[(offset) + 1]) \
)
#endif
@@ -248,11 +248,11 @@
* byte of the 16 bits unsigned integer \p n.
*/
#ifndef MBEDTLS_PUT_UINT16_BE
-#define MBEDTLS_PUT_UINT16_BE( n, data, offset ) \
-{ \
- ( data )[( offset ) ] = MBEDTLS_BYTE_1( n ); \
- ( data )[( offset ) + 1] = MBEDTLS_BYTE_0( n ); \
-}
+#define MBEDTLS_PUT_UINT16_BE(n, data, offset) \
+ { \
+ (data)[(offset)] = MBEDTLS_BYTE_1(n); \
+ (data)[(offset) + 1] = MBEDTLS_BYTE_0(n); \
+ }
#endif
/**
@@ -265,16 +265,16 @@
* integer from.
*/
#ifndef MBEDTLS_GET_UINT64_BE
-#define MBEDTLS_GET_UINT64_BE( data, offset ) \
+#define MBEDTLS_GET_UINT64_BE(data, offset) \
( \
- ( (uint64_t) ( data )[( offset ) ] << 56 ) \
- | ( (uint64_t) ( data )[( offset ) + 1] << 48 ) \
- | ( (uint64_t) ( data )[( offset ) + 2] << 40 ) \
- | ( (uint64_t) ( data )[( offset ) + 3] << 32 ) \
- | ( (uint64_t) ( data )[( offset ) + 4] << 24 ) \
- | ( (uint64_t) ( data )[( offset ) + 5] << 16 ) \
- | ( (uint64_t) ( data )[( offset ) + 6] << 8 ) \
- | ( (uint64_t) ( data )[( offset ) + 7] ) \
+ ((uint64_t) (data)[(offset)] << 56) \
+ | ((uint64_t) (data)[(offset) + 1] << 48) \
+ | ((uint64_t) (data)[(offset) + 2] << 40) \
+ | ((uint64_t) (data)[(offset) + 3] << 32) \
+ | ((uint64_t) (data)[(offset) + 4] << 24) \
+ | ((uint64_t) (data)[(offset) + 5] << 16) \
+ | ((uint64_t) (data)[(offset) + 6] << 8) \
+ | ((uint64_t) (data)[(offset) + 7]) \
)
#endif
@@ -288,17 +288,17 @@
* byte of the 64 bits unsigned integer \p n.
*/
#ifndef MBEDTLS_PUT_UINT64_BE
-#define MBEDTLS_PUT_UINT64_BE( n, data, offset ) \
-{ \
- ( data )[( offset ) ] = MBEDTLS_BYTE_7( n ); \
- ( data )[( offset ) + 1] = MBEDTLS_BYTE_6( n ); \
- ( data )[( offset ) + 2] = MBEDTLS_BYTE_5( n ); \
- ( data )[( offset ) + 3] = MBEDTLS_BYTE_4( n ); \
- ( data )[( offset ) + 4] = MBEDTLS_BYTE_3( n ); \
- ( data )[( offset ) + 5] = MBEDTLS_BYTE_2( n ); \
- ( data )[( offset ) + 6] = MBEDTLS_BYTE_1( n ); \
- ( data )[( offset ) + 7] = MBEDTLS_BYTE_0( n ); \
-}
+#define MBEDTLS_PUT_UINT64_BE(n, data, offset) \
+ { \
+ (data)[(offset)] = MBEDTLS_BYTE_7(n); \
+ (data)[(offset) + 1] = MBEDTLS_BYTE_6(n); \
+ (data)[(offset) + 2] = MBEDTLS_BYTE_5(n); \
+ (data)[(offset) + 3] = MBEDTLS_BYTE_4(n); \
+ (data)[(offset) + 4] = MBEDTLS_BYTE_3(n); \
+ (data)[(offset) + 5] = MBEDTLS_BYTE_2(n); \
+ (data)[(offset) + 6] = MBEDTLS_BYTE_1(n); \
+ (data)[(offset) + 7] = MBEDTLS_BYTE_0(n); \
+ }
#endif
/**
@@ -311,16 +311,16 @@
* integer from.
*/
#ifndef MBEDTLS_GET_UINT64_LE
-#define MBEDTLS_GET_UINT64_LE( data, offset ) \
+#define MBEDTLS_GET_UINT64_LE(data, offset) \
( \
- ( (uint64_t) ( data )[( offset ) + 7] << 56 ) \
- | ( (uint64_t) ( data )[( offset ) + 6] << 48 ) \
- | ( (uint64_t) ( data )[( offset ) + 5] << 40 ) \
- | ( (uint64_t) ( data )[( offset ) + 4] << 32 ) \
- | ( (uint64_t) ( data )[( offset ) + 3] << 24 ) \
- | ( (uint64_t) ( data )[( offset ) + 2] << 16 ) \
- | ( (uint64_t) ( data )[( offset ) + 1] << 8 ) \
- | ( (uint64_t) ( data )[( offset ) ] ) \
+ ((uint64_t) (data)[(offset) + 7] << 56) \
+ | ((uint64_t) (data)[(offset) + 6] << 48) \
+ | ((uint64_t) (data)[(offset) + 5] << 40) \
+ | ((uint64_t) (data)[(offset) + 4] << 32) \
+ | ((uint64_t) (data)[(offset) + 3] << 24) \
+ | ((uint64_t) (data)[(offset) + 2] << 16) \
+ | ((uint64_t) (data)[(offset) + 1] << 8) \
+ | ((uint64_t) (data)[(offset)]) \
)
#endif
@@ -334,17 +334,17 @@
* byte of the 64 bits unsigned integer \p n.
*/
#ifndef MBEDTLS_PUT_UINT64_LE
-#define MBEDTLS_PUT_UINT64_LE( n, data, offset ) \
-{ \
- ( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \
- ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
- ( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n ); \
- ( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n ); \
- ( data )[( offset ) + 4] = MBEDTLS_BYTE_4( n ); \
- ( data )[( offset ) + 5] = MBEDTLS_BYTE_5( n ); \
- ( data )[( offset ) + 6] = MBEDTLS_BYTE_6( n ); \
- ( data )[( offset ) + 7] = MBEDTLS_BYTE_7( n ); \
-}
+#define MBEDTLS_PUT_UINT64_LE(n, data, offset) \
+ { \
+ (data)[(offset)] = MBEDTLS_BYTE_0(n); \
+ (data)[(offset) + 1] = MBEDTLS_BYTE_1(n); \
+ (data)[(offset) + 2] = MBEDTLS_BYTE_2(n); \
+ (data)[(offset) + 3] = MBEDTLS_BYTE_3(n); \
+ (data)[(offset) + 4] = MBEDTLS_BYTE_4(n); \
+ (data)[(offset) + 5] = MBEDTLS_BYTE_5(n); \
+ (data)[(offset) + 6] = MBEDTLS_BYTE_6(n); \
+ (data)[(offset) + 7] = MBEDTLS_BYTE_7(n); \
+ }
#endif
#endif /* MBEDTLS_LIBRARY_COMMON_H */
diff --git a/library/constant_time.c b/library/constant_time.c
index 2401b04..5279301 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -17,7 +17,7 @@
* limitations under the License.
*/
- /*
+/*
* The following functions are implemented without using comparison operators, as those
* might be translated to branches by some compilers on some platforms.
*/
@@ -46,17 +46,16 @@
#include <string.h>
-int mbedtls_ct_memcmp( const void *a,
- const void *b,
- size_t n )
+int mbedtls_ct_memcmp(const void *a,
+ const void *b,
+ size_t n)
{
size_t i;
volatile const unsigned char *A = (volatile const unsigned char *) a;
volatile const unsigned char *B = (volatile const unsigned char *) b;
volatile unsigned char diff = 0;
- for( i = 0; i < n; i++ )
- {
+ for (i = 0; i < n; i++) {
/* Read volatile data in order before computing diff.
* This avoids IAR compiler warning:
* 'the order of volatile accesses is undefined ..' */
@@ -64,10 +63,10 @@
diff |= x ^ y;
}
- return( (int)diff );
+ return (int) diff;
}
-unsigned mbedtls_ct_uint_mask( unsigned value )
+unsigned mbedtls_ct_uint_mask(unsigned value)
{
/* MSVC has a warning about unary minus on unsigned, but this is
* well-defined and precisely what we want to do here */
@@ -75,7 +74,7 @@
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
- return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
+ return -((value | -value) >> (sizeof(value) * 8 - 1));
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
@@ -83,7 +82,7 @@
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
-size_t mbedtls_ct_size_mask( size_t value )
+size_t mbedtls_ct_size_mask(size_t value)
{
/* MSVC has a warning about unary minus on unsigned integer types,
* but this is well-defined and precisely what we want to do here. */
@@ -91,7 +90,7 @@
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
- return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
+ return -((value | -value) >> (sizeof(value) * 8 - 1));
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
@@ -101,7 +100,7 @@
#if defined(MBEDTLS_BIGNUM_C)
-mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask( mbedtls_mpi_uint value )
+mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask(mbedtls_mpi_uint value)
{
/* MSVC has a warning about unary minus on unsigned, but this is
* well-defined and precisely what we want to do here */
@@ -109,7 +108,7 @@
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
- return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
+ return -((value | -value) >> (sizeof(value) * 8 - 1));
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
@@ -131,25 +130,25 @@
*
* \return All-bits-one if \p x is less than \p y, otherwise zero.
*/
-static size_t mbedtls_ct_size_mask_lt( size_t x,
- size_t y )
+static size_t mbedtls_ct_size_mask_lt(size_t x,
+ size_t y)
{
/* This has the most significant bit set if and only if x < y */
const size_t sub = x - y;
/* sub1 = (x < y) ? 1 : 0 */
- const size_t sub1 = sub >> ( sizeof( sub ) * 8 - 1 );
+ const size_t sub1 = sub >> (sizeof(sub) * 8 - 1);
/* mask = (x < y) ? 0xff... : 0x00... */
- const size_t mask = mbedtls_ct_size_mask( sub1 );
+ const size_t mask = mbedtls_ct_size_mask(sub1);
- return( mask );
+ return mask;
}
-size_t mbedtls_ct_size_mask_ge( size_t x,
- size_t y )
+size_t mbedtls_ct_size_mask_ge(size_t x,
+ size_t y)
{
- return( ~mbedtls_ct_size_mask_lt( x, y ) );
+ return ~mbedtls_ct_size_mask_lt(x, y);
}
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
@@ -161,21 +160,21 @@
* Constant flow with respect to c.
*/
MBEDTLS_STATIC_TESTABLE
-unsigned char mbedtls_ct_uchar_mask_of_range( unsigned char low,
- unsigned char high,
- unsigned char c )
+unsigned char mbedtls_ct_uchar_mask_of_range(unsigned char low,
+ unsigned char high,
+ unsigned char c)
{
/* low_mask is: 0 if low <= c, 0x...ff if low > c */
- unsigned low_mask = ( (unsigned) c - low ) >> 8;
+ unsigned low_mask = ((unsigned) c - low) >> 8;
/* high_mask is: 0 if c <= high, 0x...ff if c > high */
- unsigned high_mask = ( (unsigned) high - c ) >> 8;
- return( ~( low_mask | high_mask ) & 0xff );
+ unsigned high_mask = ((unsigned) high - c) >> 8;
+ return ~(low_mask | high_mask) & 0xff;
}
#endif /* MBEDTLS_BASE64_C */
-unsigned mbedtls_ct_size_bool_eq( size_t x,
- size_t y )
+unsigned mbedtls_ct_size_bool_eq(size_t x,
+ size_t y)
{
/* diff = 0 if x == y, non-zero otherwise */
const size_t diff = x ^ y;
@@ -188,16 +187,16 @@
#endif
/* diff_msb's most significant bit is equal to x != y */
- const size_t diff_msb = ( diff | (size_t) -diff );
+ const size_t diff_msb = (diff | (size_t) -diff);
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
/* diff1 = (x != y) ? 1 : 0 */
- const unsigned diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 );
+ const unsigned diff1 = diff_msb >> (sizeof(diff_msb) * 8 - 1);
- return( 1 ^ diff1 );
+ return 1 ^ diff1;
}
#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
@@ -213,19 +212,19 @@
*
* \return 1 if \p x greater than \p y, otherwise 0.
*/
-static unsigned mbedtls_ct_size_gt( size_t x,
- size_t y )
+static unsigned mbedtls_ct_size_gt(size_t x,
+ size_t y)
{
/* Return the sign bit (1 for negative) of (y - x). */
- return( ( y - x ) >> ( sizeof( size_t ) * 8 - 1 ) );
+ return (y - x) >> (sizeof(size_t) * 8 - 1);
}
#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
#if defined(MBEDTLS_BIGNUM_C)
-unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x,
- const mbedtls_mpi_uint y )
+unsigned mbedtls_ct_mpi_uint_lt(const mbedtls_mpi_uint x,
+ const mbedtls_mpi_uint y)
{
mbedtls_mpi_uint ret;
mbedtls_mpi_uint cond;
@@ -233,12 +232,12 @@
/*
* Check if the most significant bits (MSB) of the operands are different.
*/
- cond = ( x ^ y );
+ cond = (x ^ y);
/*
* If the MSB are the same then the difference x-y will be negative (and
* have its MSB set to 1 during conversion to unsigned) if and only if x<y.
*/
- ret = ( x - y ) & ~cond;
+ ret = (x - y) & ~cond;
/*
* If the MSB are different, then the operand with the MSB of 1 is the
* bigger. (That is if y has MSB of 1, then x<y is true and it is false if
@@ -247,19 +246,19 @@
ret |= y & cond;
- ret = ret >> ( sizeof( mbedtls_mpi_uint ) * 8 - 1 );
+ ret = ret >> (sizeof(mbedtls_mpi_uint) * 8 - 1);
return (unsigned) ret;
}
#endif /* MBEDTLS_BIGNUM_C */
-unsigned mbedtls_ct_uint_if( unsigned condition,
- unsigned if1,
- unsigned if0 )
+unsigned mbedtls_ct_uint_if(unsigned condition,
+ unsigned if1,
+ unsigned if0)
{
- unsigned mask = mbedtls_ct_uint_mask( condition );
- return( ( mask & if1 ) | (~mask & if0 ) );
+ unsigned mask = mbedtls_ct_uint_mask(condition);
+ return (mask & if1) | (~mask & if0);
}
#if defined(MBEDTLS_BIGNUM_C)
@@ -278,9 +277,9 @@
*
* \return \c if1 if \p condition is nonzero, otherwise \c if0.
* */
-static int mbedtls_ct_cond_select_sign( unsigned char condition,
- int if1,
- int if0 )
+static int mbedtls_ct_cond_select_sign(unsigned char condition,
+ int if1,
+ int if0)
{
/* In order to avoid questions about what we can reasonably assume about
* the representations of signed integers, move everything to unsigned
@@ -292,16 +291,16 @@
const unsigned mask = condition << 1;
/* select uif1 or uif0 */
- unsigned ur = ( uif0 & ~mask ) | ( uif1 & mask );
+ unsigned ur = (uif0 & ~mask) | (uif1 & mask);
/* ur is now 0 or 2, convert back to -1 or +1 */
- return( (int) ur - 1 );
+ return (int) ur - 1;
}
-void mbedtls_ct_mpi_uint_cond_assign( size_t n,
- mbedtls_mpi_uint *dest,
- const mbedtls_mpi_uint *src,
- unsigned char condition )
+void mbedtls_ct_mpi_uint_cond_assign(size_t n,
+ mbedtls_mpi_uint *dest,
+ const mbedtls_mpi_uint *src,
+ unsigned char condition)
{
size_t i;
@@ -319,43 +318,44 @@
#pragma warning( pop )
#endif
- for( i = 0; i < n; i++ )
- dest[i] = ( src[i] & mask ) | ( dest[i] & ~mask );
+ for (i = 0; i < n; i++) {
+ dest[i] = (src[i] & mask) | (dest[i] & ~mask);
+ }
}
#endif /* MBEDTLS_BIGNUM_C */
#if defined(MBEDTLS_BASE64_C)
-unsigned char mbedtls_ct_base64_enc_char( unsigned char value )
+unsigned char mbedtls_ct_base64_enc_char(unsigned char value)
{
unsigned char digit = 0;
/* For each range of values, if value is in that range, mask digit with
* the corresponding value. Since value can only be in a single range,
* only at most one masking will change digit. */
- digit |= mbedtls_ct_uchar_mask_of_range( 0, 25, value ) & ( 'A' + value );
- digit |= mbedtls_ct_uchar_mask_of_range( 26, 51, value ) & ( 'a' + value - 26 );
- digit |= mbedtls_ct_uchar_mask_of_range( 52, 61, value ) & ( '0' + value - 52 );
- digit |= mbedtls_ct_uchar_mask_of_range( 62, 62, value ) & '+';
- digit |= mbedtls_ct_uchar_mask_of_range( 63, 63, value ) & '/';
- return( digit );
+ digit |= mbedtls_ct_uchar_mask_of_range(0, 25, value) & ('A' + value);
+ digit |= mbedtls_ct_uchar_mask_of_range(26, 51, value) & ('a' + value - 26);
+ digit |= mbedtls_ct_uchar_mask_of_range(52, 61, value) & ('0' + value - 52);
+ digit |= mbedtls_ct_uchar_mask_of_range(62, 62, value) & '+';
+ digit |= mbedtls_ct_uchar_mask_of_range(63, 63, value) & '/';
+ return digit;
}
-signed char mbedtls_ct_base64_dec_value( unsigned char c )
+signed char mbedtls_ct_base64_dec_value(unsigned char c)
{
unsigned char val = 0;
/* For each range of digits, if c is in that range, mask val with
* the corresponding value. Since c can only be in a single range,
* only at most one masking will change val. Set val to one plus
* the desired value so that it stays 0 if c is in none of the ranges. */
- val |= mbedtls_ct_uchar_mask_of_range( 'A', 'Z', c ) & ( c - 'A' + 0 + 1 );
- val |= mbedtls_ct_uchar_mask_of_range( 'a', 'z', c ) & ( c - 'a' + 26 + 1 );
- val |= mbedtls_ct_uchar_mask_of_range( '0', '9', c ) & ( c - '0' + 52 + 1 );
- val |= mbedtls_ct_uchar_mask_of_range( '+', '+', c ) & ( c - '+' + 62 + 1 );
- val |= mbedtls_ct_uchar_mask_of_range( '/', '/', c ) & ( c - '/' + 63 + 1 );
+ val |= mbedtls_ct_uchar_mask_of_range('A', 'Z', c) & (c - 'A' + 0 + 1);
+ val |= mbedtls_ct_uchar_mask_of_range('a', 'z', c) & (c - 'a' + 26 + 1);
+ val |= mbedtls_ct_uchar_mask_of_range('0', '9', c) & (c - '0' + 52 + 1);
+ val |= mbedtls_ct_uchar_mask_of_range('+', '+', c) & (c - '+' + 62 + 1);
+ val |= mbedtls_ct_uchar_mask_of_range('/', '/', c) & (c - '/' + 63 + 1);
/* At this point, val is 0 if c is an invalid digit and v+1 if c is
* a digit with the value v. */
- return( val - 1 );
+ return val - 1;
}
#endif /* MBEDTLS_BASE64_C */
@@ -378,72 +378,71 @@
* \param total Total size of the buffer.
* \param offset Offset from which to copy \p total - \p offset bytes.
*/
-static void mbedtls_ct_mem_move_to_left( void *start,
- size_t total,
- size_t offset )
+static void mbedtls_ct_mem_move_to_left(void *start,
+ size_t total,
+ size_t offset)
{
volatile unsigned char *buf = start;
size_t i, n;
- if( total == 0 )
+ if (total == 0) {
return;
- for( i = 0; i < total; i++ )
- {
- unsigned no_op = mbedtls_ct_size_gt( total - offset, i );
+ }
+ for (i = 0; i < total; i++) {
+ unsigned no_op = mbedtls_ct_size_gt(total - offset, i);
/* The first `total - offset` passes are a no-op. The last
* `offset` passes shift the data one byte to the left and
* zero out the last byte. */
- for( n = 0; n < total - 1; n++ )
- {
+ for (n = 0; n < total - 1; n++) {
unsigned char current = buf[n];
unsigned char next = buf[n+1];
- buf[n] = mbedtls_ct_uint_if( no_op, current, next );
+ buf[n] = mbedtls_ct_uint_if(no_op, current, next);
}
- buf[total-1] = mbedtls_ct_uint_if( no_op, buf[total-1], 0 );
+ buf[total-1] = mbedtls_ct_uint_if(no_op, buf[total-1], 0);
}
}
#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
-void mbedtls_ct_memcpy_if_eq( unsigned char *dest,
- const unsigned char *src,
- size_t len,
- size_t c1,
- size_t c2 )
+void mbedtls_ct_memcpy_if_eq(unsigned char *dest,
+ const unsigned char *src,
+ size_t len,
+ size_t c1,
+ size_t c2)
{
/* mask = c1 == c2 ? 0xff : 0x00 */
- const size_t equal = mbedtls_ct_size_bool_eq( c1, c2 );
- const unsigned char mask = (unsigned char) mbedtls_ct_size_mask( equal );
+ const size_t equal = mbedtls_ct_size_bool_eq(c1, c2);
+ const unsigned char mask = (unsigned char) mbedtls_ct_size_mask(equal);
/* dest[i] = c1 == c2 ? src[i] : dest[i] */
- for( size_t i = 0; i < len; i++ )
- dest[i] = ( src[i] & mask ) | ( dest[i] & ~mask );
-}
-
-void mbedtls_ct_memcpy_offset( unsigned char *dest,
- const unsigned char *src,
- size_t offset,
- size_t offset_min,
- size_t offset_max,
- size_t len )
-{
- size_t offsetval;
-
- for( offsetval = offset_min; offsetval <= offset_max; offsetval++ )
- {
- mbedtls_ct_memcpy_if_eq( dest, src + offsetval, len,
- offsetval, offset );
+ for (size_t i = 0; i < len; i++) {
+ dest[i] = (src[i] & mask) | (dest[i] & ~mask);
}
}
-int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
- const unsigned char *add_data,
- size_t add_data_len,
- const unsigned char *data,
- size_t data_len_secret,
- size_t min_data_len,
- size_t max_data_len,
- unsigned char *output )
+void mbedtls_ct_memcpy_offset(unsigned char *dest,
+ const unsigned char *src,
+ size_t offset,
+ size_t offset_min,
+ size_t offset_max,
+ size_t len)
+{
+ size_t offsetval;
+
+ for (offsetval = offset_min; offsetval <= offset_max; offsetval++) {
+ mbedtls_ct_memcpy_if_eq(dest, src + offsetval, len,
+ offsetval, offset);
+ }
+}
+
+int mbedtls_ct_hmac(mbedtls_md_context_t *ctx,
+ const unsigned char *add_data,
+ size_t add_data_len,
+ const unsigned char *data,
+ size_t data_len_secret,
+ size_t min_data_len,
+ size_t max_data_len,
+ unsigned char *output)
{
/*
* This function breaks the HMAC abstraction and uses the md_clone()
@@ -459,79 +458,79 @@
*
* Then we only need to compute HASH(okey + inner_hash) and we're done.
*/
- const mbedtls_md_type_t md_alg = mbedtls_md_get_type( ctx->md_info );
+ const mbedtls_md_type_t md_alg = mbedtls_md_get_type(ctx->md_info);
/* TLS 1.0-1.2 only support SHA-384, SHA-256, SHA-1, MD-5,
* all of which have the same block size except SHA-384. */
const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64;
const unsigned char * const ikey = ctx->hmac_ctx;
const unsigned char * const okey = ikey + block_size;
- const size_t hash_size = mbedtls_md_get_size( ctx->md_info );
+ const size_t hash_size = mbedtls_md_get_size(ctx->md_info);
unsigned char aux_out[MBEDTLS_MD_MAX_SIZE];
mbedtls_md_context_t aux;
size_t offset;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_md_init( &aux );
+ mbedtls_md_init(&aux);
-#define MD_CHK( func_call ) \
+#define MD_CHK(func_call) \
do { \
ret = (func_call); \
- if( ret != 0 ) \
- goto cleanup; \
- } while( 0 )
+ if (ret != 0) \
+ goto cleanup; \
+ } while (0)
- MD_CHK( mbedtls_md_setup( &aux, ctx->md_info, 0 ) );
+ MD_CHK(mbedtls_md_setup(&aux, ctx->md_info, 0));
/* After hmac_start() of hmac_reset(), ikey has already been hashed,
* so we can start directly with the message */
- MD_CHK( mbedtls_md_update( ctx, add_data, add_data_len ) );
- MD_CHK( mbedtls_md_update( ctx, data, min_data_len ) );
+ MD_CHK(mbedtls_md_update(ctx, add_data, add_data_len));
+ MD_CHK(mbedtls_md_update(ctx, data, min_data_len));
/* Fill the hash buffer in advance with something that is
* not a valid hash (barring an attack on the hash and
* deliberately-crafted input), in case the caller doesn't
* check the return status properly. */
- memset( output, '!', hash_size );
+ memset(output, '!', hash_size);
/* For each possible length, compute the hash up to that point */
- for( offset = min_data_len; offset <= max_data_len; offset++ )
- {
- MD_CHK( mbedtls_md_clone( &aux, ctx ) );
- MD_CHK( mbedtls_md_finish( &aux, aux_out ) );
+ for (offset = min_data_len; offset <= max_data_len; offset++) {
+ MD_CHK(mbedtls_md_clone(&aux, ctx));
+ MD_CHK(mbedtls_md_finish(&aux, aux_out));
/* Keep only the correct inner_hash in the output buffer */
- mbedtls_ct_memcpy_if_eq( output, aux_out, hash_size,
- offset, data_len_secret );
+ mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size,
+ offset, data_len_secret);
- if( offset < max_data_len )
- MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
+ if (offset < max_data_len) {
+ MD_CHK(mbedtls_md_update(ctx, data + offset, 1));
+ }
}
/* The context needs to finish() before it starts() again */
- MD_CHK( mbedtls_md_finish( ctx, aux_out ) );
+ MD_CHK(mbedtls_md_finish(ctx, aux_out));
/* Now compute HASH(okey + inner_hash) */
- MD_CHK( mbedtls_md_starts( ctx ) );
- MD_CHK( mbedtls_md_update( ctx, okey, block_size ) );
- MD_CHK( mbedtls_md_update( ctx, output, hash_size ) );
- MD_CHK( mbedtls_md_finish( ctx, output ) );
+ MD_CHK(mbedtls_md_starts(ctx));
+ MD_CHK(mbedtls_md_update(ctx, okey, block_size));
+ MD_CHK(mbedtls_md_update(ctx, output, hash_size));
+ MD_CHK(mbedtls_md_finish(ctx, output));
/* Done, get ready for next time */
- MD_CHK( mbedtls_md_hmac_reset( ctx ) );
+ MD_CHK(mbedtls_md_hmac_reset(ctx));
#undef MD_CHK
cleanup:
- mbedtls_md_free( &aux );
- return( ret );
+ mbedtls_md_free(&aux);
+ return ret;
}
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_BIGNUM_C)
-#define MPI_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA )
+#define MPI_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA)
/*
* Conditionally assign X = Y, without leaking information
@@ -545,30 +544,31 @@
*/
__declspec(noinline)
#endif
-int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X,
- const mbedtls_mpi *Y,
- unsigned char assign )
+int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X,
+ const mbedtls_mpi *Y,
+ unsigned char assign)
{
int ret = 0;
size_t i;
mbedtls_mpi_uint limb_mask;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( Y != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(Y != NULL);
/* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */
- limb_mask = mbedtls_ct_mpi_uint_mask( assign );;
+ limb_mask = mbedtls_ct_mpi_uint_mask(assign);;
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n));
- X->s = mbedtls_ct_cond_select_sign( assign, Y->s, X->s );
+ X->s = mbedtls_ct_cond_select_sign(assign, Y->s, X->s);
- mbedtls_ct_mpi_uint_cond_assign( Y->n, X->p, Y->p, assign );
+ mbedtls_ct_mpi_uint_cond_assign(Y->n, X->p, Y->p, assign);
- for( i = Y->n; i < X->n; i++ )
+ for (i = Y->n; i < X->n; i++) {
X->p[i] &= ~limb_mask;
+ }
cleanup:
- return( ret );
+ return ret;
}
/*
@@ -577,73 +577,74 @@
* Here it is not ok to simply swap the pointers, which would lead to
* different memory access patterns when X and Y are used afterwards.
*/
-int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X,
- mbedtls_mpi *Y,
- unsigned char swap )
+int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X,
+ mbedtls_mpi *Y,
+ unsigned char swap)
{
int ret, s;
size_t i;
mbedtls_mpi_uint limb_mask;
mbedtls_mpi_uint tmp;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( Y != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(Y != NULL);
- if( X == Y )
- return( 0 );
+ if (X == Y) {
+ return 0;
+ }
/* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */
- limb_mask = mbedtls_ct_mpi_uint_mask( swap );
+ limb_mask = mbedtls_ct_mpi_uint_mask(swap);
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( Y, X->n ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Y, X->n));
s = X->s;
- X->s = mbedtls_ct_cond_select_sign( swap, Y->s, X->s );
- Y->s = mbedtls_ct_cond_select_sign( swap, s, Y->s );
+ X->s = mbedtls_ct_cond_select_sign(swap, Y->s, X->s);
+ Y->s = mbedtls_ct_cond_select_sign(swap, s, Y->s);
- for( i = 0; i < X->n; i++ )
- {
+ for (i = 0; i < X->n; i++) {
tmp = X->p[i];
- X->p[i] = ( X->p[i] & ~limb_mask ) | ( Y->p[i] & limb_mask );
- Y->p[i] = ( Y->p[i] & ~limb_mask ) | ( tmp & limb_mask );
+ X->p[i] = (X->p[i] & ~limb_mask) | (Y->p[i] & limb_mask);
+ Y->p[i] = (Y->p[i] & ~limb_mask) | (tmp & limb_mask);
}
cleanup:
- return( ret );
+ return ret;
}
/*
* Compare signed values in constant time
*/
-int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X,
- const mbedtls_mpi *Y,
- unsigned *ret )
+int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X,
+ const mbedtls_mpi *Y,
+ unsigned *ret)
{
size_t i;
/* The value of any of these variables is either 0 or 1 at all times. */
unsigned cond, done, X_is_negative, Y_is_negative;
- MPI_VALIDATE_RET( X != NULL );
- MPI_VALIDATE_RET( Y != NULL );
- MPI_VALIDATE_RET( ret != NULL );
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(Y != NULL);
+ MPI_VALIDATE_RET(ret != NULL);
- if( X->n != Y->n )
+ if (X->n != Y->n) {
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ }
/*
* Set sign_N to 1 if N >= 0, 0 if N < 0.
* We know that N->s == 1 if N >= 0 and N->s == -1 if N < 0.
*/
- X_is_negative = ( X->s & 2 ) >> 1;
- Y_is_negative = ( Y->s & 2 ) >> 1;
+ X_is_negative = (X->s & 2) >> 1;
+ Y_is_negative = (Y->s & 2) >> 1;
/*
* If the signs are different, then the positive operand is the bigger.
* That is if X is negative (X_is_negative == 1), then X < Y is true and it
* is false if X is positive (X_is_negative == 0).
*/
- cond = ( X_is_negative ^ Y_is_negative );
+ cond = (X_is_negative ^ Y_is_negative);
*ret = cond & X_is_negative;
/*
@@ -652,8 +653,7 @@
*/
done = cond;
- for( i = X->n; i > 0; i-- )
- {
+ for (i = X->n; i > 0; i--) {
/*
* If Y->p[i - 1] < X->p[i - 1] then X < Y is true if and only if both
* X and Y are negative.
@@ -661,8 +661,8 @@
* Again even if we can make a decision, we just mark the result and
* the fact that we are done and continue looping.
*/
- cond = mbedtls_ct_mpi_uint_lt( Y->p[i - 1], X->p[i - 1] );
- *ret |= cond & ( 1 - done ) & X_is_negative;
+ cond = mbedtls_ct_mpi_uint_lt(Y->p[i - 1], X->p[i - 1]);
+ *ret |= cond & (1 - done) & X_is_negative;
done |= cond;
/*
@@ -672,24 +672,24 @@
* Again even if we can make a decision, we just mark the result and
* the fact that we are done and continue looping.
*/
- cond = mbedtls_ct_mpi_uint_lt( X->p[i - 1], Y->p[i - 1] );
- *ret |= cond & ( 1 - done ) & ( 1 - X_is_negative );
+ cond = mbedtls_ct_mpi_uint_lt(X->p[i - 1], Y->p[i - 1]);
+ *ret |= cond & (1 - done) & (1 - X_is_negative);
done |= cond;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_BIGNUM_C */
#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
-int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode,
- unsigned char *input,
- size_t ilen,
- unsigned char *output,
- size_t output_max_len,
- size_t *olen )
+int mbedtls_ct_rsaes_pkcs1_v15_unpadding(int mode,
+ unsigned char *input,
+ size_t ilen,
+ unsigned char *output,
+ size_t output_max_len,
+ size_t *olen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, plaintext_max_size;
@@ -710,29 +710,25 @@
size_t plaintext_size = 0;
unsigned output_too_large;
- plaintext_max_size = ( output_max_len > ilen - 11 ) ? ilen - 11
+ plaintext_max_size = (output_max_len > ilen - 11) ? ilen - 11
: output_max_len;
/* Check and get padding length in constant time and constant
* memory trace. The first byte must be 0. */
bad |= input[0];
- if( mode == MBEDTLS_RSA_PRIVATE )
- {
+ if (mode == MBEDTLS_RSA_PRIVATE) {
/* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00
* where PS must be at least 8 nonzero bytes. */
bad |= input[1] ^ MBEDTLS_RSA_CRYPT;
/* Read the whole buffer. Set pad_done to nonzero if we find
* the 0x00 byte and remember the padding length in pad_count. */
- for( i = 2; i < ilen; i++ )
- {
- pad_done |= ((input[i] | (unsigned char)-input[i]) >> 7) ^ 1;
- pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
+ for (i = 2; i < ilen; i++) {
+ pad_done |= ((input[i] | (unsigned char) -input[i]) >> 7) ^ 1;
+ pad_count += ((pad_done | (unsigned char) -pad_done) >> 7) ^ 1;
}
- }
- else
- {
+ } else {
/* Decode EMSA-PKCS1-v1_5 padding: 0x00 || 0x01 || PS || 0x00
* where PS must be at least 8 bytes with the value 0xFF. */
bad |= input[1] ^ MBEDTLS_RSA_SIGN;
@@ -740,19 +736,18 @@
/* Read the whole buffer. Set pad_done to nonzero if we find
* the 0x00 byte and remember the padding length in pad_count.
* If there's a non-0xff byte in the padding, the padding is bad. */
- for( i = 2; i < ilen; i++ )
- {
- pad_done |= mbedtls_ct_uint_if( input[i], 0, 1 );
- pad_count += mbedtls_ct_uint_if( pad_done, 0, 1 );
- bad |= mbedtls_ct_uint_if( pad_done, 0, input[i] ^ 0xFF );
+ for (i = 2; i < ilen; i++) {
+ pad_done |= mbedtls_ct_uint_if(input[i], 0, 1);
+ pad_count += mbedtls_ct_uint_if(pad_done, 0, 1);
+ bad |= mbedtls_ct_uint_if(pad_done, 0, input[i] ^ 0xFF);
}
}
/* If pad_done is still zero, there's no data, only unfinished padding. */
- bad |= mbedtls_ct_uint_if( pad_done, 0, 1 );
+ bad |= mbedtls_ct_uint_if(pad_done, 0, 1);
/* There must be at least 8 bytes of padding. */
- bad |= mbedtls_ct_size_gt( 8, pad_count );
+ bad |= mbedtls_ct_size_gt(8, pad_count);
/* If the padding is valid, set plaintext_size to the number of
* remaining bytes after stripping the padding. If the padding
@@ -762,24 +757,24 @@
* validity through timing. RSA keys are small enough that all the
* size_t values involved fit in unsigned int. */
plaintext_size = mbedtls_ct_uint_if(
- bad, (unsigned) plaintext_max_size,
- (unsigned) ( ilen - pad_count - 3 ) );
+ bad, (unsigned) plaintext_max_size,
+ (unsigned) (ilen - pad_count - 3));
/* Set output_too_large to 0 if the plaintext fits in the output
* buffer and to 1 otherwise. */
- output_too_large = mbedtls_ct_size_gt( plaintext_size,
- plaintext_max_size );
+ output_too_large = mbedtls_ct_size_gt(plaintext_size,
+ plaintext_max_size);
/* Set ret without branches to avoid timing attacks. Return:
* - INVALID_PADDING if the padding is bad (bad != 0).
* - OUTPUT_TOO_LARGE if the padding is good but the decrypted
* plaintext does not fit in the output buffer.
* - 0 if the padding is correct. */
- ret = - (int) mbedtls_ct_uint_if(
- bad, - MBEDTLS_ERR_RSA_INVALID_PADDING,
- mbedtls_ct_uint_if( output_too_large,
- - MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE,
- 0 ) );
+ ret = -(int) mbedtls_ct_uint_if(
+ bad, -MBEDTLS_ERR_RSA_INVALID_PADDING,
+ mbedtls_ct_uint_if(output_too_large,
+ -MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE,
+ 0));
/* If the padding is bad or the plaintext is too large, zero the
* data that we're about to copy to the output buffer.
@@ -787,17 +782,18 @@
* from the same buffer whether the padding is good or not to
* avoid leaking the padding validity through overall timing or
* through memory or cache access patterns. */
- bad = mbedtls_ct_uint_mask( bad | output_too_large );
- for( i = 11; i < ilen; i++ )
+ bad = mbedtls_ct_uint_mask(bad | output_too_large);
+ for (i = 11; i < ilen; i++) {
input[i] &= ~bad;
+ }
/* If the plaintext is too large, truncate it to the buffer size.
* Copy anyway to avoid revealing the length through timing, because
* revealing the length is as bad as revealing the padding validity
* for a Bleichenbacher attack. */
- plaintext_size = mbedtls_ct_uint_if( output_too_large,
- (unsigned) plaintext_max_size,
- (unsigned) plaintext_size );
+ plaintext_size = mbedtls_ct_uint_if(output_too_large,
+ (unsigned) plaintext_max_size,
+ (unsigned) plaintext_size);
/* Move the plaintext to the leftmost position where it can start in
* the working buffer, i.e. make it start plaintext_max_size from
@@ -805,9 +801,9 @@
* does not depend on the plaintext size. After this move, the
* starting location of the plaintext is no longer sensitive
* information. */
- mbedtls_ct_mem_move_to_left( input + ilen - plaintext_max_size,
- plaintext_max_size,
- plaintext_max_size - plaintext_size );
+ mbedtls_ct_mem_move_to_left(input + ilen - plaintext_max_size,
+ plaintext_max_size,
+ plaintext_max_size - plaintext_size);
/* Finally copy the decrypted plaintext plus trailing zeros into the output
* buffer. If output_max_len is 0, then output may be an invalid pointer
@@ -816,8 +812,9 @@
* user-provided output buffer), which is independent from plaintext
* length, validity of padding, success of the decryption, and other
* secrets. */
- if( output_max_len != 0 )
- memcpy( output, input + ilen - plaintext_max_size, plaintext_max_size );
+ if (output_max_len != 0) {
+ memcpy(output, input + ilen - plaintext_max_size, plaintext_max_size);
+ }
/* Report the amount of data we copied to the output buffer. In case
* of errors (bad padding or output too large), the value of *olen
@@ -825,7 +822,7 @@
* to the good case limits the risks of leaking the padding validity. */
*olen = plaintext_size;
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h
index ff2d0ff..402cf14 100644
--- a/library/constant_time_internal.h
+++ b/library/constant_time_internal.h
@@ -43,7 +43,7 @@
*
* \return Zero if \p value is zero, otherwise all-bits-one.
*/
-unsigned mbedtls_ct_uint_mask( unsigned value );
+unsigned mbedtls_ct_uint_mask(unsigned value);
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
@@ -58,7 +58,7 @@
*
* \return Zero if \p value is zero, otherwise all-bits-one.
*/
-size_t mbedtls_ct_size_mask( size_t value );
+size_t mbedtls_ct_size_mask(size_t value);
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
@@ -75,7 +75,7 @@
*
* \return Zero if \p value is zero, otherwise all-bits-one.
*/
-mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask( mbedtls_mpi_uint value );
+mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask(mbedtls_mpi_uint value);
#endif /* MBEDTLS_BIGNUM_C */
@@ -94,8 +94,8 @@
* \return All-bits-one if \p x is greater or equal than \p y,
* otherwise zero.
*/
-size_t mbedtls_ct_size_mask_ge( size_t x,
- size_t y );
+size_t mbedtls_ct_size_mask_ge(size_t x,
+ size_t y);
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
@@ -110,8 +110,8 @@
*
* \return 1 if \p x equals to \p y, otherwise 0.
*/
-unsigned mbedtls_ct_size_bool_eq( size_t x,
- size_t y );
+unsigned mbedtls_ct_size_bool_eq(size_t x,
+ size_t y);
#if defined(MBEDTLS_BIGNUM_C)
@@ -125,8 +125,8 @@
*
* \return 1 if \p x is less than \p y, otherwise 0.
*/
-unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x,
- const mbedtls_mpi_uint y );
+unsigned mbedtls_ct_mpi_uint_lt(const mbedtls_mpi_uint x,
+ const mbedtls_mpi_uint y);
#endif /* MBEDTLS_BIGNUM_C */
@@ -141,9 +141,9 @@
*
* \return \c if1 if \p condition is nonzero, otherwise \c if0.
*/
-unsigned mbedtls_ct_uint_if( unsigned condition,
- unsigned if1,
- unsigned if0 );
+unsigned mbedtls_ct_uint_if(unsigned condition,
+ unsigned if1,
+ unsigned if0);
#if defined(MBEDTLS_BIGNUM_C)
@@ -159,10 +159,10 @@
* initialized MPI.
* \param condition Condition to test, must be 0 or 1.
*/
-void mbedtls_ct_mpi_uint_cond_assign( size_t n,
- mbedtls_mpi_uint *dest,
- const mbedtls_mpi_uint *src,
- unsigned char condition );
+void mbedtls_ct_mpi_uint_cond_assign(size_t n,
+ mbedtls_mpi_uint *dest,
+ const mbedtls_mpi_uint *src,
+ unsigned char condition);
#endif /* MBEDTLS_BIGNUM_C */
@@ -177,7 +177,7 @@
*
* \return A base64 digit converted from \p value.
*/
-unsigned char mbedtls_ct_base64_enc_char( unsigned char value );
+unsigned char mbedtls_ct_base64_enc_char(unsigned char value);
/** Given a Base64 digit, return its value.
*
@@ -191,7 +191,7 @@
*
* \return The value of the base64 digit \p c.
*/
-signed char mbedtls_ct_base64_dec_value( unsigned char c );
+signed char mbedtls_ct_base64_dec_value(unsigned char c);
#endif /* MBEDTLS_BASE64_C */
@@ -208,10 +208,10 @@
* \param c1 The first value to analyze in the condition.
* \param c2 The second value to analyze in the condition.
*/
-void mbedtls_ct_memcpy_if_eq( unsigned char *dest,
- const unsigned char *src,
- size_t len,
- size_t c1, size_t c2 );
+void mbedtls_ct_memcpy_if_eq(unsigned char *dest,
+ const unsigned char *src,
+ size_t len,
+ size_t c1, size_t c2);
/** Copy data from a secret position with constant flow.
*
@@ -239,12 +239,12 @@
* \param offset_max The maximal value of \p offset.
* \param len The number of bytes to copy.
*/
-void mbedtls_ct_memcpy_offset( unsigned char *dest,
- const unsigned char *src,
- size_t offset,
- size_t offset_min,
- size_t offset_max,
- size_t len );
+void mbedtls_ct_memcpy_offset(unsigned char *dest,
+ const unsigned char *src,
+ size_t offset,
+ size_t offset_min,
+ size_t offset_max,
+ size_t len);
/** Compute the HMAC of variable-length data with constant flow.
*
@@ -282,14 +282,14 @@
* \retval #MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED
* The hardware accelerator failed.
*/
-int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
- const unsigned char *add_data,
- size_t add_data_len,
- const unsigned char *data,
- size_t data_len_secret,
- size_t min_data_len,
- size_t max_data_len,
- unsigned char *output );
+int mbedtls_ct_hmac(mbedtls_md_context_t *ctx,
+ const unsigned char *add_data,
+ size_t add_data_len,
+ const unsigned char *data,
+ size_t data_len_secret,
+ size_t min_data_len,
+ size_t max_data_len,
+ unsigned char *output);
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
@@ -323,12 +323,12 @@
* \return #MBEDTLS_ERR_RSA_INVALID_PADDING
* The input doesn't contain properly formatted padding.
*/
-int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode,
- unsigned char *input,
- size_t ilen,
- unsigned char *output,
- size_t output_max_len,
- size_t *olen );
+int mbedtls_ct_rsaes_pkcs1_v15_unpadding(int mode,
+ unsigned char *input,
+ size_t ilen,
+ unsigned char *output,
+ size_t output_max_len,
+ size_t *olen);
#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
diff --git a/library/constant_time_invasive.h b/library/constant_time_invasive.h
index 4620ca1..c176b28 100644
--- a/library/constant_time_invasive.h
+++ b/library/constant_time_invasive.h
@@ -42,9 +42,9 @@
*
* \return All-bits-one if \p low <= \p c <= \p high, otherwise zero.
*/
-unsigned char mbedtls_ct_uchar_mask_of_range( unsigned char low,
- unsigned char high,
- unsigned char c );
+unsigned char mbedtls_ct_uchar_mask_of_range(unsigned char low,
+ unsigned char high,
+ unsigned char c);
#endif /* MBEDTLS_TEST_HOOKS */
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index ed31576..652c5cb 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -41,9 +41,9 @@
/*
* CTR_DRBG context initialization
*/
-void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
+void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx)
{
- memset( ctx, 0, sizeof( mbedtls_ctr_drbg_context ) );
+ memset(ctx, 0, sizeof(mbedtls_ctr_drbg_context));
/* Indicate that the entropy nonce length is not set explicitly.
* See mbedtls_ctr_drbg_set_nonce_len(). */
ctx->reseed_counter = -1;
@@ -55,50 +55,55 @@
* This function resets CTR_DRBG context to the state immediately
* after initial call of mbedtls_ctr_drbg_init().
*/
-void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
+void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
#if defined(MBEDTLS_THREADING_C)
/* The mutex is initialized iff f_entropy is set. */
- if( ctx->f_entropy != NULL )
- mbedtls_mutex_free( &ctx->mutex );
+ if (ctx->f_entropy != NULL) {
+ mbedtls_mutex_free(&ctx->mutex);
+ }
#endif
- mbedtls_aes_free( &ctx->aes_ctx );
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
+ mbedtls_aes_free(&ctx->aes_ctx);
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ctr_drbg_context));
ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
ctx->reseed_counter = -1;
}
-void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
- int resistance )
+void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx,
+ int resistance)
{
ctx->prediction_resistance = resistance;
}
-void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
- size_t len )
+void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx,
+ size_t len)
{
ctx->entropy_len = len;
}
-int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
- size_t len )
+int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx,
+ size_t len)
{
/* If mbedtls_ctr_drbg_seed() has already been called, it's
* too late. Return the error code that's closest to making sense. */
- if( ctx->f_entropy != NULL )
- return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
+ if (ctx->f_entropy != NULL) {
+ return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
+ }
- if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
- return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+ if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
+ return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+ }
#if SIZE_MAX > INT_MAX
/* This shouldn't be an issue because
* MBEDTLS_CTR_DRBG_MAX_SEED_INPUT < INT_MAX in any sensible
* configuration, but make sure anyway. */
- if( len > INT_MAX )
- return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+ if (len > INT_MAX) {
+ return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+ }
#endif
/* For backward compatibility with Mbed TLS <= 2.19, store the
@@ -106,17 +111,17 @@
* used until after the initial seeding. */
/* Due to the capping of len above, the value fits in an int. */
ctx->reseed_counter = (int) len;
- return( 0 );
+ return 0;
}
-void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
- int interval )
+void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx,
+ int interval)
{
ctx->reseed_interval = interval;
}
-static int block_cipher_df( unsigned char *output,
- const unsigned char *data, size_t data_len )
+static int block_cipher_df(unsigned char *output,
+ const unsigned char *data, size_t data_len)
{
unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
MBEDTLS_CTR_DRBG_BLOCKSIZE + 16];
@@ -130,12 +135,13 @@
int i, j;
size_t buf_len, use_len;
- if( data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
- return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+ if (data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
+ return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+ }
- memset( buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
- MBEDTLS_CTR_DRBG_BLOCKSIZE + 16 );
- mbedtls_aes_init( &aes_ctx );
+ memset(buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
+ MBEDTLS_CTR_DRBG_BLOCKSIZE + 16);
+ mbedtls_aes_init(&aes_ctx);
/*
* Construct IV (16 bytes) and S in buffer
@@ -145,48 +151,46 @@
* (Total is padded to a multiple of 16-bytes with zeroes)
*/
p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE;
- MBEDTLS_PUT_UINT32_BE( data_len, p, 0);
+ MBEDTLS_PUT_UINT32_BE(data_len, p, 0);
p += 4 + 3;
*p++ = MBEDTLS_CTR_DRBG_SEEDLEN;
- memcpy( p, data, data_len );
+ memcpy(p, data, data_len);
p[data_len] = 0x80;
buf_len = MBEDTLS_CTR_DRBG_BLOCKSIZE + 8 + data_len + 1;
- for( i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++ )
+ for (i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++) {
key[i] = i;
+ }
- if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, key,
- MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
- {
+ if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key,
+ MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
goto exit;
}
/*
* Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data
*/
- for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
- {
+ for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
p = buf;
- memset( chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE );
+ memset(chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE);
use_len = buf_len;
- while( use_len > 0 )
- {
- for( i = 0; i < MBEDTLS_CTR_DRBG_BLOCKSIZE; i++ )
+ while (use_len > 0) {
+ for (i = 0; i < MBEDTLS_CTR_DRBG_BLOCKSIZE; i++) {
chain[i] ^= p[i];
+ }
p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
- use_len -= ( use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE ) ?
+ use_len -= (use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE) ?
MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len;
- if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT,
- chain, chain ) ) != 0 )
- {
+ if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
+ chain, chain)) != 0) {
goto exit;
}
}
- memcpy( tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE );
+ memcpy(tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE);
/*
* Update IV
@@ -197,42 +201,38 @@
/*
* Do final encryption with reduced data
*/
- if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, tmp,
- MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
- {
+ if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp,
+ MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
goto exit;
}
iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE;
p = output;
- for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
- {
- if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT,
- iv, iv ) ) != 0 )
- {
+ for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
+ if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
+ iv, iv)) != 0) {
goto exit;
}
- memcpy( p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE );
+ memcpy(p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE);
p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
}
exit:
- mbedtls_aes_free( &aes_ctx );
+ mbedtls_aes_free(&aes_ctx);
/*
- * tidy up the stack
- */
- mbedtls_platform_zeroize( buf, sizeof( buf ) );
- mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
- mbedtls_platform_zeroize( key, sizeof( key ) );
- mbedtls_platform_zeroize( chain, sizeof( chain ) );
- if( 0 != ret )
- {
+ * tidy up the stack
+ */
+ mbedtls_platform_zeroize(buf, sizeof(buf));
+ mbedtls_platform_zeroize(tmp, sizeof(tmp));
+ mbedtls_platform_zeroize(key, sizeof(key));
+ mbedtls_platform_zeroize(chain, sizeof(chain));
+ if (0 != ret) {
/*
- * wipe partial seed from memory
- */
- mbedtls_platform_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN );
+ * wipe partial seed from memory
+ */
+ mbedtls_platform_zeroize(output, MBEDTLS_CTR_DRBG_SEEDLEN);
}
- return( ret );
+ return ret;
}
/* CTR_DRBG_Update (SP 800-90A §10.2.1.2)
@@ -243,54 +243,54 @@
* ctx->aes_ctx = Key
* ctx->counter = V
*/
-static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
- const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] )
+static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx,
+ const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN])
{
unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
unsigned char *p = tmp;
int i, j;
int ret = 0;
- memset( tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN );
+ memset(tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN);
- for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
- {
+ for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
/*
* Increase counter
*/
- for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
- if( ++ctx->counter[i - 1] != 0 )
+ for (i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i--) {
+ if (++ctx->counter[i - 1] != 0) {
break;
+ }
+ }
/*
* Crypt counter block
*/
- if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
- ctx->counter, p ) ) != 0 )
- {
+ if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
+ ctx->counter, p)) != 0) {
goto exit;
}
p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
}
- for( i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++ )
+ for (i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++) {
tmp[i] ^= data[i];
+ }
/*
* Update key and counter
*/
- if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp,
- MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
- {
+ if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp,
+ MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
goto exit;
}
- memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE,
- MBEDTLS_CTR_DRBG_BLOCKSIZE );
+ memcpy(ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE,
+ MBEDTLS_CTR_DRBG_BLOCKSIZE);
exit:
- mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
- return( ret );
+ mbedtls_platform_zeroize(tmp, sizeof(tmp));
+ return ret;
}
/* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2)
@@ -305,36 +305,40 @@
* and with outputs
* ctx = initial_working_state
*/
-int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional,
- size_t add_len )
+int mbedtls_ctr_drbg_update_ret(mbedtls_ctr_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t add_len)
{
unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( add_len == 0 )
- return( 0 );
+ if (add_len == 0) {
+ return 0;
+ }
- if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
+ if ((ret = block_cipher_df(add_input, additional, add_len)) != 0) {
goto exit;
- if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
+ }
+ if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {
goto exit;
+ }
exit:
- mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
- return( ret );
+ mbedtls_platform_zeroize(add_input, sizeof(add_input));
+ return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional,
- size_t add_len )
+void mbedtls_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t add_len)
{
/* MAX_INPUT would be more logical here, but we have to match
* block_cipher_df()'s limits since we can't propagate errors */
- if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
+ if (add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT;
- (void) mbedtls_ctr_drbg_update_ret( ctx, additional, add_len );
+ }
+ (void) mbedtls_ctr_drbg_update_ret(ctx, additional, add_len);
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
@@ -351,66 +355,67 @@
* and with output
* ctx contains new_working_state
*/
-static int mbedtls_ctr_drbg_reseed_internal( mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional,
- size_t len,
- size_t nonce_len )
+static int mbedtls_ctr_drbg_reseed_internal(mbedtls_ctr_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t len,
+ size_t nonce_len)
{
unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT];
size_t seedlen = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
- return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
- if( nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
- return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
- if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len )
- return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+ if (ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
+ return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+ }
+ if (nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len) {
+ return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+ }
+ if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len) {
+ return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+ }
- memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT );
+ memset(seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT);
/* Gather entropy_len bytes of entropy to seed state. */
- if( 0 != ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) )
- {
- return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
+ if (0 != ctx->f_entropy(ctx->p_entropy, seed, ctx->entropy_len)) {
+ return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
}
seedlen += ctx->entropy_len;
/* Gather entropy for a nonce if requested. */
- if( nonce_len != 0 )
- {
- if( 0 != ctx->f_entropy( ctx->p_entropy, seed + seedlen, nonce_len ) )
- {
- return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
+ if (nonce_len != 0) {
+ if (0 != ctx->f_entropy(ctx->p_entropy, seed + seedlen, nonce_len)) {
+ return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
}
seedlen += nonce_len;
}
/* Add additional data if provided. */
- if( additional != NULL && len != 0 )
- {
- memcpy( seed + seedlen, additional, len );
+ if (additional != NULL && len != 0) {
+ memcpy(seed + seedlen, additional, len);
seedlen += len;
}
/* Reduce to 384 bits. */
- if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 )
+ if ((ret = block_cipher_df(seed, seed, seedlen)) != 0) {
goto exit;
+ }
/* Update state. */
- if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 )
+ if ((ret = ctr_drbg_update_internal(ctx, seed)) != 0) {
goto exit;
+ }
ctx->reseed_counter = 1;
exit:
- mbedtls_platform_zeroize( seed, sizeof( seed ) );
- return( ret );
+ mbedtls_platform_zeroize(seed, sizeof(seed));
+ return ret;
}
-int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional, size_t len )
+int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx,
+ const unsigned char *additional, size_t len)
{
- return( mbedtls_ctr_drbg_reseed_internal( ctx, additional, len, 0 ) );
+ return mbedtls_ctr_drbg_reseed_internal(ctx, additional, len, 0);
}
/* Return a "good" nonce length for CTR_DRBG. The chosen nonce length
@@ -418,12 +423,13 @@
* size and entropy length. If there is enough entropy in the initial
* call to the entropy function to serve as both the entropy input and
* the nonce, don't make a second call to get a nonce. */
-static size_t good_nonce_len( size_t entropy_len )
+static size_t good_nonce_len(size_t entropy_len)
{
- if( entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2 )
- return( 0 );
- else
- return( ( entropy_len + 1 ) / 2 );
+ if (entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2) {
+ return 0;
+ } else {
+ return (entropy_len + 1) / 2;
+ }
}
/* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2)
@@ -437,52 +443,51 @@
* and with outputs
* ctx = initial_working_state
*/
-int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
- int (*f_entropy)(void *, unsigned char *, size_t),
- void *p_entropy,
- const unsigned char *custom,
- size_t len )
+int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx,
+ int (*f_entropy)(void *, unsigned char *, size_t),
+ void *p_entropy,
+ const unsigned char *custom,
+ size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
size_t nonce_len;
- memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE );
+ memset(key, 0, MBEDTLS_CTR_DRBG_KEYSIZE);
/* The mutex is initialized iff f_entropy is set. */
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &ctx->mutex );
+ mbedtls_mutex_init(&ctx->mutex);
#endif
- mbedtls_aes_init( &ctx->aes_ctx );
+ mbedtls_aes_init(&ctx->aes_ctx);
ctx->f_entropy = f_entropy;
ctx->p_entropy = p_entropy;
- if( ctx->entropy_len == 0 )
+ if (ctx->entropy_len == 0) {
ctx->entropy_len = MBEDTLS_CTR_DRBG_ENTROPY_LEN;
+ }
/* ctx->reseed_counter contains the desired amount of entropy to
* grab for a nonce (see mbedtls_ctr_drbg_set_nonce_len()).
* If it's -1, indicating that the entropy nonce length was not set
* explicitly, use a sufficiently large nonce for security. */
- nonce_len = ( ctx->reseed_counter >= 0 ?
- (size_t) ctx->reseed_counter :
- good_nonce_len( ctx->entropy_len ) );
+ nonce_len = (ctx->reseed_counter >= 0 ?
+ (size_t) ctx->reseed_counter :
+ good_nonce_len(ctx->entropy_len));
/* Initialize with an empty key. */
- if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key,
- MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key,
+ MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
+ return ret;
}
/* Do the initial seeding. */
- if( ( ret = mbedtls_ctr_drbg_reseed_internal( ctx, custom, len,
- nonce_len ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_ctr_drbg_reseed_internal(ctx, custom, len,
+ nonce_len)) != 0) {
+ return ret;
}
- return( 0 );
+ return 0;
}
/* CTR_DRBG_Generate with derivation function (SP 800-90A §10.2.1.5.2)
@@ -504,9 +509,9 @@
* returned_bits = output[:output_len]
* ctx contains new_working_state
*/
-int mbedtls_ctr_drbg_random_with_add( void *p_rng,
- unsigned char *output, size_t output_len,
- const unsigned char *additional, size_t add_len )
+int mbedtls_ctr_drbg_random_with_add(void *p_rng,
+ unsigned char *output, size_t output_len,
+ const unsigned char *additional, size_t add_len)
{
int ret = 0;
mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
@@ -516,159 +521,163 @@
int i;
size_t use_len;
- if( output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST )
- return( MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG );
+ if (output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST) {
+ return MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG;
+ }
- if( add_len > MBEDTLS_CTR_DRBG_MAX_INPUT )
- return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+ if (add_len > MBEDTLS_CTR_DRBG_MAX_INPUT) {
+ return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+ }
- memset( add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN );
+ memset(add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN);
- if( ctx->reseed_counter > ctx->reseed_interval ||
- ctx->prediction_resistance )
- {
- if( ( ret = mbedtls_ctr_drbg_reseed( ctx, additional, add_len ) ) != 0 )
- {
- return( ret );
+ if (ctx->reseed_counter > ctx->reseed_interval ||
+ ctx->prediction_resistance) {
+ if ((ret = mbedtls_ctr_drbg_reseed(ctx, additional, add_len)) != 0) {
+ return ret;
}
add_len = 0;
}
- if( add_len > 0 )
- {
- if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
+ if (add_len > 0) {
+ if ((ret = block_cipher_df(add_input, additional, add_len)) != 0) {
goto exit;
- if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
+ }
+ if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {
goto exit;
+ }
}
- while( output_len > 0 )
- {
+ while (output_len > 0) {
/*
* Increase counter
*/
- for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
- if( ++ctx->counter[i - 1] != 0 )
+ for (i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i--) {
+ if (++ctx->counter[i - 1] != 0) {
break;
+ }
+ }
/*
* Crypt counter block
*/
- if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
- ctx->counter, tmp ) ) != 0 )
- {
+ if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
+ ctx->counter, tmp)) != 0) {
goto exit;
}
- use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE )
+ use_len = (output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE)
? MBEDTLS_CTR_DRBG_BLOCKSIZE : output_len;
/*
* Copy random block to destination
*/
- memcpy( p, tmp, use_len );
+ memcpy(p, tmp, use_len);
p += use_len;
output_len -= use_len;
}
- if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
+ if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {
goto exit;
+ }
ctx->reseed_counter++;
exit:
- mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
- mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
- return( ret );
+ mbedtls_platform_zeroize(add_input, sizeof(add_input));
+ mbedtls_platform_zeroize(tmp, sizeof(tmp));
+ return ret;
}
-int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output,
- size_t output_len )
+int mbedtls_ctr_drbg_random(void *p_rng, unsigned char *output,
+ size_t output_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+ return ret;
+ }
#endif
- ret = mbedtls_ctr_drbg_random_with_add( ctx, output, output_len, NULL, 0 );
+ ret = mbedtls_ctr_drbg_random_with_add(ctx, output, output_len, NULL, 0);
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
- return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+ if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+ return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+ }
#endif
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_FS_IO)
-int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx,
- const char *path )
+int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx,
+ const char *path)
{
int ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
FILE *f;
- unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
+ unsigned char buf[MBEDTLS_CTR_DRBG_MAX_INPUT];
- if( ( f = fopen( path, "wb" ) ) == NULL )
- return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
-
- if( ( ret = mbedtls_ctr_drbg_random( ctx, buf,
- MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 )
- goto exit;
-
- if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) !=
- MBEDTLS_CTR_DRBG_MAX_INPUT )
- {
- ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
+ if ((f = fopen(path, "wb")) == NULL) {
+ return MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
}
- else
- {
+
+ if ((ret = mbedtls_ctr_drbg_random(ctx, buf,
+ MBEDTLS_CTR_DRBG_MAX_INPUT)) != 0) {
+ goto exit;
+ }
+
+ if (fwrite(buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f) !=
+ MBEDTLS_CTR_DRBG_MAX_INPUT) {
+ ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
+ } else {
ret = 0;
}
exit:
- mbedtls_platform_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize(buf, sizeof(buf));
- fclose( f );
- return( ret );
+ fclose(f);
+ return ret;
}
-int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx,
- const char *path )
+int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx,
+ const char *path)
{
int ret = 0;
FILE *f = NULL;
size_t n;
- unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
+ unsigned char buf[MBEDTLS_CTR_DRBG_MAX_INPUT];
unsigned char c;
- if( ( f = fopen( path, "rb" ) ) == NULL )
- return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
+ if ((f = fopen(path, "rb")) == NULL) {
+ return MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
+ }
- n = fread( buf, 1, sizeof( buf ), f );
- if( fread( &c, 1, 1, f ) != 0 )
- {
+ n = fread(buf, 1, sizeof(buf), f);
+ if (fread(&c, 1, 1, f) != 0) {
ret = MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
goto exit;
}
- if( n == 0 || ferror( f ) )
- {
+ if (n == 0 || ferror(f)) {
ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
goto exit;
}
- fclose( f );
+ fclose(f);
f = NULL;
- ret = mbedtls_ctr_drbg_update_ret( ctx, buf, n );
+ ret = mbedtls_ctr_drbg_update_ret(ctx, buf, n);
exit:
- mbedtls_platform_zeroize( buf, sizeof( buf ) );
- if( f != NULL )
- fclose( f );
- if( ret != 0 )
- return( ret );
- return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) );
+ mbedtls_platform_zeroize(buf, sizeof(buf));
+ if (f != NULL) {
+ fclose(f);
+ }
+ if (ret != 0) {
+ return ret;
+ }
+ return mbedtls_ctr_drbg_write_seed_file(ctx, path);
}
#endif /* MBEDTLS_FS_IO */
@@ -699,192 +708,197 @@
#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
static const unsigned char entropy_source_pr[] =
- { 0x04, 0xd9, 0x49, 0xa6, 0xdc, 0xe8, 0x6e, 0xbb,
- 0xf1, 0x08, 0x77, 0x2b, 0x9e, 0x08, 0xca, 0x92,
- 0x65, 0x16, 0xda, 0x99, 0xa2, 0x59, 0xf3, 0xe8,
- 0x38, 0x7e, 0x3f, 0x6b, 0x51, 0x70, 0x7b, 0x20,
- 0xec, 0x53, 0xd0, 0x66, 0xc3, 0x0f, 0xe3, 0xb0,
- 0xe0, 0x86, 0xa6, 0xaa, 0x5f, 0x72, 0x2f, 0xad,
- 0xf7, 0xef, 0x06, 0xb8, 0xd6, 0x9c, 0x9d, 0xe8 };
+{ 0x04, 0xd9, 0x49, 0xa6, 0xdc, 0xe8, 0x6e, 0xbb,
+ 0xf1, 0x08, 0x77, 0x2b, 0x9e, 0x08, 0xca, 0x92,
+ 0x65, 0x16, 0xda, 0x99, 0xa2, 0x59, 0xf3, 0xe8,
+ 0x38, 0x7e, 0x3f, 0x6b, 0x51, 0x70, 0x7b, 0x20,
+ 0xec, 0x53, 0xd0, 0x66, 0xc3, 0x0f, 0xe3, 0xb0,
+ 0xe0, 0x86, 0xa6, 0xaa, 0x5f, 0x72, 0x2f, 0xad,
+ 0xf7, 0xef, 0x06, 0xb8, 0xd6, 0x9c, 0x9d, 0xe8 };
static const unsigned char entropy_source_nopr[] =
- { 0x07, 0x0d, 0x59, 0x63, 0x98, 0x73, 0xa5, 0x45,
- 0x27, 0x38, 0x22, 0x7b, 0x76, 0x85, 0xd1, 0xa9,
- 0x74, 0x18, 0x1f, 0x3c, 0x22, 0xf6, 0x49, 0x20,
- 0x4a, 0x47, 0xc2, 0xf3, 0x85, 0x16, 0xb4, 0x6f,
- 0x00, 0x2e, 0x71, 0xda, 0xed, 0x16, 0x9b, 0x5c };
+{ 0x07, 0x0d, 0x59, 0x63, 0x98, 0x73, 0xa5, 0x45,
+ 0x27, 0x38, 0x22, 0x7b, 0x76, 0x85, 0xd1, 0xa9,
+ 0x74, 0x18, 0x1f, 0x3c, 0x22, 0xf6, 0x49, 0x20,
+ 0x4a, 0x47, 0xc2, 0xf3, 0x85, 0x16, 0xb4, 0x6f,
+ 0x00, 0x2e, 0x71, 0xda, 0xed, 0x16, 0x9b, 0x5c };
static const unsigned char pers_pr[] =
- { 0xbf, 0xa4, 0x9a, 0x8f, 0x7b, 0xd8, 0xb1, 0x7a,
- 0x9d, 0xfa, 0x45, 0xed, 0x21, 0x52, 0xb3, 0xad };
+{ 0xbf, 0xa4, 0x9a, 0x8f, 0x7b, 0xd8, 0xb1, 0x7a,
+ 0x9d, 0xfa, 0x45, 0xed, 0x21, 0x52, 0xb3, 0xad };
static const unsigned char pers_nopr[] =
- { 0x4e, 0x61, 0x79, 0xd4, 0xc2, 0x72, 0xa1, 0x4c,
- 0xf1, 0x3d, 0xf6, 0x5e, 0xa3, 0xa6, 0xe5, 0x0f };
+{ 0x4e, 0x61, 0x79, 0xd4, 0xc2, 0x72, 0xa1, 0x4c,
+ 0xf1, 0x3d, 0xf6, 0x5e, 0xa3, 0xa6, 0xe5, 0x0f };
static const unsigned char result_pr[] =
- { 0xc9, 0x0a, 0xaf, 0x85, 0x89, 0x71, 0x44, 0x66,
- 0x4f, 0x25, 0x0b, 0x2b, 0xde, 0xd8, 0xfa, 0xff,
- 0x52, 0x5a, 0x1b, 0x32, 0x5e, 0x41, 0x7a, 0x10,
- 0x1f, 0xef, 0x1e, 0x62, 0x23, 0xe9, 0x20, 0x30,
- 0xc9, 0x0d, 0xad, 0x69, 0xb4, 0x9c, 0x5b, 0xf4,
- 0x87, 0x42, 0xd5, 0xae, 0x5e, 0x5e, 0x43, 0xcc,
- 0xd9, 0xfd, 0x0b, 0x93, 0x4a, 0xe3, 0xd4, 0x06,
- 0x37, 0x36, 0x0f, 0x3f, 0x72, 0x82, 0x0c, 0xcf };
+{ 0xc9, 0x0a, 0xaf, 0x85, 0x89, 0x71, 0x44, 0x66,
+ 0x4f, 0x25, 0x0b, 0x2b, 0xde, 0xd8, 0xfa, 0xff,
+ 0x52, 0x5a, 0x1b, 0x32, 0x5e, 0x41, 0x7a, 0x10,
+ 0x1f, 0xef, 0x1e, 0x62, 0x23, 0xe9, 0x20, 0x30,
+ 0xc9, 0x0d, 0xad, 0x69, 0xb4, 0x9c, 0x5b, 0xf4,
+ 0x87, 0x42, 0xd5, 0xae, 0x5e, 0x5e, 0x43, 0xcc,
+ 0xd9, 0xfd, 0x0b, 0x93, 0x4a, 0xe3, 0xd4, 0x06,
+ 0x37, 0x36, 0x0f, 0x3f, 0x72, 0x82, 0x0c, 0xcf };
static const unsigned char result_nopr[] =
- { 0x31, 0xc9, 0x91, 0x09, 0xf8, 0xc5, 0x10, 0x13,
- 0x3c, 0xd3, 0x96, 0xf9, 0xbc, 0x2c, 0x12, 0xc0,
- 0x7c, 0xc1, 0x61, 0x5f, 0xa3, 0x09, 0x99, 0xaf,
- 0xd7, 0xf2, 0x36, 0xfd, 0x40, 0x1a, 0x8b, 0xf2,
- 0x33, 0x38, 0xee, 0x1d, 0x03, 0x5f, 0x83, 0xb7,
- 0xa2, 0x53, 0xdc, 0xee, 0x18, 0xfc, 0xa7, 0xf2,
- 0xee, 0x96, 0xc6, 0xc2, 0xcd, 0x0c, 0xff, 0x02,
- 0x76, 0x70, 0x69, 0xaa, 0x69, 0xd1, 0x3b, 0xe8 };
+{ 0x31, 0xc9, 0x91, 0x09, 0xf8, 0xc5, 0x10, 0x13,
+ 0x3c, 0xd3, 0x96, 0xf9, 0xbc, 0x2c, 0x12, 0xc0,
+ 0x7c, 0xc1, 0x61, 0x5f, 0xa3, 0x09, 0x99, 0xaf,
+ 0xd7, 0xf2, 0x36, 0xfd, 0x40, 0x1a, 0x8b, 0xf2,
+ 0x33, 0x38, 0xee, 0x1d, 0x03, 0x5f, 0x83, 0xb7,
+ 0xa2, 0x53, 0xdc, 0xee, 0x18, 0xfc, 0xa7, 0xf2,
+ 0xee, 0x96, 0xc6, 0xc2, 0xcd, 0x0c, 0xff, 0x02,
+ 0x76, 0x70, 0x69, 0xaa, 0x69, 0xd1, 0x3b, 0xe8 };
#else /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
static const unsigned char entropy_source_pr[] =
- { 0xca, 0x58, 0xfd, 0xf2, 0xb9, 0x77, 0xcb, 0x49,
- 0xd4, 0xe0, 0x5b, 0xe2, 0x39, 0x50, 0xd9, 0x8a,
- 0x6a, 0xb3, 0xc5, 0x2f, 0xdf, 0x74, 0xd5, 0x85,
- 0x8f, 0xd1, 0xba, 0x64, 0x54, 0x7b, 0xdb, 0x1e,
- 0xc5, 0xea, 0x24, 0xc0, 0xfa, 0x0c, 0x90, 0x15,
- 0x09, 0x20, 0x92, 0x42, 0x32, 0x36, 0x45, 0x45,
- 0x7d, 0x20, 0x76, 0x6b, 0xcf, 0xa2, 0x15, 0xc8,
- 0x2f, 0x9f, 0xbc, 0x88, 0x3f, 0x80, 0xd1, 0x2c,
- 0xb7, 0x16, 0xd1, 0x80, 0x9e, 0xe1, 0xc9, 0xb3,
- 0x88, 0x1b, 0x21, 0x45, 0xef, 0xa1, 0x7f, 0xce,
- 0xc8, 0x92, 0x35, 0x55, 0x2a, 0xd9, 0x1d, 0x8e,
- 0x12, 0x38, 0xac, 0x01, 0x4e, 0x38, 0x18, 0x76,
- 0x9c, 0xf2, 0xb6, 0xd4, 0x13, 0xb6, 0x2c, 0x77,
- 0xc0, 0xe7, 0xe6, 0x0c, 0x47, 0x44, 0x95, 0xbe };
+{ 0xca, 0x58, 0xfd, 0xf2, 0xb9, 0x77, 0xcb, 0x49,
+ 0xd4, 0xe0, 0x5b, 0xe2, 0x39, 0x50, 0xd9, 0x8a,
+ 0x6a, 0xb3, 0xc5, 0x2f, 0xdf, 0x74, 0xd5, 0x85,
+ 0x8f, 0xd1, 0xba, 0x64, 0x54, 0x7b, 0xdb, 0x1e,
+ 0xc5, 0xea, 0x24, 0xc0, 0xfa, 0x0c, 0x90, 0x15,
+ 0x09, 0x20, 0x92, 0x42, 0x32, 0x36, 0x45, 0x45,
+ 0x7d, 0x20, 0x76, 0x6b, 0xcf, 0xa2, 0x15, 0xc8,
+ 0x2f, 0x9f, 0xbc, 0x88, 0x3f, 0x80, 0xd1, 0x2c,
+ 0xb7, 0x16, 0xd1, 0x80, 0x9e, 0xe1, 0xc9, 0xb3,
+ 0x88, 0x1b, 0x21, 0x45, 0xef, 0xa1, 0x7f, 0xce,
+ 0xc8, 0x92, 0x35, 0x55, 0x2a, 0xd9, 0x1d, 0x8e,
+ 0x12, 0x38, 0xac, 0x01, 0x4e, 0x38, 0x18, 0x76,
+ 0x9c, 0xf2, 0xb6, 0xd4, 0x13, 0xb6, 0x2c, 0x77,
+ 0xc0, 0xe7, 0xe6, 0x0c, 0x47, 0x44, 0x95, 0xbe };
static const unsigned char entropy_source_nopr[] =
- { 0x4c, 0xfb, 0x21, 0x86, 0x73, 0x34, 0x6d, 0x9d,
- 0x50, 0xc9, 0x22, 0xe4, 0x9b, 0x0d, 0xfc, 0xd0,
- 0x90, 0xad, 0xf0, 0x4f, 0x5c, 0x3b, 0xa4, 0x73,
- 0x27, 0xdf, 0xcd, 0x6f, 0xa6, 0x3a, 0x78, 0x5c,
- 0x01, 0x69, 0x62, 0xa7, 0xfd, 0x27, 0x87, 0xa2,
- 0x4b, 0xf6, 0xbe, 0x47, 0xef, 0x37, 0x83, 0xf1,
- 0xb7, 0xec, 0x46, 0x07, 0x23, 0x63, 0x83, 0x4a,
- 0x1b, 0x01, 0x33, 0xf2, 0xc2, 0x38, 0x91, 0xdb,
- 0x4f, 0x11, 0xa6, 0x86, 0x51, 0xf2, 0x3e, 0x3a,
- 0x8b, 0x1f, 0xdc, 0x03, 0xb1, 0x92, 0xc7, 0xe7 };
+{ 0x4c, 0xfb, 0x21, 0x86, 0x73, 0x34, 0x6d, 0x9d,
+ 0x50, 0xc9, 0x22, 0xe4, 0x9b, 0x0d, 0xfc, 0xd0,
+ 0x90, 0xad, 0xf0, 0x4f, 0x5c, 0x3b, 0xa4, 0x73,
+ 0x27, 0xdf, 0xcd, 0x6f, 0xa6, 0x3a, 0x78, 0x5c,
+ 0x01, 0x69, 0x62, 0xa7, 0xfd, 0x27, 0x87, 0xa2,
+ 0x4b, 0xf6, 0xbe, 0x47, 0xef, 0x37, 0x83, 0xf1,
+ 0xb7, 0xec, 0x46, 0x07, 0x23, 0x63, 0x83, 0x4a,
+ 0x1b, 0x01, 0x33, 0xf2, 0xc2, 0x38, 0x91, 0xdb,
+ 0x4f, 0x11, 0xa6, 0x86, 0x51, 0xf2, 0x3e, 0x3a,
+ 0x8b, 0x1f, 0xdc, 0x03, 0xb1, 0x92, 0xc7, 0xe7 };
static const unsigned char pers_pr[] =
- { 0x5a, 0x70, 0x95, 0xe9, 0x81, 0x40, 0x52, 0x33,
- 0x91, 0x53, 0x7e, 0x75, 0xd6, 0x19, 0x9d, 0x1e,
- 0xad, 0x0d, 0xc6, 0xa7, 0xde, 0x6c, 0x1f, 0xe0,
- 0xea, 0x18, 0x33, 0xa8, 0x7e, 0x06, 0x20, 0xe9 };
+{ 0x5a, 0x70, 0x95, 0xe9, 0x81, 0x40, 0x52, 0x33,
+ 0x91, 0x53, 0x7e, 0x75, 0xd6, 0x19, 0x9d, 0x1e,
+ 0xad, 0x0d, 0xc6, 0xa7, 0xde, 0x6c, 0x1f, 0xe0,
+ 0xea, 0x18, 0x33, 0xa8, 0x7e, 0x06, 0x20, 0xe9 };
static const unsigned char pers_nopr[] =
- { 0x88, 0xee, 0xb8, 0xe0, 0xe8, 0x3b, 0xf3, 0x29,
- 0x4b, 0xda, 0xcd, 0x60, 0x99, 0xeb, 0xe4, 0xbf,
- 0x55, 0xec, 0xd9, 0x11, 0x3f, 0x71, 0xe5, 0xeb,
- 0xcb, 0x45, 0x75, 0xf3, 0xd6, 0xa6, 0x8a, 0x6b };
+{ 0x88, 0xee, 0xb8, 0xe0, 0xe8, 0x3b, 0xf3, 0x29,
+ 0x4b, 0xda, 0xcd, 0x60, 0x99, 0xeb, 0xe4, 0xbf,
+ 0x55, 0xec, 0xd9, 0x11, 0x3f, 0x71, 0xe5, 0xeb,
+ 0xcb, 0x45, 0x75, 0xf3, 0xd6, 0xa6, 0x8a, 0x6b };
static const unsigned char result_pr[] =
- { 0xce, 0x2f, 0xdb, 0xb6, 0xd9, 0xb7, 0x39, 0x85,
- 0x04, 0xc5, 0xc0, 0x42, 0xc2, 0x31, 0xc6, 0x1d,
- 0x9b, 0x5a, 0x59, 0xf8, 0x7e, 0x0d, 0xcc, 0x62,
- 0x7b, 0x65, 0x11, 0x55, 0x10, 0xeb, 0x9e, 0x3d,
- 0xa4, 0xfb, 0x1c, 0x6a, 0x18, 0xc0, 0x74, 0xdb,
- 0xdd, 0xe7, 0x02, 0x23, 0x63, 0x21, 0xd0, 0x39,
- 0xf9, 0xa7, 0xc4, 0x52, 0x84, 0x3b, 0x49, 0x40,
- 0x72, 0x2b, 0xb0, 0x6c, 0x9c, 0xdb, 0xc3, 0x43 };
+{ 0xce, 0x2f, 0xdb, 0xb6, 0xd9, 0xb7, 0x39, 0x85,
+ 0x04, 0xc5, 0xc0, 0x42, 0xc2, 0x31, 0xc6, 0x1d,
+ 0x9b, 0x5a, 0x59, 0xf8, 0x7e, 0x0d, 0xcc, 0x62,
+ 0x7b, 0x65, 0x11, 0x55, 0x10, 0xeb, 0x9e, 0x3d,
+ 0xa4, 0xfb, 0x1c, 0x6a, 0x18, 0xc0, 0x74, 0xdb,
+ 0xdd, 0xe7, 0x02, 0x23, 0x63, 0x21, 0xd0, 0x39,
+ 0xf9, 0xa7, 0xc4, 0x52, 0x84, 0x3b, 0x49, 0x40,
+ 0x72, 0x2b, 0xb0, 0x6c, 0x9c, 0xdb, 0xc3, 0x43 };
static const unsigned char result_nopr[] =
- { 0xa5, 0x51, 0x80, 0xa1, 0x90, 0xbe, 0xf3, 0xad,
- 0xaf, 0x28, 0xf6, 0xb7, 0x95, 0xe9, 0xf1, 0xf3,
- 0xd6, 0xdf, 0xa1, 0xb2, 0x7d, 0xd0, 0x46, 0x7b,
- 0x0c, 0x75, 0xf5, 0xfa, 0x93, 0x1e, 0x97, 0x14,
- 0x75, 0xb2, 0x7c, 0xae, 0x03, 0xa2, 0x96, 0x54,
- 0xe2, 0xf4, 0x09, 0x66, 0xea, 0x33, 0x64, 0x30,
- 0x40, 0xd1, 0x40, 0x0f, 0xe6, 0x77, 0x87, 0x3a,
- 0xf8, 0x09, 0x7c, 0x1f, 0xe9, 0xf0, 0x02, 0x98 };
+{ 0xa5, 0x51, 0x80, 0xa1, 0x90, 0xbe, 0xf3, 0xad,
+ 0xaf, 0x28, 0xf6, 0xb7, 0x95, 0xe9, 0xf1, 0xf3,
+ 0xd6, 0xdf, 0xa1, 0xb2, 0x7d, 0xd0, 0x46, 0x7b,
+ 0x0c, 0x75, 0xf5, 0xfa, 0x93, 0x1e, 0x97, 0x14,
+ 0x75, 0xb2, 0x7c, 0xae, 0x03, 0xa2, 0x96, 0x54,
+ 0xe2, 0xf4, 0x09, 0x66, 0xea, 0x33, 0x64, 0x30,
+ 0x40, 0xd1, 0x40, 0x0f, 0xe6, 0x77, 0x87, 0x3a,
+ 0xf8, 0x09, 0x7c, 0x1f, 0xe9, 0xf0, 0x02, 0x98 };
#endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
static size_t test_offset;
-static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf,
- size_t len )
+static int ctr_drbg_self_test_entropy(void *data, unsigned char *buf,
+ size_t len)
{
const unsigned char *p = data;
- memcpy( buf, p + test_offset, len );
+ memcpy(buf, p + test_offset, len);
test_offset += len;
- return( 0 );
+ return 0;
}
-#define CHK( c ) if( (c) != 0 ) \
- { \
- if( verbose != 0 ) \
- mbedtls_printf( "failed\n" ); \
- return( 1 ); \
- }
+#define CHK(c) if ((c) != 0) \
+ { \
+ if (verbose != 0) \
+ mbedtls_printf("failed\n"); \
+ return 1; \
+ }
#define SELF_TEST_OUTPUT_DISCARD_LENGTH 64
/*
* Checkup routine
*/
-int mbedtls_ctr_drbg_self_test( int verbose )
+int mbedtls_ctr_drbg_self_test(int verbose)
{
mbedtls_ctr_drbg_context ctx;
- unsigned char buf[ sizeof( result_pr ) ];
+ unsigned char buf[sizeof(result_pr)];
- mbedtls_ctr_drbg_init( &ctx );
+ mbedtls_ctr_drbg_init(&ctx);
/*
* Based on a NIST CTR_DRBG test vector (PR = True)
*/
- if( verbose != 0 )
- mbedtls_printf( " CTR_DRBG (PR = TRUE) : " );
+ if (verbose != 0) {
+ mbedtls_printf(" CTR_DRBG (PR = TRUE) : ");
+ }
test_offset = 0;
- mbedtls_ctr_drbg_set_entropy_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE );
- mbedtls_ctr_drbg_set_nonce_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2 );
- CHK( mbedtls_ctr_drbg_seed( &ctx,
- ctr_drbg_self_test_entropy,
- (void *) entropy_source_pr,
- pers_pr, MBEDTLS_CTR_DRBG_KEYSIZE ) );
- mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
- CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH ) );
- CHK( mbedtls_ctr_drbg_random( &ctx, buf, sizeof( result_pr ) ) );
- CHK( memcmp( buf, result_pr, sizeof( result_pr ) ) );
+ mbedtls_ctr_drbg_set_entropy_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE);
+ mbedtls_ctr_drbg_set_nonce_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2);
+ CHK(mbedtls_ctr_drbg_seed(&ctx,
+ ctr_drbg_self_test_entropy,
+ (void *) entropy_source_pr,
+ pers_pr, MBEDTLS_CTR_DRBG_KEYSIZE));
+ mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_ON);
+ CHK(mbedtls_ctr_drbg_random(&ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH));
+ CHK(mbedtls_ctr_drbg_random(&ctx, buf, sizeof(result_pr)));
+ CHK(memcmp(buf, result_pr, sizeof(result_pr)));
- mbedtls_ctr_drbg_free( &ctx );
+ mbedtls_ctr_drbg_free(&ctx);
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
/*
* Based on a NIST CTR_DRBG test vector (PR = FALSE)
*/
- if( verbose != 0 )
- mbedtls_printf( " CTR_DRBG (PR = FALSE): " );
+ if (verbose != 0) {
+ mbedtls_printf(" CTR_DRBG (PR = FALSE): ");
+ }
- mbedtls_ctr_drbg_init( &ctx );
+ mbedtls_ctr_drbg_init(&ctx);
test_offset = 0;
- mbedtls_ctr_drbg_set_entropy_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE);
- mbedtls_ctr_drbg_set_nonce_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2 );
- CHK( mbedtls_ctr_drbg_seed( &ctx,
- ctr_drbg_self_test_entropy,
- (void *) entropy_source_nopr,
- pers_nopr, MBEDTLS_CTR_DRBG_KEYSIZE ) );
- CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) );
- CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH ) );
- CHK( mbedtls_ctr_drbg_random( &ctx, buf, sizeof( result_nopr ) ) );
- CHK( memcmp( buf, result_nopr, sizeof( result_nopr ) ) );
+ mbedtls_ctr_drbg_set_entropy_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE);
+ mbedtls_ctr_drbg_set_nonce_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2);
+ CHK(mbedtls_ctr_drbg_seed(&ctx,
+ ctr_drbg_self_test_entropy,
+ (void *) entropy_source_nopr,
+ pers_nopr, MBEDTLS_CTR_DRBG_KEYSIZE));
+ CHK(mbedtls_ctr_drbg_reseed(&ctx, NULL, 0));
+ CHK(mbedtls_ctr_drbg_random(&ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH));
+ CHK(mbedtls_ctr_drbg_random(&ctx, buf, sizeof(result_nopr)));
+ CHK(memcmp(buf, result_nopr, sizeof(result_nopr)));
- mbedtls_ctr_drbg_free( &ctx );
+ mbedtls_ctr_drbg_free(&ctx);
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/debug.c b/library/debug.c
index 353b4bf..ab8b352 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -34,7 +34,7 @@
static int debug_threshold = 0;
-void mbedtls_debug_set_threshold( int threshold )
+void mbedtls_debug_set_threshold(int threshold)
{
debug_threshold = threshold;
}
@@ -42,9 +42,9 @@
/*
* All calls to f_dbg must be made via this function
*/
-static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *str )
+static inline void debug_send_line(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *str)
{
/*
* If in a threaded environment, we need a thread identifier.
@@ -53,54 +53,51 @@
*/
#if defined(MBEDTLS_THREADING_C)
char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */
- mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", (void*)ssl, str );
- ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr );
+ mbedtls_snprintf(idstr, sizeof(idstr), "%p: %s", (void *) ssl, str);
+ ssl->conf->f_dbg(ssl->conf->p_dbg, level, file, line, idstr);
#else
- ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
+ ssl->conf->f_dbg(ssl->conf->p_dbg, level, file, line, str);
#endif
}
MBEDTLS_PRINTF_ATTRIBUTE(5, 6)
-void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *format, ... )
+void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *format, ...)
{
va_list argp;
char str[DEBUG_BUF_SIZE];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( NULL == ssl ||
+ if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
- level > debug_threshold )
- {
+ level > debug_threshold) {
return;
}
- va_start( argp, format );
- ret = mbedtls_vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
- va_end( argp );
+ va_start(argp, format);
+ ret = mbedtls_vsnprintf(str, DEBUG_BUF_SIZE, format, argp);
+ va_end(argp);
- if( ret >= 0 && ret < DEBUG_BUF_SIZE - 1 )
- {
+ if (ret >= 0 && ret < DEBUG_BUF_SIZE - 1) {
str[ret] = '\n';
str[ret + 1] = '\0';
}
- debug_send_line( ssl, level, file, line, str );
+ debug_send_line(ssl, level, file, line, str);
}
-void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, int ret )
+void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, int ret)
{
char str[DEBUG_BUF_SIZE];
- if( NULL == ssl ||
+ if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
- level > debug_threshold )
- {
+ level > debug_threshold) {
return;
}
@@ -109,246 +106,232 @@
* the logs would be quickly flooded with WANT_READ, so ignore that.
* Don't ignore WANT_WRITE however, since is is usually rare.
*/
- if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
return;
+ }
- mbedtls_snprintf( str, sizeof( str ), "%s() returned %d (-0x%04x)\n",
- text, ret, (unsigned int) -ret );
+ mbedtls_snprintf(str, sizeof(str), "%s() returned %d (-0x%04x)\n",
+ text, ret, (unsigned int) -ret);
- debug_send_line( ssl, level, file, line, str );
+ debug_send_line(ssl, level, file, line, str);
}
-void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line, const char *text,
- const unsigned char *buf, size_t len )
+void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line, const char *text,
+ const unsigned char *buf, size_t len)
{
char str[DEBUG_BUF_SIZE];
char txt[17];
size_t i, idx = 0;
- if( NULL == ssl ||
+ if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
- level > debug_threshold )
- {
+ level > debug_threshold) {
return;
}
- mbedtls_snprintf( str + idx, sizeof( str ) - idx, "dumping '%s' (%u bytes)\n",
- text, (unsigned int) len );
+ mbedtls_snprintf(str + idx, sizeof(str) - idx, "dumping '%s' (%u bytes)\n",
+ text, (unsigned int) len);
- debug_send_line( ssl, level, file, line, str );
+ debug_send_line(ssl, level, file, line, str);
idx = 0;
- memset( txt, 0, sizeof( txt ) );
- for( i = 0; i < len; i++ )
- {
- if( i >= 4096 )
+ memset(txt, 0, sizeof(txt));
+ for (i = 0; i < len; i++) {
+ if (i >= 4096) {
break;
+ }
- if( i % 16 == 0 )
- {
- if( i > 0 )
- {
- mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %s\n", txt );
- debug_send_line( ssl, level, file, line, str );
+ if (i % 16 == 0) {
+ if (i > 0) {
+ mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt);
+ debug_send_line(ssl, level, file, line, str);
idx = 0;
- memset( txt, 0, sizeof( txt ) );
+ memset(txt, 0, sizeof(txt));
}
- idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, "%04x: ",
- (unsigned int) i );
+ idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, "%04x: ",
+ (unsigned int) i);
}
- idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x",
- (unsigned int) buf[i] );
- txt[i % 16] = ( buf[i] > 31 && buf[i] < 127 ) ? buf[i] : '.' ;
+ idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x",
+ (unsigned int) buf[i]);
+ txt[i % 16] = (buf[i] > 31 && buf[i] < 127) ? buf[i] : '.';
}
- if( len > 0 )
- {
- for( /* i = i */; i % 16 != 0; i++ )
- idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " " );
+ if (len > 0) {
+ for (/* i = i */; i % 16 != 0; i++) {
+ idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " ");
+ }
- mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %s\n", txt );
- debug_send_line( ssl, level, file, line, str );
+ mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt);
+ debug_send_line(ssl, level, file, line, str);
}
}
#if defined(MBEDTLS_ECP_C)
-void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_ecp_point *X )
+void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const mbedtls_ecp_point *X)
{
char str[DEBUG_BUF_SIZE];
- if( NULL == ssl ||
+ if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
- level > debug_threshold )
- {
+ level > debug_threshold) {
return;
}
- mbedtls_snprintf( str, sizeof( str ), "%s(X)", text );
- mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->X );
+ mbedtls_snprintf(str, sizeof(str), "%s(X)", text);
+ mbedtls_debug_print_mpi(ssl, level, file, line, str, &X->X);
- mbedtls_snprintf( str, sizeof( str ), "%s(Y)", text );
- mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->Y );
+ mbedtls_snprintf(str, sizeof(str), "%s(Y)", text);
+ mbedtls_debug_print_mpi(ssl, level, file, line, str, &X->Y);
}
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_BIGNUM_C)
-void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_mpi *X )
+void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const mbedtls_mpi *X)
{
char str[DEBUG_BUF_SIZE];
size_t bitlen;
size_t idx = 0;
- if( NULL == ssl ||
+ if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
NULL == X ||
- level > debug_threshold )
- {
+ level > debug_threshold) {
return;
}
- bitlen = mbedtls_mpi_bitlen( X );
+ bitlen = mbedtls_mpi_bitlen(X);
- mbedtls_snprintf( str, sizeof( str ), "value of '%s' (%u bits) is:\n",
- text, (unsigned) bitlen );
- debug_send_line( ssl, level, file, line, str );
+ mbedtls_snprintf(str, sizeof(str), "value of '%s' (%u bits) is:\n",
+ text, (unsigned) bitlen);
+ debug_send_line(ssl, level, file, line, str);
- if( bitlen == 0 )
- {
+ if (bitlen == 0) {
str[0] = ' '; str[1] = '0'; str[2] = '0';
idx = 3;
- }
- else
- {
+ } else {
int n;
- for( n = (int) ( ( bitlen - 1 ) / 8 ); n >= 0; n-- )
- {
- size_t limb_offset = n / sizeof( mbedtls_mpi_uint );
- size_t offset_in_limb = n % sizeof( mbedtls_mpi_uint );
+ for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) {
+ size_t limb_offset = n / sizeof(mbedtls_mpi_uint);
+ size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint);
unsigned char octet =
- ( X->p[limb_offset] >> ( offset_in_limb * 8 ) ) & 0xff;
- mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", octet );
+ (X->p[limb_offset] >> (offset_in_limb * 8)) & 0xff;
+ mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet);
idx += 3;
/* Wrap lines after 16 octets that each take 3 columns */
- if( idx >= 3 * 16 )
- {
- mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
- debug_send_line( ssl, level, file, line, str );
+ if (idx >= 3 * 16) {
+ mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
+ debug_send_line(ssl, level, file, line, str);
idx = 0;
}
}
}
- if( idx != 0 )
- {
- mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
- debug_send_line( ssl, level, file, line, str );
+ if (idx != 0) {
+ mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
+ debug_send_line(ssl, level, file, line, str);
}
}
#endif /* MBEDTLS_BIGNUM_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-static void debug_print_pk( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_pk_context *pk )
+static void debug_print_pk(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const mbedtls_pk_context *pk)
{
size_t i;
mbedtls_pk_debug_item items[MBEDTLS_PK_DEBUG_MAX_ITEMS];
char name[16];
- memset( items, 0, sizeof( items ) );
+ memset(items, 0, sizeof(items));
- if( mbedtls_pk_debug( pk, items ) != 0 )
- {
- debug_send_line( ssl, level, file, line,
- "invalid PK context\n" );
+ if (mbedtls_pk_debug(pk, items) != 0) {
+ debug_send_line(ssl, level, file, line,
+ "invalid PK context\n");
return;
}
- for( i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++ )
- {
- if( items[i].type == MBEDTLS_PK_DEBUG_NONE )
+ for (i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++) {
+ if (items[i].type == MBEDTLS_PK_DEBUG_NONE) {
return;
+ }
- mbedtls_snprintf( name, sizeof( name ), "%s%s", text, items[i].name );
- name[sizeof( name ) - 1] = '\0';
+ mbedtls_snprintf(name, sizeof(name), "%s%s", text, items[i].name);
+ name[sizeof(name) - 1] = '\0';
- if( items[i].type == MBEDTLS_PK_DEBUG_MPI )
- mbedtls_debug_print_mpi( ssl, level, file, line, name, items[i].value );
- else
+ if (items[i].type == MBEDTLS_PK_DEBUG_MPI) {
+ mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value);
+ } else
#if defined(MBEDTLS_ECP_C)
- if( items[i].type == MBEDTLS_PK_DEBUG_ECP )
- mbedtls_debug_print_ecp( ssl, level, file, line, name, items[i].value );
- else
+ if (items[i].type == MBEDTLS_PK_DEBUG_ECP) {
+ mbedtls_debug_print_ecp(ssl, level, file, line, name, items[i].value);
+ } else
#endif
- debug_send_line( ssl, level, file, line,
- "should not happen\n" );
+ { debug_send_line(ssl, level, file, line,
+ "should not happen\n"); }
}
}
-static void debug_print_line_by_line( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line, const char *text )
+static void debug_print_line_by_line(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line, const char *text)
{
char str[DEBUG_BUF_SIZE];
const char *start, *cur;
start = text;
- for( cur = text; *cur != '\0'; cur++ )
- {
- if( *cur == '\n' )
- {
+ for (cur = text; *cur != '\0'; cur++) {
+ if (*cur == '\n') {
size_t len = cur - start + 1;
- if( len > DEBUG_BUF_SIZE - 1 )
+ if (len > DEBUG_BUF_SIZE - 1) {
len = DEBUG_BUF_SIZE - 1;
+ }
- memcpy( str, start, len );
+ memcpy(str, start, len);
str[len] = '\0';
- debug_send_line( ssl, level, file, line, str );
+ debug_send_line(ssl, level, file, line, str);
start = cur + 1;
}
}
}
-void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_x509_crt *crt )
+void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const mbedtls_x509_crt *crt)
{
char str[DEBUG_BUF_SIZE];
int i = 0;
- if( NULL == ssl ||
+ if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
NULL == crt ||
- level > debug_threshold )
- {
+ level > debug_threshold) {
return;
}
- while( crt != NULL )
- {
+ while (crt != NULL) {
char buf[1024];
- mbedtls_snprintf( str, sizeof( str ), "%s #%d:\n", text, ++i );
- debug_send_line( ssl, level, file, line, str );
+ mbedtls_snprintf(str, sizeof(str), "%s #%d:\n", text, ++i);
+ debug_send_line(ssl, level, file, line, str);
- mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
- debug_print_line_by_line( ssl, level, file, line, buf );
+ mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
+ debug_print_line_by_line(ssl, level, file, line, buf);
- debug_print_pk( ssl, level, file, line, "crt->", &crt->pk );
+ debug_print_pk(ssl, level, file, line, "crt->", &crt->pk);
crt = crt->next;
}
@@ -356,50 +339,48 @@
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_ECDH_C)
-static void mbedtls_debug_printf_ecdh_internal( const mbedtls_ssl_context *ssl,
- int level, const char *file,
- int line,
- const mbedtls_ecdh_context *ecdh,
- mbedtls_debug_ecdh_attr attr )
+static void mbedtls_debug_printf_ecdh_internal(const mbedtls_ssl_context *ssl,
+ int level, const char *file,
+ int line,
+ const mbedtls_ecdh_context *ecdh,
+ mbedtls_debug_ecdh_attr attr)
{
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- const mbedtls_ecdh_context* ctx = ecdh;
+ const mbedtls_ecdh_context *ctx = ecdh;
#else
- const mbedtls_ecdh_context_mbed* ctx = &ecdh->ctx.mbed_ecdh;
+ const mbedtls_ecdh_context_mbed *ctx = &ecdh->ctx.mbed_ecdh;
#endif
- switch( attr )
- {
+ switch (attr) {
case MBEDTLS_DEBUG_ECDH_Q:
- mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Q",
- &ctx->Q );
+ mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Q",
+ &ctx->Q);
break;
case MBEDTLS_DEBUG_ECDH_QP:
- mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Qp",
- &ctx->Qp );
+ mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Qp",
+ &ctx->Qp);
break;
case MBEDTLS_DEBUG_ECDH_Z:
- mbedtls_debug_print_mpi( ssl, level, file, line, "ECDH: z",
- &ctx->z );
+ mbedtls_debug_print_mpi(ssl, level, file, line, "ECDH: z",
+ &ctx->z);
break;
default:
break;
}
}
-void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const mbedtls_ecdh_context *ecdh,
- mbedtls_debug_ecdh_attr attr )
+void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const mbedtls_ecdh_context *ecdh,
+ mbedtls_debug_ecdh_attr attr)
{
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh, attr );
+ mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh, attr);
#else
- switch( ecdh->var )
- {
+ switch (ecdh->var) {
default:
- mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh,
- attr );
+ mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh,
+ attr);
}
#endif
}
diff --git a/library/des.c b/library/des.c
index 65f5681..8cf346f 100644
--- a/library/des.c
+++ b/library/des.c
@@ -222,7 +222,7 @@
/*
* Initial Permutation macro
*/
-#define DES_IP(X,Y) \
+#define DES_IP(X, Y) \
do \
{ \
T = (((X) >> 4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T << 4); \
@@ -232,12 +232,12 @@
(Y) = (((Y) << 1) | ((Y) >> 31)) & 0xFFFFFFFF; \
T = ((X) ^ (Y)) & 0xAAAAAAAA; (Y) ^= T; (X) ^= T; \
(X) = (((X) << 1) | ((X) >> 31)) & 0xFFFFFFFF; \
- } while( 0 )
+ } while (0)
/*
* Final Permutation macro
*/
-#define DES_FP(X,Y) \
+#define DES_FP(X, Y) \
do \
{ \
(X) = (((X) << 31) | ((X) >> 1)) & 0xFFFFFFFF; \
@@ -247,90 +247,103 @@
T = (((Y) >> 2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T << 2); \
T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \
T = (((X) >> 4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T << 4); \
- } while( 0 )
+ } while (0)
/*
* DES round macro
*/
-#define DES_ROUND(X,Y) \
+#define DES_ROUND(X, Y) \
do \
{ \
T = *SK++ ^ (X); \
- (Y) ^= SB8[ (T ) & 0x3F ] ^ \
- SB6[ (T >> 8) & 0x3F ] ^ \
- SB4[ (T >> 16) & 0x3F ] ^ \
- SB2[ (T >> 24) & 0x3F ]; \
+ (Y) ^= SB8[(T) & 0x3F] ^ \
+ SB6[(T >> 8) & 0x3F] ^ \
+ SB4[(T >> 16) & 0x3F] ^ \
+ SB2[(T >> 24) & 0x3F]; \
\
T = *SK++ ^ (((X) << 28) | ((X) >> 4)); \
- (Y) ^= SB7[ (T ) & 0x3F ] ^ \
- SB5[ (T >> 8) & 0x3F ] ^ \
- SB3[ (T >> 16) & 0x3F ] ^ \
- SB1[ (T >> 24) & 0x3F ]; \
- } while( 0 )
+ (Y) ^= SB7[(T) & 0x3F] ^ \
+ SB5[(T >> 8) & 0x3F] ^ \
+ SB3[(T >> 16) & 0x3F] ^ \
+ SB1[(T >> 24) & 0x3F]; \
+ } while (0)
-#define SWAP(a,b) \
+#define SWAP(a, b) \
do \
{ \
uint32_t t = (a); (a) = (b); (b) = t; t = 0; \
- } while( 0 )
+ } while (0)
-void mbedtls_des_init( mbedtls_des_context *ctx )
+void mbedtls_des_init(mbedtls_des_context *ctx)
{
- memset( ctx, 0, sizeof( mbedtls_des_context ) );
+ memset(ctx, 0, sizeof(mbedtls_des_context));
}
-void mbedtls_des_free( mbedtls_des_context *ctx )
+void mbedtls_des_free(mbedtls_des_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des_context));
}
-void mbedtls_des3_init( mbedtls_des3_context *ctx )
+void mbedtls_des3_init(mbedtls_des3_context *ctx)
{
- memset( ctx, 0, sizeof( mbedtls_des3_context ) );
+ memset(ctx, 0, sizeof(mbedtls_des3_context));
}
-void mbedtls_des3_free( mbedtls_des3_context *ctx )
+void mbedtls_des3_free(mbedtls_des3_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des3_context));
}
static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
- 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
- 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
- 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
- 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
- 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
- 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
- 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
- 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
- 254 };
+ 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32,
+ 35, 37, 38, 41, 42, 44,
+ 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69,
+ 70, 73, 74, 76, 79, 81,
+ 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103,
+ 104, 107, 109, 110, 112,
+ 115, 117, 118, 121, 122, 124, 127, 128, 131,
+ 133, 134, 137, 138, 140,
+ 143, 145, 146, 148, 151, 152, 155, 157, 158,
+ 161, 162, 164, 167, 168,
+ 171, 173, 174, 176, 179, 181, 182, 185, 186,
+ 188, 191, 193, 194, 196,
+ 199, 200, 203, 205, 206, 208, 211, 213, 214,
+ 217, 218, 220, 223, 224,
+ 227, 229, 230, 233, 234, 236, 239, 241, 242,
+ 244, 247, 248, 251, 253,
+ 254 };
-void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE])
{
int i;
- for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
+ for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) {
key[i] = odd_parity_table[key[i] / 2];
+ }
}
/*
* Check the given key's parity, returns 1 on failure, 0 on SUCCESS
*/
-int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+int mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZE])
{
int i;
- for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
- if( key[i] != odd_parity_table[key[i] / 2] )
- return( 1 );
+ for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) {
+ if (key[i] != odd_parity_table[key[i] / 2]) {
+ return 1;
+ }
+ }
- return( 0 );
+ return 0;
}
/*
@@ -377,41 +390,43 @@
{ 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
};
-int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE])
{
int i;
- for( i = 0; i < WEAK_KEY_COUNT; i++ )
- if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 )
- return( 1 );
+ for (i = 0; i < WEAK_KEY_COUNT; i++) {
+ if (memcmp(weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0) {
+ return 1;
+ }
+ }
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DES_SETKEY_ALT)
-void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+void mbedtls_des_setkey(uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE])
{
int i;
uint32_t X, Y, T;
- X = MBEDTLS_GET_UINT32_BE( key, 0 );
- Y = MBEDTLS_GET_UINT32_BE( key, 4 );
+ X = MBEDTLS_GET_UINT32_BE(key, 0);
+ Y = MBEDTLS_GET_UINT32_BE(key, 4);
/*
* Permuted Choice 1
*/
T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
- T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
+ T = ((Y) ^ X) & 0x10101010; X ^= T; Y ^= (T);
- X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
- | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
- | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
- | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
+ X = (LHs[(X) & 0xF] << 3) | (LHs[(X >> 8) & 0xF] << 2)
+ | (LHs[(X >> 16) & 0xF] << 1) | (LHs[(X >> 24) & 0xF])
+ | (LHs[(X >> 5) & 0xF] << 7) | (LHs[(X >> 13) & 0xF] << 6)
+ | (LHs[(X >> 21) & 0xF] << 5) | (LHs[(X >> 29) & 0xF] << 4);
- Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
- | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
- | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
- | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
+ Y = (RHs[(Y >> 1) & 0xF] << 3) | (RHs[(Y >> 9) & 0xF] << 2)
+ | (RHs[(Y >> 17) & 0xF] << 1) | (RHs[(Y >> 25) & 0xF])
+ | (RHs[(Y >> 4) & 0xF] << 7) | (RHs[(Y >> 12) & 0xF] << 6)
+ | (RHs[(Y >> 20) & 0xF] << 5) | (RHs[(Y >> 28) & 0xF] << 4);
X &= 0x0FFFFFFF;
Y &= 0x0FFFFFFF;
@@ -419,15 +434,11 @@
/*
* calculate subkeys
*/
- for( i = 0; i < 16; i++ )
- {
- if( i < 2 || i == 8 || i == 15 )
- {
+ for (i = 0; i < 16; i++) {
+ if (i < 2 || i == 8 || i == 15) {
X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
- }
- else
- {
+ } else {
X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
}
@@ -439,7 +450,7 @@
| ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
| ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
| ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
- | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
+ | ((Y >> 14) & 0x00000200) | ((Y) & 0x00000100)
| ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
| ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
| ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
@@ -452,7 +463,7 @@
| ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
| ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
| ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
- | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
+ | ((Y) & 0x00000200) | ((Y << 7) & 0x00000100)
| ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
| ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
}
@@ -462,52 +473,50 @@
/*
* DES key schedule (56-bit, encryption)
*/
-int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE])
{
- mbedtls_des_setkey( ctx->sk, key );
+ mbedtls_des_setkey(ctx->sk, key);
- return( 0 );
+ return 0;
}
/*
* DES key schedule (56-bit, decryption)
*/
-int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE])
{
int i;
- mbedtls_des_setkey( ctx->sk, key );
+ mbedtls_des_setkey(ctx->sk, key);
- for( i = 0; i < 16; i += 2 )
- {
- SWAP( ctx->sk[i ], ctx->sk[30 - i] );
- SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
+ for (i = 0; i < 16; i += 2) {
+ SWAP(ctx->sk[i], ctx->sk[30 - i]);
+ SWAP(ctx->sk[i + 1], ctx->sk[31 - i]);
}
- return( 0 );
+ return 0;
}
-static void des3_set2key( uint32_t esk[96],
- uint32_t dsk[96],
- const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] )
+static void des3_set2key(uint32_t esk[96],
+ uint32_t dsk[96],
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE*2])
{
int i;
- mbedtls_des_setkey( esk, key );
- mbedtls_des_setkey( dsk + 32, key + 8 );
+ mbedtls_des_setkey(esk, key);
+ mbedtls_des_setkey(dsk + 32, key + 8);
- for( i = 0; i < 32; i += 2 )
- {
- dsk[i ] = esk[30 - i];
+ for (i = 0; i < 32; i += 2) {
+ dsk[i] = esk[30 - i];
dsk[i + 1] = esk[31 - i];
esk[i + 32] = dsk[62 - i];
esk[i + 33] = dsk[63 - i];
- esk[i + 64] = esk[i ];
+ esk[i + 64] = esk[i];
esk[i + 65] = esk[i + 1];
- dsk[i + 64] = dsk[i ];
+ dsk[i + 64] = dsk[i];
dsk[i + 65] = dsk[i + 1];
}
}
@@ -515,44 +524,43 @@
/*
* Triple-DES key schedule (112-bit, encryption)
*/
-int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
- const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
+int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx,
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2])
{
uint32_t sk[96];
- des3_set2key( ctx->sk, sk, key );
- mbedtls_platform_zeroize( sk, sizeof( sk ) );
+ des3_set2key(ctx->sk, sk, key);
+ mbedtls_platform_zeroize(sk, sizeof(sk));
- return( 0 );
+ return 0;
}
/*
* Triple-DES key schedule (112-bit, decryption)
*/
-int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
- const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
+int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx,
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2])
{
uint32_t sk[96];
- des3_set2key( sk, ctx->sk, key );
- mbedtls_platform_zeroize( sk, sizeof( sk ) );
+ des3_set2key(sk, ctx->sk, key);
+ mbedtls_platform_zeroize(sk, sizeof(sk));
- return( 0 );
+ return 0;
}
-static void des3_set3key( uint32_t esk[96],
- uint32_t dsk[96],
- const unsigned char key[24] )
+static void des3_set3key(uint32_t esk[96],
+ uint32_t dsk[96],
+ const unsigned char key[24])
{
int i;
- mbedtls_des_setkey( esk, key );
- mbedtls_des_setkey( dsk + 32, key + 8 );
- mbedtls_des_setkey( esk + 64, key + 16 );
+ mbedtls_des_setkey(esk, key);
+ mbedtls_des_setkey(dsk + 32, key + 8);
+ mbedtls_des_setkey(esk + 64, key + 16);
- for( i = 0; i < 32; i += 2 )
- {
- dsk[i ] = esk[94 - i];
+ for (i = 0; i < 32; i += 2) {
+ dsk[i] = esk[94 - i];
dsk[i + 1] = esk[95 - i];
esk[i + 32] = dsk[62 - i];
@@ -566,61 +574,60 @@
/*
* Triple-DES key schedule (168-bit, encryption)
*/
-int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
- const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
+int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx,
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3])
{
uint32_t sk[96];
- des3_set3key( ctx->sk, sk, key );
- mbedtls_platform_zeroize( sk, sizeof( sk ) );
+ des3_set3key(ctx->sk, sk, key);
+ mbedtls_platform_zeroize(sk, sizeof(sk));
- return( 0 );
+ return 0;
}
/*
* Triple-DES key schedule (168-bit, decryption)
*/
-int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
- const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
+int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx,
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3])
{
uint32_t sk[96];
- des3_set3key( sk, ctx->sk, key );
- mbedtls_platform_zeroize( sk, sizeof( sk ) );
+ des3_set3key(sk, ctx->sk, key);
+ mbedtls_platform_zeroize(sk, sizeof(sk));
- return( 0 );
+ return 0;
}
/*
* DES-ECB block encryption/decryption
*/
#if !defined(MBEDTLS_DES_CRYPT_ECB_ALT)
-int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
- const unsigned char input[8],
- unsigned char output[8] )
+int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx,
+ const unsigned char input[8],
+ unsigned char output[8])
{
int i;
uint32_t X, Y, T, *SK;
SK = ctx->sk;
- X = MBEDTLS_GET_UINT32_BE( input, 0 );
- Y = MBEDTLS_GET_UINT32_BE( input, 4 );
+ X = MBEDTLS_GET_UINT32_BE(input, 0);
+ Y = MBEDTLS_GET_UINT32_BE(input, 4);
- DES_IP( X, Y );
+ DES_IP(X, Y);
- for( i = 0; i < 8; i++ )
- {
- DES_ROUND( Y, X );
- DES_ROUND( X, Y );
+ for (i = 0; i < 8; i++) {
+ DES_ROUND(Y, X);
+ DES_ROUND(X, Y);
}
- DES_FP( Y, X );
+ DES_FP(Y, X);
- MBEDTLS_PUT_UINT32_BE( Y, output, 0 );
- MBEDTLS_PUT_UINT32_BE( X, output, 4 );
+ MBEDTLS_PUT_UINT32_BE(Y, output, 0);
+ MBEDTLS_PUT_UINT32_BE(X, output, 4);
- return( 0 );
+ return 0;
}
#endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */
@@ -628,50 +635,50 @@
/*
* DES-CBC buffer encryption/decryption
*/
-int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[8],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[8],
+ const unsigned char *input,
+ unsigned char *output)
{
int i;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char temp[8];
- if( length % 8 )
- return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
+ if (length % 8) {
+ return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH;
+ }
- if( mode == MBEDTLS_DES_ENCRYPT )
- {
- while( length > 0 )
- {
- for( i = 0; i < 8; i++ )
- output[i] = (unsigned char)( input[i] ^ iv[i] );
+ if (mode == MBEDTLS_DES_ENCRYPT) {
+ while (length > 0) {
+ for (i = 0; i < 8; i++) {
+ output[i] = (unsigned char) (input[i] ^ iv[i]);
+ }
- ret = mbedtls_des_crypt_ecb( ctx, output, output );
- if( ret != 0 )
+ ret = mbedtls_des_crypt_ecb(ctx, output, output);
+ if (ret != 0) {
goto exit;
- memcpy( iv, output, 8 );
+ }
+ memcpy(iv, output, 8);
input += 8;
output += 8;
length -= 8;
}
- }
- else /* MBEDTLS_DES_DECRYPT */
- {
- while( length > 0 )
- {
- memcpy( temp, input, 8 );
- ret = mbedtls_des_crypt_ecb( ctx, input, output );
- if( ret != 0 )
+ } else { /* MBEDTLS_DES_DECRYPT */
+ while (length > 0) {
+ memcpy(temp, input, 8);
+ ret = mbedtls_des_crypt_ecb(ctx, input, output);
+ if (ret != 0) {
goto exit;
+ }
- for( i = 0; i < 8; i++ )
- output[i] = (unsigned char)( output[i] ^ iv[i] );
+ for (i = 0; i < 8; i++) {
+ output[i] = (unsigned char) (output[i] ^ iv[i]);
+ }
- memcpy( iv, temp, 8 );
+ memcpy(iv, temp, 8);
input += 8;
output += 8;
@@ -681,7 +688,7 @@
ret = 0;
exit:
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -689,44 +696,41 @@
* 3DES-ECB block encryption/decryption
*/
#if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
-int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
- const unsigned char input[8],
- unsigned char output[8] )
+int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx,
+ const unsigned char input[8],
+ unsigned char output[8])
{
int i;
uint32_t X, Y, T, *SK;
SK = ctx->sk;
- X = MBEDTLS_GET_UINT32_BE( input, 0 );
- Y = MBEDTLS_GET_UINT32_BE( input, 4 );
+ X = MBEDTLS_GET_UINT32_BE(input, 0);
+ Y = MBEDTLS_GET_UINT32_BE(input, 4);
- DES_IP( X, Y );
+ DES_IP(X, Y);
- for( i = 0; i < 8; i++ )
- {
- DES_ROUND( Y, X );
- DES_ROUND( X, Y );
+ for (i = 0; i < 8; i++) {
+ DES_ROUND(Y, X);
+ DES_ROUND(X, Y);
}
- for( i = 0; i < 8; i++ )
- {
- DES_ROUND( X, Y );
- DES_ROUND( Y, X );
+ for (i = 0; i < 8; i++) {
+ DES_ROUND(X, Y);
+ DES_ROUND(Y, X);
}
- for( i = 0; i < 8; i++ )
- {
- DES_ROUND( Y, X );
- DES_ROUND( X, Y );
+ for (i = 0; i < 8; i++) {
+ DES_ROUND(Y, X);
+ DES_ROUND(X, Y);
}
- DES_FP( Y, X );
+ DES_FP(Y, X);
- MBEDTLS_PUT_UINT32_BE( Y, output, 0 );
- MBEDTLS_PUT_UINT32_BE( X, output, 4 );
+ MBEDTLS_PUT_UINT32_BE(Y, output, 0);
+ MBEDTLS_PUT_UINT32_BE(X, output, 4);
- return( 0 );
+ return 0;
}
#endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */
@@ -734,50 +738,50 @@
/*
* 3DES-CBC buffer encryption/decryption
*/
-int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[8],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[8],
+ const unsigned char *input,
+ unsigned char *output)
{
int i;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char temp[8];
- if( length % 8 )
- return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
+ if (length % 8) {
+ return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH;
+ }
- if( mode == MBEDTLS_DES_ENCRYPT )
- {
- while( length > 0 )
- {
- for( i = 0; i < 8; i++ )
- output[i] = (unsigned char)( input[i] ^ iv[i] );
+ if (mode == MBEDTLS_DES_ENCRYPT) {
+ while (length > 0) {
+ for (i = 0; i < 8; i++) {
+ output[i] = (unsigned char) (input[i] ^ iv[i]);
+ }
- ret = mbedtls_des3_crypt_ecb( ctx, output, output );
- if( ret != 0 )
+ ret = mbedtls_des3_crypt_ecb(ctx, output, output);
+ if (ret != 0) {
goto exit;
- memcpy( iv, output, 8 );
+ }
+ memcpy(iv, output, 8);
input += 8;
output += 8;
length -= 8;
}
- }
- else /* MBEDTLS_DES_DECRYPT */
- {
- while( length > 0 )
- {
- memcpy( temp, input, 8 );
- ret = mbedtls_des3_crypt_ecb( ctx, input, output );
- if( ret != 0 )
+ } else { /* MBEDTLS_DES_DECRYPT */
+ while (length > 0) {
+ memcpy(temp, input, 8);
+ ret = mbedtls_des3_crypt_ecb(ctx, input, output);
+ if (ret != 0) {
goto exit;
+ }
- for( i = 0; i < 8; i++ )
- output[i] = (unsigned char)( output[i] ^ iv[i] );
+ for (i = 0; i < 8; i++) {
+ output[i] = (unsigned char) (output[i] ^ iv[i]);
+ }
- memcpy( iv, temp, 8 );
+ memcpy(iv, temp, 8);
input += 8;
output += 8;
@@ -787,7 +791,7 @@
ret = 0;
exit:
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -849,7 +853,7 @@
/*
* Checkup routine
*/
-int mbedtls_des_self_test( int verbose )
+int mbedtls_des_self_test(int verbose)
{
int i, j, u, v, ret = 0;
mbedtls_des_context ctx;
@@ -860,194 +864,199 @@
unsigned char iv[8];
#endif
- mbedtls_des_init( &ctx );
- mbedtls_des3_init( &ctx3 );
+ mbedtls_des_init(&ctx);
+ mbedtls_des3_init(&ctx3);
/*
* ECB mode
*/
- for( i = 0; i < 6; i++ )
- {
+ for (i = 0; i < 6; i++) {
u = i >> 1;
v = i & 1;
- if( verbose != 0 )
- mbedtls_printf( " DES%c-ECB-%3d (%s): ",
- ( u == 0 ) ? ' ' : '3', 56 + u * 56,
- ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
-
- memcpy( buf, des3_test_buf, 8 );
-
- switch( i )
- {
- case 0:
- ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys );
- break;
-
- case 1:
- ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys );
- break;
-
- case 2:
- ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
- break;
-
- case 3:
- ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
- break;
-
- case 4:
- ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
- break;
-
- case 5:
- ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
- break;
-
- default:
- return( 1 );
+ if (verbose != 0) {
+ mbedtls_printf(" DES%c-ECB-%3d (%s): ",
+ (u == 0) ? ' ' : '3', 56 + u * 56,
+ (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc");
}
- if( ret != 0 )
+
+ memcpy(buf, des3_test_buf, 8);
+
+ switch (i) {
+ case 0:
+ ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys);
+ break;
+
+ case 1:
+ ret = mbedtls_des_setkey_enc(&ctx, des3_test_keys);
+ break;
+
+ case 2:
+ ret = mbedtls_des3_set2key_dec(&ctx3, des3_test_keys);
+ break;
+
+ case 3:
+ ret = mbedtls_des3_set2key_enc(&ctx3, des3_test_keys);
+ break;
+
+ case 4:
+ ret = mbedtls_des3_set3key_dec(&ctx3, des3_test_keys);
+ break;
+
+ case 5:
+ ret = mbedtls_des3_set3key_enc(&ctx3, des3_test_keys);
+ break;
+
+ default:
+ return 1;
+ }
+ if (ret != 0) {
goto exit;
-
- for( j = 0; j < 100; j++ )
- {
- if( u == 0 )
- ret = mbedtls_des_crypt_ecb( &ctx, buf, buf );
- else
- ret = mbedtls_des3_crypt_ecb( &ctx3, buf, buf );
- if( ret != 0 )
- goto exit;
}
- if( ( v == MBEDTLS_DES_DECRYPT &&
- memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
- ( v != MBEDTLS_DES_DECRYPT &&
- memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ for (j = 0; j < 100; j++) {
+ if (u == 0) {
+ ret = mbedtls_des_crypt_ecb(&ctx, buf, buf);
+ } else {
+ ret = mbedtls_des3_crypt_ecb(&ctx3, buf, buf);
+ }
+ if (ret != 0) {
+ goto exit;
+ }
+ }
+
+ if ((v == MBEDTLS_DES_DECRYPT &&
+ memcmp(buf, des3_test_ecb_dec[u], 8) != 0) ||
+ (v != MBEDTLS_DES_DECRYPT &&
+ memcmp(buf, des3_test_ecb_enc[u], 8) != 0)) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
goto exit;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/*
* CBC mode
*/
- for( i = 0; i < 6; i++ )
- {
+ for (i = 0; i < 6; i++) {
u = i >> 1;
v = i & 1;
- if( verbose != 0 )
- mbedtls_printf( " DES%c-CBC-%3d (%s): ",
- ( u == 0 ) ? ' ' : '3', 56 + u * 56,
- ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
-
- memcpy( iv, des3_test_iv, 8 );
- memcpy( prv, des3_test_iv, 8 );
- memcpy( buf, des3_test_buf, 8 );
-
- switch( i )
- {
- case 0:
- ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys );
- break;
-
- case 1:
- ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys );
- break;
-
- case 2:
- ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
- break;
-
- case 3:
- ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
- break;
-
- case 4:
- ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
- break;
-
- case 5:
- ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
- break;
-
- default:
- return( 1 );
+ if (verbose != 0) {
+ mbedtls_printf(" DES%c-CBC-%3d (%s): ",
+ (u == 0) ? ' ' : '3', 56 + u * 56,
+ (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc");
}
- if( ret != 0 )
+
+ memcpy(iv, des3_test_iv, 8);
+ memcpy(prv, des3_test_iv, 8);
+ memcpy(buf, des3_test_buf, 8);
+
+ switch (i) {
+ case 0:
+ ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys);
+ break;
+
+ case 1:
+ ret = mbedtls_des_setkey_enc(&ctx, des3_test_keys);
+ break;
+
+ case 2:
+ ret = mbedtls_des3_set2key_dec(&ctx3, des3_test_keys);
+ break;
+
+ case 3:
+ ret = mbedtls_des3_set2key_enc(&ctx3, des3_test_keys);
+ break;
+
+ case 4:
+ ret = mbedtls_des3_set3key_dec(&ctx3, des3_test_keys);
+ break;
+
+ case 5:
+ ret = mbedtls_des3_set3key_enc(&ctx3, des3_test_keys);
+ break;
+
+ default:
+ return 1;
+ }
+ if (ret != 0) {
goto exit;
-
- if( v == MBEDTLS_DES_DECRYPT )
- {
- for( j = 0; j < 100; j++ )
- {
- if( u == 0 )
- ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
- else
- ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
- if( ret != 0 )
- goto exit;
- }
}
- else
- {
- for( j = 0; j < 100; j++ )
- {
+
+ if (v == MBEDTLS_DES_DECRYPT) {
+ for (j = 0; j < 100; j++) {
+ if (u == 0) {
+ ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf);
+ } else {
+ ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf);
+ }
+ if (ret != 0) {
+ goto exit;
+ }
+ }
+ } else {
+ for (j = 0; j < 100; j++) {
unsigned char tmp[8];
- if( u == 0 )
- ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
- else
- ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
- if( ret != 0 )
+ if (u == 0) {
+ ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf);
+ } else {
+ ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf);
+ }
+ if (ret != 0) {
goto exit;
+ }
- memcpy( tmp, prv, 8 );
- memcpy( prv, buf, 8 );
- memcpy( buf, tmp, 8 );
+ memcpy(tmp, prv, 8);
+ memcpy(prv, buf, 8);
+ memcpy(buf, tmp, 8);
}
- memcpy( buf, prv, 8 );
+ memcpy(buf, prv, 8);
}
- if( ( v == MBEDTLS_DES_DECRYPT &&
- memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
- ( v != MBEDTLS_DES_DECRYPT &&
- memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if ((v == MBEDTLS_DES_DECRYPT &&
+ memcmp(buf, des3_test_cbc_dec[u], 8) != 0) ||
+ (v != MBEDTLS_DES_DECRYPT &&
+ memcmp(buf, des3_test_cbc_enc[u], 8) != 0)) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
goto exit;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
exit:
- mbedtls_des_free( &ctx );
- mbedtls_des3_free( &ctx3 );
+ mbedtls_des_free(&ctx);
+ mbedtls_des3_free(&ctx3);
- if( ret != 0 )
+ if (ret != 0) {
ret = 1;
- return( ret );
+ }
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/dhm.c b/library/dhm.c
index 4d2e33e..c6f955e 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -47,35 +47,38 @@
#if !defined(MBEDTLS_DHM_ALT)
-#define DHM_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_DHM_BAD_INPUT_DATA )
-#define DHM_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define DHM_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_DHM_BAD_INPUT_DATA)
+#define DHM_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
/*
* helper to validate the mbedtls_mpi size and import it
*/
-static int dhm_read_bignum( mbedtls_mpi *X,
- unsigned char **p,
- const unsigned char *end )
+static int dhm_read_bignum(mbedtls_mpi *X,
+ unsigned char **p,
+ const unsigned char *end)
{
int ret, n;
- if( end - *p < 2 )
- return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+ if (end - *p < 2) {
+ return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+ }
- n = ( (*p)[0] << 8 ) | (*p)[1];
+ n = ((*p)[0] << 8) | (*p)[1];
(*p) += 2;
- if( (int)( end - *p ) < n )
- return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+ if ((int) (end - *p) < n) {
+ return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+ }
- if( ( ret = mbedtls_mpi_read_binary( X, *p, n ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PARAMS_FAILED, ret ) );
+ if ((ret = mbedtls_mpi_read_binary(X, *p, n)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED, ret);
+ }
(*p) += n;
- return( 0 );
+ return 0;
}
/*
@@ -90,232 +93,242 @@
* http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
*/
-static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
+static int dhm_check_range(const mbedtls_mpi *param, const mbedtls_mpi *P)
{
mbedtls_mpi U;
int ret = 0;
- mbedtls_mpi_init( &U );
+ mbedtls_mpi_init(&U);
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&U, P, 2));
- if( mbedtls_mpi_cmp_int( param, 2 ) < 0 ||
- mbedtls_mpi_cmp_mpi( param, &U ) > 0 )
- {
+ if (mbedtls_mpi_cmp_int(param, 2) < 0 ||
+ mbedtls_mpi_cmp_mpi(param, &U) > 0) {
ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
cleanup:
- mbedtls_mpi_free( &U );
- return( ret );
+ mbedtls_mpi_free(&U);
+ return ret;
}
-void mbedtls_dhm_init( mbedtls_dhm_context *ctx )
+void mbedtls_dhm_init(mbedtls_dhm_context *ctx)
{
- DHM_VALIDATE( ctx != NULL );
- memset( ctx, 0, sizeof( mbedtls_dhm_context ) );
+ DHM_VALIDATE(ctx != NULL);
+ memset(ctx, 0, sizeof(mbedtls_dhm_context));
}
/*
* Parse the ServerKeyExchange parameters
*/
-int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
- unsigned char **p,
- const unsigned char *end )
+int mbedtls_dhm_read_params(mbedtls_dhm_context *ctx,
+ unsigned char **p,
+ const unsigned char *end)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( p != NULL && *p != NULL );
- DHM_VALIDATE_RET( end != NULL );
+ DHM_VALIDATE_RET(ctx != NULL);
+ DHM_VALIDATE_RET(p != NULL && *p != NULL);
+ DHM_VALIDATE_RET(end != NULL);
- if( ( ret = dhm_read_bignum( &ctx->P, p, end ) ) != 0 ||
- ( ret = dhm_read_bignum( &ctx->G, p, end ) ) != 0 ||
- ( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 )
- return( ret );
+ if ((ret = dhm_read_bignum(&ctx->P, p, end)) != 0 ||
+ (ret = dhm_read_bignum(&ctx->G, p, end)) != 0 ||
+ (ret = dhm_read_bignum(&ctx->GY, p, end)) != 0) {
+ return ret;
+ }
- if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
- return( ret );
+ if ((ret = dhm_check_range(&ctx->GY, &ctx->P)) != 0) {
+ return ret;
+ }
- ctx->len = mbedtls_mpi_size( &ctx->P );
+ ctx->len = mbedtls_mpi_size(&ctx->P);
- return( 0 );
+ return 0;
}
/*
* Pick a random R in the range [2, M-2] for blinding or key generation.
*/
-static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int dhm_random_below(mbedtls_mpi *R, const mbedtls_mpi *M,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
int ret;
- MBEDTLS_MPI_CHK( mbedtls_mpi_random( R, 3, M, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( R, R, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_random(R, 3, M, f_rng, p_rng));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(R, R, 1));
cleanup:
- return( ret );
+ return ret;
}
-static int dhm_make_common( mbedtls_dhm_context *ctx, int x_size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+static int dhm_make_common(mbedtls_dhm_context *ctx, int x_size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = 0;
- if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
- return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
- if( x_size < 0 )
- return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
- if( (unsigned) x_size < mbedtls_mpi_size( &ctx->P ) )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) );
+ if (mbedtls_mpi_cmp_int(&ctx->P, 0) == 0) {
+ return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
- else
- {
+ if (x_size < 0) {
+ return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+ }
+
+ if ((unsigned) x_size < mbedtls_mpi_size(&ctx->P)) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->X, x_size, f_rng, p_rng));
+ } else {
/* Generate X as large as possible ( <= P - 2 ) */
- ret = dhm_random_below( &ctx->X, &ctx->P, f_rng, p_rng );
- if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
- return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED );
- if( ret != 0 )
- return( ret );
+ ret = dhm_random_below(&ctx->X, &ctx->P, f_rng, p_rng);
+ if (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) {
+ return MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED;
+ }
+ if (ret != 0) {
+ return ret;
+ }
}
/*
* Calculate GX = G^X mod P
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
- &ctx->P , &ctx->RP ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->GX, &ctx->G, &ctx->X,
+ &ctx->P, &ctx->RP));
- if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
- return( ret );
+ if ((ret = dhm_check_range(&ctx->GX, &ctx->P)) != 0) {
+ return ret;
+ }
cleanup:
- return( ret );
+ return ret;
}
/*
* Setup and write the ServerKeyExchange parameters
*/
-int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
- unsigned char *output, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_dhm_make_params(mbedtls_dhm_context *ctx, int x_size,
+ unsigned char *output, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret;
size_t n1, n2, n3;
unsigned char *p;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( output != NULL );
- DHM_VALIDATE_RET( olen != NULL );
- DHM_VALIDATE_RET( f_rng != NULL );
+ DHM_VALIDATE_RET(ctx != NULL);
+ DHM_VALIDATE_RET(output != NULL);
+ DHM_VALIDATE_RET(olen != NULL);
+ DHM_VALIDATE_RET(f_rng != NULL);
- ret = dhm_make_common( ctx, x_size, f_rng, p_rng );
- if( ret != 0 )
+ ret = dhm_make_common(ctx, x_size, f_rng, p_rng);
+ if (ret != 0) {
goto cleanup;
+ }
/*
* Export P, G, GX. RFC 5246 §4.4 states that "leading zero octets are
* not required". We omit leading zeros for compactness.
*/
-#define DHM_MPI_EXPORT( X, n ) \
+#define DHM_MPI_EXPORT(X, n) \
do { \
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ), \
- p + 2, \
- ( n ) ) ); \
- *p++ = MBEDTLS_BYTE_1( n ); \
- *p++ = MBEDTLS_BYTE_0( n ); \
- p += ( n ); \
- } while( 0 )
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary((X), \
+ p + 2, \
+ (n))); \
+ *p++ = MBEDTLS_BYTE_1(n); \
+ *p++ = MBEDTLS_BYTE_0(n); \
+ p += (n); \
+ } while (0)
- n1 = mbedtls_mpi_size( &ctx->P );
- n2 = mbedtls_mpi_size( &ctx->G );
- n3 = mbedtls_mpi_size( &ctx->GX );
+ n1 = mbedtls_mpi_size(&ctx->P);
+ n2 = mbedtls_mpi_size(&ctx->G);
+ n3 = mbedtls_mpi_size(&ctx->GX);
p = output;
- DHM_MPI_EXPORT( &ctx->P , n1 );
- DHM_MPI_EXPORT( &ctx->G , n2 );
- DHM_MPI_EXPORT( &ctx->GX, n3 );
+ DHM_MPI_EXPORT(&ctx->P, n1);
+ DHM_MPI_EXPORT(&ctx->G, n2);
+ DHM_MPI_EXPORT(&ctx->GX, n3);
*olen = p - output;
ctx->len = n1;
cleanup:
- if( ret != 0 && ret > -128 )
- ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret );
- return( ret );
+ if (ret != 0 && ret > -128) {
+ ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret);
+ }
+ return ret;
}
/*
* Set prime modulus and generator
*/
-int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
- const mbedtls_mpi *P,
- const mbedtls_mpi *G )
+int mbedtls_dhm_set_group(mbedtls_dhm_context *ctx,
+ const mbedtls_mpi *P,
+ const mbedtls_mpi *G)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( P != NULL );
- DHM_VALIDATE_RET( G != NULL );
+ DHM_VALIDATE_RET(ctx != NULL);
+ DHM_VALIDATE_RET(P != NULL);
+ DHM_VALIDATE_RET(G != NULL);
- if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ||
- ( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret ) );
+ if ((ret = mbedtls_mpi_copy(&ctx->P, P)) != 0 ||
+ (ret = mbedtls_mpi_copy(&ctx->G, G)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret);
}
- ctx->len = mbedtls_mpi_size( &ctx->P );
- return( 0 );
+ ctx->len = mbedtls_mpi_size(&ctx->P);
+ return 0;
}
/*
* Import the peer's public value G^Y
*/
-int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
- const unsigned char *input, size_t ilen )
+int mbedtls_dhm_read_public(mbedtls_dhm_context *ctx,
+ const unsigned char *input, size_t ilen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( input != NULL );
+ DHM_VALIDATE_RET(ctx != NULL);
+ DHM_VALIDATE_RET(input != NULL);
- if( ilen < 1 || ilen > ctx->len )
- return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+ if (ilen < 1 || ilen > ctx->len) {
+ return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+ }
- if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED, ret ) );
+ if ((ret = mbedtls_mpi_read_binary(&ctx->GY, input, ilen)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED, ret);
+ }
- return( 0 );
+ return 0;
}
/*
* Create own private value X and export G^X
*/
-int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
- unsigned char *output, size_t olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_dhm_make_public(mbedtls_dhm_context *ctx, int x_size,
+ unsigned char *output, size_t olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( output != NULL );
- DHM_VALIDATE_RET( f_rng != NULL );
+ DHM_VALIDATE_RET(ctx != NULL);
+ DHM_VALIDATE_RET(output != NULL);
+ DHM_VALIDATE_RET(f_rng != NULL);
- if( olen < 1 || olen > ctx->len )
- return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+ if (olen < 1 || olen > ctx->len) {
+ return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+ }
- ret = dhm_make_common( ctx, x_size, f_rng, p_rng );
- if( ret == MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED )
- return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED );
- if( ret != 0 )
+ ret = dhm_make_common(ctx, x_size, f_rng, p_rng);
+ if (ret == MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED) {
+ return MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED;
+ }
+ if (ret != 0) {
goto cleanup;
+ }
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->GX, output, olen ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->GX, output, olen));
cleanup:
- if( ret != 0 && ret > -128 )
- ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED, ret );
- return( ret );
+ if (ret != 0 && ret > -128) {
+ ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED, ret);
+ }
+ return ret;
}
@@ -325,40 +338,38 @@
* DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer
* Berlin Heidelberg, 1996. p. 104-113.
*/
-static int dhm_update_blinding( mbedtls_dhm_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int dhm_update_blinding(mbedtls_dhm_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
int ret;
mbedtls_mpi R;
- mbedtls_mpi_init( &R );
+ mbedtls_mpi_init(&R);
/*
* Don't use any blinding the first time a particular X is used,
* but remember it to use blinding next time.
*/
- if( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->pX ) != 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &ctx->pX, &ctx->X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vi, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vf, 1 ) );
+ if (mbedtls_mpi_cmp_mpi(&ctx->X, &ctx->pX) != 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&ctx->pX, &ctx->X));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vi, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vf, 1));
- return( 0 );
+ return 0;
}
/*
* Ok, we need blinding. Can we re-use existing values?
* If yes, just update them by squaring them.
*/
- if( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->P ) );
+ if (mbedtls_mpi_cmp_int(&ctx->Vi, 1) != 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &ctx->Vi));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->P));
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &ctx->Vf));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P));
- return( 0 );
+ return 0;
}
/*
@@ -366,111 +377,113 @@
*/
/* Vi = random( 2, P-2 ) */
- MBEDTLS_MPI_CHK( dhm_random_below( &ctx->Vi, &ctx->P, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK(dhm_random_below(&ctx->Vi, &ctx->P, f_rng, p_rng));
/* Vf = Vi^-X mod P
* First compute Vi^-1 = R * (R Vi)^-1, (avoiding leaks from inv_mod),
* then elevate to the Xth power. */
- MBEDTLS_MPI_CHK( dhm_random_below( &R, &ctx->P, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vi, &R ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vf, &ctx->P ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &R ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
+ MBEDTLS_MPI_CHK(dhm_random_below(&R, &ctx->P, f_rng, p_rng));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vi, &R));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&ctx->Vf, &ctx->Vf, &ctx->P));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &R));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P));
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP));
cleanup:
- mbedtls_mpi_free( &R );
+ mbedtls_mpi_free(&R);
- return( ret );
+ return ret;
}
/*
* Derive and export the shared secret (G^Y)^X mod P
*/
-int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
- unsigned char *output, size_t output_size, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_dhm_calc_secret(mbedtls_dhm_context *ctx,
+ unsigned char *output, size_t output_size, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi GYb;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( output != NULL );
- DHM_VALIDATE_RET( olen != NULL );
+ DHM_VALIDATE_RET(ctx != NULL);
+ DHM_VALIDATE_RET(output != NULL);
+ DHM_VALIDATE_RET(olen != NULL);
- if( output_size < ctx->len )
- return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+ if (output_size < ctx->len) {
+ return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+ }
- if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
- return( ret );
+ if ((ret = dhm_check_range(&ctx->GY, &ctx->P)) != 0) {
+ return ret;
+ }
- mbedtls_mpi_init( &GYb );
+ mbedtls_mpi_init(&GYb);
/* Blind peer's value */
- if( f_rng != NULL )
- {
- MBEDTLS_MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &GYb, &GYb, &ctx->P ) );
+ if (f_rng != NULL) {
+ MBEDTLS_MPI_CHK(dhm_update_blinding(ctx, f_rng, p_rng));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&GYb, &ctx->GY, &ctx->Vi));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&GYb, &GYb, &ctx->P));
+ } else {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&GYb, &ctx->GY));
}
- else
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &GYb, &ctx->GY ) );
/* Do modular exponentiation */
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->K, &GYb, &ctx->X,
- &ctx->P, &ctx->RP ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->K, &GYb, &ctx->X,
+ &ctx->P, &ctx->RP));
/* Unblind secret value */
- if( f_rng != NULL )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
+ if (f_rng != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->K, &ctx->K, &ctx->Vf));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->K, &ctx->K, &ctx->P));
}
/* Output the secret without any leading zero byte. This is mandatory
* for TLS per RFC 5246 §8.1.2. */
- *olen = mbedtls_mpi_size( &ctx->K );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->K, output, *olen ) );
+ *olen = mbedtls_mpi_size(&ctx->K);
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->K, output, *olen));
cleanup:
- mbedtls_mpi_free( &GYb );
+ mbedtls_mpi_free(&GYb);
- if( ret != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_CALC_SECRET_FAILED, ret ) );
+ if (ret != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED, ret);
+ }
- return( 0 );
+ return 0;
}
/*
* Free the components of a DHM key
*/
-void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
+void mbedtls_dhm_free(mbedtls_dhm_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_mpi_free( &ctx->pX );
- mbedtls_mpi_free( &ctx->Vf );
- mbedtls_mpi_free( &ctx->Vi );
- mbedtls_mpi_free( &ctx->RP );
- mbedtls_mpi_free( &ctx->K );
- mbedtls_mpi_free( &ctx->GY );
- mbedtls_mpi_free( &ctx->GX );
- mbedtls_mpi_free( &ctx->X );
- mbedtls_mpi_free( &ctx->G );
- mbedtls_mpi_free( &ctx->P );
+ mbedtls_mpi_free(&ctx->pX);
+ mbedtls_mpi_free(&ctx->Vf);
+ mbedtls_mpi_free(&ctx->Vi);
+ mbedtls_mpi_free(&ctx->RP);
+ mbedtls_mpi_free(&ctx->K);
+ mbedtls_mpi_free(&ctx->GY);
+ mbedtls_mpi_free(&ctx->GX);
+ mbedtls_mpi_free(&ctx->X);
+ mbedtls_mpi_free(&ctx->G);
+ mbedtls_mpi_free(&ctx->P);
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_dhm_context));
}
#if defined(MBEDTLS_ASN1_PARSE_C)
/*
* Parse DHM parameters
*/
-int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
- size_t dhminlen )
+int mbedtls_dhm_parse_dhm(mbedtls_dhm_context *dhm, const unsigned char *dhmin,
+ size_t dhminlen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
@@ -479,32 +492,32 @@
mbedtls_pem_context pem;
#endif /* MBEDTLS_PEM_PARSE_C */
- DHM_VALIDATE_RET( dhm != NULL );
- DHM_VALIDATE_RET( dhmin != NULL );
+ DHM_VALIDATE_RET(dhm != NULL);
+ DHM_VALIDATE_RET(dhmin != NULL);
#if defined(MBEDTLS_PEM_PARSE_C)
- mbedtls_pem_init( &pem );
+ mbedtls_pem_init(&pem);
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( dhminlen == 0 || dhmin[dhminlen - 1] != '\0' )
+ if (dhminlen == 0 || dhmin[dhminlen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
- else
- ret = mbedtls_pem_read_buffer( &pem,
- "-----BEGIN DH PARAMETERS-----",
- "-----END DH PARAMETERS-----",
- dhmin, NULL, 0, &dhminlen );
+ } else {
+ ret = mbedtls_pem_read_buffer(&pem,
+ "-----BEGIN DH PARAMETERS-----",
+ "-----END DH PARAMETERS-----",
+ dhmin, NULL, 0, &dhminlen);
+ }
- if( ret == 0 )
- {
+ if (ret == 0) {
/*
* Was PEM encoded
*/
dhminlen = pem.buflen;
- }
- else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+ } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
goto exit;
+ }
- p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
+ p = (ret == 0) ? pem.buf : (unsigned char *) dhmin;
#else
p = (unsigned char *) dhmin;
#endif /* MBEDTLS_PEM_PARSE_C */
@@ -517,55 +530,51 @@
* privateValueLength INTEGER OPTIONAL
* }
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret);
goto exit;
}
end = p + len;
- if( ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->P ) ) != 0 ||
- ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
- {
- ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret );
+ if ((ret = mbedtls_asn1_get_mpi(&p, end, &dhm->P)) != 0 ||
+ (ret = mbedtls_asn1_get_mpi(&p, end, &dhm->G)) != 0) {
+ ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret);
goto exit;
}
- if( p != end )
- {
+ if (p != end) {
/* This might be the optional privateValueLength.
* If so, we can cleanly discard it */
mbedtls_mpi rec;
- mbedtls_mpi_init( &rec );
- ret = mbedtls_asn1_get_mpi( &p, end, &rec );
- mbedtls_mpi_free( &rec );
- if ( ret != 0 )
- {
- ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret );
+ mbedtls_mpi_init(&rec);
+ ret = mbedtls_asn1_get_mpi(&p, end, &rec);
+ mbedtls_mpi_free(&rec);
+ if (ret != 0) {
+ ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret);
goto exit;
}
- if ( p != end )
- {
- ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ if (p != end) {
+ ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
goto exit;
}
}
ret = 0;
- dhm->len = mbedtls_mpi_size( &dhm->P );
+ dhm->len = mbedtls_mpi_size(&dhm->P);
exit:
#if defined(MBEDTLS_PEM_PARSE_C)
- mbedtls_pem_free( &pem );
+ mbedtls_pem_free(&pem);
#endif
- if( ret != 0 )
- mbedtls_dhm_free( dhm );
+ if (ret != 0) {
+ mbedtls_dhm_free(dhm);
+ }
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_FS_IO)
@@ -576,71 +585,71 @@
* A terminating null byte is always appended. It is included in the announced
* length only if the data looks like it is PEM encoded.
*/
-static int load_file( const char *path, unsigned char **buf, size_t *n )
+static int load_file(const char *path, unsigned char **buf, size_t *n)
{
FILE *f;
long size;
- if( ( f = fopen( path, "rb" ) ) == NULL )
- return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
-
- fseek( f, 0, SEEK_END );
- if( ( size = ftell( f ) ) == -1 )
- {
- fclose( f );
- return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
+ if ((f = fopen(path, "rb")) == NULL) {
+ return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
}
- fseek( f, 0, SEEK_SET );
+
+ fseek(f, 0, SEEK_END);
+ if ((size = ftell(f)) == -1) {
+ fclose(f);
+ return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
+ }
+ fseek(f, 0, SEEK_SET);
*n = (size_t) size;
- if( *n + 1 == 0 ||
- ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
- {
- fclose( f );
- return( MBEDTLS_ERR_DHM_ALLOC_FAILED );
+ if (*n + 1 == 0 ||
+ (*buf = mbedtls_calloc(1, *n + 1)) == NULL) {
+ fclose(f);
+ return MBEDTLS_ERR_DHM_ALLOC_FAILED;
}
- if( fread( *buf, 1, *n, f ) != *n )
- {
- fclose( f );
+ if (fread(*buf, 1, *n, f) != *n) {
+ fclose(f);
- mbedtls_platform_zeroize( *buf, *n + 1 );
- mbedtls_free( *buf );
+ mbedtls_platform_zeroize(*buf, *n + 1);
+ mbedtls_free(*buf);
- return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
+ return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
}
- fclose( f );
+ fclose(f);
(*buf)[*n] = '\0';
- if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
+ if (strstr((const char *) *buf, "-----BEGIN ") != NULL) {
++*n;
+ }
- return( 0 );
+ return 0;
}
/*
* Load and parse DHM parameters
*/
-int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
+int mbedtls_dhm_parse_dhmfile(mbedtls_dhm_context *dhm, const char *path)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
unsigned char *buf;
- DHM_VALIDATE_RET( dhm != NULL );
- DHM_VALIDATE_RET( path != NULL );
+ DHM_VALIDATE_RET(dhm != NULL);
+ DHM_VALIDATE_RET(path != NULL);
- if( ( ret = load_file( path, &buf, &n ) ) != 0 )
- return( ret );
+ if ((ret = load_file(path, &buf, &n)) != 0) {
+ return ret;
+ }
- ret = mbedtls_dhm_parse_dhm( dhm, buf, n );
+ ret = mbedtls_dhm_parse_dhm(dhm, buf, n);
- mbedtls_platform_zeroize( buf, n );
- mbedtls_free( buf );
+ mbedtls_platform_zeroize(buf, n);
+ mbedtls_free(buf);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_FS_IO */
#endif /* MBEDTLS_ASN1_PARSE_C */
@@ -650,60 +659,63 @@
#if defined(MBEDTLS_PEM_PARSE_C)
static const char mbedtls_test_dhm_params[] =
-"-----BEGIN DH PARAMETERS-----\r\n"
-"MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n"
-"1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n"
-"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
-"-----END DH PARAMETERS-----\r\n";
+ "-----BEGIN DH PARAMETERS-----\r\n"
+ "MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n"
+ "1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n"
+ "9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
+ "-----END DH PARAMETERS-----\r\n";
#else /* MBEDTLS_PEM_PARSE_C */
static const char mbedtls_test_dhm_params[] = {
- 0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9e, 0x35, 0xf4, 0x30, 0x44,
- 0x3a, 0x09, 0x90, 0x4f, 0x3a, 0x39, 0xa9, 0x79, 0x79, 0x7d, 0x07, 0x0d,
- 0xf5, 0x33, 0x78, 0xe7, 0x9c, 0x24, 0x38, 0xbe, 0xf4, 0xe7, 0x61, 0xf3,
- 0xc7, 0x14, 0x55, 0x33, 0x28, 0x58, 0x9b, 0x04, 0x1c, 0x80, 0x9b, 0xe1,
- 0xd6, 0xc6, 0xb5, 0xf1, 0xfc, 0x9f, 0x47, 0xd3, 0xa2, 0x54, 0x43, 0x18,
- 0x82, 0x53, 0xa9, 0x92, 0xa5, 0x68, 0x18, 0xb3, 0x7b, 0xa9, 0xde, 0x5a,
- 0x40, 0xd3, 0x62, 0xe5, 0x6e, 0xff, 0x0b, 0xe5, 0x41, 0x74, 0x74, 0xc1,
- 0x25, 0xc1, 0x99, 0x27, 0x2c, 0x8f, 0xe4, 0x1d, 0xea, 0x73, 0x3d, 0xf6,
- 0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64,
- 0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8,
- 0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f,
- 0x49, 0x75, 0xb3, 0x02, 0x01, 0x02 };
+ 0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9e, 0x35, 0xf4, 0x30, 0x44,
+ 0x3a, 0x09, 0x90, 0x4f, 0x3a, 0x39, 0xa9, 0x79, 0x79, 0x7d, 0x07, 0x0d,
+ 0xf5, 0x33, 0x78, 0xe7, 0x9c, 0x24, 0x38, 0xbe, 0xf4, 0xe7, 0x61, 0xf3,
+ 0xc7, 0x14, 0x55, 0x33, 0x28, 0x58, 0x9b, 0x04, 0x1c, 0x80, 0x9b, 0xe1,
+ 0xd6, 0xc6, 0xb5, 0xf1, 0xfc, 0x9f, 0x47, 0xd3, 0xa2, 0x54, 0x43, 0x18,
+ 0x82, 0x53, 0xa9, 0x92, 0xa5, 0x68, 0x18, 0xb3, 0x7b, 0xa9, 0xde, 0x5a,
+ 0x40, 0xd3, 0x62, 0xe5, 0x6e, 0xff, 0x0b, 0xe5, 0x41, 0x74, 0x74, 0xc1,
+ 0x25, 0xc1, 0x99, 0x27, 0x2c, 0x8f, 0xe4, 0x1d, 0xea, 0x73, 0x3d, 0xf6,
+ 0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64,
+ 0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8,
+ 0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f,
+ 0x49, 0x75, 0xb3, 0x02, 0x01, 0x02
+};
#endif /* MBEDTLS_PEM_PARSE_C */
-static const size_t mbedtls_test_dhm_params_len = sizeof( mbedtls_test_dhm_params );
+static const size_t mbedtls_test_dhm_params_len = sizeof(mbedtls_test_dhm_params);
/*
* Checkup routine
*/
-int mbedtls_dhm_self_test( int verbose )
+int mbedtls_dhm_self_test(int verbose)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_dhm_context dhm;
- mbedtls_dhm_init( &dhm );
+ mbedtls_dhm_init(&dhm);
- if( verbose != 0 )
- mbedtls_printf( " DHM parameter load: " );
+ if (verbose != 0) {
+ mbedtls_printf(" DHM parameter load: ");
+ }
- if( ( ret = mbedtls_dhm_parse_dhm( &dhm,
- (const unsigned char *) mbedtls_test_dhm_params,
- mbedtls_test_dhm_params_len ) ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if ((ret = mbedtls_dhm_parse_dhm(&dhm,
+ (const unsigned char *) mbedtls_test_dhm_params,
+ mbedtls_test_dhm_params_len)) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
goto exit;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n\n");
+ }
exit:
- mbedtls_dhm_free( &dhm );
+ mbedtls_dhm_free(&dhm);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/ecdh.c b/library/ecdh.c
index 724c938..2007e16 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -35,30 +35,30 @@
#include <string.h>
/* Parameter validation macros based on platform_util.h */
-#define ECDH_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECDH_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define ECDH_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA)
+#define ECDH_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed;
#endif
static mbedtls_ecp_group_id mbedtls_ecdh_grp_id(
- const mbedtls_ecdh_context *ctx )
+ const mbedtls_ecdh_context *ctx)
{
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- return( ctx->grp.id );
+ return ctx->grp.id;
#else
- return( ctx->grp_id );
+ return ctx->grp_id;
#endif
}
-int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid )
+int mbedtls_ecdh_can_do(mbedtls_ecp_group_id gid)
{
/* At this time, all groups support ECDH. */
(void) gid;
- return( 1 );
+ return 1;
}
#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
@@ -69,41 +69,42 @@
* the output parameter 'd' across continuation calls. This would not be
* acceptable for a public function but is OK here as we control call sites.
*/
-static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp,
- mbedtls_mpi *d, mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_ecp_restart_ctx *rs_ctx )
+static int ecdh_gen_public_restartable(mbedtls_ecp_group *grp,
+ mbedtls_mpi *d, mbedtls_ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_ecp_restart_ctx *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int restarting = 0;
#if defined(MBEDTLS_ECP_RESTARTABLE)
- restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL );
+ restarting = (rs_ctx != NULL && rs_ctx->rsm != NULL);
#endif
/* If multiplication is in progress, we already generated a privkey */
- if( !restarting )
- MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
+ if (!restarting) {
+ MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng));
+ }
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, Q, d, &grp->G,
- f_rng, p_rng, rs_ctx ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, Q, d, &grp->G,
+ f_rng, p_rng, rs_ctx));
cleanup:
- return( ret );
+ return ret;
}
/*
* Generate public key
*/
-int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
- ECDH_VALIDATE_RET( grp != NULL );
- ECDH_VALIDATE_RET( d != NULL );
- ECDH_VALIDATE_RET( Q != NULL );
- ECDH_VALIDATE_RET( f_rng != NULL );
- return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) );
+ ECDH_VALIDATE_RET(grp != NULL);
+ ECDH_VALIDATE_RET(d != NULL);
+ ECDH_VALIDATE_RET(Q != NULL);
+ ECDH_VALIDATE_RET(f_rng != NULL);
+ return ecdh_gen_public_restartable(grp, d, Q, f_rng, p_rng, NULL);
}
#endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */
@@ -111,79 +112,78 @@
/*
* Compute shared secret (SEC1 3.3.1)
*/
-static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp,
- mbedtls_mpi *z,
- const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_ecp_restart_ctx *rs_ctx )
+static int ecdh_compute_shared_restartable(mbedtls_ecp_group *grp,
+ mbedtls_mpi *z,
+ const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_ecp_restart_ctx *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point P;
- mbedtls_ecp_point_init( &P );
+ mbedtls_ecp_point_init(&P);
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &P, d, Q,
- f_rng, p_rng, rs_ctx ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, &P, d, Q,
+ f_rng, p_rng, rs_ctx));
- if( mbedtls_ecp_is_zero( &P ) )
- {
+ if (mbedtls_ecp_is_zero(&P)) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( z, &P.X ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(z, &P.X));
cleanup:
- mbedtls_ecp_point_free( &P );
+ mbedtls_ecp_point_free(&P);
- return( ret );
+ return ret;
}
/*
* Compute shared secret (SEC1 3.3.1)
*/
-int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
- const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_ecdh_compute_shared(mbedtls_ecp_group *grp, mbedtls_mpi *z,
+ const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
- ECDH_VALIDATE_RET( grp != NULL );
- ECDH_VALIDATE_RET( Q != NULL );
- ECDH_VALIDATE_RET( d != NULL );
- ECDH_VALIDATE_RET( z != NULL );
- return( ecdh_compute_shared_restartable( grp, z, Q, d,
- f_rng, p_rng, NULL ) );
+ ECDH_VALIDATE_RET(grp != NULL);
+ ECDH_VALIDATE_RET(Q != NULL);
+ ECDH_VALIDATE_RET(d != NULL);
+ ECDH_VALIDATE_RET(z != NULL);
+ return ecdh_compute_shared_restartable(grp, z, Q, d,
+ f_rng, p_rng, NULL);
}
#endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
-static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx )
+static void ecdh_init_internal(mbedtls_ecdh_context_mbed *ctx)
{
- mbedtls_ecp_group_init( &ctx->grp );
- mbedtls_mpi_init( &ctx->d );
- mbedtls_ecp_point_init( &ctx->Q );
- mbedtls_ecp_point_init( &ctx->Qp );
- mbedtls_mpi_init( &ctx->z );
+ mbedtls_ecp_group_init(&ctx->grp);
+ mbedtls_mpi_init(&ctx->d);
+ mbedtls_ecp_point_init(&ctx->Q);
+ mbedtls_ecp_point_init(&ctx->Qp);
+ mbedtls_mpi_init(&ctx->z);
#if defined(MBEDTLS_ECP_RESTARTABLE)
- mbedtls_ecp_restart_init( &ctx->rs );
+ mbedtls_ecp_restart_init(&ctx->rs);
#endif
}
/*
* Initialize context
*/
-void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
+void mbedtls_ecdh_init(mbedtls_ecdh_context *ctx)
{
- ECDH_VALIDATE( ctx != NULL );
+ ECDH_VALIDATE(ctx != NULL);
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- ecdh_init_internal( ctx );
- mbedtls_ecp_point_init( &ctx->Vi );
- mbedtls_ecp_point_init( &ctx->Vf );
- mbedtls_mpi_init( &ctx->_d );
+ ecdh_init_internal(ctx);
+ mbedtls_ecp_point_init(&ctx->Vi);
+ mbedtls_ecp_point_init(&ctx->Vf);
+ mbedtls_mpi_init(&ctx->_d);
#else
- memset( ctx, 0, sizeof( mbedtls_ecdh_context ) );
+ memset(ctx, 0, sizeof(mbedtls_ecdh_context));
ctx->var = MBEDTLS_ECDH_VARIANT_NONE;
#endif
@@ -193,59 +193,57 @@
#endif
}
-static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx,
- mbedtls_ecp_group_id grp_id )
+static int ecdh_setup_internal(mbedtls_ecdh_context_mbed *ctx,
+ mbedtls_ecp_group_id grp_id)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ret = mbedtls_ecp_group_load( &ctx->grp, grp_id );
- if( ret != 0 )
- {
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ ret = mbedtls_ecp_group_load(&ctx->grp, grp_id);
+ if (ret != 0) {
+ return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
}
- return( 0 );
+ return 0;
}
/*
* Setup context
*/
-int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id )
+int mbedtls_ecdh_setup(mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id)
{
- ECDH_VALIDATE_RET( ctx != NULL );
+ ECDH_VALIDATE_RET(ctx != NULL);
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- return( ecdh_setup_internal( ctx, grp_id ) );
+ return ecdh_setup_internal(ctx, grp_id);
#else
- switch( grp_id )
- {
+ switch (grp_id) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECP_DP_CURVE25519:
ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED;
ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST;
ctx->grp_id = grp_id;
- return( mbedtls_everest_setup( &ctx->ctx.everest_ecdh, grp_id ) );
+ return mbedtls_everest_setup(&ctx->ctx.everest_ecdh, grp_id);
#endif
default:
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
ctx->grp_id = grp_id;
- ecdh_init_internal( &ctx->ctx.mbed_ecdh );
- return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) );
+ ecdh_init_internal(&ctx->ctx.mbed_ecdh);
+ return ecdh_setup_internal(&ctx->ctx.mbed_ecdh, grp_id);
}
#endif
}
-static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx )
+static void ecdh_free_internal(mbedtls_ecdh_context_mbed *ctx)
{
- mbedtls_ecp_group_free( &ctx->grp );
- mbedtls_mpi_free( &ctx->d );
- mbedtls_ecp_point_free( &ctx->Q );
- mbedtls_ecp_point_free( &ctx->Qp );
- mbedtls_mpi_free( &ctx->z );
+ mbedtls_ecp_group_free(&ctx->grp);
+ mbedtls_mpi_free(&ctx->d);
+ mbedtls_ecp_point_free(&ctx->Q);
+ mbedtls_ecp_point_free(&ctx->Qp);
+ mbedtls_mpi_free(&ctx->z);
#if defined(MBEDTLS_ECP_RESTARTABLE)
- mbedtls_ecp_restart_free( &ctx->rs );
+ mbedtls_ecp_restart_free(&ctx->rs);
#endif
}
@@ -253,9 +251,9 @@
/*
* Enable restartable operations for context
*/
-void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx )
+void mbedtls_ecdh_enable_restart(mbedtls_ecdh_context *ctx)
{
- ECDH_VALIDATE( ctx != NULL );
+ ECDH_VALIDATE(ctx != NULL);
ctx->restart_enabled = 1;
}
@@ -264,26 +262,26 @@
/*
* Free context
*/
-void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
+void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- mbedtls_ecp_point_free( &ctx->Vi );
- mbedtls_ecp_point_free( &ctx->Vf );
- mbedtls_mpi_free( &ctx->_d );
- ecdh_free_internal( ctx );
+ mbedtls_ecp_point_free(&ctx->Vi);
+ mbedtls_ecp_point_free(&ctx->Vf);
+ mbedtls_mpi_free(&ctx->_d);
+ ecdh_free_internal(ctx);
#else
- switch( ctx->var )
- {
+ switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
- mbedtls_everest_free( &ctx->ctx.everest_ecdh );
+ mbedtls_everest_free(&ctx->ctx.everest_ecdh);
break;
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
- ecdh_free_internal( &ctx->ctx.mbed_ecdh );
+ ecdh_free_internal(&ctx->ctx.mbed_ecdh);
break;
default:
break;
@@ -295,14 +293,14 @@
#endif
}
-static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
- size_t *olen, int point_format,
- unsigned char *buf, size_t blen,
- int (*f_rng)(void *,
- unsigned char *,
- size_t),
- void *p_rng,
- int restart_enabled )
+static int ecdh_make_params_internal(mbedtls_ecdh_context_mbed *ctx,
+ size_t *olen, int point_format,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *,
+ unsigned char *,
+ size_t),
+ void *p_rng,
+ int restart_enabled)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t grp_len, pt_len;
@@ -310,40 +308,46 @@
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
#endif
- if( ctx->grp.pbits == 0 )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (ctx->grp.pbits == 0) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( restart_enabled )
+ if (restart_enabled) {
rs_ctx = &ctx->rs;
+ }
#else
(void) restart_enabled;
#endif
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q,
- f_rng, p_rng, rs_ctx ) ) != 0 )
- return( ret );
+ if ((ret = ecdh_gen_public_restartable(&ctx->grp, &ctx->d, &ctx->Q,
+ f_rng, p_rng, rs_ctx)) != 0) {
+ return ret;
+ }
#else
- if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
- f_rng, p_rng ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_ecdh_gen_public(&ctx->grp, &ctx->d, &ctx->Q,
+ f_rng, p_rng)) != 0) {
+ return ret;
+ }
#endif /* MBEDTLS_ECP_RESTARTABLE */
- if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf,
- blen ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_ecp_tls_write_group(&ctx->grp, &grp_len, buf,
+ blen)) != 0) {
+ return ret;
+ }
buf += grp_len;
blen -= grp_len;
- if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format,
- &pt_len, buf, blen ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_ecp_tls_write_point(&ctx->grp, &ctx->Q, point_format,
+ &pt_len, buf, blen)) != 0) {
+ return ret;
+ }
*olen = grp_len + pt_len;
- return( 0 );
+ return 0;
}
/*
@@ -353,16 +357,16 @@
* ECPoint public;
* } ServerECDHParams;
*/
-int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
- unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_ecdh_make_params(mbedtls_ecdh_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int restart_enabled = 0;
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( olen != NULL );
- ECDH_VALIDATE_RET( buf != NULL );
- ECDH_VALIDATE_RET( f_rng != NULL );
+ ECDH_VALIDATE_RET(ctx != NULL);
+ ECDH_VALIDATE_RET(olen != NULL);
+ ECDH_VALIDATE_RET(buf != NULL);
+ ECDH_VALIDATE_RET(f_rng != NULL);
#if defined(MBEDTLS_ECP_RESTARTABLE)
restart_enabled = ctx->restart_enabled;
@@ -371,33 +375,32 @@
#endif
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- return( ecdh_make_params_internal( ctx, olen, ctx->point_format, buf, blen,
- f_rng, p_rng, restart_enabled ) );
+ return ecdh_make_params_internal(ctx, olen, ctx->point_format, buf, blen,
+ f_rng, p_rng, restart_enabled);
#else
- switch( ctx->var )
- {
+ switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
- return( mbedtls_everest_make_params( &ctx->ctx.everest_ecdh, olen,
- buf, blen, f_rng, p_rng ) );
+ return mbedtls_everest_make_params(&ctx->ctx.everest_ecdh, olen,
+ buf, blen, f_rng, p_rng);
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
- return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen,
- ctx->point_format, buf, blen,
- f_rng, p_rng,
- restart_enabled ) );
+ return ecdh_make_params_internal(&ctx->ctx.mbed_ecdh, olen,
+ ctx->point_format, buf, blen,
+ f_rng, p_rng,
+ restart_enabled);
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#endif
}
-static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx,
- const unsigned char **buf,
- const unsigned char *end )
+static int ecdh_read_params_internal(mbedtls_ecdh_context_mbed *ctx,
+ const unsigned char **buf,
+ const unsigned char *end)
{
- return( mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf,
- end - *buf ) );
+ return mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, buf,
+ end - *buf);
}
/*
@@ -407,323 +410,330 @@
* ECPoint public;
* } ServerECDHParams;
*/
-int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
- const unsigned char **buf,
- const unsigned char *end )
+int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx,
+ const unsigned char **buf,
+ const unsigned char *end)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group_id grp_id;
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( buf != NULL );
- ECDH_VALIDATE_RET( *buf != NULL );
- ECDH_VALIDATE_RET( end != NULL );
+ ECDH_VALIDATE_RET(ctx != NULL);
+ ECDH_VALIDATE_RET(buf != NULL);
+ ECDH_VALIDATE_RET(*buf != NULL);
+ ECDH_VALIDATE_RET(end != NULL);
- if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) )
- != 0 )
- return( ret );
+ if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, end - *buf))
+ != 0) {
+ return ret;
+ }
- if( ( ret = mbedtls_ecdh_setup( ctx, grp_id ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_ecdh_setup(ctx, grp_id)) != 0) {
+ return ret;
+ }
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- return( ecdh_read_params_internal( ctx, buf, end ) );
+ return ecdh_read_params_internal(ctx, buf, end);
#else
- switch( ctx->var )
- {
+ switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
- return( mbedtls_everest_read_params( &ctx->ctx.everest_ecdh,
- buf, end) );
+ return mbedtls_everest_read_params(&ctx->ctx.everest_ecdh,
+ buf, end);
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
- return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh,
- buf, end ) );
+ return ecdh_read_params_internal(&ctx->ctx.mbed_ecdh,
+ buf, end);
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#endif
}
-static int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx,
- const mbedtls_ecp_keypair *key,
- mbedtls_ecdh_side side )
+static int ecdh_get_params_internal(mbedtls_ecdh_context_mbed *ctx,
+ const mbedtls_ecp_keypair *key,
+ mbedtls_ecdh_side side)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* If it's not our key, just import the public part as Qp */
- if( side == MBEDTLS_ECDH_THEIRS )
- return( mbedtls_ecp_copy( &ctx->Qp, &key->Q ) );
+ if (side == MBEDTLS_ECDH_THEIRS) {
+ return mbedtls_ecp_copy(&ctx->Qp, &key->Q);
+ }
/* Our key: import public (as Q) and private parts */
- if( side != MBEDTLS_ECDH_OURS )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (side != MBEDTLS_ECDH_OURS) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
- if( ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 ||
- ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0 ||
+ (ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0) {
+ return ret;
+ }
- return( 0 );
+ return 0;
}
/*
* Get parameters from a keypair
*/
-int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
- const mbedtls_ecp_keypair *key,
- mbedtls_ecdh_side side )
+int mbedtls_ecdh_get_params(mbedtls_ecdh_context *ctx,
+ const mbedtls_ecp_keypair *key,
+ mbedtls_ecdh_side side)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( key != NULL );
- ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS ||
- side == MBEDTLS_ECDH_THEIRS );
+ ECDH_VALIDATE_RET(ctx != NULL);
+ ECDH_VALIDATE_RET(key != NULL);
+ ECDH_VALIDATE_RET(side == MBEDTLS_ECDH_OURS ||
+ side == MBEDTLS_ECDH_THEIRS);
- if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE )
- {
+ if (mbedtls_ecdh_grp_id(ctx) == MBEDTLS_ECP_DP_NONE) {
/* This is the first call to get_params(). Set up the context
* for use with the group. */
- if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 )
- return( ret );
- }
- else
- {
+ if ((ret = mbedtls_ecdh_setup(ctx, key->grp.id)) != 0) {
+ return ret;
+ }
+ } else {
/* This is not the first call to get_params(). Check that the
* current key's group is the same as the context's, which was set
* from the first key's group. */
- if( mbedtls_ecdh_grp_id( ctx ) != key->grp.id )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (mbedtls_ecdh_grp_id(ctx) != key->grp.id) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
}
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- return( ecdh_get_params_internal( ctx, key, side ) );
+ return ecdh_get_params_internal(ctx, key, side);
#else
- switch( ctx->var )
- {
+ switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
{
mbedtls_everest_ecdh_side s = side == MBEDTLS_ECDH_OURS ?
- MBEDTLS_EVEREST_ECDH_OURS :
- MBEDTLS_EVEREST_ECDH_THEIRS;
- return( mbedtls_everest_get_params( &ctx->ctx.everest_ecdh,
- key, s) );
+ MBEDTLS_EVEREST_ECDH_OURS :
+ MBEDTLS_EVEREST_ECDH_THEIRS;
+ return mbedtls_everest_get_params(&ctx->ctx.everest_ecdh,
+ key, s);
}
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
- return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh,
- key, side ) );
+ return ecdh_get_params_internal(&ctx->ctx.mbed_ecdh,
+ key, side);
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#endif
}
-static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx,
- size_t *olen, int point_format,
- unsigned char *buf, size_t blen,
- int (*f_rng)(void *,
- unsigned char *,
- size_t),
- void *p_rng,
- int restart_enabled )
+static int ecdh_make_public_internal(mbedtls_ecdh_context_mbed *ctx,
+ size_t *olen, int point_format,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *,
+ unsigned char *,
+ size_t),
+ void *p_rng,
+ int restart_enabled)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_ECP_RESTARTABLE)
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
#endif
- if( ctx->grp.pbits == 0 )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (ctx->grp.pbits == 0) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( restart_enabled )
+ if (restart_enabled) {
rs_ctx = &ctx->rs;
+ }
#else
(void) restart_enabled;
#endif
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q,
- f_rng, p_rng, rs_ctx ) ) != 0 )
- return( ret );
+ if ((ret = ecdh_gen_public_restartable(&ctx->grp, &ctx->d, &ctx->Q,
+ f_rng, p_rng, rs_ctx)) != 0) {
+ return ret;
+ }
#else
- if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
- f_rng, p_rng ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_ecdh_gen_public(&ctx->grp, &ctx->d, &ctx->Q,
+ f_rng, p_rng)) != 0) {
+ return ret;
+ }
#endif /* MBEDTLS_ECP_RESTARTABLE */
- return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format, olen,
- buf, blen );
+ return mbedtls_ecp_tls_write_point(&ctx->grp, &ctx->Q, point_format, olen,
+ buf, blen);
}
/*
* Setup and export the client public value
*/
-int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
- unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_ecdh_make_public(mbedtls_ecdh_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int restart_enabled = 0;
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( olen != NULL );
- ECDH_VALIDATE_RET( buf != NULL );
- ECDH_VALIDATE_RET( f_rng != NULL );
+ ECDH_VALIDATE_RET(ctx != NULL);
+ ECDH_VALIDATE_RET(olen != NULL);
+ ECDH_VALIDATE_RET(buf != NULL);
+ ECDH_VALIDATE_RET(f_rng != NULL);
#if defined(MBEDTLS_ECP_RESTARTABLE)
restart_enabled = ctx->restart_enabled;
#endif
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- return( ecdh_make_public_internal( ctx, olen, ctx->point_format, buf, blen,
- f_rng, p_rng, restart_enabled ) );
+ return ecdh_make_public_internal(ctx, olen, ctx->point_format, buf, blen,
+ f_rng, p_rng, restart_enabled);
#else
- switch( ctx->var )
- {
+ switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
- return( mbedtls_everest_make_public( &ctx->ctx.everest_ecdh, olen,
- buf, blen, f_rng, p_rng ) );
+ return mbedtls_everest_make_public(&ctx->ctx.everest_ecdh, olen,
+ buf, blen, f_rng, p_rng);
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
- return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen,
- ctx->point_format, buf, blen,
- f_rng, p_rng,
- restart_enabled ) );
+ return ecdh_make_public_internal(&ctx->ctx.mbed_ecdh, olen,
+ ctx->point_format, buf, blen,
+ f_rng, p_rng,
+ restart_enabled);
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#endif
}
-static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
- const unsigned char *buf, size_t blen )
+static int ecdh_read_public_internal(mbedtls_ecdh_context_mbed *ctx,
+ const unsigned char *buf, size_t blen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf;
- if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p,
- blen ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, &p,
+ blen)) != 0) {
+ return ret;
+ }
- if( (size_t)( p - buf ) != blen )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if ((size_t) (p - buf) != blen) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
- return( 0 );
+ return 0;
}
/*
* Parse and import the client's public value
*/
-int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
- const unsigned char *buf, size_t blen )
+int mbedtls_ecdh_read_public(mbedtls_ecdh_context *ctx,
+ const unsigned char *buf, size_t blen)
{
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( buf != NULL );
+ ECDH_VALIDATE_RET(ctx != NULL);
+ ECDH_VALIDATE_RET(buf != NULL);
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- return( ecdh_read_public_internal( ctx, buf, blen ) );
+ return ecdh_read_public_internal(ctx, buf, blen);
#else
- switch( ctx->var )
- {
+ switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
- return( mbedtls_everest_read_public( &ctx->ctx.everest_ecdh,
- buf, blen ) );
+ return mbedtls_everest_read_public(&ctx->ctx.everest_ecdh,
+ buf, blen);
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
- return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh,
- buf, blen ) );
+ return ecdh_read_public_internal(&ctx->ctx.mbed_ecdh,
+ buf, blen);
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#endif
}
-static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
- size_t *olen, unsigned char *buf,
- size_t blen,
- int (*f_rng)(void *,
- unsigned char *,
- size_t),
- void *p_rng,
- int restart_enabled )
+static int ecdh_calc_secret_internal(mbedtls_ecdh_context_mbed *ctx,
+ size_t *olen, unsigned char *buf,
+ size_t blen,
+ int (*f_rng)(void *,
+ unsigned char *,
+ size_t),
+ void *p_rng,
+ int restart_enabled)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_ECP_RESTARTABLE)
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
#endif
- if( ctx == NULL || ctx->grp.pbits == 0 )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (ctx == NULL || ctx->grp.pbits == 0) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( restart_enabled )
+ if (restart_enabled) {
rs_ctx = &ctx->rs;
+ }
#else
(void) restart_enabled;
#endif
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( ( ret = ecdh_compute_shared_restartable( &ctx->grp, &ctx->z, &ctx->Qp,
- &ctx->d, f_rng, p_rng,
- rs_ctx ) ) != 0 )
- {
- return( ret );
+ if ((ret = ecdh_compute_shared_restartable(&ctx->grp, &ctx->z, &ctx->Qp,
+ &ctx->d, f_rng, p_rng,
+ rs_ctx)) != 0) {
+ return ret;
}
#else
- if( ( ret = mbedtls_ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp,
- &ctx->d, f_rng, p_rng ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_ecdh_compute_shared(&ctx->grp, &ctx->z, &ctx->Qp,
+ &ctx->d, f_rng, p_rng)) != 0) {
+ return ret;
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
- if( mbedtls_mpi_size( &ctx->z ) > blen )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (mbedtls_mpi_size(&ctx->z) > blen) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
- *olen = ctx->grp.pbits / 8 + ( ( ctx->grp.pbits % 8 ) != 0 );
+ *olen = ctx->grp.pbits / 8 + ((ctx->grp.pbits % 8) != 0);
- if( mbedtls_ecp_get_type( &ctx->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
- return mbedtls_mpi_write_binary_le( &ctx->z, buf, *olen );
+ if (mbedtls_ecp_get_type(&ctx->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+ return mbedtls_mpi_write_binary_le(&ctx->z, buf, *olen);
+ }
- return mbedtls_mpi_write_binary( &ctx->z, buf, *olen );
+ return mbedtls_mpi_write_binary(&ctx->z, buf, *olen);
}
/*
* Derive and export the shared secret
*/
-int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
- unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int restart_enabled = 0;
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( olen != NULL );
- ECDH_VALIDATE_RET( buf != NULL );
+ ECDH_VALIDATE_RET(ctx != NULL);
+ ECDH_VALIDATE_RET(olen != NULL);
+ ECDH_VALIDATE_RET(buf != NULL);
#if defined(MBEDTLS_ECP_RESTARTABLE)
restart_enabled = ctx->restart_enabled;
#endif
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- return( ecdh_calc_secret_internal( ctx, olen, buf, blen, f_rng, p_rng,
- restart_enabled ) );
+ return ecdh_calc_secret_internal(ctx, olen, buf, blen, f_rng, p_rng,
+ restart_enabled);
#else
- switch( ctx->var )
- {
+ switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
- return( mbedtls_everest_calc_secret( &ctx->ctx.everest_ecdh, olen,
- buf, blen, f_rng, p_rng ) );
+ return mbedtls_everest_calc_secret(&ctx->ctx.everest_ecdh, olen,
+ buf, blen, f_rng, p_rng);
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
- return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf,
- blen, f_rng, p_rng,
- restart_enabled ) );
+ return ecdh_calc_secret_internal(&ctx->ctx.mbed_ecdh, olen, buf,
+ blen, f_rng, p_rng,
+ restart_enabled);
default:
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#endif
}
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 4bae6a9..42a65dc 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -42,18 +42,17 @@
#include "mbedtls/error.h"
/* Parameter validation macros based on platform_util.h */
-#define ECDSA_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECDSA_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define ECDSA_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA)
+#define ECDSA_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
#if defined(MBEDTLS_ECP_RESTARTABLE)
/*
* Sub-context for ecdsa_verify()
*/
-struct mbedtls_ecdsa_restart_ver
-{
+struct mbedtls_ecdsa_restart_ver {
mbedtls_mpi u1, u2; /* intermediate values */
enum { /* what to do next? */
ecdsa_ver_init = 0, /* getting started */
@@ -64,32 +63,32 @@
/*
* Init verify restart sub-context
*/
-static void ecdsa_restart_ver_init( mbedtls_ecdsa_restart_ver_ctx *ctx )
+static void ecdsa_restart_ver_init(mbedtls_ecdsa_restart_ver_ctx *ctx)
{
- mbedtls_mpi_init( &ctx->u1 );
- mbedtls_mpi_init( &ctx->u2 );
+ mbedtls_mpi_init(&ctx->u1);
+ mbedtls_mpi_init(&ctx->u2);
ctx->state = ecdsa_ver_init;
}
/*
* Free the components of a verify restart sub-context
*/
-static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx )
+static void ecdsa_restart_ver_free(mbedtls_ecdsa_restart_ver_ctx *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_mpi_free( &ctx->u1 );
- mbedtls_mpi_free( &ctx->u2 );
+ mbedtls_mpi_free(&ctx->u1);
+ mbedtls_mpi_free(&ctx->u2);
- ecdsa_restart_ver_init( ctx );
+ ecdsa_restart_ver_init(ctx);
}
/*
* Sub-context for ecdsa_sign()
*/
-struct mbedtls_ecdsa_restart_sig
-{
+struct mbedtls_ecdsa_restart_sig {
int sign_tries;
int key_tries;
mbedtls_mpi k; /* per-signature random */
@@ -104,33 +103,33 @@
/*
* Init verify sign sub-context
*/
-static void ecdsa_restart_sig_init( mbedtls_ecdsa_restart_sig_ctx *ctx )
+static void ecdsa_restart_sig_init(mbedtls_ecdsa_restart_sig_ctx *ctx)
{
ctx->sign_tries = 0;
ctx->key_tries = 0;
- mbedtls_mpi_init( &ctx->k );
- mbedtls_mpi_init( &ctx->r );
+ mbedtls_mpi_init(&ctx->k);
+ mbedtls_mpi_init(&ctx->r);
ctx->state = ecdsa_sig_init;
}
/*
* Free the components of a sign restart sub-context
*/
-static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx )
+static void ecdsa_restart_sig_free(mbedtls_ecdsa_restart_sig_ctx *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_mpi_free( &ctx->k );
- mbedtls_mpi_free( &ctx->r );
+ mbedtls_mpi_free(&ctx->k);
+ mbedtls_mpi_free(&ctx->r);
}
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
/*
* Sub-context for ecdsa_sign_det()
*/
-struct mbedtls_ecdsa_restart_det
-{
+struct mbedtls_ecdsa_restart_det {
mbedtls_hmac_drbg_context rng_ctx; /* DRBG state */
enum { /* what to do next? */
ecdsa_det_init = 0, /* getting started */
@@ -141,73 +140,74 @@
/*
* Init verify sign_det sub-context
*/
-static void ecdsa_restart_det_init( mbedtls_ecdsa_restart_det_ctx *ctx )
+static void ecdsa_restart_det_init(mbedtls_ecdsa_restart_det_ctx *ctx)
{
- mbedtls_hmac_drbg_init( &ctx->rng_ctx );
+ mbedtls_hmac_drbg_init(&ctx->rng_ctx);
ctx->state = ecdsa_det_init;
}
/*
* Free the components of a sign_det restart sub-context
*/
-static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx )
+static void ecdsa_restart_det_free(mbedtls_ecdsa_restart_det_ctx *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_hmac_drbg_free( &ctx->rng_ctx );
+ mbedtls_hmac_drbg_free(&ctx->rng_ctx);
- ecdsa_restart_det_init( ctx );
+ ecdsa_restart_det_init(ctx);
}
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-#define ECDSA_RS_ECP ( rs_ctx == NULL ? NULL : &rs_ctx->ecp )
+#define ECDSA_RS_ECP (rs_ctx == NULL ? NULL : &rs_ctx->ecp)
/* Utility macro for checking and updating ops budget */
-#define ECDSA_BUDGET( ops ) \
- MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, ECDSA_RS_ECP, ops ) );
+#define ECDSA_BUDGET(ops) \
+ MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, ECDSA_RS_ECP, ops));
/* Call this when entering a function that needs its own sub-context */
-#define ECDSA_RS_ENTER( SUB ) do { \
- /* reset ops count for this call if top-level */ \
- if( rs_ctx != NULL && rs_ctx->ecp.depth++ == 0 ) \
+#define ECDSA_RS_ENTER(SUB) do { \
+ /* reset ops count for this call if top-level */ \
+ if (rs_ctx != NULL && rs_ctx->ecp.depth++ == 0) \
rs_ctx->ecp.ops_done = 0; \
\
- /* set up our own sub-context if needed */ \
- if( mbedtls_ecp_restart_is_enabled() && \
- rs_ctx != NULL && rs_ctx->SUB == NULL ) \
- { \
- rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) ); \
- if( rs_ctx->SUB == NULL ) \
- return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); \
- \
- ecdsa_restart_## SUB ##_init( rs_ctx->SUB ); \
- } \
-} while( 0 )
+ /* set up our own sub-context if needed */ \
+ if (mbedtls_ecp_restart_is_enabled() && \
+ rs_ctx != NULL && rs_ctx->SUB == NULL) \
+ { \
+ rs_ctx->SUB = mbedtls_calloc(1, sizeof(*rs_ctx->SUB)); \
+ if (rs_ctx->SUB == NULL) \
+ return MBEDTLS_ERR_ECP_ALLOC_FAILED; \
+ \
+ ecdsa_restart_## SUB ##_init(rs_ctx->SUB); \
+ } \
+} while (0)
/* Call this when leaving a function that needs its own sub-context */
-#define ECDSA_RS_LEAVE( SUB ) do { \
- /* clear our sub-context when not in progress (done or error) */ \
- if( rs_ctx != NULL && rs_ctx->SUB != NULL && \
- ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) \
- { \
- ecdsa_restart_## SUB ##_free( rs_ctx->SUB ); \
- mbedtls_free( rs_ctx->SUB ); \
- rs_ctx->SUB = NULL; \
- } \
+#define ECDSA_RS_LEAVE(SUB) do { \
+ /* clear our sub-context when not in progress (done or error) */ \
+ if (rs_ctx != NULL && rs_ctx->SUB != NULL && \
+ ret != MBEDTLS_ERR_ECP_IN_PROGRESS) \
+ { \
+ ecdsa_restart_## SUB ##_free(rs_ctx->SUB); \
+ mbedtls_free(rs_ctx->SUB); \
+ rs_ctx->SUB = NULL; \
+ } \
\
- if( rs_ctx != NULL ) \
+ if (rs_ctx != NULL) \
rs_ctx->ecp.depth--; \
-} while( 0 )
+} while (0)
#else /* MBEDTLS_ECP_RESTARTABLE */
#define ECDSA_RS_ECP NULL
-#define ECDSA_BUDGET( ops ) /* no-op; for compatibility */
+#define ECDSA_BUDGET(ops) /* no-op; for compatibility */
-#define ECDSA_RS_ENTER( SUB ) (void) rs_ctx
-#define ECDSA_RS_LEAVE( SUB ) (void) rs_ctx
+#define ECDSA_RS_ENTER(SUB) (void) rs_ctx
+#define ECDSA_RS_LEAVE(SUB) (void) rs_ctx
#endif /* MBEDTLS_ECP_RESTARTABLE */
@@ -218,23 +218,25 @@
* Derive a suitable integer for group grp from a buffer of length len
* SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3
*/
-static int derive_mpi( const mbedtls_ecp_group *grp, mbedtls_mpi *x,
- const unsigned char *buf, size_t blen )
+static int derive_mpi(const mbedtls_ecp_group *grp, mbedtls_mpi *x,
+ const unsigned char *buf, size_t blen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t n_size = ( grp->nbits + 7 ) / 8;
+ size_t n_size = (grp->nbits + 7) / 8;
size_t use_size = blen > n_size ? n_size : blen;
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( x, buf, use_size ) );
- if( use_size * 8 > grp->nbits )
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( x, use_size * 8 - grp->nbits ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(x, buf, use_size));
+ if (use_size * 8 > grp->nbits) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(x, use_size * 8 - grp->nbits));
+ }
/* While at it, reduce modulo N */
- if( mbedtls_mpi_cmp_mpi( x, &grp->N ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( x, x, &grp->N ) );
+ if (mbedtls_mpi_cmp_mpi(x, &grp->N) >= 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(x, x, &grp->N));
+ }
cleanup:
- return( ret );
+ return ret;
}
#endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */
@@ -243,13 +245,13 @@
* Compute ECDSA signature of a hashed message (SEC1 4.1.3)
* Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message)
*/
-static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
- mbedtls_mpi *r, mbedtls_mpi *s,
- const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- int (*f_rng_blind)(void *, unsigned char *, size_t),
- void *p_rng_blind,
- mbedtls_ecdsa_restart_ctx *rs_ctx )
+static int ecdsa_sign_restartable(mbedtls_ecp_group *grp,
+ mbedtls_mpi *r, mbedtls_mpi *s,
+ const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ int (*f_rng_blind)(void *, unsigned char *, size_t),
+ void *p_rng_blind,
+ mbedtls_ecdsa_restart_ctx *rs_ctx)
{
int ret, key_tries, sign_tries;
int *p_sign_tries = &sign_tries, *p_key_tries = &key_tries;
@@ -258,21 +260,22 @@
mbedtls_mpi *pk = &k, *pr = r;
/* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
- if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (!mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
/* Make sure d is in range 1..n-1 */
- if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 )
- return( MBEDTLS_ERR_ECP_INVALID_KEY );
+ if (mbedtls_mpi_cmp_int(d, 1) < 0 || mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) {
+ return MBEDTLS_ERR_ECP_INVALID_KEY;
+ }
- mbedtls_ecp_point_init( &R );
- mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t );
+ mbedtls_ecp_point_init(&R);
+ mbedtls_mpi_init(&k); mbedtls_mpi_init(&e); mbedtls_mpi_init(&t);
- ECDSA_RS_ENTER( sig );
+ ECDSA_RS_ENTER(sig);
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->sig != NULL )
- {
+ if (rs_ctx != NULL && rs_ctx->sig != NULL) {
/* redirect to our context */
p_sign_tries = &rs_ctx->sig->sign_tries;
p_key_tries = &rs_ctx->sig->key_tries;
@@ -280,18 +283,18 @@
pr = &rs_ctx->sig->r;
/* jump to current step */
- if( rs_ctx->sig->state == ecdsa_sig_mul )
+ if (rs_ctx->sig->state == ecdsa_sig_mul) {
goto mul;
- if( rs_ctx->sig->state == ecdsa_sig_modn )
+ }
+ if (rs_ctx->sig->state == ecdsa_sig_modn) {
goto modn;
+ }
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
*p_sign_tries = 0;
- do
- {
- if( (*p_sign_tries)++ > 10 )
- {
+ do {
+ if ((*p_sign_tries)++ > 10) {
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup;
}
@@ -301,33 +304,32 @@
* and set r = xR mod n
*/
*p_key_tries = 0;
- do
- {
- if( (*p_key_tries)++ > 10 )
- {
+ do {
+ if ((*p_key_tries)++ > 10) {
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, pk, f_rng, p_rng));
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->sig != NULL )
+ if (rs_ctx != NULL && rs_ctx->sig != NULL) {
rs_ctx->sig->state = ecdsa_sig_mul;
+ }
mul:
#endif
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &R, pk, &grp->G,
- f_rng_blind,
- p_rng_blind,
- ECDSA_RS_ECP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pr, &R.X, &grp->N ) );
- }
- while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, &R, pk, &grp->G,
+ f_rng_blind,
+ p_rng_blind,
+ ECDSA_RS_ECP));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pr, &R.X, &grp->N));
+ } while (mbedtls_mpi_cmp_int(pr, 0) == 0);
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->sig != NULL )
+ if (rs_ctx != NULL && rs_ctx->sig != NULL) {
rs_ctx->sig->state = ecdsa_sig_modn;
+ }
modn:
#endif
@@ -335,79 +337,78 @@
* Accounting for everything up to the end of the loop
* (step 6, but checking now avoids saving e and t)
*/
- ECDSA_BUDGET( MBEDTLS_ECP_OPS_INV + 4 );
+ ECDSA_BUDGET(MBEDTLS_ECP_OPS_INV + 4);
/*
* Step 5: derive MPI from hashed message
*/
- MBEDTLS_MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
+ MBEDTLS_MPI_CHK(derive_mpi(grp, &e, buf, blen));
/*
* Generate a random value to blind inv_mod in next step,
* avoiding a potential timing leak.
*/
- MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, &t, f_rng_blind,
- p_rng_blind ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, &t, f_rng_blind,
+ p_rng_blind));
/*
* Step 6: compute s = (e + r * d) / k = t (e + rd) / (kt) mod n
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, pr, d ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &e, &e, s ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &e, &e, &t ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pk, pk, &t ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pk, pk, &grp->N ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
- }
- while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(s, pr, d));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&e, &e, s));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&e, &e, &t));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pk, pk, &t));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pk, pk, &grp->N));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(s, pk, &grp->N));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(s, s, &e));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(s, s, &grp->N));
+ } while (mbedtls_mpi_cmp_int(s, 0) == 0);
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->sig != NULL )
- mbedtls_mpi_copy( r, pr );
+ if (rs_ctx != NULL && rs_ctx->sig != NULL) {
+ mbedtls_mpi_copy(r, pr);
+ }
#endif
cleanup:
- mbedtls_ecp_point_free( &R );
- mbedtls_mpi_free( &k ); mbedtls_mpi_free( &e ); mbedtls_mpi_free( &t );
+ mbedtls_ecp_point_free(&R);
+ mbedtls_mpi_free(&k); mbedtls_mpi_free(&e); mbedtls_mpi_free(&t);
- ECDSA_RS_LEAVE( sig );
+ ECDSA_RS_LEAVE(sig);
- return( ret );
+ return ret;
}
-int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid )
+int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
{
- switch( gid )
- {
+ switch (gid) {
#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
case MBEDTLS_ECP_DP_CURVE25519: return 0;
#endif
#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
case MBEDTLS_ECP_DP_CURVE448: return 0;
#endif
- default: return 1;
+ default: return 1;
}
}
/*
* Compute ECDSA signature of a hashed message
*/
-int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
- const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+ const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- ECDSA_VALIDATE_RET( grp != NULL );
- ECDSA_VALIDATE_RET( r != NULL );
- ECDSA_VALIDATE_RET( s != NULL );
- ECDSA_VALIDATE_RET( d != NULL );
- ECDSA_VALIDATE_RET( f_rng != NULL );
- ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
+ ECDSA_VALIDATE_RET(grp != NULL);
+ ECDSA_VALIDATE_RET(r != NULL);
+ ECDSA_VALIDATE_RET(s != NULL);
+ ECDSA_VALIDATE_RET(d != NULL);
+ ECDSA_VALIDATE_RET(f_rng != NULL);
+ ECDSA_VALIDATE_RET(buf != NULL || blen == 0);
/* Use the same RNG for both blinding and ephemeral key generation */
- return( ecdsa_sign_restartable( grp, r, s, d, buf, blen,
- f_rng, p_rng, f_rng, p_rng, NULL ) );
+ return ecdsa_sign_restartable(grp, r, s, d, buf, blen,
+ f_rng, p_rng, f_rng, p_rng, NULL);
}
#endif /* !MBEDTLS_ECDSA_SIGN_ALT */
@@ -415,66 +416,67 @@
/*
* Deterministic signature wrapper
*/
-static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
- mbedtls_mpi *r, mbedtls_mpi *s,
- const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
- mbedtls_md_type_t md_alg,
- int (*f_rng_blind)(void *, unsigned char *, size_t),
- void *p_rng_blind,
- mbedtls_ecdsa_restart_ctx *rs_ctx )
+static int ecdsa_sign_det_restartable(mbedtls_ecp_group *grp,
+ mbedtls_mpi *r, mbedtls_mpi *s,
+ const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+ mbedtls_md_type_t md_alg,
+ int (*f_rng_blind)(void *, unsigned char *, size_t),
+ void *p_rng_blind,
+ mbedtls_ecdsa_restart_ctx *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_hmac_drbg_context rng_ctx;
mbedtls_hmac_drbg_context *p_rng = &rng_ctx;
unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
- size_t grp_len = ( grp->nbits + 7 ) / 8;
+ size_t grp_len = (grp->nbits + 7) / 8;
const mbedtls_md_info_t *md_info;
mbedtls_mpi h;
- if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if ((md_info = mbedtls_md_info_from_type(md_alg)) == NULL) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
- mbedtls_mpi_init( &h );
- mbedtls_hmac_drbg_init( &rng_ctx );
+ mbedtls_mpi_init(&h);
+ mbedtls_hmac_drbg_init(&rng_ctx);
- ECDSA_RS_ENTER( det );
+ ECDSA_RS_ENTER(det);
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->det != NULL )
- {
+ if (rs_ctx != NULL && rs_ctx->det != NULL) {
/* redirect to our context */
p_rng = &rs_ctx->det->rng_ctx;
/* jump to current step */
- if( rs_ctx->det->state == ecdsa_det_sign )
+ if (rs_ctx->det->state == ecdsa_det_sign) {
goto sign;
+ }
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
/* Use private key and message hash (reduced) to initialize HMAC_DRBG */
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) );
- MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) );
- mbedtls_hmac_drbg_seed_buf( p_rng, md_info, data, 2 * grp_len );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(d, data, grp_len));
+ MBEDTLS_MPI_CHK(derive_mpi(grp, &h, buf, blen));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&h, data + grp_len, grp_len));
+ mbedtls_hmac_drbg_seed_buf(p_rng, md_info, data, 2 * grp_len);
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->det != NULL )
+ if (rs_ctx != NULL && rs_ctx->det != NULL) {
rs_ctx->det->state = ecdsa_det_sign;
+ }
sign:
#endif
#if defined(MBEDTLS_ECDSA_SIGN_ALT)
(void) f_rng_blind;
(void) p_rng_blind;
- ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
- mbedtls_hmac_drbg_random, p_rng );
+ ret = mbedtls_ecdsa_sign(grp, r, s, d, buf, blen,
+ mbedtls_hmac_drbg_random, p_rng);
#else
- if( f_rng_blind != NULL )
- ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen,
- mbedtls_hmac_drbg_random, p_rng,
- f_rng_blind, p_rng_blind, rs_ctx );
- else
- {
+ if (f_rng_blind != NULL) {
+ ret = ecdsa_sign_restartable(grp, r, s, d, buf, blen,
+ mbedtls_hmac_drbg_random, p_rng,
+ f_rng_blind, p_rng_blind, rs_ctx);
+ } else {
mbedtls_hmac_drbg_context *p_rng_blind_det;
#if !defined(MBEDTLS_ECP_RESTARTABLE)
@@ -484,19 +486,18 @@
* reusing the bits of the ephemeral key for blinding and eliminate the
* risk that they leak this way.
*/
- const char* blind_label = "BLINDING CONTEXT";
+ const char *blind_label = "BLINDING CONTEXT";
mbedtls_hmac_drbg_context rng_ctx_blind;
- mbedtls_hmac_drbg_init( &rng_ctx_blind );
+ mbedtls_hmac_drbg_init(&rng_ctx_blind);
p_rng_blind_det = &rng_ctx_blind;
- mbedtls_hmac_drbg_seed_buf( p_rng_blind_det, md_info,
- data, 2 * grp_len );
- ret = mbedtls_hmac_drbg_update_ret( p_rng_blind_det,
- (const unsigned char*) blind_label,
- strlen( blind_label ) );
- if( ret != 0 )
- {
- mbedtls_hmac_drbg_free( &rng_ctx_blind );
+ mbedtls_hmac_drbg_seed_buf(p_rng_blind_det, md_info,
+ data, 2 * grp_len);
+ ret = mbedtls_hmac_drbg_update_ret(p_rng_blind_det,
+ (const unsigned char *) blind_label,
+ strlen(blind_label));
+ if (ret != 0) {
+ mbedtls_hmac_drbg_free(&rng_ctx_blind);
goto cleanup;
}
#else
@@ -523,24 +524,24 @@
* won't be a valid value for f_rng_blind anymore. Therefore it should
* be checked by the caller and this branch and check can be removed.
*/
- ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen,
- mbedtls_hmac_drbg_random, p_rng,
- mbedtls_hmac_drbg_random, p_rng_blind_det,
- rs_ctx );
+ ret = ecdsa_sign_restartable(grp, r, s, d, buf, blen,
+ mbedtls_hmac_drbg_random, p_rng,
+ mbedtls_hmac_drbg_random, p_rng_blind_det,
+ rs_ctx);
#if !defined(MBEDTLS_ECP_RESTARTABLE)
- mbedtls_hmac_drbg_free( &rng_ctx_blind );
+ mbedtls_hmac_drbg_free(&rng_ctx_blind);
#endif
}
#endif /* MBEDTLS_ECDSA_SIGN_ALT */
cleanup:
- mbedtls_hmac_drbg_free( &rng_ctx );
- mbedtls_mpi_free( &h );
+ mbedtls_hmac_drbg_free(&rng_ctx);
+ mbedtls_mpi_free(&h);
- ECDSA_RS_LEAVE( det );
+ ECDSA_RS_LEAVE(det);
- return( ret );
+ return ret;
}
/*
@@ -548,39 +549,39 @@
*/
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r,
- mbedtls_mpi *s, const mbedtls_mpi *d,
- const unsigned char *buf, size_t blen,
- mbedtls_md_type_t md_alg )
+int mbedtls_ecdsa_sign_det(mbedtls_ecp_group *grp, mbedtls_mpi *r,
+ mbedtls_mpi *s, const mbedtls_mpi *d,
+ const unsigned char *buf, size_t blen,
+ mbedtls_md_type_t md_alg)
{
- ECDSA_VALIDATE_RET( grp != NULL );
- ECDSA_VALIDATE_RET( r != NULL );
- ECDSA_VALIDATE_RET( s != NULL );
- ECDSA_VALIDATE_RET( d != NULL );
- ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
+ ECDSA_VALIDATE_RET(grp != NULL);
+ ECDSA_VALIDATE_RET(r != NULL);
+ ECDSA_VALIDATE_RET(s != NULL);
+ ECDSA_VALIDATE_RET(d != NULL);
+ ECDSA_VALIDATE_RET(buf != NULL || blen == 0);
- return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg,
- NULL, NULL, NULL ) );
+ return ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg,
+ NULL, NULL, NULL);
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
-int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
- mbedtls_mpi *s, const mbedtls_mpi *d,
- const unsigned char *buf, size_t blen,
- mbedtls_md_type_t md_alg,
- int (*f_rng_blind)(void *, unsigned char *,
- size_t),
- void *p_rng_blind )
+int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r,
+ mbedtls_mpi *s, const mbedtls_mpi *d,
+ const unsigned char *buf, size_t blen,
+ mbedtls_md_type_t md_alg,
+ int (*f_rng_blind)(void *, unsigned char *,
+ size_t),
+ void *p_rng_blind)
{
- ECDSA_VALIDATE_RET( grp != NULL );
- ECDSA_VALIDATE_RET( r != NULL );
- ECDSA_VALIDATE_RET( s != NULL );
- ECDSA_VALIDATE_RET( d != NULL );
- ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
- ECDSA_VALIDATE_RET( f_rng_blind != NULL );
+ ECDSA_VALIDATE_RET(grp != NULL);
+ ECDSA_VALIDATE_RET(r != NULL);
+ ECDSA_VALIDATE_RET(s != NULL);
+ ECDSA_VALIDATE_RET(d != NULL);
+ ECDSA_VALIDATE_RET(buf != NULL || blen == 0);
+ ECDSA_VALIDATE_RET(f_rng_blind != NULL);
- return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg,
- f_rng_blind, p_rng_blind, NULL ) );
+ return ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg,
+ f_rng_blind, p_rng_blind, NULL);
}
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
@@ -589,46 +590,46 @@
* Verify ECDSA signature of hashed message (SEC1 4.1.4)
* Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message)
*/
-static int ecdsa_verify_restartable( mbedtls_ecp_group *grp,
- const unsigned char *buf, size_t blen,
- const mbedtls_ecp_point *Q,
- const mbedtls_mpi *r, const mbedtls_mpi *s,
- mbedtls_ecdsa_restart_ctx *rs_ctx )
+static int ecdsa_verify_restartable(mbedtls_ecp_group *grp,
+ const unsigned char *buf, size_t blen,
+ const mbedtls_ecp_point *Q,
+ const mbedtls_mpi *r, const mbedtls_mpi *s,
+ mbedtls_ecdsa_restart_ctx *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi e, s_inv, u1, u2;
mbedtls_ecp_point R;
mbedtls_mpi *pu1 = &u1, *pu2 = &u2;
- mbedtls_ecp_point_init( &R );
- mbedtls_mpi_init( &e ); mbedtls_mpi_init( &s_inv );
- mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 );
+ mbedtls_ecp_point_init(&R);
+ mbedtls_mpi_init(&e); mbedtls_mpi_init(&s_inv);
+ mbedtls_mpi_init(&u1); mbedtls_mpi_init(&u2);
/* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
- if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (!mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
- ECDSA_RS_ENTER( ver );
+ ECDSA_RS_ENTER(ver);
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->ver != NULL )
- {
+ if (rs_ctx != NULL && rs_ctx->ver != NULL) {
/* redirect to our context */
pu1 = &rs_ctx->ver->u1;
pu2 = &rs_ctx->ver->u2;
/* jump to current step */
- if( rs_ctx->ver->state == ecdsa_ver_muladd )
+ if (rs_ctx->ver->state == ecdsa_ver_muladd) {
goto muladd;
+ }
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
/*
* Step 1: make sure r and s are in range 1..n-1
*/
- if( mbedtls_mpi_cmp_int( r, 1 ) < 0 || mbedtls_mpi_cmp_mpi( r, &grp->N ) >= 0 ||
- mbedtls_mpi_cmp_int( s, 1 ) < 0 || mbedtls_mpi_cmp_mpi( s, &grp->N ) >= 0 )
- {
+ if (mbedtls_mpi_cmp_int(r, 1) < 0 || mbedtls_mpi_cmp_mpi(r, &grp->N) >= 0 ||
+ mbedtls_mpi_cmp_int(s, 1) < 0 || mbedtls_mpi_cmp_mpi(s, &grp->N) >= 0) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
@@ -636,35 +637,35 @@
/*
* Step 3: derive MPI from hashed message
*/
- MBEDTLS_MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
+ MBEDTLS_MPI_CHK(derive_mpi(grp, &e, buf, blen));
/*
* Step 4: u1 = e / s mod n, u2 = r / s mod n
*/
- ECDSA_BUDGET( MBEDTLS_ECP_OPS_CHK + MBEDTLS_ECP_OPS_INV + 2 );
+ ECDSA_BUDGET(MBEDTLS_ECP_OPS_CHK + MBEDTLS_ECP_OPS_INV + 2);
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &s_inv, s, &grp->N ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&s_inv, s, &grp->N));
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pu1, &e, &s_inv ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pu1, pu1, &grp->N ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pu1, &e, &s_inv));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu1, pu1, &grp->N));
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pu2, r, &s_inv ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pu2, pu2, &grp->N ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pu2, r, &s_inv));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu2, pu2, &grp->N));
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->ver != NULL )
+ if (rs_ctx != NULL && rs_ctx->ver != NULL) {
rs_ctx->ver->state = ecdsa_ver_muladd;
+ }
muladd:
#endif
/*
* Step 5: R = u1 G + u2 Q
*/
- MBEDTLS_MPI_CHK( mbedtls_ecp_muladd_restartable( grp,
- &R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_muladd_restartable(grp,
+ &R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP));
- if( mbedtls_ecp_is_zero( &R ) )
- {
+ if (mbedtls_ecp_is_zero(&R)) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
@@ -673,302 +674,303 @@
* Step 6: convert xR to an integer (no-op)
* Step 7: reduce xR mod n (gives v)
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &R.X, &R.X, &grp->N ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&R.X, &R.X, &grp->N));
/*
* Step 8: check if v (that is, R.X) is equal to r
*/
- if( mbedtls_mpi_cmp_mpi( &R.X, r ) != 0 )
- {
+ if (mbedtls_mpi_cmp_mpi(&R.X, r) != 0) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
cleanup:
- mbedtls_ecp_point_free( &R );
- mbedtls_mpi_free( &e ); mbedtls_mpi_free( &s_inv );
- mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 );
+ mbedtls_ecp_point_free(&R);
+ mbedtls_mpi_free(&e); mbedtls_mpi_free(&s_inv);
+ mbedtls_mpi_free(&u1); mbedtls_mpi_free(&u2);
- ECDSA_RS_LEAVE( ver );
+ ECDSA_RS_LEAVE(ver);
- return( ret );
+ return ret;
}
/*
* Verify ECDSA signature of hashed message
*/
-int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
- const unsigned char *buf, size_t blen,
- const mbedtls_ecp_point *Q,
- const mbedtls_mpi *r,
- const mbedtls_mpi *s)
+int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
+ const unsigned char *buf, size_t blen,
+ const mbedtls_ecp_point *Q,
+ const mbedtls_mpi *r,
+ const mbedtls_mpi *s)
{
- ECDSA_VALIDATE_RET( grp != NULL );
- ECDSA_VALIDATE_RET( Q != NULL );
- ECDSA_VALIDATE_RET( r != NULL );
- ECDSA_VALIDATE_RET( s != NULL );
- ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
+ ECDSA_VALIDATE_RET(grp != NULL);
+ ECDSA_VALIDATE_RET(Q != NULL);
+ ECDSA_VALIDATE_RET(r != NULL);
+ ECDSA_VALIDATE_RET(s != NULL);
+ ECDSA_VALIDATE_RET(buf != NULL || blen == 0);
- return( ecdsa_verify_restartable( grp, buf, blen, Q, r, s, NULL ) );
+ return ecdsa_verify_restartable(grp, buf, blen, Q, r, s, NULL);
}
#endif /* !MBEDTLS_ECDSA_VERIFY_ALT */
/*
* Convert a signature (given by context) to ASN.1
*/
-static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
- unsigned char *sig, size_t *slen )
+static int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s,
+ unsigned char *sig, size_t *slen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char buf[MBEDTLS_ECDSA_MAX_LEN] = {0};
- unsigned char *p = buf + sizeof( buf );
+ unsigned char buf[MBEDTLS_ECDSA_MAX_LEN] = { 0 };
+ unsigned char *p = buf + sizeof(buf);
size_t len = 0;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, s ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, r ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&p, buf, s));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&p, buf, r));
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, buf,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
- memcpy( sig, p, len );
+ memcpy(sig, p, len);
*slen = len;
- return( 0 );
+ return 0;
}
/*
* Compute and write signature
*/
-int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hlen,
- unsigned char *sig, size_t *slen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_ecdsa_restart_ctx *rs_ctx )
+int mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hlen,
+ unsigned char *sig, size_t *slen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_ecdsa_restart_ctx *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi r, s;
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( hash != NULL );
- ECDSA_VALIDATE_RET( sig != NULL );
- ECDSA_VALIDATE_RET( slen != NULL );
+ ECDSA_VALIDATE_RET(ctx != NULL);
+ ECDSA_VALIDATE_RET(hash != NULL);
+ ECDSA_VALIDATE_RET(sig != NULL);
+ ECDSA_VALIDATE_RET(slen != NULL);
- mbedtls_mpi_init( &r );
- mbedtls_mpi_init( &s );
+ mbedtls_mpi_init(&r);
+ mbedtls_mpi_init(&s);
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
- MBEDTLS_MPI_CHK( ecdsa_sign_det_restartable( &ctx->grp, &r, &s, &ctx->d,
- hash, hlen, md_alg, f_rng,
- p_rng, rs_ctx ) );
+ MBEDTLS_MPI_CHK(ecdsa_sign_det_restartable(&ctx->grp, &r, &s, &ctx->d,
+ hash, hlen, md_alg, f_rng,
+ p_rng, rs_ctx));
#else
(void) md_alg;
#if defined(MBEDTLS_ECDSA_SIGN_ALT)
(void) rs_ctx;
- MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ctx->grp, &r, &s, &ctx->d,
- hash, hlen, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign(&ctx->grp, &r, &s, &ctx->d,
+ hash, hlen, f_rng, p_rng));
#else
/* Use the same RNG for both blinding and ephemeral key generation */
- MBEDTLS_MPI_CHK( ecdsa_sign_restartable( &ctx->grp, &r, &s, &ctx->d,
- hash, hlen, f_rng, p_rng, f_rng,
- p_rng, rs_ctx ) );
+ MBEDTLS_MPI_CHK(ecdsa_sign_restartable(&ctx->grp, &r, &s, &ctx->d,
+ hash, hlen, f_rng, p_rng, f_rng,
+ p_rng, rs_ctx));
#endif /* MBEDTLS_ECDSA_SIGN_ALT */
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
- MBEDTLS_MPI_CHK( ecdsa_signature_to_asn1( &r, &s, sig, slen ) );
+ MBEDTLS_MPI_CHK(ecdsa_signature_to_asn1(&r, &s, sig, slen));
cleanup:
- mbedtls_mpi_free( &r );
- mbedtls_mpi_free( &s );
+ mbedtls_mpi_free(&r);
+ mbedtls_mpi_free(&s);
- return( ret );
+ return ret;
}
/*
* Compute and write signature
*/
-int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hlen,
- unsigned char *sig, size_t *slen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_ecdsa_write_signature(mbedtls_ecdsa_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hlen,
+ unsigned char *sig, size_t *slen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( hash != NULL );
- ECDSA_VALIDATE_RET( sig != NULL );
- ECDSA_VALIDATE_RET( slen != NULL );
- return( mbedtls_ecdsa_write_signature_restartable(
- ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL ) );
+ ECDSA_VALIDATE_RET(ctx != NULL);
+ ECDSA_VALIDATE_RET(hash != NULL);
+ ECDSA_VALIDATE_RET(sig != NULL);
+ ECDSA_VALIDATE_RET(slen != NULL);
+ return mbedtls_ecdsa_write_signature_restartable(
+ ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL);
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && \
defined(MBEDTLS_ECDSA_DETERMINISTIC)
-int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
- const unsigned char *hash, size_t hlen,
- unsigned char *sig, size_t *slen,
- mbedtls_md_type_t md_alg )
+int mbedtls_ecdsa_write_signature_det(mbedtls_ecdsa_context *ctx,
+ const unsigned char *hash, size_t hlen,
+ unsigned char *sig, size_t *slen,
+ mbedtls_md_type_t md_alg)
{
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( hash != NULL );
- ECDSA_VALIDATE_RET( sig != NULL );
- ECDSA_VALIDATE_RET( slen != NULL );
- return( mbedtls_ecdsa_write_signature( ctx, md_alg, hash, hlen, sig, slen,
- NULL, NULL ) );
+ ECDSA_VALIDATE_RET(ctx != NULL);
+ ECDSA_VALIDATE_RET(hash != NULL);
+ ECDSA_VALIDATE_RET(sig != NULL);
+ ECDSA_VALIDATE_RET(slen != NULL);
+ return mbedtls_ecdsa_write_signature(ctx, md_alg, hash, hlen, sig, slen,
+ NULL, NULL);
}
#endif
/*
* Read and check signature
*/
-int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
- const unsigned char *hash, size_t hlen,
- const unsigned char *sig, size_t slen )
+int mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx,
+ const unsigned char *hash, size_t hlen,
+ const unsigned char *sig, size_t slen)
{
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( hash != NULL );
- ECDSA_VALIDATE_RET( sig != NULL );
- return( mbedtls_ecdsa_read_signature_restartable(
- ctx, hash, hlen, sig, slen, NULL ) );
+ ECDSA_VALIDATE_RET(ctx != NULL);
+ ECDSA_VALIDATE_RET(hash != NULL);
+ ECDSA_VALIDATE_RET(sig != NULL);
+ return mbedtls_ecdsa_read_signature_restartable(
+ ctx, hash, hlen, sig, slen, NULL);
}
/*
* Restartable read and check signature
*/
-int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
- const unsigned char *hash, size_t hlen,
- const unsigned char *sig, size_t slen,
- mbedtls_ecdsa_restart_ctx *rs_ctx )
+int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
+ const unsigned char *hash, size_t hlen,
+ const unsigned char *sig, size_t slen,
+ mbedtls_ecdsa_restart_ctx *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = (unsigned char *) sig;
const unsigned char *end = sig + slen;
size_t len;
mbedtls_mpi r, s;
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( hash != NULL );
- ECDSA_VALIDATE_RET( sig != NULL );
+ ECDSA_VALIDATE_RET(ctx != NULL);
+ ECDSA_VALIDATE_RET(hash != NULL);
+ ECDSA_VALIDATE_RET(sig != NULL);
- mbedtls_mpi_init( &r );
- mbedtls_mpi_init( &s );
+ mbedtls_mpi_init(&r);
+ mbedtls_mpi_init(&s);
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
- if( p + len != end )
- {
- ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ if (p + len != end) {
+ ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
goto cleanup;
}
- if( ( ret = mbedtls_asn1_get_mpi( &p, end, &r ) ) != 0 ||
- ( ret = mbedtls_asn1_get_mpi( &p, end, &s ) ) != 0 )
- {
+ if ((ret = mbedtls_asn1_get_mpi(&p, end, &r)) != 0 ||
+ (ret = mbedtls_asn1_get_mpi(&p, end, &s)) != 0) {
ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
#if defined(MBEDTLS_ECDSA_VERIFY_ALT)
(void) rs_ctx;
- if( ( ret = mbedtls_ecdsa_verify( &ctx->grp, hash, hlen,
- &ctx->Q, &r, &s ) ) != 0 )
+ if ((ret = mbedtls_ecdsa_verify(&ctx->grp, hash, hlen,
+ &ctx->Q, &r, &s)) != 0) {
goto cleanup;
+ }
#else
- if( ( ret = ecdsa_verify_restartable( &ctx->grp, hash, hlen,
- &ctx->Q, &r, &s, rs_ctx ) ) != 0 )
+ if ((ret = ecdsa_verify_restartable(&ctx->grp, hash, hlen,
+ &ctx->Q, &r, &s, rs_ctx)) != 0) {
goto cleanup;
+ }
#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
/* At this point we know that the buffer starts with a valid signature.
* Return 0 if the buffer just contains the signature, and a specific
* error code if the valid signature is followed by more data. */
- if( p != end )
+ if (p != end) {
ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH;
+ }
cleanup:
- mbedtls_mpi_free( &r );
- mbedtls_mpi_free( &s );
+ mbedtls_mpi_free(&r);
+ mbedtls_mpi_free(&s);
- return( ret );
+ return ret;
}
#if !defined(MBEDTLS_ECDSA_GENKEY_ALT)
/*
* Generate key pair
*/
-int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_ecdsa_genkey(mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
int ret = 0;
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( f_rng != NULL );
+ ECDSA_VALIDATE_RET(ctx != NULL);
+ ECDSA_VALIDATE_RET(f_rng != NULL);
- ret = mbedtls_ecp_group_load( &ctx->grp, gid );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_ecp_group_load(&ctx->grp, gid);
+ if (ret != 0) {
+ return ret;
+ }
- return( mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d,
- &ctx->Q, f_rng, p_rng ) );
+ return mbedtls_ecp_gen_keypair(&ctx->grp, &ctx->d,
+ &ctx->Q, f_rng, p_rng);
}
#endif /* !MBEDTLS_ECDSA_GENKEY_ALT */
/*
* Set context from an mbedtls_ecp_keypair
*/
-int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key )
+int mbedtls_ecdsa_from_keypair(mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( key != NULL );
+ ECDSA_VALIDATE_RET(ctx != NULL);
+ ECDSA_VALIDATE_RET(key != NULL);
- if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 ||
- ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 ||
- ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 )
- {
- mbedtls_ecdsa_free( ctx );
+ if ((ret = mbedtls_ecp_group_copy(&ctx->grp, &key->grp)) != 0 ||
+ (ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0 ||
+ (ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0) {
+ mbedtls_ecdsa_free(ctx);
}
- return( ret );
+ return ret;
}
/*
* Initialize context
*/
-void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx )
+void mbedtls_ecdsa_init(mbedtls_ecdsa_context *ctx)
{
- ECDSA_VALIDATE( ctx != NULL );
+ ECDSA_VALIDATE(ctx != NULL);
- mbedtls_ecp_keypair_init( ctx );
+ mbedtls_ecp_keypair_init(ctx);
}
/*
* Free context
*/
-void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx )
+void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_ecp_keypair_free( ctx );
+ mbedtls_ecp_keypair_free(ctx);
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
/*
* Initialize a restart context
*/
-void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx )
+void mbedtls_ecdsa_restart_init(mbedtls_ecdsa_restart_ctx *ctx)
{
- ECDSA_VALIDATE( ctx != NULL );
+ ECDSA_VALIDATE(ctx != NULL);
- mbedtls_ecp_restart_init( &ctx->ecp );
+ mbedtls_ecp_restart_init(&ctx->ecp);
ctx->ver = NULL;
ctx->sig = NULL;
@@ -980,24 +982,25 @@
/*
* Free the components of a restart context
*/
-void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx )
+void mbedtls_ecdsa_restart_free(mbedtls_ecdsa_restart_ctx *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_ecp_restart_free( &ctx->ecp );
+ mbedtls_ecp_restart_free(&ctx->ecp);
- ecdsa_restart_ver_free( ctx->ver );
- mbedtls_free( ctx->ver );
+ ecdsa_restart_ver_free(ctx->ver);
+ mbedtls_free(ctx->ver);
ctx->ver = NULL;
- ecdsa_restart_sig_free( ctx->sig );
- mbedtls_free( ctx->sig );
+ ecdsa_restart_sig_free(ctx->sig);
+ mbedtls_free(ctx->sig);
ctx->sig = NULL;
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
- ecdsa_restart_det_free( ctx->det );
- mbedtls_free( ctx->det );
+ ecdsa_restart_det_free(ctx->det);
+ mbedtls_free(ctx->det);
ctx->det = NULL;
#endif
}
diff --git a/library/ecjpake.c b/library/ecjpake.c
index fe0b9d9..3728d1a 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -35,10 +35,10 @@
#if !defined(MBEDTLS_ECJPAKE_ALT)
/* Parameter validation macros based on platform_util.h */
-#define ECJPAKE_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECJPAKE_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define ECJPAKE_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA)
+#define ECJPAKE_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
/*
* Convert a mbedtls_ecjpake_role to identifier string
@@ -48,206 +48,212 @@
"server"
};
-#define ID_MINE ( ecjpake_id[ ctx->role ] )
-#define ID_PEER ( ecjpake_id[ 1 - ctx->role ] )
+#define ID_MINE (ecjpake_id[ctx->role])
+#define ID_PEER (ecjpake_id[1 - ctx->role])
/*
* Initialize context
*/
-void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
+void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx)
{
- ECJPAKE_VALIDATE( ctx != NULL );
+ ECJPAKE_VALIDATE(ctx != NULL);
ctx->md_info = NULL;
- mbedtls_ecp_group_init( &ctx->grp );
+ mbedtls_ecp_group_init(&ctx->grp);
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
- mbedtls_ecp_point_init( &ctx->Xm1 );
- mbedtls_ecp_point_init( &ctx->Xm2 );
- mbedtls_ecp_point_init( &ctx->Xp1 );
- mbedtls_ecp_point_init( &ctx->Xp2 );
- mbedtls_ecp_point_init( &ctx->Xp );
+ mbedtls_ecp_point_init(&ctx->Xm1);
+ mbedtls_ecp_point_init(&ctx->Xm2);
+ mbedtls_ecp_point_init(&ctx->Xp1);
+ mbedtls_ecp_point_init(&ctx->Xp2);
+ mbedtls_ecp_point_init(&ctx->Xp);
- mbedtls_mpi_init( &ctx->xm1 );
- mbedtls_mpi_init( &ctx->xm2 );
- mbedtls_mpi_init( &ctx->s );
+ mbedtls_mpi_init(&ctx->xm1);
+ mbedtls_mpi_init(&ctx->xm2);
+ mbedtls_mpi_init(&ctx->s);
}
/*
* Free context
*/
-void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx )
+void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
ctx->md_info = NULL;
- mbedtls_ecp_group_free( &ctx->grp );
+ mbedtls_ecp_group_free(&ctx->grp);
- mbedtls_ecp_point_free( &ctx->Xm1 );
- mbedtls_ecp_point_free( &ctx->Xm2 );
- mbedtls_ecp_point_free( &ctx->Xp1 );
- mbedtls_ecp_point_free( &ctx->Xp2 );
- mbedtls_ecp_point_free( &ctx->Xp );
+ mbedtls_ecp_point_free(&ctx->Xm1);
+ mbedtls_ecp_point_free(&ctx->Xm2);
+ mbedtls_ecp_point_free(&ctx->Xp1);
+ mbedtls_ecp_point_free(&ctx->Xp2);
+ mbedtls_ecp_point_free(&ctx->Xp);
- mbedtls_mpi_free( &ctx->xm1 );
- mbedtls_mpi_free( &ctx->xm2 );
- mbedtls_mpi_free( &ctx->s );
+ mbedtls_mpi_free(&ctx->xm1);
+ mbedtls_mpi_free(&ctx->xm2);
+ mbedtls_mpi_free(&ctx->s);
}
/*
* Setup context
*/
-int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
- mbedtls_ecjpake_role role,
- mbedtls_md_type_t hash,
- mbedtls_ecp_group_id curve,
- const unsigned char *secret,
- size_t len )
+int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx,
+ mbedtls_ecjpake_role role,
+ mbedtls_md_type_t hash,
+ mbedtls_ecp_group_id curve,
+ const unsigned char *secret,
+ size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( role == MBEDTLS_ECJPAKE_CLIENT ||
- role == MBEDTLS_ECJPAKE_SERVER );
- ECJPAKE_VALIDATE_RET( secret != NULL || len == 0 );
+ ECJPAKE_VALIDATE_RET(ctx != NULL);
+ ECJPAKE_VALIDATE_RET(role == MBEDTLS_ECJPAKE_CLIENT ||
+ role == MBEDTLS_ECJPAKE_SERVER);
+ ECJPAKE_VALIDATE_RET(secret != NULL || len == 0);
ctx->role = role;
- if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL )
- return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
+ if ((ctx->md_info = mbedtls_md_info_from_type(hash)) == NULL) {
+ return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
+ }
- MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, curve ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&ctx->grp, curve));
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->s, secret, len ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->s, secret, len));
cleanup:
- if( ret != 0 )
- mbedtls_ecjpake_free( ctx );
+ if (ret != 0) {
+ mbedtls_ecjpake_free(ctx);
+ }
- return( ret );
+ return ret;
}
/*
* Check if context is ready for use
*/
-int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )
+int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx)
{
- ECJPAKE_VALIDATE_RET( ctx != NULL );
+ ECJPAKE_VALIDATE_RET(ctx != NULL);
- if( ctx->md_info == NULL ||
+ if (ctx->md_info == NULL ||
ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
- ctx->s.p == NULL )
- {
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ ctx->s.p == NULL) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
- return( 0 );
+ return 0;
}
/*
* Write a point plus its length to a buffer
*/
-static int ecjpake_write_len_point( unsigned char **p,
- const unsigned char *end,
- const mbedtls_ecp_group *grp,
- const int pf,
- const mbedtls_ecp_point *P )
+static int ecjpake_write_len_point(unsigned char **p,
+ const unsigned char *end,
+ const mbedtls_ecp_group *grp,
+ const int pf,
+ const mbedtls_ecp_point *P)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
/* Need at least 4 for length plus 1 for point */
- if( end < *p || end - *p < 5 )
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+ if (end < *p || end - *p < 5) {
+ return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+ }
- ret = mbedtls_ecp_point_write_binary( grp, P, pf,
- &len, *p + 4, end - ( *p + 4 ) );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_ecp_point_write_binary(grp, P, pf,
+ &len, *p + 4, end - (*p + 4));
+ if (ret != 0) {
+ return ret;
+ }
- MBEDTLS_PUT_UINT32_BE( len, *p, 0 );
+ MBEDTLS_PUT_UINT32_BE(len, *p, 0);
*p += 4 + len;
- return( 0 );
+ return 0;
}
/*
* Size of the temporary buffer for ecjpake_hash:
* 3 EC points plus their length, plus ID and its length (4 + 6 bytes)
*/
-#define ECJPAKE_HASH_BUF_LEN ( 3 * ( 4 + MBEDTLS_ECP_MAX_PT_LEN ) + 4 + 6 )
+#define ECJPAKE_HASH_BUF_LEN (3 * (4 + MBEDTLS_ECP_MAX_PT_LEN) + 4 + 6)
/*
* Compute hash for ZKP (7.4.2.2.2.1)
*/
-static int ecjpake_hash( const mbedtls_md_info_t *md_info,
- const mbedtls_ecp_group *grp,
- const int pf,
- const mbedtls_ecp_point *G,
- const mbedtls_ecp_point *V,
- const mbedtls_ecp_point *X,
- const char *id,
- mbedtls_mpi *h )
+static int ecjpake_hash(const mbedtls_md_info_t *md_info,
+ const mbedtls_ecp_group *grp,
+ const int pf,
+ const mbedtls_ecp_point *G,
+ const mbedtls_ecp_point *V,
+ const mbedtls_ecp_point *X,
+ const char *id,
+ mbedtls_mpi *h)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char buf[ECJPAKE_HASH_BUF_LEN];
unsigned char *p = buf;
- const unsigned char *end = buf + sizeof( buf );
- const size_t id_len = strlen( id );
+ const unsigned char *end = buf + sizeof(buf);
+ const size_t id_len = strlen(id);
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
/* Write things to temporary buffer */
- MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, G ) );
- MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, V ) );
- MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, X ) );
+ MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, G));
+ MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, V));
+ MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, X));
- if( end - p < 4 )
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+ if (end - p < 4) {
+ return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+ }
- MBEDTLS_PUT_UINT32_BE( id_len, p, 0 );
+ MBEDTLS_PUT_UINT32_BE(id_len, p, 0);
p += 4;
- if( end < p || (size_t)( end - p ) < id_len )
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+ if (end < p || (size_t) (end - p) < id_len) {
+ return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+ }
- memcpy( p, id, id_len );
+ memcpy(p, id, id_len);
p += id_len;
/* Compute hash */
- MBEDTLS_MPI_CHK( mbedtls_md( md_info, buf, p - buf, hash ) );
+ MBEDTLS_MPI_CHK(mbedtls_md(md_info, buf, p - buf, hash));
/* Turn it into an integer mod n */
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( h, hash,
- mbedtls_md_get_size( md_info ) ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( h, h, &grp->N ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(h, hash,
+ mbedtls_md_get_size(md_info)));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(h, h, &grp->N));
cleanup:
- return( ret );
+ return ret;
}
/*
* Parse a ECShnorrZKP (7.4.2.2.2) and verify it (7.4.2.3.3)
*/
-static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,
- const mbedtls_ecp_group *grp,
- const int pf,
- const mbedtls_ecp_point *G,
- const mbedtls_ecp_point *X,
- const char *id,
- const unsigned char **p,
- const unsigned char *end )
+static int ecjpake_zkp_read(const mbedtls_md_info_t *md_info,
+ const mbedtls_ecp_group *grp,
+ const int pf,
+ const mbedtls_ecp_point *G,
+ const mbedtls_ecp_point *X,
+ const char *id,
+ const unsigned char **p,
+ const unsigned char *end)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point V, VV;
mbedtls_mpi r, h;
size_t r_len;
- mbedtls_ecp_point_init( &V );
- mbedtls_ecp_point_init( &VV );
- mbedtls_mpi_init( &r );
- mbedtls_mpi_init( &h );
+ mbedtls_ecp_point_init(&V);
+ mbedtls_ecp_point_init(&VV);
+ mbedtls_mpi_init(&r);
+ mbedtls_mpi_init(&h);
/*
* struct {
@@ -255,64 +261,62 @@
* opaque r<1..2^8-1>;
* } ECSchnorrZKP;
*/
- if( end < *p )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (end < *p) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
- MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_point( grp, &V, p, end - *p ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, &V, p, end - *p));
- if( end < *p || (size_t)( end - *p ) < 1 )
- {
+ if (end < *p || (size_t) (end - *p) < 1) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
r_len = *(*p)++;
- if( end < *p || (size_t)( end - *p ) < r_len || r_len == 0 )
- {
+ if (end < *p || (size_t) (end - *p) < r_len || r_len == 0) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, *p, r_len ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&r, *p, r_len));
*p += r_len;
/*
* Verification
*/
- MBEDTLS_MPI_CHK( ecjpake_hash( md_info, grp, pf, G, &V, X, id, &h ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( (mbedtls_ecp_group *) grp,
- &VV, &h, X, &r, G ) );
+ MBEDTLS_MPI_CHK(ecjpake_hash(md_info, grp, pf, G, &V, X, id, &h));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_muladd((mbedtls_ecp_group *) grp,
+ &VV, &h, X, &r, G));
- if( mbedtls_ecp_point_cmp( &VV, &V ) != 0 )
- {
+ if (mbedtls_ecp_point_cmp(&VV, &V) != 0) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
cleanup:
- mbedtls_ecp_point_free( &V );
- mbedtls_ecp_point_free( &VV );
- mbedtls_mpi_free( &r );
- mbedtls_mpi_free( &h );
+ mbedtls_ecp_point_free(&V);
+ mbedtls_ecp_point_free(&VV);
+ mbedtls_mpi_free(&r);
+ mbedtls_mpi_free(&h);
- return( ret );
+ return ret;
}
/*
* Generate ZKP (7.4.2.3.2) and write it as ECSchnorrZKP (7.4.2.2.2)
*/
-static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
- const mbedtls_ecp_group *grp,
- const int pf,
- const mbedtls_ecp_point *G,
- const mbedtls_mpi *x,
- const mbedtls_ecp_point *X,
- const char *id,
- unsigned char **p,
- const unsigned char *end,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+static int ecjpake_zkp_write(const mbedtls_md_info_t *md_info,
+ const mbedtls_ecp_group *grp,
+ const int pf,
+ const mbedtls_ecp_point *G,
+ const mbedtls_mpi *x,
+ const mbedtls_ecp_point *X,
+ const char *id,
+ unsigned char **p,
+ const unsigned char *end,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point V;
@@ -320,62 +324,63 @@
mbedtls_mpi h; /* later recycled to hold r */
size_t len;
- if( end < *p )
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+ if (end < *p) {
+ return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+ }
- mbedtls_ecp_point_init( &V );
- mbedtls_mpi_init( &v );
- mbedtls_mpi_init( &h );
+ mbedtls_ecp_point_init(&V);
+ mbedtls_mpi_init(&v);
+ mbedtls_mpi_init(&h);
/* Compute signature */
- MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( (mbedtls_ecp_group *) grp,
- G, &v, &V, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( ecjpake_hash( md_info, grp, pf, G, &V, X, id, &h ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &h, &h, x ) ); /* x*h */
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &h, &v, &h ) ); /* v - x*h */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &h, &h, &grp->N ) ); /* r */
+ MBEDTLS_MPI_CHK(mbedtls_ecp_gen_keypair_base((mbedtls_ecp_group *) grp,
+ G, &v, &V, f_rng, p_rng));
+ MBEDTLS_MPI_CHK(ecjpake_hash(md_info, grp, pf, G, &V, X, id, &h));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&h, &h, x)); /* x*h */
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&h, &v, &h)); /* v - x*h */
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&h, &h, &grp->N)); /* r */
/* Write it out */
- MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( grp, &V,
- pf, &len, *p, end - *p ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(grp, &V,
+ pf, &len, *p, end - *p));
*p += len;
- len = mbedtls_mpi_size( &h ); /* actually r */
- if( end < *p || (size_t)( end - *p ) < 1 + len || len > 255 )
- {
+ len = mbedtls_mpi_size(&h); /* actually r */
+ if (end < *p || (size_t) (end - *p) < 1 + len || len > 255) {
ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
goto cleanup;
}
- *(*p)++ = MBEDTLS_BYTE_0( len );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, *p, len ) ); /* r */
+ *(*p)++ = MBEDTLS_BYTE_0(len);
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&h, *p, len)); /* r */
*p += len;
cleanup:
- mbedtls_ecp_point_free( &V );
- mbedtls_mpi_free( &v );
- mbedtls_mpi_free( &h );
+ mbedtls_ecp_point_free(&V);
+ mbedtls_mpi_free(&v);
+ mbedtls_mpi_free(&h);
- return( ret );
+ return ret;
}
/*
* Parse a ECJPAKEKeyKP (7.4.2.2.1) and check proof
* Output: verified public key X
*/
-static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info,
- const mbedtls_ecp_group *grp,
- const int pf,
- const mbedtls_ecp_point *G,
- mbedtls_ecp_point *X,
- const char *id,
- const unsigned char **p,
- const unsigned char *end )
+static int ecjpake_kkp_read(const mbedtls_md_info_t *md_info,
+ const mbedtls_ecp_group *grp,
+ const int pf,
+ const mbedtls_ecp_point *G,
+ mbedtls_ecp_point *X,
+ const char *id,
+ const unsigned char **p,
+ const unsigned char *end)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( end < *p )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (end < *p) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
/*
* struct {
@@ -383,69 +388,69 @@
* ECSchnorrZKP zkp;
* } ECJPAKEKeyKP;
*/
- MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_point( grp, X, p, end - *p ) );
- if( mbedtls_ecp_is_zero( X ) )
- {
+ MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, X, p, end - *p));
+ if (mbedtls_ecp_is_zero(X)) {
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
goto cleanup;
}
- MBEDTLS_MPI_CHK( ecjpake_zkp_read( md_info, grp, pf, G, X, id, p, end ) );
+ MBEDTLS_MPI_CHK(ecjpake_zkp_read(md_info, grp, pf, G, X, id, p, end));
cleanup:
- return( ret );
+ return ret;
}
/*
* Generate an ECJPAKEKeyKP
* Output: the serialized structure, plus private/public key pair
*/
-static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info,
- const mbedtls_ecp_group *grp,
- const int pf,
- const mbedtls_ecp_point *G,
- mbedtls_mpi *x,
- mbedtls_ecp_point *X,
- const char *id,
- unsigned char **p,
- const unsigned char *end,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+static int ecjpake_kkp_write(const mbedtls_md_info_t *md_info,
+ const mbedtls_ecp_group *grp,
+ const int pf,
+ const mbedtls_ecp_point *G,
+ mbedtls_mpi *x,
+ mbedtls_ecp_point *X,
+ const char *id,
+ unsigned char **p,
+ const unsigned char *end,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
- if( end < *p )
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+ if (end < *p) {
+ return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+ }
/* Generate key (7.4.2.3.1) and write it out */
- MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( (mbedtls_ecp_group *) grp, G, x, X,
- f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( grp, X,
- pf, &len, *p, end - *p ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_gen_keypair_base((mbedtls_ecp_group *) grp, G, x, X,
+ f_rng, p_rng));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(grp, X,
+ pf, &len, *p, end - *p));
*p += len;
/* Generate and write proof */
- MBEDTLS_MPI_CHK( ecjpake_zkp_write( md_info, grp, pf, G, x, X, id,
- p, end, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK(ecjpake_zkp_write(md_info, grp, pf, G, x, X, id,
+ p, end, f_rng, p_rng));
cleanup:
- return( ret );
+ return ret;
}
/*
* Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs
* Outputs: verified peer public keys Xa, Xb
*/
-static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info,
- const mbedtls_ecp_group *grp,
- const int pf,
- const mbedtls_ecp_point *G,
- mbedtls_ecp_point *Xa,
- mbedtls_ecp_point *Xb,
- const char *id,
- const unsigned char *buf,
- size_t len )
+static int ecjpake_kkpp_read(const mbedtls_md_info_t *md_info,
+ const mbedtls_ecp_group *grp,
+ const int pf,
+ const mbedtls_ecp_point *G,
+ mbedtls_ecp_point *Xa,
+ mbedtls_ecp_point *Xb,
+ const char *id,
+ const unsigned char *buf,
+ size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf;
@@ -456,114 +461,115 @@
* ECJPAKEKeyKP ecjpake_key_kp_pair_list[2];
* } ECJPAKEKeyKPPairList;
*/
- MBEDTLS_MPI_CHK( ecjpake_kkp_read( md_info, grp, pf, G, Xa, id, &p, end ) );
- MBEDTLS_MPI_CHK( ecjpake_kkp_read( md_info, grp, pf, G, Xb, id, &p, end ) );
+ MBEDTLS_MPI_CHK(ecjpake_kkp_read(md_info, grp, pf, G, Xa, id, &p, end));
+ MBEDTLS_MPI_CHK(ecjpake_kkp_read(md_info, grp, pf, G, Xb, id, &p, end));
- if( p != end )
+ if (p != end) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
cleanup:
- return( ret );
+ return ret;
}
/*
* Generate a ECJPAKEKeyKPPairList
* Outputs: the serialized structure, plus two private/public key pairs
*/
-static int ecjpake_kkpp_write( const mbedtls_md_info_t *md_info,
- const mbedtls_ecp_group *grp,
- const int pf,
- const mbedtls_ecp_point *G,
- mbedtls_mpi *xm1,
- mbedtls_ecp_point *Xa,
- mbedtls_mpi *xm2,
- mbedtls_ecp_point *Xb,
- const char *id,
- unsigned char *buf,
- size_t len,
- size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+static int ecjpake_kkpp_write(const mbedtls_md_info_t *md_info,
+ const mbedtls_ecp_group *grp,
+ const int pf,
+ const mbedtls_ecp_point *G,
+ mbedtls_mpi *xm1,
+ mbedtls_ecp_point *Xa,
+ mbedtls_mpi *xm2,
+ mbedtls_ecp_point *Xb,
+ const char *id,
+ unsigned char *buf,
+ size_t len,
+ size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
const unsigned char *end = buf + len;
- MBEDTLS_MPI_CHK( ecjpake_kkp_write( md_info, grp, pf, G, xm1, Xa, id,
- &p, end, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( ecjpake_kkp_write( md_info, grp, pf, G, xm2, Xb, id,
- &p, end, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK(ecjpake_kkp_write(md_info, grp, pf, G, xm1, Xa, id,
+ &p, end, f_rng, p_rng));
+ MBEDTLS_MPI_CHK(ecjpake_kkp_write(md_info, grp, pf, G, xm2, Xb, id,
+ &p, end, f_rng, p_rng));
*olen = p - buf;
cleanup:
- return( ret );
+ return ret;
}
/*
* Read and process the first round message
*/
-int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
- const unsigned char *buf,
- size_t len )
+int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx,
+ const unsigned char *buf,
+ size_t len)
{
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( buf != NULL );
+ ECJPAKE_VALIDATE_RET(ctx != NULL);
+ ECJPAKE_VALIDATE_RET(buf != NULL);
- return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, ctx->point_format,
- &ctx->grp.G,
- &ctx->Xp1, &ctx->Xp2, ID_PEER,
- buf, len ) );
+ return ecjpake_kkpp_read(ctx->md_info, &ctx->grp, ctx->point_format,
+ &ctx->grp.G,
+ &ctx->Xp1, &ctx->Xp2, ID_PEER,
+ buf, len);
}
/*
* Generate and write the first round message
*/
-int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
- unsigned char *buf, size_t len, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx,
+ unsigned char *buf, size_t len, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( buf != NULL );
- ECJPAKE_VALIDATE_RET( olen != NULL );
- ECJPAKE_VALIDATE_RET( f_rng != NULL );
+ ECJPAKE_VALIDATE_RET(ctx != NULL);
+ ECJPAKE_VALIDATE_RET(buf != NULL);
+ ECJPAKE_VALIDATE_RET(olen != NULL);
+ ECJPAKE_VALIDATE_RET(f_rng != NULL);
- return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, ctx->point_format,
- &ctx->grp.G,
- &ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
- ID_MINE, buf, len, olen, f_rng, p_rng ) );
+ return ecjpake_kkpp_write(ctx->md_info, &ctx->grp, ctx->point_format,
+ &ctx->grp.G,
+ &ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
+ ID_MINE, buf, len, olen, f_rng, p_rng);
}
/*
* Compute the sum of three points R = A + B + C
*/
-static int ecjpake_ecp_add3( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_ecp_point *A,
- const mbedtls_ecp_point *B,
- const mbedtls_ecp_point *C )
+static int ecjpake_ecp_add3(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_ecp_point *A,
+ const mbedtls_ecp_point *B,
+ const mbedtls_ecp_point *C)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi one;
- mbedtls_mpi_init( &one );
+ mbedtls_mpi_init(&one);
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &one, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, R, &one, A, &one, B ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, R, &one, R, &one, C ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&one, 1));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_muladd(grp, R, &one, A, &one, B));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_muladd(grp, R, &one, R, &one, C));
cleanup:
- mbedtls_mpi_free( &one );
+ mbedtls_mpi_free(&one);
- return( ret );
+ return ret;
}
/*
* Read and process second round message (C: 7.4.2.5, S: 7.4.2.6)
*/
-int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
- const unsigned char *buf,
- size_t len )
+int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx,
+ const unsigned char *buf,
+ size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf;
@@ -571,11 +577,11 @@
mbedtls_ecp_group grp;
mbedtls_ecp_point G; /* C: GB, S: GA */
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( buf != NULL );
+ ECJPAKE_VALIDATE_RET(ctx != NULL);
+ ECJPAKE_VALIDATE_RET(buf != NULL);
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecp_point_init( &G );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point_init(&G);
/*
* Server: GA = X3 + X4 + X1 (7.4.2.6.1)
@@ -583,8 +589,8 @@
* Unified: G = Xm1 + Xm2 + Xp1
* We need that before parsing in order to check Xp as we read it
*/
- MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G,
- &ctx->Xm1, &ctx->Xm2, &ctx->Xp1 ) );
+ MBEDTLS_MPI_CHK(ecjpake_ecp_add3(&ctx->grp, &G,
+ &ctx->Xm1, &ctx->Xm2, &ctx->Xp1));
/*
* struct {
@@ -592,71 +598,68 @@
* ECJPAKEKeyKP ecjpake_key_kp;
* } Client/ServerECJPAKEParams;
*/
- if( ctx->role == MBEDTLS_ECJPAKE_CLIENT )
- {
- MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_group( &grp, &p, len ) );
- if( grp.id != ctx->grp.id )
- {
+ if (ctx->role == MBEDTLS_ECJPAKE_CLIENT) {
+ MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_group(&grp, &p, len));
+ if (grp.id != ctx->grp.id) {
ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
goto cleanup;
}
}
- MBEDTLS_MPI_CHK( ecjpake_kkp_read( ctx->md_info, &ctx->grp,
- ctx->point_format,
- &G, &ctx->Xp, ID_PEER, &p, end ) );
+ MBEDTLS_MPI_CHK(ecjpake_kkp_read(ctx->md_info, &ctx->grp,
+ ctx->point_format,
+ &G, &ctx->Xp, ID_PEER, &p, end));
- if( p != end )
- {
+ if (p != end) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
cleanup:
- mbedtls_ecp_group_free( &grp );
- mbedtls_ecp_point_free( &G );
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&G);
- return( ret );
+ return ret;
}
/*
* Compute R = +/- X * S mod N, taking care not to leak S
*/
-static int ecjpake_mul_secret( mbedtls_mpi *R, int sign,
- const mbedtls_mpi *X,
- const mbedtls_mpi *S,
- const mbedtls_mpi *N,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+static int ecjpake_mul_secret(mbedtls_mpi *R, int sign,
+ const mbedtls_mpi *X,
+ const mbedtls_mpi *S,
+ const mbedtls_mpi *N,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi b; /* Blinding value, then s + N * blinding */
- mbedtls_mpi_init( &b );
+ mbedtls_mpi_init(&b);
/* b = s + rnd-128-bit * N */
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &b, 16, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &b, &b, N ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &b, &b, S ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&b, 16, f_rng, p_rng));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&b, &b, N));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&b, &b, S));
/* R = sign * X * b mod N */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( R, X, &b ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(R, X, &b));
R->s *= sign;
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( R, R, N ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(R, R, N));
cleanup:
- mbedtls_mpi_free( &b );
+ mbedtls_mpi_free(&b);
- return( ret );
+ return ret;
}
/*
* Generate and write the second round message (S: 7.4.2.5, C: 7.4.2.6)
*/
-int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
- unsigned char *buf, size_t len, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx,
+ unsigned char *buf, size_t len, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point G; /* C: GA, S: GB */
@@ -666,14 +669,14 @@
const unsigned char *end = buf + len;
size_t ec_len;
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( buf != NULL );
- ECJPAKE_VALIDATE_RET( olen != NULL );
- ECJPAKE_VALIDATE_RET( f_rng != NULL );
+ ECJPAKE_VALIDATE_RET(ctx != NULL);
+ ECJPAKE_VALIDATE_RET(buf != NULL);
+ ECJPAKE_VALIDATE_RET(olen != NULL);
+ ECJPAKE_VALIDATE_RET(f_rng != NULL);
- mbedtls_ecp_point_init( &G );
- mbedtls_ecp_point_init( &Xm );
- mbedtls_mpi_init( &xm );
+ mbedtls_ecp_point_init(&G);
+ mbedtls_ecp_point_init(&Xm);
+ mbedtls_mpi_init(&xm);
/*
* First generate private/public key pair (S: 7.4.2.5.1, C: 7.4.2.6.1)
@@ -682,11 +685,11 @@
* Server: GB = X3 + X1 + X2 | xs = x4 * s | Xs = xs * GB
* Unified: G = Xm1 + Xp1 + Xp2 | xm = xm2 * s | Xm = xm * G
*/
- MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G,
- &ctx->Xp1, &ctx->Xp2, &ctx->Xm1 ) );
- MBEDTLS_MPI_CHK( ecjpake_mul_secret( &xm, 1, &ctx->xm2, &ctx->s,
- &ctx->grp.N, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &Xm, &xm, &G, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK(ecjpake_ecp_add3(&ctx->grp, &G,
+ &ctx->Xp1, &ctx->Xp2, &ctx->Xm1));
+ MBEDTLS_MPI_CHK(ecjpake_mul_secret(&xm, 1, &ctx->xm2, &ctx->s,
+ &ctx->grp.N, f_rng, p_rng));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &Xm, &xm, &G, f_rng, p_rng));
/*
* Now write things out
@@ -696,49 +699,46 @@
* ECJPAKEKeyKP ecjpake_key_kp;
* } Client/ServerECJPAKEParams;
*/
- if( ctx->role == MBEDTLS_ECJPAKE_SERVER )
- {
- if( end < p )
- {
+ if (ctx->role == MBEDTLS_ECJPAKE_SERVER) {
+ if (end < p) {
ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_group( &ctx->grp, &ec_len,
- p, end - p ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_group(&ctx->grp, &ec_len,
+ p, end - p));
p += ec_len;
}
- if( end < p )
- {
+ if (end < p) {
ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( &ctx->grp, &Xm,
- ctx->point_format, &ec_len, p, end - p ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(&ctx->grp, &Xm,
+ ctx->point_format, &ec_len, p, end - p));
p += ec_len;
- MBEDTLS_MPI_CHK( ecjpake_zkp_write( ctx->md_info, &ctx->grp,
- ctx->point_format,
- &G, &xm, &Xm, ID_MINE,
- &p, end, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK(ecjpake_zkp_write(ctx->md_info, &ctx->grp,
+ ctx->point_format,
+ &G, &xm, &Xm, ID_MINE,
+ &p, end, f_rng, p_rng));
*olen = p - buf;
cleanup:
- mbedtls_ecp_point_free( &G );
- mbedtls_ecp_point_free( &Xm );
- mbedtls_mpi_free( &xm );
+ mbedtls_ecp_point_free(&G);
+ mbedtls_ecp_point_free(&Xm);
+ mbedtls_mpi_free(&xm);
- return( ret );
+ return ret;
}
/*
* Derive PMS (7.4.2.7 / 7.4.2.8)
*/
-int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
- unsigned char *buf, size_t len, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx,
+ unsigned char *buf, size_t len, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point K;
@@ -746,45 +746,46 @@
unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
size_t x_bytes;
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( buf != NULL );
- ECJPAKE_VALIDATE_RET( olen != NULL );
- ECJPAKE_VALIDATE_RET( f_rng != NULL );
+ ECJPAKE_VALIDATE_RET(ctx != NULL);
+ ECJPAKE_VALIDATE_RET(buf != NULL);
+ ECJPAKE_VALIDATE_RET(olen != NULL);
+ ECJPAKE_VALIDATE_RET(f_rng != NULL);
- *olen = mbedtls_md_get_size( ctx->md_info );
- if( len < *olen )
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+ *olen = mbedtls_md_get_size(ctx->md_info);
+ if (len < *olen) {
+ return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+ }
- mbedtls_ecp_point_init( &K );
- mbedtls_mpi_init( &m_xm2_s );
- mbedtls_mpi_init( &one );
+ mbedtls_ecp_point_init(&K);
+ mbedtls_mpi_init(&m_xm2_s);
+ mbedtls_mpi_init(&one);
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &one, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&one, 1));
/*
* Client: K = ( Xs - X4 * x2 * s ) * x2
* Server: K = ( Xc - X2 * x4 * s ) * x4
* Unified: K = ( Xp - Xp2 * xm2 * s ) * xm2
*/
- MBEDTLS_MPI_CHK( ecjpake_mul_secret( &m_xm2_s, -1, &ctx->xm2, &ctx->s,
- &ctx->grp.N, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( &ctx->grp, &K,
- &one, &ctx->Xp,
- &m_xm2_s, &ctx->Xp2 ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &K, &ctx->xm2, &K,
- f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK(ecjpake_mul_secret(&m_xm2_s, -1, &ctx->xm2, &ctx->s,
+ &ctx->grp.N, f_rng, p_rng));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_muladd(&ctx->grp, &K,
+ &one, &ctx->Xp,
+ &m_xm2_s, &ctx->Xp2));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &K, &ctx->xm2, &K,
+ f_rng, p_rng));
/* PMS = SHA-256( K.X ) */
- x_bytes = ( ctx->grp.pbits + 7 ) / 8;
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &K.X, kx, x_bytes ) );
- MBEDTLS_MPI_CHK( mbedtls_md( ctx->md_info, kx, x_bytes, buf ) );
+ x_bytes = (ctx->grp.pbits + 7) / 8;
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K.X, kx, x_bytes));
+ MBEDTLS_MPI_CHK(mbedtls_md(ctx->md_info, kx, x_bytes, buf));
cleanup:
- mbedtls_ecp_point_free( &K );
- mbedtls_mpi_free( &m_xm2_s );
- mbedtls_mpi_free( &one );
+ mbedtls_ecp_point_free(&K);
+ mbedtls_mpi_free(&m_xm2_s);
+ mbedtls_mpi_free(&one);
- return( ret );
+ return ret;
}
#undef ID_MINE
@@ -798,10 +799,10 @@
#if !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
!defined(MBEDTLS_SHA256_C)
-int mbedtls_ecjpake_self_test( int verbose )
+int mbedtls_ecjpake_self_test(int verbose)
{
(void) verbose;
- return( 0 );
+ return 0;
}
#else
@@ -939,59 +940,58 @@
};
/* Load my private keys and generate the corresponding public keys */
-static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
- const unsigned char *xm1, size_t len1,
- const unsigned char *xm2, size_t len2 )
+static int ecjpake_test_load(mbedtls_ecjpake_context *ctx,
+ const unsigned char *xm1, size_t len1,
+ const unsigned char *xm2, size_t len2)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm1, xm1, len1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm2, xm2, len2 ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm1, &ctx->xm1,
- &ctx->grp.G, NULL, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm2, &ctx->xm2,
- &ctx->grp.G, NULL, NULL ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->xm1, xm1, len1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->xm2, xm2, len2));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &ctx->Xm1, &ctx->xm1,
+ &ctx->grp.G, NULL, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &ctx->Xm2, &ctx->xm2,
+ &ctx->grp.G, NULL, NULL));
cleanup:
- return( ret );
+ return ret;
}
#endif /* ! MBEDTLS_ECJPAKE_ALT */
/* For tests we don't need a secure RNG;
* use the LGC from Numerical Recipes for simplicity */
-static int ecjpake_lgc( void *p, unsigned char *out, size_t len )
+static int ecjpake_lgc(void *p, unsigned char *out, size_t len)
{
static uint32_t x = 42;
(void) p;
- while( len > 0 )
- {
+ while (len > 0) {
size_t use_len = len > 4 ? 4 : len;
x = 1664525 * x + 1013904223;
- memcpy( out, &x, use_len );
+ memcpy(out, &x, use_len);
out += use_len;
len -= use_len;
}
- return( 0 );
+ return 0;
}
-#define TEST_ASSERT( x ) \
+#define TEST_ASSERT(x) \
do { \
- if( x ) \
- ret = 0; \
+ if (x) \
+ ret = 0; \
else \
{ \
ret = 1; \
goto cleanup; \
} \
- } while( 0 )
+ } while (0)
/*
* Checkup routine
*/
-int mbedtls_ecjpake_self_test( int verbose )
+int mbedtls_ecjpake_self_test(int verbose)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecjpake_context cli;
@@ -999,59 +999,63 @@
unsigned char buf[512], pms[32];
size_t len, pmslen;
- mbedtls_ecjpake_init( &cli );
- mbedtls_ecjpake_init( &srv );
+ mbedtls_ecjpake_init(&cli);
+ mbedtls_ecjpake_init(&srv);
- if( verbose != 0 )
- mbedtls_printf( " ECJPAKE test #0 (setup): " );
+ if (verbose != 0) {
+ mbedtls_printf(" ECJPAKE test #0 (setup): ");
+ }
- TEST_ASSERT( mbedtls_ecjpake_setup( &cli, MBEDTLS_ECJPAKE_CLIENT,
- MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
- ecjpake_test_password,
- sizeof( ecjpake_test_password ) ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_setup(&cli, MBEDTLS_ECJPAKE_CLIENT,
+ MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
+ ecjpake_test_password,
+ sizeof(ecjpake_test_password)) == 0);
- TEST_ASSERT( mbedtls_ecjpake_setup( &srv, MBEDTLS_ECJPAKE_SERVER,
- MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
- ecjpake_test_password,
- sizeof( ecjpake_test_password ) ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_setup(&srv, MBEDTLS_ECJPAKE_SERVER,
+ MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
+ ecjpake_test_password,
+ sizeof(ecjpake_test_password)) == 0);
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
- if( verbose != 0 )
- mbedtls_printf( " ECJPAKE test #1 (random handshake): " );
+ if (verbose != 0) {
+ mbedtls_printf(" ECJPAKE test #1 (random handshake): ");
+ }
- TEST_ASSERT( mbedtls_ecjpake_write_round_one( &cli,
- buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_write_round_one(&cli,
+ buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
- TEST_ASSERT( mbedtls_ecjpake_read_round_one( &srv, buf, len ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_read_round_one(&srv, buf, len) == 0);
- TEST_ASSERT( mbedtls_ecjpake_write_round_one( &srv,
- buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_write_round_one(&srv,
+ buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
- TEST_ASSERT( mbedtls_ecjpake_read_round_one( &cli, buf, len ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_read_round_one(&cli, buf, len) == 0);
- TEST_ASSERT( mbedtls_ecjpake_write_round_two( &srv,
- buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_write_round_two(&srv,
+ buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
- TEST_ASSERT( mbedtls_ecjpake_read_round_two( &cli, buf, len ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_read_round_two(&cli, buf, len) == 0);
- TEST_ASSERT( mbedtls_ecjpake_derive_secret( &cli,
- pms, sizeof( pms ), &pmslen, ecjpake_lgc, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_derive_secret(&cli,
+ pms, sizeof(pms), &pmslen, ecjpake_lgc, NULL) == 0);
- TEST_ASSERT( mbedtls_ecjpake_write_round_two( &cli,
- buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_write_round_two(&cli,
+ buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
- TEST_ASSERT( mbedtls_ecjpake_read_round_two( &srv, buf, len ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_read_round_two(&srv, buf, len) == 0);
- TEST_ASSERT( mbedtls_ecjpake_derive_secret( &srv,
- buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_derive_secret(&srv,
+ buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
- TEST_ASSERT( len == pmslen );
- TEST_ASSERT( memcmp( buf, pms, len ) == 0 );
+ TEST_ASSERT(len == pmslen);
+ TEST_ASSERT(memcmp(buf, pms, len) == 0);
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
#if !defined(MBEDTLS_ECJPAKE_ALT)
/* 'reference handshake' tests can only be run against implementations
@@ -1059,72 +1063,75 @@
* are generated. This is only the case for the internal mbed TLS
* implementation, so these tests are skipped in case the internal
* implementation is swapped out for an alternative one. */
- if( verbose != 0 )
- mbedtls_printf( " ECJPAKE test #2 (reference handshake): " );
+ if (verbose != 0) {
+ mbedtls_printf(" ECJPAKE test #2 (reference handshake): ");
+ }
/* Simulate generation of round one */
- MBEDTLS_MPI_CHK( ecjpake_test_load( &cli,
- ecjpake_test_x1, sizeof( ecjpake_test_x1 ),
- ecjpake_test_x2, sizeof( ecjpake_test_x2 ) ) );
+ MBEDTLS_MPI_CHK(ecjpake_test_load(&cli,
+ ecjpake_test_x1, sizeof(ecjpake_test_x1),
+ ecjpake_test_x2, sizeof(ecjpake_test_x2)));
- MBEDTLS_MPI_CHK( ecjpake_test_load( &srv,
- ecjpake_test_x3, sizeof( ecjpake_test_x3 ),
- ecjpake_test_x4, sizeof( ecjpake_test_x4 ) ) );
+ MBEDTLS_MPI_CHK(ecjpake_test_load(&srv,
+ ecjpake_test_x3, sizeof(ecjpake_test_x3),
+ ecjpake_test_x4, sizeof(ecjpake_test_x4)));
/* Read round one */
- TEST_ASSERT( mbedtls_ecjpake_read_round_one( &srv,
- ecjpake_test_cli_one,
- sizeof( ecjpake_test_cli_one ) ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_read_round_one(&srv,
+ ecjpake_test_cli_one,
+ sizeof(ecjpake_test_cli_one)) == 0);
- TEST_ASSERT( mbedtls_ecjpake_read_round_one( &cli,
- ecjpake_test_srv_one,
- sizeof( ecjpake_test_srv_one ) ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_read_round_one(&cli,
+ ecjpake_test_srv_one,
+ sizeof(ecjpake_test_srv_one)) == 0);
/* Skip generation of round two, read round two */
- TEST_ASSERT( mbedtls_ecjpake_read_round_two( &cli,
- ecjpake_test_srv_two,
- sizeof( ecjpake_test_srv_two ) ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_read_round_two(&cli,
+ ecjpake_test_srv_two,
+ sizeof(ecjpake_test_srv_two)) == 0);
- TEST_ASSERT( mbedtls_ecjpake_read_round_two( &srv,
- ecjpake_test_cli_two,
- sizeof( ecjpake_test_cli_two ) ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_read_round_two(&srv,
+ ecjpake_test_cli_two,
+ sizeof(ecjpake_test_cli_two)) == 0);
/* Server derives PMS */
- TEST_ASSERT( mbedtls_ecjpake_derive_secret( &srv,
- buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_derive_secret(&srv,
+ buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
- TEST_ASSERT( len == sizeof( ecjpake_test_pms ) );
- TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 );
+ TEST_ASSERT(len == sizeof(ecjpake_test_pms));
+ TEST_ASSERT(memcmp(buf, ecjpake_test_pms, len) == 0);
- memset( buf, 0, len ); /* Avoid interferences with next step */
+ memset(buf, 0, len); /* Avoid interferences with next step */
/* Client derives PMS */
- TEST_ASSERT( mbedtls_ecjpake_derive_secret( &cli,
- buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_derive_secret(&cli,
+ buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
- TEST_ASSERT( len == sizeof( ecjpake_test_pms ) );
- TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 );
+ TEST_ASSERT(len == sizeof(ecjpake_test_pms));
+ TEST_ASSERT(memcmp(buf, ecjpake_test_pms, len) == 0);
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
#endif /* ! MBEDTLS_ECJPAKE_ALT */
cleanup:
- mbedtls_ecjpake_free( &cli );
- mbedtls_ecjpake_free( &srv );
+ mbedtls_ecjpake_free(&cli);
+ mbedtls_ecjpake_free(&srv);
- if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (ret != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
- return( ret );
+ return ret;
}
#undef TEST_ASSERT
diff --git a/library/ecp.c b/library/ecp.c
index ad19e05..a029c22 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -85,10 +85,10 @@
#if !defined(MBEDTLS_ECP_ALT)
/* Parameter validation macros based on platform_util.h */
-#define ECP_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECP_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define ECP_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA)
+#define ECP_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
#include "mbedtls/platform.h"
@@ -100,7 +100,8 @@
#elif defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/ctr_drbg.h"
#else
-#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid."
+#error \
+ "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid."
#endif
#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */
@@ -137,49 +138,48 @@
typedef mbedtls_hmac_drbg_context ecp_drbg_context;
/* DRBG context init */
-static inline void ecp_drbg_init( ecp_drbg_context *ctx )
+static inline void ecp_drbg_init(ecp_drbg_context *ctx)
{
- mbedtls_hmac_drbg_init( ctx );
+ mbedtls_hmac_drbg_init(ctx);
}
/* DRBG context free */
-static inline void ecp_drbg_free( ecp_drbg_context *ctx )
+static inline void ecp_drbg_free(ecp_drbg_context *ctx)
{
- mbedtls_hmac_drbg_free( ctx );
+ mbedtls_hmac_drbg_free(ctx);
}
/* DRBG function */
-static inline int ecp_drbg_random( void *p_rng,
- unsigned char *output, size_t output_len )
+static inline int ecp_drbg_random(void *p_rng,
+ unsigned char *output, size_t output_len)
{
- return( mbedtls_hmac_drbg_random( p_rng, output, output_len ) );
+ return mbedtls_hmac_drbg_random(p_rng, output, output_len);
}
/* DRBG context seeding */
-static int ecp_drbg_seed( ecp_drbg_context *ctx,
- const mbedtls_mpi *secret, size_t secret_len )
+static int ecp_drbg_seed(ecp_drbg_context *ctx,
+ const mbedtls_mpi *secret, size_t secret_len)
{
int ret;
unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES];
/* The list starts with strong hashes */
const mbedtls_md_type_t md_type = mbedtls_md_list()[0];
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type );
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
- if( secret_len > MBEDTLS_ECP_MAX_BYTES )
- {
+ if (secret_len > MBEDTLS_ECP_MAX_BYTES) {
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret,
- secret_bytes, secret_len ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(secret,
+ secret_bytes, secret_len));
- ret = mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_bytes, secret_len );
+ ret = mbedtls_hmac_drbg_seed_buf(ctx, md_info, secret_bytes, secret_len);
cleanup:
- mbedtls_platform_zeroize( secret_bytes, secret_len );
+ mbedtls_platform_zeroize(secret_bytes, secret_len);
- return( ret );
+ return ret;
}
#elif defined(MBEDTLS_CTR_DRBG_C)
@@ -188,22 +188,22 @@
typedef mbedtls_ctr_drbg_context ecp_drbg_context;
/* DRBG context init */
-static inline void ecp_drbg_init( ecp_drbg_context *ctx )
+static inline void ecp_drbg_init(ecp_drbg_context *ctx)
{
- mbedtls_ctr_drbg_init( ctx );
+ mbedtls_ctr_drbg_init(ctx);
}
/* DRBG context free */
-static inline void ecp_drbg_free( ecp_drbg_context *ctx )
+static inline void ecp_drbg_free(ecp_drbg_context *ctx)
{
- mbedtls_ctr_drbg_free( ctx );
+ mbedtls_ctr_drbg_free(ctx);
}
/* DRBG function */
-static inline int ecp_drbg_random( void *p_rng,
- unsigned char *output, size_t output_len )
+static inline int ecp_drbg_random(void *p_rng,
+ unsigned char *output, size_t output_len)
{
- return( mbedtls_ctr_drbg_random( p_rng, output, output_len ) );
+ return mbedtls_ctr_drbg_random(p_rng, output, output_len);
}
/*
@@ -216,37 +216,37 @@
static int ecp_ctr_drbg_null_entropy(void *ctx, unsigned char *out, size_t len)
{
(void) ctx;
- memset( out, 0, len );
- return( 0 );
+ memset(out, 0, len);
+ return 0;
}
/* DRBG context seeding */
-static int ecp_drbg_seed( ecp_drbg_context *ctx,
- const mbedtls_mpi *secret, size_t secret_len )
+static int ecp_drbg_seed(ecp_drbg_context *ctx,
+ const mbedtls_mpi *secret, size_t secret_len)
{
int ret;
unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES];
- if( secret_len > MBEDTLS_ECP_MAX_BYTES )
- {
+ if (secret_len > MBEDTLS_ECP_MAX_BYTES) {
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret,
- secret_bytes, secret_len ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(secret,
+ secret_bytes, secret_len));
- ret = mbedtls_ctr_drbg_seed( ctx, ecp_ctr_drbg_null_entropy, NULL,
- secret_bytes, secret_len );
+ ret = mbedtls_ctr_drbg_seed(ctx, ecp_ctr_drbg_null_entropy, NULL,
+ secret_bytes, secret_len);
cleanup:
- mbedtls_platform_zeroize( secret_bytes, secret_len );
+ mbedtls_platform_zeroize(secret_bytes, secret_len);
- return( ret );
+ return ret;
}
#else
-#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid."
+#error \
+ "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid."
#endif /* DRBG modules */
#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */
@@ -266,7 +266,7 @@
/*
* Set ecp_max_ops
*/
-void mbedtls_ecp_set_max_ops( unsigned max_ops )
+void mbedtls_ecp_set_max_ops(unsigned max_ops)
{
ecp_max_ops = max_ops;
}
@@ -274,16 +274,15 @@
/*
* Check if restart is enabled
*/
-int mbedtls_ecp_restart_is_enabled( void )
+int mbedtls_ecp_restart_is_enabled(void)
{
- return( ecp_max_ops != 0 );
+ return ecp_max_ops != 0;
}
/*
* Restart sub-context for ecp_mul_comb()
*/
-struct mbedtls_ecp_restart_mul
-{
+struct mbedtls_ecp_restart_mul {
mbedtls_ecp_point R; /* current intermediate result */
size_t i; /* current index in various loops, 0 outside */
mbedtls_ecp_point *T; /* table for precomputed points */
@@ -306,15 +305,15 @@
/*
* Init restart_mul sub-context
*/
-static void ecp_restart_rsm_init( mbedtls_ecp_restart_mul_ctx *ctx )
+static void ecp_restart_rsm_init(mbedtls_ecp_restart_mul_ctx *ctx)
{
- mbedtls_ecp_point_init( &ctx->R );
+ mbedtls_ecp_point_init(&ctx->R);
ctx->i = 0;
ctx->T = NULL;
ctx->T_size = 0;
ctx->state = ecp_rsm_init;
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- ecp_drbg_init( &ctx->drbg_ctx );
+ ecp_drbg_init(&ctx->drbg_ctx);
ctx->drbg_seeded = 0;
#endif
}
@@ -322,34 +321,34 @@
/*
* Free the components of a restart_mul sub-context
*/
-static void ecp_restart_rsm_free( mbedtls_ecp_restart_mul_ctx *ctx )
+static void ecp_restart_rsm_free(mbedtls_ecp_restart_mul_ctx *ctx)
{
unsigned char i;
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_ecp_point_free( &ctx->R );
+ mbedtls_ecp_point_free(&ctx->R);
- if( ctx->T != NULL )
- {
- for( i = 0; i < ctx->T_size; i++ )
- mbedtls_ecp_point_free( ctx->T + i );
- mbedtls_free( ctx->T );
+ if (ctx->T != NULL) {
+ for (i = 0; i < ctx->T_size; i++) {
+ mbedtls_ecp_point_free(ctx->T + i);
+ }
+ mbedtls_free(ctx->T);
}
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- ecp_drbg_free( &ctx->drbg_ctx );
+ ecp_drbg_free(&ctx->drbg_ctx);
#endif
- ecp_restart_rsm_init( ctx );
+ ecp_restart_rsm_init(ctx);
}
/*
* Restart context for ecp_muladd()
*/
-struct mbedtls_ecp_restart_muladd
-{
+struct mbedtls_ecp_restart_muladd {
mbedtls_ecp_point mP; /* mP value */
mbedtls_ecp_point R; /* R intermediate result */
enum { /* what should we do next? */
@@ -363,33 +362,34 @@
/*
* Init restart_muladd sub-context
*/
-static void ecp_restart_ma_init( mbedtls_ecp_restart_muladd_ctx *ctx )
+static void ecp_restart_ma_init(mbedtls_ecp_restart_muladd_ctx *ctx)
{
- mbedtls_ecp_point_init( &ctx->mP );
- mbedtls_ecp_point_init( &ctx->R );
+ mbedtls_ecp_point_init(&ctx->mP);
+ mbedtls_ecp_point_init(&ctx->R);
ctx->state = ecp_rsma_mul1;
}
/*
* Free the components of a restart_muladd sub-context
*/
-static void ecp_restart_ma_free( mbedtls_ecp_restart_muladd_ctx *ctx )
+static void ecp_restart_ma_free(mbedtls_ecp_restart_muladd_ctx *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_ecp_point_free( &ctx->mP );
- mbedtls_ecp_point_free( &ctx->R );
+ mbedtls_ecp_point_free(&ctx->mP);
+ mbedtls_ecp_point_free(&ctx->R);
- ecp_restart_ma_init( ctx );
+ ecp_restart_ma_init(ctx);
}
/*
* Initialize a restart context
*/
-void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx )
+void mbedtls_ecp_restart_init(mbedtls_ecp_restart_ctx *ctx)
{
- ECP_VALIDATE( ctx != NULL );
+ ECP_VALIDATE(ctx != NULL);
ctx->ops_done = 0;
ctx->depth = 0;
ctx->rsm = NULL;
@@ -399,93 +399,93 @@
/*
* Free the components of a restart context
*/
-void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx )
+void mbedtls_ecp_restart_free(mbedtls_ecp_restart_ctx *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- ecp_restart_rsm_free( ctx->rsm );
- mbedtls_free( ctx->rsm );
+ ecp_restart_rsm_free(ctx->rsm);
+ mbedtls_free(ctx->rsm);
- ecp_restart_ma_free( ctx->ma );
- mbedtls_free( ctx->ma );
+ ecp_restart_ma_free(ctx->ma);
+ mbedtls_free(ctx->ma);
- mbedtls_ecp_restart_init( ctx );
+ mbedtls_ecp_restart_init(ctx);
}
/*
* Check if we can do the next step
*/
-int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
- mbedtls_ecp_restart_ctx *rs_ctx,
- unsigned ops )
+int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_restart_ctx *rs_ctx,
+ unsigned ops)
{
- ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET(grp != NULL);
- if( rs_ctx != NULL && ecp_max_ops != 0 )
- {
+ if (rs_ctx != NULL && ecp_max_ops != 0) {
/* scale depending on curve size: the chosen reference is 256-bit,
* and multiplication is quadratic. Round to the closest integer. */
- if( grp->pbits >= 512 )
+ if (grp->pbits >= 512) {
ops *= 4;
- else if( grp->pbits >= 384 )
+ } else if (grp->pbits >= 384) {
ops *= 2;
+ }
/* Avoid infinite loops: always allow first step.
* Because of that, however, it's not generally true
* that ops_done <= ecp_max_ops, so the check
* ops_done > ecp_max_ops below is mandatory. */
- if( ( rs_ctx->ops_done != 0 ) &&
- ( rs_ctx->ops_done > ecp_max_ops ||
- ops > ecp_max_ops - rs_ctx->ops_done ) )
- {
- return( MBEDTLS_ERR_ECP_IN_PROGRESS );
+ if ((rs_ctx->ops_done != 0) &&
+ (rs_ctx->ops_done > ecp_max_ops ||
+ ops > ecp_max_ops - rs_ctx->ops_done)) {
+ return MBEDTLS_ERR_ECP_IN_PROGRESS;
}
/* update running count */
rs_ctx->ops_done += ops;
}
- return( 0 );
+ return 0;
}
/* Call this when entering a function that needs its own sub-context */
-#define ECP_RS_ENTER( SUB ) do { \
- /* reset ops count for this call if top-level */ \
- if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) \
+#define ECP_RS_ENTER(SUB) do { \
+ /* reset ops count for this call if top-level */ \
+ if (rs_ctx != NULL && rs_ctx->depth++ == 0) \
rs_ctx->ops_done = 0; \
\
- /* set up our own sub-context if needed */ \
- if( mbedtls_ecp_restart_is_enabled() && \
- rs_ctx != NULL && rs_ctx->SUB == NULL ) \
- { \
- rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) ); \
- if( rs_ctx->SUB == NULL ) \
- return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); \
- \
- ecp_restart_## SUB ##_init( rs_ctx->SUB ); \
- } \
-} while( 0 )
+ /* set up our own sub-context if needed */ \
+ if (mbedtls_ecp_restart_is_enabled() && \
+ rs_ctx != NULL && rs_ctx->SUB == NULL) \
+ { \
+ rs_ctx->SUB = mbedtls_calloc(1, sizeof(*rs_ctx->SUB)); \
+ if (rs_ctx->SUB == NULL) \
+ return MBEDTLS_ERR_ECP_ALLOC_FAILED; \
+ \
+ ecp_restart_## SUB ##_init(rs_ctx->SUB); \
+ } \
+} while (0)
/* Call this when leaving a function that needs its own sub-context */
-#define ECP_RS_LEAVE( SUB ) do { \
- /* clear our sub-context when not in progress (done or error) */ \
- if( rs_ctx != NULL && rs_ctx->SUB != NULL && \
- ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) \
- { \
- ecp_restart_## SUB ##_free( rs_ctx->SUB ); \
- mbedtls_free( rs_ctx->SUB ); \
- rs_ctx->SUB = NULL; \
- } \
+#define ECP_RS_LEAVE(SUB) do { \
+ /* clear our sub-context when not in progress (done or error) */ \
+ if (rs_ctx != NULL && rs_ctx->SUB != NULL && \
+ ret != MBEDTLS_ERR_ECP_IN_PROGRESS) \
+ { \
+ ecp_restart_## SUB ##_free(rs_ctx->SUB); \
+ mbedtls_free(rs_ctx->SUB); \
+ rs_ctx->SUB = NULL; \
+ } \
\
- if( rs_ctx != NULL ) \
+ if (rs_ctx != NULL) \
rs_ctx->depth--; \
-} while( 0 )
+} while (0)
#else /* MBEDTLS_ECP_RESTARTABLE */
-#define ECP_RS_ENTER( sub ) (void) rs_ctx;
-#define ECP_RS_LEAVE( sub ) (void) rs_ctx;
+#define ECP_RS_ENTER(sub) (void) rs_ctx;
+#define ECP_RS_LEAVE(sub) (void) rs_ctx;
#endif /* MBEDTLS_ECP_RESTARTABLE */
@@ -545,35 +545,33 @@
{ MBEDTLS_ECP_DP_NONE, 0, 0, NULL },
};
-#define ECP_NB_CURVES sizeof( ecp_supported_curves ) / \
- sizeof( ecp_supported_curves[0] )
+#define ECP_NB_CURVES sizeof(ecp_supported_curves) / \
+ sizeof(ecp_supported_curves[0])
static mbedtls_ecp_group_id ecp_supported_grp_id[ECP_NB_CURVES];
/*
* List of supported curves and associated info
*/
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void )
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list(void)
{
- return( ecp_supported_curves );
+ return ecp_supported_curves;
}
/*
* List of supported curves, group ID only
*/
-const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void )
+const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list(void)
{
static int init_done = 0;
- if( ! init_done )
- {
+ if (!init_done) {
size_t i = 0;
const mbedtls_ecp_curve_info *curve_info;
- for( curve_info = mbedtls_ecp_curve_list();
+ for (curve_info = mbedtls_ecp_curve_list();
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++ )
- {
+ curve_info++) {
ecp_supported_grp_id[i++] = curve_info->grp_id;
}
ecp_supported_grp_id[i] = MBEDTLS_ECP_DP_NONE;
@@ -581,105 +579,108 @@
init_done = 1;
}
- return( ecp_supported_grp_id );
+ return ecp_supported_grp_id;
}
/*
* Get the curve info for the internal identifier
*/
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id )
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id(mbedtls_ecp_group_id grp_id)
{
const mbedtls_ecp_curve_info *curve_info;
- for( curve_info = mbedtls_ecp_curve_list();
+ for (curve_info = mbedtls_ecp_curve_list();
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++ )
- {
- if( curve_info->grp_id == grp_id )
- return( curve_info );
+ curve_info++) {
+ if (curve_info->grp_id == grp_id) {
+ return curve_info;
+ }
}
- return( NULL );
+ return NULL;
}
/*
* Get the curve info from the TLS identifier
*/
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id )
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id(uint16_t tls_id)
{
const mbedtls_ecp_curve_info *curve_info;
- for( curve_info = mbedtls_ecp_curve_list();
+ for (curve_info = mbedtls_ecp_curve_list();
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++ )
- {
- if( curve_info->tls_id == tls_id )
- return( curve_info );
+ curve_info++) {
+ if (curve_info->tls_id == tls_id) {
+ return curve_info;
+ }
}
- return( NULL );
+ return NULL;
}
/*
* Get the curve info from the name
*/
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name )
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name(const char *name)
{
const mbedtls_ecp_curve_info *curve_info;
- if( name == NULL )
- return( NULL );
-
- for( curve_info = mbedtls_ecp_curve_list();
- curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++ )
- {
- if( strcmp( curve_info->name, name ) == 0 )
- return( curve_info );
+ if (name == NULL) {
+ return NULL;
}
- return( NULL );
+ for (curve_info = mbedtls_ecp_curve_list();
+ curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+ curve_info++) {
+ if (strcmp(curve_info->name, name) == 0) {
+ return curve_info;
+ }
+ }
+
+ return NULL;
}
/*
* Get the type of a curve
*/
-mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp )
+mbedtls_ecp_curve_type mbedtls_ecp_get_type(const mbedtls_ecp_group *grp)
{
- if( grp->G.X.p == NULL )
- return( MBEDTLS_ECP_TYPE_NONE );
+ if (grp->G.X.p == NULL) {
+ return MBEDTLS_ECP_TYPE_NONE;
+ }
- if( grp->G.Y.p == NULL )
- return( MBEDTLS_ECP_TYPE_MONTGOMERY );
- else
- return( MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS );
+ if (grp->G.Y.p == NULL) {
+ return MBEDTLS_ECP_TYPE_MONTGOMERY;
+ } else {
+ return MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS;
+ }
}
/*
* Initialize (the components of) a point
*/
-void mbedtls_ecp_point_init( mbedtls_ecp_point *pt )
+void mbedtls_ecp_point_init(mbedtls_ecp_point *pt)
{
- ECP_VALIDATE( pt != NULL );
+ ECP_VALIDATE(pt != NULL);
- mbedtls_mpi_init( &pt->X );
- mbedtls_mpi_init( &pt->Y );
- mbedtls_mpi_init( &pt->Z );
+ mbedtls_mpi_init(&pt->X);
+ mbedtls_mpi_init(&pt->Y);
+ mbedtls_mpi_init(&pt->Z);
}
/*
* Initialize (the components of) a group
*/
-void mbedtls_ecp_group_init( mbedtls_ecp_group *grp )
+void mbedtls_ecp_group_init(mbedtls_ecp_group *grp)
{
- ECP_VALIDATE( grp != NULL );
+ ECP_VALIDATE(grp != NULL);
grp->id = MBEDTLS_ECP_DP_NONE;
- mbedtls_mpi_init( &grp->P );
- mbedtls_mpi_init( &grp->A );
- mbedtls_mpi_init( &grp->B );
- mbedtls_ecp_point_init( &grp->G );
- mbedtls_mpi_init( &grp->N );
+ mbedtls_mpi_init(&grp->P);
+ mbedtls_mpi_init(&grp->A);
+ mbedtls_mpi_init(&grp->B);
+ mbedtls_ecp_point_init(&grp->G);
+ mbedtls_mpi_init(&grp->N);
grp->pbits = 0;
grp->nbits = 0;
grp->h = 0;
@@ -694,297 +695,299 @@
/*
* Initialize (the components of) a key pair
*/
-void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key )
+void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key)
{
- ECP_VALIDATE( key != NULL );
+ ECP_VALIDATE(key != NULL);
- mbedtls_ecp_group_init( &key->grp );
- mbedtls_mpi_init( &key->d );
- mbedtls_ecp_point_init( &key->Q );
+ mbedtls_ecp_group_init(&key->grp);
+ mbedtls_mpi_init(&key->d);
+ mbedtls_ecp_point_init(&key->Q);
}
/*
* Unallocate (the components of) a point
*/
-void mbedtls_ecp_point_free( mbedtls_ecp_point *pt )
+void mbedtls_ecp_point_free(mbedtls_ecp_point *pt)
{
- if( pt == NULL )
+ if (pt == NULL) {
return;
+ }
- mbedtls_mpi_free( &( pt->X ) );
- mbedtls_mpi_free( &( pt->Y ) );
- mbedtls_mpi_free( &( pt->Z ) );
+ mbedtls_mpi_free(&(pt->X));
+ mbedtls_mpi_free(&(pt->Y));
+ mbedtls_mpi_free(&(pt->Z));
}
/*
* Unallocate (the components of) a group
*/
-void mbedtls_ecp_group_free( mbedtls_ecp_group *grp )
+void mbedtls_ecp_group_free(mbedtls_ecp_group *grp)
{
size_t i;
- if( grp == NULL )
+ if (grp == NULL) {
return;
-
- if( grp->h != 1 )
- {
- mbedtls_mpi_free( &grp->P );
- mbedtls_mpi_free( &grp->A );
- mbedtls_mpi_free( &grp->B );
- mbedtls_ecp_point_free( &grp->G );
- mbedtls_mpi_free( &grp->N );
}
- if( grp->T != NULL )
- {
- for( i = 0; i < grp->T_size; i++ )
- mbedtls_ecp_point_free( &grp->T[i] );
- mbedtls_free( grp->T );
+ if (grp->h != 1) {
+ mbedtls_mpi_free(&grp->P);
+ mbedtls_mpi_free(&grp->A);
+ mbedtls_mpi_free(&grp->B);
+ mbedtls_ecp_point_free(&grp->G);
+ mbedtls_mpi_free(&grp->N);
}
- mbedtls_platform_zeroize( grp, sizeof( mbedtls_ecp_group ) );
+ if (grp->T != NULL) {
+ for (i = 0; i < grp->T_size; i++) {
+ mbedtls_ecp_point_free(&grp->T[i]);
+ }
+ mbedtls_free(grp->T);
+ }
+
+ mbedtls_platform_zeroize(grp, sizeof(mbedtls_ecp_group));
}
/*
* Unallocate (the components of) a key pair
*/
-void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key )
+void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key)
{
- if( key == NULL )
+ if (key == NULL) {
return;
+ }
- mbedtls_ecp_group_free( &key->grp );
- mbedtls_mpi_free( &key->d );
- mbedtls_ecp_point_free( &key->Q );
+ mbedtls_ecp_group_free(&key->grp);
+ mbedtls_mpi_free(&key->d);
+ mbedtls_ecp_point_free(&key->Q);
}
/*
* Copy the contents of a point
*/
-int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
+int mbedtls_ecp_copy(mbedtls_ecp_point *P, const mbedtls_ecp_point *Q)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( Q != NULL );
+ ECP_VALIDATE_RET(P != NULL);
+ ECP_VALIDATE_RET(Q != NULL);
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->X, &Q->X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Y, &Q->Y ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Z, &Q->Z ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->X, &Q->X));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->Y, &Q->Y));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->Z, &Q->Z));
cleanup:
- return( ret );
+ return ret;
}
/*
* Copy the contents of a group object
*/
-int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src )
+int mbedtls_ecp_group_copy(mbedtls_ecp_group *dst, const mbedtls_ecp_group *src)
{
- ECP_VALIDATE_RET( dst != NULL );
- ECP_VALIDATE_RET( src != NULL );
+ ECP_VALIDATE_RET(dst != NULL);
+ ECP_VALIDATE_RET(src != NULL);
- return( mbedtls_ecp_group_load( dst, src->id ) );
+ return mbedtls_ecp_group_load(dst, src->id);
}
/*
* Set point to zero
*/
-int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt )
+int mbedtls_ecp_set_zero(mbedtls_ecp_point *pt)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( pt != NULL );
+ ECP_VALIDATE_RET(pt != NULL);
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Y , 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z , 0 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->X, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Y, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 0));
cleanup:
- return( ret );
+ return ret;
}
/*
* Tell if a point is zero
*/
-int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt )
+int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt)
{
- ECP_VALIDATE_RET( pt != NULL );
+ ECP_VALIDATE_RET(pt != NULL);
- return( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 );
+ return mbedtls_mpi_cmp_int(&pt->Z, 0) == 0;
}
/*
* Compare two points lazily
*/
-int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
- const mbedtls_ecp_point *Q )
+int mbedtls_ecp_point_cmp(const mbedtls_ecp_point *P,
+ const mbedtls_ecp_point *Q)
{
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( Q != NULL );
+ ECP_VALIDATE_RET(P != NULL);
+ ECP_VALIDATE_RET(Q != NULL);
- if( mbedtls_mpi_cmp_mpi( &P->X, &Q->X ) == 0 &&
- mbedtls_mpi_cmp_mpi( &P->Y, &Q->Y ) == 0 &&
- mbedtls_mpi_cmp_mpi( &P->Z, &Q->Z ) == 0 )
- {
- return( 0 );
+ if (mbedtls_mpi_cmp_mpi(&P->X, &Q->X) == 0 &&
+ mbedtls_mpi_cmp_mpi(&P->Y, &Q->Y) == 0 &&
+ mbedtls_mpi_cmp_mpi(&P->Z, &Q->Z) == 0) {
+ return 0;
}
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
/*
* Import a non-zero point from ASCII strings
*/
-int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
- const char *x, const char *y )
+int mbedtls_ecp_point_read_string(mbedtls_ecp_point *P, int radix,
+ const char *x, const char *y)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( x != NULL );
- ECP_VALIDATE_RET( y != NULL );
+ ECP_VALIDATE_RET(P != NULL);
+ ECP_VALIDATE_RET(x != NULL);
+ ECP_VALIDATE_RET(y != NULL);
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->X, radix, x ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->Y, radix, y ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P->X, radix, x));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P->Y, radix, y));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&P->Z, 1));
cleanup:
- return( ret );
+ return ret;
}
/*
* Export a point into unsigned binary data (SEC1 2.3.3 and RFC7748)
*/
-int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *P,
- int format, size_t *olen,
- unsigned char *buf, size_t buflen )
+int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp,
+ const mbedtls_ecp_point *P,
+ int format, size_t *olen,
+ unsigned char *buf, size_t buflen)
{
int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
size_t plen;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( olen != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED ||
- format == MBEDTLS_ECP_PF_COMPRESSED );
+ ECP_VALIDATE_RET(grp != NULL);
+ ECP_VALIDATE_RET(P != NULL);
+ ECP_VALIDATE_RET(olen != NULL);
+ ECP_VALIDATE_RET(buf != NULL);
+ ECP_VALIDATE_RET(format == MBEDTLS_ECP_PF_UNCOMPRESSED ||
+ format == MBEDTLS_ECP_PF_COMPRESSED);
- plen = mbedtls_mpi_size( &grp->P );
+ plen = mbedtls_mpi_size(&grp->P);
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
(void) format; /* Montgomery curves always use the same point format */
- if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
- {
+ if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
*olen = plen;
- if( buflen < *olen )
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+ if (buflen < *olen) {
+ return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+ }
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &P->X, buf, plen ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary_le(&P->X, buf, plen));
}
#endif
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
- if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
- {
+ if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
/*
* Common case: P == 0
*/
- if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
- {
- if( buflen < 1 )
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+ if (mbedtls_mpi_cmp_int(&P->Z, 0) == 0) {
+ if (buflen < 1) {
+ return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+ }
buf[0] = 0x00;
*olen = 1;
- return( 0 );
+ return 0;
}
- if( format == MBEDTLS_ECP_PF_UNCOMPRESSED )
- {
+ if (format == MBEDTLS_ECP_PF_UNCOMPRESSED) {
*olen = 2 * plen + 1;
- if( buflen < *olen )
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+ if (buflen < *olen) {
+ return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+ }
buf[0] = 0x04;
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->Y, buf + 1 + plen, plen ) );
- }
- else if( format == MBEDTLS_ECP_PF_COMPRESSED )
- {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->X, buf + 1, plen));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->Y, buf + 1 + plen, plen));
+ } else if (format == MBEDTLS_ECP_PF_COMPRESSED) {
*olen = plen + 1;
- if( buflen < *olen )
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+ if (buflen < *olen) {
+ return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+ }
- buf[0] = 0x02 + mbedtls_mpi_get_bit( &P->Y, 0 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
+ buf[0] = 0x02 + mbedtls_mpi_get_bit(&P->Y, 0);
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->X, buf + 1, plen));
}
}
#endif
cleanup:
- return( ret );
+ return ret;
}
/*
* Import a point from unsigned binary data (SEC1 2.3.4 and RFC7748)
*/
-int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *pt,
- const unsigned char *buf, size_t ilen )
+int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *pt,
+ const unsigned char *buf, size_t ilen)
{
int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
size_t plen;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( pt != NULL );
- ECP_VALIDATE_RET( buf != NULL );
+ ECP_VALIDATE_RET(grp != NULL);
+ ECP_VALIDATE_RET(pt != NULL);
+ ECP_VALIDATE_RET(buf != NULL);
- if( ilen < 1 )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (ilen < 1) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
- plen = mbedtls_mpi_size( &grp->P );
+ plen = mbedtls_mpi_size(&grp->P);
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
- if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
- {
- if( plen != ilen )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+ if (plen != ilen) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &pt->X, buf, plen ) );
- mbedtls_mpi_free( &pt->Y );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&pt->X, buf, plen));
+ mbedtls_mpi_free(&pt->Y);
- if( grp->id == MBEDTLS_ECP_DP_CURVE25519 )
+ if (grp->id == MBEDTLS_ECP_DP_CURVE25519) {
/* Set most significant bit to 0 as prescribed in RFC7748 §5 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &pt->X, plen * 8 - 1, 0 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&pt->X, plen * 8 - 1, 0));
+ }
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1));
}
#endif
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
- if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
- {
- if( buf[0] == 0x00 )
- {
- if( ilen == 1 )
- return( mbedtls_ecp_set_zero( pt ) );
- else
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
+ if (buf[0] == 0x00) {
+ if (ilen == 1) {
+ return mbedtls_ecp_set_zero(pt);
+ } else {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
}
- if( buf[0] != 0x04 )
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ if (buf[0] != 0x04) {
+ return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+ }
- if( ilen != 2 * plen + 1 )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (ilen != 2 * plen + 1) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->X, buf + 1, plen ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->Y,
- buf + 1 + plen, plen ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, buf + 1, plen));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->Y,
+ buf + 1 + plen, plen));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1));
}
#endif
cleanup:
- return( ret );
+ return ret;
}
/*
@@ -993,26 +996,28 @@
* opaque point <1..2^8-1>;
* } ECPoint;
*/
-int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *pt,
- const unsigned char **buf, size_t buf_len )
+int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *pt,
+ const unsigned char **buf, size_t buf_len)
{
unsigned char data_len;
const unsigned char *buf_start;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( pt != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( *buf != NULL );
+ ECP_VALIDATE_RET(grp != NULL);
+ ECP_VALIDATE_RET(pt != NULL);
+ ECP_VALIDATE_RET(buf != NULL);
+ ECP_VALIDATE_RET(*buf != NULL);
/*
* We must have at least two bytes (1 for length, at least one for data)
*/
- if( buf_len < 2 )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (buf_len < 2) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
data_len = *(*buf)++;
- if( data_len < 1 || data_len > buf_len - 1 )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (data_len < 1 || data_len > buf_len - 1) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
/*
* Save buffer start for read_binary and update buf
@@ -1020,7 +1025,7 @@
buf_start = *buf;
*buf += data_len;
- return( mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len ) );
+ return mbedtls_ecp_point_read_binary(grp, pt, buf_start, data_len);
}
/*
@@ -1029,27 +1034,29 @@
* opaque point <1..2^8-1>;
* } ECPoint;
*/
-int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
- int format, size_t *olen,
- unsigned char *buf, size_t blen )
+int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
+ int format, size_t *olen,
+ unsigned char *buf, size_t blen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( pt != NULL );
- ECP_VALIDATE_RET( olen != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED ||
- format == MBEDTLS_ECP_PF_COMPRESSED );
+ ECP_VALIDATE_RET(grp != NULL);
+ ECP_VALIDATE_RET(pt != NULL);
+ ECP_VALIDATE_RET(olen != NULL);
+ ECP_VALIDATE_RET(buf != NULL);
+ ECP_VALIDATE_RET(format == MBEDTLS_ECP_PF_UNCOMPRESSED ||
+ format == MBEDTLS_ECP_PF_COMPRESSED);
/*
* buffer length must be at least one, for our length byte
*/
- if( blen < 1 )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (blen < 1) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
- if( ( ret = mbedtls_ecp_point_write_binary( grp, pt, format,
- olen, buf + 1, blen - 1) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_ecp_point_write_binary(grp, pt, format,
+ olen, buf + 1, blen - 1)) != 0) {
+ return ret;
+ }
/*
* write length to the first byte and update total length
@@ -1057,51 +1064,54 @@
buf[0] = (unsigned char) *olen;
++*olen;
- return( 0 );
+ return 0;
}
/*
* Set a group from an ECParameters record (RFC 4492)
*/
-int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
- const unsigned char **buf, size_t len )
+int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp,
+ const unsigned char **buf, size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group_id grp_id;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( *buf != NULL );
+ ECP_VALIDATE_RET(grp != NULL);
+ ECP_VALIDATE_RET(buf != NULL);
+ ECP_VALIDATE_RET(*buf != NULL);
- if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, len ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, len)) != 0) {
+ return ret;
+ }
- return( mbedtls_ecp_group_load( grp, grp_id ) );
+ return mbedtls_ecp_group_load(grp, grp_id);
}
/*
* Read a group id from an ECParameters record (RFC 4492) and convert it to
* mbedtls_ecp_group_id.
*/
-int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp,
- const unsigned char **buf, size_t len )
+int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp,
+ const unsigned char **buf, size_t len)
{
uint16_t tls_id;
const mbedtls_ecp_curve_info *curve_info;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( *buf != NULL );
+ ECP_VALIDATE_RET(grp != NULL);
+ ECP_VALIDATE_RET(buf != NULL);
+ ECP_VALIDATE_RET(*buf != NULL);
/*
* We expect at least three bytes (see below)
*/
- if( len < 3 )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (len < 3) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
/*
* First byte is curve_type; only named_curve is handled
*/
- if( *(*buf)++ != MBEDTLS_ECP_TLS_NAMED_CURVE )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (*(*buf)++ != MBEDTLS_ECP_TLS_NAMED_CURVE) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
/*
* Next two bytes are the namedcurve value
@@ -1110,34 +1120,37 @@
tls_id <<= 8;
tls_id |= *(*buf)++;
- if( ( curve_info = mbedtls_ecp_curve_info_from_tls_id( tls_id ) ) == NULL )
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ if ((curve_info = mbedtls_ecp_curve_info_from_tls_id(tls_id)) == NULL) {
+ return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+ }
*grp = curve_info->grp_id;
- return( 0 );
+ return 0;
}
/*
* Write the ECParameters record corresponding to a group (RFC 4492)
*/
-int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
- unsigned char *buf, size_t blen )
+int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp, size_t *olen,
+ unsigned char *buf, size_t blen)
{
const mbedtls_ecp_curve_info *curve_info;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( olen != NULL );
+ ECP_VALIDATE_RET(grp != NULL);
+ ECP_VALIDATE_RET(buf != NULL);
+ ECP_VALIDATE_RET(olen != NULL);
- if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( grp->id ) ) == NULL )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if ((curve_info = mbedtls_ecp_curve_info_from_grp_id(grp->id)) == NULL) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
/*
* We are going to write 3 bytes (see below)
*/
*olen = 3;
- if( blen < *olen )
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+ if (blen < *olen) {
+ return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+ }
/*
* First byte is curve_type, always named_curve
@@ -1147,9 +1160,9 @@
/*
* Next two bytes are the namedcurve value
*/
- MBEDTLS_PUT_UINT16_BE( curve_info->tls_id, buf, 0 );
+ MBEDTLS_PUT_UINT16_BE(curve_info->tls_id, buf, 0);
- return( 0 );
+ return 0;
}
/*
@@ -1158,32 +1171,34 @@
*
* This function is in the critial loop for mbedtls_ecp_mul, so pay attention to perf.
*/
-static int ecp_modp( mbedtls_mpi *N, const mbedtls_ecp_group *grp )
+static int ecp_modp(mbedtls_mpi *N, const mbedtls_ecp_group *grp)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( grp->modp == NULL )
- return( mbedtls_mpi_mod_mpi( N, N, &grp->P ) );
-
- /* N->s < 0 is a much faster test, which fails only if N is 0 */
- if( ( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 ) ||
- mbedtls_mpi_bitlen( N ) > 2 * grp->pbits )
- {
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (grp->modp == NULL) {
+ return mbedtls_mpi_mod_mpi(N, N, &grp->P);
}
- MBEDTLS_MPI_CHK( grp->modp( N ) );
+ /* N->s < 0 is a much faster test, which fails only if N is 0 */
+ if ((N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) ||
+ mbedtls_mpi_bitlen(N) > 2 * grp->pbits) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
+
+ MBEDTLS_MPI_CHK(grp->modp(N));
/* N->s < 0 is a much faster test, which fails only if N is 0 */
- while( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &grp->P ) );
+ while (N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &grp->P));
+ }
- while( mbedtls_mpi_cmp_mpi( N, &grp->P ) >= 0 )
+ while (mbedtls_mpi_cmp_mpi(N, &grp->P) >= 0) {
/* we known P, N and the result are positive */
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, N, &grp->P ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(N, N, &grp->P));
+ }
cleanup:
- return( ret );
+ return ret;
}
/*
@@ -1205,50 +1220,50 @@
#define INC_MUL_COUNT
#endif
-#define MOD_MUL( N ) \
+#define MOD_MUL(N) \
do \
{ \
- MBEDTLS_MPI_CHK( ecp_modp( &(N), grp ) ); \
+ MBEDTLS_MPI_CHK(ecp_modp(&(N), grp)); \
INC_MUL_COUNT \
- } while( 0 )
+ } while (0)
-static inline int mbedtls_mpi_mul_mod( const mbedtls_ecp_group *grp,
- mbedtls_mpi *X,
- const mbedtls_mpi *A,
- const mbedtls_mpi *B )
+static inline int mbedtls_mpi_mul_mod(const mbedtls_ecp_group *grp,
+ mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ const mbedtls_mpi *B)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( X, A, B ) );
- MOD_MUL( *X );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(X, A, B));
+ MOD_MUL(*X);
cleanup:
- return( ret );
+ return ret;
}
/*
* Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_sub_mpi
* N->s < 0 is a very fast test, which fails only if N is 0
*/
-#define MOD_SUB( N ) \
- while( (N).s < 0 && mbedtls_mpi_cmp_int( &(N), 0 ) != 0 ) \
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &(N), &(N), &grp->P ) )
+#define MOD_SUB(N) \
+ while ((N).s < 0 && mbedtls_mpi_cmp_int(&(N), 0) != 0) \
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&(N), &(N), &grp->P))
-#if ( defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \
- !( defined(MBEDTLS_ECP_NO_FALLBACK) && \
- defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \
- defined(MBEDTLS_ECP_ADD_MIXED_ALT) ) ) || \
- ( defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) && \
- !( defined(MBEDTLS_ECP_NO_FALLBACK) && \
- defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) ) )
-static inline int mbedtls_mpi_sub_mod( const mbedtls_ecp_group *grp,
- mbedtls_mpi *X,
- const mbedtls_mpi *A,
- const mbedtls_mpi *B )
+#if (defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \
+ !(defined(MBEDTLS_ECP_NO_FALLBACK) && \
+ defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \
+ defined(MBEDTLS_ECP_ADD_MIXED_ALT))) || \
+ (defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) && \
+ !(defined(MBEDTLS_ECP_NO_FALLBACK) && \
+ defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)))
+static inline int mbedtls_mpi_sub_mod(const mbedtls_ecp_group *grp,
+ mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ const mbedtls_mpi *B)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( X, A, B ) );
- MOD_SUB( *X );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(X, A, B));
+ MOD_SUB(*X);
cleanup:
- return( ret );
+ return ret;
}
#endif /* All functions referencing mbedtls_mpi_sub_mod() are alt-implemented without fallback */
@@ -1257,37 +1272,38 @@
* We known P, N and the result are positive, so sub_abs is correct, and
* a bit faster.
*/
-#define MOD_ADD( N ) \
- while( mbedtls_mpi_cmp_mpi( &(N), &grp->P ) >= 0 ) \
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &(N), &(N), &grp->P ) )
+#define MOD_ADD(N) \
+ while (mbedtls_mpi_cmp_mpi(&(N), &grp->P) >= 0) \
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(&(N), &(N), &grp->P))
-static inline int mbedtls_mpi_add_mod( const mbedtls_ecp_group *grp,
- mbedtls_mpi *X,
- const mbedtls_mpi *A,
- const mbedtls_mpi *B )
+static inline int mbedtls_mpi_add_mod(const mbedtls_ecp_group *grp,
+ mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ const mbedtls_mpi *B)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, A, B ) );
- MOD_ADD( *X );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(X, A, B));
+ MOD_ADD(*X);
cleanup:
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \
- !( defined(MBEDTLS_ECP_NO_FALLBACK) && \
- defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \
- defined(MBEDTLS_ECP_ADD_MIXED_ALT) )
-static inline int mbedtls_mpi_shift_l_mod( const mbedtls_ecp_group *grp,
- mbedtls_mpi *X,
- size_t count )
+ !(defined(MBEDTLS_ECP_NO_FALLBACK) && \
+ defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \
+ defined(MBEDTLS_ECP_ADD_MIXED_ALT))
+static inline int mbedtls_mpi_shift_l_mod(const mbedtls_ecp_group *grp,
+ mbedtls_mpi *X,
+ size_t count)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( X, count ) );
- MOD_ADD( *X );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(X, count));
+ MOD_ADD(*X);
cleanup:
- return( ret );
+ return ret;
}
-#endif /* All functions referencing mbedtls_mpi_shift_l_mod() are alt-implemented without fallback */
+#endif \
+ /* All functions referencing mbedtls_mpi_shift_l_mod() are alt-implemented without fallback */
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
/*
@@ -1302,46 +1318,48 @@
* Normalize jacobian coordinates so that Z == 0 || Z == 1 (GECC 3.2.1)
* Cost: 1N := 1I + 3M + 1S
*/
-static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt )
+static int ecp_normalize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt)
{
- if( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 )
- return( 0 );
+ if (mbedtls_mpi_cmp_int(&pt->Z, 0) == 0) {
+ return 0;
+ }
#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
- if( mbedtls_internal_ecp_grp_capable( grp ) )
- return( mbedtls_internal_ecp_normalize_jac( grp, pt ) );
+ if (mbedtls_internal_ecp_grp_capable(grp)) {
+ return mbedtls_internal_ecp_normalize_jac(grp, pt);
+ }
#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi Zi, ZZi;
- mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi );
+ mbedtls_mpi_init(&Zi); mbedtls_mpi_init(&ZZi);
/*
* X = X / Z^2 mod p
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &Zi, &pt->Z, &grp->P ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ZZi, &Zi, &Zi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->X, &pt->X, &ZZi ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&Zi, &pt->Z, &grp->P));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &ZZi, &Zi, &Zi));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->X, &pt->X, &ZZi));
/*
* Y = Y / Z^3 mod p
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &ZZi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &Zi ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->Y, &pt->Y, &ZZi));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->Y, &pt->Y, &Zi));
/*
* Z = 1
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1));
cleanup:
- mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi );
+ mbedtls_mpi_free(&Zi); mbedtls_mpi_free(&ZZi);
- return( ret );
+ return ret;
#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) */
}
@@ -1356,68 +1374,68 @@
*
* Cost: 1N(t) := 1I + (6t - 3)M + 1S
*/
-static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *T[], size_t T_size )
+static int ecp_normalize_jac_many(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *T[], size_t T_size)
{
- if( T_size < 2 )
- return( ecp_normalize_jac( grp, *T ) );
+ if (T_size < 2) {
+ return ecp_normalize_jac(grp, *T);
+ }
#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
- if( mbedtls_internal_ecp_grp_capable( grp ) )
- return( mbedtls_internal_ecp_normalize_jac_many( grp, T, T_size ) );
+ if (mbedtls_internal_ecp_grp_capable(grp)) {
+ return mbedtls_internal_ecp_normalize_jac_many(grp, T, T_size);
+ }
#endif
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
mbedtls_mpi *c, u, Zi, ZZi;
- if( ( c = mbedtls_calloc( T_size, sizeof( mbedtls_mpi ) ) ) == NULL )
- return( MBEDTLS_ERR_ECP_ALLOC_FAILED );
+ if ((c = mbedtls_calloc(T_size, sizeof(mbedtls_mpi))) == NULL) {
+ return MBEDTLS_ERR_ECP_ALLOC_FAILED;
+ }
- for( i = 0; i < T_size; i++ )
- mbedtls_mpi_init( &c[i] );
+ for (i = 0; i < T_size; i++) {
+ mbedtls_mpi_init(&c[i]);
+ }
- mbedtls_mpi_init( &u ); mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi );
+ mbedtls_mpi_init(&u); mbedtls_mpi_init(&Zi); mbedtls_mpi_init(&ZZi);
/*
* c[i] = Z_0 * ... * Z_i
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &c[0], &T[0]->Z ) );
- for( i = 1; i < T_size; i++ )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &c[i], &c[i-1], &T[i]->Z ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&c[0], &T[0]->Z));
+ for (i = 1; i < T_size; i++) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &c[i], &c[i-1], &T[i]->Z));
}
/*
* u = 1 / (Z_0 * ... * Z_n) mod P
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &u, &c[T_size-1], &grp->P ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&u, &c[T_size-1], &grp->P));
- for( i = T_size - 1; ; i-- )
- {
+ for (i = T_size - 1;; i--) {
/*
* Zi = 1 / Z_i mod p
* u = 1 / (Z_0 * ... * Z_i) mod P
*/
- if( i == 0 ) {
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Zi, &u ) );
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &Zi, &u, &c[i-1] ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &u, &u, &T[i]->Z ) );
+ if (i == 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Zi, &u));
+ } else {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &Zi, &u, &c[i-1]));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &u, &u, &T[i]->Z));
}
/*
* proceed as in normalize()
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ZZi, &Zi, &Zi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->X, &T[i]->X, &ZZi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->Y, &T[i]->Y, &ZZi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->Y, &T[i]->Y, &Zi ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &ZZi, &Zi, &Zi));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T[i]->X, &T[i]->X, &ZZi));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T[i]->Y, &T[i]->Y, &ZZi));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T[i]->Y, &T[i]->Y, &Zi));
/*
* Post-precessing: reclaim some memory by shrinking coordinates
@@ -1425,22 +1443,24 @@
* - shrinking other coordinates, but still keeping the same number of
* limbs as P, as otherwise it will too likely be regrown too fast.
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->X, grp->P.n ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->Y, grp->P.n ) );
- mbedtls_mpi_free( &T[i]->Z );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->X, grp->P.n));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->Y, grp->P.n));
+ mbedtls_mpi_free(&T[i]->Z);
- if( i == 0 )
+ if (i == 0) {
break;
+ }
}
cleanup:
- mbedtls_mpi_free( &u ); mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi );
- for( i = 0; i < T_size; i++ )
- mbedtls_mpi_free( &c[i] );
- mbedtls_free( c );
+ mbedtls_mpi_free(&u); mbedtls_mpi_free(&Zi); mbedtls_mpi_free(&ZZi);
+ for (i = 0; i < T_size; i++) {
+ mbedtls_mpi_free(&c[i]);
+ }
+ mbedtls_free(c);
- return( ret );
+ return ret;
#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) */
}
@@ -1448,25 +1468,25 @@
* Conditional point inversion: Q -> -Q = (Q.X, -Q.Y, Q.Z) without leak.
* "inv" must be 0 (don't invert) or 1 (invert) or the result will be invalid
*/
-static int ecp_safe_invert_jac( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *Q,
- unsigned char inv )
+static int ecp_safe_invert_jac(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *Q,
+ unsigned char inv)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char nonzero;
mbedtls_mpi mQY;
- mbedtls_mpi_init( &mQY );
+ mbedtls_mpi_init(&mQY);
/* Use the fact that -Q.Y mod P = P - Q.Y unless Q.Y == 0 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mQY, &grp->P, &Q->Y ) );
- nonzero = mbedtls_mpi_cmp_int( &Q->Y, 0 ) != 0;
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &Q->Y, &mQY, inv & nonzero ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&mQY, &grp->P, &Q->Y));
+ nonzero = mbedtls_mpi_cmp_int(&Q->Y, 0) != 0;
+ MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&Q->Y, &mQY, inv & nonzero));
cleanup:
- mbedtls_mpi_free( &mQY );
+ mbedtls_mpi_free(&mQY);
- return( ret );
+ return ret;
}
/*
@@ -1483,85 +1503,82 @@
* 4M + 4S (A == -3)
* 3M + 6S + 1a otherwise
*/
-static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_ecp_point *P )
+static int ecp_double_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_ecp_point *P)
{
#if defined(MBEDTLS_SELF_TEST)
dbl_count++;
#endif
#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
- if( mbedtls_internal_ecp_grp_capable( grp ) )
- return( mbedtls_internal_ecp_double_jac( grp, R, P ) );
+ if (mbedtls_internal_ecp_grp_capable(grp)) {
+ return mbedtls_internal_ecp_double_jac(grp, R, P);
+ }
#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi M, S, T, U;
- mbedtls_mpi_init( &M ); mbedtls_mpi_init( &S ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &U );
+ mbedtls_mpi_init(&M); mbedtls_mpi_init(&S); mbedtls_mpi_init(&T); mbedtls_mpi_init(&U);
/* Special case for A = -3 */
- if( grp->A.p == NULL )
- {
+ if (grp->A.p == NULL) {
/* M = 3(X + Z^2)(X - Z^2) */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->Z, &P->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &T, &P->X, &S ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &U, &P->X, &S ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &T, &U ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M );
- }
- else
- {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &P->Z, &P->Z));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &T, &P->X, &S));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &U, &P->X, &S));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &T, &U));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&M, &S, 3)); MOD_ADD(M);
+ } else {
/* M = 3.X^2 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->X, &P->X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &P->X, &P->X));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&M, &S, 3)); MOD_ADD(M);
/* Optimize away for "koblitz" curves with A = 0 */
- if( mbedtls_mpi_cmp_int( &grp->A, 0 ) != 0 )
- {
+ if (mbedtls_mpi_cmp_int(&grp->A, 0) != 0) {
/* M += A.Z^4 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->Z, &P->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &S, &S ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &T, &grp->A ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &M, &M, &S ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &P->Z, &P->Z));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T, &S, &S));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &T, &grp->A));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &M, &M, &S));
}
}
/* S = 4.X.Y^2 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &P->Y, &P->Y ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->X, &T ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &S, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T, &P->Y, &P->Y));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &T, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &P->X, &T));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &S, 1));
/* U = 8.Y^4 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U, &T, &T ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &U, &T, &T));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &U, 1));
/* T = M^2 - 2.S */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &M, &M ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T, &T, &S ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T, &T, &S ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T, &M, &M));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T, &T, &S));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T, &T, &S));
/* S = M(S - T) - U */
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S, &S, &T ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &S, &M ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S, &S, &U ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &S, &S, &T));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &S, &M));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &S, &S, &U));
/* U = 2.Y.Z */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U, &P->Y, &P->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &U, &P->Y, &P->Z));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &U, 1));
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &T ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &S ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &U ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->X, &T));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->Y, &S));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->Z, &U));
cleanup:
- mbedtls_mpi_free( &M ); mbedtls_mpi_free( &S ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &U );
+ mbedtls_mpi_free(&M); mbedtls_mpi_free(&S); mbedtls_mpi_free(&T); mbedtls_mpi_free(&U);
- return( ret );
+ return ret;
#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) */
}
@@ -1583,20 +1600,21 @@
*
* Cost: 1A := 8M + 3S
*/
-static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
+static int ecp_add_mixed(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q)
{
#if defined(MBEDTLS_SELF_TEST)
add_count++;
#endif
#if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
- if( mbedtls_internal_ecp_grp_capable( grp ) )
- return( mbedtls_internal_ecp_add_mixed( grp, R, P, Q ) );
+ if (mbedtls_internal_ecp_grp_capable(grp)) {
+ return mbedtls_internal_ecp_add_mixed(grp, R, P, Q);
+ }
#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_ADD_MIXED_ALT)
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi T1, T2, T3, T4, X, Y, Z;
@@ -1604,67 +1622,66 @@
/*
* Trivial cases: P == 0 or Q == 0 (case 1)
*/
- if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
- return( mbedtls_ecp_copy( R, Q ) );
+ if (mbedtls_mpi_cmp_int(&P->Z, 0) == 0) {
+ return mbedtls_ecp_copy(R, Q);
+ }
- if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 0 ) == 0 )
- return( mbedtls_ecp_copy( R, P ) );
+ if (Q->Z.p != NULL && mbedtls_mpi_cmp_int(&Q->Z, 0) == 0) {
+ return mbedtls_ecp_copy(R, P);
+ }
/*
* Make sure Q coordinates are normalized
*/
- if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 1 ) != 0 )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (Q->Z.p != NULL && mbedtls_mpi_cmp_int(&Q->Z, 1) != 0) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
- mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); mbedtls_mpi_init( &T3 ); mbedtls_mpi_init( &T4 );
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
+ mbedtls_mpi_init(&T1); mbedtls_mpi_init(&T2); mbedtls_mpi_init(&T3); mbedtls_mpi_init(&T4);
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z);
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T1, &P->Z, &P->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T2, &T1, &P->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T1, &T1, &Q->X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T2, &T2, &Q->Y ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T1, &T1, &P->X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T2, &T2, &P->Y ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T1, &P->Z, &P->Z));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T2, &T1, &P->Z));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T1, &T1, &Q->X));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T2, &T2, &Q->Y));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T1, &T1, &P->X));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T2, &T2, &P->Y));
/* Special cases (2) and (3) */
- if( mbedtls_mpi_cmp_int( &T1, 0 ) == 0 )
- {
- if( mbedtls_mpi_cmp_int( &T2, 0 ) == 0 )
- {
- ret = ecp_double_jac( grp, R, P );
+ if (mbedtls_mpi_cmp_int(&T1, 0) == 0) {
+ if (mbedtls_mpi_cmp_int(&T2, 0) == 0) {
+ ret = ecp_double_jac(grp, R, P);
goto cleanup;
- }
- else
- {
- ret = mbedtls_ecp_set_zero( R );
+ } else {
+ ret = mbedtls_ecp_set_zero(R);
goto cleanup;
}
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &Z, &P->Z, &T1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T1, &T1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4, &T3, &T1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T3, &P->X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &T3 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T1, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &X, &T2, &T2 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X, &X, &T1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X, &X, &T4 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T3, &T3, &X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T3, &T2 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4, &T4, &P->Y ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &Y, &T3, &T4 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &Z, &P->Z, &T1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T3, &T1, &T1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T4, &T3, &T1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T3, &T3, &P->X));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&T1, &T3));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &T1, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &X, &T2, &T2));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &X, &X, &T1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &X, &X, &T4));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T3, &T3, &X));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T3, &T3, &T2));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T4, &T4, &P->Y));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &Y, &T3, &T4));
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &Y ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &Z ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->X, &X));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->Y, &Y));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->Z, &Z));
cleanup:
- mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 ); mbedtls_mpi_free( &T3 ); mbedtls_mpi_free( &T4 );
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
+ mbedtls_mpi_free(&T1); mbedtls_mpi_free(&T2); mbedtls_mpi_free(&T3); mbedtls_mpi_free(&T4);
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z);
- return( ret );
+ return ret;
#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_ADD_MIXED_ALT) */
}
@@ -1675,42 +1692,44 @@
*
* This countermeasure was first suggested in [2].
*/
-static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int ecp_randomize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
- if( mbedtls_internal_ecp_grp_capable( grp ) )
- return( mbedtls_internal_ecp_randomize_jac( grp, pt, f_rng, p_rng ) );
+ if (mbedtls_internal_ecp_grp_capable(grp)) {
+ return mbedtls_internal_ecp_randomize_jac(grp, pt, f_rng, p_rng);
+ }
#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi l, ll;
- mbedtls_mpi_init( &l ); mbedtls_mpi_init( &ll );
+ mbedtls_mpi_init(&l); mbedtls_mpi_init(&ll);
/* Generate l such that 1 < l < p */
- MBEDTLS_MPI_CHK( mbedtls_mpi_random( &l, 2, &grp->P, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_random(&l, 2, &grp->P, f_rng, p_rng));
/* Z = l * Z */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Z, &pt->Z, &l ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->Z, &pt->Z, &l));
/* X = l^2 * X */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ll, &l, &l ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->X, &pt->X, &ll ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &ll, &l, &l));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->X, &pt->X, &ll));
/* Y = l^3 * Y */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ll, &ll, &l ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &ll ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &ll, &ll, &l));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->Y, &pt->Y, &ll));
cleanup:
- mbedtls_mpi_free( &l ); mbedtls_mpi_free( &ll );
+ mbedtls_mpi_free(&l); mbedtls_mpi_free(&ll);
- if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+ if (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) {
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
- return( ret );
+ }
+ return ret;
#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) */
}
@@ -1722,10 +1741,10 @@
#endif
/* d = ceil( n / w ) */
-#define COMB_MAX_D ( MBEDTLS_ECP_MAX_BITS + 1 ) / 2
+#define COMB_MAX_D (MBEDTLS_ECP_MAX_BITS + 1) / 2
/* number of precomputed points */
-#define COMB_MAX_PRE ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
+#define COMB_MAX_PRE (1 << (MBEDTLS_ECP_WINDOW_SIZE - 1))
/*
* Compute the representation of m that will be used with our comb method.
@@ -1774,32 +1793,33 @@
* - m is the MPI, expected to be odd and such that bitlength(m) <= w * d
* (the result will be incorrect if these assumptions are not satisfied)
*/
-static void ecp_comb_recode_core( unsigned char x[], size_t d,
- unsigned char w, const mbedtls_mpi *m )
+static void ecp_comb_recode_core(unsigned char x[], size_t d,
+ unsigned char w, const mbedtls_mpi *m)
{
size_t i, j;
unsigned char c, cc, adjust;
- memset( x, 0, d+1 );
+ memset(x, 0, d+1);
/* First get the classical comb values (except for x_d = 0) */
- for( i = 0; i < d; i++ )
- for( j = 0; j < w; j++ )
- x[i] |= mbedtls_mpi_get_bit( m, i + d * j ) << j;
+ for (i = 0; i < d; i++) {
+ for (j = 0; j < w; j++) {
+ x[i] |= mbedtls_mpi_get_bit(m, i + d * j) << j;
+ }
+ }
/* Now make sure x_1 .. x_d are odd */
c = 0;
- for( i = 1; i <= d; i++ )
- {
+ for (i = 1; i <= d; i++) {
/* Add carry and update it */
cc = x[i] & c;
x[i] = x[i] ^ c;
c = cc;
/* Adjust if needed, avoiding branches */
- adjust = 1 - ( x[i] & 0x01 );
- c |= x[i] & ( x[i-1] * adjust );
- x[i] = x[i] ^ ( x[i-1] * adjust );
+ adjust = 1 - (x[i] & 0x01);
+ c |= x[i] & (x[i-1] * adjust);
+ x[i] = x[i] ^ (x[i-1] * adjust);
x[i-1] |= adjust << 7;
}
}
@@ -1838,36 +1858,38 @@
* value, it's useful to set MBEDTLS_ECP_WINDOW_SIZE to a lower value in order
* to minimize maximum blocking time.
*/
-static int ecp_precompute_comb( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point T[], const mbedtls_ecp_point *P,
- unsigned char w, size_t d,
- mbedtls_ecp_restart_ctx *rs_ctx )
+static int ecp_precompute_comb(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point T[], const mbedtls_ecp_point *P,
+ unsigned char w, size_t d,
+ mbedtls_ecp_restart_ctx *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char i;
size_t j = 0;
- const unsigned char T_size = 1U << ( w - 1 );
+ const unsigned char T_size = 1U << (w - 1);
mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1];
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->rsm != NULL )
- {
- if( rs_ctx->rsm->state == ecp_rsm_pre_dbl )
+ if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
+ if (rs_ctx->rsm->state == ecp_rsm_pre_dbl) {
goto dbl;
- if( rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl )
+ }
+ if (rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl) {
goto norm_dbl;
- if( rs_ctx->rsm->state == ecp_rsm_pre_add )
+ }
+ if (rs_ctx->rsm->state == ecp_rsm_pre_add) {
goto add;
- if( rs_ctx->rsm->state == ecp_rsm_pre_norm_add )
+ }
+ if (rs_ctx->rsm->state == ecp_rsm_pre_norm_add) {
goto norm_add;
+ }
}
#else
(void) rs_ctx;
#endif
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->rsm != NULL )
- {
+ if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
rs_ctx->rsm->state = ecp_rsm_pre_dbl;
/* initial state for the loop */
@@ -1880,31 +1902,32 @@
* Set T[0] = P and
* T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value)
*/
- MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&T[0], P));
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 )
+ if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0) {
j = rs_ctx->rsm->i;
- else
+ } else
#endif
- j = 0;
+ j = 0;
- for( ; j < d * ( w - 1 ); j++ )
- {
- MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL );
+ for (; j < d * (w - 1); j++) {
+ MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_DBL);
- i = 1U << ( j / d );
+ i = 1U << (j / d);
cur = T + i;
- if( j % d == 0 )
- MBEDTLS_MPI_CHK( mbedtls_ecp_copy( cur, T + ( i >> 1 ) ) );
+ if (j % d == 0) {
+ MBEDTLS_MPI_CHK(mbedtls_ecp_copy(cur, T + (i >> 1)));
+ }
- MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) );
+ MBEDTLS_MPI_CHK(ecp_double_jac(grp, cur, cur));
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+ if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
rs_ctx->rsm->state = ecp_rsm_pre_norm_dbl;
+ }
norm_dbl:
#endif
@@ -1913,16 +1936,18 @@
* use an auxiliary array of pointers to elements in T.
*/
j = 0;
- for( i = 1; i < T_size; i <<= 1 )
+ for (i = 1; i < T_size; i <<= 1) {
TT[j++] = T + i;
+ }
- MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 );
+ MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV + 6 * j - 2);
- MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) );
+ MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j));
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+ if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
rs_ctx->rsm->state = ecp_rsm_pre_add;
+ }
add:
#endif
@@ -1930,18 +1955,19 @@
* Compute the remaining ones using the minimal number of additions
* Be careful to update T[2^l] only after using it!
*/
- MBEDTLS_ECP_BUDGET( ( T_size - 1 ) * MBEDTLS_ECP_OPS_ADD );
+ MBEDTLS_ECP_BUDGET((T_size - 1) * MBEDTLS_ECP_OPS_ADD);
- for( i = 1; i < T_size; i <<= 1 )
- {
+ for (i = 1; i < T_size; i <<= 1) {
j = i;
- while( j-- )
- MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) );
+ while (j--) {
+ MBEDTLS_MPI_CHK(ecp_add_mixed(grp, &T[i + j], &T[j], &T[i]));
+ }
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+ if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
rs_ctx->rsm->state = ecp_rsm_pre_norm_add;
+ }
norm_add:
#endif
@@ -1950,24 +1976,25 @@
* still need the auxiliary array for homogeneity with the previous
* call. Also, skip T[0] which is already normalised, being a copy of P.
*/
- for( j = 0; j + 1 < T_size; j++ )
+ for (j = 0; j + 1 < T_size; j++) {
TT[j] = T + j + 1;
+ }
- MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 );
+ MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV + 6 * j - 2);
- MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) );
+ MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j));
cleanup:
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->rsm != NULL &&
- ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
- {
- if( rs_ctx->rsm->state == ecp_rsm_pre_dbl )
+ if (rs_ctx != NULL && rs_ctx->rsm != NULL &&
+ ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
+ if (rs_ctx->rsm->state == ecp_rsm_pre_dbl) {
rs_ctx->rsm->i = j;
+ }
}
#endif
- return( ret );
+ return ret;
}
/*
@@ -1975,28 +2002,27 @@
*
* See ecp_comb_recode_core() for background
*/
-static int ecp_select_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_ecp_point T[], unsigned char T_size,
- unsigned char i )
+static int ecp_select_comb(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_ecp_point T[], unsigned char T_size,
+ unsigned char i)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char ii, j;
/* Ignore the "sign" bit and scale down */
- ii = ( i & 0x7Fu ) >> 1;
+ ii = (i & 0x7Fu) >> 1;
/* Read the whole table to thwart cache-based timing attacks */
- for( j = 0; j < T_size; j++ )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->X, &T[j].X, j == ii ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->Y, &T[j].Y, j == ii ) );
+ for (j = 0; j < T_size; j++) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&R->X, &T[j].X, j == ii));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&R->Y, &T[j].Y, j == ii));
}
/* Safely invert result if i is "negative" */
- MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, i >> 7 ) );
+ MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, R, i >> 7));
cleanup:
- return( ret );
+ return ret;
}
/*
@@ -2005,78 +2031,75 @@
*
* Cost: d A + d D + 1 R
*/
-static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_ecp_point T[], unsigned char T_size,
- const unsigned char x[], size_t d,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_ecp_restart_ctx *rs_ctx )
+static int ecp_mul_comb_core(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_ecp_point T[], unsigned char T_size,
+ const unsigned char x[], size_t d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_ecp_restart_ctx *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point Txi;
size_t i;
- mbedtls_ecp_point_init( &Txi );
+ mbedtls_ecp_point_init(&Txi);
#if !defined(MBEDTLS_ECP_RESTARTABLE)
(void) rs_ctx;
#endif
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->rsm != NULL &&
- rs_ctx->rsm->state != ecp_rsm_comb_core )
- {
+ if (rs_ctx != NULL && rs_ctx->rsm != NULL &&
+ rs_ctx->rsm->state != ecp_rsm_comb_core) {
rs_ctx->rsm->i = 0;
rs_ctx->rsm->state = ecp_rsm_comb_core;
}
/* new 'if' instead of nested for the sake of the 'else' branch */
- if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 )
- {
+ if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0) {
/* restore current index (R already pointing to rs_ctx->rsm->R) */
i = rs_ctx->rsm->i;
- }
- else
+ } else
#endif
{
/* Start with a non-zero point and randomize its coordinates */
i = d;
- MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) );
+ MBEDTLS_MPI_CHK(ecp_select_comb(grp, R, T, T_size, x[i]));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&R->Z, 1));
int have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- if( f_rng == NULL )
+ if (f_rng == NULL) {
have_rng = 0;
+ }
#endif
- if( have_rng )
- MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) );
+ if (have_rng) {
+ MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, R, f_rng, p_rng));
+ }
}
- while( i != 0 )
- {
- MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD );
+ while (i != 0) {
+ MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD);
--i;
- MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R ) );
- MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, T_size, x[i] ) );
- MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi ) );
+ MBEDTLS_MPI_CHK(ecp_double_jac(grp, R, R));
+ MBEDTLS_MPI_CHK(ecp_select_comb(grp, &Txi, T, T_size, x[i]));
+ MBEDTLS_MPI_CHK(ecp_add_mixed(grp, R, R, &Txi));
}
cleanup:
- mbedtls_ecp_point_free( &Txi );
+ mbedtls_ecp_point_free(&Txi);
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->rsm != NULL &&
- ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
- {
+ if (rs_ctx != NULL && rs_ctx->rsm != NULL &&
+ ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
rs_ctx->rsm->i = i;
/* no need to save R, already pointing to rs_ctx->rsm->R */
}
#endif
- return( ret );
+ return ret;
}
/*
@@ -2091,39 +2114,40 @@
*
* See ecp_comb_recode_core() for background.
*/
-static int ecp_comb_recode_scalar( const mbedtls_ecp_group *grp,
- const mbedtls_mpi *m,
- unsigned char k[COMB_MAX_D + 1],
- size_t d,
- unsigned char w,
- unsigned char *parity_trick )
+static int ecp_comb_recode_scalar(const mbedtls_ecp_group *grp,
+ const mbedtls_mpi *m,
+ unsigned char k[COMB_MAX_D + 1],
+ size_t d,
+ unsigned char w,
+ unsigned char *parity_trick)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi M, mm;
- mbedtls_mpi_init( &M );
- mbedtls_mpi_init( &mm );
+ mbedtls_mpi_init(&M);
+ mbedtls_mpi_init(&mm);
/* N is always odd (see above), just make extra sure */
- if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ if (mbedtls_mpi_get_bit(&grp->N, 0) != 1) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
/* do we need the parity trick? */
- *parity_trick = ( mbedtls_mpi_get_bit( m, 0 ) == 0 );
+ *parity_trick = (mbedtls_mpi_get_bit(m, 0) == 0);
/* execute parity fix in constant time */
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &M, m ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &M, &mm, *parity_trick ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&M, m));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&mm, &grp->N, m));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&M, &mm, *parity_trick));
/* actual scalar recoding */
- ecp_comb_recode_core( k, d, w, &M );
+ ecp_comb_recode_core(k, d, w, &M);
cleanup:
- mbedtls_mpi_free( &mm );
- mbedtls_mpi_free( &M );
+ mbedtls_mpi_free(&mm);
+ mbedtls_mpi_free(&M);
- return( ret );
+ return ret;
}
/*
@@ -2133,16 +2157,16 @@
* Scalar recoding may use a parity trick that makes us compute -m * P,
* if that is the case we'll need to recover m * P at the end.
*/
-static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *R,
- const mbedtls_mpi *m,
- const mbedtls_ecp_point *T,
- unsigned char T_size,
- unsigned char w,
- size_t d,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_ecp_restart_ctx *rs_ctx )
+static int ecp_mul_comb_after_precomp(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *R,
+ const mbedtls_mpi *m,
+ const mbedtls_ecp_point *T,
+ unsigned char T_size,
+ unsigned char w,
+ size_t d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_ecp_restart_ctx *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char parity_trick;
@@ -2150,27 +2174,28 @@
mbedtls_ecp_point *RR = R;
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->rsm != NULL )
- {
+ if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
RR = &rs_ctx->rsm->R;
- if( rs_ctx->rsm->state == ecp_rsm_final_norm )
+ if (rs_ctx->rsm->state == ecp_rsm_final_norm) {
goto final_norm;
+ }
}
#endif
- MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w,
- &parity_trick ) );
- MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, T_size, k, d,
- f_rng, p_rng, rs_ctx ) );
- MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) );
+ MBEDTLS_MPI_CHK(ecp_comb_recode_scalar(grp, m, k, d, w,
+ &parity_trick));
+ MBEDTLS_MPI_CHK(ecp_mul_comb_core(grp, RR, T, T_size, k, d,
+ f_rng, p_rng, rs_ctx));
+ MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, RR, parity_trick));
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+ if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
rs_ctx->rsm->state = ecp_rsm_final_norm;
+ }
final_norm:
- MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV );
+ MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV);
#endif
/*
* Knowledge of the jacobian coordinates may leak the last few bits of the
@@ -2185,28 +2210,31 @@
*/
int have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- if( f_rng == NULL )
+ if (f_rng == NULL) {
have_rng = 0;
+ }
#endif
- if( have_rng )
- MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) );
+ if (have_rng) {
+ MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, RR, f_rng, p_rng));
+ }
- MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) );
+ MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, RR));
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->rsm != NULL )
- MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, RR ) );
+ if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, RR));
+ }
#endif
cleanup:
- return( ret );
+ return ret;
}
/*
* Pick window size based on curve size and whether we optimize for base point
*/
-static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp,
- unsigned char p_eq_g )
+static unsigned char ecp_pick_window_size(const mbedtls_ecp_group *grp,
+ unsigned char p_eq_g)
{
unsigned char w;
@@ -2222,21 +2250,24 @@
* Just adding one avoids upping the cost of the first mul too much,
* and the memory cost too.
*/
- if( p_eq_g )
+ if (p_eq_g) {
w++;
+ }
/*
* Make sure w is within bounds.
* (The last test is useful only for very small curves in the test suite.)
*/
-#if( MBEDTLS_ECP_WINDOW_SIZE < 6 )
- if( w > MBEDTLS_ECP_WINDOW_SIZE )
+#if (MBEDTLS_ECP_WINDOW_SIZE < 6)
+ if (w > MBEDTLS_ECP_WINDOW_SIZE) {
w = MBEDTLS_ECP_WINDOW_SIZE;
+ }
#endif
- if( w >= grp->nbits )
+ if (w >= grp->nbits) {
w = 2;
+ }
- return( w );
+ return w;
}
/*
@@ -2252,11 +2283,11 @@
*
* See comments on ecp_comb_recode_core() regarding the computation strategy.
*/
-static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_ecp_restart_ctx *rs_ctx )
+static int ecp_mul_comb(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_ecp_restart_ctx *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char w, p_eq_g, i;
@@ -2266,64 +2297,61 @@
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
ecp_drbg_context drbg_ctx;
- ecp_drbg_init( &drbg_ctx );
+ ecp_drbg_init(&drbg_ctx);
#endif
- ECP_RS_ENTER( rsm );
+ ECP_RS_ENTER(rsm);
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- if( f_rng == NULL )
- {
+ if (f_rng == NULL) {
/* Adjust pointers */
f_rng = &ecp_drbg_random;
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+ if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
p_rng = &rs_ctx->rsm->drbg_ctx;
- else
+ } else
#endif
- p_rng = &drbg_ctx;
+ p_rng = &drbg_ctx;
/* Initialize internal DRBG if necessary */
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx == NULL || rs_ctx->rsm == NULL ||
- rs_ctx->rsm->drbg_seeded == 0 )
+ if (rs_ctx == NULL || rs_ctx->rsm == NULL ||
+ rs_ctx->rsm->drbg_seeded == 0)
#endif
{
- const size_t m_len = ( grp->nbits + 7 ) / 8;
- MBEDTLS_MPI_CHK( ecp_drbg_seed( p_rng, m, m_len ) );
+ const size_t m_len = (grp->nbits + 7) / 8;
+ MBEDTLS_MPI_CHK(ecp_drbg_seed(p_rng, m, m_len));
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+ if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
rs_ctx->rsm->drbg_seeded = 1;
+ }
#endif
}
#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
/* Is P the base point ? */
#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
- p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
- mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 );
+ p_eq_g = (mbedtls_mpi_cmp_mpi(&P->Y, &grp->G.Y) == 0 &&
+ mbedtls_mpi_cmp_mpi(&P->X, &grp->G.X) == 0);
#else
p_eq_g = 0;
#endif
/* Pick window size and deduce related sizes */
- w = ecp_pick_window_size( grp, p_eq_g );
- T_size = 1U << ( w - 1 );
- d = ( grp->nbits + w - 1 ) / w;
+ w = ecp_pick_window_size(grp, p_eq_g);
+ T_size = 1U << (w - 1);
+ d = (grp->nbits + w - 1) / w;
/* Pre-computed table: do we have it already for the base point? */
- if( p_eq_g && grp->T != NULL )
- {
+ if (p_eq_g && grp->T != NULL) {
/* second pointer to the same table, will be deleted on exit */
T = grp->T;
T_ok = 1;
- }
- else
+ } else
#if defined(MBEDTLS_ECP_RESTARTABLE)
/* Pre-computed table: do we have one in progress? complete? */
- if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL )
- {
+ if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL) {
/* transfer ownership of T from rsm to local function */
T = rs_ctx->rsm->T;
rs_ctx->rsm->T = NULL;
@@ -2331,31 +2359,28 @@
/* This effectively jumps to the call to mul_comb_after_precomp() */
T_ok = rs_ctx->rsm->state >= ecp_rsm_comb_core;
- }
- else
+ } else
#endif
/* Allocate table if we didn't have any */
{
- T = mbedtls_calloc( T_size, sizeof( mbedtls_ecp_point ) );
- if( T == NULL )
- {
+ T = mbedtls_calloc(T_size, sizeof(mbedtls_ecp_point));
+ if (T == NULL) {
ret = MBEDTLS_ERR_ECP_ALLOC_FAILED;
goto cleanup;
}
- for( i = 0; i < T_size; i++ )
- mbedtls_ecp_point_init( &T[i] );
+ for (i = 0; i < T_size; i++) {
+ mbedtls_ecp_point_init(&T[i]);
+ }
T_ok = 0;
}
/* Compute table (or finish computing it) if not done already */
- if( !T_ok )
- {
- MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d, rs_ctx ) );
+ if (!T_ok) {
+ MBEDTLS_MPI_CHK(ecp_precompute_comb(grp, T, P, w, d, rs_ctx));
- if( p_eq_g )
- {
+ if (p_eq_g) {
/* almost transfer ownership of T to the group, but keep a copy of
* the pointer to use for calling the next function more easily */
grp->T = T;
@@ -2364,24 +2389,24 @@
}
/* Actual comb multiplication using precomputed points */
- MBEDTLS_MPI_CHK( ecp_mul_comb_after_precomp( grp, R, m,
- T, T_size, w, d,
- f_rng, p_rng, rs_ctx ) );
+ MBEDTLS_MPI_CHK(ecp_mul_comb_after_precomp(grp, R, m,
+ T, T_size, w, d,
+ f_rng, p_rng, rs_ctx));
cleanup:
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- ecp_drbg_free( &drbg_ctx );
+ ecp_drbg_free(&drbg_ctx);
#endif
/* does T belong to the group? */
- if( T == grp->T )
+ if (T == grp->T) {
T = NULL;
+ }
/* does T belong to the restart context? */
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL )
- {
+ if (rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL) {
/* transfer ownership of T from local function to rsm */
rs_ctx->rsm->T_size = T_size;
rs_ctx->rsm->T = T;
@@ -2390,26 +2415,28 @@
#endif
/* did T belong to us? then let's destroy it! */
- if( T != NULL )
- {
- for( i = 0; i < T_size; i++ )
- mbedtls_ecp_point_free( &T[i] );
- mbedtls_free( T );
+ if (T != NULL) {
+ for (i = 0; i < T_size; i++) {
+ mbedtls_ecp_point_free(&T[i]);
+ }
+ mbedtls_free(T);
}
/* prevent caller from using invalid value */
- int should_free_R = ( ret != 0 );
+ int should_free_R = (ret != 0);
#if defined(MBEDTLS_ECP_RESTARTABLE)
/* don't free R while in progress in case R == P */
- if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
should_free_R = 0;
+ }
#endif
- if( should_free_R )
- mbedtls_ecp_point_free( R );
+ if (should_free_R) {
+ mbedtls_ecp_point_free(R);
+ }
- ECP_RS_LEAVE( rsm );
+ ECP_RS_LEAVE(rsm);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
@@ -2427,23 +2454,24 @@
* Normalize Montgomery x/z coordinates: X = X/Z, Z = 1
* Cost: 1M + 1I
*/
-static int ecp_normalize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P )
+static int ecp_normalize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P)
{
#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
- if( mbedtls_internal_ecp_grp_capable( grp ) )
- return( mbedtls_internal_ecp_normalize_mxz( grp, P ) );
+ if (mbedtls_internal_ecp_grp_capable(grp)) {
+ return mbedtls_internal_ecp_normalize_mxz(grp, P);
+ }
#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &P->Z, &P->Z, &grp->P ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &P->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&P->Z, &P->Z, &grp->P));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &P->X, &P->X, &P->Z));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&P->Z, 1));
cleanup:
- return( ret );
+ return ret;
#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) */
}
@@ -2455,33 +2483,35 @@
* This countermeasure was first suggested in [2].
* Cost: 2M
*/
-static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int ecp_randomize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
- if( mbedtls_internal_ecp_grp_capable( grp ) )
- return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ) );
+ if (mbedtls_internal_ecp_grp_capable(grp)) {
+ return mbedtls_internal_ecp_randomize_mxz(grp, P, f_rng, p_rng);
+ }
#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi l;
- mbedtls_mpi_init( &l );
+ mbedtls_mpi_init(&l);
/* Generate l such that 1 < l < p */
- MBEDTLS_MPI_CHK( mbedtls_mpi_random( &l, 2, &grp->P, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_random(&l, 2, &grp->P, f_rng, p_rng));
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &l ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->Z, &P->Z, &l ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &P->X, &P->X, &l));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &P->Z, &P->Z, &l));
cleanup:
- mbedtls_mpi_free( &l );
+ mbedtls_mpi_free(&l);
- if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+ if (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) {
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
- return( ret );
+ }
+ return ret;
#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) */
}
@@ -2500,51 +2530,52 @@
*
* Cost: 5M + 4S
*/
-static int ecp_double_add_mxz( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *R, mbedtls_ecp_point *S,
- const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q,
- const mbedtls_mpi *d )
+static int ecp_double_add_mxz(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *R, mbedtls_ecp_point *S,
+ const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q,
+ const mbedtls_mpi *d)
{
#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
- if( mbedtls_internal_ecp_grp_capable( grp ) )
- return( mbedtls_internal_ecp_double_add_mxz( grp, R, S, P, Q, d ) );
+ if (mbedtls_internal_ecp_grp_capable(grp)) {
+ return mbedtls_internal_ecp_double_add_mxz(grp, R, S, P, Q, d);
+ }
#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi A, AA, B, BB, E, C, D, DA, CB;
- mbedtls_mpi_init( &A ); mbedtls_mpi_init( &AA ); mbedtls_mpi_init( &B );
- mbedtls_mpi_init( &BB ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &C );
- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &DA ); mbedtls_mpi_init( &CB );
+ mbedtls_mpi_init(&A); mbedtls_mpi_init(&AA); mbedtls_mpi_init(&B);
+ mbedtls_mpi_init(&BB); mbedtls_mpi_init(&E); mbedtls_mpi_init(&C);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&DA); mbedtls_mpi_init(&CB);
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &A, &P->X, &P->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &AA, &A, &A ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &B, &P->X, &P->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &BB, &B, &B ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &E, &AA, &BB ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &C, &Q->X, &Q->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &D, &Q->X, &Q->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &DA, &D, &A ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &CB, &C, &B ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &S->X, &DA, &CB ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->X, &S->X, &S->X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S->Z, &DA, &CB ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, &S->Z, &S->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, d, &S->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->X, &AA, &BB ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->Z, &grp->A, &E ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &R->Z, &BB, &R->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->Z, &E, &R->Z ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &A, &P->X, &P->Z));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &AA, &A, &A));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &B, &P->X, &P->Z));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &BB, &B, &B));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &E, &AA, &BB));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &C, &Q->X, &Q->Z));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &D, &Q->X, &Q->Z));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &DA, &D, &A));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &CB, &C, &B));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &S->X, &DA, &CB));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S->X, &S->X, &S->X));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &S->Z, &DA, &CB));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S->Z, &S->Z, &S->Z));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S->Z, d, &S->Z));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &R->X, &AA, &BB));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &R->Z, &grp->A, &E));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &R->Z, &BB, &R->Z));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &R->Z, &E, &R->Z));
cleanup:
- mbedtls_mpi_free( &A ); mbedtls_mpi_free( &AA ); mbedtls_mpi_free( &B );
- mbedtls_mpi_free( &BB ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &C );
- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &DA ); mbedtls_mpi_free( &CB );
+ mbedtls_mpi_free(&A); mbedtls_mpi_free(&AA); mbedtls_mpi_free(&B);
+ mbedtls_mpi_free(&BB); mbedtls_mpi_free(&E); mbedtls_mpi_free(&C);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&DA); mbedtls_mpi_free(&CB);
- return( ret );
+ return ret;
#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) */
}
@@ -2552,10 +2583,10 @@
* Multiplication with Montgomery ladder in x/z coordinates,
* for curves in Montgomery form
*/
-static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+static int ecp_mul_mxz(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
@@ -2565,46 +2596,46 @@
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
ecp_drbg_context drbg_ctx;
- ecp_drbg_init( &drbg_ctx );
+ ecp_drbg_init(&drbg_ctx);
#endif
- mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX );
+ mbedtls_ecp_point_init(&RP); mbedtls_mpi_init(&PX);
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- if( f_rng == NULL )
- {
- const size_t m_len = ( grp->nbits + 7 ) / 8;
- MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m, m_len ) );
+ if (f_rng == NULL) {
+ const size_t m_len = (grp->nbits + 7) / 8;
+ MBEDTLS_MPI_CHK(ecp_drbg_seed(&drbg_ctx, m, m_len));
f_rng = &ecp_drbg_random;
p_rng = &drbg_ctx;
}
#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
/* Save PX and read from P before writing to R, in case P == R */
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&PX, &P->X));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&RP, P));
/* Set R to zero in modified x/z coordinates */
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->X, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 0 ) );
- mbedtls_mpi_free( &R->Y );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&R->X, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&R->Z, 0));
+ mbedtls_mpi_free(&R->Y);
/* RP.X might be slightly larger than P, so reduce it */
- MOD_ADD( RP.X );
+ MOD_ADD(RP.X);
/* Randomize coordinates of the starting point */
int have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- if( f_rng == NULL )
+ if (f_rng == NULL) {
have_rng = 0;
+ }
#endif
- if( have_rng )
- MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) );
+ if (have_rng) {
+ MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, &RP, f_rng, p_rng));
+ }
/* Loop invariant: R = result so far, RP = R + P */
i = grp->nbits + 1; /* one past the (zero-based) required msb for private keys */
- while( i-- > 0 )
- {
- b = mbedtls_mpi_get_bit( m, i );
+ while (i-- > 0) {
+ b = mbedtls_mpi_get_bit(m, i);
/*
* if (b) R = 2R + P else R = 2R,
* which is:
@@ -2612,11 +2643,11 @@
* else double_add( R, RP, R, RP )
* but using safe conditional swaps to avoid leaks
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
- MBEDTLS_MPI_CHK( ecp_double_add_mxz( grp, R, &RP, R, &RP, &PX ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap(&R->X, &RP.X, b));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap(&R->Z, &RP.Z, b));
+ MBEDTLS_MPI_CHK(ecp_double_add_mxz(grp, R, &RP, R, &RP, &PX));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap(&R->X, &RP.X, b));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap(&R->Z, &RP.Z, b));
}
/*
@@ -2632,22 +2663,24 @@
*/
have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- if( f_rng == NULL )
+ if (f_rng == NULL) {
have_rng = 0;
+ }
#endif
- if( have_rng )
- MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) );
+ if (have_rng) {
+ MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, R, f_rng, p_rng));
+ }
- MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) );
+ MBEDTLS_MPI_CHK(ecp_normalize_mxz(grp, R));
cleanup:
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- ecp_drbg_free( &drbg_ctx );
+ ecp_drbg_free(&drbg_ctx);
#endif
- mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX );
+ mbedtls_ecp_point_free(&RP); mbedtls_mpi_free(&PX);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
@@ -2655,85 +2688,90 @@
/*
* Restartable multiplication R = m * P
*/
-int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_ecp_restart_ctx *rs_ctx )
+int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ mbedtls_ecp_restart_ctx *rs_ctx)
{
int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
char is_grp_capable = 0;
#endif
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( R != NULL );
- ECP_VALIDATE_RET( m != NULL );
- ECP_VALIDATE_RET( P != NULL );
+ ECP_VALIDATE_RET(grp != NULL);
+ ECP_VALIDATE_RET(R != NULL);
+ ECP_VALIDATE_RET(m != NULL);
+ ECP_VALIDATE_RET(P != NULL);
#if defined(MBEDTLS_ECP_RESTARTABLE)
/* reset ops count for this call if top-level */
- if( rs_ctx != NULL && rs_ctx->depth++ == 0 )
+ if (rs_ctx != NULL && rs_ctx->depth++ == 0) {
rs_ctx->ops_done = 0;
+ }
#else
(void) rs_ctx;
#endif
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
- if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) )
- MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
+ if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) {
+ MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp));
+ }
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
int restarting = 0;
#if defined(MBEDTLS_ECP_RESTARTABLE)
- restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL );
+ restarting = (rs_ctx != NULL && rs_ctx->rsm != NULL);
#endif
/* skip argument check when restarting */
- if( !restarting )
- {
+ if (!restarting) {
/* check_privkey is free */
- MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_CHK );
+ MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_CHK);
/* Common sanity checks */
- MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( grp, m ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(grp, m));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P));
}
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
- if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
- MBEDTLS_MPI_CHK( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) );
+ if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+ MBEDTLS_MPI_CHK(ecp_mul_mxz(grp, R, m, P, f_rng, p_rng));
+ }
#endif
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
- if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
- MBEDTLS_MPI_CHK( ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ) );
+ if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
+ MBEDTLS_MPI_CHK(ecp_mul_comb(grp, R, m, P, f_rng, p_rng, rs_ctx));
+ }
#endif
cleanup:
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
- if( is_grp_capable )
- mbedtls_internal_ecp_free( grp );
+ if (is_grp_capable) {
+ mbedtls_internal_ecp_free(grp);
+ }
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL )
+ if (rs_ctx != NULL) {
rs_ctx->depth--;
+ }
#endif
- return( ret );
+ return ret;
}
/*
* Multiplication R = m * P
*/
-int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( R != NULL );
- ECP_VALIDATE_RET( m != NULL );
- ECP_VALIDATE_RET( P != NULL );
- return( mbedtls_ecp_mul_restartable( grp, R, m, P, f_rng, p_rng, NULL ) );
+ ECP_VALIDATE_RET(grp != NULL);
+ ECP_VALIDATE_RET(R != NULL);
+ ECP_VALIDATE_RET(m != NULL);
+ ECP_VALIDATE_RET(P != NULL);
+ return mbedtls_ecp_mul_restartable(grp, R, m, P, f_rng, p_rng, NULL);
}
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
@@ -2741,48 +2779,47 @@
* Check that an affine point is valid as a public key,
* short weierstrass curves (SEC1 3.2.3.1)
*/
-static int ecp_check_pubkey_sw( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
+static int ecp_check_pubkey_sw(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi YY, RHS;
/* pt coordinates must be normalized for our checks */
- if( mbedtls_mpi_cmp_int( &pt->X, 0 ) < 0 ||
- mbedtls_mpi_cmp_int( &pt->Y, 0 ) < 0 ||
- mbedtls_mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 ||
- mbedtls_mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 )
- return( MBEDTLS_ERR_ECP_INVALID_KEY );
+ if (mbedtls_mpi_cmp_int(&pt->X, 0) < 0 ||
+ mbedtls_mpi_cmp_int(&pt->Y, 0) < 0 ||
+ mbedtls_mpi_cmp_mpi(&pt->X, &grp->P) >= 0 ||
+ mbedtls_mpi_cmp_mpi(&pt->Y, &grp->P) >= 0) {
+ return MBEDTLS_ERR_ECP_INVALID_KEY;
+ }
- mbedtls_mpi_init( &YY ); mbedtls_mpi_init( &RHS );
+ mbedtls_mpi_init(&YY); mbedtls_mpi_init(&RHS);
/*
* YY = Y^2
* RHS = X (X^2 + A) + B = X^3 + A X + B
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &YY, &pt->Y, &pt->Y ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &RHS, &pt->X, &pt->X ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &YY, &pt->Y, &pt->Y));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &RHS, &pt->X, &pt->X));
/* Special case for A = -3 */
- if( grp->A.p == NULL )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &RHS, &RHS, 3 ) ); MOD_SUB( RHS );
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &RHS, &RHS, &grp->A ) );
+ if (grp->A.p == NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&RHS, &RHS, 3)); MOD_SUB(RHS);
+ } else {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &RHS, &RHS, &grp->A));
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &RHS, &RHS, &pt->X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &RHS, &RHS, &grp->B ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &RHS, &RHS, &pt->X));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &RHS, &RHS, &grp->B));
- if( mbedtls_mpi_cmp_mpi( &YY, &RHS ) != 0 )
+ if (mbedtls_mpi_cmp_mpi(&YY, &RHS) != 0) {
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
+ }
cleanup:
- mbedtls_mpi_free( &YY ); mbedtls_mpi_free( &RHS );
+ mbedtls_mpi_free(&YY); mbedtls_mpi_free(&RHS);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
@@ -2791,39 +2828,33 @@
* R = m * P with shortcuts for m == 0, m == 1 and m == -1
* NOT constant-time - ONLY for short Weierstrass!
*/
-static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
- mbedtls_ecp_point *R,
- const mbedtls_mpi *m,
- const mbedtls_ecp_point *P,
- mbedtls_ecp_restart_ctx *rs_ctx )
+static int mbedtls_ecp_mul_shortcuts(mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *R,
+ const mbedtls_mpi *m,
+ const mbedtls_ecp_point *P,
+ mbedtls_ecp_restart_ctx *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( mbedtls_mpi_cmp_int( m, 0 ) == 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_set_zero( R ) );
- }
- else if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
- }
- else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
- if( mbedtls_mpi_cmp_int( &R->Y, 0 ) != 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->Y, &grp->P, &R->Y ) );
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, R, m, P,
- NULL, NULL, rs_ctx ) );
+ if (mbedtls_mpi_cmp_int(m, 0) == 0) {
+ MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_set_zero(R));
+ } else if (mbedtls_mpi_cmp_int(m, 1) == 0) {
+ MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, P));
+ } else if (mbedtls_mpi_cmp_int(m, -1) == 0) {
+ MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, P));
+ if (mbedtls_mpi_cmp_int(&R->Y, 0) != 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&R->Y, &grp->P, &R->Y));
+ }
+ } else {
+ MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, R, m, P,
+ NULL, NULL, rs_ctx));
}
cleanup:
- return( ret );
+ return ret;
}
/*
@@ -2831,10 +2862,10 @@
* NOT constant-time
*/
int mbedtls_ecp_muladd_restartable(
- mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
- mbedtls_ecp_restart_ctx *rs_ctx )
+ mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+ const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
+ mbedtls_ecp_restart_ctx *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point mP;
@@ -2843,107 +2874,116 @@
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
char is_grp_capable = 0;
#endif
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( R != NULL );
- ECP_VALIDATE_RET( m != NULL );
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( n != NULL );
- ECP_VALIDATE_RET( Q != NULL );
+ ECP_VALIDATE_RET(grp != NULL);
+ ECP_VALIDATE_RET(R != NULL);
+ ECP_VALIDATE_RET(m != NULL);
+ ECP_VALIDATE_RET(P != NULL);
+ ECP_VALIDATE_RET(n != NULL);
+ ECP_VALIDATE_RET(Q != NULL);
- if( mbedtls_ecp_get_type( grp ) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ if (mbedtls_ecp_get_type(grp) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
+ return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+ }
- mbedtls_ecp_point_init( &mP );
+ mbedtls_ecp_point_init(&mP);
- ECP_RS_ENTER( ma );
+ ECP_RS_ENTER(ma);
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->ma != NULL )
- {
+ if (rs_ctx != NULL && rs_ctx->ma != NULL) {
/* redirect intermediate results to restart context */
pmP = &rs_ctx->ma->mP;
pR = &rs_ctx->ma->R;
/* jump to next operation */
- if( rs_ctx->ma->state == ecp_rsma_mul2 )
+ if (rs_ctx->ma->state == ecp_rsma_mul2) {
goto mul2;
- if( rs_ctx->ma->state == ecp_rsma_add )
+ }
+ if (rs_ctx->ma->state == ecp_rsma_add) {
goto add;
- if( rs_ctx->ma->state == ecp_rsma_norm )
+ }
+ if (rs_ctx->ma->state == ecp_rsma_norm) {
goto norm;
+ }
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pmP, m, P, rs_ctx ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pmP, m, P, rs_ctx));
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->ma != NULL )
+ if (rs_ctx != NULL && rs_ctx->ma != NULL) {
rs_ctx->ma->state = ecp_rsma_mul2;
+ }
mul2:
#endif
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pR, n, Q, rs_ctx ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pR, n, Q, rs_ctx));
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
- if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) )
- MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
+ if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) {
+ MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp));
+ }
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->ma != NULL )
+ if (rs_ctx != NULL && rs_ctx->ma != NULL) {
rs_ctx->ma->state = ecp_rsma_add;
+ }
add:
#endif
- MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_ADD );
- MBEDTLS_MPI_CHK( ecp_add_mixed( grp, pR, pmP, pR ) );
+ MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_ADD);
+ MBEDTLS_MPI_CHK(ecp_add_mixed(grp, pR, pmP, pR));
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->ma != NULL )
+ if (rs_ctx != NULL && rs_ctx->ma != NULL) {
rs_ctx->ma->state = ecp_rsma_norm;
+ }
norm:
#endif
- MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV );
- MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, pR ) );
+ MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV);
+ MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, pR));
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->ma != NULL )
- MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, pR ) );
+ if (rs_ctx != NULL && rs_ctx->ma != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, pR));
+ }
#endif
cleanup:
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
- if( is_grp_capable )
- mbedtls_internal_ecp_free( grp );
+ if (is_grp_capable) {
+ mbedtls_internal_ecp_free(grp);
+ }
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
- mbedtls_ecp_point_free( &mP );
+ mbedtls_ecp_point_free(&mP);
- ECP_RS_LEAVE( ma );
+ ECP_RS_LEAVE(ma);
- return( ret );
+ return ret;
}
/*
* Linear combination
* NOT constant-time
*/
-int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- const mbedtls_mpi *n, const mbedtls_ecp_point *Q )
+int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+ const mbedtls_mpi *n, const mbedtls_ecp_point *Q)
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( R != NULL );
- ECP_VALIDATE_RET( m != NULL );
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( n != NULL );
- ECP_VALIDATE_RET( Q != NULL );
- return( mbedtls_ecp_muladd_restartable( grp, R, m, P, n, Q, NULL ) );
+ ECP_VALIDATE_RET(grp != NULL);
+ ECP_VALIDATE_RET(R != NULL);
+ ECP_VALIDATE_RET(m != NULL);
+ ECP_VALIDATE_RET(P != NULL);
+ ECP_VALIDATE_RET(n != NULL);
+ ECP_VALIDATE_RET(Q != NULL);
+ return mbedtls_ecp_muladd_restartable(grp, R, m, P, n, Q, NULL);
}
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)}
+#define ECP_MPI_INIT(s, n, p) { s, (n), (mbedtls_mpi_uint *) (p) }
#define ECP_MPI_INIT_ARRAY(x) \
ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x)
/*
@@ -2952,21 +2992,21 @@
* See ecp_check_pubkey_x25519().
*/
static const mbedtls_mpi_uint x25519_bad_point_1[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00),
};
static const mbedtls_mpi_uint x25519_bad_point_2[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57),
};
static const mbedtls_mpi ecp_x25519_bad_point_1 = ECP_MPI_INIT_ARRAY(
- x25519_bad_point_1 );
+ x25519_bad_point_1);
static const mbedtls_mpi ecp_x25519_bad_point_2 = ECP_MPI_INIT_ARRAY(
- x25519_bad_point_2 );
+ x25519_bad_point_2);
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
/*
@@ -2975,40 +3015,37 @@
* https://eprint.iacr.org/2017/806.pdf
* Those points are never sent by an honest peer.
*/
-static int ecp_check_bad_points_mx( const mbedtls_mpi *X, const mbedtls_mpi *P,
- const mbedtls_ecp_group_id grp_id )
+static int ecp_check_bad_points_mx(const mbedtls_mpi *X, const mbedtls_mpi *P,
+ const mbedtls_ecp_group_id grp_id)
{
int ret;
mbedtls_mpi XmP;
- mbedtls_mpi_init( &XmP );
+ mbedtls_mpi_init(&XmP);
/* Reduce X mod P so that we only need to check values less than P.
* We know X < 2^256 so we can proceed by subtraction. */
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &XmP, X ) );
- while( mbedtls_mpi_cmp_mpi( &XmP, P ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &XmP, &XmP, P ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&XmP, X));
+ while (mbedtls_mpi_cmp_mpi(&XmP, P) >= 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&XmP, &XmP, P));
+ }
/* Check against the known bad values that are less than P. For Curve448
* these are 0, 1 and -1. For Curve25519 we check the values less than P
* from the following list: https://cr.yp.to/ecdh.html#validate */
- if( mbedtls_mpi_cmp_int( &XmP, 1 ) <= 0 ) /* takes care of 0 and 1 */
- {
+ if (mbedtls_mpi_cmp_int(&XmP, 1) <= 0) { /* takes care of 0 and 1 */
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
goto cleanup;
}
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
- if( grp_id == MBEDTLS_ECP_DP_CURVE25519 )
- {
- if( mbedtls_mpi_cmp_mpi( &XmP, &ecp_x25519_bad_point_1 ) == 0 )
- {
+ if (grp_id == MBEDTLS_ECP_DP_CURVE25519) {
+ if (mbedtls_mpi_cmp_mpi(&XmP, &ecp_x25519_bad_point_1) == 0) {
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
goto cleanup;
}
- if( mbedtls_mpi_cmp_mpi( &XmP, &ecp_x25519_bad_point_2 ) == 0 )
- {
+ if (mbedtls_mpi_cmp_mpi(&XmP, &ecp_x25519_bad_point_2) == 0) {
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
goto cleanup;
}
@@ -3018,9 +3055,8 @@
#endif
/* Final check: check if XmP + 1 is P (final because it changes XmP!) */
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &XmP, &XmP, 1 ) );
- if( mbedtls_mpi_cmp_mpi( &XmP, P ) == 0 )
- {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&XmP, &XmP, 1));
+ if (mbedtls_mpi_cmp_mpi(&XmP, P) == 0) {
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
goto cleanup;
}
@@ -3028,102 +3064,108 @@
ret = 0;
cleanup:
- mbedtls_mpi_free( &XmP );
+ mbedtls_mpi_free(&XmP);
- return( ret );
+ return ret;
}
/*
* Check validity of a public key for Montgomery curves with x-only schemes
*/
-static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
+static int ecp_check_pubkey_mx(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt)
{
/* [Curve25519 p. 5] Just check X is the correct number of bytes */
/* Allow any public value, if it's too big then we'll just reduce it mod p
* (RFC 7748 sec. 5 para. 3). */
- if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 )
- return( MBEDTLS_ERR_ECP_INVALID_KEY );
+ if (mbedtls_mpi_size(&pt->X) > (grp->nbits + 7) / 8) {
+ return MBEDTLS_ERR_ECP_INVALID_KEY;
+ }
/* Implicit in all standards (as they don't consider negative numbers):
* X must be non-negative. This is normally ensured by the way it's
* encoded for transmission, but let's be extra sure. */
- if( mbedtls_mpi_cmp_int( &pt->X, 0 ) < 0 )
- return( MBEDTLS_ERR_ECP_INVALID_KEY );
+ if (mbedtls_mpi_cmp_int(&pt->X, 0) < 0) {
+ return MBEDTLS_ERR_ECP_INVALID_KEY;
+ }
- return( ecp_check_bad_points_mx( &pt->X, &grp->P, grp->id ) );
+ return ecp_check_bad_points_mx(&pt->X, &grp->P, grp->id);
}
#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
/*
* Check that a point is valid as a public key
*/
-int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *pt )
+int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp,
+ const mbedtls_ecp_point *pt)
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( pt != NULL );
+ ECP_VALIDATE_RET(grp != NULL);
+ ECP_VALIDATE_RET(pt != NULL);
/* Must use affine coordinates */
- if( mbedtls_mpi_cmp_int( &pt->Z, 1 ) != 0 )
- return( MBEDTLS_ERR_ECP_INVALID_KEY );
+ if (mbedtls_mpi_cmp_int(&pt->Z, 1) != 0) {
+ return MBEDTLS_ERR_ECP_INVALID_KEY;
+ }
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
- if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
- return( ecp_check_pubkey_mx( grp, pt ) );
+ if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+ return ecp_check_pubkey_mx(grp, pt);
+ }
#endif
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
- if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
- return( ecp_check_pubkey_sw( grp, pt ) );
+ if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
+ return ecp_check_pubkey_sw(grp, pt);
+ }
#endif
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
/*
* Check that an mbedtls_mpi is valid as a private key
*/
-int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
- const mbedtls_mpi *d )
+int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp,
+ const mbedtls_mpi *d)
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( d != NULL );
+ ECP_VALIDATE_RET(grp != NULL);
+ ECP_VALIDATE_RET(d != NULL);
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
- if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
- {
+ if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
/* see RFC 7748 sec. 5 para. 5 */
- if( mbedtls_mpi_get_bit( d, 0 ) != 0 ||
- mbedtls_mpi_get_bit( d, 1 ) != 0 ||
- mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */
- return( MBEDTLS_ERR_ECP_INVALID_KEY );
+ if (mbedtls_mpi_get_bit(d, 0) != 0 ||
+ mbedtls_mpi_get_bit(d, 1) != 0 ||
+ mbedtls_mpi_bitlen(d) - 1 != grp->nbits) { /* mbedtls_mpi_bitlen is one-based! */
+ return MBEDTLS_ERR_ECP_INVALID_KEY;
+ }
/* see [Curve25519] page 5 */
- if( grp->nbits == 254 && mbedtls_mpi_get_bit( d, 2 ) != 0 )
- return( MBEDTLS_ERR_ECP_INVALID_KEY );
+ if (grp->nbits == 254 && mbedtls_mpi_get_bit(d, 2) != 0) {
+ return MBEDTLS_ERR_ECP_INVALID_KEY;
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
- if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
- {
+ if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
/* see SEC1 3.2 */
- if( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
- mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 )
- return( MBEDTLS_ERR_ECP_INVALID_KEY );
- else
- return( 0 );
+ if (mbedtls_mpi_cmp_int(d, 1) < 0 ||
+ mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) {
+ return MBEDTLS_ERR_ECP_INVALID_KEY;
+ } else {
+ return 0;
+ }
}
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
MBEDTLS_STATIC_TESTABLE
-int mbedtls_ecp_gen_privkey_mx( size_t high_bit,
- mbedtls_mpi *d,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_ecp_gen_privkey_mx(size_t high_bit,
+ mbedtls_mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
size_t n_random_bytes = high_bit / 8 + 1;
@@ -3132,38 +3174,36 @@
/* Generate a (high_bit+1)-bit random number by generating just enough
* random bytes, then shifting out extra bits from the top (necessary
* when (high_bit+1) is not a multiple of 8). */
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_random_bytes,
- f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_random_bytes - high_bit - 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(d, n_random_bytes,
+ f_rng, p_rng));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(d, 8 * n_random_bytes - high_bit - 1));
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, high_bit, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, high_bit, 1));
/* Make sure the last two bits are unset for Curve448, three bits for
Curve25519 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) );
- if( high_bit == 254 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 0, 0));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 1, 0));
+ if (high_bit == 254) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 2, 0));
}
cleanup:
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
static int mbedtls_ecp_gen_privkey_sw(
const mbedtls_mpi *N, mbedtls_mpi *d,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- int ret = mbedtls_mpi_random( d, 1, N, f_rng, p_rng );
- switch( ret )
- {
+ int ret = mbedtls_mpi_random(d, 1, N, f_rng, p_rng);
+ switch (ret) {
case MBEDTLS_ERR_MPI_NOT_ACCEPTABLE:
- return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+ return MBEDTLS_ERR_ECP_RANDOM_FAILED;
default:
- return( ret );
+ return ret;
}
}
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
@@ -3171,233 +3211,232 @@
/*
* Generate a private key
*/
-int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
- mbedtls_mpi *d,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp,
+ mbedtls_mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( d != NULL );
- ECP_VALIDATE_RET( f_rng != NULL );
+ ECP_VALIDATE_RET(grp != NULL);
+ ECP_VALIDATE_RET(d != NULL);
+ ECP_VALIDATE_RET(f_rng != NULL);
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
- if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
- return( mbedtls_ecp_gen_privkey_mx( grp->nbits, d, f_rng, p_rng ) );
+ if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+ return mbedtls_ecp_gen_privkey_mx(grp->nbits, d, f_rng, p_rng);
+ }
#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
- if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
- return( mbedtls_ecp_gen_privkey_sw( &grp->N, d, f_rng, p_rng ) );
+ if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
+ return mbedtls_ecp_gen_privkey_sw(&grp->N, d, f_rng, p_rng);
+ }
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
/*
* Generate a keypair with configurable base point
*/
-int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *G,
- mbedtls_mpi *d, mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp,
+ const mbedtls_ecp_point *G,
+ mbedtls_mpi *d, mbedtls_ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( d != NULL );
- ECP_VALIDATE_RET( G != NULL );
- ECP_VALIDATE_RET( Q != NULL );
- ECP_VALIDATE_RET( f_rng != NULL );
+ ECP_VALIDATE_RET(grp != NULL);
+ ECP_VALIDATE_RET(d != NULL);
+ ECP_VALIDATE_RET(G != NULL);
+ ECP_VALIDATE_RET(Q != NULL);
+ ECP_VALIDATE_RET(f_rng != NULL);
- MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, Q, d, G, f_rng, p_rng));
cleanup:
- return( ret );
+ return ret;
}
/*
* Generate key pair, wrapper for conventional base point
*/
-int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp,
- mbedtls_mpi *d, mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp,
+ mbedtls_mpi *d, mbedtls_ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( d != NULL );
- ECP_VALIDATE_RET( Q != NULL );
- ECP_VALIDATE_RET( f_rng != NULL );
+ ECP_VALIDATE_RET(grp != NULL);
+ ECP_VALIDATE_RET(d != NULL);
+ ECP_VALIDATE_RET(Q != NULL);
+ ECP_VALIDATE_RET(f_rng != NULL);
- return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) );
+ return mbedtls_ecp_gen_keypair_base(grp, &grp->G, d, Q, f_rng, p_rng);
}
/*
* Generate a keypair, prettier wrapper
*/
-int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( key != NULL );
- ECP_VALIDATE_RET( f_rng != NULL );
+ ECP_VALIDATE_RET(key != NULL);
+ ECP_VALIDATE_RET(f_rng != NULL);
- if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) {
+ return ret;
+ }
- return( mbedtls_ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) );
+ return mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng);
}
#define ECP_CURVE25519_KEY_SIZE 32
/*
* Read a private key.
*/
-int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
- const unsigned char *buf, size_t buflen )
+int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
+ const unsigned char *buf, size_t buflen)
{
int ret = 0;
- ECP_VALIDATE_RET( key != NULL );
- ECP_VALIDATE_RET( buf != NULL );
+ ECP_VALIDATE_RET(key != NULL);
+ ECP_VALIDATE_RET(buf != NULL);
- if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) {
+ return ret;
+ }
ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
- if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
- {
+ if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
/*
* If it is Curve25519 curve then mask the key as mandated by RFC7748
*/
- if( grp_id == MBEDTLS_ECP_DP_CURVE25519 )
- {
- if( buflen != ECP_CURVE25519_KEY_SIZE )
+ if (grp_id == MBEDTLS_ECP_DP_CURVE25519) {
+ if (buflen != ECP_CURVE25519_KEY_SIZE) {
return MBEDTLS_ERR_ECP_INVALID_KEY;
+ }
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &key->d, buf, buflen ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&key->d, buf, buflen));
/* Set the three least significant bits to 0 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 0, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 1, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 2, 0 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 0, 0));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 1, 0));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 2, 0));
/* Set the most significant bit to 0 */
MBEDTLS_MPI_CHK(
- mbedtls_mpi_set_bit( &key->d,
- ECP_CURVE25519_KEY_SIZE * 8 - 1, 0 )
- );
+ mbedtls_mpi_set_bit(&key->d,
+ ECP_CURVE25519_KEY_SIZE * 8 - 1, 0)
+ );
/* Set the second most significant bit to 1 */
MBEDTLS_MPI_CHK(
- mbedtls_mpi_set_bit( &key->d,
- ECP_CURVE25519_KEY_SIZE * 8 - 2, 1 )
- );
- }
- else
+ mbedtls_mpi_set_bit(&key->d,
+ ECP_CURVE25519_KEY_SIZE * 8 - 2, 1)
+ );
+ } else {
ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+ }
}
#endif
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
- if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &key->d, buf, buflen ) );
+ if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&key->d, buf, buflen));
- MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( &key->grp, &key->d ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d));
}
#endif
cleanup:
- if( ret != 0 )
- mbedtls_mpi_free( &key->d );
+ if (ret != 0) {
+ mbedtls_mpi_free(&key->d);
+ }
- return( ret );
+ return ret;
}
/*
* Write a private key.
*/
-int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key,
- unsigned char *buf, size_t buflen )
+int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
+ unsigned char *buf, size_t buflen)
{
int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
- ECP_VALIDATE_RET( key != NULL );
- ECP_VALIDATE_RET( buf != NULL );
+ ECP_VALIDATE_RET(key != NULL);
+ ECP_VALIDATE_RET(buf != NULL);
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
- if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
- {
- if( key->grp.id == MBEDTLS_ECP_DP_CURVE25519 )
- {
- if( buflen < ECP_CURVE25519_KEY_SIZE )
+ if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+ if (key->grp.id == MBEDTLS_ECP_DP_CURVE25519) {
+ if (buflen < ECP_CURVE25519_KEY_SIZE) {
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+ }
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &key->d, buf, buflen ) );
- }
- else
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary_le(&key->d, buf, buflen));
+ } else {
ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+ }
}
#endif
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
- if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &key->d, buf, buflen ) );
+ if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&key->d, buf, buflen));
}
#endif
cleanup:
- return( ret );
+ return ret;
}
/*
* Check a public-private key pair
*/
-int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv )
+int mbedtls_ecp_check_pub_priv(const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point Q;
mbedtls_ecp_group grp;
- ECP_VALIDATE_RET( pub != NULL );
- ECP_VALIDATE_RET( prv != NULL );
+ ECP_VALIDATE_RET(pub != NULL);
+ ECP_VALIDATE_RET(prv != NULL);
- if( pub->grp.id == MBEDTLS_ECP_DP_NONE ||
+ if (pub->grp.id == MBEDTLS_ECP_DP_NONE ||
pub->grp.id != prv->grp.id ||
- mbedtls_mpi_cmp_mpi( &pub->Q.X, &prv->Q.X ) ||
- mbedtls_mpi_cmp_mpi( &pub->Q.Y, &prv->Q.Y ) ||
- mbedtls_mpi_cmp_mpi( &pub->Q.Z, &prv->Q.Z ) )
- {
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ mbedtls_mpi_cmp_mpi(&pub->Q.X, &prv->Q.X) ||
+ mbedtls_mpi_cmp_mpi(&pub->Q.Y, &prv->Q.Y) ||
+ mbedtls_mpi_cmp_mpi(&pub->Q.Z, &prv->Q.Z)) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
- mbedtls_ecp_point_init( &Q );
- mbedtls_ecp_group_init( &grp );
+ mbedtls_ecp_point_init(&Q);
+ mbedtls_ecp_group_init(&grp);
/* mbedtls_ecp_mul() needs a non-const group... */
- mbedtls_ecp_group_copy( &grp, &prv->grp );
+ mbedtls_ecp_group_copy(&grp, &prv->grp);
/* Also checks d is valid */
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, NULL, NULL ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &Q, &prv->d, &prv->grp.G, NULL, NULL));
- if( mbedtls_mpi_cmp_mpi( &Q.X, &prv->Q.X ) ||
- mbedtls_mpi_cmp_mpi( &Q.Y, &prv->Q.Y ) ||
- mbedtls_mpi_cmp_mpi( &Q.Z, &prv->Q.Z ) )
- {
+ if (mbedtls_mpi_cmp_mpi(&Q.X, &prv->Q.X) ||
+ mbedtls_mpi_cmp_mpi(&Q.Y, &prv->Q.Y) ||
+ mbedtls_mpi_cmp_mpi(&Q.Z, &prv->Q.Z)) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
cleanup:
- mbedtls_ecp_point_free( &Q );
- mbedtls_ecp_group_free( &grp );
+ mbedtls_ecp_point_free(&Q);
+ mbedtls_ecp_group_free(&grp);
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_SELF_TEST)
@@ -3405,26 +3444,25 @@
/* Adjust the exponent to be a valid private point for the specified curve.
* This is sometimes necessary because we use a single set of exponents
* for all curves but the validity of values depends on the curve. */
-static int self_test_adjust_exponent( const mbedtls_ecp_group *grp,
- mbedtls_mpi *m )
+static int self_test_adjust_exponent(const mbedtls_ecp_group *grp,
+ mbedtls_mpi *m)
{
int ret = 0;
- switch( grp->id )
- {
- /* If Curve25519 is available, then that's what we use for the
- * Montgomery test, so we don't need the adjustment code. */
-#if ! defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+ switch (grp->id) {
+ /* If Curve25519 is available, then that's what we use for the
+ * Montgomery test, so we don't need the adjustment code. */
+#if !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
case MBEDTLS_ECP_DP_CURVE448:
/* Move highest bit from 254 to N-1. Setting bit N-1 is
* necessary to enforce the highest-bit-set constraint. */
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( m, 254, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( m, grp->nbits, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(m, 254, 0));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(m, grp->nbits, 1));
/* Copy second-highest bit from 253 to N-2. This is not
* necessary but improves the test variety a bit. */
MBEDTLS_MPI_CHK(
- mbedtls_mpi_set_bit( m, grp->nbits - 1,
- mbedtls_mpi_get_bit( m, 253 ) ) );
+ mbedtls_mpi_set_bit(m, grp->nbits - 1,
+ mbedtls_mpi_get_bit(m, 253)));
break;
#endif
#endif /* ! defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) */
@@ -3435,18 +3473,18 @@
goto cleanup;
}
cleanup:
- return( ret );
+ return ret;
}
/* Calculate R = m.P for each m in exponents. Check that the number of
* basic operations doesn't depend on the value of m. */
-static int self_test_point( int verbose,
- mbedtls_ecp_group *grp,
- mbedtls_ecp_point *R,
- mbedtls_mpi *m,
- const mbedtls_ecp_point *P,
- const char *const *exponents,
- size_t n_exponents )
+static int self_test_point(int verbose,
+ mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *R,
+ mbedtls_mpi *m,
+ const mbedtls_ecp_point *P,
+ const char *const *exponents,
+ size_t n_exponents)
{
int ret = 0;
size_t i = 0;
@@ -3455,12 +3493,11 @@
dbl_count = 0;
mul_count = 0;
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[0] ) );
- MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(m, 16, exponents[0]));
+ MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, NULL, NULL));
- for( i = 1; i < n_exponents; i++ )
- {
+ for (i = 1; i < n_exponents; i++) {
add_c_prev = add_count;
dbl_c_prev = dbl_count;
mul_c_prev = mul_count;
@@ -3468,34 +3505,33 @@
dbl_count = 0;
mul_count = 0;
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[i] ) );
- MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(m, 16, exponents[i]));
+ MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, NULL, NULL));
- if( add_count != add_c_prev ||
+ if (add_count != add_c_prev ||
dbl_count != dbl_c_prev ||
- mul_count != mul_c_prev )
- {
+ mul_count != mul_c_prev) {
ret = 1;
break;
}
}
cleanup:
- if( verbose != 0 )
- {
- if( ret != 0 )
- mbedtls_printf( "failed (%u)\n", (unsigned int) i );
- else
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ if (ret != 0) {
+ mbedtls_printf("failed (%u)\n", (unsigned int) i);
+ } else {
+ mbedtls_printf("passed\n");
+ }
}
- return( ret );
+ return ret;
}
/*
* Checkup routine
*/
-int mbedtls_ecp_self_test( int verbose )
+int mbedtls_ecp_self_test(int verbose)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group grp;
@@ -3531,77 +3567,85 @@
};
#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecp_point_init( &R );
- mbedtls_ecp_point_init( &P );
- mbedtls_mpi_init( &m );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point_init(&R);
+ mbedtls_ecp_point_init(&P);
+ mbedtls_mpi_init(&m);
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
/* Use secp192r1 if available, or any available curve */
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
- MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_SECP192R1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_SECP192R1));
#else
- MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, mbedtls_ecp_curve_list()->grp_id ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, mbedtls_ecp_curve_list()->grp_id));
#endif
- if( verbose != 0 )
- mbedtls_printf( " ECP SW test #1 (constant op_count, base point G): " );
+ if (verbose != 0) {
+ mbedtls_printf(" ECP SW test #1 (constant op_count, base point G): ");
+ }
/* Do a dummy multiplication first to trigger precomputation */
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &m, 2 ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &P, &m, &grp.G, NULL, NULL ) );
- ret = self_test_point( verbose,
- &grp, &R, &m, &grp.G,
- sw_exponents,
- sizeof( sw_exponents ) / sizeof( sw_exponents[0] ));
- if( ret != 0 )
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&m, 2));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &P, &m, &grp.G, NULL, NULL));
+ ret = self_test_point(verbose,
+ &grp, &R, &m, &grp.G,
+ sw_exponents,
+ sizeof(sw_exponents) / sizeof(sw_exponents[0]));
+ if (ret != 0) {
goto cleanup;
+ }
- if( verbose != 0 )
- mbedtls_printf( " ECP SW test #2 (constant op_count, other point): " );
+ if (verbose != 0) {
+ mbedtls_printf(" ECP SW test #2 (constant op_count, other point): ");
+ }
/* We computed P = 2G last time, use it */
- ret = self_test_point( verbose,
- &grp, &R, &m, &P,
- sw_exponents,
- sizeof( sw_exponents ) / sizeof( sw_exponents[0] ));
- if( ret != 0 )
+ ret = self_test_point(verbose,
+ &grp, &R, &m, &P,
+ sw_exponents,
+ sizeof(sw_exponents) / sizeof(sw_exponents[0]));
+ if (ret != 0) {
goto cleanup;
+ }
- mbedtls_ecp_group_free( &grp );
- mbedtls_ecp_point_free( &R );
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&R);
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
- if( verbose != 0 )
- mbedtls_printf( " ECP Montgomery test (constant op_count): " );
+ if (verbose != 0) {
+ mbedtls_printf(" ECP Montgomery test (constant op_count): ");
+ }
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
- MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_CURVE25519 ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE25519));
#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
- MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_CURVE448 ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE448));
#else
#error "MBEDTLS_ECP_MONTGOMERY_ENABLED is defined, but no curve is supported for self-test"
#endif
- ret = self_test_point( verbose,
- &grp, &R, &m, &grp.G,
- m_exponents,
- sizeof( m_exponents ) / sizeof( m_exponents[0] ));
- if( ret != 0 )
+ ret = self_test_point(verbose,
+ &grp, &R, &m, &grp.G,
+ m_exponents,
+ sizeof(m_exponents) / sizeof(m_exponents[0]));
+ if (ret != 0) {
goto cleanup;
+ }
#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
cleanup:
- if( ret < 0 && verbose != 0 )
- mbedtls_printf( "Unexpected error, return code = %08X\n", (unsigned int) ret );
+ if (ret < 0 && verbose != 0) {
+ mbedtls_printf("Unexpected error, return code = %08X\n", (unsigned int) ret);
+ }
- mbedtls_ecp_group_free( &grp );
- mbedtls_ecp_point_free( &R );
- mbedtls_ecp_point_free( &P );
- mbedtls_mpi_free( &m );
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&R);
+ mbedtls_ecp_point_free(&P);
+ mbedtls_mpi_free(&m);
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 47761ee..8a9f79e2 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -33,12 +33,12 @@
#if !defined(MBEDTLS_ECP_ALT)
/* Parameter validation macros based on platform_util.h */
-#define ECP_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECP_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define ECP_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA)
+#define ECP_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
-#define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)}
+#define ECP_MPI_INIT(s, n, p) { s, (n), (mbedtls_mpi_uint *) (p) }
#define ECP_MPI_INIT_ARRAY(x) \
ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x)
@@ -53,29 +53,29 @@
*/
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
static const mbedtls_mpi_uint secp192r1_p[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
};
static const mbedtls_mpi_uint secp192r1_b[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64),
};
static const mbedtls_mpi_uint secp192r1_gx[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18),
};
static const mbedtls_mpi_uint secp192r1_gy[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07),
};
static const mbedtls_mpi_uint secp192r1_n[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
};
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
@@ -84,34 +84,34 @@
*/
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
static const mbedtls_mpi_uint secp224r1_p[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00),
};
static const mbedtls_mpi_uint secp224r1_b[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C ),
- MBEDTLS_BYTES_TO_T_UINT_4( 0x85, 0x0A, 0x05, 0xB4 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C),
+ MBEDTLS_BYTES_TO_T_UINT_4(0x85, 0x0A, 0x05, 0xB4),
};
static const mbedtls_mpi_uint secp224r1_gx[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ),
- MBEDTLS_BYTES_TO_T_UINT_4( 0xBD, 0x0C, 0x0E, 0xB7 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B),
+ MBEDTLS_BYTES_TO_T_UINT_4(0xBD, 0x0C, 0x0E, 0xB7),
};
static const mbedtls_mpi_uint secp224r1_gy[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ),
- MBEDTLS_BYTES_TO_T_UINT_4( 0x88, 0x63, 0x37, 0xBD ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5),
+ MBEDTLS_BYTES_TO_T_UINT_4(0x88, 0x63, 0x37, 0xBD),
};
static const mbedtls_mpi_uint secp224r1_n[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_4(0xFF, 0xFF, 0xFF, 0xFF),
};
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
@@ -120,34 +120,34 @@
*/
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
static const mbedtls_mpi_uint secp256r1_p[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
};
static const mbedtls_mpi_uint secp256r1_b[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A),
};
static const mbedtls_mpi_uint secp256r1_gx[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B),
};
static const mbedtls_mpi_uint secp256r1_gy[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F),
};
static const mbedtls_mpi_uint secp256r1_n[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
};
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
@@ -156,44 +156,44 @@
*/
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
static const mbedtls_mpi_uint secp384r1_p[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
};
static const mbedtls_mpi_uint secp384r1_b[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3),
};
static const mbedtls_mpi_uint secp384r1_gx[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA),
};
static const mbedtls_mpi_uint secp384r1_gy[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36),
};
static const mbedtls_mpi_uint secp384r1_n[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
};
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
@@ -202,154 +202,154 @@
*/
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
static const mbedtls_mpi_uint secp521r1_p[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_2(0xFF, 0x01),
};
static const mbedtls_mpi_uint secp521r1_b[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95 ),
- MBEDTLS_BYTES_TO_T_UINT_2( 0x51, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95),
+ MBEDTLS_BYTES_TO_T_UINT_2(0x51, 0x00),
};
static const mbedtls_mpi_uint secp521r1_gx[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ),
- MBEDTLS_BYTES_TO_T_UINT_2( 0xC6, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85),
+ MBEDTLS_BYTES_TO_T_UINT_2(0xC6, 0x00),
};
static const mbedtls_mpi_uint secp521r1_gy[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ),
- MBEDTLS_BYTES_TO_T_UINT_2( 0x18, 0x01 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39),
+ MBEDTLS_BYTES_TO_T_UINT_2(0x18, 0x01),
};
static const mbedtls_mpi_uint secp521r1_n[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_2(0xFF, 0x01),
};
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
static const mbedtls_mpi_uint secp192k1_p[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
};
static const mbedtls_mpi_uint secp192k1_a[] = {
- MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00),
};
static const mbedtls_mpi_uint secp192k1_b[] = {
- MBEDTLS_BYTES_TO_T_UINT_2( 0x03, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_2(0x03, 0x00),
};
static const mbedtls_mpi_uint secp192k1_gx[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB),
};
static const mbedtls_mpi_uint secp192k1_gy[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B),
};
static const mbedtls_mpi_uint secp192k1_n[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
};
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
static const mbedtls_mpi_uint secp224k1_p[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_4(0xFF, 0xFF, 0xFF, 0xFF),
};
static const mbedtls_mpi_uint secp224k1_a[] = {
- MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00),
};
static const mbedtls_mpi_uint secp224k1_b[] = {
- MBEDTLS_BYTES_TO_T_UINT_2( 0x05, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_2(0x05, 0x00),
};
static const mbedtls_mpi_uint secp224k1_gx[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ),
- MBEDTLS_BYTES_TO_T_UINT_4( 0x33, 0x5B, 0x45, 0xA1 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D),
+ MBEDTLS_BYTES_TO_T_UINT_4(0x33, 0x5B, 0x45, 0xA1),
};
static const mbedtls_mpi_uint secp224k1_gy[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ),
- MBEDTLS_BYTES_TO_T_UINT_4( 0xED, 0x9F, 0x08, 0x7E ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F),
+ MBEDTLS_BYTES_TO_T_UINT_4(0xED, 0x9F, 0x08, 0x7E),
};
static const mbedtls_mpi_uint secp224k1_n[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00),
};
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
static const mbedtls_mpi_uint secp256k1_p[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
};
static const mbedtls_mpi_uint secp256k1_a[] = {
- MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00),
};
static const mbedtls_mpi_uint secp256k1_b[] = {
- MBEDTLS_BYTES_TO_T_UINT_2( 0x07, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_2(0x07, 0x00),
};
static const mbedtls_mpi_uint secp256k1_gx[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79),
};
static const mbedtls_mpi_uint secp256k1_gy[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48),
};
static const mbedtls_mpi_uint secp256k1_n[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
};
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
@@ -358,40 +358,40 @@
*/
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
static const mbedtls_mpi_uint brainpoolP256r1_p[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9),
};
static const mbedtls_mpi_uint brainpoolP256r1_a[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D),
};
static const mbedtls_mpi_uint brainpoolP256r1_b[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26),
};
static const mbedtls_mpi_uint brainpoolP256r1_gx[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B),
};
static const mbedtls_mpi_uint brainpoolP256r1_gy[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54),
};
static const mbedtls_mpi_uint brainpoolP256r1_n[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9),
};
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
@@ -400,52 +400,52 @@
*/
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
static const mbedtls_mpi_uint brainpoolP384r1_p[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C),
};
static const mbedtls_mpi_uint brainpoolP384r1_a[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B),
};
static const mbedtls_mpi_uint brainpoolP384r1_b[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04),
};
static const mbedtls_mpi_uint brainpoolP384r1_gx[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D),
};
static const mbedtls_mpi_uint brainpoolP384r1_gy[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A),
};
static const mbedtls_mpi_uint brainpoolP384r1_n[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C),
};
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
@@ -454,64 +454,64 @@
*/
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
static const mbedtls_mpi_uint brainpoolP512r1_p[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA),
};
static const mbedtls_mpi_uint brainpoolP512r1_a[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78),
};
static const mbedtls_mpi_uint brainpoolP512r1_b[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D),
};
static const mbedtls_mpi_uint brainpoolP512r1_gx[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81),
};
static const mbedtls_mpi_uint brainpoolP512r1_gy[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D),
};
static const mbedtls_mpi_uint brainpoolP512r1_n[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
- MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA),
};
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
@@ -535,17 +535,17 @@
* Create an MPI from embedded constants
* (assumes len is an exact multiple of sizeof mbedtls_mpi_uint)
*/
-static inline void ecp_mpi_load( mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len )
+static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len)
{
X->s = 1;
- X->n = len / sizeof( mbedtls_mpi_uint );
+ X->n = len / sizeof(mbedtls_mpi_uint);
X->p = (mbedtls_mpi_uint *) p;
}
/*
* Set an MPI to static value 1
*/
-static inline void ecp_mpi_set1( mbedtls_mpi *X )
+static inline void ecp_mpi_set1(mbedtls_mpi *X)
{
static mbedtls_mpi_uint one[] = { 1 };
X->s = 1;
@@ -556,89 +556,90 @@
/*
* Make group available from embedded constants
*/
-static int ecp_group_load( mbedtls_ecp_group *grp,
- const mbedtls_mpi_uint *p, size_t plen,
- const mbedtls_mpi_uint *a, size_t alen,
- const mbedtls_mpi_uint *b, size_t blen,
- const mbedtls_mpi_uint *gx, size_t gxlen,
- const mbedtls_mpi_uint *gy, size_t gylen,
- const mbedtls_mpi_uint *n, size_t nlen)
+static int ecp_group_load(mbedtls_ecp_group *grp,
+ const mbedtls_mpi_uint *p, size_t plen,
+ const mbedtls_mpi_uint *a, size_t alen,
+ const mbedtls_mpi_uint *b, size_t blen,
+ const mbedtls_mpi_uint *gx, size_t gxlen,
+ const mbedtls_mpi_uint *gy, size_t gylen,
+ const mbedtls_mpi_uint *n, size_t nlen)
{
- ecp_mpi_load( &grp->P, p, plen );
- if( a != NULL )
- ecp_mpi_load( &grp->A, a, alen );
- ecp_mpi_load( &grp->B, b, blen );
- ecp_mpi_load( &grp->N, n, nlen );
+ ecp_mpi_load(&grp->P, p, plen);
+ if (a != NULL) {
+ ecp_mpi_load(&grp->A, a, alen);
+ }
+ ecp_mpi_load(&grp->B, b, blen);
+ ecp_mpi_load(&grp->N, n, nlen);
- ecp_mpi_load( &grp->G.X, gx, gxlen );
- ecp_mpi_load( &grp->G.Y, gy, gylen );
- ecp_mpi_set1( &grp->G.Z );
+ ecp_mpi_load(&grp->G.X, gx, gxlen);
+ ecp_mpi_load(&grp->G.Y, gy, gylen);
+ ecp_mpi_set1(&grp->G.Z);
- grp->pbits = mbedtls_mpi_bitlen( &grp->P );
- grp->nbits = mbedtls_mpi_bitlen( &grp->N );
+ grp->pbits = mbedtls_mpi_bitlen(&grp->P);
+ grp->nbits = mbedtls_mpi_bitlen(&grp->N);
grp->h = 1;
- return( 0 );
+ return 0;
}
#endif /* ECP_LOAD_GROUP */
#if defined(MBEDTLS_ECP_NIST_OPTIM)
/* Forward declarations */
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-static int ecp_mod_p192( mbedtls_mpi * );
+static int ecp_mod_p192(mbedtls_mpi *);
#endif
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-static int ecp_mod_p224( mbedtls_mpi * );
+static int ecp_mod_p224(mbedtls_mpi *);
#endif
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-static int ecp_mod_p256( mbedtls_mpi * );
+static int ecp_mod_p256(mbedtls_mpi *);
#endif
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-static int ecp_mod_p384( mbedtls_mpi * );
+static int ecp_mod_p384(mbedtls_mpi *);
#endif
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-static int ecp_mod_p521( mbedtls_mpi * );
+static int ecp_mod_p521(mbedtls_mpi *);
#endif
-#define NIST_MODP( P ) grp->modp = ecp_mod_ ## P;
+#define NIST_MODP(P) grp->modp = ecp_mod_ ## P;
#else
-#define NIST_MODP( P )
+#define NIST_MODP(P)
#endif /* MBEDTLS_ECP_NIST_OPTIM */
/* Additional forward declarations */
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-static int ecp_mod_p255( mbedtls_mpi * );
+static int ecp_mod_p255(mbedtls_mpi *);
#endif
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-static int ecp_mod_p448( mbedtls_mpi * );
+static int ecp_mod_p448(mbedtls_mpi *);
#endif
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-static int ecp_mod_p192k1( mbedtls_mpi * );
+static int ecp_mod_p192k1(mbedtls_mpi *);
#endif
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-static int ecp_mod_p224k1( mbedtls_mpi * );
+static int ecp_mod_p224k1(mbedtls_mpi *);
#endif
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-static int ecp_mod_p256k1( mbedtls_mpi * );
+static int ecp_mod_p256k1(mbedtls_mpi *);
#endif
#if defined(ECP_LOAD_GROUP)
-#define LOAD_GROUP_A( G ) ecp_group_load( grp, \
- G ## _p, sizeof( G ## _p ), \
- G ## _a, sizeof( G ## _a ), \
- G ## _b, sizeof( G ## _b ), \
- G ## _gx, sizeof( G ## _gx ), \
- G ## _gy, sizeof( G ## _gy ), \
- G ## _n, sizeof( G ## _n ) )
+#define LOAD_GROUP_A(G) ecp_group_load(grp, \
+ G ## _p, sizeof(G ## _p), \
+ G ## _a, sizeof(G ## _a), \
+ G ## _b, sizeof(G ## _b), \
+ G ## _gx, sizeof(G ## _gx), \
+ G ## _gy, sizeof(G ## _gy), \
+ G ## _n, sizeof(G ## _n))
-#define LOAD_GROUP( G ) ecp_group_load( grp, \
- G ## _p, sizeof( G ## _p ), \
- NULL, 0, \
- G ## _b, sizeof( G ## _b ), \
- G ## _gx, sizeof( G ## _gx ), \
- G ## _gy, sizeof( G ## _gy ), \
- G ## _n, sizeof( G ## _n ) )
+#define LOAD_GROUP(G) ecp_group_load(grp, \
+ G ## _p, sizeof(G ## _p), \
+ NULL, 0, \
+ G ## _b, sizeof(G ## _b), \
+ G ## _gx, sizeof(G ## _gx), \
+ G ## _gy, sizeof(G ## _gy), \
+ G ## _n, sizeof(G ## _n))
#endif /* ECP_LOAD_GROUP */
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
@@ -652,38 +653,39 @@
/*
* Specialized function for creating the Curve25519 group
*/
-static int ecp_use_curve25519( mbedtls_ecp_group *grp )
+static int ecp_use_curve25519(mbedtls_ecp_group *grp)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Actually ( A + 2 ) / 4 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->A, curve25519_a24 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve25519_a24));
/* P = 2^255 - 19 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 255 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 19 ) );
- grp->pbits = mbedtls_mpi_bitlen( &grp->P );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 255));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 19));
+ grp->pbits = mbedtls_mpi_bitlen(&grp->P);
/* N = 2^252 + 27742317777372353535851937790883648493 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &grp->N,
- curve25519_part_of_n, sizeof( curve25519_part_of_n ) ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&grp->N,
+ curve25519_part_of_n, sizeof(curve25519_part_of_n)));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 252, 1));
/* Y intentionally not set, since we use x/z coordinates.
* This is used as a marker to identify Montgomery curves! */
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
- mbedtls_mpi_free( &grp->G.Y );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 9));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1));
+ mbedtls_mpi_free(&grp->G.Y);
/* Actually, the required msb for private keys */
grp->nbits = 254;
cleanup:
- if( ret != 0 )
- mbedtls_ecp_group_free( grp );
+ if (ret != 0) {
+ mbedtls_ecp_group_free(grp);
+ }
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
@@ -700,140 +702,140 @@
/*
* Specialized function for creating the Curve448 group
*/
-static int ecp_use_curve448( mbedtls_ecp_group *grp )
+static int ecp_use_curve448(mbedtls_ecp_group *grp)
{
mbedtls_mpi Ns;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_mpi_init( &Ns );
+ mbedtls_mpi_init(&Ns);
/* Actually ( A + 2 ) / 4 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->A, curve448_a24 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve448_a24));
/* P = 2^448 - 2^224 - 1 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) );
- grp->pbits = mbedtls_mpi_bitlen( &grp->P );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1));
+ grp->pbits = mbedtls_mpi_bitlen(&grp->P);
/* Y intentionally not set, since we use x/z coordinates.
* This is used as a marker to identify Montgomery curves! */
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 5 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
- mbedtls_mpi_free( &grp->G.Y );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 5));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1));
+ mbedtls_mpi_free(&grp->G.Y);
/* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 446, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &Ns,
- curve448_part_of_n, sizeof( curve448_part_of_n ) ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &grp->N, &grp->N, &Ns ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 446, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&Ns,
+ curve448_part_of_n, sizeof(curve448_part_of_n)));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&grp->N, &grp->N, &Ns));
/* Actually, the required msb for private keys */
grp->nbits = 447;
cleanup:
- mbedtls_mpi_free( &Ns );
- if( ret != 0 )
- mbedtls_ecp_group_free( grp );
+ mbedtls_mpi_free(&Ns);
+ if (ret != 0) {
+ mbedtls_ecp_group_free(grp);
+ }
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
/*
* Set a group using well-known domain parameters
*/
-int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
+int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id)
{
- ECP_VALIDATE_RET( grp != NULL );
- mbedtls_ecp_group_free( grp );
+ ECP_VALIDATE_RET(grp != NULL);
+ mbedtls_ecp_group_free(grp);
- mbedtls_ecp_group_init( grp );
+ mbedtls_ecp_group_init(grp);
grp->id = id;
- switch( id )
- {
+ switch (id) {
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case MBEDTLS_ECP_DP_SECP192R1:
- NIST_MODP( p192 );
- return( LOAD_GROUP( secp192r1 ) );
+ NIST_MODP(p192);
+ return LOAD_GROUP(secp192r1);
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
case MBEDTLS_ECP_DP_SECP224R1:
- NIST_MODP( p224 );
- return( LOAD_GROUP( secp224r1 ) );
+ NIST_MODP(p224);
+ return LOAD_GROUP(secp224r1);
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case MBEDTLS_ECP_DP_SECP256R1:
- NIST_MODP( p256 );
- return( LOAD_GROUP( secp256r1 ) );
+ NIST_MODP(p256);
+ return LOAD_GROUP(secp256r1);
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case MBEDTLS_ECP_DP_SECP384R1:
- NIST_MODP( p384 );
- return( LOAD_GROUP( secp384r1 ) );
+ NIST_MODP(p384);
+ return LOAD_GROUP(secp384r1);
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case MBEDTLS_ECP_DP_SECP521R1:
- NIST_MODP( p521 );
- return( LOAD_GROUP( secp521r1 ) );
+ NIST_MODP(p521);
+ return LOAD_GROUP(secp521r1);
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case MBEDTLS_ECP_DP_SECP192K1:
grp->modp = ecp_mod_p192k1;
- return( LOAD_GROUP_A( secp192k1 ) );
+ return LOAD_GROUP_A(secp192k1);
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case MBEDTLS_ECP_DP_SECP224K1:
grp->modp = ecp_mod_p224k1;
- return( LOAD_GROUP_A( secp224k1 ) );
+ return LOAD_GROUP_A(secp224k1);
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case MBEDTLS_ECP_DP_SECP256K1:
grp->modp = ecp_mod_p256k1;
- return( LOAD_GROUP_A( secp256k1 ) );
+ return LOAD_GROUP_A(secp256k1);
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
case MBEDTLS_ECP_DP_BP256R1:
- return( LOAD_GROUP_A( brainpoolP256r1 ) );
+ return LOAD_GROUP_A(brainpoolP256r1);
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
case MBEDTLS_ECP_DP_BP384R1:
- return( LOAD_GROUP_A( brainpoolP384r1 ) );
+ return LOAD_GROUP_A(brainpoolP384r1);
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
case MBEDTLS_ECP_DP_BP512R1:
- return( LOAD_GROUP_A( brainpoolP512r1 ) );
+ return LOAD_GROUP_A(brainpoolP512r1);
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
case MBEDTLS_ECP_DP_CURVE25519:
grp->modp = ecp_mod_p255;
- return( ecp_use_curve25519( grp ) );
+ return ecp_use_curve25519(grp);
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
case MBEDTLS_ECP_DP_CURVE448:
grp->modp = ecp_mod_p448;
- return( ecp_use_curve448( grp ) );
+ return ecp_use_curve448(grp);
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
default:
grp->id = MBEDTLS_ECP_DP_NONE;
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
}
}
@@ -862,56 +864,54 @@
*/
/* Add 64-bit chunks (dst += src) and update carry */
-static inline void add64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry )
+static inline void add64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry)
{
unsigned char i;
mbedtls_mpi_uint c = 0;
- for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++, src++ )
- {
- *dst += c; c = ( *dst < c );
- *dst += *src; c += ( *dst < *src );
+ for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++, src++) {
+ *dst += c; c = (*dst < c);
+ *dst += *src; c += (*dst < *src);
}
*carry += c;
}
/* Add carry to a 64-bit chunk and update carry */
-static inline void carry64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry )
+static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry)
{
unsigned char i;
- for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++ )
- {
+ for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++) {
*dst += *carry;
- *carry = ( *dst < *carry );
+ *carry = (*dst < *carry);
}
}
-#define WIDTH 8 / sizeof( mbedtls_mpi_uint )
-#define A( i ) N->p + (i) * WIDTH
-#define ADD( i ) add64( p, A( i ), &c )
-#define NEXT p += WIDTH; carry64( p, &c )
-#define LAST p += WIDTH; *p = c; while( ++p < end ) *p = 0
+#define WIDTH 8 / sizeof(mbedtls_mpi_uint)
+#define A(i) N->p + (i) * WIDTH
+#define ADD(i) add64(p, A(i), &c)
+#define NEXT p += WIDTH; carry64(p, &c)
+#define LAST p += WIDTH; *p = c; while (++p < end) *p = 0
/*
* Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1)
*/
-static int ecp_mod_p192( mbedtls_mpi *N )
+static int ecp_mod_p192(mbedtls_mpi *N)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi_uint c = 0;
mbedtls_mpi_uint *p, *end;
/* Make sure we have enough blocks so that A(5) is legal */
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, 6 * WIDTH ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, 6 * WIDTH));
p = N->p;
end = p + N->n;
- ADD( 3 ); ADD( 5 ); NEXT; // A0 += A3 + A5
- ADD( 3 ); ADD( 4 ); ADD( 5 ); NEXT; // A1 += A3 + A4 + A5
- ADD( 4 ); ADD( 5 ); LAST; // A2 += A4 + A5
+ ADD(3); ADD(5); NEXT; // A0 += A3 + A5
+ ADD(3); ADD(4); ADD(5); NEXT; // A1 += A3 + A4 + A5
+ ADD(4); ADD(5); LAST; // A2 += A4 + A5
cleanup:
- return( ret );
+ return ret;
}
#undef WIDTH
@@ -940,21 +940,21 @@
*
* While at it, also define the size of N in terms of 32-bit chunks.
*/
-#define LOAD32 cur = A( i );
+#define LOAD32 cur = A(i);
#if defined(MBEDTLS_HAVE_INT32) /* 32 bit */
#define MAX32 N->n
-#define A( j ) N->p[j]
+#define A(j) N->p[j]
#define STORE32 N->p[i] = cur;
#else /* 64-bit */
#define MAX32 N->n * 2
-#define A( j ) (j) % 2 ? (uint32_t)( N->p[(j)/2] >> 32 ) : \
- (uint32_t)( N->p[(j)/2] )
+#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \
+ (uint32_t) (N->p[(j)/2])
#define STORE32 \
- if( i % 2 ) { \
+ if (i % 2) { \
N->p[i/2] &= 0x00000000FFFFFFFF; \
N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \
} else { \
@@ -967,20 +967,20 @@
/*
* Helpers for addition and subtraction of chunks, with signed carry.
*/
-static inline void add32( uint32_t *dst, uint32_t src, signed char *carry )
+static inline void add32(uint32_t *dst, uint32_t src, signed char *carry)
{
*dst += src;
- *carry += ( *dst < src );
+ *carry += (*dst < src);
}
-static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry )
+static inline void sub32(uint32_t *dst, uint32_t src, signed char *carry)
{
- *carry -= ( *dst < src );
+ *carry -= (*dst < src);
*dst -= src;
}
-#define ADD( j ) add32( &cur, A( j ), &c );
-#define SUB( j ) sub32( &cur, A( j ), &c );
+#define ADD(j) add32(&cur, A(j), &c);
+#define SUB(j) sub32(&cur, A(j), &c);
#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
#define biL (ciL << 3) /* bits in limb */
@@ -988,83 +988,83 @@
/*
* Helpers for the main 'loop'
*/
-#define INIT( b ) \
+#define INIT(b) \
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; \
signed char c = 0, cc; \
uint32_t cur; \
size_t i = 0, bits = (b); \
/* N is the size of the product of two b-bit numbers, plus one */ \
/* limb for fix_negative */ \
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, ( b ) * 2 / biL + 1 ) ); \
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, (b) * 2 / biL + 1)); \
LOAD32;
#define NEXT \
STORE32; i++; LOAD32; \
cc = c; c = 0; \
- if( cc < 0 ) \
- sub32( &cur, -cc, &c ); \
+ if (cc < 0) \
+ sub32(&cur, -cc, &c); \
else \
- add32( &cur, cc, &c ); \
+ add32(&cur, cc, &c); \
#define LAST \
STORE32; i++; \
cur = c > 0 ? c : 0; STORE32; \
- cur = 0; while( ++i < MAX32 ) { STORE32; } \
- if( c < 0 ) mbedtls_ecp_fix_negative( N, c, bits );
+ cur = 0; while (++i < MAX32) { STORE32; } \
+ if (c < 0) mbedtls_ecp_fix_negative(N, c, bits);
/*
* If the result is negative, we get it in the form
* c * 2^bits + N, with c negative and N positive shorter than 'bits'
*/
MBEDTLS_STATIC_TESTABLE
-void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits )
+void mbedtls_ecp_fix_negative(mbedtls_mpi *N, signed char c, size_t bits)
{
size_t i;
/* Set N := 2^bits - 1 - N. We know that 0 <= N < 2^bits, so
* set the absolute value to 0xfff...fff - N. There is no carry
* since we're subtracting from all-bits-one. */
- for( i = 0; i <= bits / 8 / sizeof( mbedtls_mpi_uint ); i++ )
- {
- N->p[i] = ~(mbedtls_mpi_uint)0 - N->p[i];
+ for (i = 0; i <= bits / 8 / sizeof(mbedtls_mpi_uint); i++) {
+ N->p[i] = ~(mbedtls_mpi_uint) 0 - N->p[i];
}
/* Add 1, taking care of the carry. */
i = 0;
- do
+ do {
++N->p[i];
- while( N->p[i++] == 0 && i <= bits / 8 / sizeof( mbedtls_mpi_uint ) );
+ } while (N->p[i++] == 0 && i <= bits / 8 / sizeof(mbedtls_mpi_uint));
/* Invert the sign.
* Now N = N0 - 2^bits where N0 is the initial value of N. */
N->s = -1;
/* Add |c| * 2^bits to the absolute value. Since c and N are
- * negative, this adds c * 2^bits. */
+ * negative, this adds c * 2^bits. */
mbedtls_mpi_uint msw = (mbedtls_mpi_uint) -c;
#if defined(MBEDTLS_HAVE_INT64)
- if( bits == 224 )
+ if (bits == 224) {
msw <<= 32;
+ }
#endif
- N->p[bits / 8 / sizeof( mbedtls_mpi_uint)] += msw;
+ N->p[bits / 8 / sizeof(mbedtls_mpi_uint)] += msw;
}
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
/*
* Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2)
*/
-static int ecp_mod_p224( mbedtls_mpi *N )
+static int ecp_mod_p224(mbedtls_mpi *N)
{
- INIT( 224 );
+ INIT(224);
- SUB( 7 ); SUB( 11 ); NEXT; // A0 += -A7 - A11
- SUB( 8 ); SUB( 12 ); NEXT; // A1 += -A8 - A12
- SUB( 9 ); SUB( 13 ); NEXT; // A2 += -A9 - A13
- SUB( 10 ); ADD( 7 ); ADD( 11 ); NEXT; // A3 += -A10 + A7 + A11
- SUB( 11 ); ADD( 8 ); ADD( 12 ); NEXT; // A4 += -A11 + A8 + A12
- SUB( 12 ); ADD( 9 ); ADD( 13 ); NEXT; // A5 += -A12 + A9 + A13
- SUB( 13 ); ADD( 10 ); LAST; // A6 += -A13 + A10
+ SUB(7); SUB(11); NEXT; // A0 += -A7 - A11
+ SUB(8); SUB(12); NEXT; // A1 += -A8 - A12
+ SUB(9); SUB(13); NEXT; // A2 += -A9 - A13
+ SUB(10); ADD(7); ADD(11); NEXT; // A3 += -A10 + A7 + A11
+ SUB(11); ADD(8); ADD(12); NEXT; // A4 += -A11 + A8 + A12
+ SUB(12); ADD(9); ADD(13); NEXT; // A5 += -A12 + A9 + A13
+ SUB(13); ADD(10); LAST; // A6 += -A13 + A10
cleanup:
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
@@ -1072,36 +1072,36 @@
/*
* Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3)
*/
-static int ecp_mod_p256( mbedtls_mpi *N )
+static int ecp_mod_p256(mbedtls_mpi *N)
{
- INIT( 256 );
+ INIT(256);
- ADD( 8 ); ADD( 9 );
- SUB( 11 ); SUB( 12 ); SUB( 13 ); SUB( 14 ); NEXT; // A0
+ ADD(8); ADD(9);
+ SUB(11); SUB(12); SUB(13); SUB(14); NEXT; // A0
- ADD( 9 ); ADD( 10 );
- SUB( 12 ); SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A1
+ ADD(9); ADD(10);
+ SUB(12); SUB(13); SUB(14); SUB(15); NEXT; // A1
- ADD( 10 ); ADD( 11 );
- SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A2
+ ADD(10); ADD(11);
+ SUB(13); SUB(14); SUB(15); NEXT; // A2
- ADD( 11 ); ADD( 11 ); ADD( 12 ); ADD( 12 ); ADD( 13 );
- SUB( 15 ); SUB( 8 ); SUB( 9 ); NEXT; // A3
+ ADD(11); ADD(11); ADD(12); ADD(12); ADD(13);
+ SUB(15); SUB(8); SUB(9); NEXT; // A3
- ADD( 12 ); ADD( 12 ); ADD( 13 ); ADD( 13 ); ADD( 14 );
- SUB( 9 ); SUB( 10 ); NEXT; // A4
+ ADD(12); ADD(12); ADD(13); ADD(13); ADD(14);
+ SUB(9); SUB(10); NEXT; // A4
- ADD( 13 ); ADD( 13 ); ADD( 14 ); ADD( 14 ); ADD( 15 );
- SUB( 10 ); SUB( 11 ); NEXT; // A5
+ ADD(13); ADD(13); ADD(14); ADD(14); ADD(15);
+ SUB(10); SUB(11); NEXT; // A5
- ADD( 14 ); ADD( 14 ); ADD( 15 ); ADD( 15 ); ADD( 14 ); ADD( 13 );
- SUB( 8 ); SUB( 9 ); NEXT; // A6
+ ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13);
+ SUB(8); SUB(9); NEXT; // A6
- ADD( 15 ); ADD( 15 ); ADD( 15 ); ADD( 8 );
- SUB( 10 ); SUB( 11 ); SUB( 12 ); SUB( 13 ); LAST; // A7
+ ADD(15); ADD(15); ADD(15); ADD(8);
+ SUB(10); SUB(11); SUB(12); SUB(13); LAST; // A7
cleanup:
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
@@ -1109,48 +1109,48 @@
/*
* Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4)
*/
-static int ecp_mod_p384( mbedtls_mpi *N )
+static int ecp_mod_p384(mbedtls_mpi *N)
{
- INIT( 384 );
+ INIT(384);
- ADD( 12 ); ADD( 21 ); ADD( 20 );
- SUB( 23 ); NEXT; // A0
+ ADD(12); ADD(21); ADD(20);
+ SUB(23); NEXT; // A0
- ADD( 13 ); ADD( 22 ); ADD( 23 );
- SUB( 12 ); SUB( 20 ); NEXT; // A2
+ ADD(13); ADD(22); ADD(23);
+ SUB(12); SUB(20); NEXT; // A2
- ADD( 14 ); ADD( 23 );
- SUB( 13 ); SUB( 21 ); NEXT; // A2
+ ADD(14); ADD(23);
+ SUB(13); SUB(21); NEXT; // A2
- ADD( 15 ); ADD( 12 ); ADD( 20 ); ADD( 21 );
- SUB( 14 ); SUB( 22 ); SUB( 23 ); NEXT; // A3
+ ADD(15); ADD(12); ADD(20); ADD(21);
+ SUB(14); SUB(22); SUB(23); NEXT; // A3
- ADD( 21 ); ADD( 21 ); ADD( 16 ); ADD( 13 ); ADD( 12 ); ADD( 20 ); ADD( 22 );
- SUB( 15 ); SUB( 23 ); SUB( 23 ); NEXT; // A4
+ ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22);
+ SUB(15); SUB(23); SUB(23); NEXT; // A4
- ADD( 22 ); ADD( 22 ); ADD( 17 ); ADD( 14 ); ADD( 13 ); ADD( 21 ); ADD( 23 );
- SUB( 16 ); NEXT; // A5
+ ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23);
+ SUB(16); NEXT; // A5
- ADD( 23 ); ADD( 23 ); ADD( 18 ); ADD( 15 ); ADD( 14 ); ADD( 22 );
- SUB( 17 ); NEXT; // A6
+ ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22);
+ SUB(17); NEXT; // A6
- ADD( 19 ); ADD( 16 ); ADD( 15 ); ADD( 23 );
- SUB( 18 ); NEXT; // A7
+ ADD(19); ADD(16); ADD(15); ADD(23);
+ SUB(18); NEXT; // A7
- ADD( 20 ); ADD( 17 ); ADD( 16 );
- SUB( 19 ); NEXT; // A8
+ ADD(20); ADD(17); ADD(16);
+ SUB(19); NEXT; // A8
- ADD( 21 ); ADD( 18 ); ADD( 17 );
- SUB( 20 ); NEXT; // A9
+ ADD(21); ADD(18); ADD(17);
+ SUB(20); NEXT; // A9
- ADD( 22 ); ADD( 19 ); ADD( 18 );
- SUB( 21 ); NEXT; // A10
+ ADD(22); ADD(19); ADD(18);
+ SUB(21); NEXT; // A10
- ADD( 23 ); ADD( 20 ); ADD( 19 );
- SUB( 22 ); LAST; // A11
+ ADD(23); ADD(20); ADD(19);
+ SUB(22); LAST; // A11
cleanup:
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
@@ -1173,7 +1173,7 @@
*/
/* Size of p521 in terms of mbedtls_mpi_uint */
-#define P521_WIDTH ( 521 / 8 / sizeof( mbedtls_mpi_uint ) + 1 )
+#define P521_WIDTH (521 / 8 / sizeof(mbedtls_mpi_uint) + 1)
/* Bits to keep in the most significant mbedtls_mpi_uint */
#define P521_MASK 0x01FF
@@ -1182,7 +1182,7 @@
* Fast quasi-reduction modulo p521 (FIPS 186-3 D.2.5)
* Write N as A1 + 2^521 A0, return A0 + A1
*/
-static int ecp_mod_p521( mbedtls_mpi *N )
+static int ecp_mod_p521(mbedtls_mpi *N)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
@@ -1192,28 +1192,31 @@
* we need to hold bits 513 to 1056, which is 34 limbs, that is
* P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */
- if( N->n < P521_WIDTH )
- return( 0 );
+ if (N->n < P521_WIDTH) {
+ return 0;
+ }
/* M = A1 */
M.s = 1;
- M.n = N->n - ( P521_WIDTH - 1 );
- if( M.n > P521_WIDTH + 1 )
+ M.n = N->n - (P521_WIDTH - 1);
+ if (M.n > P521_WIDTH + 1) {
M.n = P521_WIDTH + 1;
+ }
M.p = Mp;
- memcpy( Mp, N->p + P521_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 521 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) );
+ memcpy(Mp, N->p + P521_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 521 % (8 * sizeof(mbedtls_mpi_uint))));
/* N = A0 */
N->p[P521_WIDTH - 1] &= P521_MASK;
- for( i = P521_WIDTH; i < N->n; i++ )
+ for (i = P521_WIDTH; i < N->n; i++) {
N->p[i] = 0;
+ }
/* N = A0 + A1 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
cleanup:
- return( ret );
+ return ret;
}
#undef P521_WIDTH
@@ -1225,57 +1228,60 @@
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
/* Size of p255 in terms of mbedtls_mpi_uint */
-#define P255_WIDTH ( 255 / 8 / sizeof( mbedtls_mpi_uint ) + 1 )
+#define P255_WIDTH (255 / 8 / sizeof(mbedtls_mpi_uint) + 1)
/*
* Fast quasi-reduction modulo p255 = 2^255 - 19
* Write N as A0 + 2^255 A1, return A0 + 19 * A1
*/
-static int ecp_mod_p255( mbedtls_mpi *N )
+static int ecp_mod_p255(mbedtls_mpi *N)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
mbedtls_mpi M;
mbedtls_mpi_uint Mp[P255_WIDTH + 2];
- if( N->n < P255_WIDTH )
- return( 0 );
+ if (N->n < P255_WIDTH) {
+ return 0;
+ }
/* M = A1 */
M.s = 1;
- M.n = N->n - ( P255_WIDTH - 1 );
- if( M.n > P255_WIDTH + 1 )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ M.n = N->n - (P255_WIDTH - 1);
+ if (M.n > P255_WIDTH + 1) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
M.p = Mp;
- memset( Mp, 0, sizeof Mp );
- memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 255 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) );
+ memset(Mp, 0, sizeof Mp);
+ memcpy(Mp, N->p + P255_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 255 % (8 * sizeof(mbedtls_mpi_uint))));
M.n++; /* Make room for multiplication by 19 */
/* N = A0 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( N, 255, 0 ) );
- for( i = P255_WIDTH; i < N->n; i++ )
+ MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(N, 255, 0));
+ for (i = P255_WIDTH; i < N->n; i++) {
N->p[i] = 0;
+ }
/* N = A0 + 19 * A1 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &M, 19 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&M, &M, 19));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
cleanup:
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
/* Size of p448 in terms of mbedtls_mpi_uint */
-#define P448_WIDTH ( 448 / 8 / sizeof( mbedtls_mpi_uint ) )
+#define P448_WIDTH (448 / 8 / sizeof(mbedtls_mpi_uint))
/* Number of limbs fully occupied by 2^224 (max), and limbs used by it (min) */
-#define DIV_ROUND_UP( X, Y ) ( ( ( X ) + ( Y ) - 1 ) / ( Y ) )
-#define P224_WIDTH_MIN ( 28 / sizeof( mbedtls_mpi_uint ) )
-#define P224_WIDTH_MAX DIV_ROUND_UP( 28, sizeof( mbedtls_mpi_uint ) )
-#define P224_UNUSED_BITS ( ( P224_WIDTH_MAX * sizeof( mbedtls_mpi_uint ) * 8 ) - 224 )
+#define DIV_ROUND_UP(X, Y) (((X) + (Y) -1) / (Y))
+#define P224_WIDTH_MIN (28 / sizeof(mbedtls_mpi_uint))
+#define P224_WIDTH_MAX DIV_ROUND_UP(28, sizeof(mbedtls_mpi_uint))
+#define P224_UNUSED_BITS ((P224_WIDTH_MAX * sizeof(mbedtls_mpi_uint) * 8) - 224)
/*
* Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1
@@ -1288,52 +1294,57 @@
* but for 64-bit targets it should use half the number of operations if we do
* the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds.
*/
-static int ecp_mod_p448( mbedtls_mpi *N )
+static int ecp_mod_p448(mbedtls_mpi *N)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
mbedtls_mpi M, Q;
mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH];
- if( N->n <= P448_WIDTH )
- return( 0 );
+ if (N->n <= P448_WIDTH) {
+ return 0;
+ }
/* M = A1 */
M.s = 1;
- M.n = N->n - ( P448_WIDTH );
- if( M.n > P448_WIDTH )
+ M.n = N->n - (P448_WIDTH);
+ if (M.n > P448_WIDTH) {
/* Shouldn't be called with N larger than 2^896! */
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
M.p = Mp;
- memset( Mp, 0, sizeof( Mp ) );
- memcpy( Mp, N->p + P448_WIDTH, M.n * sizeof( mbedtls_mpi_uint ) );
+ memset(Mp, 0, sizeof(Mp));
+ memcpy(Mp, N->p + P448_WIDTH, M.n * sizeof(mbedtls_mpi_uint));
/* N = A0 */
- for( i = P448_WIDTH; i < N->n; i++ )
+ for (i = P448_WIDTH; i < N->n; i++) {
N->p[i] = 0;
+ }
/* N += A1 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));
/* Q = B1, N += B1 */
Q = M;
Q.p = Qp;
- memcpy( Qp, Mp, sizeof( Qp ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Q, 224 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &Q ) );
+ memcpy(Qp, Mp, sizeof(Qp));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Q, 224));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &Q));
/* M = (B0 + B1) * 2^224, N += M */
- if( sizeof( mbedtls_mpi_uint ) > 4 )
- Mp[P224_WIDTH_MIN] &= ( (mbedtls_mpi_uint)-1 ) >> ( P224_UNUSED_BITS );
- for( i = P224_WIDTH_MAX; i < M.n; ++i )
+ if (sizeof(mbedtls_mpi_uint) > 4) {
+ Mp[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS);
+ }
+ for (i = P224_WIDTH_MAX; i < M.n; ++i) {
Mp[i] = 0;
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M, &M, &Q ) );
+ }
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&M, &M, &Q));
M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &M, 224 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&M, 224));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));
cleanup:
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
@@ -1347,18 +1358,19 @@
* Write N as A0 + 2^224 A1, return A0 + R * A1.
* Actually do two passes, since R is big.
*/
-#define P_KOBLITZ_MAX ( 256 / 8 / sizeof( mbedtls_mpi_uint ) ) // Max limbs in P
-#define P_KOBLITZ_R ( 8 / sizeof( mbedtls_mpi_uint ) ) // Limbs in R
-static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs,
- size_t adjust, size_t shift, mbedtls_mpi_uint mask )
+#define P_KOBLITZ_MAX (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P
+#define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R
+static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs,
+ size_t adjust, size_t shift, mbedtls_mpi_uint mask)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
mbedtls_mpi M, R;
mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
- if( N->n < p_limbs )
- return( 0 );
+ if (N->n < p_limbs) {
+ return 0;
+ }
/* Init R */
R.s = 1;
@@ -1370,49 +1382,57 @@
M.p = Mp;
/* M = A1 */
- M.n = N->n - ( p_limbs - adjust );
- if( M.n > p_limbs + adjust )
+ M.n = N->n - (p_limbs - adjust);
+ if (M.n > p_limbs + adjust) {
M.n = p_limbs + adjust;
- memset( Mp, 0, sizeof Mp );
- memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
- if( shift != 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
+ }
+ memset(Mp, 0, sizeof Mp);
+ memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
+ if (shift != 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
+ }
M.n += R.n; /* Make room for multiplication by R */
/* N = A0 */
- if( mask != 0 )
+ if (mask != 0) {
N->p[p_limbs - 1] &= mask;
- for( i = p_limbs; i < N->n; i++ )
+ }
+ for (i = p_limbs; i < N->n; i++) {
N->p[i] = 0;
+ }
/* N = A0 + R * A1 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
/* Second pass */
/* M = A1 */
- M.n = N->n - ( p_limbs - adjust );
- if( M.n > p_limbs + adjust )
+ M.n = N->n - (p_limbs - adjust);
+ if (M.n > p_limbs + adjust) {
M.n = p_limbs + adjust;
- memset( Mp, 0, sizeof Mp );
- memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
- if( shift != 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
+ }
+ memset(Mp, 0, sizeof Mp);
+ memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
+ if (shift != 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
+ }
M.n += R.n; /* Make room for multiplication by R */
/* N = A0 */
- if( mask != 0 )
+ if (mask != 0) {
N->p[p_limbs - 1] &= mask;
- for( i = p_limbs; i < N->n; i++ )
+ }
+ for (i = p_limbs; i < N->n; i++) {
N->p[i] = 0;
+ }
/* N = A0 + R * A1 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
cleanup:
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||
MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||
@@ -1423,14 +1443,15 @@
* Fast quasi-reduction modulo p192k1 = 2^192 - R,
* with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119
*/
-static int ecp_mod_p192k1( mbedtls_mpi *N )
+static int ecp_mod_p192k1(mbedtls_mpi *N)
{
static mbedtls_mpi_uint Rp[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
- 0x00 ) };
+ MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
+ 0x00)
+ };
- return( ecp_mod_koblitz( N, Rp, 192 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
- 0 ) );
+ return ecp_mod_koblitz(N, Rp, 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
+ 0);
}
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
@@ -1439,17 +1460,18 @@
* Fast quasi-reduction modulo p224k1 = 2^224 - R,
* with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93
*/
-static int ecp_mod_p224k1( mbedtls_mpi *N )
+static int ecp_mod_p224k1(mbedtls_mpi *N)
{
static mbedtls_mpi_uint Rp[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
- 0x00 ) };
+ MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
+ 0x00)
+ };
#if defined(MBEDTLS_HAVE_INT64)
- return( ecp_mod_koblitz( N, Rp, 4, 1, 32, 0xFFFFFFFF ) );
+ return ecp_mod_koblitz(N, Rp, 4, 1, 32, 0xFFFFFFFF);
#else
- return( ecp_mod_koblitz( N, Rp, 224 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
- 0 ) );
+ return ecp_mod_koblitz(N, Rp, 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
+ 0);
#endif
}
@@ -1460,13 +1482,14 @@
* Fast quasi-reduction modulo p256k1 = 2^256 - R,
* with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1
*/
-static int ecp_mod_p256k1( mbedtls_mpi *N )
+static int ecp_mod_p256k1(mbedtls_mpi *N)
{
static mbedtls_mpi_uint Rp[] = {
- MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
- 0x00 ) };
- return( ecp_mod_koblitz( N, Rp, 256 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
- 0 ) );
+ MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
+ 0x00)
+ };
+ return ecp_mod_koblitz(N, Rp, 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
+ 0);
}
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h
index 71c7702..18815be 100644
--- a/library/ecp_invasive.h
+++ b/library/ecp_invasive.h
@@ -44,7 +44,7 @@
* Behavior:
* Set N to c * 2^bits + old_value_of_N.
*/
-void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits );
+void mbedtls_ecp_fix_negative(mbedtls_mpi *N, signed char c, size_t bits);
#endif
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
@@ -69,10 +69,10 @@
* \return \c 0 on success.
* \return \c MBEDTLS_ERR_ECP_xxx or MBEDTLS_ERR_MPI_xxx on failure.
*/
-int mbedtls_ecp_gen_privkey_mx( size_t n_bits,
- mbedtls_mpi *d,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecp_gen_privkey_mx(size_t n_bits,
+ mbedtls_mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
diff --git a/library/entropy.c b/library/entropy.c
index 77e2bfd..1a4ac96 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -48,103 +48,104 @@
#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
-void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
+void mbedtls_entropy_init(mbedtls_entropy_context *ctx)
{
ctx->source_count = 0;
- memset( ctx->source, 0, sizeof( ctx->source ) );
+ memset(ctx->source, 0, sizeof(ctx->source));
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &ctx->mutex );
+ mbedtls_mutex_init(&ctx->mutex);
#endif
ctx->accumulator_started = 0;
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
- mbedtls_sha512_init( &ctx->accumulator );
+ mbedtls_sha512_init(&ctx->accumulator);
#else
- mbedtls_sha256_init( &ctx->accumulator );
+ mbedtls_sha256_init(&ctx->accumulator);
#endif
#if defined(MBEDTLS_HAVEGE_C)
- mbedtls_havege_init( &ctx->havege_data );
+ mbedtls_havege_init(&ctx->havege_data);
#endif
/* Reminder: Update ENTROPY_HAVE_STRONG in the test files
* when adding more strong entropy sources here. */
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
- mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL,
- 1, MBEDTLS_ENTROPY_SOURCE_STRONG );
+ mbedtls_entropy_add_source(ctx, mbedtls_null_entropy_poll, NULL,
+ 1, MBEDTLS_ENTROPY_SOURCE_STRONG);
#endif
#if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
- mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL,
- MBEDTLS_ENTROPY_MIN_PLATFORM,
- MBEDTLS_ENTROPY_SOURCE_STRONG );
+ mbedtls_entropy_add_source(ctx, mbedtls_platform_entropy_poll, NULL,
+ MBEDTLS_ENTROPY_MIN_PLATFORM,
+ MBEDTLS_ENTROPY_SOURCE_STRONG);
#endif
#if defined(MBEDTLS_TIMING_C)
- mbedtls_entropy_add_source( ctx, mbedtls_hardclock_poll, NULL,
- MBEDTLS_ENTROPY_MIN_HARDCLOCK,
- MBEDTLS_ENTROPY_SOURCE_WEAK );
+ mbedtls_entropy_add_source(ctx, mbedtls_hardclock_poll, NULL,
+ MBEDTLS_ENTROPY_MIN_HARDCLOCK,
+ MBEDTLS_ENTROPY_SOURCE_WEAK);
#endif
#if defined(MBEDTLS_HAVEGE_C)
- mbedtls_entropy_add_source( ctx, mbedtls_havege_poll, &ctx->havege_data,
- MBEDTLS_ENTROPY_MIN_HAVEGE,
- MBEDTLS_ENTROPY_SOURCE_STRONG );
+ mbedtls_entropy_add_source(ctx, mbedtls_havege_poll, &ctx->havege_data,
+ MBEDTLS_ENTROPY_MIN_HAVEGE,
+ MBEDTLS_ENTROPY_SOURCE_STRONG);
#endif
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
- mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL,
- MBEDTLS_ENTROPY_MIN_HARDWARE,
- MBEDTLS_ENTROPY_SOURCE_STRONG );
+ mbedtls_entropy_add_source(ctx, mbedtls_hardware_poll, NULL,
+ MBEDTLS_ENTROPY_MIN_HARDWARE,
+ MBEDTLS_ENTROPY_SOURCE_STRONG);
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
- mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL,
- MBEDTLS_ENTROPY_BLOCK_SIZE,
- MBEDTLS_ENTROPY_SOURCE_STRONG );
+ mbedtls_entropy_add_source(ctx, mbedtls_nv_seed_poll, NULL,
+ MBEDTLS_ENTROPY_BLOCK_SIZE,
+ MBEDTLS_ENTROPY_SOURCE_STRONG);
ctx->initial_entropy_run = 0;
#endif
#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
}
-void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
+void mbedtls_entropy_free(mbedtls_entropy_context *ctx)
{
/* If the context was already free, don't call free() again.
* This is important for mutexes which don't allow double-free. */
- if( ctx->accumulator_started == -1 )
+ if (ctx->accumulator_started == -1) {
return;
+ }
#if defined(MBEDTLS_HAVEGE_C)
- mbedtls_havege_free( &ctx->havege_data );
+ mbedtls_havege_free(&ctx->havege_data);
#endif
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_free( &ctx->mutex );
+ mbedtls_mutex_free(&ctx->mutex);
#endif
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
- mbedtls_sha512_free( &ctx->accumulator );
+ mbedtls_sha512_free(&ctx->accumulator);
#else
- mbedtls_sha256_free( &ctx->accumulator );
+ mbedtls_sha256_free(&ctx->accumulator);
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
ctx->initial_entropy_run = 0;
#endif
ctx->source_count = 0;
- mbedtls_platform_zeroize( ctx->source, sizeof( ctx->source ) );
+ mbedtls_platform_zeroize(ctx->source, sizeof(ctx->source));
ctx->accumulator_started = -1;
}
-int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
- mbedtls_entropy_f_source_ptr f_source, void *p_source,
- size_t threshold, int strong )
+int mbedtls_entropy_add_source(mbedtls_entropy_context *ctx,
+ mbedtls_entropy_f_source_ptr f_source, void *p_source,
+ size_t threshold, int strong)
{
int idx, ret = 0;
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+ return ret;
+ }
#endif
idx = ctx->source_count;
- if( idx >= MBEDTLS_ENTROPY_MAX_SOURCES )
- {
+ if (idx >= MBEDTLS_ENTROPY_MAX_SOURCES) {
ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES;
goto exit;
}
@@ -158,18 +159,19 @@
exit:
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
- return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+ if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+ return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+ }
#endif
- return( ret );
+ return ret;
}
/*
* Entropy accumulator update
*/
-static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id,
- const unsigned char *data, size_t len )
+static int entropy_update(mbedtls_entropy_context *ctx, unsigned char source_id,
+ const unsigned char *data, size_t len)
{
unsigned char header[2];
unsigned char tmp[MBEDTLS_ENTROPY_BLOCK_SIZE];
@@ -177,14 +179,15 @@
const unsigned char *p = data;
int ret = 0;
- if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE )
- {
+ if (use_len > MBEDTLS_ENTROPY_BLOCK_SIZE) {
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
- if( ( ret = mbedtls_sha512_ret( data, len, tmp, 0 ) ) != 0 )
+ if ((ret = mbedtls_sha512_ret(data, len, tmp, 0)) != 0) {
goto cleanup;
+ }
#else
- if( ( ret = mbedtls_sha256_ret( data, len, tmp, 0 ) ) != 0 )
+ if ((ret = mbedtls_sha256_ret(data, len, tmp, 0)) != 0) {
goto cleanup;
+ }
#endif
p = tmp;
use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
@@ -199,55 +202,61 @@
* gather entropy eventually execute this code.
*/
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
- if( ctx->accumulator_started == 0 &&
- ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
+ if (ctx->accumulator_started == 0 &&
+ (ret = mbedtls_sha512_starts_ret(&ctx->accumulator, 0)) != 0) {
goto cleanup;
- else
+ } else {
ctx->accumulator_started = 1;
- if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, header, 2 ) ) != 0 )
+ }
+ if ((ret = mbedtls_sha512_update_ret(&ctx->accumulator, header, 2)) != 0) {
goto cleanup;
- ret = mbedtls_sha512_update_ret( &ctx->accumulator, p, use_len );
+ }
+ ret = mbedtls_sha512_update_ret(&ctx->accumulator, p, use_len);
#else
- if( ctx->accumulator_started == 0 &&
- ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
+ if (ctx->accumulator_started == 0 &&
+ (ret = mbedtls_sha256_starts_ret(&ctx->accumulator, 0)) != 0) {
goto cleanup;
- else
+ } else {
ctx->accumulator_started = 1;
- if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, header, 2 ) ) != 0 )
+ }
+ if ((ret = mbedtls_sha256_update_ret(&ctx->accumulator, header, 2)) != 0) {
goto cleanup;
- ret = mbedtls_sha256_update_ret( &ctx->accumulator, p, use_len );
+ }
+ ret = mbedtls_sha256_update_ret(&ctx->accumulator, p, use_len);
#endif
cleanup:
- mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+ mbedtls_platform_zeroize(tmp, sizeof(tmp));
- return( ret );
+ return ret;
}
-int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
- const unsigned char *data, size_t len )
+int mbedtls_entropy_update_manual(mbedtls_entropy_context *ctx,
+ const unsigned char *data, size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+ return ret;
+ }
#endif
- ret = entropy_update( ctx, MBEDTLS_ENTROPY_SOURCE_MANUAL, data, len );
+ ret = entropy_update(ctx, MBEDTLS_ENTROPY_SOURCE_MANUAL, data, len);
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
- return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+ if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+ return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+ }
#endif
- return( ret );
+ return ret;
}
/*
* Run through the different sources to add entropy to our accumulator
*/
-static int entropy_gather_internal( mbedtls_entropy_context *ctx )
+static int entropy_gather_internal(mbedtls_entropy_context *ctx)
{
int ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
int i;
@@ -255,121 +264,125 @@
unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER];
size_t olen;
- if( ctx->source_count == 0 )
- return( MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED );
+ if (ctx->source_count == 0) {
+ return MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED;
+ }
/*
* Run through our entropy sources
*/
- for( i = 0; i < ctx->source_count; i++ )
- {
- if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG )
+ for (i = 0; i < ctx->source_count; i++) {
+ if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG) {
have_one_strong = 1;
+ }
olen = 0;
- if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
- buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen ) ) != 0 )
- {
+ if ((ret = ctx->source[i].f_source(ctx->source[i].p_source,
+ buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen)) != 0) {
goto cleanup;
}
/*
* Add if we actually gathered something
*/
- if( olen > 0 )
- {
- if( ( ret = entropy_update( ctx, (unsigned char) i,
- buf, olen ) ) != 0 )
- return( ret );
+ if (olen > 0) {
+ if ((ret = entropy_update(ctx, (unsigned char) i,
+ buf, olen)) != 0) {
+ return ret;
+ }
ctx->source[i].size += olen;
}
}
- if( have_one_strong == 0 )
+ if (have_one_strong == 0) {
ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE;
+ }
cleanup:
- mbedtls_platform_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize(buf, sizeof(buf));
- return( ret );
+ return ret;
}
/*
* Thread-safe wrapper for entropy_gather_internal()
*/
-int mbedtls_entropy_gather( mbedtls_entropy_context *ctx )
+int mbedtls_entropy_gather(mbedtls_entropy_context *ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+ return ret;
+ }
#endif
- ret = entropy_gather_internal( ctx );
+ ret = entropy_gather_internal(ctx);
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
- return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+ if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+ return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+ }
#endif
- return( ret );
+ return ret;
}
-int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
+int mbedtls_entropy_func(void *data, unsigned char *output, size_t len)
{
int ret, count = 0, i, thresholds_reached;
size_t strong_size;
mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
- if( len > MBEDTLS_ENTROPY_BLOCK_SIZE )
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ if (len > MBEDTLS_ENTROPY_BLOCK_SIZE) {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ }
#if defined(MBEDTLS_ENTROPY_NV_SEED)
/* Update the NV entropy seed before generating any entropy for outside
* use.
*/
- if( ctx->initial_entropy_run == 0 )
- {
+ if (ctx->initial_entropy_run == 0) {
ctx->initial_entropy_run = 1;
- if( ( ret = mbedtls_entropy_update_nv_seed( ctx ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_entropy_update_nv_seed(ctx)) != 0) {
+ return ret;
+ }
}
#endif
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+ return ret;
+ }
#endif
/*
* Always gather extra entropy before a call
*/
- do
- {
- if( count++ > ENTROPY_MAX_LOOP )
- {
+ do {
+ if (count++ > ENTROPY_MAX_LOOP) {
ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
goto exit;
}
- if( ( ret = entropy_gather_internal( ctx ) ) != 0 )
+ if ((ret = entropy_gather_internal(ctx)) != 0) {
goto exit;
+ }
thresholds_reached = 1;
strong_size = 0;
- for( i = 0; i < ctx->source_count; i++ )
- {
- if( ctx->source[i].size < ctx->source[i].threshold )
+ for (i = 0; i < ctx->source_count; i++) {
+ if (ctx->source[i].size < ctx->source[i].threshold) {
thresholds_reached = 0;
- if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG )
+ }
+ if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG) {
strong_size += ctx->source[i].size;
+ }
}
- }
- while( ! thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE );
+ } while (!thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE);
- memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
+ memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
/*
@@ -377,109 +390,118 @@
* in a previous call to entropy_update(). If this is not guaranteed, the
* code below will fail.
*/
- if( ( ret = mbedtls_sha512_finish_ret( &ctx->accumulator, buf ) ) != 0 )
+ if ((ret = mbedtls_sha512_finish_ret(&ctx->accumulator, buf)) != 0) {
goto exit;
+ }
/*
* Reset accumulator and counters and recycle existing entropy
*/
- mbedtls_sha512_free( &ctx->accumulator );
- mbedtls_sha512_init( &ctx->accumulator );
- if( ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
+ mbedtls_sha512_free(&ctx->accumulator);
+ mbedtls_sha512_init(&ctx->accumulator);
+ if ((ret = mbedtls_sha512_starts_ret(&ctx->accumulator, 0)) != 0) {
goto exit;
- if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, buf,
- MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
+ }
+ if ((ret = mbedtls_sha512_update_ret(&ctx->accumulator, buf,
+ MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
goto exit;
+ }
/*
* Perform second SHA-512 on entropy
*/
- if( ( ret = mbedtls_sha512_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
- buf, 0 ) ) != 0 )
+ if ((ret = mbedtls_sha512_ret(buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
+ buf, 0)) != 0) {
goto exit;
+ }
#else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
- if( ( ret = mbedtls_sha256_finish_ret( &ctx->accumulator, buf ) ) != 0 )
+ if ((ret = mbedtls_sha256_finish_ret(&ctx->accumulator, buf)) != 0) {
goto exit;
+ }
/*
* Reset accumulator and counters and recycle existing entropy
*/
- mbedtls_sha256_free( &ctx->accumulator );
- mbedtls_sha256_init( &ctx->accumulator );
- if( ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
+ mbedtls_sha256_free(&ctx->accumulator);
+ mbedtls_sha256_init(&ctx->accumulator);
+ if ((ret = mbedtls_sha256_starts_ret(&ctx->accumulator, 0)) != 0) {
goto exit;
- if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, buf,
- MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
+ }
+ if ((ret = mbedtls_sha256_update_ret(&ctx->accumulator, buf,
+ MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
goto exit;
+ }
/*
* Perform second SHA-256 on entropy
*/
- if( ( ret = mbedtls_sha256_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
- buf, 0 ) ) != 0 )
+ if ((ret = mbedtls_sha256_ret(buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
+ buf, 0)) != 0) {
goto exit;
+ }
#endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
- for( i = 0; i < ctx->source_count; i++ )
+ for (i = 0; i < ctx->source_count; i++) {
ctx->source[i].size = 0;
+ }
- memcpy( output, buf, len );
+ memcpy(output, buf, len);
ret = 0;
exit:
- mbedtls_platform_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize(buf, sizeof(buf));
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
- return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+ if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+ return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+ }
#endif
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_ENTROPY_NV_SEED)
-int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
+int mbedtls_entropy_update_nv_seed(mbedtls_entropy_context *ctx)
{
int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
/* Read new seed and write it to NV */
- if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
+ return ret;
+ }
- if( mbedtls_nv_seed_write( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
- return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
+ if (mbedtls_nv_seed_write(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) {
+ return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
+ }
/* Manually update the remaining stream with a separator value to diverge */
- memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
- ret = mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
+ memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
+ ret = mbedtls_entropy_update_manual(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_ENTROPY_NV_SEED */
#if defined(MBEDTLS_FS_IO)
-int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path )
+int mbedtls_entropy_write_seed_file(mbedtls_entropy_context *ctx, const char *path)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
FILE *f = NULL;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
- if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
- {
+ if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
goto exit;
}
- if( ( f = fopen( path, "wb" ) ) == NULL )
- {
+ if ((f = fopen(path, "wb")) == NULL) {
ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
goto exit;
}
- if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE )
- {
+ if (fwrite(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) != MBEDTLS_ENTROPY_BLOCK_SIZE) {
ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
goto exit;
}
@@ -487,44 +509,49 @@
ret = 0;
exit:
- mbedtls_platform_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize(buf, sizeof(buf));
- if( f != NULL )
- fclose( f );
+ if (f != NULL) {
+ fclose(f);
+ }
- return( ret );
+ return ret;
}
-int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path )
+int mbedtls_entropy_update_seed_file(mbedtls_entropy_context *ctx, const char *path)
{
int ret = 0;
FILE *f;
size_t n;
- unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ];
+ unsigned char buf[MBEDTLS_ENTROPY_MAX_SEED_SIZE];
- if( ( f = fopen( path, "rb" ) ) == NULL )
- return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
+ if ((f = fopen(path, "rb")) == NULL) {
+ return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
+ }
- fseek( f, 0, SEEK_END );
- n = (size_t) ftell( f );
- fseek( f, 0, SEEK_SET );
+ fseek(f, 0, SEEK_END);
+ n = (size_t) ftell(f);
+ fseek(f, 0, SEEK_SET);
- if( n > MBEDTLS_ENTROPY_MAX_SEED_SIZE )
+ if (n > MBEDTLS_ENTROPY_MAX_SEED_SIZE) {
n = MBEDTLS_ENTROPY_MAX_SEED_SIZE;
+ }
- if( fread( buf, 1, n, f ) != n )
+ if (fread(buf, 1, n, f) != n) {
ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
- else
- ret = mbedtls_entropy_update_manual( ctx, buf, n );
+ } else {
+ ret = mbedtls_entropy_update_manual(ctx, buf, n);
+ }
- fclose( f );
+ fclose(f);
- mbedtls_platform_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize(buf, sizeof(buf));
- if( ret != 0 )
- return( ret );
+ if (ret != 0) {
+ return ret;
+ }
- return( mbedtls_entropy_write_seed_file( ctx, path ) );
+ return mbedtls_entropy_write_seed_file(ctx, path);
}
#endif /* MBEDTLS_FS_IO */
@@ -533,60 +560,58 @@
/*
* Dummy source function
*/
-static int entropy_dummy_source( void *data, unsigned char *output,
- size_t len, size_t *olen )
+static int entropy_dummy_source(void *data, unsigned char *output,
+ size_t len, size_t *olen)
{
((void) data);
- memset( output, 0x2a, len );
+ memset(output, 0x2a, len);
*olen = len;
- return( 0 );
+ return 0;
}
#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-static int mbedtls_entropy_source_self_test_gather( unsigned char *buf, size_t buf_len )
+static int mbedtls_entropy_source_self_test_gather(unsigned char *buf, size_t buf_len)
{
int ret = 0;
size_t entropy_len = 0;
size_t olen = 0;
size_t attempts = buf_len;
- while( attempts > 0 && entropy_len < buf_len )
- {
- if( ( ret = mbedtls_hardware_poll( NULL, buf + entropy_len,
- buf_len - entropy_len, &olen ) ) != 0 )
- return( ret );
+ while (attempts > 0 && entropy_len < buf_len) {
+ if ((ret = mbedtls_hardware_poll(NULL, buf + entropy_len,
+ buf_len - entropy_len, &olen)) != 0) {
+ return ret;
+ }
entropy_len += olen;
attempts--;
}
- if( entropy_len < buf_len )
- {
+ if (entropy_len < buf_len) {
ret = 1;
}
- return( ret );
+ return ret;
}
-static int mbedtls_entropy_source_self_test_check_bits( const unsigned char *buf,
- size_t buf_len )
+static int mbedtls_entropy_source_self_test_check_bits(const unsigned char *buf,
+ size_t buf_len)
{
- unsigned char set= 0xFF;
+ unsigned char set = 0xFF;
unsigned char unset = 0x00;
size_t i;
- for( i = 0; i < buf_len; i++ )
- {
+ for (i = 0; i < buf_len; i++) {
set &= buf[i];
unset |= buf[i];
}
- return( set == 0xFF || unset == 0x00 );
+ return set == 0xFF || unset == 0x00;
}
/*
@@ -600,45 +625,50 @@
* are not equal.
* - The error code returned by the entropy source is not an error.
*/
-int mbedtls_entropy_source_self_test( int verbose )
+int mbedtls_entropy_source_self_test(int verbose)
{
int ret = 0;
- unsigned char buf0[2 * sizeof( unsigned long long int )];
- unsigned char buf1[2 * sizeof( unsigned long long int )];
+ unsigned char buf0[2 * sizeof(unsigned long long int)];
+ unsigned char buf1[2 * sizeof(unsigned long long int)];
- if( verbose != 0 )
- mbedtls_printf( " ENTROPY_BIAS test: " );
+ if (verbose != 0) {
+ mbedtls_printf(" ENTROPY_BIAS test: ");
+ }
- memset( buf0, 0x00, sizeof( buf0 ) );
- memset( buf1, 0x00, sizeof( buf1 ) );
+ memset(buf0, 0x00, sizeof(buf0));
+ memset(buf1, 0x00, sizeof(buf1));
- if( ( ret = mbedtls_entropy_source_self_test_gather( buf0, sizeof( buf0 ) ) ) != 0 )
+ if ((ret = mbedtls_entropy_source_self_test_gather(buf0, sizeof(buf0))) != 0) {
goto cleanup;
- if( ( ret = mbedtls_entropy_source_self_test_gather( buf1, sizeof( buf1 ) ) ) != 0 )
+ }
+ if ((ret = mbedtls_entropy_source_self_test_gather(buf1, sizeof(buf1))) != 0) {
goto cleanup;
+ }
/* Make sure that the returned values are not all 0 or 1 */
- if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf0, sizeof( buf0 ) ) ) != 0 )
+ if ((ret = mbedtls_entropy_source_self_test_check_bits(buf0, sizeof(buf0))) != 0) {
goto cleanup;
- if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf1, sizeof( buf1 ) ) ) != 0 )
+ }
+ if ((ret = mbedtls_entropy_source_self_test_check_bits(buf1, sizeof(buf1))) != 0) {
goto cleanup;
+ }
/* Make sure that the entropy source is not returning values in a
* pattern */
- ret = memcmp( buf0, buf1, sizeof( buf0 ) ) == 0;
+ ret = memcmp(buf0, buf1, sizeof(buf0)) == 0;
cleanup:
- if( verbose != 0 )
- {
- if( ret != 0 )
- mbedtls_printf( "failed\n" );
- else
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ if (ret != 0) {
+ mbedtls_printf("failed\n");
+ } else {
+ mbedtls_printf("passed\n");
+ }
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
}
- return( ret != 0 );
+ return ret != 0;
}
#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
@@ -648,7 +678,7 @@
* test that the functions don't cause errors and write the correct
* amount of data to buffers.
*/
-int mbedtls_entropy_self_test( int verbose )
+int mbedtls_entropy_self_test(int verbose)
{
int ret = 1;
#if !defined(MBEDTLS_TEST_NULL_ENTROPY)
@@ -658,23 +688,27 @@
size_t i, j;
#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
- if( verbose != 0 )
- mbedtls_printf( " ENTROPY test: " );
+ if (verbose != 0) {
+ mbedtls_printf(" ENTROPY test: ");
+ }
#if !defined(MBEDTLS_TEST_NULL_ENTROPY)
- mbedtls_entropy_init( &ctx );
+ mbedtls_entropy_init(&ctx);
/* First do a gather to make sure we have default sources */
- if( ( ret = mbedtls_entropy_gather( &ctx ) ) != 0 )
+ if ((ret = mbedtls_entropy_gather(&ctx)) != 0) {
goto cleanup;
+ }
- ret = mbedtls_entropy_add_source( &ctx, entropy_dummy_source, NULL, 16,
- MBEDTLS_ENTROPY_SOURCE_WEAK );
- if( ret != 0 )
+ ret = mbedtls_entropy_add_source(&ctx, entropy_dummy_source, NULL, 16,
+ MBEDTLS_ENTROPY_SOURCE_WEAK);
+ if (ret != 0) {
goto cleanup;
+ }
- if( ( ret = mbedtls_entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 )
+ if ((ret = mbedtls_entropy_update_manual(&ctx, buf, sizeof buf)) != 0) {
goto cleanup;
+ }
/*
* To test that mbedtls_entropy_func writes correct number of bytes:
@@ -684,44 +718,44 @@
* each of the 32 or 64 bytes to be non-zero has a false failure rate
* of at most 2^(-58) which is acceptable.
*/
- for( i = 0; i < 8; i++ )
- {
- if( ( ret = mbedtls_entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 )
+ for (i = 0; i < 8; i++) {
+ if ((ret = mbedtls_entropy_func(&ctx, buf, sizeof(buf))) != 0) {
goto cleanup;
+ }
- for( j = 0; j < sizeof( buf ); j++ )
+ for (j = 0; j < sizeof(buf); j++) {
acc[j] |= buf[j];
+ }
}
- for( j = 0; j < sizeof( buf ); j++ )
- {
- if( acc[j] == 0 )
- {
+ for (j = 0; j < sizeof(buf); j++) {
+ if (acc[j] == 0) {
ret = 1;
goto cleanup;
}
}
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
- if( ( ret = mbedtls_entropy_source_self_test( 0 ) ) != 0 )
+ if ((ret = mbedtls_entropy_source_self_test(0)) != 0) {
goto cleanup;
+ }
#endif
cleanup:
- mbedtls_entropy_free( &ctx );
+ mbedtls_entropy_free(&ctx);
#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
- if( verbose != 0 )
- {
- if( ret != 0 )
- mbedtls_printf( "failed\n" );
- else
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ if (ret != 0) {
+ mbedtls_printf("failed\n");
+ } else {
+ mbedtls_printf("passed\n");
+ }
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
}
- return( ret != 0 );
+ return ret != 0;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index a858c18..3420616 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -45,7 +45,8 @@
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
!defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
!defined(__HAIKU__) && !defined(__midipix__)
-#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h"
+#error \
+ "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h"
#endif
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
@@ -56,29 +57,27 @@
#include <windows.h>
#include <wincrypt.h>
-int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len,
- size_t *olen )
+int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len,
+ size_t *olen)
{
HCRYPTPROV provider;
((void) data);
*olen = 0;
- if( CryptAcquireContext( &provider, NULL, NULL,
- PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE )
- {
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ if (CryptAcquireContext(&provider, NULL, NULL,
+ PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) == FALSE) {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
- if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE )
- {
- CryptReleaseContext( provider, 0 );
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ if (CryptGenRandom(provider, (DWORD) len, output) == FALSE) {
+ CryptReleaseContext(provider, 0);
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
- CryptReleaseContext( provider, 0 );
+ CryptReleaseContext(provider, 0);
*olen = len;
- return( 0 );
+ return 0;
}
#else /* _WIN32 && !EFIX64 && !EFI32 */
@@ -94,15 +93,15 @@
#define HAVE_GETRANDOM
#include <errno.h>
-static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
+static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags)
{
/* MemSan cannot understand that the syscall writes to the buffer */
#if defined(__has_feature)
#if __has_feature(memory_sanitizer)
- memset( buf, 0, buflen );
+ memset(buf, 0, buflen);
#endif
#endif
- return( syscall( SYS_getrandom, buf, buflen, flags ) );
+ return syscall(SYS_getrandom, buf, buflen, flags);
}
#endif /* SYS_getrandom */
#endif /* __linux__ || __midipix__ */
@@ -114,9 +113,9 @@
#include <errno.h>
#include <sys/random.h>
#define HAVE_GETRANDOM
-static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
+static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags)
{
- return getrandom( buf, buflen, flags );
+ return getrandom(buf, buflen, flags);
}
#endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) ||
(__DragonFly__ && __DragonFly_version >= 500700) */
@@ -136,7 +135,7 @@
#if defined(KERN_ARND)
#define HAVE_SYSCTL_ARND
-static int sysctl_arnd_wrapper( unsigned char *buf, size_t buflen )
+static int sysctl_arnd_wrapper(unsigned char *buf, size_t buflen)
{
int name[2];
size_t len;
@@ -144,23 +143,23 @@
name[0] = CTL_KERN;
name[1] = KERN_ARND;
- while( buflen > 0 )
- {
+ while (buflen > 0) {
len = buflen > 256 ? 256 : buflen;
- if( sysctl(name, 2, buf, &len, NULL, 0) == -1 )
- return( -1 );
+ if (sysctl(name, 2, buf, &len, NULL, 0) == -1) {
+ return -1;
+ }
buflen -= len;
buf += len;
}
- return( 0 );
+ return 0;
}
#endif /* KERN_ARND */
#endif /* __FreeBSD__ || __NetBSD__ */
#include <stdio.h>
-int mbedtls_platform_entropy_poll( void *data,
- unsigned char *output, size_t len, size_t *olen )
+int mbedtls_platform_entropy_poll(void *data,
+ unsigned char *output, size_t len, size_t *olen)
{
FILE *file;
size_t read_len;
@@ -168,14 +167,13 @@
((void) data);
#if defined(HAVE_GETRANDOM)
- ret = getrandom_wrapper( output, len, 0 );
- if( ret >= 0 )
- {
+ ret = getrandom_wrapper(output, len, 0);
+ if (ret >= 0) {
*olen = ret;
- return( 0 );
+ return 0;
+ } else if (errno != ENOSYS) {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
- else if( errno != ENOSYS )
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
/* Fall through if the system call isn't known. */
#else
((void) ret);
@@ -184,105 +182,111 @@
#if defined(HAVE_SYSCTL_ARND)
((void) file);
((void) read_len);
- if( sysctl_arnd_wrapper( output, len ) == -1 )
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ if (sysctl_arnd_wrapper(output, len) == -1) {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ }
*olen = len;
- return( 0 );
+ return 0;
#else
*olen = 0;
- file = fopen( "/dev/urandom", "rb" );
- if( file == NULL )
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-
- read_len = fread( output, 1, len, file );
- if( read_len != len )
- {
- fclose( file );
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ file = fopen("/dev/urandom", "rb");
+ if (file == NULL) {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
- fclose( file );
+ read_len = fread(output, 1, len, file);
+ if (read_len != len) {
+ fclose(file);
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ }
+
+ fclose(file);
*olen = len;
- return( 0 );
+ return 0;
#endif /* HAVE_SYSCTL_ARND */
}
#endif /* _WIN32 && !EFIX64 && !EFI32 */
#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
-int mbedtls_null_entropy_poll( void *data,
- unsigned char *output, size_t len, size_t *olen )
+int mbedtls_null_entropy_poll(void *data,
+ unsigned char *output, size_t len, size_t *olen)
{
((void) data);
((void) output);
*olen = 0;
- if( len < sizeof(unsigned char) )
- return( 0 );
+ if (len < sizeof(unsigned char)) {
+ return 0;
+ }
output[0] = 0;
*olen = sizeof(unsigned char);
- return( 0 );
+ return 0;
}
#endif
#if defined(MBEDTLS_TIMING_C)
-int mbedtls_hardclock_poll( void *data,
- unsigned char *output, size_t len, size_t *olen )
+int mbedtls_hardclock_poll(void *data,
+ unsigned char *output, size_t len, size_t *olen)
{
unsigned long timer = mbedtls_timing_hardclock();
((void) data);
*olen = 0;
- if( len < sizeof(unsigned long) )
- return( 0 );
+ if (len < sizeof(unsigned long)) {
+ return 0;
+ }
- memcpy( output, &timer, sizeof(unsigned long) );
+ memcpy(output, &timer, sizeof(unsigned long));
*olen = sizeof(unsigned long);
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_TIMING_C */
#if defined(MBEDTLS_HAVEGE_C)
-int mbedtls_havege_poll( void *data,
- unsigned char *output, size_t len, size_t *olen )
+int mbedtls_havege_poll(void *data,
+ unsigned char *output, size_t len, size_t *olen)
{
mbedtls_havege_state *hs = (mbedtls_havege_state *) data;
*olen = 0;
- if( mbedtls_havege_random( hs, output, len ) != 0 )
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ if (mbedtls_havege_random(hs, output, len) != 0) {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ }
*olen = len;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_HAVEGE_C */
#if defined(MBEDTLS_ENTROPY_NV_SEED)
-int mbedtls_nv_seed_poll( void *data,
- unsigned char *output, size_t len, size_t *olen )
+int mbedtls_nv_seed_poll(void *data,
+ unsigned char *output, size_t len, size_t *olen)
{
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
((void) data);
- memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
+ memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
- if( mbedtls_nv_seed_read( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ if (mbedtls_nv_seed_read(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ }
- if( len < use_len )
- use_len = len;
+ if (len < use_len) {
+ use_len = len;
+ }
- memcpy( output, buf, use_len );
+ memcpy(output, buf, use_len);
*olen = use_len;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_ENTROPY_NV_SEED */
diff --git a/library/gcm.c b/library/gcm.c
index d0b7337..f7db0d4 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -45,18 +45,18 @@
#if !defined(MBEDTLS_GCM_ALT)
/* Parameter validation macros */
-#define GCM_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_GCM_BAD_INPUT )
-#define GCM_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define GCM_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_GCM_BAD_INPUT)
+#define GCM_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
/*
* Initialize a context
*/
-void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
+void mbedtls_gcm_init(mbedtls_gcm_context *ctx)
{
- GCM_VALIDATE( ctx != NULL );
- memset( ctx, 0, sizeof( mbedtls_gcm_context ) );
+ GCM_VALIDATE(ctx != NULL);
+ memset(ctx, 0, sizeof(mbedtls_gcm_context));
}
/*
@@ -67,7 +67,7 @@
* is the high-order bit of HH corresponds to P^0 and the low-order bit of HL
* corresponds to P^127.
*/
-static int gcm_gen_table( mbedtls_gcm_context *ctx )
+static int gcm_gen_table(mbedtls_gcm_context *ctx)
{
int ret, i, j;
uint64_t hi, lo;
@@ -75,17 +75,18 @@
unsigned char h[16];
size_t olen = 0;
- memset( h, 0, 16 );
- if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, h, 16, h, &olen ) ) != 0 )
- return( ret );
+ memset(h, 0, 16);
+ if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen)) != 0) {
+ return ret;
+ }
/* pack h as two 64-bits ints, big-endian */
- hi = MBEDTLS_GET_UINT32_BE( h, 0 );
- lo = MBEDTLS_GET_UINT32_BE( h, 4 );
+ hi = MBEDTLS_GET_UINT32_BE(h, 0);
+ lo = MBEDTLS_GET_UINT32_BE(h, 4);
vh = (uint64_t) hi << 32 | lo;
- hi = MBEDTLS_GET_UINT32_BE( h, 8 );
- lo = MBEDTLS_GET_UINT32_BE( h, 12 );
+ hi = MBEDTLS_GET_UINT32_BE(h, 8);
+ lo = MBEDTLS_GET_UINT32_BE(h, 12);
vl = (uint64_t) hi << 32 | lo;
/* 8 = 1000 corresponds to 1 in GF(2^128) */
@@ -94,74 +95,75 @@
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
/* With CLMUL support, we need only h, not the rest of the table */
- if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) )
- return( 0 );
+ if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) {
+ return 0;
+ }
#endif
/* 0 corresponds to 0 in GF(2^128) */
ctx->HH[0] = 0;
ctx->HL[0] = 0;
- for( i = 4; i > 0; i >>= 1 )
- {
- uint32_t T = ( vl & 1 ) * 0xe1000000U;
- vl = ( vh << 63 ) | ( vl >> 1 );
- vh = ( vh >> 1 ) ^ ( (uint64_t) T << 32);
+ for (i = 4; i > 0; i >>= 1) {
+ uint32_t T = (vl & 1) * 0xe1000000U;
+ vl = (vh << 63) | (vl >> 1);
+ vh = (vh >> 1) ^ ((uint64_t) T << 32);
ctx->HL[i] = vl;
ctx->HH[i] = vh;
}
- for( i = 2; i <= 8; i *= 2 )
- {
+ for (i = 2; i <= 8; i *= 2) {
uint64_t *HiL = ctx->HL + i, *HiH = ctx->HH + i;
vh = *HiH;
vl = *HiL;
- for( j = 1; j < i; j++ )
- {
+ for (j = 1; j < i; j++) {
HiH[j] = vh ^ ctx->HH[j];
HiL[j] = vl ^ ctx->HL[j];
}
}
- return( 0 );
+ return 0;
}
-int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
- mbedtls_cipher_id_t cipher,
- const unsigned char *key,
- unsigned int keybits )
+int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx,
+ mbedtls_cipher_id_t cipher,
+ const unsigned char *key,
+ unsigned int keybits)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( key != NULL );
- GCM_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 );
+ GCM_VALIDATE_RET(ctx != NULL);
+ GCM_VALIDATE_RET(key != NULL);
+ GCM_VALIDATE_RET(keybits == 128 || keybits == 192 || keybits == 256);
- cipher_info = mbedtls_cipher_info_from_values( cipher, keybits,
- MBEDTLS_MODE_ECB );
- if( cipher_info == NULL )
- return( MBEDTLS_ERR_GCM_BAD_INPUT );
-
- if( cipher_info->block_size != 16 )
- return( MBEDTLS_ERR_GCM_BAD_INPUT );
-
- mbedtls_cipher_free( &ctx->cipher_ctx );
-
- if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
- return( ret );
-
- if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
- MBEDTLS_ENCRYPT ) ) != 0 )
- {
- return( ret );
+ cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
+ MBEDTLS_MODE_ECB);
+ if (cipher_info == NULL) {
+ return MBEDTLS_ERR_GCM_BAD_INPUT;
}
- if( ( ret = gcm_gen_table( ctx ) ) != 0 )
- return( ret );
+ if (cipher_info->block_size != 16) {
+ return MBEDTLS_ERR_GCM_BAD_INPUT;
+ }
- return( 0 );
+ mbedtls_cipher_free(&ctx->cipher_ctx);
+
+ if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) {
+ return ret;
+ }
+
+ if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits,
+ MBEDTLS_ENCRYPT)) != 0) {
+ return ret;
+ }
+
+ if ((ret = gcm_gen_table(ctx)) != 0) {
+ return ret;
+ }
+
+ return 0;
}
/*
@@ -181,23 +183,23 @@
* Sets output to x times H using the precomputed tables.
* x and output are seen as elements of GF(2^128) as in [MGV].
*/
-static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
- unsigned char output[16] )
+static void gcm_mult(mbedtls_gcm_context *ctx, const unsigned char x[16],
+ unsigned char output[16])
{
int i = 0;
unsigned char lo, hi, rem;
uint64_t zh, zl;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
- if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) {
+ if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) {
unsigned char h[16];
- MBEDTLS_PUT_UINT32_BE( ctx->HH[8] >> 32, h, 0 );
- MBEDTLS_PUT_UINT32_BE( ctx->HH[8], h, 4 );
- MBEDTLS_PUT_UINT32_BE( ctx->HL[8] >> 32, h, 8 );
- MBEDTLS_PUT_UINT32_BE( ctx->HL[8], h, 12 );
+ MBEDTLS_PUT_UINT32_BE(ctx->HH[8] >> 32, h, 0);
+ MBEDTLS_PUT_UINT32_BE(ctx->HH[8], h, 4);
+ MBEDTLS_PUT_UINT32_BE(ctx->HL[8] >> 32, h, 8);
+ MBEDTLS_PUT_UINT32_BE(ctx->HL[8], h, 12);
- mbedtls_aesni_gcm_mult( output, x, h );
+ mbedtls_aesni_gcm_mult(output, x, h);
return;
}
#endif /* MBEDTLS_AESNI_C && MBEDTLS_HAVE_X86_64 */
@@ -207,16 +209,14 @@
zh = ctx->HH[lo];
zl = ctx->HL[lo];
- for( i = 15; i >= 0; i-- )
- {
+ for (i = 15; i >= 0; i--) {
lo = x[i] & 0xf;
- hi = ( x[i] >> 4 ) & 0xf;
+ hi = (x[i] >> 4) & 0xf;
- if( i != 15 )
- {
+ if (i != 15) {
rem = (unsigned char) zl & 0xf;
- zl = ( zh << 60 ) | ( zl >> 4 );
- zh = ( zh >> 4 );
+ zl = (zh << 60) | (zl >> 4);
+ zh = (zh >> 4);
zh ^= (uint64_t) last4[rem] << 48;
zh ^= ctx->HH[lo];
zl ^= ctx->HL[lo];
@@ -224,25 +224,25 @@
}
rem = (unsigned char) zl & 0xf;
- zl = ( zh << 60 ) | ( zl >> 4 );
- zh = ( zh >> 4 );
+ zl = (zh << 60) | (zl >> 4);
+ zh = (zh >> 4);
zh ^= (uint64_t) last4[rem] << 48;
zh ^= ctx->HH[hi];
zl ^= ctx->HL[hi];
}
- MBEDTLS_PUT_UINT32_BE( zh >> 32, output, 0 );
- MBEDTLS_PUT_UINT32_BE( zh, output, 4 );
- MBEDTLS_PUT_UINT32_BE( zl >> 32, output, 8 );
- MBEDTLS_PUT_UINT32_BE( zl, output, 12 );
+ MBEDTLS_PUT_UINT32_BE(zh >> 32, output, 0);
+ MBEDTLS_PUT_UINT32_BE(zh, output, 4);
+ MBEDTLS_PUT_UINT32_BE(zl >> 32, output, 8);
+ MBEDTLS_PUT_UINT32_BE(zl, output, 12);
}
-int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
- int mode,
- const unsigned char *iv,
- size_t iv_len,
- const unsigned char *add,
- size_t add_len )
+int mbedtls_gcm_starts(mbedtls_gcm_context *ctx,
+ int mode,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *add,
+ size_t add_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char work_buf[16];
@@ -251,85 +251,81 @@
size_t use_len, olen = 0;
uint64_t iv_bits;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( iv != NULL );
- GCM_VALIDATE_RET( add_len == 0 || add != NULL );
+ GCM_VALIDATE_RET(ctx != NULL);
+ GCM_VALIDATE_RET(iv != NULL);
+ GCM_VALIDATE_RET(add_len == 0 || add != NULL);
/* IV and AD are limited to 2^64 bits, so 2^61 bytes */
/* IV is not allowed to be zero length */
- if( iv_len == 0 ||
- ( (uint64_t) iv_len ) >> 61 != 0 ||
- ( (uint64_t) add_len ) >> 61 != 0 )
- {
- return( MBEDTLS_ERR_GCM_BAD_INPUT );
+ if (iv_len == 0 ||
+ ((uint64_t) iv_len) >> 61 != 0 ||
+ ((uint64_t) add_len) >> 61 != 0) {
+ return MBEDTLS_ERR_GCM_BAD_INPUT;
}
- memset( ctx->y, 0x00, sizeof(ctx->y) );
- memset( ctx->buf, 0x00, sizeof(ctx->buf) );
+ memset(ctx->y, 0x00, sizeof(ctx->y));
+ memset(ctx->buf, 0x00, sizeof(ctx->buf));
ctx->mode = mode;
ctx->len = 0;
ctx->add_len = 0;
- if( iv_len == 12 )
- {
- memcpy( ctx->y, iv, iv_len );
+ if (iv_len == 12) {
+ memcpy(ctx->y, iv, iv_len);
ctx->y[15] = 1;
- }
- else
- {
- memset( work_buf, 0x00, 16 );
- iv_bits = (uint64_t)iv_len * 8;
- MBEDTLS_PUT_UINT64_BE( iv_bits, work_buf, 8 );
+ } else {
+ memset(work_buf, 0x00, 16);
+ iv_bits = (uint64_t) iv_len * 8;
+ MBEDTLS_PUT_UINT64_BE(iv_bits, work_buf, 8);
p = iv;
- while( iv_len > 0 )
- {
- use_len = ( iv_len < 16 ) ? iv_len : 16;
+ while (iv_len > 0) {
+ use_len = (iv_len < 16) ? iv_len : 16;
- for( i = 0; i < use_len; i++ )
+ for (i = 0; i < use_len; i++) {
ctx->y[i] ^= p[i];
+ }
- gcm_mult( ctx, ctx->y, ctx->y );
+ gcm_mult(ctx, ctx->y, ctx->y);
iv_len -= use_len;
p += use_len;
}
- for( i = 0; i < 16; i++ )
+ for (i = 0; i < 16; i++) {
ctx->y[i] ^= work_buf[i];
+ }
- gcm_mult( ctx, ctx->y, ctx->y );
+ gcm_mult(ctx, ctx->y, ctx->y);
}
- if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16,
- ctx->base_ectr, &olen ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16,
+ ctx->base_ectr, &olen)) != 0) {
+ return ret;
}
ctx->add_len = add_len;
p = add;
- while( add_len > 0 )
- {
- use_len = ( add_len < 16 ) ? add_len : 16;
+ while (add_len > 0) {
+ use_len = (add_len < 16) ? add_len : 16;
- for( i = 0; i < use_len; i++ )
+ for (i = 0; i < use_len; i++) {
ctx->buf[i] ^= p[i];
+ }
- gcm_mult( ctx, ctx->buf, ctx->buf );
+ gcm_mult(ctx, ctx->buf, ctx->buf);
add_len -= use_len;
p += use_len;
}
- return( 0 );
+ return 0;
}
-int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
- size_t length,
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_gcm_update(mbedtls_gcm_context *ctx,
+ size_t length,
+ const unsigned char *input,
+ unsigned char *output)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char ectr[16];
@@ -338,180 +334,186 @@
unsigned char *out_p = output;
size_t use_len, olen = 0;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( length == 0 || input != NULL );
- GCM_VALIDATE_RET( length == 0 || output != NULL );
+ GCM_VALIDATE_RET(ctx != NULL);
+ GCM_VALIDATE_RET(length == 0 || input != NULL);
+ GCM_VALIDATE_RET(length == 0 || output != NULL);
- if( output > input && (size_t) ( output - input ) < length )
- return( MBEDTLS_ERR_GCM_BAD_INPUT );
+ if (output > input && (size_t) (output - input) < length) {
+ return MBEDTLS_ERR_GCM_BAD_INPUT;
+ }
/* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
* Also check for possible overflow */
- if( ctx->len + length < ctx->len ||
- (uint64_t) ctx->len + length > 0xFFFFFFFE0ull )
- {
- return( MBEDTLS_ERR_GCM_BAD_INPUT );
+ if (ctx->len + length < ctx->len ||
+ (uint64_t) ctx->len + length > 0xFFFFFFFE0ull) {
+ return MBEDTLS_ERR_GCM_BAD_INPUT;
}
ctx->len += length;
p = input;
- while( length > 0 )
- {
- use_len = ( length < 16 ) ? length : 16;
+ while (length > 0) {
+ use_len = (length < 16) ? length : 16;
- for( i = 16; i > 12; i-- )
- if( ++ctx->y[i - 1] != 0 )
+ for (i = 16; i > 12; i--) {
+ if (++ctx->y[i - 1] != 0) {
break;
-
- if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ectr,
- &olen ) ) != 0 )
- {
- return( ret );
+ }
}
- for( i = 0; i < use_len; i++ )
- {
- if( ctx->mode == MBEDTLS_GCM_DECRYPT )
+ if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr,
+ &olen)) != 0) {
+ return ret;
+ }
+
+ for (i = 0; i < use_len; i++) {
+ if (ctx->mode == MBEDTLS_GCM_DECRYPT) {
ctx->buf[i] ^= p[i];
+ }
out_p[i] = ectr[i] ^ p[i];
- if( ctx->mode == MBEDTLS_GCM_ENCRYPT )
+ if (ctx->mode == MBEDTLS_GCM_ENCRYPT) {
ctx->buf[i] ^= out_p[i];
+ }
}
- gcm_mult( ctx, ctx->buf, ctx->buf );
+ gcm_mult(ctx, ctx->buf, ctx->buf);
length -= use_len;
p += use_len;
out_p += use_len;
}
- return( 0 );
+ return 0;
}
-int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
- unsigned char *tag,
- size_t tag_len )
+int mbedtls_gcm_finish(mbedtls_gcm_context *ctx,
+ unsigned char *tag,
+ size_t tag_len)
{
unsigned char work_buf[16];
size_t i;
uint64_t orig_len;
uint64_t orig_add_len;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( tag != NULL );
+ GCM_VALIDATE_RET(ctx != NULL);
+ GCM_VALIDATE_RET(tag != NULL);
orig_len = ctx->len * 8;
orig_add_len = ctx->add_len * 8;
- if( tag_len > 16 || tag_len < 4 )
- return( MBEDTLS_ERR_GCM_BAD_INPUT );
-
- memcpy( tag, ctx->base_ectr, tag_len );
-
- if( orig_len || orig_add_len )
- {
- memset( work_buf, 0x00, 16 );
-
- MBEDTLS_PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0 );
- MBEDTLS_PUT_UINT32_BE( ( orig_add_len ), work_buf, 4 );
- MBEDTLS_PUT_UINT32_BE( ( orig_len >> 32 ), work_buf, 8 );
- MBEDTLS_PUT_UINT32_BE( ( orig_len ), work_buf, 12 );
-
- for( i = 0; i < 16; i++ )
- ctx->buf[i] ^= work_buf[i];
-
- gcm_mult( ctx, ctx->buf, ctx->buf );
-
- for( i = 0; i < tag_len; i++ )
- tag[i] ^= ctx->buf[i];
+ if (tag_len > 16 || tag_len < 4) {
+ return MBEDTLS_ERR_GCM_BAD_INPUT;
}
- return( 0 );
+ memcpy(tag, ctx->base_ectr, tag_len);
+
+ if (orig_len || orig_add_len) {
+ memset(work_buf, 0x00, 16);
+
+ MBEDTLS_PUT_UINT32_BE((orig_add_len >> 32), work_buf, 0);
+ MBEDTLS_PUT_UINT32_BE((orig_add_len), work_buf, 4);
+ MBEDTLS_PUT_UINT32_BE((orig_len >> 32), work_buf, 8);
+ MBEDTLS_PUT_UINT32_BE((orig_len), work_buf, 12);
+
+ for (i = 0; i < 16; i++) {
+ ctx->buf[i] ^= work_buf[i];
+ }
+
+ gcm_mult(ctx, ctx->buf, ctx->buf);
+
+ for (i = 0; i < tag_len; i++) {
+ tag[i] ^= ctx->buf[i];
+ }
+ }
+
+ return 0;
}
-int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
- int mode,
- size_t length,
- const unsigned char *iv,
- size_t iv_len,
- const unsigned char *add,
- size_t add_len,
- const unsigned char *input,
- unsigned char *output,
- size_t tag_len,
- unsigned char *tag )
+int mbedtls_gcm_crypt_and_tag(mbedtls_gcm_context *ctx,
+ int mode,
+ size_t length,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *add,
+ size_t add_len,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t tag_len,
+ unsigned char *tag)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( iv != NULL );
- GCM_VALIDATE_RET( add_len == 0 || add != NULL );
- GCM_VALIDATE_RET( length == 0 || input != NULL );
- GCM_VALIDATE_RET( length == 0 || output != NULL );
- GCM_VALIDATE_RET( tag != NULL );
+ GCM_VALIDATE_RET(ctx != NULL);
+ GCM_VALIDATE_RET(iv != NULL);
+ GCM_VALIDATE_RET(add_len == 0 || add != NULL);
+ GCM_VALIDATE_RET(length == 0 || input != NULL);
+ GCM_VALIDATE_RET(length == 0 || output != NULL);
+ GCM_VALIDATE_RET(tag != NULL);
- if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len, add, add_len ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_gcm_starts(ctx, mode, iv, iv_len, add, add_len)) != 0) {
+ return ret;
+ }
- if( ( ret = mbedtls_gcm_update( ctx, length, input, output ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_gcm_update(ctx, length, input, output)) != 0) {
+ return ret;
+ }
- if( ( ret = mbedtls_gcm_finish( ctx, tag, tag_len ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_gcm_finish(ctx, tag, tag_len)) != 0) {
+ return ret;
+ }
- return( 0 );
+ return 0;
}
-int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
- size_t length,
- const unsigned char *iv,
- size_t iv_len,
- const unsigned char *add,
- size_t add_len,
- const unsigned char *tag,
- size_t tag_len,
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx,
+ size_t length,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *add,
+ size_t add_len,
+ const unsigned char *tag,
+ size_t tag_len,
+ const unsigned char *input,
+ unsigned char *output)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char check_tag[16];
size_t i;
int diff;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( iv != NULL );
- GCM_VALIDATE_RET( add_len == 0 || add != NULL );
- GCM_VALIDATE_RET( tag != NULL );
- GCM_VALIDATE_RET( length == 0 || input != NULL );
- GCM_VALIDATE_RET( length == 0 || output != NULL );
+ GCM_VALIDATE_RET(ctx != NULL);
+ GCM_VALIDATE_RET(iv != NULL);
+ GCM_VALIDATE_RET(add_len == 0 || add != NULL);
+ GCM_VALIDATE_RET(tag != NULL);
+ GCM_VALIDATE_RET(length == 0 || input != NULL);
+ GCM_VALIDATE_RET(length == 0 || output != NULL);
- if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length,
- iv, iv_len, add, add_len,
- input, output, tag_len, check_tag ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_gcm_crypt_and_tag(ctx, MBEDTLS_GCM_DECRYPT, length,
+ iv, iv_len, add, add_len,
+ input, output, tag_len, check_tag)) != 0) {
+ return ret;
}
/* Check tag in "constant-time" */
- for( diff = 0, i = 0; i < tag_len; i++ )
+ for (diff = 0, i = 0; i < tag_len; i++) {
diff |= tag[i] ^ check_tag[i];
-
- if( diff != 0 )
- {
- mbedtls_platform_zeroize( output, length );
- return( MBEDTLS_ERR_GCM_AUTH_FAILED );
}
- return( 0 );
+ if (diff != 0) {
+ mbedtls_platform_zeroize(output, length);
+ return MBEDTLS_ERR_GCM_AUTH_FAILED;
+ }
+
+ return 0;
}
-void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
+void mbedtls_gcm_free(mbedtls_gcm_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
- mbedtls_cipher_free( &ctx->cipher_ctx );
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
+ }
+ mbedtls_cipher_free(&ctx->cipher_ctx);
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_gcm_context));
}
#endif /* !MBEDTLS_GCM_ALT */
@@ -525,7 +527,7 @@
#define MAX_TESTS 6
static const int key_index_test_data[MAX_TESTS] =
- { 0, 0, 1, 1, 1, 1 };
+{ 0, 0, 1, 1, 1, 1 };
static const unsigned char key_test_data[MAX_TESTS][32] =
{
@@ -540,10 +542,10 @@
};
static const size_t iv_len_test_data[MAX_TESTS] =
- { 12, 12, 12, 12, 8, 60 };
+{ 12, 12, 12, 12, 8, 60 };
static const int iv_index_test_data[MAX_TESTS] =
- { 0, 0, 1, 1, 1, 2 };
+{ 0, 0, 1, 1, 1, 2 };
static const unsigned char iv_test_data[MAX_TESTS][64] =
{
@@ -562,10 +564,10 @@
};
static const size_t add_len_test_data[MAX_TESTS] =
- { 0, 0, 0, 20, 20, 20 };
+{ 0, 0, 0, 20, 20, 20 };
static const int add_index_test_data[MAX_TESTS] =
- { 0, 0, 0, 1, 1, 1 };
+{ 0, 0, 0, 1, 1, 1 };
static const unsigned char additional_test_data[MAX_TESTS][64] =
{
@@ -576,10 +578,10 @@
};
static const size_t pt_len_test_data[MAX_TESTS] =
- { 0, 16, 64, 60, 60, 60 };
+{ 0, 16, 64, 60, 60, 60 };
static const int pt_index_test_data[MAX_TESTS] =
- { 0, 0, 1, 1, 1, 1 };
+{ 0, 0, 1, 1, 1, 1 };
static const unsigned char pt_test_data[MAX_TESTS][64] =
{
@@ -744,7 +746,7 @@
0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a },
};
-int mbedtls_gcm_self_test( int verbose )
+int mbedtls_gcm_self_test(int verbose)
{
mbedtls_gcm_context ctx;
unsigned char buf[64];
@@ -752,242 +754,250 @@
int i, j, ret;
mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
- for( j = 0; j < 3; j++ )
- {
+ for (j = 0; j < 3; j++) {
int key_len = 128 + 64 * j;
- for( i = 0; i < MAX_TESTS; i++ )
- {
- mbedtls_gcm_init( &ctx );
+ for (i = 0; i < MAX_TESTS; i++) {
+ mbedtls_gcm_init(&ctx);
- if( verbose != 0 )
- mbedtls_printf( " AES-GCM-%3d #%d (%s): ",
- key_len, i, "enc" );
+ if (verbose != 0) {
+ mbedtls_printf(" AES-GCM-%3d #%d (%s): ",
+ key_len, i, "enc");
+ }
- ret = mbedtls_gcm_setkey( &ctx, cipher,
- key_test_data[key_index_test_data[i]],
- key_len );
+ ret = mbedtls_gcm_setkey(&ctx, cipher,
+ key_test_data[key_index_test_data[i]],
+ key_len);
/*
* AES-192 is an optional feature that may be unavailable when
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
*/
- if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192 )
- {
- mbedtls_printf( "skipped\n" );
+ if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192) {
+ mbedtls_printf("skipped\n");
break;
- }
- else if( ret != 0 )
- {
+ } else if (ret != 0) {
goto exit;
}
- ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT,
- pt_len_test_data[i],
- iv_test_data[iv_index_test_data[i]],
- iv_len_test_data[i],
- additional_test_data[add_index_test_data[i]],
- add_len_test_data[i],
- pt_test_data[pt_index_test_data[i]],
- buf, 16, tag_buf );
+ ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT,
+ pt_len_test_data[i],
+ iv_test_data[iv_index_test_data[i]],
+ iv_len_test_data[i],
+ additional_test_data[add_index_test_data[i]],
+ add_len_test_data[i],
+ pt_test_data[pt_index_test_data[i]],
+ buf, 16, tag_buf);
#if defined(MBEDTLS_GCM_ALT)
/* Allow alternative implementations to only support 12-byte nonces. */
- if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED &&
- iv_len_test_data[i] != 12 )
- {
- mbedtls_printf( "skipped\n" );
+ if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED &&
+ iv_len_test_data[i] != 12) {
+ mbedtls_printf("skipped\n");
break;
}
#endif /* defined(MBEDTLS_GCM_ALT) */
- if( ret != 0 )
+ if (ret != 0) {
goto exit;
+ }
- if ( memcmp( buf, ct_test_data[j * 6 + i],
- pt_len_test_data[i] ) != 0 ||
- memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
- {
+ if (memcmp(buf, ct_test_data[j * 6 + i],
+ pt_len_test_data[i]) != 0 ||
+ memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
ret = 1;
goto exit;
}
- mbedtls_gcm_free( &ctx );
+ mbedtls_gcm_free(&ctx);
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
- mbedtls_gcm_init( &ctx );
+ mbedtls_gcm_init(&ctx);
- if( verbose != 0 )
- mbedtls_printf( " AES-GCM-%3d #%d (%s): ",
- key_len, i, "dec" );
+ if (verbose != 0) {
+ mbedtls_printf(" AES-GCM-%3d #%d (%s): ",
+ key_len, i, "dec");
+ }
- ret = mbedtls_gcm_setkey( &ctx, cipher,
- key_test_data[key_index_test_data[i]],
- key_len );
- if( ret != 0 )
+ ret = mbedtls_gcm_setkey(&ctx, cipher,
+ key_test_data[key_index_test_data[i]],
+ key_len);
+ if (ret != 0) {
goto exit;
+ }
- ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT,
- pt_len_test_data[i],
- iv_test_data[iv_index_test_data[i]],
- iv_len_test_data[i],
- additional_test_data[add_index_test_data[i]],
- add_len_test_data[i],
- ct_test_data[j * 6 + i], buf, 16, tag_buf );
+ ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_DECRYPT,
+ pt_len_test_data[i],
+ iv_test_data[iv_index_test_data[i]],
+ iv_len_test_data[i],
+ additional_test_data[add_index_test_data[i]],
+ add_len_test_data[i],
+ ct_test_data[j * 6 + i], buf, 16, tag_buf);
- if( ret != 0 )
+ if (ret != 0) {
goto exit;
+ }
- if( memcmp( buf, pt_test_data[pt_index_test_data[i]],
- pt_len_test_data[i] ) != 0 ||
- memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
- {
+ if (memcmp(buf, pt_test_data[pt_index_test_data[i]],
+ pt_len_test_data[i]) != 0 ||
+ memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
ret = 1;
goto exit;
}
- mbedtls_gcm_free( &ctx );
+ mbedtls_gcm_free(&ctx);
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
- mbedtls_gcm_init( &ctx );
+ mbedtls_gcm_init(&ctx);
- if( verbose != 0 )
- mbedtls_printf( " AES-GCM-%3d #%d split (%s): ",
- key_len, i, "enc" );
+ if (verbose != 0) {
+ mbedtls_printf(" AES-GCM-%3d #%d split (%s): ",
+ key_len, i, "enc");
+ }
- ret = mbedtls_gcm_setkey( &ctx, cipher,
- key_test_data[key_index_test_data[i]],
- key_len );
- if( ret != 0 )
+ ret = mbedtls_gcm_setkey(&ctx, cipher,
+ key_test_data[key_index_test_data[i]],
+ key_len);
+ if (ret != 0) {
goto exit;
+ }
- ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT,
- iv_test_data[iv_index_test_data[i]],
- iv_len_test_data[i],
- additional_test_data[add_index_test_data[i]],
- add_len_test_data[i] );
- if( ret != 0 )
+ ret = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_ENCRYPT,
+ iv_test_data[iv_index_test_data[i]],
+ iv_len_test_data[i],
+ additional_test_data[add_index_test_data[i]],
+ add_len_test_data[i]);
+ if (ret != 0) {
goto exit;
+ }
- if( pt_len_test_data[i] > 32 )
- {
+ if (pt_len_test_data[i] > 32) {
size_t rest_len = pt_len_test_data[i] - 32;
- ret = mbedtls_gcm_update( &ctx, 32,
- pt_test_data[pt_index_test_data[i]],
- buf );
- if( ret != 0 )
+ ret = mbedtls_gcm_update(&ctx, 32,
+ pt_test_data[pt_index_test_data[i]],
+ buf);
+ if (ret != 0) {
goto exit;
+ }
- ret = mbedtls_gcm_update( &ctx, rest_len,
- pt_test_data[pt_index_test_data[i]] + 32,
- buf + 32 );
- if( ret != 0 )
+ ret = mbedtls_gcm_update(&ctx, rest_len,
+ pt_test_data[pt_index_test_data[i]] + 32,
+ buf + 32);
+ if (ret != 0) {
goto exit;
- }
- else
- {
- ret = mbedtls_gcm_update( &ctx, pt_len_test_data[i],
- pt_test_data[pt_index_test_data[i]],
- buf );
- if( ret != 0 )
+ }
+ } else {
+ ret = mbedtls_gcm_update(&ctx, pt_len_test_data[i],
+ pt_test_data[pt_index_test_data[i]],
+ buf);
+ if (ret != 0) {
goto exit;
+ }
}
- ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );
- if( ret != 0 )
+ ret = mbedtls_gcm_finish(&ctx, tag_buf, 16);
+ if (ret != 0) {
goto exit;
+ }
- if( memcmp( buf, ct_test_data[j * 6 + i],
- pt_len_test_data[i] ) != 0 ||
- memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
- {
+ if (memcmp(buf, ct_test_data[j * 6 + i],
+ pt_len_test_data[i]) != 0 ||
+ memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
ret = 1;
goto exit;
}
- mbedtls_gcm_free( &ctx );
+ mbedtls_gcm_free(&ctx);
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
- mbedtls_gcm_init( &ctx );
+ mbedtls_gcm_init(&ctx);
- if( verbose != 0 )
- mbedtls_printf( " AES-GCM-%3d #%d split (%s): ",
- key_len, i, "dec" );
+ if (verbose != 0) {
+ mbedtls_printf(" AES-GCM-%3d #%d split (%s): ",
+ key_len, i, "dec");
+ }
- ret = mbedtls_gcm_setkey( &ctx, cipher,
- key_test_data[key_index_test_data[i]],
- key_len );
- if( ret != 0 )
+ ret = mbedtls_gcm_setkey(&ctx, cipher,
+ key_test_data[key_index_test_data[i]],
+ key_len);
+ if (ret != 0) {
goto exit;
+ }
- ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT,
- iv_test_data[iv_index_test_data[i]],
- iv_len_test_data[i],
- additional_test_data[add_index_test_data[i]],
- add_len_test_data[i] );
- if( ret != 0 )
+ ret = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT,
+ iv_test_data[iv_index_test_data[i]],
+ iv_len_test_data[i],
+ additional_test_data[add_index_test_data[i]],
+ add_len_test_data[i]);
+ if (ret != 0) {
goto exit;
+ }
- if( pt_len_test_data[i] > 32 )
- {
+ if (pt_len_test_data[i] > 32) {
size_t rest_len = pt_len_test_data[i] - 32;
- ret = mbedtls_gcm_update( &ctx, 32, ct_test_data[j * 6 + i],
- buf );
- if( ret != 0 )
+ ret = mbedtls_gcm_update(&ctx, 32, ct_test_data[j * 6 + i],
+ buf);
+ if (ret != 0) {
goto exit;
+ }
- ret = mbedtls_gcm_update( &ctx, rest_len,
- ct_test_data[j * 6 + i] + 32,
- buf + 32 );
- if( ret != 0 )
+ ret = mbedtls_gcm_update(&ctx, rest_len,
+ ct_test_data[j * 6 + i] + 32,
+ buf + 32);
+ if (ret != 0) {
goto exit;
- }
- else
- {
- ret = mbedtls_gcm_update( &ctx, pt_len_test_data[i],
- ct_test_data[j * 6 + i],
- buf );
- if( ret != 0 )
+ }
+ } else {
+ ret = mbedtls_gcm_update(&ctx, pt_len_test_data[i],
+ ct_test_data[j * 6 + i],
+ buf);
+ if (ret != 0) {
goto exit;
+ }
}
- ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );
- if( ret != 0 )
+ ret = mbedtls_gcm_finish(&ctx, tag_buf, 16);
+ if (ret != 0) {
goto exit;
+ }
- if( memcmp( buf, pt_test_data[pt_index_test_data[i]],
- pt_len_test_data[i] ) != 0 ||
- memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
- {
+ if (memcmp(buf, pt_test_data[pt_index_test_data[i]],
+ pt_len_test_data[i]) != 0 ||
+ memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
ret = 1;
goto exit;
}
- mbedtls_gcm_free( &ctx );
+ mbedtls_gcm_free(&ctx);
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
ret = 0;
exit:
- if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
- mbedtls_gcm_free( &ctx );
+ if (ret != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
+ mbedtls_gcm_free(&ctx);
}
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
diff --git a/library/havege.c b/library/havege.c
index 2a360a1..c23cdad 100644
--- a/library/havege.c
+++ b/library/havege.c
@@ -49,10 +49,10 @@
* ------------------------------------------------------------------------
*/
-#define SWAP(X,Y) { uint32_t *T = (X); (X) = (Y); (Y) = T; }
+#define SWAP(X, Y) { uint32_t *T = (X); (X) = (Y); (Y) = T; }
-#define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
-#define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
+#define TST1_ENTER if (PTEST & 1) { PTEST ^= 3; PTEST >>= 1;
+#define TST2_ENTER if (PTEST & 1) { PTEST ^= 3; PTEST >>= 1;
#define TST1_LEAVE U1++; }
#define TST2_LEAVE U2++; }
@@ -69,14 +69,14 @@
TST1_LEAVE TST1_LEAVE TST1_LEAVE TST1_LEAVE \
TST1_LEAVE TST1_LEAVE TST1_LEAVE TST1_LEAVE \
\
- PTX = (PT1 >> 18) & 7; \
+ PTX = (PT1 >> 18) & 7; \
PT1 &= 0x1FFF; \
PT2 &= 0x1FFF; \
CLK = (uint32_t) mbedtls_timing_hardclock(); \
\
i = 0; \
- A = &WALK[PT1 ]; RES[i++] ^= *A; \
- B = &WALK[PT2 ]; RES[i++] ^= *B; \
+ A = &WALK[PT1]; RES[i++] ^= *A; \
+ B = &WALK[PT2]; RES[i++] ^= *B; \
C = &WALK[PT1 ^ 1]; RES[i++] ^= *C; \
D = &WALK[PT2 ^ 4]; RES[i++] ^= *D; \
\
@@ -91,7 +91,7 @@
C = &WALK[PT1 ^ 3]; RES[i++] ^= *C; \
D = &WALK[PT2 ^ 6]; RES[i++] ^= *D; \
\
- if( PTEST & 1 ) SWAP( A, C ); \
+ if (PTEST & 1) SWAP(A, C); \
\
IN = (*A >> (5)) ^ (*A << (27)) ^ CLK; \
*A = (*B >> (6)) ^ (*B << (26)) ^ CLK; \
@@ -116,7 +116,7 @@
TST2_LEAVE TST2_LEAVE TST2_LEAVE TST2_LEAVE \
TST2_LEAVE TST2_LEAVE TST2_LEAVE TST2_LEAVE \
\
- C = &WALK[PT1 ^ 5]; \
+ C = &WALK[PT1 ^ 5]; \
D = &WALK[PT2 ^ 5]; \
\
RES[i++] ^= *A; \
@@ -124,7 +124,7 @@
RES[i++] ^= *C; \
RES[i++] ^= *D; \
\
- IN = (*A >> ( 9)) ^ (*A << (23)) ^ CLK; \
+ IN = (*A >> (9)) ^ (*A << (23)) ^ CLK; \
*A = (*B >> (10)) ^ (*B << (22)) ^ CLK; \
*B = IN ^ U2; \
*C = (*C >> (11)) ^ (*C << (21)) ^ CLK; \
@@ -141,17 +141,17 @@
*C = (*C >> (15)) ^ (*C << (17)) ^ CLK; \
*D = (*D >> (16)) ^ (*D << (16)) ^ CLK; \
\
- PT1 = ( RES[( i - 8 ) ^ PTX] ^ \
- WALK[PT1 ^ PTX ^ 7] ) & (~1); \
+ PT1 = (RES[(i - 8) ^ PTX] ^ \
+ WALK[PT1 ^ PTX ^ 7]) & (~1); \
PT1 ^= (PT2 ^ 0x10) & 0x10; \
\
- for( n++, i = 0; i < 16; i++ ) \
- hs->pool[n % MBEDTLS_HAVEGE_COLLECT_SIZE] ^= RES[i];
+ for (n++, i = 0; i < 16; i++) \
+ hs->pool[n % MBEDTLS_HAVEGE_COLLECT_SIZE] ^= RES[i];
/*
* Entropy gathering function
*/
-static void havege_fill( mbedtls_havege_state *hs )
+static void havege_fill(mbedtls_havege_state *hs)
{
size_t n = 0;
size_t i;
@@ -166,16 +166,15 @@
PTX = U1 = 0;
PTY = U2 = 0;
- (void)PTX;
+ (void) PTX;
- memset( RES, 0, sizeof( RES ) );
+ memset(RES, 0, sizeof(RES));
- while( n < MBEDTLS_HAVEGE_COLLECT_SIZE * 4 )
- {
+ while (n < MBEDTLS_HAVEGE_COLLECT_SIZE * 4) {
ONE_ITERATION
ONE_ITERATION
ONE_ITERATION
- ONE_ITERATION
+ ONE_ITERATION
}
hs->PT1 = PT1;
@@ -188,50 +187,52 @@
/*
* HAVEGE initialization
*/
-void mbedtls_havege_init( mbedtls_havege_state *hs )
+void mbedtls_havege_init(mbedtls_havege_state *hs)
{
- memset( hs, 0, sizeof( mbedtls_havege_state ) );
+ memset(hs, 0, sizeof(mbedtls_havege_state));
- havege_fill( hs );
+ havege_fill(hs);
}
-void mbedtls_havege_free( mbedtls_havege_state *hs )
+void mbedtls_havege_free(mbedtls_havege_state *hs)
{
- if( hs == NULL )
+ if (hs == NULL) {
return;
+ }
- mbedtls_platform_zeroize( hs, sizeof( mbedtls_havege_state ) );
+ mbedtls_platform_zeroize(hs, sizeof(mbedtls_havege_state));
}
/*
* HAVEGE rand function
*/
-int mbedtls_havege_random( void *p_rng, unsigned char *buf, size_t len )
+int mbedtls_havege_random(void *p_rng, unsigned char *buf, size_t len)
{
uint32_t val;
size_t use_len;
mbedtls_havege_state *hs = (mbedtls_havege_state *) p_rng;
unsigned char *p = buf;
- while( len > 0 )
- {
+ while (len > 0) {
use_len = len;
- if( use_len > sizeof( val ) )
- use_len = sizeof( val );
+ if (use_len > sizeof(val)) {
+ use_len = sizeof(val);
+ }
- if( hs->offset[1] >= MBEDTLS_HAVEGE_COLLECT_SIZE )
- havege_fill( hs );
+ if (hs->offset[1] >= MBEDTLS_HAVEGE_COLLECT_SIZE) {
+ havege_fill(hs);
+ }
val = hs->pool[hs->offset[0]++];
val ^= hs->pool[hs->offset[1]++];
- memcpy( p, &val, use_len );
+ memcpy(p, &val, use_len);
len -= use_len;
p += use_len;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_HAVEGE_C */
diff --git a/library/hkdf.c b/library/hkdf.c
index 5013729..a3f071e 100644
--- a/library/hkdf.c
+++ b/library/hkdf.c
@@ -25,47 +25,43 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
-int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
- size_t salt_len, const unsigned char *ikm, size_t ikm_len,
- const unsigned char *info, size_t info_len,
- unsigned char *okm, size_t okm_len )
+int mbedtls_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt,
+ size_t salt_len, const unsigned char *ikm, size_t ikm_len,
+ const unsigned char *info, size_t info_len,
+ unsigned char *okm, size_t okm_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char prk[MBEDTLS_MD_MAX_SIZE];
- ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, prk );
+ ret = mbedtls_hkdf_extract(md, salt, salt_len, ikm, ikm_len, prk);
- if( ret == 0 )
- {
- ret = mbedtls_hkdf_expand( md, prk, mbedtls_md_get_size( md ),
- info, info_len, okm, okm_len );
+ if (ret == 0) {
+ ret = mbedtls_hkdf_expand(md, prk, mbedtls_md_get_size(md),
+ info, info_len, okm, okm_len);
}
- mbedtls_platform_zeroize( prk, sizeof( prk ) );
+ mbedtls_platform_zeroize(prk, sizeof(prk));
- return( ret );
+ return ret;
}
-int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
- const unsigned char *salt, size_t salt_len,
- const unsigned char *ikm, size_t ikm_len,
- unsigned char *prk )
+int mbedtls_hkdf_extract(const mbedtls_md_info_t *md,
+ const unsigned char *salt, size_t salt_len,
+ const unsigned char *ikm, size_t ikm_len,
+ unsigned char *prk)
{
unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' };
- if( salt == NULL )
- {
+ if (salt == NULL) {
size_t hash_len;
- if( salt_len != 0 )
- {
+ if (salt_len != 0) {
return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
}
- hash_len = mbedtls_md_get_size( md );
+ hash_len = mbedtls_md_get_size(md);
- if( hash_len == 0 )
- {
+ if (hash_len == 0) {
return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
}
@@ -73,12 +69,12 @@
salt_len = hash_len;
}
- return( mbedtls_md_hmac( md, salt, salt_len, ikm, ikm_len, prk ) );
+ return mbedtls_md_hmac(md, salt, salt_len, ikm, ikm_len, prk);
}
-int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
- size_t prk_len, const unsigned char *info,
- size_t info_len, unsigned char *okm, size_t okm_len )
+int mbedtls_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk,
+ size_t prk_len, const unsigned char *info,
+ size_t info_len, unsigned char *okm, size_t okm_len)
{
size_t hash_len;
size_t where = 0;
@@ -89,28 +85,24 @@
mbedtls_md_context_t ctx;
unsigned char t[MBEDTLS_MD_MAX_SIZE];
- if( okm == NULL )
- {
- return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );
+ if (okm == NULL) {
+ return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
}
- hash_len = mbedtls_md_get_size( md );
+ hash_len = mbedtls_md_get_size(md);
- if( prk_len < hash_len || hash_len == 0 )
- {
- return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );
+ if (prk_len < hash_len || hash_len == 0) {
+ return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
}
- if( info == NULL )
- {
+ if (info == NULL) {
info = (const unsigned char *) "";
info_len = 0;
}
n = okm_len / hash_len;
- if( okm_len % hash_len != 0 )
- {
+ if (okm_len % hash_len != 0) {
n++;
}
@@ -118,72 +110,64 @@
* Per RFC 5869 Section 2.3, okm_len must not exceed
* 255 times the hash length
*/
- if( n > 255 )
- {
- return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );
+ if (n > 255) {
+ return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
}
- mbedtls_md_init( &ctx );
+ mbedtls_md_init(&ctx);
- if( ( ret = mbedtls_md_setup( &ctx, md, 1 ) ) != 0 )
- {
+ if ((ret = mbedtls_md_setup(&ctx, md, 1)) != 0) {
goto exit;
}
- memset( t, 0, hash_len );
+ memset(t, 0, hash_len);
/*
* Compute T = T(1) | T(2) | T(3) | ... | T(N)
* Where T(N) is defined in RFC 5869 Section 2.3
*/
- for( i = 1; i <= n; i++ )
- {
+ for (i = 1; i <= n; i++) {
size_t num_to_copy;
unsigned char c = i & 0xff;
- ret = mbedtls_md_hmac_starts( &ctx, prk, prk_len );
- if( ret != 0 )
- {
+ ret = mbedtls_md_hmac_starts(&ctx, prk, prk_len);
+ if (ret != 0) {
goto exit;
}
- ret = mbedtls_md_hmac_update( &ctx, t, t_len );
- if( ret != 0 )
- {
+ ret = mbedtls_md_hmac_update(&ctx, t, t_len);
+ if (ret != 0) {
goto exit;
}
- ret = mbedtls_md_hmac_update( &ctx, info, info_len );
- if( ret != 0 )
- {
+ ret = mbedtls_md_hmac_update(&ctx, info, info_len);
+ if (ret != 0) {
goto exit;
}
/* The constant concatenated to the end of each T(n) is a single octet.
* */
- ret = mbedtls_md_hmac_update( &ctx, &c, 1 );
- if( ret != 0 )
- {
+ ret = mbedtls_md_hmac_update(&ctx, &c, 1);
+ if (ret != 0) {
goto exit;
}
- ret = mbedtls_md_hmac_finish( &ctx, t );
- if( ret != 0 )
- {
+ ret = mbedtls_md_hmac_finish(&ctx, t);
+ if (ret != 0) {
goto exit;
}
num_to_copy = i != n ? hash_len : okm_len - where;
- memcpy( okm + where, t, num_to_copy );
+ memcpy(okm + where, t, num_to_copy);
where += hash_len;
t_len = hash_len;
}
exit:
- mbedtls_md_free( &ctx );
- mbedtls_platform_zeroize( t, sizeof( t ) );
+ mbedtls_md_free(&ctx);
+ mbedtls_platform_zeroize(t, sizeof(t));
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_HKDF_C */
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index 69272fa..fabe002 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -42,9 +42,9 @@
/*
* HMAC_DRBG context initialization
*/
-void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx )
+void mbedtls_hmac_drbg_init(mbedtls_hmac_drbg_context *ctx)
{
- memset( ctx, 0, sizeof( mbedtls_hmac_drbg_context ) );
+ memset(ctx, 0, sizeof(mbedtls_hmac_drbg_context));
ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
}
@@ -52,74 +52,81 @@
/*
* HMAC_DRBG update, using optional additional data (10.1.2.2)
*/
-int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
- const unsigned char *additional,
- size_t add_len )
+int mbedtls_hmac_drbg_update_ret(mbedtls_hmac_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t add_len)
{
- size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info );
- unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1;
+ size_t md_len = mbedtls_md_get_size(ctx->md_ctx.md_info);
+ unsigned char rounds = (additional != NULL && add_len != 0) ? 2 : 1;
unsigned char sep[1];
unsigned char K[MBEDTLS_MD_MAX_SIZE];
int ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
- for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
- {
+ for (sep[0] = 0; sep[0] < rounds; sep[0]++) {
/* Step 1 or 4 */
- if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 )
- goto exit;
- if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
- ctx->V, md_len ) ) != 0 )
- goto exit;
- if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
- sep, 1 ) ) != 0 )
- goto exit;
- if( rounds == 2 )
- {
- if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
- additional, add_len ) ) != 0 )
+ if ((ret = mbedtls_md_hmac_reset(&ctx->md_ctx)) != 0) {
goto exit;
}
- if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, K ) ) != 0 )
+ if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
+ ctx->V, md_len)) != 0) {
goto exit;
+ }
+ if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
+ sep, 1)) != 0) {
+ goto exit;
+ }
+ if (rounds == 2) {
+ if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
+ additional, add_len)) != 0) {
+ goto exit;
+ }
+ }
+ if ((ret = mbedtls_md_hmac_finish(&ctx->md_ctx, K)) != 0) {
+ goto exit;
+ }
/* Step 2 or 5 */
- if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, K, md_len ) ) != 0 )
+ if ((ret = mbedtls_md_hmac_starts(&ctx->md_ctx, K, md_len)) != 0) {
goto exit;
- if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
- ctx->V, md_len ) ) != 0 )
+ }
+ if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
+ ctx->V, md_len)) != 0) {
goto exit;
- if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 )
+ }
+ if ((ret = mbedtls_md_hmac_finish(&ctx->md_ctx, ctx->V)) != 0) {
goto exit;
+ }
}
exit:
- mbedtls_platform_zeroize( K, sizeof( K ) );
- return( ret );
+ mbedtls_platform_zeroize(K, sizeof(K));
+ return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
- const unsigned char *additional,
- size_t add_len )
+void mbedtls_hmac_drbg_update(mbedtls_hmac_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t add_len)
{
- (void) mbedtls_hmac_drbg_update_ret( ctx, additional, add_len );
+ (void) mbedtls_hmac_drbg_update_ret(ctx, additional, add_len);
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/*
* Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA)
*/
-int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
- const mbedtls_md_info_t * md_info,
- const unsigned char *data, size_t data_len )
+int mbedtls_hmac_drbg_seed_buf(mbedtls_hmac_drbg_context *ctx,
+ const mbedtls_md_info_t *md_info,
+ const unsigned char *data, size_t data_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_md_setup(&ctx->md_ctx, md_info, 1)) != 0) {
+ return ret;
+ }
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &ctx->mutex );
+ mbedtls_mutex_init(&ctx->mutex);
#endif
/*
@@ -127,15 +134,17 @@
* Use the V memory location, which is currently all 0, to initialize the
* MD context with an all-zero key. Then set V to its initial value.
*/
- if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V,
- mbedtls_md_get_size( md_info ) ) ) != 0 )
- return( ret );
- memset( ctx->V, 0x01, mbedtls_md_get_size( md_info ) );
+ if ((ret = mbedtls_md_hmac_starts(&ctx->md_ctx, ctx->V,
+ mbedtls_md_get_size(md_info))) != 0) {
+ return ret;
+ }
+ memset(ctx->V, 0x01, mbedtls_md_get_size(md_info));
- if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, data, data_len ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_hmac_drbg_update_ret(ctx, data, data_len)) != 0) {
+ return ret;
+ }
- return( 0 );
+ return 0;
}
/*
@@ -143,9 +152,9 @@
* Comments starting with arabic numbers refer to section 10.1.2.4
* of SP800-90A, while roman numbers refer to section 9.2.
*/
-static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
- const unsigned char *additional, size_t len,
- int use_nonce )
+static int hmac_drbg_reseed_core(mbedtls_hmac_drbg_context *ctx,
+ const unsigned char *additional, size_t len,
+ int use_nonce)
{
unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT];
size_t seedlen = 0;
@@ -154,33 +163,31 @@
{
size_t total_entropy_len;
- if( use_nonce == 0 )
+ if (use_nonce == 0) {
total_entropy_len = ctx->entropy_len;
- else
+ } else {
total_entropy_len = ctx->entropy_len * 3 / 2;
+ }
/* III. Check input length */
- if( len > MBEDTLS_HMAC_DRBG_MAX_INPUT ||
- total_entropy_len + len > MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT )
- {
- return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
+ if (len > MBEDTLS_HMAC_DRBG_MAX_INPUT ||
+ total_entropy_len + len > MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT) {
+ return MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG;
}
}
- memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT );
+ memset(seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT);
/* IV. Gather entropy_len bytes of entropy for the seed */
- if( ( ret = ctx->f_entropy( ctx->p_entropy,
- seed, ctx->entropy_len ) ) != 0 )
- {
- return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED );
+ if ((ret = ctx->f_entropy(ctx->p_entropy,
+ seed, ctx->entropy_len)) != 0) {
+ return MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED;
}
seedlen += ctx->entropy_len;
/* For initial seeding, allow adding of nonce generated
* from the entropy source. See Sect 8.6.7 in SP800-90A. */
- if( use_nonce )
- {
+ if (use_nonce) {
/* Note: We don't merge the two calls to f_entropy() in order
* to avoid requesting too much entropy from f_entropy()
* at once. Specifically, if the underlying digest is not
@@ -188,11 +195,10 @@
* is larger than the maximum of 32 Bytes that our own
* entropy source implementation can emit in a single
* call in configurations disabling SHA-512. */
- if( ( ret = ctx->f_entropy( ctx->p_entropy,
- seed + seedlen,
- ctx->entropy_len / 2 ) ) != 0 )
- {
- return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED );
+ if ((ret = ctx->f_entropy(ctx->p_entropy,
+ seed + seedlen,
+ ctx->entropy_len / 2)) != 0) {
+ return MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED;
}
seedlen += ctx->entropy_len / 2;
@@ -200,32 +206,32 @@
/* 1. Concatenate entropy and additional data if any */
- if( additional != NULL && len != 0 )
- {
- memcpy( seed + seedlen, additional, len );
+ if (additional != NULL && len != 0) {
+ memcpy(seed + seedlen, additional, len);
seedlen += len;
}
/* 2. Update state */
- if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, seed, seedlen ) ) != 0 )
+ if ((ret = mbedtls_hmac_drbg_update_ret(ctx, seed, seedlen)) != 0) {
goto exit;
+ }
/* 3. Reset reseed_counter */
ctx->reseed_counter = 1;
exit:
/* 4. Done */
- mbedtls_platform_zeroize( seed, seedlen );
- return( ret );
+ mbedtls_platform_zeroize(seed, seedlen);
+ return ret;
}
/*
* HMAC_DRBG reseeding: 10.1.2.4 + 9.2
*/
-int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
- const unsigned char *additional, size_t len )
+int mbedtls_hmac_drbg_reseed(mbedtls_hmac_drbg_context *ctx,
+ const unsigned char *additional, size_t len)
{
- return( hmac_drbg_reseed_core( ctx, additional, len, 0 ) );
+ return hmac_drbg_reseed_core(ctx, additional, len, 0);
}
/*
@@ -234,40 +240,41 @@
* The nonce is not passed as a separate parameter but extracted
* from the entropy source as suggested in 8.6.7.
*/
-int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
- const mbedtls_md_info_t * md_info,
- int (*f_entropy)(void *, unsigned char *, size_t),
- void *p_entropy,
- const unsigned char *custom,
- size_t len )
+int mbedtls_hmac_drbg_seed(mbedtls_hmac_drbg_context *ctx,
+ const mbedtls_md_info_t *md_info,
+ int (*f_entropy)(void *, unsigned char *, size_t),
+ void *p_entropy,
+ const unsigned char *custom,
+ size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t md_size;
- if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_md_setup(&ctx->md_ctx, md_info, 1)) != 0) {
+ return ret;
+ }
/* The mutex is initialized iff the md context is set up. */
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &ctx->mutex );
+ mbedtls_mutex_init(&ctx->mutex);
#endif
- md_size = mbedtls_md_get_size( md_info );
+ md_size = mbedtls_md_get_size(md_info);
/*
* Set initial working state.
* Use the V memory location, which is currently all 0, to initialize the
* MD context with an all-zero key. Then set V to its initial value.
*/
- if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, md_size ) ) != 0 )
- return( ret );
- memset( ctx->V, 0x01, md_size );
+ if ((ret = mbedtls_md_hmac_starts(&ctx->md_ctx, ctx->V, md_size)) != 0) {
+ return ret;
+ }
+ memset(ctx->V, 0x01, md_size);
ctx->f_entropy = f_entropy;
ctx->p_entropy = p_entropy;
- if( ctx->entropy_len == 0 )
- {
+ if (ctx->entropy_len == 0) {
/*
* See SP800-57 5.6.1 (p. 65-66) for the security strength provided by
* each hash function, then according to SP800-90A rev1 10.1 table 2,
@@ -280,20 +287,19 @@
32; /* better (256+) -> 256 bits */
}
- if( ( ret = hmac_drbg_reseed_core( ctx, custom, len,
- 1 /* add nonce */ ) ) != 0 )
- {
- return( ret );
+ if ((ret = hmac_drbg_reseed_core(ctx, custom, len,
+ 1 /* add nonce */)) != 0) {
+ return ret;
}
- return( 0 );
+ return 0;
}
/*
* Set prediction resistance
*/
-void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
- int resistance )
+void mbedtls_hmac_drbg_set_prediction_resistance(mbedtls_hmac_drbg_context *ctx,
+ int resistance)
{
ctx->prediction_resistance = resistance;
}
@@ -301,7 +307,7 @@
/*
* Set entropy length grabbed for seeding
*/
-void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, size_t len )
+void mbedtls_hmac_drbg_set_entropy_len(mbedtls_hmac_drbg_context *ctx, size_t len)
{
ctx->entropy_len = len;
}
@@ -309,7 +315,7 @@
/*
* Set reseed interval
*/
-void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, int interval )
+void mbedtls_hmac_drbg_set_reseed_interval(mbedtls_hmac_drbg_context *ctx, int interval)
{
ctx->reseed_interval = interval;
}
@@ -318,131 +324,141 @@
* HMAC_DRBG random function with optional additional data:
* 10.1.2.5 (arabic) + 9.3 (Roman)
*/
-int mbedtls_hmac_drbg_random_with_add( void *p_rng,
- unsigned char *output, size_t out_len,
- const unsigned char *additional, size_t add_len )
+int mbedtls_hmac_drbg_random_with_add(void *p_rng,
+ unsigned char *output, size_t out_len,
+ const unsigned char *additional, size_t add_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;
- size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info );
+ size_t md_len = mbedtls_md_get_size(ctx->md_ctx.md_info);
size_t left = out_len;
unsigned char *out = output;
/* II. Check request length */
- if( out_len > MBEDTLS_HMAC_DRBG_MAX_REQUEST )
- return( MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG );
+ if (out_len > MBEDTLS_HMAC_DRBG_MAX_REQUEST) {
+ return MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG;
+ }
/* III. Check input length */
- if( add_len > MBEDTLS_HMAC_DRBG_MAX_INPUT )
- return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
+ if (add_len > MBEDTLS_HMAC_DRBG_MAX_INPUT) {
+ return MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG;
+ }
/* 1. (aka VII and IX) Check reseed counter and PR */
- if( ctx->f_entropy != NULL && /* For no-reseeding instances */
- ( ctx->prediction_resistance == MBEDTLS_HMAC_DRBG_PR_ON ||
- ctx->reseed_counter > ctx->reseed_interval ) )
- {
- if( ( ret = mbedtls_hmac_drbg_reseed( ctx, additional, add_len ) ) != 0 )
- return( ret );
+ if (ctx->f_entropy != NULL && /* For no-reseeding instances */
+ (ctx->prediction_resistance == MBEDTLS_HMAC_DRBG_PR_ON ||
+ ctx->reseed_counter > ctx->reseed_interval)) {
+ if ((ret = mbedtls_hmac_drbg_reseed(ctx, additional, add_len)) != 0) {
+ return ret;
+ }
add_len = 0; /* VII.4 */
}
/* 2. Use additional data if any */
- if( additional != NULL && add_len != 0 )
- {
- if( ( ret = mbedtls_hmac_drbg_update_ret( ctx,
- additional, add_len ) ) != 0 )
+ if (additional != NULL && add_len != 0) {
+ if ((ret = mbedtls_hmac_drbg_update_ret(ctx,
+ additional, add_len)) != 0) {
goto exit;
+ }
}
/* 3, 4, 5. Generate bytes */
- while( left != 0 )
- {
+ while (left != 0) {
size_t use_len = left > md_len ? md_len : left;
- if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 )
+ if ((ret = mbedtls_md_hmac_reset(&ctx->md_ctx)) != 0) {
goto exit;
- if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
- ctx->V, md_len ) ) != 0 )
+ }
+ if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
+ ctx->V, md_len)) != 0) {
goto exit;
- if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 )
+ }
+ if ((ret = mbedtls_md_hmac_finish(&ctx->md_ctx, ctx->V)) != 0) {
goto exit;
+ }
- memcpy( out, ctx->V, use_len );
+ memcpy(out, ctx->V, use_len);
out += use_len;
left -= use_len;
}
/* 6. Update */
- if( ( ret = mbedtls_hmac_drbg_update_ret( ctx,
- additional, add_len ) ) != 0 )
+ if ((ret = mbedtls_hmac_drbg_update_ret(ctx,
+ additional, add_len)) != 0) {
goto exit;
+ }
/* 7. Update reseed counter */
ctx->reseed_counter++;
exit:
/* 8. Done */
- return( ret );
+ return ret;
}
/*
* HMAC_DRBG random function
*/
-int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len )
+int mbedtls_hmac_drbg_random(void *p_rng, unsigned char *output, size_t out_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+ return ret;
+ }
#endif
- ret = mbedtls_hmac_drbg_random_with_add( ctx, output, out_len, NULL, 0 );
+ ret = mbedtls_hmac_drbg_random_with_add(ctx, output, out_len, NULL, 0);
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
- return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+ if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+ return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+ }
#endif
- return( ret );
+ return ret;
}
/*
* This function resets HMAC_DRBG context to the state immediately
* after initial call of mbedtls_hmac_drbg_init().
*/
-void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx )
+void mbedtls_hmac_drbg_free(mbedtls_hmac_drbg_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
#if defined(MBEDTLS_THREADING_C)
/* The mutex is initialized iff the md context is set up. */
- if( ctx->md_ctx.md_info != NULL )
- mbedtls_mutex_free( &ctx->mutex );
+ if (ctx->md_ctx.md_info != NULL) {
+ mbedtls_mutex_free(&ctx->mutex);
+ }
#endif
- mbedtls_md_free( &ctx->md_ctx );
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) );
+ mbedtls_md_free(&ctx->md_ctx);
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_hmac_drbg_context));
ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
}
#if defined(MBEDTLS_FS_IO)
-int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
+int mbedtls_hmac_drbg_write_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
FILE *f;
- unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
+ unsigned char buf[MBEDTLS_HMAC_DRBG_MAX_INPUT];
- if( ( f = fopen( path, "wb" ) ) == NULL )
- return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );
+ if ((f = fopen(path, "wb")) == NULL) {
+ return MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
+ }
- if( ( ret = mbedtls_hmac_drbg_random( ctx, buf, sizeof( buf ) ) ) != 0 )
+ if ((ret = mbedtls_hmac_drbg_random(ctx, buf, sizeof(buf))) != 0) {
goto exit;
+ }
- if( fwrite( buf, 1, sizeof( buf ), f ) != sizeof( buf ) )
- {
+ if (fwrite(buf, 1, sizeof(buf), f) != sizeof(buf)) {
ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
goto exit;
}
@@ -450,46 +466,47 @@
ret = 0;
exit:
- fclose( f );
- mbedtls_platform_zeroize( buf, sizeof( buf ) );
+ fclose(f);
+ mbedtls_platform_zeroize(buf, sizeof(buf));
- return( ret );
+ return ret;
}
-int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
+int mbedtls_hmac_drbg_update_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path)
{
int ret = 0;
FILE *f = NULL;
size_t n;
- unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
+ unsigned char buf[MBEDTLS_HMAC_DRBG_MAX_INPUT];
unsigned char c;
- if( ( f = fopen( path, "rb" ) ) == NULL )
- return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );
+ if ((f = fopen(path, "rb")) == NULL) {
+ return MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
+ }
- n = fread( buf, 1, sizeof( buf ), f );
- if( fread( &c, 1, 1, f ) != 0 )
- {
+ n = fread(buf, 1, sizeof(buf), f);
+ if (fread(&c, 1, 1, f) != 0) {
ret = MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG;
goto exit;
}
- if( n == 0 || ferror( f ) )
- {
+ if (n == 0 || ferror(f)) {
ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
goto exit;
}
- fclose( f );
+ fclose(f);
f = NULL;
- ret = mbedtls_hmac_drbg_update_ret( ctx, buf, n );
+ ret = mbedtls_hmac_drbg_update_ret(ctx, buf, n);
exit:
- mbedtls_platform_zeroize( buf, sizeof( buf ) );
- if( f != NULL )
- fclose( f );
- if( ret != 0 )
- return( ret );
- return( mbedtls_hmac_drbg_write_seed_file( ctx, path ) );
+ mbedtls_platform_zeroize(buf, sizeof(buf));
+ if (f != NULL) {
+ fclose(f);
+ }
+ if (ret != 0) {
+ return ret;
+ }
+ return mbedtls_hmac_drbg_write_seed_file(ctx, path);
}
#endif /* MBEDTLS_FS_IO */
@@ -498,10 +515,10 @@
#if !defined(MBEDTLS_SHA1_C)
/* Dummy checkup routine */
-int mbedtls_hmac_drbg_self_test( int verbose )
+int mbedtls_hmac_drbg_self_test(int verbose)
{
(void) verbose;
- return( 0 );
+ return 0;
}
#else
@@ -513,7 +530,8 @@
0xf7, 0x3e, 0x9c, 0x5b, 0x64, 0xef, 0xd8, 0xca, 0x02, 0x8c, 0xf8, 0x11,
0x48, 0xa5, 0x84, 0xfe, 0x69, 0xab, 0x5a, 0xee, 0x42, 0xaa, 0x4d, 0x42,
0x17, 0x60, 0x99, 0xd4, 0x5e, 0x13, 0x97, 0xdc, 0x40, 0x4d, 0x86, 0xa3,
- 0x7b, 0xf5, 0x59, 0x54, 0x75, 0x69, 0x51, 0xe4 };
+ 0x7b, 0xf5, 0x59, 0x54, 0x75, 0x69, 0x51, 0xe4
+};
static const unsigned char result_pr[OUTPUT_LEN] = {
0x9a, 0x00, 0xa2, 0xd0, 0x0e, 0xd5, 0x9b, 0xfe, 0x31, 0xec, 0xb1, 0x39,
0x9b, 0x60, 0x81, 0x48, 0xd1, 0x96, 0x9d, 0x25, 0x0d, 0x3c, 0x1e, 0x94,
@@ -521,14 +539,16 @@
0x73, 0x19, 0x70, 0xc0, 0x10, 0x7a, 0xa4, 0x89, 0x25, 0x19, 0x95, 0x5e,
0x4b, 0xc6, 0x00, 0x1d, 0x7f, 0x4e, 0x6a, 0x2b, 0xf8, 0xa3, 0x01, 0xab,
0x46, 0x05, 0x5c, 0x09, 0xa6, 0x71, 0x88, 0xf1, 0xa7, 0x40, 0xee, 0xf3,
- 0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 };
+ 0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44
+};
/* From a NIST PR=false test vector */
static const unsigned char entropy_nopr[] = {
0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, 0x86, 0x66,
0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, 0xbf, 0x8c, 0x35, 0xc8,
0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3,
- 0xe9, 0x9d, 0xfe, 0xdf };
+ 0xe9, 0x9d, 0xfe, 0xdf
+};
static const unsigned char result_nopr[OUTPUT_LEN] = {
0xc6, 0xa1, 0x6a, 0xb8, 0xd4, 0x20, 0x70, 0x6f, 0x0f, 0x34, 0xab, 0x7f,
0xec, 0x5a, 0xdc, 0xa9, 0xd8, 0xca, 0x3a, 0x13, 0x3e, 0x15, 0x9c, 0xa6,
@@ -536,85 +556,91 @@
0xff, 0xb1, 0x0d, 0x71, 0x94, 0xf1, 0xc1, 0xa5, 0xcf, 0x73, 0x22, 0xec,
0x1a, 0xe0, 0x96, 0x4e, 0xd4, 0xbf, 0x12, 0x27, 0x46, 0xe0, 0x87, 0xfd,
0xb5, 0xb3, 0xe9, 0x1b, 0x34, 0x93, 0xd5, 0xbb, 0x98, 0xfa, 0xed, 0x49,
- 0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7 };
+ 0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7
+};
/* "Entropy" from buffer */
static size_t test_offset;
-static int hmac_drbg_self_test_entropy( void *data,
- unsigned char *buf, size_t len )
+static int hmac_drbg_self_test_entropy(void *data,
+ unsigned char *buf, size_t len)
{
const unsigned char *p = data;
- memcpy( buf, p + test_offset, len );
+ memcpy(buf, p + test_offset, len);
test_offset += len;
- return( 0 );
+ return 0;
}
-#define CHK( c ) if( (c) != 0 ) \
- { \
- if( verbose != 0 ) \
- mbedtls_printf( "failed\n" ); \
- return( 1 ); \
- }
+#define CHK(c) if ((c) != 0) \
+ { \
+ if (verbose != 0) \
+ mbedtls_printf("failed\n"); \
+ return 1; \
+ }
/*
* Checkup routine for HMAC_DRBG with SHA-1
*/
-int mbedtls_hmac_drbg_self_test( int verbose )
+int mbedtls_hmac_drbg_self_test(int verbose)
{
mbedtls_hmac_drbg_context ctx;
unsigned char buf[OUTPUT_LEN];
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
- mbedtls_hmac_drbg_init( &ctx );
+ mbedtls_hmac_drbg_init(&ctx);
/*
* PR = True
*/
- if( verbose != 0 )
- mbedtls_printf( " HMAC_DRBG (PR = True) : " );
+ if (verbose != 0) {
+ mbedtls_printf(" HMAC_DRBG (PR = True) : ");
+ }
test_offset = 0;
- CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
- hmac_drbg_self_test_entropy, (void *) entropy_pr,
- NULL, 0 ) );
- mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON );
- CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
- CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
- CHK( memcmp( buf, result_pr, OUTPUT_LEN ) );
- mbedtls_hmac_drbg_free( &ctx );
+ CHK(mbedtls_hmac_drbg_seed(&ctx, md_info,
+ hmac_drbg_self_test_entropy, (void *) entropy_pr,
+ NULL, 0));
+ mbedtls_hmac_drbg_set_prediction_resistance(&ctx, MBEDTLS_HMAC_DRBG_PR_ON);
+ CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN));
+ CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN));
+ CHK(memcmp(buf, result_pr, OUTPUT_LEN));
+ mbedtls_hmac_drbg_free(&ctx);
- mbedtls_hmac_drbg_free( &ctx );
+ mbedtls_hmac_drbg_free(&ctx);
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
/*
* PR = False
*/
- if( verbose != 0 )
- mbedtls_printf( " HMAC_DRBG (PR = False) : " );
+ if (verbose != 0) {
+ mbedtls_printf(" HMAC_DRBG (PR = False) : ");
+ }
- mbedtls_hmac_drbg_init( &ctx );
+ mbedtls_hmac_drbg_init(&ctx);
test_offset = 0;
- CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
- hmac_drbg_self_test_entropy, (void *) entropy_nopr,
- NULL, 0 ) );
- CHK( mbedtls_hmac_drbg_reseed( &ctx, NULL, 0 ) );
- CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
- CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
- CHK( memcmp( buf, result_nopr, OUTPUT_LEN ) );
- mbedtls_hmac_drbg_free( &ctx );
+ CHK(mbedtls_hmac_drbg_seed(&ctx, md_info,
+ hmac_drbg_self_test_entropy, (void *) entropy_nopr,
+ NULL, 0));
+ CHK(mbedtls_hmac_drbg_reseed(&ctx, NULL, 0));
+ CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN));
+ CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN));
+ CHK(memcmp(buf, result_nopr, OUTPUT_LEN));
+ mbedtls_hmac_drbg_free(&ctx);
- mbedtls_hmac_drbg_free( &ctx );
+ mbedtls_hmac_drbg_free(&ctx);
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SHA1_C */
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/md.c b/library/md.c
index 53a84b0..1e24ee4 100644
--- a/library/md.c
+++ b/library/md.c
@@ -131,174 +131,182 @@
static const int supported_digests[] = {
#if defined(MBEDTLS_SHA512_C)
- MBEDTLS_MD_SHA512,
+ MBEDTLS_MD_SHA512,
#if !defined(MBEDTLS_SHA512_NO_SHA384)
- MBEDTLS_MD_SHA384,
+ MBEDTLS_MD_SHA384,
#endif
#endif
#if defined(MBEDTLS_SHA256_C)
- MBEDTLS_MD_SHA256,
- MBEDTLS_MD_SHA224,
+ MBEDTLS_MD_SHA256,
+ MBEDTLS_MD_SHA224,
#endif
#if defined(MBEDTLS_SHA1_C)
- MBEDTLS_MD_SHA1,
+ MBEDTLS_MD_SHA1,
#endif
#if defined(MBEDTLS_RIPEMD160_C)
- MBEDTLS_MD_RIPEMD160,
+ MBEDTLS_MD_RIPEMD160,
#endif
#if defined(MBEDTLS_MD5_C)
- MBEDTLS_MD_MD5,
+ MBEDTLS_MD_MD5,
#endif
#if defined(MBEDTLS_MD4_C)
- MBEDTLS_MD_MD4,
+ MBEDTLS_MD_MD4,
#endif
#if defined(MBEDTLS_MD2_C)
- MBEDTLS_MD_MD2,
+ MBEDTLS_MD_MD2,
#endif
- MBEDTLS_MD_NONE
+ MBEDTLS_MD_NONE
};
-const int *mbedtls_md_list( void )
+const int *mbedtls_md_list(void)
{
- return( supported_digests );
+ return supported_digests;
}
-const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name )
+const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name)
{
- if( NULL == md_name )
- return( NULL );
+ if (NULL == md_name) {
+ return NULL;
+ }
/* Get the appropriate digest information */
#if defined(MBEDTLS_MD2_C)
- if( !strcmp( "MD2", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_MD2 );
+ if (!strcmp("MD2", md_name)) {
+ return mbedtls_md_info_from_type(MBEDTLS_MD_MD2);
+ }
#endif
#if defined(MBEDTLS_MD4_C)
- if( !strcmp( "MD4", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_MD4 );
+ if (!strcmp("MD4", md_name)) {
+ return mbedtls_md_info_from_type(MBEDTLS_MD_MD4);
+ }
#endif
#if defined(MBEDTLS_MD5_C)
- if( !strcmp( "MD5", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_MD5 );
+ if (!strcmp("MD5", md_name)) {
+ return mbedtls_md_info_from_type(MBEDTLS_MD_MD5);
+ }
#endif
#if defined(MBEDTLS_RIPEMD160_C)
- if( !strcmp( "RIPEMD160", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_RIPEMD160 );
+ if (!strcmp("RIPEMD160", md_name)) {
+ return mbedtls_md_info_from_type(MBEDTLS_MD_RIPEMD160);
+ }
#endif
#if defined(MBEDTLS_SHA1_C)
- if( !strcmp( "SHA1", md_name ) || !strcmp( "SHA", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
+ if (!strcmp("SHA1", md_name) || !strcmp("SHA", md_name)) {
+ return mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
+ }
#endif
#if defined(MBEDTLS_SHA256_C)
- if( !strcmp( "SHA224", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_SHA224 );
- if( !strcmp( "SHA256", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 );
+ if (!strcmp("SHA224", md_name)) {
+ return mbedtls_md_info_from_type(MBEDTLS_MD_SHA224);
+ }
+ if (!strcmp("SHA256", md_name)) {
+ return mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
+ }
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
- if( !strcmp( "SHA384", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_SHA384 );
+ if (!strcmp("SHA384", md_name)) {
+ return mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
+ }
#endif
- if( !strcmp( "SHA512", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 );
+ if (!strcmp("SHA512", md_name)) {
+ return mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
+ }
#endif
- return( NULL );
+ return NULL;
}
-const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type )
+const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type)
{
- switch( md_type )
- {
+ switch (md_type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
- return( &mbedtls_md2_info );
+ return &mbedtls_md2_info;
#endif
#if defined(MBEDTLS_MD4_C)
case MBEDTLS_MD_MD4:
- return( &mbedtls_md4_info );
+ return &mbedtls_md4_info;
#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- return( &mbedtls_md5_info );
+ return &mbedtls_md5_info;
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
- return( &mbedtls_ripemd160_info );
+ return &mbedtls_ripemd160_info;
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- return( &mbedtls_sha1_info );
+ return &mbedtls_sha1_info;
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA224:
- return( &mbedtls_sha224_info );
+ return &mbedtls_sha224_info;
case MBEDTLS_MD_SHA256:
- return( &mbedtls_sha256_info );
+ return &mbedtls_sha256_info;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
- return( &mbedtls_sha384_info );
+ return &mbedtls_sha384_info;
#endif
case MBEDTLS_MD_SHA512:
- return( &mbedtls_sha512_info );
+ return &mbedtls_sha512_info;
#endif
default:
- return( NULL );
+ return NULL;
}
}
-void mbedtls_md_init( mbedtls_md_context_t *ctx )
+void mbedtls_md_init(mbedtls_md_context_t *ctx)
{
- memset( ctx, 0, sizeof( mbedtls_md_context_t ) );
+ memset(ctx, 0, sizeof(mbedtls_md_context_t));
}
-void mbedtls_md_free( mbedtls_md_context_t *ctx )
+void mbedtls_md_free(mbedtls_md_context_t *ctx)
{
- if( ctx == NULL || ctx->md_info == NULL )
+ if (ctx == NULL || ctx->md_info == NULL) {
return;
+ }
- if( ctx->md_ctx != NULL )
- {
- switch( ctx->md_info->type )
- {
+ if (ctx->md_ctx != NULL) {
+ switch (ctx->md_info->type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
- mbedtls_md2_free( ctx->md_ctx );
+ mbedtls_md2_free(ctx->md_ctx);
break;
#endif
#if defined(MBEDTLS_MD4_C)
case MBEDTLS_MD_MD4:
- mbedtls_md4_free( ctx->md_ctx );
+ mbedtls_md4_free(ctx->md_ctx);
break;
#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- mbedtls_md5_free( ctx->md_ctx );
+ mbedtls_md5_free(ctx->md_ctx);
break;
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
- mbedtls_ripemd160_free( ctx->md_ctx );
+ mbedtls_ripemd160_free(ctx->md_ctx);
break;
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- mbedtls_sha1_free( ctx->md_ctx );
+ mbedtls_sha1_free(ctx->md_ctx);
break;
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA224:
case MBEDTLS_MD_SHA256:
- mbedtls_sha256_free( ctx->md_ctx );
+ mbedtls_sha256_free(ctx->md_ctx);
break;
#endif
#if defined(MBEDTLS_SHA512_C)
@@ -306,67 +314,64 @@
case MBEDTLS_MD_SHA384:
#endif
case MBEDTLS_MD_SHA512:
- mbedtls_sha512_free( ctx->md_ctx );
+ mbedtls_sha512_free(ctx->md_ctx);
break;
#endif
default:
/* Shouldn't happen */
break;
}
- mbedtls_free( ctx->md_ctx );
+ mbedtls_free(ctx->md_ctx);
}
- if( ctx->hmac_ctx != NULL )
- {
- mbedtls_platform_zeroize( ctx->hmac_ctx,
- 2 * ctx->md_info->block_size );
- mbedtls_free( ctx->hmac_ctx );
+ if (ctx->hmac_ctx != NULL) {
+ mbedtls_platform_zeroize(ctx->hmac_ctx,
+ 2 * ctx->md_info->block_size);
+ mbedtls_free(ctx->hmac_ctx);
}
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md_context_t));
}
-int mbedtls_md_clone( mbedtls_md_context_t *dst,
- const mbedtls_md_context_t *src )
+int mbedtls_md_clone(mbedtls_md_context_t *dst,
+ const mbedtls_md_context_t *src)
{
- if( dst == NULL || dst->md_info == NULL ||
+ if (dst == NULL || dst->md_info == NULL ||
src == NULL || src->md_info == NULL ||
- dst->md_info != src->md_info )
- {
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ dst->md_info != src->md_info) {
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
- switch( src->md_info->type )
- {
+ switch (src->md_info->type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
- mbedtls_md2_clone( dst->md_ctx, src->md_ctx );
+ mbedtls_md2_clone(dst->md_ctx, src->md_ctx);
break;
#endif
#if defined(MBEDTLS_MD4_C)
case MBEDTLS_MD_MD4:
- mbedtls_md4_clone( dst->md_ctx, src->md_ctx );
+ mbedtls_md4_clone(dst->md_ctx, src->md_ctx);
break;
#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- mbedtls_md5_clone( dst->md_ctx, src->md_ctx );
+ mbedtls_md5_clone(dst->md_ctx, src->md_ctx);
break;
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
- mbedtls_ripemd160_clone( dst->md_ctx, src->md_ctx );
+ mbedtls_ripemd160_clone(dst->md_ctx, src->md_ctx);
break;
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- mbedtls_sha1_clone( dst->md_ctx, src->md_ctx );
+ mbedtls_sha1_clone(dst->md_ctx, src->md_ctx);
break;
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA224:
case MBEDTLS_MD_SHA256:
- mbedtls_sha256_clone( dst->md_ctx, src->md_ctx );
+ mbedtls_sha256_clone(dst->md_ctx, src->md_ctx);
break;
#endif
#if defined(MBEDTLS_SHA512_C)
@@ -374,72 +379,72 @@
case MBEDTLS_MD_SHA384:
#endif
case MBEDTLS_MD_SHA512:
- mbedtls_sha512_clone( dst->md_ctx, src->md_ctx );
+ mbedtls_sha512_clone(dst->md_ctx, src->md_ctx);
break;
#endif
default:
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
- return( 0 );
+ return 0;
}
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info )
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+int mbedtls_md_init_ctx(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info)
{
- return mbedtls_md_setup( ctx, md_info, 1 );
+ return mbedtls_md_setup(ctx, md_info, 1);
}
#endif
-#define ALLOC( type ) \
+#define ALLOC(type) \
do { \
- ctx->md_ctx = mbedtls_calloc( 1, sizeof( mbedtls_##type##_context ) ); \
- if( ctx->md_ctx == NULL ) \
- return( MBEDTLS_ERR_MD_ALLOC_FAILED ); \
- mbedtls_##type##_init( ctx->md_ctx ); \
+ ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \
+ if (ctx->md_ctx == NULL) \
+ return MBEDTLS_ERR_MD_ALLOC_FAILED; \
+ mbedtls_##type##_init(ctx->md_ctx); \
} \
- while( 0 )
+ while (0)
-int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac )
+int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac)
{
- if( md_info == NULL || ctx == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ if (md_info == NULL || ctx == NULL) {
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+ }
ctx->md_info = md_info;
ctx->md_ctx = NULL;
ctx->hmac_ctx = NULL;
- switch( md_info->type )
- {
+ switch (md_info->type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
- ALLOC( md2 );
+ ALLOC(md2);
break;
#endif
#if defined(MBEDTLS_MD4_C)
case MBEDTLS_MD_MD4:
- ALLOC( md4 );
+ ALLOC(md4);
break;
#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- ALLOC( md5 );
+ ALLOC(md5);
break;
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
- ALLOC( ripemd160 );
+ ALLOC(ripemd160);
break;
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- ALLOC( sha1 );
+ ALLOC(sha1);
break;
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA224:
case MBEDTLS_MD_SHA256:
- ALLOC( sha256 );
+ ALLOC(sha256);
break;
#endif
#if defined(MBEDTLS_SHA512_C)
@@ -447,210 +452,208 @@
case MBEDTLS_MD_SHA384:
#endif
case MBEDTLS_MD_SHA512:
- ALLOC( sha512 );
+ ALLOC(sha512);
break;
#endif
default:
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
- if( hmac != 0 )
- {
- ctx->hmac_ctx = mbedtls_calloc( 2, md_info->block_size );
- if( ctx->hmac_ctx == NULL )
- {
- mbedtls_md_free( ctx );
- return( MBEDTLS_ERR_MD_ALLOC_FAILED );
+ if (hmac != 0) {
+ ctx->hmac_ctx = mbedtls_calloc(2, md_info->block_size);
+ if (ctx->hmac_ctx == NULL) {
+ mbedtls_md_free(ctx);
+ return MBEDTLS_ERR_MD_ALLOC_FAILED;
}
}
- return( 0 );
+ return 0;
}
#undef ALLOC
-int mbedtls_md_starts( mbedtls_md_context_t *ctx )
+int mbedtls_md_starts(mbedtls_md_context_t *ctx)
{
- if( ctx == NULL || ctx->md_info == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ if (ctx == NULL || ctx->md_info == NULL) {
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+ }
- switch( ctx->md_info->type )
- {
+ switch (ctx->md_info->type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
- return( mbedtls_md2_starts_ret( ctx->md_ctx ) );
+ return mbedtls_md2_starts_ret(ctx->md_ctx);
#endif
#if defined(MBEDTLS_MD4_C)
case MBEDTLS_MD_MD4:
- return( mbedtls_md4_starts_ret( ctx->md_ctx ) );
+ return mbedtls_md4_starts_ret(ctx->md_ctx);
#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- return( mbedtls_md5_starts_ret( ctx->md_ctx ) );
+ return mbedtls_md5_starts_ret(ctx->md_ctx);
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
- return( mbedtls_ripemd160_starts_ret( ctx->md_ctx ) );
+ return mbedtls_ripemd160_starts_ret(ctx->md_ctx);
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- return( mbedtls_sha1_starts_ret( ctx->md_ctx ) );
+ return mbedtls_sha1_starts_ret(ctx->md_ctx);
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA224:
- return( mbedtls_sha256_starts_ret( ctx->md_ctx, 1 ) );
+ return mbedtls_sha256_starts_ret(ctx->md_ctx, 1);
case MBEDTLS_MD_SHA256:
- return( mbedtls_sha256_starts_ret( ctx->md_ctx, 0 ) );
+ return mbedtls_sha256_starts_ret(ctx->md_ctx, 0);
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
- return( mbedtls_sha512_starts_ret( ctx->md_ctx, 1 ) );
+ return mbedtls_sha512_starts_ret(ctx->md_ctx, 1);
#endif
case MBEDTLS_MD_SHA512:
- return( mbedtls_sha512_starts_ret( ctx->md_ctx, 0 ) );
+ return mbedtls_sha512_starts_ret(ctx->md_ctx, 0);
#endif
default:
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
}
-int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
+int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
{
- if( ctx == NULL || ctx->md_info == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ if (ctx == NULL || ctx->md_info == NULL) {
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+ }
- switch( ctx->md_info->type )
- {
+ switch (ctx->md_info->type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
- return( mbedtls_md2_update_ret( ctx->md_ctx, input, ilen ) );
+ return mbedtls_md2_update_ret(ctx->md_ctx, input, ilen);
#endif
#if defined(MBEDTLS_MD4_C)
case MBEDTLS_MD_MD4:
- return( mbedtls_md4_update_ret( ctx->md_ctx, input, ilen ) );
+ return mbedtls_md4_update_ret(ctx->md_ctx, input, ilen);
#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- return( mbedtls_md5_update_ret( ctx->md_ctx, input, ilen ) );
+ return mbedtls_md5_update_ret(ctx->md_ctx, input, ilen);
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
- return( mbedtls_ripemd160_update_ret( ctx->md_ctx, input, ilen ) );
+ return mbedtls_ripemd160_update_ret(ctx->md_ctx, input, ilen);
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- return( mbedtls_sha1_update_ret( ctx->md_ctx, input, ilen ) );
+ return mbedtls_sha1_update_ret(ctx->md_ctx, input, ilen);
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA224:
case MBEDTLS_MD_SHA256:
- return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) );
+ return mbedtls_sha256_update_ret(ctx->md_ctx, input, ilen);
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
#endif
case MBEDTLS_MD_SHA512:
- return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) );
+ return mbedtls_sha512_update_ret(ctx->md_ctx, input, ilen);
#endif
default:
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
}
-int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
+int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output)
{
- if( ctx == NULL || ctx->md_info == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ if (ctx == NULL || ctx->md_info == NULL) {
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+ }
- switch( ctx->md_info->type )
- {
+ switch (ctx->md_info->type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
- return( mbedtls_md2_finish_ret( ctx->md_ctx, output ) );
+ return mbedtls_md2_finish_ret(ctx->md_ctx, output);
#endif
#if defined(MBEDTLS_MD4_C)
case MBEDTLS_MD_MD4:
- return( mbedtls_md4_finish_ret( ctx->md_ctx, output ) );
+ return mbedtls_md4_finish_ret(ctx->md_ctx, output);
#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- return( mbedtls_md5_finish_ret( ctx->md_ctx, output ) );
+ return mbedtls_md5_finish_ret(ctx->md_ctx, output);
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
- return( mbedtls_ripemd160_finish_ret( ctx->md_ctx, output ) );
+ return mbedtls_ripemd160_finish_ret(ctx->md_ctx, output);
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- return( mbedtls_sha1_finish_ret( ctx->md_ctx, output ) );
+ return mbedtls_sha1_finish_ret(ctx->md_ctx, output);
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA224:
case MBEDTLS_MD_SHA256:
- return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) );
+ return mbedtls_sha256_finish_ret(ctx->md_ctx, output);
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
#endif
case MBEDTLS_MD_SHA512:
- return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) );
+ return mbedtls_sha512_finish_ret(ctx->md_ctx, output);
#endif
default:
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
}
-int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
- unsigned char *output )
+int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
+ unsigned char *output)
{
- if( md_info == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ if (md_info == NULL) {
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+ }
- switch( md_info->type )
- {
+ switch (md_info->type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
- return( mbedtls_md2_ret( input, ilen, output ) );
+ return mbedtls_md2_ret(input, ilen, output);
#endif
#if defined(MBEDTLS_MD4_C)
case MBEDTLS_MD_MD4:
- return( mbedtls_md4_ret( input, ilen, output ) );
+ return mbedtls_md4_ret(input, ilen, output);
#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- return( mbedtls_md5_ret( input, ilen, output ) );
+ return mbedtls_md5_ret(input, ilen, output);
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
- return( mbedtls_ripemd160_ret( input, ilen, output ) );
+ return mbedtls_ripemd160_ret(input, ilen, output);
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- return( mbedtls_sha1_ret( input, ilen, output ) );
+ return mbedtls_sha1_ret(input, ilen, output);
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA224:
- return( mbedtls_sha256_ret( input, ilen, output, 1 ) );
+ return mbedtls_sha256_ret(input, ilen, output, 1);
case MBEDTLS_MD_SHA256:
- return( mbedtls_sha256_ret( input, ilen, output, 0 ) );
+ return mbedtls_sha256_ret(input, ilen, output, 0);
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
- return( mbedtls_sha512_ret( input, ilen, output, 1 ) );
+ return mbedtls_sha512_ret(input, ilen, output, 1);
#endif
case MBEDTLS_MD_SHA512:
- return( mbedtls_sha512_ret( input, ilen, output, 0 ) );
+ return mbedtls_sha512_ret(input, ilen, output, 0);
#endif
default:
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
}
#if defined(MBEDTLS_FS_IO)
-int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output )
+int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
FILE *f;
@@ -658,56 +661,66 @@
mbedtls_md_context_t ctx;
unsigned char buf[1024];
- if( md_info == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ if (md_info == NULL) {
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+ }
- if( ( f = fopen( path, "rb" ) ) == NULL )
- return( MBEDTLS_ERR_MD_FILE_IO_ERROR );
+ if ((f = fopen(path, "rb")) == NULL) {
+ return MBEDTLS_ERR_MD_FILE_IO_ERROR;
+ }
- mbedtls_md_init( &ctx );
+ mbedtls_md_init(&ctx);
- if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 )
+ if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) {
goto cleanup;
+ }
- if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 )
+ if ((ret = mbedtls_md_starts(&ctx)) != 0) {
goto cleanup;
+ }
- while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
- if( ( ret = mbedtls_md_update( &ctx, buf, n ) ) != 0 )
+ while ((n = fread(buf, 1, sizeof(buf), f)) > 0) {
+ if ((ret = mbedtls_md_update(&ctx, buf, n)) != 0) {
goto cleanup;
+ }
+ }
- if( ferror( f ) != 0 )
+ if (ferror(f) != 0) {
ret = MBEDTLS_ERR_MD_FILE_IO_ERROR;
- else
- ret = mbedtls_md_finish( &ctx, output );
+ } else {
+ ret = mbedtls_md_finish(&ctx, output);
+ }
cleanup:
- mbedtls_platform_zeroize( buf, sizeof( buf ) );
- fclose( f );
- mbedtls_md_free( &ctx );
+ mbedtls_platform_zeroize(buf, sizeof(buf));
+ fclose(f);
+ mbedtls_md_free(&ctx);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_FS_IO */
-int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen )
+int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char sum[MBEDTLS_MD_MAX_SIZE];
unsigned char *ipad, *opad;
size_t i;
- if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+ }
- if( keylen > (size_t) ctx->md_info->block_size )
- {
- if( ( ret = mbedtls_md_starts( ctx ) ) != 0 )
+ if (keylen > (size_t) ctx->md_info->block_size) {
+ if ((ret = mbedtls_md_starts(ctx)) != 0) {
goto cleanup;
- if( ( ret = mbedtls_md_update( ctx, key, keylen ) ) != 0 )
+ }
+ if ((ret = mbedtls_md_update(ctx, key, keylen)) != 0) {
goto cleanup;
- if( ( ret = mbedtls_md_finish( ctx, sum ) ) != 0 )
+ }
+ if ((ret = mbedtls_md_finish(ctx, sum)) != 0) {
goto cleanup;
+ }
keylen = ctx->md_info->size;
key = sum;
@@ -716,167 +729,184 @@
ipad = (unsigned char *) ctx->hmac_ctx;
opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
- memset( ipad, 0x36, ctx->md_info->block_size );
- memset( opad, 0x5C, ctx->md_info->block_size );
+ memset(ipad, 0x36, ctx->md_info->block_size);
+ memset(opad, 0x5C, ctx->md_info->block_size);
- for( i = 0; i < keylen; i++ )
- {
- ipad[i] = (unsigned char)( ipad[i] ^ key[i] );
- opad[i] = (unsigned char)( opad[i] ^ key[i] );
+ for (i = 0; i < keylen; i++) {
+ ipad[i] = (unsigned char) (ipad[i] ^ key[i]);
+ opad[i] = (unsigned char) (opad[i] ^ key[i]);
}
- if( ( ret = mbedtls_md_starts( ctx ) ) != 0 )
+ if ((ret = mbedtls_md_starts(ctx)) != 0) {
goto cleanup;
- if( ( ret = mbedtls_md_update( ctx, ipad,
- ctx->md_info->block_size ) ) != 0 )
+ }
+ if ((ret = mbedtls_md_update(ctx, ipad,
+ ctx->md_info->block_size)) != 0) {
goto cleanup;
+ }
cleanup:
- mbedtls_platform_zeroize( sum, sizeof( sum ) );
+ mbedtls_platform_zeroize(sum, sizeof(sum));
- return( ret );
+ return ret;
}
-int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
+int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
{
- if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+ }
- return( mbedtls_md_update( ctx, input, ilen ) );
+ return mbedtls_md_update(ctx, input, ilen);
}
-int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output )
+int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
unsigned char *opad;
- if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+ }
opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
- if( ( ret = mbedtls_md_finish( ctx, tmp ) ) != 0 )
- return( ret );
- if( ( ret = mbedtls_md_starts( ctx ) ) != 0 )
- return( ret );
- if( ( ret = mbedtls_md_update( ctx, opad,
- ctx->md_info->block_size ) ) != 0 )
- return( ret );
- if( ( ret = mbedtls_md_update( ctx, tmp,
- ctx->md_info->size ) ) != 0 )
- return( ret );
- return( mbedtls_md_finish( ctx, output ) );
+ if ((ret = mbedtls_md_finish(ctx, tmp)) != 0) {
+ return ret;
+ }
+ if ((ret = mbedtls_md_starts(ctx)) != 0) {
+ return ret;
+ }
+ if ((ret = mbedtls_md_update(ctx, opad,
+ ctx->md_info->block_size)) != 0) {
+ return ret;
+ }
+ if ((ret = mbedtls_md_update(ctx, tmp,
+ ctx->md_info->size)) != 0) {
+ return ret;
+ }
+ return mbedtls_md_finish(ctx, output);
}
-int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx )
+int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *ipad;
- if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+ }
ipad = (unsigned char *) ctx->hmac_ctx;
- if( ( ret = mbedtls_md_starts( ctx ) ) != 0 )
- return( ret );
- return( mbedtls_md_update( ctx, ipad, ctx->md_info->block_size ) );
+ if ((ret = mbedtls_md_starts(ctx)) != 0) {
+ return ret;
+ }
+ return mbedtls_md_update(ctx, ipad, ctx->md_info->block_size);
}
-int mbedtls_md_hmac( const mbedtls_md_info_t *md_info,
- const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char *output )
+int mbedtls_md_hmac(const mbedtls_md_info_t *md_info,
+ const unsigned char *key, size_t keylen,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output)
{
mbedtls_md_context_t ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( md_info == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ if (md_info == NULL) {
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+ }
- mbedtls_md_init( &ctx );
+ mbedtls_md_init(&ctx);
- if( ( ret = mbedtls_md_setup( &ctx, md_info, 1 ) ) != 0 )
+ if ((ret = mbedtls_md_setup(&ctx, md_info, 1)) != 0) {
goto cleanup;
+ }
- if( ( ret = mbedtls_md_hmac_starts( &ctx, key, keylen ) ) != 0 )
+ if ((ret = mbedtls_md_hmac_starts(&ctx, key, keylen)) != 0) {
goto cleanup;
- if( ( ret = mbedtls_md_hmac_update( &ctx, input, ilen ) ) != 0 )
+ }
+ if ((ret = mbedtls_md_hmac_update(&ctx, input, ilen)) != 0) {
goto cleanup;
- if( ( ret = mbedtls_md_hmac_finish( &ctx, output ) ) != 0 )
+ }
+ if ((ret = mbedtls_md_hmac_finish(&ctx, output)) != 0) {
goto cleanup;
+ }
cleanup:
- mbedtls_md_free( &ctx );
+ mbedtls_md_free(&ctx);
- return( ret );
+ return ret;
}
-int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
+int mbedtls_md_process(mbedtls_md_context_t *ctx, const unsigned char *data)
{
- if( ctx == NULL || ctx->md_info == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ if (ctx == NULL || ctx->md_info == NULL) {
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+ }
- switch( ctx->md_info->type )
- {
+ switch (ctx->md_info->type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
- return( mbedtls_internal_md2_process( ctx->md_ctx ) );
+ return mbedtls_internal_md2_process(ctx->md_ctx);
#endif
#if defined(MBEDTLS_MD4_C)
case MBEDTLS_MD_MD4:
- return( mbedtls_internal_md4_process( ctx->md_ctx, data ) );
+ return mbedtls_internal_md4_process(ctx->md_ctx, data);
#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- return( mbedtls_internal_md5_process( ctx->md_ctx, data ) );
+ return mbedtls_internal_md5_process(ctx->md_ctx, data);
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
- return( mbedtls_internal_ripemd160_process( ctx->md_ctx, data ) );
+ return mbedtls_internal_ripemd160_process(ctx->md_ctx, data);
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- return( mbedtls_internal_sha1_process( ctx->md_ctx, data ) );
+ return mbedtls_internal_sha1_process(ctx->md_ctx, data);
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA224:
case MBEDTLS_MD_SHA256:
- return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) );
+ return mbedtls_internal_sha256_process(ctx->md_ctx, data);
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
#endif
case MBEDTLS_MD_SHA512:
- return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) );
+ return mbedtls_internal_sha512_process(ctx->md_ctx, data);
#endif
default:
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
}
-unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info )
+unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
{
- if( md_info == NULL )
- return( 0 );
+ if (md_info == NULL) {
+ return 0;
+ }
return md_info->size;
}
-mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info )
+mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info)
{
- if( md_info == NULL )
- return( MBEDTLS_MD_NONE );
+ if (md_info == NULL) {
+ return MBEDTLS_MD_NONE;
+ }
return md_info->type;
}
-const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info )
+const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info)
{
- if( md_info == NULL )
- return( NULL );
+ if (md_info == NULL) {
+ return NULL;
+ }
return md_info->name;
}
diff --git a/library/md2.c b/library/md2.c
index f8293a1..f009498 100644
--- a/library/md2.c
+++ b/library/md2.c
@@ -67,21 +67,22 @@
0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14
};
-void mbedtls_md2_init( mbedtls_md2_context *ctx )
+void mbedtls_md2_init(mbedtls_md2_context *ctx)
{
- memset( ctx, 0, sizeof( mbedtls_md2_context ) );
+ memset(ctx, 0, sizeof(mbedtls_md2_context));
}
-void mbedtls_md2_free( mbedtls_md2_context *ctx )
+void mbedtls_md2_free(mbedtls_md2_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md2_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md2_context));
}
-void mbedtls_md2_clone( mbedtls_md2_context *dst,
- const mbedtls_md2_context *src )
+void mbedtls_md2_clone(mbedtls_md2_context *dst,
+ const mbedtls_md2_context *src)
{
*dst = *src;
}
@@ -89,67 +90,63 @@
/*
* MD2 context setup
*/
-int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx )
+int mbedtls_md2_starts_ret(mbedtls_md2_context *ctx)
{
- memset( ctx->cksum, 0, 16 );
- memset( ctx->state, 0, 46 );
- memset( ctx->buffer, 0, 16 );
+ memset(ctx->cksum, 0, 16);
+ memset(ctx->state, 0, 46);
+ memset(ctx->buffer, 0, 16);
ctx->left = 0;
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2_starts( mbedtls_md2_context *ctx )
+void mbedtls_md2_starts(mbedtls_md2_context *ctx)
{
- mbedtls_md2_starts_ret( ctx );
+ mbedtls_md2_starts_ret(ctx);
}
#endif
#if !defined(MBEDTLS_MD2_PROCESS_ALT)
-int mbedtls_internal_md2_process( mbedtls_md2_context *ctx )
+int mbedtls_internal_md2_process(mbedtls_md2_context *ctx)
{
int i, j;
unsigned char t = 0;
- for( i = 0; i < 16; i++ )
- {
+ for (i = 0; i < 16; i++) {
ctx->state[i + 16] = ctx->buffer[i];
ctx->state[i + 32] =
- (unsigned char)( ctx->buffer[i] ^ ctx->state[i]);
+ (unsigned char) (ctx->buffer[i] ^ ctx->state[i]);
}
- for( i = 0; i < 18; i++ )
- {
- for( j = 0; j < 48; j++ )
- {
+ for (i = 0; i < 18; i++) {
+ for (j = 0; j < 48; j++) {
ctx->state[j] = (unsigned char)
- ( ctx->state[j] ^ PI_SUBST[t] );
+ (ctx->state[j] ^ PI_SUBST[t]);
t = ctx->state[j];
}
- t = (unsigned char)( t + i );
+ t = (unsigned char) (t + i);
}
t = ctx->cksum[15];
- for( i = 0; i < 16; i++ )
- {
+ for (i = 0; i < 16; i++) {
ctx->cksum[i] = (unsigned char)
- ( ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t] );
+ (ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t]);
t = ctx->cksum[i];
}
/* Zeroise variables to clear sensitive data from memory. */
- mbedtls_platform_zeroize( &t, sizeof( t ) );
+ mbedtls_platform_zeroize(&t, sizeof(t));
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2_process( mbedtls_md2_context *ctx )
+void mbedtls_md2_process(mbedtls_md2_context *ctx)
{
- mbedtls_internal_md2_process( ctx );
+ mbedtls_internal_md2_process(ctx);
}
#endif
#endif /* !MBEDTLS_MD2_PROCESS_ALT */
@@ -157,78 +154,81 @@
/*
* MD2 process buffer
*/
-int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
- const unsigned char *input,
- size_t ilen )
+int mbedtls_md2_update_ret(mbedtls_md2_context *ctx,
+ const unsigned char *input,
+ size_t ilen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t fill;
- while( ilen > 0 )
- {
- if( ilen > 16 - ctx->left )
+ while (ilen > 0) {
+ if (ilen > 16 - ctx->left) {
fill = 16 - ctx->left;
- else
+ } else {
fill = ilen;
+ }
- memcpy( ctx->buffer + ctx->left, input, fill );
+ memcpy(ctx->buffer + ctx->left, input, fill);
ctx->left += fill;
input += fill;
ilen -= fill;
- if( ctx->left == 16 )
- {
+ if (ctx->left == 16) {
ctx->left = 0;
- if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_internal_md2_process(ctx)) != 0) {
+ return ret;
+ }
}
}
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2_update( mbedtls_md2_context *ctx,
- const unsigned char *input,
- size_t ilen )
+void mbedtls_md2_update(mbedtls_md2_context *ctx,
+ const unsigned char *input,
+ size_t ilen)
{
- mbedtls_md2_update_ret( ctx, input, ilen );
+ mbedtls_md2_update_ret(ctx, input, ilen);
}
#endif
/*
* MD2 final digest
*/
-int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
- unsigned char output[16] )
+int mbedtls_md2_finish_ret(mbedtls_md2_context *ctx,
+ unsigned char output[16])
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
unsigned char x;
- x = (unsigned char)( 16 - ctx->left );
+ x = (unsigned char) (16 - ctx->left);
- for( i = ctx->left; i < 16; i++ )
+ for (i = ctx->left; i < 16; i++) {
ctx->buffer[i] = x;
+ }
- if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_internal_md2_process(ctx)) != 0) {
+ return ret;
+ }
- memcpy( ctx->buffer, ctx->cksum, 16 );
- if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )
- return( ret );
+ memcpy(ctx->buffer, ctx->cksum, 16);
+ if ((ret = mbedtls_internal_md2_process(ctx)) != 0) {
+ return ret;
+ }
- memcpy( output, ctx->state, 16 );
+ memcpy(output, ctx->state, 16);
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2_finish( mbedtls_md2_context *ctx,
- unsigned char output[16] )
+void mbedtls_md2_finish(mbedtls_md2_context *ctx,
+ unsigned char output[16])
{
- mbedtls_md2_finish_ret( ctx, output );
+ mbedtls_md2_finish_ret(ctx, output);
}
#endif
@@ -237,36 +237,39 @@
/*
* output = MD2( input buffer )
*/
-int mbedtls_md2_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] )
+int mbedtls_md2_ret(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16])
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md2_context ctx;
- mbedtls_md2_init( &ctx );
+ mbedtls_md2_init(&ctx);
- if( ( ret = mbedtls_md2_starts_ret( &ctx ) ) != 0 )
+ if ((ret = mbedtls_md2_starts_ret(&ctx)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_md2_update_ret( &ctx, input, ilen ) ) != 0 )
+ if ((ret = mbedtls_md2_update_ret(&ctx, input, ilen)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_md2_finish_ret( &ctx, output ) ) != 0 )
+ if ((ret = mbedtls_md2_finish_ret(&ctx, output)) != 0) {
goto exit;
+ }
exit:
- mbedtls_md2_free( &ctx );
+ mbedtls_md2_free(&ctx);
- return( ret );
+ return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] )
+void mbedtls_md2(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16])
{
- mbedtls_md2_ret( input, ilen, output );
+ mbedtls_md2_ret(input, ilen, output);
}
#endif
@@ -312,40 +315,43 @@
/*
* Checkup routine
*/
-int mbedtls_md2_self_test( int verbose )
+int mbedtls_md2_self_test(int verbose)
{
int i, ret = 0;
unsigned char md2sum[16];
- for( i = 0; i < 7; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " MD2 test #%d: ", i + 1 );
+ for (i = 0; i < 7; i++) {
+ if (verbose != 0) {
+ mbedtls_printf(" MD2 test #%d: ", i + 1);
+ }
- ret = mbedtls_md2_ret( md2_test_str[i], md2_test_strlen[i], md2sum );
- if( ret != 0 )
+ ret = mbedtls_md2_ret(md2_test_str[i], md2_test_strlen[i], md2sum);
+ if (ret != 0) {
goto fail;
+ }
- if( memcmp( md2sum, md2_test_sum[i], 16 ) != 0 )
- {
+ if (memcmp(md2sum, md2_test_sum[i], 16) != 0) {
ret = 1;
goto fail;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
- return( 0 );
+ return 0;
fail:
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/md4.c b/library/md4.c
index a412213..163afb1 100644
--- a/library/md4.c
+++ b/library/md4.c
@@ -37,21 +37,22 @@
#if !defined(MBEDTLS_MD4_ALT)
-void mbedtls_md4_init( mbedtls_md4_context *ctx )
+void mbedtls_md4_init(mbedtls_md4_context *ctx)
{
- memset( ctx, 0, sizeof( mbedtls_md4_context ) );
+ memset(ctx, 0, sizeof(mbedtls_md4_context));
}
-void mbedtls_md4_free( mbedtls_md4_context *ctx )
+void mbedtls_md4_free(mbedtls_md4_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md4_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md4_context));
}
-void mbedtls_md4_clone( mbedtls_md4_context *dst,
- const mbedtls_md4_context *src )
+void mbedtls_md4_clone(mbedtls_md4_context *dst,
+ const mbedtls_md4_context *src)
{
*dst = *src;
}
@@ -59,7 +60,7 @@
/*
* MD4 context setup
*/
-int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx )
+int mbedtls_md4_starts_ret(mbedtls_md4_context *ctx)
{
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -69,43 +70,42 @@
ctx->state[2] = 0x98BADCFE;
ctx->state[3] = 0x10325476;
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4_starts( mbedtls_md4_context *ctx )
+void mbedtls_md4_starts(mbedtls_md4_context *ctx)
{
- mbedtls_md4_starts_ret( ctx );
+ mbedtls_md4_starts_ret(ctx);
}
#endif
#if !defined(MBEDTLS_MD4_PROCESS_ALT)
-int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
- const unsigned char data[64] )
+int mbedtls_internal_md4_process(mbedtls_md4_context *ctx,
+ const unsigned char data[64])
{
- struct
- {
+ struct {
uint32_t X[16], A, B, C, D;
} local;
- local.X[ 0] = MBEDTLS_GET_UINT32_LE( data, 0 );
- local.X[ 1] = MBEDTLS_GET_UINT32_LE( data, 4 );
- local.X[ 2] = MBEDTLS_GET_UINT32_LE( data, 8 );
- local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 );
- local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 );
- local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 );
- local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 );
- local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 );
- local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 );
- local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 );
- local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 );
- local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 );
- local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 );
- local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 );
- local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 );
- local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 );
+ local.X[0] = MBEDTLS_GET_UINT32_LE(data, 0);
+ local.X[1] = MBEDTLS_GET_UINT32_LE(data, 4);
+ local.X[2] = MBEDTLS_GET_UINT32_LE(data, 8);
+ local.X[3] = MBEDTLS_GET_UINT32_LE(data, 12);
+ local.X[4] = MBEDTLS_GET_UINT32_LE(data, 16);
+ local.X[5] = MBEDTLS_GET_UINT32_LE(data, 20);
+ local.X[6] = MBEDTLS_GET_UINT32_LE(data, 24);
+ local.X[7] = MBEDTLS_GET_UINT32_LE(data, 28);
+ local.X[8] = MBEDTLS_GET_UINT32_LE(data, 32);
+ local.X[9] = MBEDTLS_GET_UINT32_LE(data, 36);
+ local.X[10] = MBEDTLS_GET_UINT32_LE(data, 40);
+ local.X[11] = MBEDTLS_GET_UINT32_LE(data, 44);
+ local.X[12] = MBEDTLS_GET_UINT32_LE(data, 48);
+ local.X[13] = MBEDTLS_GET_UINT32_LE(data, 52);
+ local.X[14] = MBEDTLS_GET_UINT32_LE(data, 56);
+ local.X[15] = MBEDTLS_GET_UINT32_LE(data, 60);
-#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
+#define S(x, n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
local.A = ctx->state[0];
local.B = ctx->state[1];
@@ -113,86 +113,86 @@
local.D = ctx->state[3];
#define F(x, y, z) (((x) & (y)) | ((~(x)) & (z)))
-#define P(a,b,c,d,x,s) \
+#define P(a, b, c, d, x, s) \
do \
{ \
- (a) += F((b),(c),(d)) + (x); \
- (a) = S((a),(s)); \
- } while( 0 )
+ (a) += F((b), (c), (d)) + (x); \
+ (a) = S((a), (s)); \
+ } while (0)
- P( local.A, local.B, local.C, local.D, local.X[ 0], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 1], 7 );
- P( local.C, local.D, local.A, local.B, local.X[ 2], 11 );
- P( local.B, local.C, local.D, local.A, local.X[ 3], 19 );
- P( local.A, local.B, local.C, local.D, local.X[ 4], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 5], 7 );
- P( local.C, local.D, local.A, local.B, local.X[ 6], 11 );
- P( local.B, local.C, local.D, local.A, local.X[ 7], 19 );
- P( local.A, local.B, local.C, local.D, local.X[ 8], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 9], 7 );
- P( local.C, local.D, local.A, local.B, local.X[10], 11 );
- P( local.B, local.C, local.D, local.A, local.X[11], 19 );
- P( local.A, local.B, local.C, local.D, local.X[12], 3 );
- P( local.D, local.A, local.B, local.C, local.X[13], 7 );
- P( local.C, local.D, local.A, local.B, local.X[14], 11 );
- P( local.B, local.C, local.D, local.A, local.X[15], 19 );
+ P(local.A, local.B, local.C, local.D, local.X[0], 3);
+ P(local.D, local.A, local.B, local.C, local.X[1], 7);
+ P(local.C, local.D, local.A, local.B, local.X[2], 11);
+ P(local.B, local.C, local.D, local.A, local.X[3], 19);
+ P(local.A, local.B, local.C, local.D, local.X[4], 3);
+ P(local.D, local.A, local.B, local.C, local.X[5], 7);
+ P(local.C, local.D, local.A, local.B, local.X[6], 11);
+ P(local.B, local.C, local.D, local.A, local.X[7], 19);
+ P(local.A, local.B, local.C, local.D, local.X[8], 3);
+ P(local.D, local.A, local.B, local.C, local.X[9], 7);
+ P(local.C, local.D, local.A, local.B, local.X[10], 11);
+ P(local.B, local.C, local.D, local.A, local.X[11], 19);
+ P(local.A, local.B, local.C, local.D, local.X[12], 3);
+ P(local.D, local.A, local.B, local.C, local.X[13], 7);
+ P(local.C, local.D, local.A, local.B, local.X[14], 11);
+ P(local.B, local.C, local.D, local.A, local.X[15], 19);
#undef P
#undef F
-#define F(x,y,z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
-#define P(a,b,c,d,x,s) \
+#define F(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+#define P(a, b, c, d, x, s) \
do \
{ \
- (a) += F((b),(c),(d)) + (x) + 0x5A827999; \
- (a) = S((a),(s)); \
- } while( 0 )
+ (a) += F((b), (c), (d)) + (x) + 0x5A827999; \
+ (a) = S((a), (s)); \
+ } while (0)
- P( local.A, local.B, local.C, local.D, local.X[ 0], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 4], 5 );
- P( local.C, local.D, local.A, local.B, local.X[ 8], 9 );
- P( local.B, local.C, local.D, local.A, local.X[12], 13 );
- P( local.A, local.B, local.C, local.D, local.X[ 1], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 5], 5 );
- P( local.C, local.D, local.A, local.B, local.X[ 9], 9 );
- P( local.B, local.C, local.D, local.A, local.X[13], 13 );
- P( local.A, local.B, local.C, local.D, local.X[ 2], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 6], 5 );
- P( local.C, local.D, local.A, local.B, local.X[10], 9 );
- P( local.B, local.C, local.D, local.A, local.X[14], 13 );
- P( local.A, local.B, local.C, local.D, local.X[ 3], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 7], 5 );
- P( local.C, local.D, local.A, local.B, local.X[11], 9 );
- P( local.B, local.C, local.D, local.A, local.X[15], 13 );
+ P(local.A, local.B, local.C, local.D, local.X[0], 3);
+ P(local.D, local.A, local.B, local.C, local.X[4], 5);
+ P(local.C, local.D, local.A, local.B, local.X[8], 9);
+ P(local.B, local.C, local.D, local.A, local.X[12], 13);
+ P(local.A, local.B, local.C, local.D, local.X[1], 3);
+ P(local.D, local.A, local.B, local.C, local.X[5], 5);
+ P(local.C, local.D, local.A, local.B, local.X[9], 9);
+ P(local.B, local.C, local.D, local.A, local.X[13], 13);
+ P(local.A, local.B, local.C, local.D, local.X[2], 3);
+ P(local.D, local.A, local.B, local.C, local.X[6], 5);
+ P(local.C, local.D, local.A, local.B, local.X[10], 9);
+ P(local.B, local.C, local.D, local.A, local.X[14], 13);
+ P(local.A, local.B, local.C, local.D, local.X[3], 3);
+ P(local.D, local.A, local.B, local.C, local.X[7], 5);
+ P(local.C, local.D, local.A, local.B, local.X[11], 9);
+ P(local.B, local.C, local.D, local.A, local.X[15], 13);
#undef P
#undef F
-#define F(x,y,z) ((x) ^ (y) ^ (z))
-#define P(a,b,c,d,x,s) \
+#define F(x, y, z) ((x) ^ (y) ^ (z))
+#define P(a, b, c, d, x, s) \
do \
{ \
- (a) += F((b),(c),(d)) + (x) + 0x6ED9EBA1; \
- (a) = S((a),(s)); \
- } while( 0 )
+ (a) += F((b), (c), (d)) + (x) + 0x6ED9EBA1; \
+ (a) = S((a), (s)); \
+ } while (0)
- P( local.A, local.B, local.C, local.D, local.X[ 0], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 8], 9 );
- P( local.C, local.D, local.A, local.B, local.X[ 4], 11 );
- P( local.B, local.C, local.D, local.A, local.X[12], 15 );
- P( local.A, local.B, local.C, local.D, local.X[ 2], 3 );
- P( local.D, local.A, local.B, local.C, local.X[10], 9 );
- P( local.C, local.D, local.A, local.B, local.X[ 6], 11 );
- P( local.B, local.C, local.D, local.A, local.X[14], 15 );
- P( local.A, local.B, local.C, local.D, local.X[ 1], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 9], 9 );
- P( local.C, local.D, local.A, local.B, local.X[ 5], 11 );
- P( local.B, local.C, local.D, local.A, local.X[13], 15 );
- P( local.A, local.B, local.C, local.D, local.X[ 3], 3 );
- P( local.D, local.A, local.B, local.C, local.X[11], 9 );
- P( local.C, local.D, local.A, local.B, local.X[ 7], 11 );
- P( local.B, local.C, local.D, local.A, local.X[15], 15 );
+ P(local.A, local.B, local.C, local.D, local.X[0], 3);
+ P(local.D, local.A, local.B, local.C, local.X[8], 9);
+ P(local.C, local.D, local.A, local.B, local.X[4], 11);
+ P(local.B, local.C, local.D, local.A, local.X[12], 15);
+ P(local.A, local.B, local.C, local.D, local.X[2], 3);
+ P(local.D, local.A, local.B, local.C, local.X[10], 9);
+ P(local.C, local.D, local.A, local.B, local.X[6], 11);
+ P(local.B, local.C, local.D, local.A, local.X[14], 15);
+ P(local.A, local.B, local.C, local.D, local.X[1], 3);
+ P(local.D, local.A, local.B, local.C, local.X[9], 9);
+ P(local.C, local.D, local.A, local.B, local.X[5], 11);
+ P(local.B, local.C, local.D, local.A, local.X[13], 15);
+ P(local.A, local.B, local.C, local.D, local.X[3], 3);
+ P(local.D, local.A, local.B, local.C, local.X[11], 9);
+ P(local.C, local.D, local.A, local.B, local.X[7], 11);
+ P(local.B, local.C, local.D, local.A, local.X[15], 15);
#undef F
#undef P
@@ -203,16 +203,16 @@
ctx->state[3] += local.D;
/* Zeroise variables to clear sensitive data from memory. */
- mbedtls_platform_zeroize( &local, sizeof( local ) );
+ mbedtls_platform_zeroize(&local, sizeof(local));
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4_process( mbedtls_md4_context *ctx,
- const unsigned char data[64] )
+void mbedtls_md4_process(mbedtls_md4_context *ctx,
+ const unsigned char data[64])
{
- mbedtls_internal_md4_process( ctx, data );
+ mbedtls_internal_md4_process(ctx, data);
}
#endif
#endif /* !MBEDTLS_MD4_PROCESS_ALT */
@@ -220,16 +220,17 @@
/*
* MD4 process buffer
*/
-int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
- const unsigned char *input,
- size_t ilen )
+int mbedtls_md4_update_ret(mbedtls_md4_context *ctx,
+ const unsigned char *input,
+ size_t ilen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t fill;
uint32_t left;
- if( ilen == 0 )
- return( 0 );
+ if (ilen == 0) {
+ return 0;
+ }
left = ctx->total[0] & 0x3F;
fill = 64 - left;
@@ -237,52 +238,52 @@
ctx->total[0] += (uint32_t) ilen;
ctx->total[0] &= 0xFFFFFFFF;
- if( ctx->total[0] < (uint32_t) ilen )
+ if (ctx->total[0] < (uint32_t) ilen) {
ctx->total[1]++;
+ }
- if( left && ilen >= fill )
- {
- memcpy( (void *) (ctx->buffer + left),
- (void *) input, fill );
+ if (left && ilen >= fill) {
+ memcpy((void *) (ctx->buffer + left),
+ (void *) input, fill);
- if( ( ret = mbedtls_internal_md4_process( ctx, ctx->buffer ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_internal_md4_process(ctx, ctx->buffer)) != 0) {
+ return ret;
+ }
input += fill;
ilen -= fill;
left = 0;
}
- while( ilen >= 64 )
- {
- if( ( ret = mbedtls_internal_md4_process( ctx, input ) ) != 0 )
- return( ret );
+ while (ilen >= 64) {
+ if ((ret = mbedtls_internal_md4_process(ctx, input)) != 0) {
+ return ret;
+ }
input += 64;
ilen -= 64;
}
- if( ilen > 0 )
- {
- memcpy( (void *) (ctx->buffer + left),
- (void *) input, ilen );
+ if (ilen > 0) {
+ memcpy((void *) (ctx->buffer + left),
+ (void *) input, ilen);
}
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4_update( mbedtls_md4_context *ctx,
- const unsigned char *input,
- size_t ilen )
+void mbedtls_md4_update(mbedtls_md4_context *ctx,
+ const unsigned char *input,
+ size_t ilen)
{
- mbedtls_md4_update_ret( ctx, input, ilen );
+ mbedtls_md4_update_ret(ctx, input, ilen);
}
#endif
static const unsigned char md4_padding[64] =
{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
@@ -291,45 +292,47 @@
/*
* MD4 final digest
*/
-int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
- unsigned char output[16] )
+int mbedtls_md4_finish_ret(mbedtls_md4_context *ctx,
+ unsigned char output[16])
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
uint32_t last, padn;
uint32_t high, low;
unsigned char msglen[8];
- high = ( ctx->total[0] >> 29 )
- | ( ctx->total[1] << 3 );
- low = ( ctx->total[0] << 3 );
+ high = (ctx->total[0] >> 29)
+ | (ctx->total[1] << 3);
+ low = (ctx->total[0] << 3);
- MBEDTLS_PUT_UINT32_LE( low, msglen, 0 );
- MBEDTLS_PUT_UINT32_LE( high, msglen, 4 );
+ MBEDTLS_PUT_UINT32_LE(low, msglen, 0);
+ MBEDTLS_PUT_UINT32_LE(high, msglen, 4);
last = ctx->total[0] & 0x3F;
- padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
+ padn = (last < 56) ? (56 - last) : (120 - last);
- ret = mbedtls_md4_update_ret( ctx, (unsigned char *)md4_padding, padn );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_md4_update_ret(ctx, (unsigned char *) md4_padding, padn);
+ if (ret != 0) {
+ return ret;
+ }
- if( ( ret = mbedtls_md4_update_ret( ctx, msglen, 8 ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_md4_update_ret(ctx, msglen, 8)) != 0) {
+ return ret;
+ }
- MBEDTLS_PUT_UINT32_LE( ctx->state[0], output, 0 );
- MBEDTLS_PUT_UINT32_LE( ctx->state[1], output, 4 );
- MBEDTLS_PUT_UINT32_LE( ctx->state[2], output, 8 );
- MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 );
+ MBEDTLS_PUT_UINT32_LE(ctx->state[0], output, 0);
+ MBEDTLS_PUT_UINT32_LE(ctx->state[1], output, 4);
+ MBEDTLS_PUT_UINT32_LE(ctx->state[2], output, 8);
+ MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12);
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4_finish( mbedtls_md4_context *ctx,
- unsigned char output[16] )
+void mbedtls_md4_finish(mbedtls_md4_context *ctx,
+ unsigned char output[16])
{
- mbedtls_md4_finish_ret( ctx, output );
+ mbedtls_md4_finish_ret(ctx, output);
}
#endif
@@ -338,36 +341,39 @@
/*
* output = MD4( input buffer )
*/
-int mbedtls_md4_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] )
+int mbedtls_md4_ret(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16])
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md4_context ctx;
- mbedtls_md4_init( &ctx );
+ mbedtls_md4_init(&ctx);
- if( ( ret = mbedtls_md4_starts_ret( &ctx ) ) != 0 )
+ if ((ret = mbedtls_md4_starts_ret(&ctx)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_md4_update_ret( &ctx, input, ilen ) ) != 0 )
+ if ((ret = mbedtls_md4_update_ret(&ctx, input, ilen)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_md4_finish_ret( &ctx, output ) ) != 0 )
+ if ((ret = mbedtls_md4_finish_ret(&ctx, output)) != 0) {
goto exit;
+ }
exit:
- mbedtls_md4_free( &ctx );
+ mbedtls_md4_free(&ctx);
- return( ret );
+ return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] )
+void mbedtls_md4(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16])
{
- mbedtls_md4_ret( input, ilen, output );
+ mbedtls_md4_ret(input, ilen, output);
}
#endif
@@ -413,40 +419,43 @@
/*
* Checkup routine
*/
-int mbedtls_md4_self_test( int verbose )
+int mbedtls_md4_self_test(int verbose)
{
int i, ret = 0;
unsigned char md4sum[16];
- for( i = 0; i < 7; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " MD4 test #%d: ", i + 1 );
+ for (i = 0; i < 7; i++) {
+ if (verbose != 0) {
+ mbedtls_printf(" MD4 test #%d: ", i + 1);
+ }
- ret = mbedtls_md4_ret( md4_test_str[i], md4_test_strlen[i], md4sum );
- if( ret != 0 )
+ ret = mbedtls_md4_ret(md4_test_str[i], md4_test_strlen[i], md4sum);
+ if (ret != 0) {
goto fail;
+ }
- if( memcmp( md4sum, md4_test_sum[i], 16 ) != 0 )
- {
+ if (memcmp(md4sum, md4_test_sum[i], 16) != 0) {
ret = 1;
goto fail;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
- return( 0 );
+ return 0;
fail:
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/md5.c b/library/md5.c
index e53bfe6..fb47486 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -36,21 +36,22 @@
#if !defined(MBEDTLS_MD5_ALT)
-void mbedtls_md5_init( mbedtls_md5_context *ctx )
+void mbedtls_md5_init(mbedtls_md5_context *ctx)
{
- memset( ctx, 0, sizeof( mbedtls_md5_context ) );
+ memset(ctx, 0, sizeof(mbedtls_md5_context));
}
-void mbedtls_md5_free( mbedtls_md5_context *ctx )
+void mbedtls_md5_free(mbedtls_md5_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md5_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md5_context));
}
-void mbedtls_md5_clone( mbedtls_md5_context *dst,
- const mbedtls_md5_context *src )
+void mbedtls_md5_clone(mbedtls_md5_context *dst,
+ const mbedtls_md5_context *src)
{
*dst = *src;
}
@@ -58,7 +59,7 @@
/*
* MD5 context setup
*/
-int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx )
+int mbedtls_md5_starts_ret(mbedtls_md5_context *ctx)
{
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -68,138 +69,137 @@
ctx->state[2] = 0x98BADCFE;
ctx->state[3] = 0x10325476;
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5_starts( mbedtls_md5_context *ctx )
+void mbedtls_md5_starts(mbedtls_md5_context *ctx)
{
- mbedtls_md5_starts_ret( ctx );
+ mbedtls_md5_starts_ret(ctx);
}
#endif
#if !defined(MBEDTLS_MD5_PROCESS_ALT)
-int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
- const unsigned char data[64] )
+int mbedtls_internal_md5_process(mbedtls_md5_context *ctx,
+ const unsigned char data[64])
{
- struct
- {
+ struct {
uint32_t X[16], A, B, C, D;
} local;
- local.X[ 0] = MBEDTLS_GET_UINT32_LE( data, 0 );
- local.X[ 1] = MBEDTLS_GET_UINT32_LE( data, 4 );
- local.X[ 2] = MBEDTLS_GET_UINT32_LE( data, 8 );
- local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 );
- local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 );
- local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 );
- local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 );
- local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 );
- local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 );
- local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 );
- local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 );
- local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 );
- local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 );
- local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 );
- local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 );
- local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 );
+ local.X[0] = MBEDTLS_GET_UINT32_LE(data, 0);
+ local.X[1] = MBEDTLS_GET_UINT32_LE(data, 4);
+ local.X[2] = MBEDTLS_GET_UINT32_LE(data, 8);
+ local.X[3] = MBEDTLS_GET_UINT32_LE(data, 12);
+ local.X[4] = MBEDTLS_GET_UINT32_LE(data, 16);
+ local.X[5] = MBEDTLS_GET_UINT32_LE(data, 20);
+ local.X[6] = MBEDTLS_GET_UINT32_LE(data, 24);
+ local.X[7] = MBEDTLS_GET_UINT32_LE(data, 28);
+ local.X[8] = MBEDTLS_GET_UINT32_LE(data, 32);
+ local.X[9] = MBEDTLS_GET_UINT32_LE(data, 36);
+ local.X[10] = MBEDTLS_GET_UINT32_LE(data, 40);
+ local.X[11] = MBEDTLS_GET_UINT32_LE(data, 44);
+ local.X[12] = MBEDTLS_GET_UINT32_LE(data, 48);
+ local.X[13] = MBEDTLS_GET_UINT32_LE(data, 52);
+ local.X[14] = MBEDTLS_GET_UINT32_LE(data, 56);
+ local.X[15] = MBEDTLS_GET_UINT32_LE(data, 60);
-#define S(x,n) \
- ( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) )
+#define S(x, n) \
+ (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
-#define P(a,b,c,d,k,s,t) \
+#define P(a, b, c, d, k, s, t) \
do \
{ \
- (a) += F((b),(c),(d)) + local.X[(k)] + (t); \
- (a) = S((a),(s)) + (b); \
- } while( 0 )
+ (a) += F((b), (c), (d)) + local.X[(k)] + (t); \
+ (a) = S((a), (s)) + (b); \
+ } while (0)
local.A = ctx->state[0];
local.B = ctx->state[1];
local.C = ctx->state[2];
local.D = ctx->state[3];
-#define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
+#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
- P( local.A, local.B, local.C, local.D, 0, 7, 0xD76AA478 );
- P( local.D, local.A, local.B, local.C, 1, 12, 0xE8C7B756 );
- P( local.C, local.D, local.A, local.B, 2, 17, 0x242070DB );
- P( local.B, local.C, local.D, local.A, 3, 22, 0xC1BDCEEE );
- P( local.A, local.B, local.C, local.D, 4, 7, 0xF57C0FAF );
- P( local.D, local.A, local.B, local.C, 5, 12, 0x4787C62A );
- P( local.C, local.D, local.A, local.B, 6, 17, 0xA8304613 );
- P( local.B, local.C, local.D, local.A, 7, 22, 0xFD469501 );
- P( local.A, local.B, local.C, local.D, 8, 7, 0x698098D8 );
- P( local.D, local.A, local.B, local.C, 9, 12, 0x8B44F7AF );
- P( local.C, local.D, local.A, local.B, 10, 17, 0xFFFF5BB1 );
- P( local.B, local.C, local.D, local.A, 11, 22, 0x895CD7BE );
- P( local.A, local.B, local.C, local.D, 12, 7, 0x6B901122 );
- P( local.D, local.A, local.B, local.C, 13, 12, 0xFD987193 );
- P( local.C, local.D, local.A, local.B, 14, 17, 0xA679438E );
- P( local.B, local.C, local.D, local.A, 15, 22, 0x49B40821 );
+ P(local.A, local.B, local.C, local.D, 0, 7, 0xD76AA478);
+ P(local.D, local.A, local.B, local.C, 1, 12, 0xE8C7B756);
+ P(local.C, local.D, local.A, local.B, 2, 17, 0x242070DB);
+ P(local.B, local.C, local.D, local.A, 3, 22, 0xC1BDCEEE);
+ P(local.A, local.B, local.C, local.D, 4, 7, 0xF57C0FAF);
+ P(local.D, local.A, local.B, local.C, 5, 12, 0x4787C62A);
+ P(local.C, local.D, local.A, local.B, 6, 17, 0xA8304613);
+ P(local.B, local.C, local.D, local.A, 7, 22, 0xFD469501);
+ P(local.A, local.B, local.C, local.D, 8, 7, 0x698098D8);
+ P(local.D, local.A, local.B, local.C, 9, 12, 0x8B44F7AF);
+ P(local.C, local.D, local.A, local.B, 10, 17, 0xFFFF5BB1);
+ P(local.B, local.C, local.D, local.A, 11, 22, 0x895CD7BE);
+ P(local.A, local.B, local.C, local.D, 12, 7, 0x6B901122);
+ P(local.D, local.A, local.B, local.C, 13, 12, 0xFD987193);
+ P(local.C, local.D, local.A, local.B, 14, 17, 0xA679438E);
+ P(local.B, local.C, local.D, local.A, 15, 22, 0x49B40821);
#undef F
-#define F(x,y,z) ((y) ^ ((z) & ((x) ^ (y))))
+#define F(x, y, z) ((y) ^ ((z) & ((x) ^ (y))))
- P( local.A, local.B, local.C, local.D, 1, 5, 0xF61E2562 );
- P( local.D, local.A, local.B, local.C, 6, 9, 0xC040B340 );
- P( local.C, local.D, local.A, local.B, 11, 14, 0x265E5A51 );
- P( local.B, local.C, local.D, local.A, 0, 20, 0xE9B6C7AA );
- P( local.A, local.B, local.C, local.D, 5, 5, 0xD62F105D );
- P( local.D, local.A, local.B, local.C, 10, 9, 0x02441453 );
- P( local.C, local.D, local.A, local.B, 15, 14, 0xD8A1E681 );
- P( local.B, local.C, local.D, local.A, 4, 20, 0xE7D3FBC8 );
- P( local.A, local.B, local.C, local.D, 9, 5, 0x21E1CDE6 );
- P( local.D, local.A, local.B, local.C, 14, 9, 0xC33707D6 );
- P( local.C, local.D, local.A, local.B, 3, 14, 0xF4D50D87 );
- P( local.B, local.C, local.D, local.A, 8, 20, 0x455A14ED );
- P( local.A, local.B, local.C, local.D, 13, 5, 0xA9E3E905 );
- P( local.D, local.A, local.B, local.C, 2, 9, 0xFCEFA3F8 );
- P( local.C, local.D, local.A, local.B, 7, 14, 0x676F02D9 );
- P( local.B, local.C, local.D, local.A, 12, 20, 0x8D2A4C8A );
+ P(local.A, local.B, local.C, local.D, 1, 5, 0xF61E2562);
+ P(local.D, local.A, local.B, local.C, 6, 9, 0xC040B340);
+ P(local.C, local.D, local.A, local.B, 11, 14, 0x265E5A51);
+ P(local.B, local.C, local.D, local.A, 0, 20, 0xE9B6C7AA);
+ P(local.A, local.B, local.C, local.D, 5, 5, 0xD62F105D);
+ P(local.D, local.A, local.B, local.C, 10, 9, 0x02441453);
+ P(local.C, local.D, local.A, local.B, 15, 14, 0xD8A1E681);
+ P(local.B, local.C, local.D, local.A, 4, 20, 0xE7D3FBC8);
+ P(local.A, local.B, local.C, local.D, 9, 5, 0x21E1CDE6);
+ P(local.D, local.A, local.B, local.C, 14, 9, 0xC33707D6);
+ P(local.C, local.D, local.A, local.B, 3, 14, 0xF4D50D87);
+ P(local.B, local.C, local.D, local.A, 8, 20, 0x455A14ED);
+ P(local.A, local.B, local.C, local.D, 13, 5, 0xA9E3E905);
+ P(local.D, local.A, local.B, local.C, 2, 9, 0xFCEFA3F8);
+ P(local.C, local.D, local.A, local.B, 7, 14, 0x676F02D9);
+ P(local.B, local.C, local.D, local.A, 12, 20, 0x8D2A4C8A);
#undef F
-#define F(x,y,z) ((x) ^ (y) ^ (z))
+#define F(x, y, z) ((x) ^ (y) ^ (z))
- P( local.A, local.B, local.C, local.D, 5, 4, 0xFFFA3942 );
- P( local.D, local.A, local.B, local.C, 8, 11, 0x8771F681 );
- P( local.C, local.D, local.A, local.B, 11, 16, 0x6D9D6122 );
- P( local.B, local.C, local.D, local.A, 14, 23, 0xFDE5380C );
- P( local.A, local.B, local.C, local.D, 1, 4, 0xA4BEEA44 );
- P( local.D, local.A, local.B, local.C, 4, 11, 0x4BDECFA9 );
- P( local.C, local.D, local.A, local.B, 7, 16, 0xF6BB4B60 );
- P( local.B, local.C, local.D, local.A, 10, 23, 0xBEBFBC70 );
- P( local.A, local.B, local.C, local.D, 13, 4, 0x289B7EC6 );
- P( local.D, local.A, local.B, local.C, 0, 11, 0xEAA127FA );
- P( local.C, local.D, local.A, local.B, 3, 16, 0xD4EF3085 );
- P( local.B, local.C, local.D, local.A, 6, 23, 0x04881D05 );
- P( local.A, local.B, local.C, local.D, 9, 4, 0xD9D4D039 );
- P( local.D, local.A, local.B, local.C, 12, 11, 0xE6DB99E5 );
- P( local.C, local.D, local.A, local.B, 15, 16, 0x1FA27CF8 );
- P( local.B, local.C, local.D, local.A, 2, 23, 0xC4AC5665 );
+ P(local.A, local.B, local.C, local.D, 5, 4, 0xFFFA3942);
+ P(local.D, local.A, local.B, local.C, 8, 11, 0x8771F681);
+ P(local.C, local.D, local.A, local.B, 11, 16, 0x6D9D6122);
+ P(local.B, local.C, local.D, local.A, 14, 23, 0xFDE5380C);
+ P(local.A, local.B, local.C, local.D, 1, 4, 0xA4BEEA44);
+ P(local.D, local.A, local.B, local.C, 4, 11, 0x4BDECFA9);
+ P(local.C, local.D, local.A, local.B, 7, 16, 0xF6BB4B60);
+ P(local.B, local.C, local.D, local.A, 10, 23, 0xBEBFBC70);
+ P(local.A, local.B, local.C, local.D, 13, 4, 0x289B7EC6);
+ P(local.D, local.A, local.B, local.C, 0, 11, 0xEAA127FA);
+ P(local.C, local.D, local.A, local.B, 3, 16, 0xD4EF3085);
+ P(local.B, local.C, local.D, local.A, 6, 23, 0x04881D05);
+ P(local.A, local.B, local.C, local.D, 9, 4, 0xD9D4D039);
+ P(local.D, local.A, local.B, local.C, 12, 11, 0xE6DB99E5);
+ P(local.C, local.D, local.A, local.B, 15, 16, 0x1FA27CF8);
+ P(local.B, local.C, local.D, local.A, 2, 23, 0xC4AC5665);
#undef F
-#define F(x,y,z) ((y) ^ ((x) | ~(z)))
+#define F(x, y, z) ((y) ^ ((x) | ~(z)))
- P( local.A, local.B, local.C, local.D, 0, 6, 0xF4292244 );
- P( local.D, local.A, local.B, local.C, 7, 10, 0x432AFF97 );
- P( local.C, local.D, local.A, local.B, 14, 15, 0xAB9423A7 );
- P( local.B, local.C, local.D, local.A, 5, 21, 0xFC93A039 );
- P( local.A, local.B, local.C, local.D, 12, 6, 0x655B59C3 );
- P( local.D, local.A, local.B, local.C, 3, 10, 0x8F0CCC92 );
- P( local.C, local.D, local.A, local.B, 10, 15, 0xFFEFF47D );
- P( local.B, local.C, local.D, local.A, 1, 21, 0x85845DD1 );
- P( local.A, local.B, local.C, local.D, 8, 6, 0x6FA87E4F );
- P( local.D, local.A, local.B, local.C, 15, 10, 0xFE2CE6E0 );
- P( local.C, local.D, local.A, local.B, 6, 15, 0xA3014314 );
- P( local.B, local.C, local.D, local.A, 13, 21, 0x4E0811A1 );
- P( local.A, local.B, local.C, local.D, 4, 6, 0xF7537E82 );
- P( local.D, local.A, local.B, local.C, 11, 10, 0xBD3AF235 );
- P( local.C, local.D, local.A, local.B, 2, 15, 0x2AD7D2BB );
- P( local.B, local.C, local.D, local.A, 9, 21, 0xEB86D391 );
+ P(local.A, local.B, local.C, local.D, 0, 6, 0xF4292244);
+ P(local.D, local.A, local.B, local.C, 7, 10, 0x432AFF97);
+ P(local.C, local.D, local.A, local.B, 14, 15, 0xAB9423A7);
+ P(local.B, local.C, local.D, local.A, 5, 21, 0xFC93A039);
+ P(local.A, local.B, local.C, local.D, 12, 6, 0x655B59C3);
+ P(local.D, local.A, local.B, local.C, 3, 10, 0x8F0CCC92);
+ P(local.C, local.D, local.A, local.B, 10, 15, 0xFFEFF47D);
+ P(local.B, local.C, local.D, local.A, 1, 21, 0x85845DD1);
+ P(local.A, local.B, local.C, local.D, 8, 6, 0x6FA87E4F);
+ P(local.D, local.A, local.B, local.C, 15, 10, 0xFE2CE6E0);
+ P(local.C, local.D, local.A, local.B, 6, 15, 0xA3014314);
+ P(local.B, local.C, local.D, local.A, 13, 21, 0x4E0811A1);
+ P(local.A, local.B, local.C, local.D, 4, 6, 0xF7537E82);
+ P(local.D, local.A, local.B, local.C, 11, 10, 0xBD3AF235);
+ P(local.C, local.D, local.A, local.B, 2, 15, 0x2AD7D2BB);
+ P(local.B, local.C, local.D, local.A, 9, 21, 0xEB86D391);
#undef F
@@ -209,16 +209,16 @@
ctx->state[3] += local.D;
/* Zeroise variables to clear sensitive data from memory. */
- mbedtls_platform_zeroize( &local, sizeof( local ) );
+ mbedtls_platform_zeroize(&local, sizeof(local));
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5_process( mbedtls_md5_context *ctx,
- const unsigned char data[64] )
+void mbedtls_md5_process(mbedtls_md5_context *ctx,
+ const unsigned char data[64])
{
- mbedtls_internal_md5_process( ctx, data );
+ mbedtls_internal_md5_process(ctx, data);
}
#endif
#endif /* !MBEDTLS_MD5_PROCESS_ALT */
@@ -226,16 +226,17 @@
/*
* MD5 process buffer
*/
-int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
- const unsigned char *input,
- size_t ilen )
+int mbedtls_md5_update_ret(mbedtls_md5_context *ctx,
+ const unsigned char *input,
+ size_t ilen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t fill;
uint32_t left;
- if( ilen == 0 )
- return( 0 );
+ if (ilen == 0) {
+ return 0;
+ }
left = ctx->total[0] & 0x3F;
fill = 64 - left;
@@ -243,51 +244,51 @@
ctx->total[0] += (uint32_t) ilen;
ctx->total[0] &= 0xFFFFFFFF;
- if( ctx->total[0] < (uint32_t) ilen )
+ if (ctx->total[0] < (uint32_t) ilen) {
ctx->total[1]++;
+ }
- if( left && ilen >= fill )
- {
- memcpy( (void *) (ctx->buffer + left), input, fill );
- if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
- return( ret );
+ if (left && ilen >= fill) {
+ memcpy((void *) (ctx->buffer + left), input, fill);
+ if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) {
+ return ret;
+ }
input += fill;
ilen -= fill;
left = 0;
}
- while( ilen >= 64 )
- {
- if( ( ret = mbedtls_internal_md5_process( ctx, input ) ) != 0 )
- return( ret );
+ while (ilen >= 64) {
+ if ((ret = mbedtls_internal_md5_process(ctx, input)) != 0) {
+ return ret;
+ }
input += 64;
ilen -= 64;
}
- if( ilen > 0 )
- {
- memcpy( (void *) (ctx->buffer + left), input, ilen );
+ if (ilen > 0) {
+ memcpy((void *) (ctx->buffer + left), input, ilen);
}
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5_update( mbedtls_md5_context *ctx,
- const unsigned char *input,
- size_t ilen )
+void mbedtls_md5_update(mbedtls_md5_context *ctx,
+ const unsigned char *input,
+ size_t ilen)
{
- mbedtls_md5_update_ret( ctx, input, ilen );
+ mbedtls_md5_update_ret(ctx, input, ilen);
}
#endif
/*
* MD5 final digest
*/
-int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
- unsigned char output[16] )
+int mbedtls_md5_finish_ret(mbedtls_md5_context *ctx,
+ unsigned char output[16])
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
uint32_t used;
@@ -300,51 +301,50 @@
ctx->buffer[used++] = 0x80;
- if( used <= 56 )
- {
+ if (used <= 56) {
/* Enough room for padding + length in current block */
- memset( ctx->buffer + used, 0, 56 - used );
- }
- else
- {
+ memset(ctx->buffer + used, 0, 56 - used);
+ } else {
/* We'll need an extra block */
- memset( ctx->buffer + used, 0, 64 - used );
+ memset(ctx->buffer + used, 0, 64 - used);
- if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) {
+ return ret;
+ }
- memset( ctx->buffer, 0, 56 );
+ memset(ctx->buffer, 0, 56);
}
/*
* Add message length
*/
- high = ( ctx->total[0] >> 29 )
- | ( ctx->total[1] << 3 );
- low = ( ctx->total[0] << 3 );
+ high = (ctx->total[0] >> 29)
+ | (ctx->total[1] << 3);
+ low = (ctx->total[0] << 3);
- MBEDTLS_PUT_UINT32_LE( low, ctx->buffer, 56 );
- MBEDTLS_PUT_UINT32_LE( high, ctx->buffer, 60 );
+ MBEDTLS_PUT_UINT32_LE(low, ctx->buffer, 56);
+ MBEDTLS_PUT_UINT32_LE(high, ctx->buffer, 60);
- if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) {
+ return ret;
+ }
/*
* Output final state
*/
- MBEDTLS_PUT_UINT32_LE( ctx->state[0], output, 0 );
- MBEDTLS_PUT_UINT32_LE( ctx->state[1], output, 4 );
- MBEDTLS_PUT_UINT32_LE( ctx->state[2], output, 8 );
- MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 );
+ MBEDTLS_PUT_UINT32_LE(ctx->state[0], output, 0);
+ MBEDTLS_PUT_UINT32_LE(ctx->state[1], output, 4);
+ MBEDTLS_PUT_UINT32_LE(ctx->state[2], output, 8);
+ MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12);
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5_finish( mbedtls_md5_context *ctx,
- unsigned char output[16] )
+void mbedtls_md5_finish(mbedtls_md5_context *ctx,
+ unsigned char output[16])
{
- mbedtls_md5_finish_ret( ctx, output );
+ mbedtls_md5_finish_ret(ctx, output);
}
#endif
@@ -353,36 +353,39 @@
/*
* output = MD5( input buffer )
*/
-int mbedtls_md5_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] )
+int mbedtls_md5_ret(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16])
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md5_context ctx;
- mbedtls_md5_init( &ctx );
+ mbedtls_md5_init(&ctx);
- if( ( ret = mbedtls_md5_starts_ret( &ctx ) ) != 0 )
+ if ((ret = mbedtls_md5_starts_ret(&ctx)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_md5_update_ret( &ctx, input, ilen ) ) != 0 )
+ if ((ret = mbedtls_md5_update_ret(&ctx, input, ilen)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_md5_finish_ret( &ctx, output ) ) != 0 )
+ if ((ret = mbedtls_md5_finish_ret(&ctx, output)) != 0) {
goto exit;
+ }
exit:
- mbedtls_md5_free( &ctx );
+ mbedtls_md5_free(&ctx);
- return( ret );
+ return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] )
+void mbedtls_md5(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16])
{
- mbedtls_md5_ret( input, ilen, output );
+ mbedtls_md5_ret(input, ilen, output);
}
#endif
@@ -427,40 +430,43 @@
/*
* Checkup routine
*/
-int mbedtls_md5_self_test( int verbose )
+int mbedtls_md5_self_test(int verbose)
{
int i, ret = 0;
unsigned char md5sum[16];
- for( i = 0; i < 7; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " MD5 test #%d: ", i + 1 );
+ for (i = 0; i < 7; i++) {
+ if (verbose != 0) {
+ mbedtls_printf(" MD5 test #%d: ", i + 1);
+ }
- ret = mbedtls_md5_ret( md5_test_buf[i], md5_test_buflen[i], md5sum );
- if( ret != 0 )
+ ret = mbedtls_md5_ret(md5_test_buf[i], md5_test_buflen[i], md5sum);
+ if (ret != 0) {
goto fail;
+ }
- if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 )
- {
+ if (memcmp(md5sum, md5_test_sum[i], 16) != 0) {
ret = 1;
goto fail;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
- return( 0 );
+ return 0;
fail:
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c
index cc62324..bdde4e0 100644
--- a/library/memory_buffer_alloc.c
+++ b/library/memory_buffer_alloc.c
@@ -42,8 +42,7 @@
#define MAX_BT 20
typedef struct _memory_header memory_header;
-struct _memory_header
-{
+struct _memory_header {
size_t magic1;
size_t size;
size_t alloc;
@@ -58,8 +57,7 @@
size_t magic2;
};
-typedef struct
-{
+typedef struct {
unsigned char *buf;
size_t len;
memory_header *first;
@@ -82,146 +80,135 @@
static buffer_alloc_ctx heap;
#if defined(MBEDTLS_MEMORY_DEBUG)
-static void debug_header( memory_header *hdr )
+static void debug_header(memory_header *hdr)
{
#if defined(MBEDTLS_MEMORY_BACKTRACE)
size_t i;
#endif
- mbedtls_fprintf( stderr, "HDR: PTR(%10zu), PREV(%10zu), NEXT(%10zu), "
- "ALLOC(%zu), SIZE(%10zu)\n",
- (size_t) hdr, (size_t) hdr->prev, (size_t) hdr->next,
- hdr->alloc, hdr->size );
- mbedtls_fprintf( stderr, " FPREV(%10zu), FNEXT(%10zu)\n",
- (size_t) hdr->prev_free, (size_t) hdr->next_free );
+ mbedtls_fprintf(stderr, "HDR: PTR(%10zu), PREV(%10zu), NEXT(%10zu), "
+ "ALLOC(%zu), SIZE(%10zu)\n",
+ (size_t) hdr, (size_t) hdr->prev, (size_t) hdr->next,
+ hdr->alloc, hdr->size);
+ mbedtls_fprintf(stderr, " FPREV(%10zu), FNEXT(%10zu)\n",
+ (size_t) hdr->prev_free, (size_t) hdr->next_free);
#if defined(MBEDTLS_MEMORY_BACKTRACE)
- mbedtls_fprintf( stderr, "TRACE: \n" );
- for( i = 0; i < hdr->trace_count; i++ )
- mbedtls_fprintf( stderr, "%s\n", hdr->trace[i] );
- mbedtls_fprintf( stderr, "\n" );
+ mbedtls_fprintf(stderr, "TRACE: \n");
+ for (i = 0; i < hdr->trace_count; i++) {
+ mbedtls_fprintf(stderr, "%s\n", hdr->trace[i]);
+ }
+ mbedtls_fprintf(stderr, "\n");
#endif
}
-static void debug_chain( void )
+static void debug_chain(void)
{
memory_header *cur = heap.first;
- mbedtls_fprintf( stderr, "\nBlock list\n" );
- while( cur != NULL )
- {
- debug_header( cur );
+ mbedtls_fprintf(stderr, "\nBlock list\n");
+ while (cur != NULL) {
+ debug_header(cur);
cur = cur->next;
}
- mbedtls_fprintf( stderr, "Free list\n" );
+ mbedtls_fprintf(stderr, "Free list\n");
cur = heap.first_free;
- while( cur != NULL )
- {
- debug_header( cur );
+ while (cur != NULL) {
+ debug_header(cur);
cur = cur->next_free;
}
}
#endif /* MBEDTLS_MEMORY_DEBUG */
-static int verify_header( memory_header *hdr )
+static int verify_header(memory_header *hdr)
{
- if( hdr->magic1 != MAGIC1 )
- {
+ if (hdr->magic1 != MAGIC1) {
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_fprintf( stderr, "FATAL: MAGIC1 mismatch\n" );
+ mbedtls_fprintf(stderr, "FATAL: MAGIC1 mismatch\n");
#endif
- return( 1 );
+ return 1;
}
- if( hdr->magic2 != MAGIC2 )
- {
+ if (hdr->magic2 != MAGIC2) {
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_fprintf( stderr, "FATAL: MAGIC2 mismatch\n" );
+ mbedtls_fprintf(stderr, "FATAL: MAGIC2 mismatch\n");
#endif
- return( 1 );
+ return 1;
}
- if( hdr->alloc > 1 )
- {
+ if (hdr->alloc > 1) {
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_fprintf( stderr, "FATAL: alloc has illegal value\n" );
+ mbedtls_fprintf(stderr, "FATAL: alloc has illegal value\n");
#endif
- return( 1 );
+ return 1;
}
- if( hdr->prev != NULL && hdr->prev == hdr->next )
- {
+ if (hdr->prev != NULL && hdr->prev == hdr->next) {
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_fprintf( stderr, "FATAL: prev == next\n" );
+ mbedtls_fprintf(stderr, "FATAL: prev == next\n");
#endif
- return( 1 );
+ return 1;
}
- if( hdr->prev_free != NULL && hdr->prev_free == hdr->next_free )
- {
+ if (hdr->prev_free != NULL && hdr->prev_free == hdr->next_free) {
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_fprintf( stderr, "FATAL: prev_free == next_free\n" );
+ mbedtls_fprintf(stderr, "FATAL: prev_free == next_free\n");
#endif
- return( 1 );
+ return 1;
}
- return( 0 );
+ return 0;
}
-static int verify_chain( void )
+static int verify_chain(void)
{
memory_header *prv = heap.first, *cur;
- if( prv == NULL || verify_header( prv ) != 0 )
- {
+ if (prv == NULL || verify_header(prv) != 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_fprintf( stderr, "FATAL: verification of first header "
- "failed\n" );
+ mbedtls_fprintf(stderr, "FATAL: verification of first header "
+ "failed\n");
#endif
- return( 1 );
+ return 1;
}
- if( heap.first->prev != NULL )
- {
+ if (heap.first->prev != NULL) {
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_fprintf( stderr, "FATAL: verification failed: "
- "first->prev != NULL\n" );
+ mbedtls_fprintf(stderr, "FATAL: verification failed: "
+ "first->prev != NULL\n");
#endif
- return( 1 );
+ return 1;
}
cur = heap.first->next;
- while( cur != NULL )
- {
- if( verify_header( cur ) != 0 )
- {
+ while (cur != NULL) {
+ if (verify_header(cur) != 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_fprintf( stderr, "FATAL: verification of header "
- "failed\n" );
+ mbedtls_fprintf(stderr, "FATAL: verification of header "
+ "failed\n");
#endif
- return( 1 );
+ return 1;
}
- if( cur->prev != prv )
- {
+ if (cur->prev != prv) {
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_fprintf( stderr, "FATAL: verification failed: "
- "cur->prev != prv\n" );
+ mbedtls_fprintf(stderr, "FATAL: verification failed: "
+ "cur->prev != prv\n");
#endif
- return( 1 );
+ return 1;
}
prv = cur;
cur = cur->next;
}
- return( 0 );
+ return 0;
}
-static void *buffer_alloc_calloc( size_t n, size_t size )
+static void *buffer_alloc_calloc(size_t n, size_t size)
{
memory_header *new, *cur = heap.first_free;
unsigned char *p;
@@ -232,42 +219,43 @@
size_t trace_cnt;
#endif
- if( heap.buf == NULL || heap.first == NULL )
- return( NULL );
+ if (heap.buf == NULL || heap.first == NULL) {
+ return NULL;
+ }
original_len = len = n * size;
- if( n == 0 || size == 0 || len / n != size )
- return( NULL );
- else if( len > (size_t)-MBEDTLS_MEMORY_ALIGN_MULTIPLE )
- return( NULL );
+ if (n == 0 || size == 0 || len / n != size) {
+ return NULL;
+ } else if (len > (size_t) -MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
+ return NULL;
+ }
- if( len % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
- {
+ if (len % MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
len -= len % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
len += MBEDTLS_MEMORY_ALIGN_MULTIPLE;
}
// Find block that fits
//
- while( cur != NULL )
- {
- if( cur->size >= len )
+ while (cur != NULL) {
+ if (cur->size >= len) {
break;
+ }
cur = cur->next_free;
}
- if( cur == NULL )
- return( NULL );
+ if (cur == NULL) {
+ return NULL;
+ }
- if( cur->alloc != 0 )
- {
+ if (cur->alloc != 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_fprintf( stderr, "FATAL: block in free_list but allocated "
- "data\n" );
+ mbedtls_fprintf(stderr, "FATAL: block in free_list but allocated "
+ "data\n");
#endif
- mbedtls_exit( 1 );
+ mbedtls_exit(1);
}
#if defined(MBEDTLS_MEMORY_DEBUG)
@@ -276,45 +264,48 @@
// Found location, split block if > memory_header + 4 room left
//
- if( cur->size - len < sizeof(memory_header) +
- MBEDTLS_MEMORY_ALIGN_MULTIPLE )
- {
+ if (cur->size - len < sizeof(memory_header) +
+ MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
cur->alloc = 1;
// Remove from free_list
//
- if( cur->prev_free != NULL )
+ if (cur->prev_free != NULL) {
cur->prev_free->next_free = cur->next_free;
- else
+ } else {
heap.first_free = cur->next_free;
+ }
- if( cur->next_free != NULL )
+ if (cur->next_free != NULL) {
cur->next_free->prev_free = cur->prev_free;
+ }
cur->prev_free = NULL;
cur->next_free = NULL;
#if defined(MBEDTLS_MEMORY_DEBUG)
heap.total_used += cur->size;
- if( heap.total_used > heap.maximum_used )
+ if (heap.total_used > heap.maximum_used) {
heap.maximum_used = heap.total_used;
+ }
#endif
#if defined(MBEDTLS_MEMORY_BACKTRACE)
- trace_cnt = backtrace( trace_buffer, MAX_BT );
- cur->trace = backtrace_symbols( trace_buffer, trace_cnt );
+ trace_cnt = backtrace(trace_buffer, MAX_BT);
+ cur->trace = backtrace_symbols(trace_buffer, trace_cnt);
cur->trace_count = trace_cnt;
#endif
- if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 )
- mbedtls_exit( 1 );
+ if ((heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC) && verify_chain() != 0) {
+ mbedtls_exit(1);
+ }
- ret = (unsigned char *) cur + sizeof( memory_header );
- memset( ret, 0, original_len );
+ ret = (unsigned char *) cur + sizeof(memory_header);
+ memset(ret, 0, original_len);
- return( ret );
+ return ret;
}
- p = ( (unsigned char *) cur ) + sizeof(memory_header) + len;
+ p = ((unsigned char *) cur) + sizeof(memory_header) + len;
new = (memory_header *) p;
new->size = cur->size - len - sizeof(memory_header);
@@ -328,20 +319,23 @@
new->magic1 = MAGIC1;
new->magic2 = MAGIC2;
- if( new->next != NULL )
+ if (new->next != NULL) {
new->next->prev = new;
+ }
// Replace cur with new in free_list
//
new->prev_free = cur->prev_free;
new->next_free = cur->next_free;
- if( new->prev_free != NULL )
+ if (new->prev_free != NULL) {
new->prev_free->next_free = new;
- else
+ } else {
heap.first_free = new;
+ }
- if( new->next_free != NULL )
+ if (new->next_free != NULL) {
new->next_free->prev_free = new;
+ }
cur->alloc = 1;
cur->size = len;
@@ -351,57 +345,60 @@
#if defined(MBEDTLS_MEMORY_DEBUG)
heap.header_count++;
- if( heap.header_count > heap.maximum_header_count )
+ if (heap.header_count > heap.maximum_header_count) {
heap.maximum_header_count = heap.header_count;
+ }
heap.total_used += cur->size;
- if( heap.total_used > heap.maximum_used )
+ if (heap.total_used > heap.maximum_used) {
heap.maximum_used = heap.total_used;
+ }
#endif
#if defined(MBEDTLS_MEMORY_BACKTRACE)
- trace_cnt = backtrace( trace_buffer, MAX_BT );
- cur->trace = backtrace_symbols( trace_buffer, trace_cnt );
+ trace_cnt = backtrace(trace_buffer, MAX_BT);
+ cur->trace = backtrace_symbols(trace_buffer, trace_cnt);
cur->trace_count = trace_cnt;
#endif
- if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 )
- mbedtls_exit( 1 );
+ if ((heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC) && verify_chain() != 0) {
+ mbedtls_exit(1);
+ }
- ret = (unsigned char *) cur + sizeof( memory_header );
- memset( ret, 0, original_len );
+ ret = (unsigned char *) cur + sizeof(memory_header);
+ memset(ret, 0, original_len);
- return( ret );
+ return ret;
}
-static void buffer_alloc_free( void *ptr )
+static void buffer_alloc_free(void *ptr)
{
memory_header *hdr, *old = NULL;
unsigned char *p = (unsigned char *) ptr;
- if( ptr == NULL || heap.buf == NULL || heap.first == NULL )
+ if (ptr == NULL || heap.buf == NULL || heap.first == NULL) {
return;
+ }
- if( p < heap.buf || p >= heap.buf + heap.len )
- {
+ if (p < heap.buf || p >= heap.buf + heap.len) {
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_fprintf( stderr, "FATAL: mbedtls_free() outside of managed "
- "space\n" );
+ mbedtls_fprintf(stderr, "FATAL: mbedtls_free() outside of managed "
+ "space\n");
#endif
- mbedtls_exit( 1 );
+ mbedtls_exit(1);
}
p -= sizeof(memory_header);
hdr = (memory_header *) p;
- if( verify_header( hdr ) != 0 )
- mbedtls_exit( 1 );
+ if (verify_header(hdr) != 0) {
+ mbedtls_exit(1);
+ }
- if( hdr->alloc != 1 )
- {
+ if (hdr->alloc != 1) {
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_fprintf( stderr, "FATAL: mbedtls_free() on unallocated "
- "data\n" );
+ mbedtls_fprintf(stderr, "FATAL: mbedtls_free() on unallocated "
+ "data\n");
#endif
- mbedtls_exit( 1 );
+ mbedtls_exit(1);
}
hdr->alloc = 0;
@@ -412,15 +409,14 @@
#endif
#if defined(MBEDTLS_MEMORY_BACKTRACE)
- free( hdr->trace );
+ free(hdr->trace);
hdr->trace = NULL;
hdr->trace_count = 0;
#endif
// Regroup with block before
//
- if( hdr->prev != NULL && hdr->prev->alloc == 0 )
- {
+ if (hdr->prev != NULL && hdr->prev->alloc == 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
heap.header_count--;
#endif
@@ -429,16 +425,16 @@
old = hdr;
hdr = hdr->prev;
- if( hdr->next != NULL )
+ if (hdr->next != NULL) {
hdr->next->prev = hdr;
+ }
- memset( old, 0, sizeof(memory_header) );
+ memset(old, 0, sizeof(memory_header));
}
// Regroup with block after
//
- if( hdr->next != NULL && hdr->next->alloc == 0 )
- {
+ if (hdr->next != NULL && hdr->next->alloc == 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
heap.header_count--;
#endif
@@ -446,95 +442,97 @@
old = hdr->next;
hdr->next = hdr->next->next;
- if( hdr->prev_free != NULL || hdr->next_free != NULL )
- {
- if( hdr->prev_free != NULL )
+ if (hdr->prev_free != NULL || hdr->next_free != NULL) {
+ if (hdr->prev_free != NULL) {
hdr->prev_free->next_free = hdr->next_free;
- else
+ } else {
heap.first_free = hdr->next_free;
+ }
- if( hdr->next_free != NULL )
+ if (hdr->next_free != NULL) {
hdr->next_free->prev_free = hdr->prev_free;
+ }
}
hdr->prev_free = old->prev_free;
hdr->next_free = old->next_free;
- if( hdr->prev_free != NULL )
+ if (hdr->prev_free != NULL) {
hdr->prev_free->next_free = hdr;
- else
+ } else {
heap.first_free = hdr;
+ }
- if( hdr->next_free != NULL )
+ if (hdr->next_free != NULL) {
hdr->next_free->prev_free = hdr;
+ }
- if( hdr->next != NULL )
+ if (hdr->next != NULL) {
hdr->next->prev = hdr;
+ }
- memset( old, 0, sizeof(memory_header) );
+ memset(old, 0, sizeof(memory_header));
}
// Prepend to free_list if we have not merged
// (Does not have to stay in same order as prev / next list)
//
- if( old == NULL )
- {
+ if (old == NULL) {
hdr->next_free = heap.first_free;
- if( heap.first_free != NULL )
+ if (heap.first_free != NULL) {
heap.first_free->prev_free = hdr;
+ }
heap.first_free = hdr;
}
- if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_FREE ) && verify_chain() != 0 )
- mbedtls_exit( 1 );
+ if ((heap.verify & MBEDTLS_MEMORY_VERIFY_FREE) && verify_chain() != 0) {
+ mbedtls_exit(1);
+ }
}
-void mbedtls_memory_buffer_set_verify( int verify )
+void mbedtls_memory_buffer_set_verify(int verify)
{
heap.verify = verify;
}
-int mbedtls_memory_buffer_alloc_verify( void )
+int mbedtls_memory_buffer_alloc_verify(void)
{
return verify_chain();
}
#if defined(MBEDTLS_MEMORY_DEBUG)
-void mbedtls_memory_buffer_alloc_status( void )
+void mbedtls_memory_buffer_alloc_status(void)
{
- mbedtls_fprintf( stderr,
- "Current use: %zu blocks / %zu bytes, max: %zu blocks / "
- "%zu bytes (total %zu bytes), alloc / free: %zu / %zu\n",
- heap.header_count, heap.total_used,
- heap.maximum_header_count, heap.maximum_used,
- heap.maximum_header_count * sizeof( memory_header )
- + heap.maximum_used,
- heap.alloc_count, heap.free_count );
+ mbedtls_fprintf(stderr,
+ "Current use: %zu blocks / %zu bytes, max: %zu blocks / "
+ "%zu bytes (total %zu bytes), alloc / free: %zu / %zu\n",
+ heap.header_count, heap.total_used,
+ heap.maximum_header_count, heap.maximum_used,
+ heap.maximum_header_count * sizeof(memory_header)
+ + heap.maximum_used,
+ heap.alloc_count, heap.free_count);
- if( heap.first->next == NULL )
- {
- mbedtls_fprintf( stderr, "All memory de-allocated in stack buffer\n" );
- }
- else
- {
- mbedtls_fprintf( stderr, "Memory currently allocated:\n" );
+ if (heap.first->next == NULL) {
+ mbedtls_fprintf(stderr, "All memory de-allocated in stack buffer\n");
+ } else {
+ mbedtls_fprintf(stderr, "Memory currently allocated:\n");
debug_chain();
}
}
-void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks )
+void mbedtls_memory_buffer_alloc_max_get(size_t *max_used, size_t *max_blocks)
{
*max_used = heap.maximum_used;
*max_blocks = heap.maximum_header_count;
}
-void mbedtls_memory_buffer_alloc_max_reset( void )
+void mbedtls_memory_buffer_alloc_max_reset(void)
{
heap.maximum_used = 0;
heap.maximum_header_count = 0;
}
-void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks )
+void mbedtls_memory_buffer_alloc_cur_get(size_t *cur_used, size_t *cur_blocks)
{
*cur_used = heap.total_used;
*cur_blocks = heap.header_count;
@@ -542,202 +540,211 @@
#endif /* MBEDTLS_MEMORY_DEBUG */
#if defined(MBEDTLS_THREADING_C)
-static void *buffer_alloc_calloc_mutexed( size_t n, size_t size )
+static void *buffer_alloc_calloc_mutexed(size_t n, size_t size)
{
void *buf;
- if( mbedtls_mutex_lock( &heap.mutex ) != 0 )
- return( NULL );
- buf = buffer_alloc_calloc( n, size );
- if( mbedtls_mutex_unlock( &heap.mutex ) )
- return( NULL );
- return( buf );
+ if (mbedtls_mutex_lock(&heap.mutex) != 0) {
+ return NULL;
+ }
+ buf = buffer_alloc_calloc(n, size);
+ if (mbedtls_mutex_unlock(&heap.mutex)) {
+ return NULL;
+ }
+ return buf;
}
-static void buffer_alloc_free_mutexed( void *ptr )
+static void buffer_alloc_free_mutexed(void *ptr)
{
/* We have no good option here, but corrupting the heap seems
* worse than losing memory. */
- if( mbedtls_mutex_lock( &heap.mutex ) )
+ if (mbedtls_mutex_lock(&heap.mutex)) {
return;
- buffer_alloc_free( ptr );
- (void) mbedtls_mutex_unlock( &heap.mutex );
+ }
+ buffer_alloc_free(ptr);
+ (void) mbedtls_mutex_unlock(&heap.mutex);
}
#endif /* MBEDTLS_THREADING_C */
-void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len )
+void mbedtls_memory_buffer_alloc_init(unsigned char *buf, size_t len)
{
- memset( &heap, 0, sizeof( buffer_alloc_ctx ) );
+ memset(&heap, 0, sizeof(buffer_alloc_ctx));
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &heap.mutex );
- mbedtls_platform_set_calloc_free( buffer_alloc_calloc_mutexed,
- buffer_alloc_free_mutexed );
+ mbedtls_mutex_init(&heap.mutex);
+ mbedtls_platform_set_calloc_free(buffer_alloc_calloc_mutexed,
+ buffer_alloc_free_mutexed);
#else
- mbedtls_platform_set_calloc_free( buffer_alloc_calloc, buffer_alloc_free );
+ mbedtls_platform_set_calloc_free(buffer_alloc_calloc, buffer_alloc_free);
#endif
- if( len < sizeof( memory_header ) + MBEDTLS_MEMORY_ALIGN_MULTIPLE )
+ if (len < sizeof(memory_header) + MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
return;
- else if( (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
- {
+ } else if ((size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
/* Adjust len first since buf is used in the computation */
len -= MBEDTLS_MEMORY_ALIGN_MULTIPLE
- - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
+ - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
buf += MBEDTLS_MEMORY_ALIGN_MULTIPLE
- - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
+ - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
}
- memset( buf, 0, len );
+ memset(buf, 0, len);
heap.buf = buf;
heap.len = len;
- heap.first = (memory_header *)buf;
- heap.first->size = len - sizeof( memory_header );
+ heap.first = (memory_header *) buf;
+ heap.first->size = len - sizeof(memory_header);
heap.first->magic1 = MAGIC1;
heap.first->magic2 = MAGIC2;
heap.first_free = heap.first;
}
-void mbedtls_memory_buffer_alloc_free( void )
+void mbedtls_memory_buffer_alloc_free(void)
{
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_free( &heap.mutex );
+ mbedtls_mutex_free(&heap.mutex);
#endif
- mbedtls_platform_zeroize( &heap, sizeof(buffer_alloc_ctx) );
+ mbedtls_platform_zeroize(&heap, sizeof(buffer_alloc_ctx));
}
#if defined(MBEDTLS_SELF_TEST)
-static int check_pointer( void *p )
+static int check_pointer(void *p)
{
- if( p == NULL )
- return( -1 );
+ if (p == NULL) {
+ return -1;
+ }
- if( (size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0 )
- return( -1 );
+ if ((size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0) {
+ return -1;
+ }
- return( 0 );
+ return 0;
}
-static int check_all_free( void )
+static int check_all_free(void)
{
- if(
+ if (
#if defined(MBEDTLS_MEMORY_DEBUG)
heap.total_used != 0 ||
#endif
heap.first != heap.first_free ||
- (void *) heap.first != (void *) heap.buf )
- {
- return( -1 );
+ (void *) heap.first != (void *) heap.buf) {
+ return -1;
}
- return( 0 );
+ return 0;
}
-#define TEST_ASSERT( condition ) \
- if( ! (condition) ) \
+#define TEST_ASSERT(condition) \
+ if (!(condition)) \
{ \
- if( verbose != 0 ) \
- mbedtls_printf( "failed\n" ); \
+ if (verbose != 0) \
+ mbedtls_printf("failed\n"); \
\
ret = 1; \
goto cleanup; \
}
-int mbedtls_memory_buffer_alloc_self_test( int verbose )
+int mbedtls_memory_buffer_alloc_self_test(int verbose)
{
unsigned char buf[1024];
unsigned char *p, *q, *r, *end;
int ret = 0;
- if( verbose != 0 )
- mbedtls_printf( " MBA test #1 (basic alloc-free cycle): " );
+ if (verbose != 0) {
+ mbedtls_printf(" MBA test #1 (basic alloc-free cycle): ");
+ }
- mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
+ mbedtls_memory_buffer_alloc_init(buf, sizeof(buf));
- p = mbedtls_calloc( 1, 1 );
- q = mbedtls_calloc( 1, 128 );
- r = mbedtls_calloc( 1, 16 );
+ p = mbedtls_calloc(1, 1);
+ q = mbedtls_calloc(1, 128);
+ r = mbedtls_calloc(1, 16);
- TEST_ASSERT( check_pointer( p ) == 0 &&
- check_pointer( q ) == 0 &&
- check_pointer( r ) == 0 );
+ TEST_ASSERT(check_pointer(p) == 0 &&
+ check_pointer(q) == 0 &&
+ check_pointer(r) == 0);
- mbedtls_free( r );
- mbedtls_free( q );
- mbedtls_free( p );
+ mbedtls_free(r);
+ mbedtls_free(q);
+ mbedtls_free(p);
- TEST_ASSERT( check_all_free( ) == 0 );
+ TEST_ASSERT(check_all_free() == 0);
/* Memorize end to compare with the next test */
end = heap.buf + heap.len;
- mbedtls_memory_buffer_alloc_free( );
+ mbedtls_memory_buffer_alloc_free();
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
- if( verbose != 0 )
- mbedtls_printf( " MBA test #2 (buf not aligned): " );
+ if (verbose != 0) {
+ mbedtls_printf(" MBA test #2 (buf not aligned): ");
+ }
- mbedtls_memory_buffer_alloc_init( buf + 1, sizeof( buf ) - 1 );
+ mbedtls_memory_buffer_alloc_init(buf + 1, sizeof(buf) - 1);
- TEST_ASSERT( heap.buf + heap.len == end );
+ TEST_ASSERT(heap.buf + heap.len == end);
- p = mbedtls_calloc( 1, 1 );
- q = mbedtls_calloc( 1, 128 );
- r = mbedtls_calloc( 1, 16 );
+ p = mbedtls_calloc(1, 1);
+ q = mbedtls_calloc(1, 128);
+ r = mbedtls_calloc(1, 16);
- TEST_ASSERT( check_pointer( p ) == 0 &&
- check_pointer( q ) == 0 &&
- check_pointer( r ) == 0 );
+ TEST_ASSERT(check_pointer(p) == 0 &&
+ check_pointer(q) == 0 &&
+ check_pointer(r) == 0);
- mbedtls_free( r );
- mbedtls_free( q );
- mbedtls_free( p );
+ mbedtls_free(r);
+ mbedtls_free(q);
+ mbedtls_free(p);
- TEST_ASSERT( check_all_free( ) == 0 );
+ TEST_ASSERT(check_all_free() == 0);
- mbedtls_memory_buffer_alloc_free( );
+ mbedtls_memory_buffer_alloc_free();
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
- if( verbose != 0 )
- mbedtls_printf( " MBA test #3 (full): " );
+ if (verbose != 0) {
+ mbedtls_printf(" MBA test #3 (full): ");
+ }
- mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
+ mbedtls_memory_buffer_alloc_init(buf, sizeof(buf));
- p = mbedtls_calloc( 1, sizeof( buf ) - sizeof( memory_header ) );
+ p = mbedtls_calloc(1, sizeof(buf) - sizeof(memory_header));
- TEST_ASSERT( check_pointer( p ) == 0 );
- TEST_ASSERT( mbedtls_calloc( 1, 1 ) == NULL );
+ TEST_ASSERT(check_pointer(p) == 0);
+ TEST_ASSERT(mbedtls_calloc(1, 1) == NULL);
- mbedtls_free( p );
+ mbedtls_free(p);
- p = mbedtls_calloc( 1, sizeof( buf ) - 2 * sizeof( memory_header ) - 16 );
- q = mbedtls_calloc( 1, 16 );
+ p = mbedtls_calloc(1, sizeof(buf) - 2 * sizeof(memory_header) - 16);
+ q = mbedtls_calloc(1, 16);
- TEST_ASSERT( check_pointer( p ) == 0 && check_pointer( q ) == 0 );
- TEST_ASSERT( mbedtls_calloc( 1, 1 ) == NULL );
+ TEST_ASSERT(check_pointer(p) == 0 && check_pointer(q) == 0);
+ TEST_ASSERT(mbedtls_calloc(1, 1) == NULL);
- mbedtls_free( q );
+ mbedtls_free(q);
- TEST_ASSERT( mbedtls_calloc( 1, 17 ) == NULL );
+ TEST_ASSERT(mbedtls_calloc(1, 17) == NULL);
- mbedtls_free( p );
+ mbedtls_free(p);
- TEST_ASSERT( check_all_free( ) == 0 );
+ TEST_ASSERT(check_all_free() == 0);
- mbedtls_memory_buffer_alloc_free( );
+ mbedtls_memory_buffer_alloc_free();
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
cleanup:
- mbedtls_memory_buffer_alloc_free( );
+ mbedtls_memory_buffer_alloc_free();
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/mps_common.h b/library/mps_common.h
index 668876c..4a10176 100644
--- a/library/mps_common.h
+++ b/library/mps_common.h
@@ -99,41 +99,41 @@
#if defined(MBEDTLS_MPS_STATE_VALIDATION)
-#define MBEDTLS_MPS_STATE_VALIDATE_RAW( cond, string ) \
+#define MBEDTLS_MPS_STATE_VALIDATE_RAW(cond, string) \
do \
{ \
- if( !(cond) ) \
+ if (!(cond)) \
{ \
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR, string ); \
- MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED ); \
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, string); \
+ MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED); \
} \
- } while( 0 )
+ } while (0)
#else /* MBEDTLS_MPS_STATE_VALIDATION */
-#define MBEDTLS_MPS_STATE_VALIDATE_RAW( cond, string ) \
+#define MBEDTLS_MPS_STATE_VALIDATE_RAW(cond, string) \
do \
{ \
- ( cond ); \
- } while( 0 )
+ (cond); \
+ } while (0)
#endif /* MBEDTLS_MPS_STATE_VALIDATION */
#if defined(MBEDTLS_MPS_ENABLE_ASSERTIONS)
-#define MBEDTLS_MPS_ASSERT_RAW( cond, string ) \
+#define MBEDTLS_MPS_ASSERT_RAW(cond, string) \
do \
{ \
- if( !(cond) ) \
+ if (!(cond)) \
{ \
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR, string ); \
- MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_INTERNAL_ERROR ); \
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, string); \
+ MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_INTERNAL_ERROR); \
} \
- } while( 0 )
+ } while (0)
#else /* MBEDTLS_MPS_ENABLE_ASSERTIONS */
-#define MBEDTLS_MPS_ASSERT_RAW( cond, string ) do {} while( 0 )
+#define MBEDTLS_MPS_ASSERT_RAW(cond, string) do {} while (0)
#endif /* MBEDTLS_MPS_ENABLE_ASSERTIONS */
@@ -169,7 +169,7 @@
*
*/
typedef size_t mbedtls_mps_stored_size_t;
-#define MBEDTLS_MPS_STORED_SIZE_MAX ( (mbedtls_mps_stored_size_t) -1 )
+#define MBEDTLS_MPS_STORED_SIZE_MAX ((mbedtls_mps_stored_size_t) -1)
/** \brief The type of buffer sizes and offsets used in the MPS API
* and implementation.
@@ -183,7 +183,7 @@
* so almost 10%.
*/
typedef size_t mbedtls_mps_size_t;
-#define MBEDTLS_MPS_SIZE_MAX ( (mbedtls_mps_size_t) -1 )
+#define MBEDTLS_MPS_SIZE_MAX ((mbedtls_mps_size_t) -1)
#if MBEDTLS_MPS_STORED_SIZE_MAX > MBEDTLS_MPS_SIZE_MAX
#error "Misconfiguration of mbedtls_mps_size_t and mbedtls_mps_stored_size_t."
diff --git a/library/mps_error.h b/library/mps_error.h
index f78d9a0..15570d2 100644
--- a/library/mps_error.h
+++ b/library/mps_error.h
@@ -45,14 +45,14 @@
*/
#ifndef MBEDTLS_MPS_ERR_BASE
-#define MBEDTLS_MPS_ERR_BASE ( 0 )
+#define MBEDTLS_MPS_ERR_BASE (0)
#endif
#define MBEDTLS_MPS_MAKE_ERROR(code) \
- ( -( MBEDTLS_MPS_ERR_BASE | (code) ) )
+ (-(MBEDTLS_MPS_ERR_BASE | (code)))
-#define MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED MBEDTLS_MPS_MAKE_ERROR( 0x1 )
-#define MBEDTLS_ERR_MPS_INTERNAL_ERROR MBEDTLS_MPS_MAKE_ERROR( 0x2 )
+#define MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED MBEDTLS_MPS_MAKE_ERROR(0x1)
+#define MBEDTLS_ERR_MPS_INTERNAL_ERROR MBEDTLS_MPS_MAKE_ERROR(0x2)
/* \} name SECTION: MPS general error codes */
@@ -63,40 +63,40 @@
*/
#ifndef MBEDTLS_MPS_READER_ERR_BASE
-#define MBEDTLS_MPS_READER_ERR_BASE ( 1 << 8 )
+#define MBEDTLS_MPS_READER_ERR_BASE (1 << 8)
#endif
#define MBEDTLS_MPS_READER_MAKE_ERROR(code) \
- ( -( MBEDTLS_MPS_READER_ERR_BASE | (code) ) )
+ (-(MBEDTLS_MPS_READER_ERR_BASE | (code)))
/*! An attempt to reclaim the data buffer from a reader failed because
* the user hasn't yet read and committed all of it. */
-#define MBEDTLS_ERR_MPS_READER_DATA_LEFT MBEDTLS_MPS_READER_MAKE_ERROR( 0x1 )
+#define MBEDTLS_ERR_MPS_READER_DATA_LEFT MBEDTLS_MPS_READER_MAKE_ERROR(0x1)
/*! An invalid argument was passed to the reader. */
-#define MBEDTLS_ERR_MPS_READER_INVALID_ARG MBEDTLS_MPS_READER_MAKE_ERROR( 0x2 )
+#define MBEDTLS_ERR_MPS_READER_INVALID_ARG MBEDTLS_MPS_READER_MAKE_ERROR(0x2)
/*! An attempt to move a reader to consuming mode through mbedtls_mps_reader_feed()
* after pausing failed because the provided data is not sufficient to serve the
* read requests that led to the pausing. */
-#define MBEDTLS_ERR_MPS_READER_NEED_MORE MBEDTLS_MPS_READER_MAKE_ERROR( 0x3 )
+#define MBEDTLS_ERR_MPS_READER_NEED_MORE MBEDTLS_MPS_READER_MAKE_ERROR(0x3)
/*! A get request failed because not enough data is available in the reader. */
-#define MBEDTLS_ERR_MPS_READER_OUT_OF_DATA MBEDTLS_MPS_READER_MAKE_ERROR( 0x4 )
+#define MBEDTLS_ERR_MPS_READER_OUT_OF_DATA MBEDTLS_MPS_READER_MAKE_ERROR(0x4)
/*!< A get request after pausing and reactivating the reader failed because
* the request is not in line with the request made prior to pausing. The user
* must not change it's 'strategy' after pausing and reactivating a reader. */
-#define MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS MBEDTLS_MPS_READER_MAKE_ERROR( 0x5 )
+#define MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS MBEDTLS_MPS_READER_MAKE_ERROR(0x5)
/*! An attempt to reclaim the data buffer from a reader failed because the reader
* has no accumulator it can use to backup the data that hasn't been processed. */
-#define MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR MBEDTLS_MPS_READER_MAKE_ERROR( 0x6 )
+#define MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR MBEDTLS_MPS_READER_MAKE_ERROR(0x6)
/*! An attempt to reclaim the data buffer from a reader failed because the
* accumulator passed to the reader is not large enough to hold both the
* data that hasn't been processed and the excess of the last read-request. */
-#define MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL MBEDTLS_MPS_READER_MAKE_ERROR( 0x7 )
+#define MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL MBEDTLS_MPS_READER_MAKE_ERROR(0x7)
/* \} name SECTION: MPS Reader error codes */
diff --git a/library/mps_reader.c b/library/mps_reader.c
index 0c30a75..75c563a 100644
--- a/library/mps_reader.c
+++ b/library/mps_reader.c
@@ -67,54 +67,56 @@
*/
static inline int mps_reader_is_accumulating(
- mbedtls_mps_reader const *rd )
+ mbedtls_mps_reader const *rd)
{
mbedtls_mps_size_t acc_remaining;
- if( rd->acc == NULL )
- return( 0 );
+ if (rd->acc == NULL) {
+ return 0;
+ }
acc_remaining = rd->acc_share.acc_remaining;
- return( acc_remaining > 0 );
+ return acc_remaining > 0;
}
static inline int mps_reader_is_producing(
- mbedtls_mps_reader const *rd )
+ mbedtls_mps_reader const *rd)
{
unsigned char *frag = rd->frag;
- return( frag == NULL );
+ return frag == NULL;
}
static inline int mps_reader_is_consuming(
- mbedtls_mps_reader const *rd )
+ mbedtls_mps_reader const *rd)
{
- return( !mps_reader_is_producing( rd ) );
+ return !mps_reader_is_producing(rd);
}
static inline mbedtls_mps_size_t mps_reader_get_fragment_offset(
- mbedtls_mps_reader const *rd )
+ mbedtls_mps_reader const *rd)
{
unsigned char *acc = rd->acc;
mbedtls_mps_size_t frag_offset;
- if( acc == NULL )
- return( 0 );
+ if (acc == NULL) {
+ return 0;
+ }
frag_offset = rd->acc_share.frag_offset;
- return( frag_offset );
+ return frag_offset;
}
static inline mbedtls_mps_size_t mps_reader_serving_from_accumulator(
- mbedtls_mps_reader const *rd )
+ mbedtls_mps_reader const *rd)
{
mbedtls_mps_size_t frag_offset, end;
- frag_offset = mps_reader_get_fragment_offset( rd );
+ frag_offset = mps_reader_get_fragment_offset(rd);
end = rd->end;
- return( end < frag_offset );
+ return end < frag_offset;
}
-static inline void mps_reader_zero( mbedtls_mps_reader *rd )
+static inline void mps_reader_zero(mbedtls_mps_reader *rd)
{
/* A plain memset() would likely be more efficient,
* but the current way of zeroing makes it harder
@@ -123,56 +125,56 @@
* doesn't require reasoning about structs being
* interpreted as unstructured binary blobs. */
static mbedtls_mps_reader const zero =
- { .frag = NULL,
- .frag_len = 0,
- .commit = 0,
- .end = 0,
- .pending = 0,
- .acc = NULL,
- .acc_len = 0,
- .acc_available = 0,
- .acc_share = { .acc_remaining = 0 }
- };
+ { .frag = NULL,
+ .frag_len = 0,
+ .commit = 0,
+ .end = 0,
+ .pending = 0,
+ .acc = NULL,
+ .acc_len = 0,
+ .acc_available = 0,
+ .acc_share = { .acc_remaining = 0 } };
*rd = zero;
}
-int mbedtls_mps_reader_init( mbedtls_mps_reader *rd,
- unsigned char *acc,
- mbedtls_mps_size_t acc_len )
+int mbedtls_mps_reader_init(mbedtls_mps_reader *rd,
+ unsigned char *acc,
+ mbedtls_mps_size_t acc_len)
{
- MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_init" );
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
- "* Accumulator size: %u bytes", (unsigned) acc_len );
- mps_reader_zero( rd );
+ MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_init");
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+ "* Accumulator size: %u bytes", (unsigned) acc_len);
+ mps_reader_zero(rd);
rd->acc = acc;
rd->acc_len = acc_len;
- MBEDTLS_MPS_TRACE_RETURN( 0 );
+ MBEDTLS_MPS_TRACE_RETURN(0);
}
-int mbedtls_mps_reader_free( mbedtls_mps_reader *rd )
+int mbedtls_mps_reader_free(mbedtls_mps_reader *rd)
{
- MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_free" );
- mps_reader_zero( rd );
- MBEDTLS_MPS_TRACE_RETURN( 0 );
+ MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_free");
+ mps_reader_zero(rd);
+ MBEDTLS_MPS_TRACE_RETURN(0);
}
-int mbedtls_mps_reader_feed( mbedtls_mps_reader *rd,
- unsigned char *new_frag,
- mbedtls_mps_size_t new_frag_len )
+int mbedtls_mps_reader_feed(mbedtls_mps_reader *rd,
+ unsigned char *new_frag,
+ mbedtls_mps_size_t new_frag_len)
{
mbedtls_mps_size_t copy_to_acc;
- MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_feed" );
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
- "* Fragment length: %u bytes", (unsigned) new_frag_len );
+ MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_feed");
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+ "* Fragment length: %u bytes", (unsigned) new_frag_len);
- if( new_frag == NULL )
- MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_READER_INVALID_ARG );
+ if (new_frag == NULL) {
+ MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_INVALID_ARG);
+ }
- MBEDTLS_MPS_STATE_VALIDATE_RAW( mps_reader_is_producing( rd ),
- "mbedtls_mps_reader_feed() requires reader to be in producing mode" );
+ MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_producing(
+ rd),
+ "mbedtls_mps_reader_feed() requires reader to be in producing mode");
- if( mps_reader_is_accumulating( rd ) )
- {
+ if (mps_reader_is_accumulating(rd)) {
unsigned char *acc = rd->acc;
mbedtls_mps_size_t acc_remaining = rd->acc_share.acc_remaining;
mbedtls_mps_size_t acc_available = rd->acc_available;
@@ -181,39 +183,38 @@
acc += acc_available;
copy_to_acc = acc_remaining;
- if( copy_to_acc > new_frag_len )
+ if (copy_to_acc > new_frag_len) {
copy_to_acc = new_frag_len;
+ }
/* Copy new contents to accumulator. */
- memcpy( acc, new_frag, copy_to_acc );
+ memcpy(acc, new_frag, copy_to_acc);
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
- "Copy new data of size %u of %u into accumulator at offset %u",
- (unsigned) copy_to_acc, (unsigned) new_frag_len, (unsigned) acc_available );
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+ "Copy new data of size %u of %u into accumulator at offset %u",
+ (unsigned) copy_to_acc, (unsigned) new_frag_len,
+ (unsigned) acc_available);
/* Check if, with the new fragment, we have enough data. */
acc_remaining -= copy_to_acc;
- if( acc_remaining > 0 )
- {
+ if (acc_remaining > 0) {
/* We need to accumulate more data. Stay in producing mode. */
acc_available += copy_to_acc;
rd->acc_share.acc_remaining = acc_remaining;
rd->acc_available = acc_available;
- MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_READER_NEED_MORE );
+ MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_NEED_MORE);
}
/* We have filled the accumulator: Move to consuming mode. */
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
- "Enough data available to serve user request" );
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+ "Enough data available to serve user request");
/* Remember overlap of accumulator and fragment. */
rd->acc_share.frag_offset = acc_available;
acc_available += copy_to_acc;
rd->acc_available = acc_available;
- }
- else /* Not accumulating */
- {
+ } else { /* Not accumulating */
rd->acc_share.frag_offset = 0;
}
@@ -221,30 +222,30 @@
rd->frag_len = new_frag_len;
rd->commit = 0;
rd->end = 0;
- MBEDTLS_MPS_TRACE_RETURN( 0 );
+ MBEDTLS_MPS_TRACE_RETURN(0);
}
-int mbedtls_mps_reader_get( mbedtls_mps_reader *rd,
- mbedtls_mps_size_t desired,
- unsigned char **buffer,
- mbedtls_mps_size_t *buflen )
+int mbedtls_mps_reader_get(mbedtls_mps_reader *rd,
+ mbedtls_mps_size_t desired,
+ unsigned char **buffer,
+ mbedtls_mps_size_t *buflen)
{
unsigned char *frag;
mbedtls_mps_size_t frag_len, frag_offset, end, frag_fetched, frag_remaining;
- MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_get" );
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
- "* Bytes requested: %u", (unsigned) desired );
+ MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_get");
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+ "* Bytes requested: %u", (unsigned) desired);
- MBEDTLS_MPS_STATE_VALIDATE_RAW( mps_reader_is_consuming( rd ),
- "mbedtls_mps_reader_get() requires reader to be in consuming mode" );
+ MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_consuming(
+ rd),
+ "mbedtls_mps_reader_get() requires reader to be in consuming mode");
end = rd->end;
- frag_offset = mps_reader_get_fragment_offset( rd );
+ frag_offset = mps_reader_get_fragment_offset(rd);
/* Check if we're still serving from the accumulator. */
- if( mps_reader_serving_from_accumulator( rd ) )
- {
+ if (mps_reader_serving_from_accumulator(rd)) {
/* Illustration of supported and unsupported cases:
*
* - Allowed #1
@@ -310,14 +311,12 @@
unsigned char *acc;
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
- "Serve the request from the accumulator" );
- if( frag_offset - end < desired )
- {
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+ "Serve the request from the accumulator");
+ if (frag_offset - end < desired) {
mbedtls_mps_size_t acc_available;
acc_available = rd->acc_available;
- if( acc_available - end != desired )
- {
+ if (acc_available - end != desired) {
/* It might be possible to serve some of these situations by
* making additional space in the accumulator, removing those
* parts that have already been committed.
@@ -329,7 +328,7 @@
* the library, this check is a good opportunity to
* validate this. */
MBEDTLS_MPS_TRACE_RETURN(
- MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS );
+ MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS);
}
}
@@ -337,19 +336,20 @@
acc += end;
*buffer = acc;
- if( buflen != NULL )
+ if (buflen != NULL) {
*buflen = desired;
+ }
end += desired;
rd->end = end;
rd->pending = 0;
- MBEDTLS_MPS_TRACE_RETURN( 0 );
+ MBEDTLS_MPS_TRACE_RETURN(0);
}
/* Attempt to serve the request from the current fragment */
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
- "Serve the request from the current fragment." );
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+ "Serve the request from the current fragment.");
frag_len = rd->frag_len;
frag_fetched = end - frag_offset; /* The amount of data from the current
@@ -358,23 +358,20 @@
frag_remaining = frag_len - frag_fetched; /* Remaining data in fragment */
/* Check if we can serve the read request from the fragment. */
- if( frag_remaining < desired )
- {
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
- "There's not enough data in the current fragment "
- "to serve the request." );
+ if (frag_remaining < desired) {
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+ "There's not enough data in the current fragment "
+ "to serve the request.");
/* There's not enough data in the current fragment,
* so either just RETURN what we have or fail. */
- if( buflen == NULL )
- {
- if( frag_remaining > 0 )
- {
+ if (buflen == NULL) {
+ if (frag_remaining > 0) {
rd->pending = desired - frag_remaining;
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
- "Remember to collect %u bytes before re-opening",
- (unsigned) rd->pending );
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+ "Remember to collect %u bytes before re-opening",
+ (unsigned) rd->pending);
}
- MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_READER_OUT_OF_DATA );
+ MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
}
desired = frag_remaining;
@@ -387,41 +384,45 @@
frag += frag_fetched;
*buffer = frag;
- if( buflen != NULL )
+ if (buflen != NULL) {
*buflen = desired;
+ }
end += desired;
rd->end = end;
rd->pending = 0;
- MBEDTLS_MPS_TRACE_RETURN( 0 );
+ MBEDTLS_MPS_TRACE_RETURN(0);
}
-int mbedtls_mps_reader_commit( mbedtls_mps_reader *rd )
+int mbedtls_mps_reader_commit(mbedtls_mps_reader *rd)
{
mbedtls_mps_size_t end;
- MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_commit" );
- MBEDTLS_MPS_STATE_VALIDATE_RAW( mps_reader_is_consuming( rd ),
- "mbedtls_mps_reader_commit() requires reader to be in consuming mode" );
+ MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_commit");
+ MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_consuming(
+ rd),
+ "mbedtls_mps_reader_commit() requires reader to be in consuming mode");
end = rd->end;
rd->commit = end;
- MBEDTLS_MPS_TRACE_RETURN( 0 );
+ MBEDTLS_MPS_TRACE_RETURN(0);
}
-int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *rd,
- int *paused )
+int mbedtls_mps_reader_reclaim(mbedtls_mps_reader *rd,
+ int *paused)
{
unsigned char *frag, *acc;
mbedtls_mps_size_t pending, commit;
mbedtls_mps_size_t acc_len, frag_offset, frag_len;
- MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_reclaim" );
+ MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_reclaim");
- if( paused != NULL )
+ if (paused != NULL) {
*paused = 0;
+ }
- MBEDTLS_MPS_STATE_VALIDATE_RAW( mps_reader_is_consuming( rd ),
- "mbedtls_mps_reader_reclaim() requires reader to be in consuming mode" );
+ MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_consuming(
+ rd),
+ "mbedtls_mps_reader_reclaim() requires reader to be in consuming mode");
frag = rd->frag;
acc = rd->acc;
@@ -429,30 +430,26 @@
commit = rd->commit;
frag_len = rd->frag_len;
- frag_offset = mps_reader_get_fragment_offset( rd );
+ frag_offset = mps_reader_get_fragment_offset(rd);
- if( pending == 0 )
- {
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
- "No unsatisfied read-request has been logged." );
+ if (pending == 0) {
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+ "No unsatisfied read-request has been logged.");
/* Check if there's data left to be consumed. */
- if( commit < frag_offset || commit - frag_offset < frag_len )
- {
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
- "There is data left to be consumed." );
+ if (commit < frag_offset || commit - frag_offset < frag_len) {
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+ "There is data left to be consumed.");
rd->end = commit;
- MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_READER_DATA_LEFT );
+ MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_DATA_LEFT);
}
rd->acc_available = 0;
rd->acc_share.acc_remaining = 0;
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
- "Fragment has been fully processed and committed." );
- }
- else
- {
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+ "Fragment has been fully processed and committed.");
+ } else {
int overflow;
mbedtls_mps_size_t acc_backup_offset;
@@ -463,31 +460,27 @@
mbedtls_mps_size_t backup_len;
mbedtls_mps_size_t acc_len_needed;
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
- "There has been an unsatisfied read with %u bytes overhead.",
- (unsigned) pending );
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+ "There has been an unsatisfied read with %u bytes overhead.",
+ (unsigned) pending);
- if( acc == NULL )
- {
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
- "No accumulator present" );
+ if (acc == NULL) {
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+ "No accumulator present");
MBEDTLS_MPS_TRACE_RETURN(
- MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR );
+ MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR);
}
acc_len = rd->acc_len;
/* Check if the upper layer has already fetched
* and committed the contents of the accumulator. */
- if( commit < frag_offset )
- {
+ if (commit < frag_offset) {
/* No, accumulator is still being processed. */
frag_backup_offset = 0;
frag_backup_len = frag_len;
acc_backup_offset = commit;
acc_backup_len = frag_offset - commit;
- }
- else
- {
+ } else {
/* Yes, the accumulator is already processed. */
frag_backup_offset = commit - frag_offset;
frag_backup_len = frag_len - frag_backup_offset;
@@ -499,47 +492,47 @@
acc_len_needed = backup_len + pending;
overflow = 0;
- overflow |= ( backup_len < acc_backup_len );
- overflow |= ( acc_len_needed < backup_len );
+ overflow |= (backup_len < acc_backup_len);
+ overflow |= (acc_len_needed < backup_len);
- if( overflow || acc_len < acc_len_needed )
- {
+ if (overflow || acc_len < acc_len_needed) {
/* Except for the different return code, we behave as if
* there hadn't been a call to mbedtls_mps_reader_get()
* since the last commit. */
rd->end = commit;
rd->pending = 0;
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR,
- "The accumulator is too small to handle the backup." );
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR,
- "* Size: %u", (unsigned) acc_len );
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR,
- "* Needed: %u (%u + %u)",
- (unsigned) acc_len_needed,
- (unsigned) backup_len, (unsigned) pending );
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR,
+ "The accumulator is too small to handle the backup.");
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR,
+ "* Size: %u", (unsigned) acc_len);
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR,
+ "* Needed: %u (%u + %u)",
+ (unsigned) acc_len_needed,
+ (unsigned) backup_len, (unsigned) pending);
MBEDTLS_MPS_TRACE_RETURN(
- MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL );
+ MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL);
}
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
- "Fragment backup: %u", (unsigned) frag_backup_len );
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
- "Accumulator backup: %u", (unsigned) acc_backup_len );
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+ "Fragment backup: %u", (unsigned) frag_backup_len);
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+ "Accumulator backup: %u", (unsigned) acc_backup_len);
/* Move uncommitted parts from the accumulator to the front
* of the accumulator. */
- memmove( acc, acc + acc_backup_offset, acc_backup_len );
+ memmove(acc, acc + acc_backup_offset, acc_backup_len);
/* Copy uncommitted parts of the current fragment to the
* accumulator. */
- memcpy( acc + acc_backup_len,
- frag + frag_backup_offset, frag_backup_len );
+ memcpy(acc + acc_backup_len,
+ frag + frag_backup_offset, frag_backup_len);
rd->acc_available = backup_len;
rd->acc_share.acc_remaining = pending;
- if( paused != NULL )
+ if (paused != NULL) {
*paused = 1;
+ }
}
rd->frag = NULL;
@@ -549,11 +542,11 @@
rd->end = 0;
rd->pending = 0;
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
- "Final state: aa %u, al %u, ar %u",
- (unsigned) rd->acc_available, (unsigned) rd->acc_len,
- (unsigned) rd->acc_share.acc_remaining );
- MBEDTLS_MPS_TRACE_RETURN( 0 );
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+ "Final state: aa %u, al %u, ar %u",
+ (unsigned) rd->acc_available, (unsigned) rd->acc_len,
+ (unsigned) rd->acc_share.acc_remaining);
+ MBEDTLS_MPS_TRACE_RETURN(0);
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/mps_reader.h b/library/mps_reader.h
index 427c1bd..bff6705 100644
--- a/library/mps_reader.h
+++ b/library/mps_reader.h
@@ -134,8 +134,7 @@
* Structure definitions
*/
-struct mbedtls_mps_reader
-{
+struct mbedtls_mps_reader {
unsigned char *frag; /*!< The fragment of incoming data managed by
* the reader; it is provided to the reader
* through mbedtls_mps_reader_feed(). The reader
@@ -146,46 +145,46 @@
* The reader is in consuming mode if
* and only if \c frag is not \c NULL. */
mbedtls_mps_stored_size_t frag_len;
- /*!< The length of the current fragment.
- * Must be 0 if \c frag == \c NULL. */
+ /*!< The length of the current fragment.
+ * Must be 0 if \c frag == \c NULL. */
mbedtls_mps_stored_size_t commit;
- /*!< The offset of the last commit, relative
- * to the first byte in the fragment, if
- * no accumulator is present. If an accumulator
- * is present, it is viewed as a prefix to the
- * current fragment, and this variable contains
- * an offset from the beginning of the accumulator.
- *
- * This is only used when the reader is in
- * consuming mode, i.e. \c frag != \c NULL;
- * otherwise, its value is \c 0. */
+ /*!< The offset of the last commit, relative
+ * to the first byte in the fragment, if
+ * no accumulator is present. If an accumulator
+ * is present, it is viewed as a prefix to the
+ * current fragment, and this variable contains
+ * an offset from the beginning of the accumulator.
+ *
+ * This is only used when the reader is in
+ * consuming mode, i.e. \c frag != \c NULL;
+ * otherwise, its value is \c 0. */
mbedtls_mps_stored_size_t end;
- /*!< The offset of the end of the last chunk
- * passed to the user through a call to
- * mbedtls_mps_reader_get(), relative to the first
- * byte in the fragment, if no accumulator is
- * present. If an accumulator is present, it is
- * viewed as a prefix to the current fragment, and
- * this variable contains an offset from the
- * beginning of the accumulator.
- *
- * This is only used when the reader is in
- * consuming mode, i.e. \c frag != \c NULL;
- * otherwise, its value is \c 0. */
+ /*!< The offset of the end of the last chunk
+ * passed to the user through a call to
+ * mbedtls_mps_reader_get(), relative to the first
+ * byte in the fragment, if no accumulator is
+ * present. If an accumulator is present, it is
+ * viewed as a prefix to the current fragment, and
+ * this variable contains an offset from the
+ * beginning of the accumulator.
+ *
+ * This is only used when the reader is in
+ * consuming mode, i.e. \c frag != \c NULL;
+ * otherwise, its value is \c 0. */
mbedtls_mps_stored_size_t pending;
- /*!< The amount of incoming data missing on the
- * last call to mbedtls_mps_reader_get().
- * In particular, it is \c 0 if the last call
- * was successful.
- * If a reader is reclaimed after an
- * unsuccessful call to mbedtls_mps_reader_get(),
- * this variable is used to have the reader
- * remember how much data should be accumulated
- * so that the call to mbedtls_mps_reader_get()
- * succeeds next time.
- * This is only used when the reader is in
- * consuming mode, i.e. \c frag != \c NULL;
- * otherwise, its value is \c 0. */
+ /*!< The amount of incoming data missing on the
+ * last call to mbedtls_mps_reader_get().
+ * In particular, it is \c 0 if the last call
+ * was successful.
+ * If a reader is reclaimed after an
+ * unsuccessful call to mbedtls_mps_reader_get(),
+ * this variable is used to have the reader
+ * remember how much data should be accumulated
+ * so that the call to mbedtls_mps_reader_get()
+ * succeeds next time.
+ * This is only used when the reader is in
+ * consuming mode, i.e. \c frag != \c NULL;
+ * otherwise, its value is \c 0. */
/* The accumulator is only needed if we need to be able to pause
* the reader. A few bytes could be saved by moving this to a
@@ -195,32 +194,31 @@
* data if a read-request via mbedtls_mps_reader_get()
* cannot be served from the current fragment. */
mbedtls_mps_stored_size_t acc_len;
- /*!< The total size of the accumulator. */
+ /*!< The total size of the accumulator. */
mbedtls_mps_stored_size_t acc_available;
- /*!< The number of bytes currently gathered in
- * the accumulator. This is both used in
- * producing and in consuming mode:
- * While producing, it is increased until
- * it reaches the value of \c acc_remaining below.
- * While consuming, it is used to judge if a
- * get request can be served from the
- * accumulator or not.
- * Must not be larger than \c acc_len. */
- union
- {
+ /*!< The number of bytes currently gathered in
+ * the accumulator. This is both used in
+ * producing and in consuming mode:
+ * While producing, it is increased until
+ * it reaches the value of \c acc_remaining below.
+ * While consuming, it is used to judge if a
+ * get request can be served from the
+ * accumulator or not.
+ * Must not be larger than \c acc_len. */
+ union {
mbedtls_mps_stored_size_t acc_remaining;
- /*!< This indicates the amount of data still
- * to be gathered in the accumulator. It is
- * only used in producing mode.
- * Must be at most acc_len - acc_available. */
+ /*!< This indicates the amount of data still
+ * to be gathered in the accumulator. It is
+ * only used in producing mode.
+ * Must be at most acc_len - acc_available. */
mbedtls_mps_stored_size_t frag_offset;
- /*!< If an accumulator is present and in use, this
- * field indicates the offset of the current
- * fragment from the beginning of the
- * accumulator. If no accumulator is present
- * or the accumulator is not in use, this is \c 0.
- * It is only used in consuming mode.
- * Must not be larger than \c acc_available. */
+ /*!< If an accumulator is present and in use, this
+ * field indicates the offset of the current
+ * fragment from the beginning of the
+ * accumulator. If no accumulator is present
+ * or the accumulator is not in use, this is \c 0.
+ * It is only used in consuming mode.
+ * Must not be larger than \c acc_available. */
} acc_share;
};
@@ -254,9 +252,9 @@
* \return \c 0 on success.
* \return A negative \c MBEDTLS_ERR_READER_XXX error code on failure.
*/
-int mbedtls_mps_reader_init( mbedtls_mps_reader *reader,
- unsigned char *acc,
- mbedtls_mps_size_t acc_len );
+int mbedtls_mps_reader_init(mbedtls_mps_reader *reader,
+ unsigned char *acc,
+ mbedtls_mps_size_t acc_len);
/**
* \brief Free a reader object
@@ -266,7 +264,7 @@
* \return \c 0 on success.
* \return A negative \c MBEDTLS_ERR_READER_XXX error code on failure.
*/
-int mbedtls_mps_reader_free( mbedtls_mps_reader *reader );
+int mbedtls_mps_reader_free(mbedtls_mps_reader *reader);
/**
* \brief Pass chunk of data for the reader to manage.
@@ -291,9 +289,9 @@
* \return Another negative \c MBEDTLS_ERR_READER_XXX error code on
* different kinds of failures.
*/
-int mbedtls_mps_reader_feed( mbedtls_mps_reader *reader,
- unsigned char *buf,
- mbedtls_mps_size_t buflen );
+int mbedtls_mps_reader_feed(mbedtls_mps_reader *reader,
+ unsigned char *buf,
+ mbedtls_mps_size_t buflen);
/**
* \brief Reclaim reader's access to the current input buffer.
@@ -310,8 +308,8 @@
* \return \c 0 on success.
* \return A negative \c MBEDTLS_ERR_READER_XXX error code on failure.
*/
-int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *reader,
- int *paused );
+int mbedtls_mps_reader_reclaim(mbedtls_mps_reader *reader,
+ int *paused);
/*
* Usage API (Upper layer)
@@ -353,10 +351,10 @@
* address as buflen and checking \c *buflen == \c desired
* afterwards.
*/
-int mbedtls_mps_reader_get( mbedtls_mps_reader *reader,
- mbedtls_mps_size_t desired,
- unsigned char **buffer,
- mbedtls_mps_size_t *buflen );
+int mbedtls_mps_reader_get(mbedtls_mps_reader *reader,
+ mbedtls_mps_size_t desired,
+ unsigned char **buffer,
+ mbedtls_mps_size_t *buflen);
/**
* \brief Mark data obtained from mbedtls_mps_reader_get() as processed.
@@ -377,6 +375,6 @@
* \return A negative \c MBEDTLS_ERR_READER_XXX error code on failure.
*
*/
-int mbedtls_mps_reader_commit( mbedtls_mps_reader *reader );
+int mbedtls_mps_reader_commit(mbedtls_mps_reader *reader);
#endif /* MBEDTLS_READER_H */
diff --git a/library/mps_trace.c b/library/mps_trace.c
index 6026a07..ccd944f 100644
--- a/library/mps_trace.c
+++ b/library/mps_trace.c
@@ -41,7 +41,7 @@
#define color_cyan "\x1B[1;36m"
#define color_white "\x1B[1;37m"
-static char const * colors[] =
+static char const *colors[] =
{
color_default,
color_green,
@@ -54,19 +54,18 @@
#define MPS_TRACE_BUF_SIZE 100
-void mbedtls_mps_trace_print_msg( int id, int line, const char *format, ... )
+void mbedtls_mps_trace_print_msg(int id, int line, const char *format, ...)
{
int ret;
char str[MPS_TRACE_BUF_SIZE];
va_list argp;
- va_start( argp, format );
- ret = mbedtls_vsnprintf( str, MPS_TRACE_BUF_SIZE, format, argp );
- va_end( argp );
+ va_start(argp, format);
+ ret = mbedtls_vsnprintf(str, MPS_TRACE_BUF_SIZE, format, argp);
+ va_end(argp);
- if( ret >= 0 && ret < MPS_TRACE_BUF_SIZE )
- {
+ if (ret >= 0 && ret < MPS_TRACE_BUF_SIZE) {
str[ret] = '\0';
- mbedtls_printf( "[%d|L%d]: %s\n", id, line, str );
+ mbedtls_printf("[%d|L%d]: %s\n", id, line, str);
}
}
@@ -83,39 +82,39 @@
trace_depth++;
}
-void mbedtls_mps_trace_color( int id )
+void mbedtls_mps_trace_color(int id)
{
- if( id > (int) ( sizeof( colors ) / sizeof( *colors ) ) )
+ if (id > (int) (sizeof(colors) / sizeof(*colors))) {
return;
- printf( "%s", colors[ id ] );
+ }
+ printf("%s", colors[id]);
}
-void mbedtls_mps_trace_indent( int level, mbedtls_mps_trace_type ty )
+void mbedtls_mps_trace_indent(int level, mbedtls_mps_trace_type ty)
{
- if( level > 0 )
- {
- while( --level )
- printf( "| " );
+ if (level > 0) {
+ while (--level) {
+ printf("| ");
+ }
- printf( "| " );
+ printf("| ");
}
- switch( ty )
- {
+ switch (ty) {
case MBEDTLS_MPS_TRACE_TYPE_COMMENT:
- mbedtls_printf( "@ " );
+ mbedtls_printf("@ ");
break;
case MBEDTLS_MPS_TRACE_TYPE_CALL:
- mbedtls_printf( "+--> " );
+ mbedtls_printf("+--> ");
break;
case MBEDTLS_MPS_TRACE_TYPE_ERROR:
- mbedtls_printf( "E " );
+ mbedtls_printf("E ");
break;
case MBEDTLS_MPS_TRACE_TYPE_RETURN:
- mbedtls_printf( "< " );
+ mbedtls_printf("< ");
break;
default:
diff --git a/library/mps_trace.h b/library/mps_trace.h
index 820a1b6..6f0455f 100644
--- a/library/mps_trace.h
+++ b/library/mps_trace.h
@@ -52,8 +52,7 @@
* rest of this file.
*/
-typedef enum
-{
+typedef enum {
MBEDTLS_MPS_TRACE_TYPE_COMMENT,
MBEDTLS_MPS_TRACE_TYPE_CALL,
MBEDTLS_MPS_TRACE_TYPE_ERROR,
@@ -68,101 +67,101 @@
#define MBEDTLS_MPS_TRACE_BIT_READER 6
#if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_1)
-#define MBEDTLS_MPS_TRACE_MASK_LAYER_1 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_1 )
+#define MBEDTLS_MPS_TRACE_MASK_LAYER_1 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_1)
#else
#define MBEDTLS_MPS_TRACE_MASK_LAYER_1 0
#endif
#if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_2)
-#define MBEDTLS_MPS_TRACE_MASK_LAYER_2 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_2 )
+#define MBEDTLS_MPS_TRACE_MASK_LAYER_2 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_2)
#else
#define MBEDTLS_MPS_TRACE_MASK_LAYER_2 0
#endif
#if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_3)
-#define MBEDTLS_MPS_TRACE_MASK_LAYER_3 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_3 )
+#define MBEDTLS_MPS_TRACE_MASK_LAYER_3 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_3)
#else
#define MBEDTLS_MPS_TRACE_MASK_LAYER_3 0
#endif
#if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_4)
-#define MBEDTLS_MPS_TRACE_MASK_LAYER_4 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_4 )
+#define MBEDTLS_MPS_TRACE_MASK_LAYER_4 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_4)
#else
#define MBEDTLS_MPS_TRACE_MASK_LAYER_4 0
#endif
#if defined(MBEDTLS_MPS_TRACE_ENABLE_READER)
-#define MBEDTLS_MPS_TRACE_MASK_READER (1u << MBEDTLS_MPS_TRACE_BIT_READER )
+#define MBEDTLS_MPS_TRACE_MASK_READER (1u << MBEDTLS_MPS_TRACE_BIT_READER)
#else
#define MBEDTLS_MPS_TRACE_MASK_READER 0
#endif
#if defined(MBEDTLS_MPS_TRACE_ENABLE_WRITER)
-#define MBEDTLS_MPS_TRACE_MASK_WRITER (1u << MBEDTLS_MPS_TRACE_BIT_WRITER )
+#define MBEDTLS_MPS_TRACE_MASK_WRITER (1u << MBEDTLS_MPS_TRACE_BIT_WRITER)
#else
#define MBEDTLS_MPS_TRACE_MASK_WRITER 0
#endif
-#define MBEDTLS_MPS_TRACE_MASK ( MBEDTLS_MPS_TRACE_MASK_LAYER_1 | \
- MBEDTLS_MPS_TRACE_MASK_LAYER_2 | \
- MBEDTLS_MPS_TRACE_MASK_LAYER_3 | \
- MBEDTLS_MPS_TRACE_MASK_LAYER_4 | \
- MBEDTLS_MPS_TRACE_MASK_READER | \
- MBEDTLS_MPS_TRACE_MASK_WRITER )
+#define MBEDTLS_MPS_TRACE_MASK (MBEDTLS_MPS_TRACE_MASK_LAYER_1 | \
+ MBEDTLS_MPS_TRACE_MASK_LAYER_2 | \
+ MBEDTLS_MPS_TRACE_MASK_LAYER_3 | \
+ MBEDTLS_MPS_TRACE_MASK_LAYER_4 | \
+ MBEDTLS_MPS_TRACE_MASK_READER | \
+ MBEDTLS_MPS_TRACE_MASK_WRITER)
/* We have to avoid globals because E-ACSL chokes on them...
* Wrap everything in stub functions. */
-int mbedtls_mps_trace_get_depth( void );
-void mbedtls_mps_trace_inc_depth( void );
-void mbedtls_mps_trace_dec_depth( void );
+int mbedtls_mps_trace_get_depth(void);
+void mbedtls_mps_trace_inc_depth(void);
+void mbedtls_mps_trace_dec_depth(void);
-void mbedtls_mps_trace_color( int id );
-void mbedtls_mps_trace_indent( int level, mbedtls_mps_trace_type ty );
+void mbedtls_mps_trace_color(int id);
+void mbedtls_mps_trace_indent(int level, mbedtls_mps_trace_type ty);
-void mbedtls_mps_trace_print_msg( int id, int line, const char *format, ... );
+void mbedtls_mps_trace_print_msg(int id, int line, const char *format, ...);
-#define MBEDTLS_MPS_TRACE( type, ... ) \
+#define MBEDTLS_MPS_TRACE(type, ...) \
do { \
- if( ! ( MBEDTLS_MPS_TRACE_MASK & ( 1u << mbedtls_mps_trace_id ) ) ) \
- break; \
- mbedtls_mps_trace_indent( mbedtls_mps_trace_get_depth(), type ); \
- mbedtls_mps_trace_color( mbedtls_mps_trace_id ); \
- mbedtls_mps_trace_print_msg( mbedtls_mps_trace_id, __LINE__, __VA_ARGS__ ); \
- mbedtls_mps_trace_color( 0 ); \
- } while( 0 )
+ if (!(MBEDTLS_MPS_TRACE_MASK & (1u << mbedtls_mps_trace_id))) \
+ break; \
+ mbedtls_mps_trace_indent(mbedtls_mps_trace_get_depth(), type); \
+ mbedtls_mps_trace_color(mbedtls_mps_trace_id); \
+ mbedtls_mps_trace_print_msg(mbedtls_mps_trace_id, __LINE__, __VA_ARGS__); \
+ mbedtls_mps_trace_color(0); \
+ } while (0)
-#define MBEDTLS_MPS_TRACE_INIT( ... ) \
+#define MBEDTLS_MPS_TRACE_INIT(...) \
do { \
- if( ! ( MBEDTLS_MPS_TRACE_MASK & ( 1u << mbedtls_mps_trace_id ) ) ) \
- break; \
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_CALL, __VA_ARGS__ ); \
+ if (!(MBEDTLS_MPS_TRACE_MASK & (1u << mbedtls_mps_trace_id))) \
+ break; \
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_CALL, __VA_ARGS__); \
mbedtls_mps_trace_inc_depth(); \
- } while( 0 )
+ } while (0)
-#define MBEDTLS_MPS_TRACE_END( val ) \
+#define MBEDTLS_MPS_TRACE_END(val) \
do { \
- if( ! ( MBEDTLS_MPS_TRACE_MASK & ( 1u << mbedtls_mps_trace_id ) ) ) \
- break; \
- MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_RETURN, "%d (-%#04x)", \
- (int) (val), -((unsigned)(val)) ); \
+ if (!(MBEDTLS_MPS_TRACE_MASK & (1u << mbedtls_mps_trace_id))) \
+ break; \
+ MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_RETURN, "%d (-%#04x)", \
+ (int) (val), -((unsigned) (val))); \
mbedtls_mps_trace_dec_depth(); \
- } while( 0 )
+ } while (0)
-#define MBEDTLS_MPS_TRACE_RETURN( val ) \
+#define MBEDTLS_MPS_TRACE_RETURN(val) \
do { \
/* Breaks tail recursion. */ \
int ret__ = val; \
- MBEDTLS_MPS_TRACE_END( ret__ ); \
- return( ret__ ); \
- } while( 0 )
+ MBEDTLS_MPS_TRACE_END(ret__); \
+ return ret__; \
+ } while (0)
#else /* MBEDTLS_MPS_TRACE */
-#define MBEDTLS_MPS_TRACE( type, ... ) do { } while( 0 )
-#define MBEDTLS_MPS_TRACE_INIT( ... ) do { } while( 0 )
-#define MBEDTLS_MPS_TRACE_END do { } while( 0 )
+#define MBEDTLS_MPS_TRACE(type, ...) do { } while (0)
+#define MBEDTLS_MPS_TRACE_INIT(...) do { } while (0)
+#define MBEDTLS_MPS_TRACE_END do { } while (0)
-#define MBEDTLS_MPS_TRACE_RETURN( val ) return( val );
+#define MBEDTLS_MPS_TRACE_RETURN(val) return val;
#endif /* MBEDTLS_MPS_TRACE */
diff --git a/library/net_sockets.c b/library/net_sockets.c
index b2cab50..bdd82ac 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -47,7 +47,7 @@
#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
!defined(EFI32)
-#define IS_EINTR( ret ) ( ( ret ) == WSAEINTR )
+#define IS_EINTR(ret) ((ret) == WSAEINTR)
#if !defined(_WIN32_WINNT)
/* Enables getaddrinfo() & Co */
@@ -70,8 +70,8 @@
#endif
#endif /* _MSC_VER */
-#define read(fd,buf,len) recv( fd, (char*)( buf ), (int)( len ), 0 )
-#define write(fd,buf,len) send( fd, (char*)( buf ), (int)( len ), 0 )
+#define read(fd, buf, len) recv(fd, (char *) (buf), (int) (len), 0)
+#define write(fd, buf, len) send(fd, (char *) (buf), (int) (len), 0)
#define close(fd) closesocket(fd)
static int wsa_init_done = 0;
@@ -89,7 +89,7 @@
#include <netdb.h>
#include <errno.h>
-#define IS_EINTR( ret ) ( ( ret ) == EINTR )
+#define IS_EINTR(ret) ((ret) == EINTR)
#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
@@ -112,25 +112,25 @@
/*
* Prepare for using the sockets interface
*/
-static int net_prepare( void )
+static int net_prepare(void)
{
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
!defined(EFI32)
WSADATA wsaData;
- if( wsa_init_done == 0 )
- {
- if( WSAStartup( MAKEWORD(2,0), &wsaData ) != 0 )
- return( MBEDTLS_ERR_NET_SOCKET_FAILED );
+ if (wsa_init_done == 0) {
+ if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0) {
+ return MBEDTLS_ERR_NET_SOCKET_FAILED;
+ }
wsa_init_done = 1;
}
#else
#if !defined(EFIX64) && !defined(EFI32)
- signal( SIGPIPE, SIG_IGN );
+ signal(SIGPIPE, SIG_IGN);
#endif
#endif
- return( 0 );
+ return 0;
}
/*
@@ -138,10 +138,11 @@
* If for_select != 0, check whether the file descriptor is within the range
* allowed for fd_set used for the FD_xxx macros and the select() function.
*/
-static int check_fd( int fd, int for_select )
+static int check_fd(int fd, int for_select)
{
- if( fd < 0 )
- return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+ if (fd < 0) {
+ return MBEDTLS_ERR_NET_INVALID_CONTEXT;
+ }
#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
!defined(EFI32)
@@ -151,17 +152,18 @@
* that are strictly less than FD_SETSIZE. This is a limitation of the
* fd_set type. Error out early, because attempting to call FD_SET on a
* large file descriptor is a buffer overflow on typical platforms. */
- if( for_select && fd >= FD_SETSIZE )
- return( MBEDTLS_ERR_NET_POLL_FAILED );
+ if (for_select && fd >= FD_SETSIZE) {
+ return MBEDTLS_ERR_NET_POLL_FAILED;
+ }
#endif
- return( 0 );
+ return 0;
}
/*
* Initialize a context
*/
-void mbedtls_net_init( mbedtls_net_context *ctx )
+void mbedtls_net_init(mbedtls_net_context *ctx)
{
ctx->fd = -1;
}
@@ -169,107 +171,103 @@
/*
* Initiate a TCP connection with host:port and the given protocol
*/
-int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host,
- const char *port, int proto )
+int mbedtls_net_connect(mbedtls_net_context *ctx, const char *host,
+ const char *port, int proto)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
struct addrinfo hints, *addr_list, *cur;
- if( ( ret = net_prepare() ) != 0 )
- return( ret );
+ if ((ret = net_prepare()) != 0) {
+ return ret;
+ }
/* Do name resolution with both IPv6 and IPv4 */
- memset( &hints, 0, sizeof( hints ) );
+ memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
- if( getaddrinfo( host, port, &hints, &addr_list ) != 0 )
- return( MBEDTLS_ERR_NET_UNKNOWN_HOST );
+ if (getaddrinfo(host, port, &hints, &addr_list) != 0) {
+ return MBEDTLS_ERR_NET_UNKNOWN_HOST;
+ }
/* Try the sockaddrs until a connection succeeds */
ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
- for( cur = addr_list; cur != NULL; cur = cur->ai_next )
- {
- ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype,
- cur->ai_protocol );
- if( ctx->fd < 0 )
- {
+ for (cur = addr_list; cur != NULL; cur = cur->ai_next) {
+ ctx->fd = (int) socket(cur->ai_family, cur->ai_socktype,
+ cur->ai_protocol);
+ if (ctx->fd < 0) {
ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
continue;
}
- if( connect( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) == 0 )
- {
+ if (connect(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) == 0) {
ret = 0;
break;
}
- close( ctx->fd );
+ close(ctx->fd);
ret = MBEDTLS_ERR_NET_CONNECT_FAILED;
}
- freeaddrinfo( addr_list );
+ freeaddrinfo(addr_list);
- return( ret );
+ return ret;
}
/*
* Create a listening socket on bind_ip:port
*/
-int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto )
+int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto)
{
int n, ret;
struct addrinfo hints, *addr_list, *cur;
- if( ( ret = net_prepare() ) != 0 )
- return( ret );
+ if ((ret = net_prepare()) != 0) {
+ return ret;
+ }
/* Bind to IPv6 and/or IPv4, but only in the desired protocol */
- memset( &hints, 0, sizeof( hints ) );
+ memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
- if( bind_ip == NULL )
+ if (bind_ip == NULL) {
hints.ai_flags = AI_PASSIVE;
+ }
- if( getaddrinfo( bind_ip, port, &hints, &addr_list ) != 0 )
- return( MBEDTLS_ERR_NET_UNKNOWN_HOST );
+ if (getaddrinfo(bind_ip, port, &hints, &addr_list) != 0) {
+ return MBEDTLS_ERR_NET_UNKNOWN_HOST;
+ }
/* Try the sockaddrs until a binding succeeds */
ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
- for( cur = addr_list; cur != NULL; cur = cur->ai_next )
- {
- ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype,
- cur->ai_protocol );
- if( ctx->fd < 0 )
- {
+ for (cur = addr_list; cur != NULL; cur = cur->ai_next) {
+ ctx->fd = (int) socket(cur->ai_family, cur->ai_socktype,
+ cur->ai_protocol);
+ if (ctx->fd < 0) {
ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
continue;
}
n = 1;
- if( setsockopt( ctx->fd, SOL_SOCKET, SO_REUSEADDR,
- (const char *) &n, sizeof( n ) ) != 0 )
- {
- close( ctx->fd );
+ if (setsockopt(ctx->fd, SOL_SOCKET, SO_REUSEADDR,
+ (const char *) &n, sizeof(n)) != 0) {
+ close(ctx->fd);
ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
continue;
}
- if( bind( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) != 0 )
- {
- close( ctx->fd );
+ if (bind(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) != 0) {
+ close(ctx->fd);
ret = MBEDTLS_ERR_NET_BIND_FAILED;
continue;
}
/* Listen only makes sense for TCP */
- if( proto == MBEDTLS_NET_PROTO_TCP )
- {
- if( listen( ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG ) != 0 )
- {
- close( ctx->fd );
+ if (proto == MBEDTLS_NET_PROTO_TCP) {
+ if (listen(ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG) != 0) {
+ close(ctx->fd);
ret = MBEDTLS_ERR_NET_LISTEN_FAILED;
continue;
}
@@ -280,22 +278,22 @@
break;
}
- freeaddrinfo( addr_list );
+ freeaddrinfo(addr_list);
- return( ret );
+ return ret;
}
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
!defined(EFI32)
/*
* Check if the requested operation would be blocking on a non-blocking socket
* and thus 'failed' with a negative return value.
*/
-static int net_would_block( const mbedtls_net_context *ctx )
+static int net_would_block(const mbedtls_net_context *ctx)
{
((void) ctx);
- return( WSAGetLastError() == WSAEWOULDBLOCK );
+ return WSAGetLastError() == WSAEWOULDBLOCK;
}
#else
/*
@@ -304,39 +302,37 @@
*
* Note: on a blocking socket this function always returns 0!
*/
-static int net_would_block( const mbedtls_net_context *ctx )
+static int net_would_block(const mbedtls_net_context *ctx)
{
int err = errno;
/*
* Never return 'WOULD BLOCK' on a blocking socket
*/
- if( ( fcntl( ctx->fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK )
- {
+ if ((fcntl(ctx->fd, F_GETFL) & O_NONBLOCK) != O_NONBLOCK) {
errno = err;
- return( 0 );
+ return 0;
}
- switch( errno = err )
- {
+ switch (errno = err) {
#if defined EAGAIN
case EAGAIN:
#endif
#if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN
case EWOULDBLOCK:
#endif
- return( 1 );
+ return 1;
}
- return( 0 );
+ return 0;
}
#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
/*
* Accept a connection from a remote client
*/
-int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
- mbedtls_net_context *client_ctx,
- void *client_ip, size_t buf_size, size_t *ip_len )
+int mbedtls_net_accept(mbedtls_net_context *bind_ctx,
+ mbedtls_net_context *client_ctx,
+ void *client_ip, size_t buf_size, size_t *ip_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int type;
@@ -346,132 +342,123 @@
#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \
defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \
defined(socklen_t) || (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L)
- socklen_t n = (socklen_t) sizeof( client_addr );
- socklen_t type_len = (socklen_t) sizeof( type );
+ socklen_t n = (socklen_t) sizeof(client_addr);
+ socklen_t type_len = (socklen_t) sizeof(type);
#else
- int n = (int) sizeof( client_addr );
- int type_len = (int) sizeof( type );
+ int n = (int) sizeof(client_addr);
+ int type_len = (int) sizeof(type);
#endif
/* Is this a TCP or UDP socket? */
- if( getsockopt( bind_ctx->fd, SOL_SOCKET, SO_TYPE,
- (void *) &type, &type_len ) != 0 ||
- ( type != SOCK_STREAM && type != SOCK_DGRAM ) )
- {
- return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
+ if (getsockopt(bind_ctx->fd, SOL_SOCKET, SO_TYPE,
+ (void *) &type, &type_len) != 0 ||
+ (type != SOCK_STREAM && type != SOCK_DGRAM)) {
+ return MBEDTLS_ERR_NET_ACCEPT_FAILED;
}
- if( type == SOCK_STREAM )
- {
+ if (type == SOCK_STREAM) {
/* TCP: actual accept() */
- ret = client_ctx->fd = (int) accept( bind_ctx->fd,
- (struct sockaddr *) &client_addr, &n );
- }
- else
- {
+ ret = client_ctx->fd = (int) accept(bind_ctx->fd,
+ (struct sockaddr *) &client_addr, &n);
+ } else {
/* UDP: wait for a message, but keep it in the queue */
char buf[1] = { 0 };
- ret = (int) recvfrom( bind_ctx->fd, buf, sizeof( buf ), MSG_PEEK,
- (struct sockaddr *) &client_addr, &n );
+ ret = (int) recvfrom(bind_ctx->fd, buf, sizeof(buf), MSG_PEEK,
+ (struct sockaddr *) &client_addr, &n);
#if defined(_WIN32)
- if( ret == SOCKET_ERROR &&
- WSAGetLastError() == WSAEMSGSIZE )
- {
+ if (ret == SOCKET_ERROR &&
+ WSAGetLastError() == WSAEMSGSIZE) {
/* We know buf is too small, thanks, just peeking here */
ret = 0;
}
#endif
}
- if( ret < 0 )
- {
- if( net_would_block( bind_ctx ) != 0 )
- return( MBEDTLS_ERR_SSL_WANT_READ );
+ if (ret < 0) {
+ if (net_would_block(bind_ctx) != 0) {
+ return MBEDTLS_ERR_SSL_WANT_READ;
+ }
- return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
+ return MBEDTLS_ERR_NET_ACCEPT_FAILED;
}
/* UDP: hijack the listening socket to communicate with the client,
* then bind a new socket to accept new connections */
- if( type != SOCK_STREAM )
- {
+ if (type != SOCK_STREAM) {
struct sockaddr_storage local_addr;
int one = 1;
- if( connect( bind_ctx->fd, (struct sockaddr *) &client_addr, n ) != 0 )
- return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
+ if (connect(bind_ctx->fd, (struct sockaddr *) &client_addr, n) != 0) {
+ return MBEDTLS_ERR_NET_ACCEPT_FAILED;
+ }
client_ctx->fd = bind_ctx->fd;
bind_ctx->fd = -1; /* In case we exit early */
- n = sizeof( struct sockaddr_storage );
- if( getsockname( client_ctx->fd,
- (struct sockaddr *) &local_addr, &n ) != 0 ||
- ( bind_ctx->fd = (int) socket( local_addr.ss_family,
- SOCK_DGRAM, IPPROTO_UDP ) ) < 0 ||
- setsockopt( bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR,
- (const char *) &one, sizeof( one ) ) != 0 )
- {
- return( MBEDTLS_ERR_NET_SOCKET_FAILED );
+ n = sizeof(struct sockaddr_storage);
+ if (getsockname(client_ctx->fd,
+ (struct sockaddr *) &local_addr, &n) != 0 ||
+ (bind_ctx->fd = (int) socket(local_addr.ss_family,
+ SOCK_DGRAM, IPPROTO_UDP)) < 0 ||
+ setsockopt(bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR,
+ (const char *) &one, sizeof(one)) != 0) {
+ return MBEDTLS_ERR_NET_SOCKET_FAILED;
}
- if( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 )
- {
- return( MBEDTLS_ERR_NET_BIND_FAILED );
+ if (bind(bind_ctx->fd, (struct sockaddr *) &local_addr, n) != 0) {
+ return MBEDTLS_ERR_NET_BIND_FAILED;
}
}
- if( client_ip != NULL )
- {
- if( client_addr.ss_family == AF_INET )
- {
+ if (client_ip != NULL) {
+ if (client_addr.ss_family == AF_INET) {
struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr;
- *ip_len = sizeof( addr4->sin_addr.s_addr );
+ *ip_len = sizeof(addr4->sin_addr.s_addr);
- if( buf_size < *ip_len )
- return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL );
+ if (buf_size < *ip_len) {
+ return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL;
+ }
- memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len );
- }
- else
- {
+ memcpy(client_ip, &addr4->sin_addr.s_addr, *ip_len);
+ } else {
struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &client_addr;
- *ip_len = sizeof( addr6->sin6_addr.s6_addr );
+ *ip_len = sizeof(addr6->sin6_addr.s6_addr);
- if( buf_size < *ip_len )
- return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL );
+ if (buf_size < *ip_len) {
+ return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL;
+ }
- memcpy( client_ip, &addr6->sin6_addr.s6_addr, *ip_len);
+ memcpy(client_ip, &addr6->sin6_addr.s6_addr, *ip_len);
}
}
- return( 0 );
+ return 0;
}
/*
* Set the socket blocking or non-blocking
*/
-int mbedtls_net_set_block( mbedtls_net_context *ctx )
+int mbedtls_net_set_block(mbedtls_net_context *ctx)
{
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
!defined(EFI32)
u_long n = 0;
- return( ioctlsocket( ctx->fd, FIONBIO, &n ) );
+ return ioctlsocket(ctx->fd, FIONBIO, &n);
#else
- return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL ) & ~O_NONBLOCK ) );
+ return fcntl(ctx->fd, F_SETFL, fcntl(ctx->fd, F_GETFL) & ~O_NONBLOCK);
#endif
}
-int mbedtls_net_set_nonblock( mbedtls_net_context *ctx )
+int mbedtls_net_set_nonblock(mbedtls_net_context *ctx)
{
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
!defined(EFI32)
u_long n = 1;
- return( ioctlsocket( ctx->fd, FIONBIO, &n ) );
+ return ioctlsocket(ctx->fd, FIONBIO, &n);
#else
- return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL ) | O_NONBLOCK ) );
+ return fcntl(ctx->fd, F_SETFL, fcntl(ctx->fd, F_GETFL) | O_NONBLOCK);
#endif
}
@@ -479,7 +466,7 @@
* Check if data is available on the socket
*/
-int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout )
+int mbedtls_net_poll(mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
struct timeval tv;
@@ -489,207 +476,220 @@
int fd = ctx->fd;
- ret = check_fd( fd, 1 );
- if( ret != 0 )
- return( ret );
+ ret = check_fd(fd, 1);
+ if (ret != 0) {
+ return ret;
+ }
#if defined(__has_feature)
#if __has_feature(memory_sanitizer)
/* Ensure that memory sanitizers consider read_fds and write_fds as
* initialized even on platforms such as Glibc/x86_64 where FD_ZERO
* is implemented in assembly. */
- memset( &read_fds, 0, sizeof( read_fds ) );
- memset( &write_fds, 0, sizeof( write_fds ) );
+ memset(&read_fds, 0, sizeof(read_fds));
+ memset(&write_fds, 0, sizeof(write_fds));
#endif
#endif
- FD_ZERO( &read_fds );
- if( rw & MBEDTLS_NET_POLL_READ )
- {
+ FD_ZERO(&read_fds);
+ if (rw & MBEDTLS_NET_POLL_READ) {
rw &= ~MBEDTLS_NET_POLL_READ;
- FD_SET( fd, &read_fds );
+ FD_SET(fd, &read_fds);
}
- FD_ZERO( &write_fds );
- if( rw & MBEDTLS_NET_POLL_WRITE )
- {
+ FD_ZERO(&write_fds);
+ if (rw & MBEDTLS_NET_POLL_WRITE) {
rw &= ~MBEDTLS_NET_POLL_WRITE;
- FD_SET( fd, &write_fds );
+ FD_SET(fd, &write_fds);
}
- if( rw != 0 )
- return( MBEDTLS_ERR_NET_BAD_INPUT_DATA );
+ if (rw != 0) {
+ return MBEDTLS_ERR_NET_BAD_INPUT_DATA;
+ }
tv.tv_sec = timeout / 1000;
- tv.tv_usec = ( timeout % 1000 ) * 1000;
+ tv.tv_usec = (timeout % 1000) * 1000;
- do
- {
- ret = select( fd + 1, &read_fds, &write_fds, NULL,
- timeout == (uint32_t) -1 ? NULL : &tv );
+ do {
+ ret = select(fd + 1, &read_fds, &write_fds, NULL,
+ timeout == (uint32_t) -1 ? NULL : &tv);
+ } while (IS_EINTR(ret));
+
+ if (ret < 0) {
+ return MBEDTLS_ERR_NET_POLL_FAILED;
}
- while( IS_EINTR( ret ) );
-
- if( ret < 0 )
- return( MBEDTLS_ERR_NET_POLL_FAILED );
ret = 0;
- if( FD_ISSET( fd, &read_fds ) )
+ if (FD_ISSET(fd, &read_fds)) {
ret |= MBEDTLS_NET_POLL_READ;
- if( FD_ISSET( fd, &write_fds ) )
+ }
+ if (FD_ISSET(fd, &write_fds)) {
ret |= MBEDTLS_NET_POLL_WRITE;
+ }
- return( ret );
+ return ret;
}
/*
* Portable usleep helper
*/
-void mbedtls_net_usleep( unsigned long usec )
+void mbedtls_net_usleep(unsigned long usec)
{
#if defined(_WIN32)
- Sleep( ( usec + 999 ) / 1000 );
+ Sleep((usec + 999) / 1000);
#else
struct timeval tv;
tv.tv_sec = usec / 1000000;
#if defined(__unix__) || defined(__unix) || \
- ( defined(__APPLE__) && defined(__MACH__) )
+ (defined(__APPLE__) && defined(__MACH__))
tv.tv_usec = (suseconds_t) usec % 1000000;
#else
tv.tv_usec = usec % 1000000;
#endif
- select( 0, NULL, NULL, NULL, &tv );
+ select(0, NULL, NULL, NULL, &tv);
#endif
}
/*
* Read at most 'len' characters
*/
-int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
+int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int fd = ((mbedtls_net_context *) ctx)->fd;
- ret = check_fd( fd, 0 );
- if( ret != 0 )
- return( ret );
-
- ret = (int) read( fd, buf, len );
-
- if( ret < 0 )
- {
- if( net_would_block( ctx ) != 0 )
- return( MBEDTLS_ERR_SSL_WANT_READ );
-
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
- !defined(EFI32)
- if( WSAGetLastError() == WSAECONNRESET )
- return( MBEDTLS_ERR_NET_CONN_RESET );
-#else
- if( errno == EPIPE || errno == ECONNRESET )
- return( MBEDTLS_ERR_NET_CONN_RESET );
-
- if( errno == EINTR )
- return( MBEDTLS_ERR_SSL_WANT_READ );
-#endif
-
- return( MBEDTLS_ERR_NET_RECV_FAILED );
+ ret = check_fd(fd, 0);
+ if (ret != 0) {
+ return ret;
}
- return( ret );
+ ret = (int) read(fd, buf, len);
+
+ if (ret < 0) {
+ if (net_would_block(ctx) != 0) {
+ return MBEDTLS_ERR_SSL_WANT_READ;
+ }
+
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
+ !defined(EFI32)
+ if (WSAGetLastError() == WSAECONNRESET) {
+ return MBEDTLS_ERR_NET_CONN_RESET;
+ }
+#else
+ if (errno == EPIPE || errno == ECONNRESET) {
+ return MBEDTLS_ERR_NET_CONN_RESET;
+ }
+
+ if (errno == EINTR) {
+ return MBEDTLS_ERR_SSL_WANT_READ;
+ }
+#endif
+
+ return MBEDTLS_ERR_NET_RECV_FAILED;
+ }
+
+ return ret;
}
/*
* Read at most 'len' characters, blocking for at most 'timeout' ms
*/
-int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf,
- size_t len, uint32_t timeout )
+int mbedtls_net_recv_timeout(void *ctx, unsigned char *buf,
+ size_t len, uint32_t timeout)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
struct timeval tv;
fd_set read_fds;
int fd = ((mbedtls_net_context *) ctx)->fd;
- ret = check_fd( fd, 1 );
- if( ret != 0 )
- return( ret );
+ ret = check_fd(fd, 1);
+ if (ret != 0) {
+ return ret;
+ }
- FD_ZERO( &read_fds );
- FD_SET( fd, &read_fds );
+ FD_ZERO(&read_fds);
+ FD_SET(fd, &read_fds);
tv.tv_sec = timeout / 1000;
- tv.tv_usec = ( timeout % 1000 ) * 1000;
+ tv.tv_usec = (timeout % 1000) * 1000;
- ret = select( fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv );
+ ret = select(fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv);
/* Zero fds ready means we timed out */
- if( ret == 0 )
- return( MBEDTLS_ERR_SSL_TIMEOUT );
+ if (ret == 0) {
+ return MBEDTLS_ERR_SSL_TIMEOUT;
+ }
- if( ret < 0 )
- {
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
- !defined(EFI32)
- if( WSAGetLastError() == WSAEINTR )
- return( MBEDTLS_ERR_SSL_WANT_READ );
+ if (ret < 0) {
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
+ !defined(EFI32)
+ if (WSAGetLastError() == WSAEINTR) {
+ return MBEDTLS_ERR_SSL_WANT_READ;
+ }
#else
- if( errno == EINTR )
- return( MBEDTLS_ERR_SSL_WANT_READ );
+ if (errno == EINTR) {
+ return MBEDTLS_ERR_SSL_WANT_READ;
+ }
#endif
- return( MBEDTLS_ERR_NET_RECV_FAILED );
+ return MBEDTLS_ERR_NET_RECV_FAILED;
}
/* This call will not block */
- return( mbedtls_net_recv( ctx, buf, len ) );
+ return mbedtls_net_recv(ctx, buf, len);
}
/*
* Write at most 'len' characters
*/
-int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
+int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int fd = ((mbedtls_net_context *) ctx)->fd;
- ret = check_fd( fd, 0 );
- if( ret != 0 )
- return( ret );
-
- ret = (int) write( fd, buf, len );
-
- if( ret < 0 )
- {
- if( net_would_block( ctx ) != 0 )
- return( MBEDTLS_ERR_SSL_WANT_WRITE );
-
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
- !defined(EFI32)
- if( WSAGetLastError() == WSAECONNRESET )
- return( MBEDTLS_ERR_NET_CONN_RESET );
-#else
- if( errno == EPIPE || errno == ECONNRESET )
- return( MBEDTLS_ERR_NET_CONN_RESET );
-
- if( errno == EINTR )
- return( MBEDTLS_ERR_SSL_WANT_WRITE );
-#endif
-
- return( MBEDTLS_ERR_NET_SEND_FAILED );
+ ret = check_fd(fd, 0);
+ if (ret != 0) {
+ return ret;
}
- return( ret );
+ ret = (int) write(fd, buf, len);
+
+ if (ret < 0) {
+ if (net_would_block(ctx) != 0) {
+ return MBEDTLS_ERR_SSL_WANT_WRITE;
+ }
+
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
+ !defined(EFI32)
+ if (WSAGetLastError() == WSAECONNRESET) {
+ return MBEDTLS_ERR_NET_CONN_RESET;
+ }
+#else
+ if (errno == EPIPE || errno == ECONNRESET) {
+ return MBEDTLS_ERR_NET_CONN_RESET;
+ }
+
+ if (errno == EINTR) {
+ return MBEDTLS_ERR_SSL_WANT_WRITE;
+ }
+#endif
+
+ return MBEDTLS_ERR_NET_SEND_FAILED;
+ }
+
+ return ret;
}
/*
* Close the connection
*/
-void mbedtls_net_close( mbedtls_net_context *ctx )
+void mbedtls_net_close(mbedtls_net_context *ctx)
{
- if( ctx->fd == -1 )
+ if (ctx->fd == -1) {
return;
+ }
- close( ctx->fd );
+ close(ctx->fd);
ctx->fd = -1;
}
@@ -697,13 +697,14 @@
/*
* Gracefully close the connection
*/
-void mbedtls_net_free( mbedtls_net_context *ctx )
+void mbedtls_net_free(mbedtls_net_context *ctx)
{
- if( ctx->fd == -1 )
+ if (ctx->fd == -1) {
return;
+ }
- shutdown( ctx->fd, 2 );
- close( ctx->fd );
+ shutdown(ctx->fd, 2);
+ close(ctx->fd);
ctx->fd = -1;
}
diff --git a/library/nist_kw.c b/library/nist_kw.c
index 495c23d..5817bf4 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -47,35 +47,37 @@
#define MIN_SEMIBLOCKS_COUNT 3
/*! The 64-bit default integrity check value (ICV) for KW mode. */
-static const unsigned char NIST_KW_ICV1[] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6};
+static const unsigned char NIST_KW_ICV1[] = { 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6 };
/*! The 32-bit default integrity check value (ICV) for KWP mode. */
-static const unsigned char NIST_KW_ICV2[] = {0xA6, 0x59, 0x59, 0xA6};
+static const unsigned char NIST_KW_ICV2[] = { 0xA6, 0x59, 0x59, 0xA6 };
/*
* Initialize context
*/
-void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx )
+void mbedtls_nist_kw_init(mbedtls_nist_kw_context *ctx)
{
- memset( ctx, 0, sizeof( mbedtls_nist_kw_context ) );
+ memset(ctx, 0, sizeof(mbedtls_nist_kw_context));
}
-int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
- mbedtls_cipher_id_t cipher,
- const unsigned char *key,
- unsigned int keybits,
- const int is_wrap )
+int mbedtls_nist_kw_setkey(mbedtls_nist_kw_context *ctx,
+ mbedtls_cipher_id_t cipher,
+ const unsigned char *key,
+ unsigned int keybits,
+ const int is_wrap)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
- cipher_info = mbedtls_cipher_info_from_values( cipher,
- keybits,
- MBEDTLS_MODE_ECB );
- if( cipher_info == NULL )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ cipher_info = mbedtls_cipher_info_from_values(cipher,
+ keybits,
+ MBEDTLS_MODE_ECB);
+ if (cipher_info == NULL) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
- if( cipher_info->block_size != 16 )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (cipher_info->block_size != 16) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
/*
* SP 800-38F currently defines AES cipher as the only block cipher allowed:
@@ -86,44 +88,44 @@
* Currently we don't support other 128 bit block ciphers for key wrapping,
* such as Camellia and Aria.
*/
- if( cipher != MBEDTLS_CIPHER_ID_AES )
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-
- mbedtls_cipher_free( &ctx->cipher_ctx );
-
- if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
- return( ret );
-
- if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
- is_wrap ? MBEDTLS_ENCRYPT :
- MBEDTLS_DECRYPT )
- ) != 0 )
- {
- return( ret );
+ if (cipher != MBEDTLS_CIPHER_ID_AES) {
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
- return( 0 );
+ mbedtls_cipher_free(&ctx->cipher_ctx);
+
+ if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) {
+ return ret;
+ }
+
+ if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits,
+ is_wrap ? MBEDTLS_ENCRYPT :
+ MBEDTLS_DECRYPT)
+ ) != 0) {
+ return ret;
+ }
+
+ return 0;
}
/*
* Free context
*/
-void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx )
+void mbedtls_nist_kw_free(mbedtls_nist_kw_context *ctx)
{
- mbedtls_cipher_free( &ctx->cipher_ctx );
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_nist_kw_context ) );
+ mbedtls_cipher_free(&ctx->cipher_ctx);
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_nist_kw_context));
}
/*
* Helper function for Xoring the uint64_t "t" with the encrypted A.
* Defined in NIST SP 800-38F section 6.1
*/
-static void calc_a_xor_t( unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t )
+static void calc_a_xor_t(unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t)
{
size_t i = 0;
- for( i = 0; i < sizeof( t ); i++ )
- {
- A[i] ^= ( t >> ( ( sizeof( t ) - 1 - i ) * 8 ) ) & 0xff;
+ for (i = 0; i < sizeof(t); i++) {
+ A[i] ^= (t >> ((sizeof(t) - 1 - i) * 8)) & 0xff;
}
}
@@ -131,10 +133,10 @@
* KW-AE as defined in SP 800-38F section 6.2
* KWP-AE as defined in SP 800-38F section 6.3
*/
-int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx,
- mbedtls_nist_kw_mode_t mode,
- const unsigned char *input, size_t in_len,
- unsigned char *output, size_t *out_len, size_t out_size )
+int mbedtls_nist_kw_wrap(mbedtls_nist_kw_context *ctx,
+ mbedtls_nist_kw_mode_t mode,
+ const unsigned char *input, size_t in_len,
+ unsigned char *output, size_t *out_len, size_t out_size)
{
int ret = 0;
size_t semiblocks = 0;
@@ -148,106 +150,96 @@
/*
* Generate the String to work on
*/
- if( mode == MBEDTLS_KW_MODE_KW )
- {
- if( out_size < in_len + KW_SEMIBLOCK_LENGTH )
- {
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (mode == MBEDTLS_KW_MODE_KW) {
+ if (out_size < in_len + KW_SEMIBLOCK_LENGTH) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
/*
* According to SP 800-38F Table 1, the plaintext length for KW
* must be between 2 to 2^54-1 semiblocks inclusive.
*/
- if( in_len < 16 ||
+ if (in_len < 16 ||
#if SIZE_MAX > 0x1FFFFFFFFFFFFF8
in_len > 0x1FFFFFFFFFFFFF8 ||
#endif
- in_len % KW_SEMIBLOCK_LENGTH != 0 )
- {
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ in_len % KW_SEMIBLOCK_LENGTH != 0) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
- memcpy( output, NIST_KW_ICV1, KW_SEMIBLOCK_LENGTH );
- memmove( output + KW_SEMIBLOCK_LENGTH, input, in_len );
- }
- else
- {
- if( in_len % 8 != 0 )
- {
- padlen = ( 8 - ( in_len % 8 ) );
+ memcpy(output, NIST_KW_ICV1, KW_SEMIBLOCK_LENGTH);
+ memmove(output + KW_SEMIBLOCK_LENGTH, input, in_len);
+ } else {
+ if (in_len % 8 != 0) {
+ padlen = (8 - (in_len % 8));
}
- if( out_size < in_len + KW_SEMIBLOCK_LENGTH + padlen )
- {
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (out_size < in_len + KW_SEMIBLOCK_LENGTH + padlen) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
/*
* According to SP 800-38F Table 1, the plaintext length for KWP
* must be between 1 and 2^32-1 octets inclusive.
*/
- if( in_len < 1
+ if (in_len < 1
#if SIZE_MAX > 0xFFFFFFFF
|| in_len > 0xFFFFFFFF
#endif
- )
- {
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ ) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
- memcpy( output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2 );
- MBEDTLS_PUT_UINT32_BE( ( in_len & 0xffffffff ), output,
- KW_SEMIBLOCK_LENGTH / 2 );
+ memcpy(output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2);
+ MBEDTLS_PUT_UINT32_BE((in_len & 0xffffffff), output,
+ KW_SEMIBLOCK_LENGTH / 2);
- memcpy( output + KW_SEMIBLOCK_LENGTH, input, in_len );
- memset( output + KW_SEMIBLOCK_LENGTH + in_len, 0, padlen );
+ memcpy(output + KW_SEMIBLOCK_LENGTH, input, in_len);
+ memset(output + KW_SEMIBLOCK_LENGTH + in_len, 0, padlen);
}
- semiblocks = ( ( in_len + padlen ) / KW_SEMIBLOCK_LENGTH ) + 1;
+ semiblocks = ((in_len + padlen) / KW_SEMIBLOCK_LENGTH) + 1;
- s = 6 * ( semiblocks - 1 );
+ s = 6 * (semiblocks - 1);
- if( mode == MBEDTLS_KW_MODE_KWP
- && in_len <= KW_SEMIBLOCK_LENGTH )
- {
- memcpy( inbuff, output, 16 );
- ret = mbedtls_cipher_update( &ctx->cipher_ctx,
- inbuff, 16, output, &olen );
- if( ret != 0 )
+ if (mode == MBEDTLS_KW_MODE_KWP
+ && in_len <= KW_SEMIBLOCK_LENGTH) {
+ memcpy(inbuff, output, 16);
+ ret = mbedtls_cipher_update(&ctx->cipher_ctx,
+ inbuff, 16, output, &olen);
+ if (ret != 0) {
goto cleanup;
- }
- else
- {
+ }
+ } else {
unsigned char *R2 = output + KW_SEMIBLOCK_LENGTH;
unsigned char *A = output;
/*
* Do the wrapping function W, as defined in RFC 3394 section 2.2.1
*/
- if( semiblocks < MIN_SEMIBLOCKS_COUNT )
- {
+ if (semiblocks < MIN_SEMIBLOCKS_COUNT) {
ret = MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
goto cleanup;
}
/* Calculate intermediate values */
- for( t = 1; t <= s; t++ )
- {
- memcpy( inbuff, A, KW_SEMIBLOCK_LENGTH );
- memcpy( inbuff + KW_SEMIBLOCK_LENGTH, R2, KW_SEMIBLOCK_LENGTH );
+ for (t = 1; t <= s; t++) {
+ memcpy(inbuff, A, KW_SEMIBLOCK_LENGTH);
+ memcpy(inbuff + KW_SEMIBLOCK_LENGTH, R2, KW_SEMIBLOCK_LENGTH);
- ret = mbedtls_cipher_update( &ctx->cipher_ctx,
- inbuff, 16, outbuff, &olen );
- if( ret != 0 )
+ ret = mbedtls_cipher_update(&ctx->cipher_ctx,
+ inbuff, 16, outbuff, &olen);
+ if (ret != 0) {
goto cleanup;
+ }
- memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH );
- calc_a_xor_t( A, t );
+ memcpy(A, outbuff, KW_SEMIBLOCK_LENGTH);
+ calc_a_xor_t(A, t);
- memcpy( R2, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH );
+ memcpy(R2, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH);
R2 += KW_SEMIBLOCK_LENGTH;
- if( R2 >= output + ( semiblocks * KW_SEMIBLOCK_LENGTH ) )
+ if (R2 >= output + (semiblocks * KW_SEMIBLOCK_LENGTH)) {
R2 = output + KW_SEMIBLOCK_LENGTH;
+ }
}
}
@@ -255,14 +247,13 @@
cleanup:
- if( ret != 0)
- {
- memset( output, 0, semiblocks * KW_SEMIBLOCK_LENGTH );
+ if (ret != 0) {
+ memset(output, 0, semiblocks * KW_SEMIBLOCK_LENGTH);
}
- mbedtls_platform_zeroize( inbuff, KW_SEMIBLOCK_LENGTH * 2 );
- mbedtls_platform_zeroize( outbuff, KW_SEMIBLOCK_LENGTH * 2 );
+ mbedtls_platform_zeroize(inbuff, KW_SEMIBLOCK_LENGTH * 2);
+ mbedtls_platform_zeroize(outbuff, KW_SEMIBLOCK_LENGTH * 2);
- return( ret );
+ return ret;
}
/*
@@ -273,13 +264,13 @@
* 3. Minimal number of semiblocks is 3.
* 4. A is a buffer to hold the first semiblock of the input buffer.
*/
-static int unwrap( mbedtls_nist_kw_context *ctx,
- const unsigned char *input, size_t semiblocks,
- unsigned char A[KW_SEMIBLOCK_LENGTH],
- unsigned char *output, size_t* out_len )
+static int unwrap(mbedtls_nist_kw_context *ctx,
+ const unsigned char *input, size_t semiblocks,
+ unsigned char A[KW_SEMIBLOCK_LENGTH],
+ unsigned char *output, size_t *out_len)
{
int ret = 0;
- const size_t s = 6 * ( semiblocks - 1 );
+ const size_t s = 6 * (semiblocks - 1);
size_t olen;
uint64_t t = 0;
unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
@@ -287,58 +278,59 @@
unsigned char *R = NULL;
*out_len = 0;
- if( semiblocks < MIN_SEMIBLOCKS_COUNT )
- {
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (semiblocks < MIN_SEMIBLOCKS_COUNT) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
- memcpy( A, input, KW_SEMIBLOCK_LENGTH );
- memmove( output, input + KW_SEMIBLOCK_LENGTH, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH );
- R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH;
+ memcpy(A, input, KW_SEMIBLOCK_LENGTH);
+ memmove(output, input + KW_SEMIBLOCK_LENGTH, (semiblocks - 1) * KW_SEMIBLOCK_LENGTH);
+ R = output + (semiblocks - 2) * KW_SEMIBLOCK_LENGTH;
/* Calculate intermediate values */
- for( t = s; t >= 1; t-- )
- {
- calc_a_xor_t( A, t );
+ for (t = s; t >= 1; t--) {
+ calc_a_xor_t(A, t);
- memcpy( inbuff, A, KW_SEMIBLOCK_LENGTH );
- memcpy( inbuff + KW_SEMIBLOCK_LENGTH, R, KW_SEMIBLOCK_LENGTH );
+ memcpy(inbuff, A, KW_SEMIBLOCK_LENGTH);
+ memcpy(inbuff + KW_SEMIBLOCK_LENGTH, R, KW_SEMIBLOCK_LENGTH);
- ret = mbedtls_cipher_update( &ctx->cipher_ctx,
- inbuff, 16, outbuff, &olen );
- if( ret != 0 )
+ ret = mbedtls_cipher_update(&ctx->cipher_ctx,
+ inbuff, 16, outbuff, &olen);
+ if (ret != 0) {
goto cleanup;
+ }
- memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH );
+ memcpy(A, outbuff, KW_SEMIBLOCK_LENGTH);
/* Set R as LSB64 of outbuff */
- memcpy( R, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH );
+ memcpy(R, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH);
- if( R == output )
- R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH;
- else
+ if (R == output) {
+ R = output + (semiblocks - 2) * KW_SEMIBLOCK_LENGTH;
+ } else {
R -= KW_SEMIBLOCK_LENGTH;
+ }
}
- *out_len = ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH;
+ *out_len = (semiblocks - 1) * KW_SEMIBLOCK_LENGTH;
cleanup:
- if( ret != 0)
- memset( output, 0, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH );
- mbedtls_platform_zeroize( inbuff, sizeof( inbuff ) );
- mbedtls_platform_zeroize( outbuff, sizeof( outbuff ) );
+ if (ret != 0) {
+ memset(output, 0, (semiblocks - 1) * KW_SEMIBLOCK_LENGTH);
+ }
+ mbedtls_platform_zeroize(inbuff, sizeof(inbuff));
+ mbedtls_platform_zeroize(outbuff, sizeof(outbuff));
- return( ret );
+ return ret;
}
/*
* KW-AD as defined in SP 800-38F section 6.2
* KWP-AD as defined in SP 800-38F section 6.3
*/
-int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx,
- mbedtls_nist_kw_mode_t mode,
- const unsigned char *input, size_t in_len,
- unsigned char *output, size_t *out_len, size_t out_size )
+int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx,
+ mbedtls_nist_kw_mode_t mode,
+ const unsigned char *input, size_t in_len,
+ unsigned char *output, size_t *out_len, size_t out_size)
{
int ret = 0;
size_t i, olen;
@@ -346,89 +338,81 @@
unsigned char diff, bad_padding = 0;
*out_len = 0;
- if( out_size < in_len - KW_SEMIBLOCK_LENGTH )
- {
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ if (out_size < in_len - KW_SEMIBLOCK_LENGTH) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
- if( mode == MBEDTLS_KW_MODE_KW )
- {
+ if (mode == MBEDTLS_KW_MODE_KW) {
/*
* According to SP 800-38F Table 1, the ciphertext length for KW
* must be between 3 to 2^54 semiblocks inclusive.
*/
- if( in_len < 24 ||
+ if (in_len < 24 ||
#if SIZE_MAX > 0x200000000000000
in_len > 0x200000000000000 ||
#endif
- in_len % KW_SEMIBLOCK_LENGTH != 0 )
- {
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ in_len % KW_SEMIBLOCK_LENGTH != 0) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
- ret = unwrap( ctx, input, in_len / KW_SEMIBLOCK_LENGTH,
- A, output, out_len );
- if( ret != 0 )
+ ret = unwrap(ctx, input, in_len / KW_SEMIBLOCK_LENGTH,
+ A, output, out_len);
+ if (ret != 0) {
goto cleanup;
+ }
/* Check ICV in "constant-time" */
- diff = mbedtls_ct_memcmp( NIST_KW_ICV1, A, KW_SEMIBLOCK_LENGTH );
+ diff = mbedtls_ct_memcmp(NIST_KW_ICV1, A, KW_SEMIBLOCK_LENGTH);
- if( diff != 0 )
- {
+ if (diff != 0) {
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
goto cleanup;
}
- }
- else if( mode == MBEDTLS_KW_MODE_KWP )
- {
+ } else if (mode == MBEDTLS_KW_MODE_KWP) {
size_t padlen = 0;
uint32_t Plen;
/*
* According to SP 800-38F Table 1, the ciphertext length for KWP
* must be between 2 to 2^29 semiblocks inclusive.
*/
- if( in_len < KW_SEMIBLOCK_LENGTH * 2 ||
+ if (in_len < KW_SEMIBLOCK_LENGTH * 2 ||
#if SIZE_MAX > 0x100000000
in_len > 0x100000000 ||
#endif
- in_len % KW_SEMIBLOCK_LENGTH != 0 )
- {
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ in_len % KW_SEMIBLOCK_LENGTH != 0) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
- if( in_len == KW_SEMIBLOCK_LENGTH * 2 )
- {
+ if (in_len == KW_SEMIBLOCK_LENGTH * 2) {
unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
- ret = mbedtls_cipher_update( &ctx->cipher_ctx,
- input, 16, outbuff, &olen );
- if( ret != 0 )
+ ret = mbedtls_cipher_update(&ctx->cipher_ctx,
+ input, 16, outbuff, &olen);
+ if (ret != 0) {
goto cleanup;
+ }
- memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH );
- memcpy( output, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH );
- mbedtls_platform_zeroize( outbuff, sizeof( outbuff ) );
+ memcpy(A, outbuff, KW_SEMIBLOCK_LENGTH);
+ memcpy(output, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH);
+ mbedtls_platform_zeroize(outbuff, sizeof(outbuff));
*out_len = KW_SEMIBLOCK_LENGTH;
- }
- else
- {
+ } else {
/* in_len >= KW_SEMIBLOCK_LENGTH * 3 */
- ret = unwrap( ctx, input, in_len / KW_SEMIBLOCK_LENGTH,
- A, output, out_len );
- if( ret != 0 )
+ ret = unwrap(ctx, input, in_len / KW_SEMIBLOCK_LENGTH,
+ A, output, out_len);
+ if (ret != 0) {
goto cleanup;
+ }
}
/* Check ICV in "constant-time" */
- diff = mbedtls_ct_memcmp( NIST_KW_ICV2, A, KW_SEMIBLOCK_LENGTH / 2 );
+ diff = mbedtls_ct_memcmp(NIST_KW_ICV2, A, KW_SEMIBLOCK_LENGTH / 2);
- if( diff != 0 )
- {
+ if (diff != 0) {
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
}
- Plen = MBEDTLS_GET_UINT32_BE( A, KW_SEMIBLOCK_LENGTH / 2 );
+ Plen = MBEDTLS_GET_UINT32_BE(A, KW_SEMIBLOCK_LENGTH / 2);
/*
* Plen is the length of the plaintext, when the input is valid.
@@ -436,51 +420,45 @@
* larger than 8, because of the type wrap around.
*/
padlen = in_len - KW_SEMIBLOCK_LENGTH - Plen;
- if ( padlen > 7 )
- {
+ if (padlen > 7) {
padlen &= 7;
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
}
/* Check padding in "constant-time" */
- for( diff = 0, i = 0; i < KW_SEMIBLOCK_LENGTH; i++ )
- {
- if( i >= KW_SEMIBLOCK_LENGTH - padlen )
- diff |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
- else
- bad_padding |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
+ for (diff = 0, i = 0; i < KW_SEMIBLOCK_LENGTH; i++) {
+ if (i >= KW_SEMIBLOCK_LENGTH - padlen) {
+ diff |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
+ } else {
+ bad_padding |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
+ }
}
- if( diff != 0 )
- {
+ if (diff != 0) {
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
}
- if( ret != 0 )
- {
+ if (ret != 0) {
goto cleanup;
}
- memset( output + Plen, 0, padlen );
+ memset(output + Plen, 0, padlen);
*out_len = Plen;
- }
- else
- {
+ } else {
ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
goto cleanup;
}
cleanup:
- if( ret != 0 )
- {
- memset( output, 0, *out_len );
+ if (ret != 0) {
+ memset(output, 0, *out_len);
*out_len = 0;
}
- mbedtls_platform_zeroize( &bad_padding, sizeof( bad_padding) );
- mbedtls_platform_zeroize( &diff, sizeof( diff ) );
- mbedtls_platform_zeroize( A, sizeof( A ) );
+ mbedtls_platform_zeroize(&bad_padding, sizeof(bad_padding));
+ mbedtls_platform_zeroize(&diff, sizeof(diff));
+ mbedtls_platform_zeroize(A, sizeof(A));
- return( ret );
+ return ret;
}
#endif /* !MBEDTLS_NIST_KW_ALT */
@@ -575,130 +553,133 @@
};
static const size_t kwp_out_len[KW_TESTS] = { 24, 40, 16 };
-int mbedtls_nist_kw_self_test( int verbose )
+int mbedtls_nist_kw_self_test(int verbose)
{
mbedtls_nist_kw_context ctx;
unsigned char out[48];
size_t olen;
int i;
int ret = 0;
- mbedtls_nist_kw_init( &ctx );
+ mbedtls_nist_kw_init(&ctx);
- for( i = 0; i < KW_TESTS; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " KW-AES-%u ", (unsigned int) key_len[i] * 8 );
+ for (i = 0; i < KW_TESTS; i++) {
+ if (verbose != 0) {
+ mbedtls_printf(" KW-AES-%u ", (unsigned int) key_len[i] * 8);
+ }
- ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
- kw_key[i], key_len[i] * 8, 1 );
- if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( " KW: setup failed " );
+ ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
+ kw_key[i], key_len[i] * 8, 1);
+ if (ret != 0) {
+ if (verbose != 0) {
+ mbedtls_printf(" KW: setup failed ");
+ }
goto end;
}
- ret = mbedtls_nist_kw_wrap( &ctx, MBEDTLS_KW_MODE_KW, kw_msg[i],
- kw_msg_len[i], out, &olen, sizeof( out ) );
- if( ret != 0 || kw_out_len[i] != olen ||
- memcmp( out, kw_res[i], kw_out_len[i] ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed. ");
+ ret = mbedtls_nist_kw_wrap(&ctx, MBEDTLS_KW_MODE_KW, kw_msg[i],
+ kw_msg_len[i], out, &olen, sizeof(out));
+ if (ret != 0 || kw_out_len[i] != olen ||
+ memcmp(out, kw_res[i], kw_out_len[i]) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed. ");
+ }
ret = 1;
goto end;
}
- if( ( ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
- kw_key[i], key_len[i] * 8, 0 ) )
- != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( " KW: setup failed ");
+ if ((ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
+ kw_key[i], key_len[i] * 8, 0))
+ != 0) {
+ if (verbose != 0) {
+ mbedtls_printf(" KW: setup failed ");
+ }
goto end;
}
- ret = mbedtls_nist_kw_unwrap( &ctx, MBEDTLS_KW_MODE_KW,
- out, olen, out, &olen, sizeof( out ) );
+ ret = mbedtls_nist_kw_unwrap(&ctx, MBEDTLS_KW_MODE_KW,
+ out, olen, out, &olen, sizeof(out));
- if( ret != 0 || olen != kw_msg_len[i] ||
- memcmp( out, kw_msg[i], kw_msg_len[i] ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (ret != 0 || olen != kw_msg_len[i] ||
+ memcmp(out, kw_msg[i], kw_msg_len[i]) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
goto end;
}
- if( verbose != 0 )
- mbedtls_printf( " passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf(" passed\n");
+ }
}
- for( i = 0; i < KW_TESTS; i++ )
- {
- olen = sizeof( out );
- if( verbose != 0 )
- mbedtls_printf( " KWP-AES-%u ", (unsigned int) key_len[i] * 8 );
+ for (i = 0; i < KW_TESTS; i++) {
+ olen = sizeof(out);
+ if (verbose != 0) {
+ mbedtls_printf(" KWP-AES-%u ", (unsigned int) key_len[i] * 8);
+ }
- ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, kwp_key[i],
- key_len[i] * 8, 1 );
- if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( " KWP: setup failed " );
+ ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, kwp_key[i],
+ key_len[i] * 8, 1);
+ if (ret != 0) {
+ if (verbose != 0) {
+ mbedtls_printf(" KWP: setup failed ");
+ }
goto end;
}
- ret = mbedtls_nist_kw_wrap( &ctx, MBEDTLS_KW_MODE_KWP, kwp_msg[i],
- kwp_msg_len[i], out, &olen, sizeof( out ) );
+ ret = mbedtls_nist_kw_wrap(&ctx, MBEDTLS_KW_MODE_KWP, kwp_msg[i],
+ kwp_msg_len[i], out, &olen, sizeof(out));
- if( ret != 0 || kwp_out_len[i] != olen ||
- memcmp( out, kwp_res[i], kwp_out_len[i] ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed. ");
+ if (ret != 0 || kwp_out_len[i] != olen ||
+ memcmp(out, kwp_res[i], kwp_out_len[i]) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed. ");
+ }
ret = 1;
goto end;
}
- if( ( ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
- kwp_key[i], key_len[i] * 8, 0 ) )
- != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( " KWP: setup failed ");
+ if ((ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
+ kwp_key[i], key_len[i] * 8, 0))
+ != 0) {
+ if (verbose != 0) {
+ mbedtls_printf(" KWP: setup failed ");
+ }
goto end;
}
- ret = mbedtls_nist_kw_unwrap( &ctx, MBEDTLS_KW_MODE_KWP, out,
- olen, out, &olen, sizeof( out ) );
+ ret = mbedtls_nist_kw_unwrap(&ctx, MBEDTLS_KW_MODE_KWP, out,
+ olen, out, &olen, sizeof(out));
- if( ret != 0 || olen != kwp_msg_len[i] ||
- memcmp( out, kwp_msg[i], kwp_msg_len[i] ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed. ");
+ if (ret != 0 || olen != kwp_msg_len[i] ||
+ memcmp(out, kwp_msg[i], kwp_msg_len[i]) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed. ");
+ }
ret = 1;
goto end;
}
- if( verbose != 0 )
- mbedtls_printf( " passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf(" passed\n");
+ }
}
end:
- mbedtls_nist_kw_free( &ctx );
+ mbedtls_nist_kw_free(&ctx);
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
diff --git a/library/oid.c b/library/oid.c
index 53e5350..fcff152 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -41,23 +41,23 @@
* Macro to generate an internal function for oid_XXX_from_asn1() (used by
* the other functions)
*/
-#define FN_OID_TYPED_FROM_ASN1( TYPE_T, NAME, LIST ) \
- static const TYPE_T * oid_ ## NAME ## _from_asn1( \
- const mbedtls_asn1_buf *oid ) \
+#define FN_OID_TYPED_FROM_ASN1(TYPE_T, NAME, LIST) \
+ static const TYPE_T *oid_ ## NAME ## _from_asn1( \
+ const mbedtls_asn1_buf *oid) \
{ \
const TYPE_T *p = (LIST); \
const mbedtls_oid_descriptor_t *cur = \
(const mbedtls_oid_descriptor_t *) p; \
- if( p == NULL || oid == NULL ) return( NULL ); \
- while( cur->asn1 != NULL ) { \
- if( cur->asn1_len == oid->len && \
- memcmp( cur->asn1, oid->p, oid->len ) == 0 ) { \
- return( p ); \
+ if (p == NULL || oid == NULL) return NULL; \
+ while (cur->asn1 != NULL) { \
+ if (cur->asn1_len == oid->len && \
+ memcmp(cur->asn1, oid->p, oid->len) == 0) { \
+ return p; \
} \
p++; \
cur = (const mbedtls_oid_descriptor_t *) p; \
} \
- return( NULL ); \
+ return NULL; \
}
/*
@@ -65,26 +65,26 @@
* descriptor of an mbedtls_oid_descriptor_t wrapper.
*/
#define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
-int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \
-{ \
- const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
- if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
- *ATTR1 = data->descriptor.ATTR1; \
- return( 0 ); \
-}
+ int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \
+ { \
+ const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
+ if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
+ *ATTR1 = data->descriptor.ATTR1; \
+ return 0; \
+ }
/*
* Macro to generate a function for retrieving a single attribute from an
* mbedtls_oid_descriptor_t wrapper.
*/
#define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
-int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \
-{ \
- const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
- if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
- *ATTR1 = data->ATTR1; \
- return( 0 ); \
-}
+ int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \
+ { \
+ const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
+ if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
+ *ATTR1 = data->ATTR1; \
+ return 0; \
+ }
/*
* Macro to generate a function for retrieving two attributes from an
@@ -92,34 +92,34 @@
*/
#define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \
ATTR2_TYPE, ATTR2) \
-int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \
- ATTR2_TYPE * ATTR2 ) \
-{ \
- const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
- if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
- *(ATTR1) = data->ATTR1; \
- *(ATTR2) = data->ATTR2; \
- return( 0 ); \
-}
+ int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \
+ ATTR2_TYPE * ATTR2) \
+ { \
+ const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
+ if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
+ *(ATTR1) = data->ATTR1; \
+ *(ATTR2) = data->ATTR2; \
+ return 0; \
+ }
/*
* Macro to generate a function for retrieving the OID based on a single
* attribute from a mbedtls_oid_descriptor_t wrapper.
*/
#define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \
-int FN_NAME( ATTR1_TYPE ATTR1, const char **oid, size_t *olen ) \
-{ \
- const TYPE_T *cur = (LIST); \
- while( cur->descriptor.asn1 != NULL ) { \
- if( cur->ATTR1 == (ATTR1) ) { \
- *oid = cur->descriptor.asn1; \
- *olen = cur->descriptor.asn1_len; \
- return( 0 ); \
- } \
- cur++; \
- } \
- return( MBEDTLS_ERR_OID_NOT_FOUND ); \
-}
+ int FN_NAME(ATTR1_TYPE ATTR1, const char **oid, size_t *olen) \
+ { \
+ const TYPE_T *cur = (LIST); \
+ while (cur->descriptor.asn1 != NULL) { \
+ if (cur->ATTR1 == (ATTR1)) { \
+ *oid = cur->descriptor.asn1; \
+ *olen = cur->descriptor.asn1_len; \
+ return 0; \
+ } \
+ cur++; \
+ } \
+ return MBEDTLS_ERR_OID_NOT_FOUND; \
+ }
/*
* Macro to generate a function for retrieving the OID based on two
@@ -127,20 +127,20 @@
*/
#define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \
ATTR2_TYPE, ATTR2) \
-int FN_NAME( ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid , \
- size_t *olen ) \
-{ \
- const TYPE_T *cur = (LIST); \
- while( cur->descriptor.asn1 != NULL ) { \
- if( cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2) ) { \
- *oid = cur->descriptor.asn1; \
- *olen = cur->descriptor.asn1_len; \
- return( 0 ); \
- } \
- cur++; \
- } \
- return( MBEDTLS_ERR_OID_NOT_FOUND ); \
-}
+ int FN_NAME(ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid, \
+ size_t *olen) \
+ { \
+ const TYPE_T *cur = (LIST); \
+ while (cur->descriptor.asn1 != NULL) { \
+ if (cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2)) { \
+ *oid = cur->descriptor.asn1; \
+ *olen = cur->descriptor.asn1_len; \
+ return 0; \
+ } \
+ cur++; \
+ } \
+ return MBEDTLS_ERR_OID_NOT_FOUND; \
+ }
/*
* For X520 attribute types
@@ -153,79 +153,84 @@
static const oid_x520_attr_t oid_x520_attr_type[] =
{
{
- { ADD_LEN( MBEDTLS_OID_AT_CN ), "id-at-commonName", "Common Name" },
+ { ADD_LEN(MBEDTLS_OID_AT_CN), "id-at-commonName", "Common Name" },
"CN",
},
{
- { ADD_LEN( MBEDTLS_OID_AT_COUNTRY ), "id-at-countryName", "Country" },
+ { ADD_LEN(MBEDTLS_OID_AT_COUNTRY), "id-at-countryName", "Country" },
"C",
},
{
- { ADD_LEN( MBEDTLS_OID_AT_LOCALITY ), "id-at-locality", "Locality" },
+ { ADD_LEN(MBEDTLS_OID_AT_LOCALITY), "id-at-locality", "Locality" },
"L",
},
{
- { ADD_LEN( MBEDTLS_OID_AT_STATE ), "id-at-state", "State" },
+ { ADD_LEN(MBEDTLS_OID_AT_STATE), "id-at-state", "State" },
"ST",
},
{
- { ADD_LEN( MBEDTLS_OID_AT_ORGANIZATION ),"id-at-organizationName", "Organization" },
+ { ADD_LEN(MBEDTLS_OID_AT_ORGANIZATION), "id-at-organizationName", "Organization" },
"O",
},
{
- { ADD_LEN( MBEDTLS_OID_AT_ORG_UNIT ), "id-at-organizationalUnitName", "Org Unit" },
+ { ADD_LEN(MBEDTLS_OID_AT_ORG_UNIT), "id-at-organizationalUnitName", "Org Unit" },
"OU",
},
{
- { ADD_LEN( MBEDTLS_OID_PKCS9_EMAIL ), "emailAddress", "E-mail address" },
+ { ADD_LEN(MBEDTLS_OID_PKCS9_EMAIL), "emailAddress", "E-mail address" },
"emailAddress",
},
{
- { ADD_LEN( MBEDTLS_OID_AT_SERIAL_NUMBER ),"id-at-serialNumber", "Serial number" },
+ { ADD_LEN(MBEDTLS_OID_AT_SERIAL_NUMBER), "id-at-serialNumber", "Serial number" },
"serialNumber",
},
{
- { ADD_LEN( MBEDTLS_OID_AT_POSTAL_ADDRESS ),"id-at-postalAddress", "Postal address" },
+ { ADD_LEN(MBEDTLS_OID_AT_POSTAL_ADDRESS), "id-at-postalAddress",
+ "Postal address" },
"postalAddress",
},
{
- { ADD_LEN( MBEDTLS_OID_AT_POSTAL_CODE ), "id-at-postalCode", "Postal code" },
+ { ADD_LEN(MBEDTLS_OID_AT_POSTAL_CODE), "id-at-postalCode", "Postal code" },
"postalCode",
},
{
- { ADD_LEN( MBEDTLS_OID_AT_SUR_NAME ), "id-at-surName", "Surname" },
+ { ADD_LEN(MBEDTLS_OID_AT_SUR_NAME), "id-at-surName", "Surname" },
"SN",
},
{
- { ADD_LEN( MBEDTLS_OID_AT_GIVEN_NAME ), "id-at-givenName", "Given name" },
+ { ADD_LEN(MBEDTLS_OID_AT_GIVEN_NAME), "id-at-givenName", "Given name" },
"GN",
},
{
- { ADD_LEN( MBEDTLS_OID_AT_INITIALS ), "id-at-initials", "Initials" },
+ { ADD_LEN(MBEDTLS_OID_AT_INITIALS), "id-at-initials", "Initials" },
"initials",
},
{
- { ADD_LEN( MBEDTLS_OID_AT_GENERATION_QUALIFIER ), "id-at-generationQualifier", "Generation qualifier" },
+ { ADD_LEN(MBEDTLS_OID_AT_GENERATION_QUALIFIER), "id-at-generationQualifier",
+ "Generation qualifier" },
"generationQualifier",
},
{
- { ADD_LEN( MBEDTLS_OID_AT_TITLE ), "id-at-title", "Title" },
+ { ADD_LEN(MBEDTLS_OID_AT_TITLE), "id-at-title", "Title" },
"title",
},
{
- { ADD_LEN( MBEDTLS_OID_AT_DN_QUALIFIER ),"id-at-dnQualifier", "Distinguished Name qualifier" },
+ { ADD_LEN(MBEDTLS_OID_AT_DN_QUALIFIER), "id-at-dnQualifier",
+ "Distinguished Name qualifier" },
"dnQualifier",
},
{
- { ADD_LEN( MBEDTLS_OID_AT_PSEUDONYM ), "id-at-pseudonym", "Pseudonym" },
+ { ADD_LEN(MBEDTLS_OID_AT_PSEUDONYM), "id-at-pseudonym", "Pseudonym" },
"pseudonym",
},
{
- { ADD_LEN( MBEDTLS_OID_DOMAIN_COMPONENT ), "id-domainComponent", "Domain component" },
+ { ADD_LEN(MBEDTLS_OID_DOMAIN_COMPONENT), "id-domainComponent",
+ "Domain component" },
"DC",
},
{
- { ADD_LEN( MBEDTLS_OID_AT_UNIQUE_IDENTIFIER ), "id-at-uniqueIdentifier", "Unique Identifier" },
+ { ADD_LEN(MBEDTLS_OID_AT_UNIQUE_IDENTIFIER), "id-at-uniqueIdentifier",
+ "Unique Identifier" },
"uniqueIdentifier",
},
{
@@ -235,7 +240,11 @@
};
FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type)
-FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, oid_x520_attr_t, x520_attr, const char *, short_name)
+FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name,
+ oid_x520_attr_t,
+ x520_attr,
+ const char *,
+ short_name)
/*
* For X509 extensions
@@ -248,27 +257,32 @@
static const oid_x509_ext_t oid_x509_ext[] =
{
{
- { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" },
+ { ADD_LEN(MBEDTLS_OID_BASIC_CONSTRAINTS), "id-ce-basicConstraints",
+ "Basic Constraints" },
MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS,
},
{
- { ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" },
+ { ADD_LEN(MBEDTLS_OID_KEY_USAGE), "id-ce-keyUsage", "Key Usage" },
MBEDTLS_OID_X509_EXT_KEY_USAGE,
},
{
- { ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" },
+ { ADD_LEN(MBEDTLS_OID_EXTENDED_KEY_USAGE), "id-ce-extKeyUsage",
+ "Extended Key Usage" },
MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE,
},
{
- { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" },
+ { ADD_LEN(MBEDTLS_OID_SUBJECT_ALT_NAME), "id-ce-subjectAltName",
+ "Subject Alt Name" },
MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME,
},
{
- { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" },
+ { ADD_LEN(MBEDTLS_OID_NS_CERT_TYPE), "id-netscape-certtype",
+ "Netscape Certificate Type" },
MBEDTLS_OID_X509_EXT_NS_CERT_TYPE,
},
{
- { ADD_LEN( MBEDTLS_OID_CERTIFICATE_POLICIES ), "id-ce-certificatePolicies", "Certificate Policies" },
+ { ADD_LEN(MBEDTLS_OID_CERTIFICATE_POLICIES), "id-ce-certificatePolicies",
+ "Certificate Policies" },
MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES,
},
{
@@ -282,27 +296,38 @@
static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
{
- { ADD_LEN( MBEDTLS_OID_SERVER_AUTH ), "id-kp-serverAuth", "TLS Web Server Authentication" },
- { ADD_LEN( MBEDTLS_OID_CLIENT_AUTH ), "id-kp-clientAuth", "TLS Web Client Authentication" },
- { ADD_LEN( MBEDTLS_OID_CODE_SIGNING ), "id-kp-codeSigning", "Code Signing" },
- { ADD_LEN( MBEDTLS_OID_EMAIL_PROTECTION ), "id-kp-emailProtection", "E-mail Protection" },
- { ADD_LEN( MBEDTLS_OID_TIME_STAMPING ), "id-kp-timeStamping", "Time Stamping" },
- { ADD_LEN( MBEDTLS_OID_OCSP_SIGNING ), "id-kp-OCSPSigning", "OCSP Signing" },
- { ADD_LEN( MBEDTLS_OID_WISUN_FAN ), "id-kp-wisun-fan-device", "Wi-SUN Alliance Field Area Network (FAN)" },
+ { ADD_LEN(MBEDTLS_OID_SERVER_AUTH), "id-kp-serverAuth",
+ "TLS Web Server Authentication" },
+ { ADD_LEN(MBEDTLS_OID_CLIENT_AUTH), "id-kp-clientAuth",
+ "TLS Web Client Authentication" },
+ { ADD_LEN(MBEDTLS_OID_CODE_SIGNING), "id-kp-codeSigning", "Code Signing" },
+ { ADD_LEN(MBEDTLS_OID_EMAIL_PROTECTION), "id-kp-emailProtection", "E-mail Protection" },
+ { ADD_LEN(MBEDTLS_OID_TIME_STAMPING), "id-kp-timeStamping", "Time Stamping" },
+ { ADD_LEN(MBEDTLS_OID_OCSP_SIGNING), "id-kp-OCSPSigning", "OCSP Signing" },
+ { ADD_LEN(MBEDTLS_OID_WISUN_FAN), "id-kp-wisun-fan-device",
+ "Wi-SUN Alliance Field Area Network (FAN)" },
{ NULL, 0, NULL, NULL },
};
FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
-FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, ext_key_usage, const char *, description)
+FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage,
+ mbedtls_oid_descriptor_t,
+ ext_key_usage,
+ const char *,
+ description)
static const mbedtls_oid_descriptor_t oid_certificate_policies[] =
{
- { ADD_LEN( MBEDTLS_OID_ANY_POLICY ), "anyPolicy", "Any Policy" },
+ { ADD_LEN(MBEDTLS_OID_ANY_POLICY), "anyPolicy", "Any Policy" },
{ NULL, 0, NULL, NULL },
};
FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies)
-FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, mbedtls_oid_descriptor_t, certificate_policies, const char *, description)
+FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies,
+ mbedtls_oid_descriptor_t,
+ certificate_policies,
+ const char *,
+ description)
#if defined(MBEDTLS_MD_C)
/*
@@ -319,51 +344,51 @@
#if defined(MBEDTLS_RSA_C)
#if defined(MBEDTLS_MD2_C)
{
- { ADD_LEN( MBEDTLS_OID_PKCS1_MD2 ), "md2WithRSAEncryption", "RSA with MD2" },
+ { ADD_LEN(MBEDTLS_OID_PKCS1_MD2), "md2WithRSAEncryption", "RSA with MD2" },
MBEDTLS_MD_MD2, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_MD2_C */
#if defined(MBEDTLS_MD4_C)
{
- { ADD_LEN( MBEDTLS_OID_PKCS1_MD4 ), "md4WithRSAEncryption", "RSA with MD4" },
+ { ADD_LEN(MBEDTLS_OID_PKCS1_MD4), "md4WithRSAEncryption", "RSA with MD4" },
MBEDTLS_MD_MD4, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_MD4_C */
#if defined(MBEDTLS_MD5_C)
{
- { ADD_LEN( MBEDTLS_OID_PKCS1_MD5 ), "md5WithRSAEncryption", "RSA with MD5" },
+ { ADD_LEN(MBEDTLS_OID_PKCS1_MD5), "md5WithRSAEncryption", "RSA with MD5" },
MBEDTLS_MD_MD5, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_MD5_C */
#if defined(MBEDTLS_SHA1_C)
{
- { ADD_LEN( MBEDTLS_OID_PKCS1_SHA1 ), "sha-1WithRSAEncryption", "RSA with SHA1" },
+ { ADD_LEN(MBEDTLS_OID_PKCS1_SHA1), "sha-1WithRSAEncryption", "RSA with SHA1" },
MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
{
- { ADD_LEN( MBEDTLS_OID_PKCS1_SHA224 ), "sha224WithRSAEncryption", "RSA with SHA-224" },
+ { ADD_LEN(MBEDTLS_OID_PKCS1_SHA224), "sha224WithRSAEncryption", "RSA with SHA-224" },
MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA,
},
{
- { ADD_LEN( MBEDTLS_OID_PKCS1_SHA256 ), "sha256WithRSAEncryption", "RSA with SHA-256" },
+ { ADD_LEN(MBEDTLS_OID_PKCS1_SHA256), "sha256WithRSAEncryption", "RSA with SHA-256" },
MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA512_C)
{
- { ADD_LEN( MBEDTLS_OID_PKCS1_SHA384 ), "sha384WithRSAEncryption", "RSA with SHA-384" },
+ { ADD_LEN(MBEDTLS_OID_PKCS1_SHA384), "sha384WithRSAEncryption", "RSA with SHA-384" },
MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA,
},
{
- { ADD_LEN( MBEDTLS_OID_PKCS1_SHA512 ), "sha512WithRSAEncryption", "RSA with SHA-512" },
+ { ADD_LEN(MBEDTLS_OID_PKCS1_SHA512), "sha512WithRSAEncryption", "RSA with SHA-512" },
MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_SHA512_C */
#if defined(MBEDTLS_SHA1_C)
{
- { ADD_LEN( MBEDTLS_OID_RSA_SHA_OBS ), "sha-1WithRSAEncryption", "RSA with SHA1" },
+ { ADD_LEN(MBEDTLS_OID_RSA_SHA_OBS), "sha-1WithRSAEncryption", "RSA with SHA1" },
MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_SHA1_C */
@@ -371,34 +396,34 @@
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_SHA1_C)
{
- { ADD_LEN( MBEDTLS_OID_ECDSA_SHA1 ), "ecdsa-with-SHA1", "ECDSA with SHA1" },
+ { ADD_LEN(MBEDTLS_OID_ECDSA_SHA1), "ecdsa-with-SHA1", "ECDSA with SHA1" },
MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA,
},
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
{
- { ADD_LEN( MBEDTLS_OID_ECDSA_SHA224 ), "ecdsa-with-SHA224", "ECDSA with SHA224" },
+ { ADD_LEN(MBEDTLS_OID_ECDSA_SHA224), "ecdsa-with-SHA224", "ECDSA with SHA224" },
MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA,
},
{
- { ADD_LEN( MBEDTLS_OID_ECDSA_SHA256 ), "ecdsa-with-SHA256", "ECDSA with SHA256" },
+ { ADD_LEN(MBEDTLS_OID_ECDSA_SHA256), "ecdsa-with-SHA256", "ECDSA with SHA256" },
MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA,
},
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA512_C)
{
- { ADD_LEN( MBEDTLS_OID_ECDSA_SHA384 ), "ecdsa-with-SHA384", "ECDSA with SHA384" },
+ { ADD_LEN(MBEDTLS_OID_ECDSA_SHA384), "ecdsa-with-SHA384", "ECDSA with SHA384" },
MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA,
},
{
- { ADD_LEN( MBEDTLS_OID_ECDSA_SHA512 ), "ecdsa-with-SHA512", "ECDSA with SHA512" },
+ { ADD_LEN(MBEDTLS_OID_ECDSA_SHA512), "ecdsa-with-SHA512", "ECDSA with SHA512" },
MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA,
},
#endif /* MBEDTLS_SHA512_C */
#endif /* MBEDTLS_ECDSA_C */
#if defined(MBEDTLS_RSA_C)
{
- { ADD_LEN( MBEDTLS_OID_RSASSA_PSS ), "RSASSA-PSS", "RSASSA-PSS" },
+ { ADD_LEN(MBEDTLS_OID_RSASSA_PSS), "RSASSA-PSS", "RSASSA-PSS" },
MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS,
},
#endif /* MBEDTLS_RSA_C */
@@ -409,9 +434,25 @@
};
FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg)
-FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description)
-FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, oid_sig_alg_t, sig_alg, mbedtls_md_type_t, md_alg, mbedtls_pk_type_t, pk_alg)
-FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, mbedtls_pk_type_t, pk_alg, mbedtls_md_type_t, md_alg)
+FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc,
+ oid_sig_alg_t,
+ sig_alg,
+ const char *,
+ description)
+FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg,
+ oid_sig_alg_t,
+ sig_alg,
+ mbedtls_md_type_t,
+ md_alg,
+ mbedtls_pk_type_t,
+ pk_alg)
+FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg,
+ oid_sig_alg_t,
+ oid_sig_alg,
+ mbedtls_pk_type_t,
+ pk_alg,
+ mbedtls_md_type_t,
+ md_alg)
#endif /* MBEDTLS_MD_C */
/*
@@ -425,15 +466,15 @@
static const oid_pk_alg_t oid_pk_alg[] =
{
{
- { ADD_LEN( MBEDTLS_OID_PKCS1_RSA ), "rsaEncryption", "RSA" },
+ { ADD_LEN(MBEDTLS_OID_PKCS1_RSA), "rsaEncryption", "RSA" },
MBEDTLS_PK_RSA,
},
{
- { ADD_LEN( MBEDTLS_OID_EC_ALG_UNRESTRICTED ), "id-ecPublicKey", "Generic EC key" },
+ { ADD_LEN(MBEDTLS_OID_EC_ALG_UNRESTRICTED), "id-ecPublicKey", "Generic EC key" },
MBEDTLS_PK_ECKEY,
},
{
- { ADD_LEN( MBEDTLS_OID_EC_ALG_ECDH ), "id-ecDH", "EC key for ECDH" },
+ { ADD_LEN(MBEDTLS_OID_EC_ALG_ECDH), "id-ecDH", "EC key for ECDH" },
MBEDTLS_PK_ECKEY_DH,
},
{
@@ -444,7 +485,11 @@
FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg)
FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg)
-FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, oid_pk_alg_t, oid_pk_alg, mbedtls_pk_type_t, pk_alg)
+FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg,
+ oid_pk_alg_t,
+ oid_pk_alg,
+ mbedtls_pk_type_t,
+ pk_alg)
#if defined(MBEDTLS_ECP_C)
/*
@@ -459,67 +504,67 @@
{
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
{
- { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192R1 ), "secp192r1", "secp192r1" },
+ { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP192R1), "secp192r1", "secp192r1" },
MBEDTLS_ECP_DP_SECP192R1,
},
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
{
- { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224R1 ), "secp224r1", "secp224r1" },
+ { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP224R1), "secp224r1", "secp224r1" },
MBEDTLS_ECP_DP_SECP224R1,
},
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
{
- { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256R1 ), "secp256r1", "secp256r1" },
+ { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP256R1), "secp256r1", "secp256r1" },
MBEDTLS_ECP_DP_SECP256R1,
},
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
{
- { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP384R1 ), "secp384r1", "secp384r1" },
+ { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP384R1), "secp384r1", "secp384r1" },
MBEDTLS_ECP_DP_SECP384R1,
},
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
{
- { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP521R1 ), "secp521r1", "secp521r1" },
+ { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP521R1), "secp521r1", "secp521r1" },
MBEDTLS_ECP_DP_SECP521R1,
},
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
{
- { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192K1 ), "secp192k1", "secp192k1" },
+ { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP192K1), "secp192k1", "secp192k1" },
MBEDTLS_ECP_DP_SECP192K1,
},
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
{
- { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224K1 ), "secp224k1", "secp224k1" },
+ { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP224K1), "secp224k1", "secp224k1" },
MBEDTLS_ECP_DP_SECP224K1,
},
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
{
- { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256K1 ), "secp256k1", "secp256k1" },
+ { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP256K1), "secp256k1", "secp256k1" },
MBEDTLS_ECP_DP_SECP256K1,
},
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
{
- { ADD_LEN( MBEDTLS_OID_EC_GRP_BP256R1 ), "brainpoolP256r1","brainpool256r1" },
+ { ADD_LEN(MBEDTLS_OID_EC_GRP_BP256R1), "brainpoolP256r1", "brainpool256r1" },
MBEDTLS_ECP_DP_BP256R1,
},
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
{
- { ADD_LEN( MBEDTLS_OID_EC_GRP_BP384R1 ), "brainpoolP384r1","brainpool384r1" },
+ { ADD_LEN(MBEDTLS_OID_EC_GRP_BP384R1), "brainpoolP384r1", "brainpool384r1" },
MBEDTLS_ECP_DP_BP384R1,
},
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
{
- { ADD_LEN( MBEDTLS_OID_EC_GRP_BP512R1 ), "brainpoolP512r1","brainpool512r1" },
+ { ADD_LEN(MBEDTLS_OID_EC_GRP_BP512R1), "brainpoolP512r1", "brainpool512r1" },
MBEDTLS_ECP_DP_BP512R1,
},
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
@@ -531,7 +576,11 @@
FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp)
FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id)
-FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, mbedtls_ecp_group_id, grp_id)
+FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp,
+ oid_ecp_grp_t,
+ oid_ecp_grp,
+ mbedtls_ecp_group_id,
+ grp_id)
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_CIPHER_C)
@@ -546,11 +595,11 @@
static const oid_cipher_alg_t oid_cipher_alg[] =
{
{
- { ADD_LEN( MBEDTLS_OID_DES_CBC ), "desCBC", "DES-CBC" },
+ { ADD_LEN(MBEDTLS_OID_DES_CBC), "desCBC", "DES-CBC" },
MBEDTLS_CIPHER_DES_CBC,
},
{
- { ADD_LEN( MBEDTLS_OID_DES_EDE3_CBC ), "des-ede3-cbc", "DES-EDE3-CBC" },
+ { ADD_LEN(MBEDTLS_OID_DES_EDE3_CBC), "des-ede3-cbc", "DES-EDE3-CBC" },
MBEDTLS_CIPHER_DES_EDE3_CBC,
},
{
@@ -560,7 +609,11 @@
};
FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg)
-FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, oid_cipher_alg_t, cipher_alg, mbedtls_cipher_type_t, cipher_alg)
+FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg,
+ oid_cipher_alg_t,
+ cipher_alg,
+ mbedtls_cipher_type_t,
+ cipher_alg)
#endif /* MBEDTLS_CIPHER_C */
#if defined(MBEDTLS_MD_C)
@@ -576,51 +629,51 @@
{
#if defined(MBEDTLS_MD2_C)
{
- { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD2 ), "id-md2", "MD2" },
+ { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_MD2), "id-md2", "MD2" },
MBEDTLS_MD_MD2,
},
#endif /* MBEDTLS_MD2_C */
#if defined(MBEDTLS_MD4_C)
{
- { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD4 ), "id-md4", "MD4" },
+ { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_MD4), "id-md4", "MD4" },
MBEDTLS_MD_MD4,
},
#endif /* MBEDTLS_MD4_C */
#if defined(MBEDTLS_MD5_C)
{
- { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD5 ), "id-md5", "MD5" },
+ { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_MD5), "id-md5", "MD5" },
MBEDTLS_MD_MD5,
},
#endif /* MBEDTLS_MD5_C */
#if defined(MBEDTLS_SHA1_C)
{
- { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA1 ), "id-sha1", "SHA-1" },
+ { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA1), "id-sha1", "SHA-1" },
MBEDTLS_MD_SHA1,
},
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
{
- { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA224 ), "id-sha224", "SHA-224" },
+ { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA224), "id-sha224", "SHA-224" },
MBEDTLS_MD_SHA224,
},
{
- { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA256 ), "id-sha256", "SHA-256" },
+ { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA256), "id-sha256", "SHA-256" },
MBEDTLS_MD_SHA256,
},
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA512_C)
{
- { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA384 ), "id-sha384", "SHA-384" },
+ { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA384), "id-sha384", "SHA-384" },
MBEDTLS_MD_SHA384,
},
{
- { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA512 ), "id-sha512", "SHA-512" },
+ { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA512), "id-sha512", "SHA-512" },
MBEDTLS_MD_SHA512,
},
#endif /* MBEDTLS_SHA512_C */
#if defined(MBEDTLS_RIPEMD160_C)
{
- { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_RIPEMD160 ), "id-ripemd160", "RIPEMD-160" },
+ { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_RIPEMD160), "id-ripemd160", "RIPEMD-160" },
MBEDTLS_MD_RIPEMD160,
},
#endif /* MBEDTLS_RIPEMD160_C */
@@ -632,7 +685,11 @@
FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg)
FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg)
-FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, mbedtls_md_type_t, md_alg)
+FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md,
+ oid_md_alg_t,
+ oid_md_alg,
+ mbedtls_md_type_t,
+ md_alg)
/*
* For HMAC digestAlgorithm
@@ -646,27 +703,27 @@
{
#if defined(MBEDTLS_SHA1_C)
{
- { ADD_LEN( MBEDTLS_OID_HMAC_SHA1 ), "hmacSHA1", "HMAC-SHA-1" },
+ { ADD_LEN(MBEDTLS_OID_HMAC_SHA1), "hmacSHA1", "HMAC-SHA-1" },
MBEDTLS_MD_SHA1,
},
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
{
- { ADD_LEN( MBEDTLS_OID_HMAC_SHA224 ), "hmacSHA224", "HMAC-SHA-224" },
+ { ADD_LEN(MBEDTLS_OID_HMAC_SHA224), "hmacSHA224", "HMAC-SHA-224" },
MBEDTLS_MD_SHA224,
},
{
- { ADD_LEN( MBEDTLS_OID_HMAC_SHA256 ), "hmacSHA256", "HMAC-SHA-256" },
+ { ADD_LEN(MBEDTLS_OID_HMAC_SHA256), "hmacSHA256", "HMAC-SHA-256" },
MBEDTLS_MD_SHA256,
},
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA512_C)
{
- { ADD_LEN( MBEDTLS_OID_HMAC_SHA384 ), "hmacSHA384", "HMAC-SHA-384" },
+ { ADD_LEN(MBEDTLS_OID_HMAC_SHA384), "hmacSHA384", "HMAC-SHA-384" },
MBEDTLS_MD_SHA384,
},
{
- { ADD_LEN( MBEDTLS_OID_HMAC_SHA512 ), "hmacSHA512", "HMAC-SHA-512" },
+ { ADD_LEN(MBEDTLS_OID_HMAC_SHA512), "hmacSHA512", "HMAC-SHA-512" },
MBEDTLS_MD_SHA512,
},
#endif /* MBEDTLS_SHA512_C */
@@ -693,11 +750,13 @@
static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
{
{
- { ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC ), "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" },
+ { ADD_LEN(MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC), "pbeWithSHAAnd3-KeyTripleDES-CBC",
+ "PBE with SHA1 and 3-Key 3DES" },
MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC,
},
{
- { ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC ), "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" },
+ { ADD_LEN(MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC), "pbeWithSHAAnd2-KeyTripleDES-CBC",
+ "PBE with SHA1 and 2-Key 3DES" },
MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC,
},
{
@@ -707,21 +766,27 @@
};
FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg)
-FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, mbedtls_md_type_t, md_alg, mbedtls_cipher_type_t, cipher_alg)
+FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg,
+ oid_pkcs12_pbe_alg_t,
+ pkcs12_pbe_alg,
+ mbedtls_md_type_t,
+ md_alg,
+ mbedtls_cipher_type_t,
+ cipher_alg)
#endif /* MBEDTLS_PKCS12_C */
#define OID_SAFE_SNPRINTF \
do { \
- if( ret < 0 || (size_t) ret >= n ) \
- return( MBEDTLS_ERR_OID_BUF_TOO_SMALL ); \
- \
+ if (ret < 0 || (size_t) ret >= n) \
+ return MBEDTLS_ERR_OID_BUF_TOO_SMALL; \
+ \
n -= (size_t) ret; \
p += (size_t) ret; \
- } while( 0 )
+ } while (0)
/* Return the x.y.z.... style numeric string for the given OID */
-int mbedtls_oid_get_numeric_string( char *buf, size_t size,
- const mbedtls_asn1_buf *oid )
+int mbedtls_oid_get_numeric_string(char *buf, size_t size,
+ const mbedtls_asn1_buf *oid)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, n;
@@ -732,32 +797,30 @@
n = size;
/* First byte contains first two dots */
- if( oid->len > 0 )
- {
- ret = mbedtls_snprintf( p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40 );
+ if (oid->len > 0) {
+ ret = mbedtls_snprintf(p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40);
OID_SAFE_SNPRINTF;
}
value = 0;
- for( i = 1; i < oid->len; i++ )
- {
+ for (i = 1; i < oid->len; i++) {
/* Prevent overflow in value. */
- if( ( ( value << 7 ) >> 7 ) != value )
- return( MBEDTLS_ERR_OID_BUF_TOO_SMALL );
+ if (((value << 7) >> 7) != value) {
+ return MBEDTLS_ERR_OID_BUF_TOO_SMALL;
+ }
value <<= 7;
value += oid->p[i] & 0x7F;
- if( !( oid->p[i] & 0x80 ) )
- {
+ if (!(oid->p[i] & 0x80)) {
/* Last byte */
- ret = mbedtls_snprintf( p, n, ".%u", value );
+ ret = mbedtls_snprintf(p, n, ".%u", value);
OID_SAFE_SNPRINTF;
value = 0;
}
}
- return( (int) ( size - n ) );
+ return (int) (size - n);
}
#endif /* MBEDTLS_OID_C */
diff --git a/library/padlock.c b/library/padlock.c
index 12ea247..303f82c7 100644
--- a/library/padlock.c
+++ b/library/padlock.c
@@ -42,14 +42,13 @@
/*
* PadLock detection routine
*/
-int mbedtls_padlock_has_support( int feature )
+int mbedtls_padlock_has_support(int feature)
{
static int flags = -1;
int ebx = 0, edx = 0;
- if( flags == -1 )
- {
- asm( "movl %%ebx, %0 \n\t"
+ if (flags == -1) {
+ asm ("movl %%ebx, %0 \n\t"
"movl $0xC0000000, %%eax \n\t"
"cpuid \n\t"
"cmpl $0xC0000001, %%eax \n\t"
@@ -62,21 +61,21 @@
"movl %2, %%ebx \n\t"
: "=m" (ebx), "=m" (edx)
: "m" (ebx)
- : "eax", "ecx", "edx" );
+ : "eax", "ecx", "edx");
flags = edx;
}
- return( flags & feature );
+ return flags & feature;
}
/*
* PadLock AES-ECB block en(de)cryption
*/
-int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] )
+int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx,
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16])
{
int ebx = 0;
uint32_t *rk;
@@ -85,13 +84,13 @@
unsigned char buf[256];
rk = ctx->rk;
- blk = MBEDTLS_PADLOCK_ALIGN16( buf );
- memcpy( blk, input, 16 );
+ blk = MBEDTLS_PADLOCK_ALIGN16(buf);
+ memcpy(blk, input, 16);
- ctrl = blk + 4;
- *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode^1 ) - 10 ) << 9 );
+ ctrl = blk + 4;
+ *ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode^1) - 10) << 9);
- asm( "pushfl \n\t"
+ asm ("pushfl \n\t"
"popfl \n\t"
"movl %%ebx, %0 \n\t"
"movl $1, %%ecx \n\t"
@@ -103,22 +102,22 @@
"movl %1, %%ebx \n\t"
: "=m" (ebx)
: "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk)
- : "memory", "ecx", "edx", "esi", "edi" );
+ : "memory", "ecx", "edx", "esi", "edi");
- memcpy( output, blk, 16 );
+ memcpy(output, blk, 16);
- return( 0 );
+ return 0;
}
/*
* PadLock AES-CBC buffer en(de)cryption
*/
-int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output)
{
int ebx = 0;
size_t count;
@@ -127,20 +126,21 @@
uint32_t *ctrl;
unsigned char buf[256];
- if( ( (long) input & 15 ) != 0 ||
- ( (long) output & 15 ) != 0 )
- return( MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED );
+ if (((long) input & 15) != 0 ||
+ ((long) output & 15) != 0) {
+ return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED;
+ }
rk = ctx->rk;
- iw = MBEDTLS_PADLOCK_ALIGN16( buf );
- memcpy( iw, iv, 16 );
+ iw = MBEDTLS_PADLOCK_ALIGN16(buf);
+ memcpy(iw, iv, 16);
- ctrl = iw + 4;
- *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode ^ 1 ) - 10 ) << 9 );
+ ctrl = iw + 4;
+ *ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode ^ 1) - 10) << 9);
- count = ( length + 15 ) >> 4;
+ count = (length + 15) >> 4;
- asm( "pushfl \n\t"
+ asm ("pushfl \n\t"
"popfl \n\t"
"movl %%ebx, %0 \n\t"
"movl %2, %%ecx \n\t"
@@ -153,12 +153,12 @@
"movl %1, %%ebx \n\t"
: "=m" (ebx)
: "m" (ebx), "m" (count), "m" (ctrl),
- "m" (rk), "m" (input), "m" (output), "m" (iw)
- : "memory", "eax", "ecx", "edx", "esi", "edi" );
+ "m" (rk), "m" (input), "m" (output), "m" (iw)
+ : "memory", "eax", "ecx", "edx", "esi", "edi");
- memcpy( iv, iw, 16 );
+ memcpy(iv, iw, 16);
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_HAVE_X86 */
diff --git a/library/pem.c b/library/pem.c
index cb1c82b..3b9a3e9 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -35,151 +35,170 @@
#include "mbedtls/platform.h"
#if defined(MBEDTLS_PEM_PARSE_C)
-void mbedtls_pem_init( mbedtls_pem_context *ctx )
+void mbedtls_pem_init(mbedtls_pem_context *ctx)
{
- memset( ctx, 0, sizeof( mbedtls_pem_context ) );
+ memset(ctx, 0, sizeof(mbedtls_pem_context));
}
#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
- ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
+ (defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C))
/*
* Read a 16-byte hex string and convert it to binary
*/
-static int pem_get_iv( const unsigned char *s, unsigned char *iv,
- size_t iv_len )
+static int pem_get_iv(const unsigned char *s, unsigned char *iv,
+ size_t iv_len)
{
size_t i, j, k;
- memset( iv, 0, iv_len );
+ memset(iv, 0, iv_len);
- for( i = 0; i < iv_len * 2; i++, s++ )
- {
- if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
- if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
- if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
- return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
+ for (i = 0; i < iv_len * 2; i++, s++) {
+ if (*s >= '0' && *s <= '9') {
+ j = *s - '0';
+ } else
+ if (*s >= 'A' && *s <= 'F') {
+ j = *s - '7';
+ } else
+ if (*s >= 'a' && *s <= 'f') {
+ j = *s - 'W';
+ } else {
+ return MBEDTLS_ERR_PEM_INVALID_ENC_IV;
+ }
- k = ( ( i & 1 ) != 0 ) ? j : j << 4;
+ k = ((i & 1) != 0) ? j : j << 4;
- iv[i >> 1] = (unsigned char)( iv[i >> 1] | k );
+ iv[i >> 1] = (unsigned char) (iv[i >> 1] | k);
}
- return( 0 );
+ return 0;
}
-static int pem_pbkdf1( unsigned char *key, size_t keylen,
- unsigned char *iv,
- const unsigned char *pwd, size_t pwdlen )
+static int pem_pbkdf1(unsigned char *key, size_t keylen,
+ unsigned char *iv,
+ const unsigned char *pwd, size_t pwdlen)
{
mbedtls_md5_context md5_ctx;
unsigned char md5sum[16];
size_t use_len;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_md5_init( &md5_ctx );
+ mbedtls_md5_init(&md5_ctx);
/*
* key[ 0..15] = MD5(pwd || IV)
*/
- if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 )
+ if ((ret = mbedtls_md5_starts_ret(&md5_ctx)) != 0) {
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 )
+ }
+ if ((ret = mbedtls_md5_update_ret(&md5_ctx, pwd, pwdlen)) != 0) {
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 )
+ }
+ if ((ret = mbedtls_md5_update_ret(&md5_ctx, iv, 8)) != 0) {
goto exit;
- if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 )
- goto exit;
-
- if( keylen <= 16 )
- {
- memcpy( key, md5sum, keylen );
+ }
+ if ((ret = mbedtls_md5_finish_ret(&md5_ctx, md5sum)) != 0) {
goto exit;
}
- memcpy( key, md5sum, 16 );
+ if (keylen <= 16) {
+ memcpy(key, md5sum, keylen);
+ goto exit;
+ }
+
+ memcpy(key, md5sum, 16);
/*
* key[16..23] = MD5(key[ 0..15] || pwd || IV])
*/
- if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 )
+ if ((ret = mbedtls_md5_starts_ret(&md5_ctx)) != 0) {
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &md5_ctx, md5sum, 16 ) ) != 0 )
+ }
+ if ((ret = mbedtls_md5_update_ret(&md5_ctx, md5sum, 16)) != 0) {
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 )
+ }
+ if ((ret = mbedtls_md5_update_ret(&md5_ctx, pwd, pwdlen)) != 0) {
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 )
+ }
+ if ((ret = mbedtls_md5_update_ret(&md5_ctx, iv, 8)) != 0) {
goto exit;
- if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 )
+ }
+ if ((ret = mbedtls_md5_finish_ret(&md5_ctx, md5sum)) != 0) {
goto exit;
+ }
use_len = 16;
- if( keylen < 32 )
+ if (keylen < 32) {
use_len = keylen - 16;
+ }
- memcpy( key + 16, md5sum, use_len );
+ memcpy(key + 16, md5sum, use_len);
exit:
- mbedtls_md5_free( &md5_ctx );
- mbedtls_platform_zeroize( md5sum, 16 );
+ mbedtls_md5_free(&md5_ctx);
+ mbedtls_platform_zeroize(md5sum, 16);
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_DES_C)
/*
* Decrypt with DES-CBC, using PBKDF1 for key derivation
*/
-static int pem_des_decrypt( unsigned char des_iv[8],
- unsigned char *buf, size_t buflen,
- const unsigned char *pwd, size_t pwdlen )
+static int pem_des_decrypt(unsigned char des_iv[8],
+ unsigned char *buf, size_t buflen,
+ const unsigned char *pwd, size_t pwdlen)
{
mbedtls_des_context des_ctx;
unsigned char des_key[8];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_des_init( &des_ctx );
+ mbedtls_des_init(&des_ctx);
- if( ( ret = pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ) ) != 0 )
+ if ((ret = pem_pbkdf1(des_key, 8, des_iv, pwd, pwdlen)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_des_setkey_dec( &des_ctx, des_key ) ) != 0 )
+ if ((ret = mbedtls_des_setkey_dec(&des_ctx, des_key)) != 0) {
goto exit;
- ret = mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen,
- des_iv, buf, buf );
+ }
+ ret = mbedtls_des_crypt_cbc(&des_ctx, MBEDTLS_DES_DECRYPT, buflen,
+ des_iv, buf, buf);
exit:
- mbedtls_des_free( &des_ctx );
- mbedtls_platform_zeroize( des_key, 8 );
+ mbedtls_des_free(&des_ctx);
+ mbedtls_platform_zeroize(des_key, 8);
- return( ret );
+ return ret;
}
/*
* Decrypt with 3DES-CBC, using PBKDF1 for key derivation
*/
-static int pem_des3_decrypt( unsigned char des3_iv[8],
- unsigned char *buf, size_t buflen,
- const unsigned char *pwd, size_t pwdlen )
+static int pem_des3_decrypt(unsigned char des3_iv[8],
+ unsigned char *buf, size_t buflen,
+ const unsigned char *pwd, size_t pwdlen)
{
mbedtls_des3_context des3_ctx;
unsigned char des3_key[24];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_des3_init( &des3_ctx );
+ mbedtls_des3_init(&des3_ctx);
- if( ( ret = pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ) ) != 0 )
+ if ((ret = pem_pbkdf1(des3_key, 24, des3_iv, pwd, pwdlen)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 )
+ if ((ret = mbedtls_des3_set3key_dec(&des3_ctx, des3_key)) != 0) {
goto exit;
- ret = mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
- des3_iv, buf, buf );
+ }
+ ret = mbedtls_des3_crypt_cbc(&des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
+ des3_iv, buf, buf);
exit:
- mbedtls_des3_free( &des3_ctx );
- mbedtls_platform_zeroize( des3_key, 24 );
+ mbedtls_des3_free(&des3_ctx);
+ mbedtls_platform_zeroize(des3_key, 24);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_DES_C */
@@ -187,45 +206,47 @@
/*
* Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
*/
-static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
- unsigned char *buf, size_t buflen,
- const unsigned char *pwd, size_t pwdlen )
+static int pem_aes_decrypt(unsigned char aes_iv[16], unsigned int keylen,
+ unsigned char *buf, size_t buflen,
+ const unsigned char *pwd, size_t pwdlen)
{
mbedtls_aes_context aes_ctx;
unsigned char aes_key[32];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_aes_init( &aes_ctx );
+ mbedtls_aes_init(&aes_ctx);
- if( ( ret = pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ) ) != 0 )
+ if ((ret = pem_pbkdf1(aes_key, keylen, aes_iv, pwd, pwdlen)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 )
+ if ((ret = mbedtls_aes_setkey_dec(&aes_ctx, aes_key, keylen * 8)) != 0) {
goto exit;
- ret = mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
- aes_iv, buf, buf );
+ }
+ ret = mbedtls_aes_crypt_cbc(&aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
+ aes_iv, buf, buf);
exit:
- mbedtls_aes_free( &aes_ctx );
- mbedtls_platform_zeroize( aes_key, keylen );
+ mbedtls_aes_free(&aes_ctx);
+ mbedtls_platform_zeroize(aes_key, keylen);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_AES_C */
#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
-int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
- const unsigned char *data, const unsigned char *pwd,
- size_t pwdlen, size_t *use_len )
+int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const char *footer,
+ const unsigned char *data, const unsigned char *pwd,
+ size_t pwdlen, size_t *use_len)
{
int ret, enc;
size_t len;
unsigned char *buf;
const unsigned char *s1, *s2, *end;
#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
- ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
+ (defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C))
unsigned char pem_iv[16];
mbedtls_cipher_type_t enc_alg = MBEDTLS_CIPHER_NONE;
#else
@@ -234,154 +255,181 @@
#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
- if( ctx == NULL )
- return( MBEDTLS_ERR_PEM_BAD_INPUT_DATA );
+ if (ctx == NULL) {
+ return MBEDTLS_ERR_PEM_BAD_INPUT_DATA;
+ }
- s1 = (unsigned char *) strstr( (const char *) data, header );
+ s1 = (unsigned char *) strstr((const char *) data, header);
- if( s1 == NULL )
- return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
+ if (s1 == NULL) {
+ return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
+ }
- s2 = (unsigned char *) strstr( (const char *) data, footer );
+ s2 = (unsigned char *) strstr((const char *) data, footer);
- if( s2 == NULL || s2 <= s1 )
- return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
+ if (s2 == NULL || s2 <= s1) {
+ return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
+ }
- s1 += strlen( header );
- if( *s1 == ' ' ) s1++;
- if( *s1 == '\r' ) s1++;
- if( *s1 == '\n' ) s1++;
- else return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
+ s1 += strlen(header);
+ if (*s1 == ' ') {
+ s1++;
+ }
+ if (*s1 == '\r') {
+ s1++;
+ }
+ if (*s1 == '\n') {
+ s1++;
+ } else {
+ return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
+ }
end = s2;
- end += strlen( footer );
- if( *end == ' ' ) end++;
- if( *end == '\r' ) end++;
- if( *end == '\n' ) end++;
+ end += strlen(footer);
+ if (*end == ' ') {
+ end++;
+ }
+ if (*end == '\r') {
+ end++;
+ }
+ if (*end == '\n') {
+ end++;
+ }
*use_len = end - data;
enc = 0;
- if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
- {
+ if (s2 - s1 >= 22 && memcmp(s1, "Proc-Type: 4,ENCRYPTED", 22) == 0) {
#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
- ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
+ (defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C))
enc++;
s1 += 22;
- if( *s1 == '\r' ) s1++;
- if( *s1 == '\n' ) s1++;
- else return( MBEDTLS_ERR_PEM_INVALID_DATA );
+ if (*s1 == '\r') {
+ s1++;
+ }
+ if (*s1 == '\n') {
+ s1++;
+ } else {
+ return MBEDTLS_ERR_PEM_INVALID_DATA;
+ }
#if defined(MBEDTLS_DES_C)
- if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
- {
+ if (s2 - s1 >= 23 && memcmp(s1, "DEK-Info: DES-EDE3-CBC,", 23) == 0) {
enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC;
s1 += 23;
- if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 )
- return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
+ if (s2 - s1 < 16 || pem_get_iv(s1, pem_iv, 8) != 0) {
+ return MBEDTLS_ERR_PEM_INVALID_ENC_IV;
+ }
s1 += 16;
- }
- else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
- {
+ } else if (s2 - s1 >= 18 && memcmp(s1, "DEK-Info: DES-CBC,", 18) == 0) {
enc_alg = MBEDTLS_CIPHER_DES_CBC;
s1 += 18;
- if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 )
- return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
+ if (s2 - s1 < 16 || pem_get_iv(s1, pem_iv, 8) != 0) {
+ return MBEDTLS_ERR_PEM_INVALID_ENC_IV;
+ }
s1 += 16;
}
#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_AES_C)
- if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
- {
- if( s2 - s1 < 22 )
- return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
- else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
+ if (s2 - s1 >= 14 && memcmp(s1, "DEK-Info: AES-", 14) == 0) {
+ if (s2 - s1 < 22) {
+ return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG;
+ } else if (memcmp(s1, "DEK-Info: AES-128-CBC,", 22) == 0) {
enc_alg = MBEDTLS_CIPHER_AES_128_CBC;
- else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
+ } else if (memcmp(s1, "DEK-Info: AES-192-CBC,", 22) == 0) {
enc_alg = MBEDTLS_CIPHER_AES_192_CBC;
- else if( memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 )
+ } else if (memcmp(s1, "DEK-Info: AES-256-CBC,", 22) == 0) {
enc_alg = MBEDTLS_CIPHER_AES_256_CBC;
- else
- return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
+ } else {
+ return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG;
+ }
s1 += 22;
- if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 )
- return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
+ if (s2 - s1 < 32 || pem_get_iv(s1, pem_iv, 16) != 0) {
+ return MBEDTLS_ERR_PEM_INVALID_ENC_IV;
+ }
s1 += 32;
}
#endif /* MBEDTLS_AES_C */
- if( enc_alg == MBEDTLS_CIPHER_NONE )
- return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
+ if (enc_alg == MBEDTLS_CIPHER_NONE) {
+ return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG;
+ }
- if( *s1 == '\r' ) s1++;
- if( *s1 == '\n' ) s1++;
- else return( MBEDTLS_ERR_PEM_INVALID_DATA );
+ if (*s1 == '\r') {
+ s1++;
+ }
+ if (*s1 == '\n') {
+ s1++;
+ } else {
+ return MBEDTLS_ERR_PEM_INVALID_DATA;
+ }
#else
- return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE;
#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
}
- if( s1 >= s2 )
- return( MBEDTLS_ERR_PEM_INVALID_DATA );
-
- ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 );
-
- if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PEM_INVALID_DATA, ret ) );
-
- if( ( buf = mbedtls_calloc( 1, len ) ) == NULL )
- return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
-
- if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 )
- {
- mbedtls_platform_zeroize( buf, len );
- mbedtls_free( buf );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PEM_INVALID_DATA, ret ) );
+ if (s1 >= s2) {
+ return MBEDTLS_ERR_PEM_INVALID_DATA;
}
- if( enc != 0 )
- {
+ ret = mbedtls_base64_decode(NULL, 0, &len, s1, s2 - s1);
+
+ if (ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret);
+ }
+
+ if ((buf = mbedtls_calloc(1, len)) == NULL) {
+ return MBEDTLS_ERR_PEM_ALLOC_FAILED;
+ }
+
+ if ((ret = mbedtls_base64_decode(buf, len, &len, s1, s2 - s1)) != 0) {
+ mbedtls_platform_zeroize(buf, len);
+ mbedtls_free(buf);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret);
+ }
+
+ if (enc != 0) {
#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
- ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
- if( pwd == NULL )
- {
- mbedtls_platform_zeroize( buf, len );
- mbedtls_free( buf );
- return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
+ (defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C))
+ if (pwd == NULL) {
+ mbedtls_platform_zeroize(buf, len);
+ mbedtls_free(buf);
+ return MBEDTLS_ERR_PEM_PASSWORD_REQUIRED;
}
ret = 0;
#if defined(MBEDTLS_DES_C)
- if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC )
- ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
- else if( enc_alg == MBEDTLS_CIPHER_DES_CBC )
- ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
+ if (enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC) {
+ ret = pem_des3_decrypt(pem_iv, buf, len, pwd, pwdlen);
+ } else if (enc_alg == MBEDTLS_CIPHER_DES_CBC) {
+ ret = pem_des_decrypt(pem_iv, buf, len, pwd, pwdlen);
+ }
#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_AES_C)
- if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC )
- ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
- else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC )
- ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
- else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC )
- ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
+ if (enc_alg == MBEDTLS_CIPHER_AES_128_CBC) {
+ ret = pem_aes_decrypt(pem_iv, 16, buf, len, pwd, pwdlen);
+ } else if (enc_alg == MBEDTLS_CIPHER_AES_192_CBC) {
+ ret = pem_aes_decrypt(pem_iv, 24, buf, len, pwd, pwdlen);
+ } else if (enc_alg == MBEDTLS_CIPHER_AES_256_CBC) {
+ ret = pem_aes_decrypt(pem_iv, 32, buf, len, pwd, pwdlen);
+ }
#endif /* MBEDTLS_AES_C */
- if( ret != 0 )
- {
- mbedtls_free( buf );
- return( ret );
+ if (ret != 0) {
+ mbedtls_free(buf);
+ return ret;
}
/*
@@ -390,16 +438,15 @@
*
* Use that as a heuristic to try to detect password mismatches.
*/
- if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
- {
- mbedtls_platform_zeroize( buf, len );
- mbedtls_free( buf );
- return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH );
+ if (len <= 2 || buf[0] != 0x30 || buf[1] > 0x83) {
+ mbedtls_platform_zeroize(buf, len);
+ mbedtls_free(buf);
+ return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH;
}
#else
- mbedtls_platform_zeroize( buf, len );
- mbedtls_free( buf );
- return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
+ mbedtls_platform_zeroize(buf, len);
+ mbedtls_free(buf);
+ return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE;
#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
}
@@ -407,77 +454,73 @@
ctx->buf = buf;
ctx->buflen = len;
- return( 0 );
+ return 0;
}
-void mbedtls_pem_free( mbedtls_pem_context *ctx )
+void mbedtls_pem_free(mbedtls_pem_context *ctx)
{
- if ( ctx->buf != NULL )
- {
- mbedtls_platform_zeroize( ctx->buf, ctx->buflen );
- mbedtls_free( ctx->buf );
+ if (ctx->buf != NULL) {
+ mbedtls_platform_zeroize(ctx->buf, ctx->buflen);
+ mbedtls_free(ctx->buf);
}
- mbedtls_free( ctx->info );
+ mbedtls_free(ctx->info);
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pem_context));
}
#endif /* MBEDTLS_PEM_PARSE_C */
#if defined(MBEDTLS_PEM_WRITE_C)
-int mbedtls_pem_write_buffer( const char *header, const char *footer,
- const unsigned char *der_data, size_t der_len,
- unsigned char *buf, size_t buf_len, size_t *olen )
+int mbedtls_pem_write_buffer(const char *header, const char *footer,
+ const unsigned char *der_data, size_t der_len,
+ unsigned char *buf, size_t buf_len, size_t *olen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *encode_buf = NULL, *c, *p = buf;
size_t len = 0, use_len, add_len = 0;
- mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len );
- add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
+ mbedtls_base64_encode(NULL, 0, &use_len, der_data, der_len);
+ add_len = strlen(header) + strlen(footer) + (use_len / 64) + 1;
- if( use_len + add_len > buf_len )
- {
+ if (use_len + add_len > buf_len) {
*olen = use_len + add_len;
- return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+ return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
}
- if( use_len != 0 &&
- ( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) )
- return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
-
- if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data,
- der_len ) ) != 0 )
- {
- mbedtls_free( encode_buf );
- return( ret );
+ if (use_len != 0 &&
+ ((encode_buf = mbedtls_calloc(1, use_len)) == NULL)) {
+ return MBEDTLS_ERR_PEM_ALLOC_FAILED;
}
- memcpy( p, header, strlen( header ) );
- p += strlen( header );
+ if ((ret = mbedtls_base64_encode(encode_buf, use_len, &use_len, der_data,
+ der_len)) != 0) {
+ mbedtls_free(encode_buf);
+ return ret;
+ }
+
+ memcpy(p, header, strlen(header));
+ p += strlen(header);
c = encode_buf;
- while( use_len )
- {
- len = ( use_len > 64 ) ? 64 : use_len;
- memcpy( p, c, len );
+ while (use_len) {
+ len = (use_len > 64) ? 64 : use_len;
+ memcpy(p, c, len);
use_len -= len;
p += len;
c += len;
*p++ = '\n';
}
- memcpy( p, footer, strlen( footer ) );
- p += strlen( footer );
+ memcpy(p, footer, strlen(footer));
+ p += strlen(footer);
*p++ = '\0';
*olen = p - buf;
- /* Clean any remaining data previously written to the buffer */
- memset( buf + *olen, 0, buf_len - *olen );
+ /* Clean any remaining data previously written to the buffer */
+ memset(buf + *olen, 0, buf_len - *olen);
- mbedtls_free( encode_buf );
- return( 0 );
+ mbedtls_free(encode_buf);
+ return 0;
}
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */
-
diff --git a/library/pk.c b/library/pk.c
index 05cc213..d46a934 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -44,17 +44,17 @@
#include <stdint.h>
/* Parameter validation macros based on platform_util.h */
-#define PK_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
-#define PK_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define PK_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA)
+#define PK_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
/*
* Initialise a mbedtls_pk_context
*/
-void mbedtls_pk_init( mbedtls_pk_context *ctx )
+void mbedtls_pk_init(mbedtls_pk_context *ctx)
{
- PK_VALIDATE( ctx != NULL );
+ PK_VALIDATE(ctx != NULL);
ctx->pk_info = NULL;
ctx->pk_ctx = NULL;
@@ -63,24 +63,26 @@
/*
* Free (the components of) a mbedtls_pk_context
*/
-void mbedtls_pk_free( mbedtls_pk_context *ctx )
+void mbedtls_pk_free(mbedtls_pk_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- if ( ctx->pk_info != NULL )
- ctx->pk_info->ctx_free_func( ctx->pk_ctx );
+ if (ctx->pk_info != NULL) {
+ ctx->pk_info->ctx_free_func(ctx->pk_ctx);
+ }
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pk_context));
}
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/*
* Initialize a restart context
*/
-void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
+void mbedtls_pk_restart_init(mbedtls_pk_restart_ctx *ctx)
{
- PK_VALIDATE( ctx != NULL );
+ PK_VALIDATE(ctx != NULL);
ctx->pk_info = NULL;
ctx->rs_ctx = NULL;
}
@@ -88,15 +90,14 @@
/*
* Free the components of a restart context
*/
-void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx )
+void mbedtls_pk_restart_free(mbedtls_pk_restart_ctx *ctx)
{
- if( ctx == NULL || ctx->pk_info == NULL ||
- ctx->pk_info->rs_free_func == NULL )
- {
+ if (ctx == NULL || ctx->pk_info == NULL ||
+ ctx->pk_info->rs_free_func == NULL) {
return;
}
- ctx->pk_info->rs_free_func( ctx->rs_ctx );
+ ctx->pk_info->rs_free_func(ctx->rs_ctx);
ctx->pk_info = NULL;
ctx->rs_ctx = NULL;
@@ -106,79 +107,85 @@
/*
* Get pk_info structure from type
*/
-const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
+const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type)
{
- switch( pk_type ) {
+ switch (pk_type) {
#if defined(MBEDTLS_RSA_C)
case MBEDTLS_PK_RSA:
- return( &mbedtls_rsa_info );
+ return &mbedtls_rsa_info;
#endif
#if defined(MBEDTLS_ECP_C)
case MBEDTLS_PK_ECKEY:
- return( &mbedtls_eckey_info );
+ return &mbedtls_eckey_info;
case MBEDTLS_PK_ECKEY_DH:
- return( &mbedtls_eckeydh_info );
+ return &mbedtls_eckeydh_info;
#endif
#if defined(MBEDTLS_ECDSA_C)
case MBEDTLS_PK_ECDSA:
- return( &mbedtls_ecdsa_info );
+ return &mbedtls_ecdsa_info;
#endif
/* MBEDTLS_PK_RSA_ALT omitted on purpose */
default:
- return( NULL );
+ return NULL;
}
}
/*
* Initialise context
*/
-int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
+int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info)
{
- PK_VALIDATE_RET( ctx != NULL );
- if( info == NULL || ctx->pk_info != NULL )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ PK_VALIDATE_RET(ctx != NULL);
+ if (info == NULL || ctx->pk_info != NULL) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
- if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
- return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+ if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) {
+ return MBEDTLS_ERR_PK_ALLOC_FAILED;
+ }
ctx->pk_info = info;
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/*
* Initialise a PSA-wrapping context
*/
-int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx,
- const psa_key_id_t key )
+int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx,
+ const psa_key_id_t key)
{
const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t *pk_ctx;
psa_key_type_t type;
- if( ctx == NULL || ctx->pk_info != NULL )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (ctx == NULL || ctx->pk_info != NULL) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
- if( PSA_SUCCESS != psa_get_key_attributes( key, &attributes ) )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
- type = psa_get_key_type( &attributes );
- psa_reset_key_attributes( &attributes );
+ if (PSA_SUCCESS != psa_get_key_attributes(key, &attributes)) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+ type = psa_get_key_type(&attributes);
+ psa_reset_key_attributes(&attributes);
/* Current implementation of can_do() relies on this. */
- if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ;
+ if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ }
- if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
- return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+ if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) {
+ return MBEDTLS_ERR_PK_ALLOC_FAILED;
+ }
ctx->pk_info = info;
pk_ctx = (psa_key_id_t *) ctx->pk_ctx;
*pk_ctx = key;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -186,20 +193,22 @@
/*
* Initialize an RSA-alt context
*/
-int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
- mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
- mbedtls_pk_rsa_alt_sign_func sign_func,
- mbedtls_pk_rsa_alt_key_len_func key_len_func )
+int mbedtls_pk_setup_rsa_alt(mbedtls_pk_context *ctx, void *key,
+ mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
+ mbedtls_pk_rsa_alt_sign_func sign_func,
+ mbedtls_pk_rsa_alt_key_len_func key_len_func)
{
mbedtls_rsa_alt_context *rsa_alt;
const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
- PK_VALIDATE_RET( ctx != NULL );
- if( ctx->pk_info != NULL )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ PK_VALIDATE_RET(ctx != NULL);
+ if (ctx->pk_info != NULL) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
- if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
- return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+ if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) {
+ return MBEDTLS_ERR_PK_ALLOC_FAILED;
+ }
ctx->pk_info = info;
@@ -210,377 +219,406 @@
rsa_alt->sign_func = sign_func;
rsa_alt->key_len_func = key_len_func;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
/*
* Tell if a PK can do the operations of the given type
*/
-int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
+int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type)
{
/* A context with null pk_info is not set up yet and can't do anything.
* For backward compatibility, also accept NULL instead of a context
* pointer. */
- if( ctx == NULL || ctx->pk_info == NULL )
- return( 0 );
+ if (ctx == NULL || ctx->pk_info == NULL) {
+ return 0;
+ }
- return( ctx->pk_info->can_do( type ) );
+ return ctx->pk_info->can_do(type);
}
/*
* Helper for mbedtls_pk_sign and mbedtls_pk_verify
*/
-static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len )
+static inline int pk_hashlen_helper(mbedtls_md_type_t md_alg, size_t *hash_len)
{
const mbedtls_md_info_t *md_info;
- if( *hash_len != 0 && md_alg == MBEDTLS_MD_NONE )
- return( 0 );
+ if (*hash_len != 0 && md_alg == MBEDTLS_MD_NONE) {
+ return 0;
+ }
- if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
- return( -1 );
+ if ((md_info = mbedtls_md_info_from_type(md_alg)) == NULL) {
+ return -1;
+ }
- if ( *hash_len != 0 && *hash_len != mbedtls_md_get_size( md_info ) )
- return ( -1 );
+ if (*hash_len != 0 && *hash_len != mbedtls_md_get_size(md_info)) {
+ return -1;
+ }
- *hash_len = mbedtls_md_get_size( md_info );
- return( 0 );
+ *hash_len = mbedtls_md_get_size(md_info);
+ return 0;
}
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/*
* Helper to set up a restart context if needed
*/
-static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx,
- const mbedtls_pk_info_t *info )
+static int pk_restart_setup(mbedtls_pk_restart_ctx *ctx,
+ const mbedtls_pk_info_t *info)
{
/* Don't do anything if already set up or invalid */
- if( ctx == NULL || ctx->pk_info != NULL )
- return( 0 );
+ if (ctx == NULL || ctx->pk_info != NULL) {
+ return 0;
+ }
/* Should never happen when we're called */
- if( info->rs_alloc_func == NULL || info->rs_free_func == NULL )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (info->rs_alloc_func == NULL || info->rs_free_func == NULL) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
- if( ( ctx->rs_ctx = info->rs_alloc_func() ) == NULL )
- return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+ if ((ctx->rs_ctx = info->rs_alloc_func()) == NULL) {
+ return MBEDTLS_ERR_PK_ALLOC_FAILED;
+ }
ctx->pk_info = info;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
/*
* Verify a signature (restartable)
*/
-int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len,
- mbedtls_pk_restart_ctx *rs_ctx )
+int mbedtls_pk_verify_restartable(mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len,
+ mbedtls_pk_restart_ctx *rs_ctx)
{
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
- hash != NULL );
- PK_VALIDATE_RET( sig != NULL );
+ PK_VALIDATE_RET(ctx != NULL);
+ PK_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && hash_len == 0) ||
+ hash != NULL);
+ PK_VALIDATE_RET(sig != NULL);
- if( ctx->pk_info == NULL ||
- pk_hashlen_helper( md_alg, &hash_len ) != 0 )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (ctx->pk_info == NULL ||
+ pk_hashlen_helper(md_alg, &hash_len) != 0) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/* optimization: use non-restartable version if restart disabled */
- if( rs_ctx != NULL &&
+ if (rs_ctx != NULL &&
mbedtls_ecp_restart_is_enabled() &&
- ctx->pk_info->verify_rs_func != NULL )
- {
+ ctx->pk_info->verify_rs_func != NULL) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
- return( ret );
+ if ((ret = pk_restart_setup(rs_ctx, ctx->pk_info)) != 0) {
+ return ret;
+ }
- ret = ctx->pk_info->verify_rs_func( ctx->pk_ctx,
- md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx );
+ ret = ctx->pk_info->verify_rs_func(ctx->pk_ctx,
+ md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx);
- if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
- mbedtls_pk_restart_free( rs_ctx );
+ if (ret != MBEDTLS_ERR_ECP_IN_PROGRESS) {
+ mbedtls_pk_restart_free(rs_ctx);
+ }
- return( ret );
+ return ret;
}
#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
(void) rs_ctx;
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
- if( ctx->pk_info->verify_func == NULL )
- return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ if (ctx->pk_info->verify_func == NULL) {
+ return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+ }
- return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len,
- sig, sig_len ) );
+ return ctx->pk_info->verify_func(ctx->pk_ctx, md_alg, hash, hash_len,
+ sig, sig_len);
}
/*
* Verify a signature
*/
-int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len )
+int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len)
{
- return( mbedtls_pk_verify_restartable( ctx, md_alg, hash, hash_len,
- sig, sig_len, NULL ) );
+ return mbedtls_pk_verify_restartable(ctx, md_alg, hash, hash_len,
+ sig, sig_len, NULL);
}
/*
* Verify a signature with options
*/
-int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
- mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len )
+int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options,
+ mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len)
{
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
- hash != NULL );
- PK_VALIDATE_RET( sig != NULL );
+ PK_VALIDATE_RET(ctx != NULL);
+ PK_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && hash_len == 0) ||
+ hash != NULL);
+ PK_VALIDATE_RET(sig != NULL);
- if( ctx->pk_info == NULL )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (ctx->pk_info == NULL) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
- if( ! mbedtls_pk_can_do( ctx, type ) )
- return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ if (!mbedtls_pk_can_do(ctx, type)) {
+ return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+ }
- if( type == MBEDTLS_PK_RSASSA_PSS )
- {
+ if (type == MBEDTLS_PK_RSASSA_PSS) {
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_pk_rsassa_pss_options *pss_opts;
#if SIZE_MAX > UINT_MAX
- if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
#endif /* SIZE_MAX > UINT_MAX */
- if( options == NULL )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (options == NULL) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
- if( sig_len < mbedtls_pk_get_len( ctx ) )
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+ if (sig_len < mbedtls_pk_get_len(ctx)) {
+ return MBEDTLS_ERR_RSA_VERIFY_FAILED;
+ }
- ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ),
- NULL, NULL, MBEDTLS_RSA_PUBLIC,
- md_alg, (unsigned int) hash_len, hash,
- pss_opts->mgf1_hash_id,
- pss_opts->expected_salt_len,
- sig );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_pk_rsa(*ctx),
+ NULL, NULL, MBEDTLS_RSA_PUBLIC,
+ md_alg, (unsigned int) hash_len, hash,
+ pss_opts->mgf1_hash_id,
+ pss_opts->expected_salt_len,
+ sig);
+ if (ret != 0) {
+ return ret;
+ }
- if( sig_len > mbedtls_pk_get_len( ctx ) )
- return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+ if (sig_len > mbedtls_pk_get_len(ctx)) {
+ return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
+ }
- return( 0 );
+ return 0;
#else
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
}
/* General case: no options */
- if( options != NULL )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (options != NULL) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
- return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
+ return mbedtls_pk_verify(ctx, md_alg, hash, hash_len, sig, sig_len);
}
/*
* Make a signature (restartable)
*/
-int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_pk_restart_ctx *rs_ctx )
+int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ mbedtls_pk_restart_ctx *rs_ctx)
{
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
- hash != NULL );
- PK_VALIDATE_RET( sig != NULL );
+ PK_VALIDATE_RET(ctx != NULL);
+ PK_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && hash_len == 0) ||
+ hash != NULL);
+ PK_VALIDATE_RET(sig != NULL);
- if( ctx->pk_info == NULL ||
- pk_hashlen_helper( md_alg, &hash_len ) != 0 )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (ctx->pk_info == NULL ||
+ pk_hashlen_helper(md_alg, &hash_len) != 0) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/* optimization: use non-restartable version if restart disabled */
- if( rs_ctx != NULL &&
+ if (rs_ctx != NULL &&
mbedtls_ecp_restart_is_enabled() &&
- ctx->pk_info->sign_rs_func != NULL )
- {
+ ctx->pk_info->sign_rs_func != NULL) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
- return( ret );
+ if ((ret = pk_restart_setup(rs_ctx, ctx->pk_info)) != 0) {
+ return ret;
+ }
- ret = ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg,
- hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx->rs_ctx );
+ ret = ctx->pk_info->sign_rs_func(ctx->pk_ctx, md_alg,
+ hash, hash_len, sig, sig_len, f_rng, p_rng,
+ rs_ctx->rs_ctx);
- if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
- mbedtls_pk_restart_free( rs_ctx );
+ if (ret != MBEDTLS_ERR_ECP_IN_PROGRESS) {
+ mbedtls_pk_restart_free(rs_ctx);
+ }
- return( ret );
+ return ret;
}
#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
(void) rs_ctx;
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
- if( ctx->pk_info->sign_func == NULL )
- return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ if (ctx->pk_info->sign_func == NULL) {
+ return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+ }
- return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len,
- sig, sig_len, f_rng, p_rng ) );
+ return ctx->pk_info->sign_func(ctx->pk_ctx, md_alg, hash, hash_len,
+ sig, sig_len, f_rng, p_rng);
}
/*
* Make a signature
*/
-int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len,
- sig, sig_len, f_rng, p_rng, NULL ) );
+ return mbedtls_pk_sign_restartable(ctx, md_alg, hash, hash_len,
+ sig, sig_len, f_rng, p_rng, NULL);
}
/*
* Decrypt message
*/
-int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_pk_decrypt(mbedtls_pk_context *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( input != NULL || ilen == 0 );
- PK_VALIDATE_RET( output != NULL || osize == 0 );
- PK_VALIDATE_RET( olen != NULL );
+ PK_VALIDATE_RET(ctx != NULL);
+ PK_VALIDATE_RET(input != NULL || ilen == 0);
+ PK_VALIDATE_RET(output != NULL || osize == 0);
+ PK_VALIDATE_RET(olen != NULL);
- if( ctx->pk_info == NULL )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (ctx->pk_info == NULL) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
- if( ctx->pk_info->decrypt_func == NULL )
- return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ if (ctx->pk_info->decrypt_func == NULL) {
+ return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+ }
- return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen,
- output, olen, osize, f_rng, p_rng ) );
+ return ctx->pk_info->decrypt_func(ctx->pk_ctx, input, ilen,
+ output, olen, osize, f_rng, p_rng);
}
/*
* Encrypt message
*/
-int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_pk_encrypt(mbedtls_pk_context *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( input != NULL || ilen == 0 );
- PK_VALIDATE_RET( output != NULL || osize == 0 );
- PK_VALIDATE_RET( olen != NULL );
+ PK_VALIDATE_RET(ctx != NULL);
+ PK_VALIDATE_RET(input != NULL || ilen == 0);
+ PK_VALIDATE_RET(output != NULL || osize == 0);
+ PK_VALIDATE_RET(olen != NULL);
- if( ctx->pk_info == NULL )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (ctx->pk_info == NULL) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
- if( ctx->pk_info->encrypt_func == NULL )
- return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ if (ctx->pk_info->encrypt_func == NULL) {
+ return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+ }
- return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen,
- output, olen, osize, f_rng, p_rng ) );
+ return ctx->pk_info->encrypt_func(ctx->pk_ctx, input, ilen,
+ output, olen, osize, f_rng, p_rng);
}
/*
* Check public-private key pair
*/
-int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
+int mbedtls_pk_check_pair(const mbedtls_pk_context *pub, const mbedtls_pk_context *prv)
{
- PK_VALIDATE_RET( pub != NULL );
- PK_VALIDATE_RET( prv != NULL );
+ PK_VALIDATE_RET(pub != NULL);
+ PK_VALIDATE_RET(prv != NULL);
- if( pub->pk_info == NULL ||
- prv->pk_info == NULL )
- {
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (pub->pk_info == NULL ||
+ prv->pk_info == NULL) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
- if( prv->pk_info->check_pair_func == NULL )
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-
- if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT )
- {
- if( pub->pk_info->type != MBEDTLS_PK_RSA )
- return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
- }
- else
- {
- if( pub->pk_info != prv->pk_info )
- return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ if (prv->pk_info->check_pair_func == NULL) {
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
- return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) );
+ if (prv->pk_info->type == MBEDTLS_PK_RSA_ALT) {
+ if (pub->pk_info->type != MBEDTLS_PK_RSA) {
+ return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+ }
+ } else {
+ if (pub->pk_info != prv->pk_info) {
+ return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+ }
+ }
+
+ return prv->pk_info->check_pair_func(pub->pk_ctx, prv->pk_ctx);
}
/*
* Get key size in bits
*/
-size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
+size_t mbedtls_pk_get_bitlen(const mbedtls_pk_context *ctx)
{
/* For backward compatibility, accept NULL or a context that
* isn't set up yet, and return a fake value that should be safe. */
- if( ctx == NULL || ctx->pk_info == NULL )
- return( 0 );
+ if (ctx == NULL || ctx->pk_info == NULL) {
+ return 0;
+ }
- return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) );
+ return ctx->pk_info->get_bitlen(ctx->pk_ctx);
}
/*
* Export debug information
*/
-int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
+int mbedtls_pk_debug(const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items)
{
- PK_VALIDATE_RET( ctx != NULL );
- if( ctx->pk_info == NULL )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ PK_VALIDATE_RET(ctx != NULL);
+ if (ctx->pk_info == NULL) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
- if( ctx->pk_info->debug_func == NULL )
- return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ if (ctx->pk_info->debug_func == NULL) {
+ return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+ }
- ctx->pk_info->debug_func( ctx->pk_ctx, items );
- return( 0 );
+ ctx->pk_info->debug_func(ctx->pk_ctx, items);
+ return 0;
}
/*
* Access the PK type name
*/
-const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx )
+const char *mbedtls_pk_get_name(const mbedtls_pk_context *ctx)
{
- if( ctx == NULL || ctx->pk_info == NULL )
- return( "invalid PK" );
+ if (ctx == NULL || ctx->pk_info == NULL) {
+ return "invalid PK";
+ }
- return( ctx->pk_info->name );
+ return ctx->pk_info->name;
}
/*
* Access the PK type
*/
-mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
+mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx)
{
- if( ctx == NULL || ctx->pk_info == NULL )
- return( MBEDTLS_PK_NONE );
+ if (ctx == NULL || ctx->pk_info == NULL) {
+ return MBEDTLS_PK_NONE;
+ }
- return( ctx->pk_info->type );
+ return ctx->pk_info->type;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -590,15 +628,15 @@
*
* Currently only works for EC private keys.
*/
-int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
- psa_key_id_t *key,
- psa_algorithm_t hash_alg )
+int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
+ psa_key_id_t *key,
+ psa_algorithm_t hash_alg)
{
#if !defined(MBEDTLS_ECP_C)
((void) pk);
((void) key);
((void) hash_alg);
- return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ return MBEDTLS_ERR_PK_TYPE_MISMATCH;
#else
const mbedtls_ecp_keypair *ec;
unsigned char d[MBEDTLS_ECP_MAX_BYTES];
@@ -610,32 +648,35 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* export the private key material in the format PSA wants */
- if( mbedtls_pk_get_type( pk ) != MBEDTLS_PK_ECKEY )
- return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECKEY) {
+ return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+ }
- ec = mbedtls_pk_ec( *pk );
- d_len = ( ec->grp.nbits + 7 ) / 8;
- if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 )
- return( ret );
+ ec = mbedtls_pk_ec(*pk);
+ d_len = (ec->grp.nbits + 7) / 8;
+ if ((ret = mbedtls_mpi_write_binary(&ec->d, d, d_len)) != 0) {
+ return ret;
+ }
- curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits );
- key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id );
+ curve_id = mbedtls_ecc_group_to_psa(ec->grp.id, &bits);
+ key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve_id);
/* prepare the key attributes */
- psa_set_key_type( &attributes, key_type );
- psa_set_key_bits( &attributes, bits );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
- psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) );
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_bits(&attributes, bits);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
+ psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(hash_alg));
/* import private key into PSA */
- if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, key ) )
- return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+ if (PSA_SUCCESS != psa_import_key(&attributes, d, d_len, key)) {
+ return MBEDTLS_ERR_PK_HW_ACCEL_FAILED;
+ }
/* make PK context wrap the key slot */
- mbedtls_pk_free( pk );
- mbedtls_pk_init( pk );
+ mbedtls_pk_free(pk);
+ mbedtls_pk_init(pk);
- return( mbedtls_pk_setup_opaque( pk, *key ) );
+ return mbedtls_pk_setup_opaque(pk, *key);
#endif /* MBEDTLS_ECP_C */
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index f35abf2..f577fcc 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -56,130 +56,138 @@
#include <stdint.h>
#if defined(MBEDTLS_RSA_C)
-static int rsa_can_do( mbedtls_pk_type_t type )
+static int rsa_can_do(mbedtls_pk_type_t type)
{
- return( type == MBEDTLS_PK_RSA ||
- type == MBEDTLS_PK_RSASSA_PSS );
+ return type == MBEDTLS_PK_RSA ||
+ type == MBEDTLS_PK_RSASSA_PSS;
}
-static size_t rsa_get_bitlen( const void *ctx )
+static size_t rsa_get_bitlen(const void *ctx)
{
- const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx;
- return( 8 * mbedtls_rsa_get_len( rsa ) );
+ const mbedtls_rsa_context *rsa = (const mbedtls_rsa_context *) ctx;
+ return 8 * mbedtls_rsa_get_len(rsa);
}
-static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len )
+static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
- size_t rsa_len = mbedtls_rsa_get_len( rsa );
+ mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
+ size_t rsa_len = mbedtls_rsa_get_len(rsa);
#if SIZE_MAX > UINT_MAX
- if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
#endif /* SIZE_MAX > UINT_MAX */
- if( sig_len < rsa_len )
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+ if (sig_len < rsa_len) {
+ return MBEDTLS_ERR_RSA_VERIFY_FAILED;
+ }
- if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
- MBEDTLS_RSA_PUBLIC, md_alg,
- (unsigned int) hash_len, hash, sig ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_rsa_pkcs1_verify(rsa, NULL, NULL,
+ MBEDTLS_RSA_PUBLIC, md_alg,
+ (unsigned int) hash_len, hash, sig)) != 0) {
+ return ret;
+ }
/* The buffer contains a valid signature followed by extra data.
* We have a special error code for that so that so that callers can
* use mbedtls_pk_verify() to check "Does the buffer start with a
* valid signature?" and not just "Does the buffer contain a valid
* signature?". */
- if( sig_len > rsa_len )
- return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+ if (sig_len > rsa_len) {
+ return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
+ }
- return( 0 );
+ return 0;
}
-static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int rsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
+ mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
#if SIZE_MAX > UINT_MAX
- if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
#endif /* SIZE_MAX > UINT_MAX */
- *sig_len = mbedtls_rsa_get_len( rsa );
+ *sig_len = mbedtls_rsa_get_len(rsa);
- return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
- md_alg, (unsigned int) hash_len, hash, sig ) );
+ return mbedtls_rsa_pkcs1_sign(rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
+ md_alg, (unsigned int) hash_len, hash, sig);
}
-static int rsa_decrypt_wrap( void *ctx,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int rsa_decrypt_wrap(void *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
+ mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
- if( ilen != mbedtls_rsa_get_len( rsa ) )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (ilen != mbedtls_rsa_get_len(rsa)) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
- MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
+ return mbedtls_rsa_pkcs1_decrypt(rsa, f_rng, p_rng,
+ MBEDTLS_RSA_PRIVATE, olen, input, output, osize);
}
-static int rsa_encrypt_wrap( void *ctx,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int rsa_encrypt_wrap(void *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
- *olen = mbedtls_rsa_get_len( rsa );
+ mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
+ *olen = mbedtls_rsa_get_len(rsa);
- if( *olen > osize )
- return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
+ if (*olen > osize) {
+ return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
+ }
- return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
- ilen, input, output ) );
+ return mbedtls_rsa_pkcs1_encrypt(rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
+ ilen, input, output);
}
-static int rsa_check_pair_wrap( const void *pub, const void *prv )
+static int rsa_check_pair_wrap(const void *pub, const void *prv)
{
- return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
- (const mbedtls_rsa_context *) prv ) );
+ return mbedtls_rsa_check_pub_priv((const mbedtls_rsa_context *) pub,
+ (const mbedtls_rsa_context *) prv);
}
-static void *rsa_alloc_wrap( void )
+static void *rsa_alloc_wrap(void)
{
- void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
+ void *ctx = mbedtls_calloc(1, sizeof(mbedtls_rsa_context));
- if( ctx != NULL )
- mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
+ if (ctx != NULL) {
+ mbedtls_rsa_init((mbedtls_rsa_context *) ctx, 0, 0);
+ }
- return( ctx );
+ return ctx;
}
-static void rsa_free_wrap( void *ctx )
+static void rsa_free_wrap(void *ctx)
{
- mbedtls_rsa_free( (mbedtls_rsa_context *) ctx );
- mbedtls_free( ctx );
+ mbedtls_rsa_free((mbedtls_rsa_context *) ctx);
+ mbedtls_free(ctx);
}
-static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
+static void rsa_debug(const void *ctx, mbedtls_pk_debug_item *items)
{
items->type = MBEDTLS_PK_DEBUG_MPI;
items->name = "rsa.N";
- items->value = &( ((mbedtls_rsa_context *) ctx)->N );
+ items->value = &(((mbedtls_rsa_context *) ctx)->N);
items++;
items->type = MBEDTLS_PK_DEBUG_MPI;
items->name = "rsa.E";
- items->value = &( ((mbedtls_rsa_context *) ctx)->E );
+ items->value = &(((mbedtls_rsa_context *) ctx)->E);
}
const mbedtls_pk_info_t mbedtls_rsa_info = {
@@ -210,77 +218,79 @@
/*
* Generic EC key
*/
-static int eckey_can_do( mbedtls_pk_type_t type )
+static int eckey_can_do(mbedtls_pk_type_t type)
{
- return( type == MBEDTLS_PK_ECKEY ||
- type == MBEDTLS_PK_ECKEY_DH ||
- type == MBEDTLS_PK_ECDSA );
+ return type == MBEDTLS_PK_ECKEY ||
+ type == MBEDTLS_PK_ECKEY_DH ||
+ type == MBEDTLS_PK_ECDSA;
}
-static size_t eckey_get_bitlen( const void *ctx )
+static size_t eckey_get_bitlen(const void *ctx)
{
- return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits );
+ return ((mbedtls_ecp_keypair *) ctx)->grp.pbits;
}
#if defined(MBEDTLS_ECDSA_C)
/* Forward declarations */
-static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len );
+static int ecdsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len);
-static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+static int ecdsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
-static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len )
+static int eckey_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecdsa_context ecdsa;
- mbedtls_ecdsa_init( &ecdsa );
+ mbedtls_ecdsa_init(&ecdsa);
- if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
- ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
+ if ((ret = mbedtls_ecdsa_from_keypair(&ecdsa, ctx)) == 0) {
+ ret = ecdsa_verify_wrap(&ecdsa, md_alg, hash, hash_len, sig, sig_len);
+ }
- mbedtls_ecdsa_free( &ecdsa );
+ mbedtls_ecdsa_free(&ecdsa);
- return( ret );
+ return ret;
}
-static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int eckey_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecdsa_context ecdsa;
- mbedtls_ecdsa_init( &ecdsa );
+ mbedtls_ecdsa_init(&ecdsa);
- if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
- ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
- f_rng, p_rng );
+ if ((ret = mbedtls_ecdsa_from_keypair(&ecdsa, ctx)) == 0) {
+ ret = ecdsa_sign_wrap(&ecdsa, md_alg, hash, hash_len, sig, sig_len,
+ f_rng, p_rng);
+ }
- mbedtls_ecdsa_free( &ecdsa );
+ mbedtls_ecdsa_free(&ecdsa);
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
/* Forward declarations */
-static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len,
- void *rs_ctx );
+static int ecdsa_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len,
+ void *rs_ctx);
-static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- void *rs_ctx );
+static int ecdsa_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ void *rs_ctx);
/*
* Restart context for ECDSA operations with ECKEY context
@@ -288,120 +298,124 @@
* We need to store an actual ECDSA context, as we need to pass the same to
* the underlying ecdsa function, so we can't create it on the fly every time.
*/
-typedef struct
-{
+typedef struct {
mbedtls_ecdsa_restart_ctx ecdsa_rs;
mbedtls_ecdsa_context ecdsa_ctx;
} eckey_restart_ctx;
-static void *eckey_rs_alloc( void )
+static void *eckey_rs_alloc(void)
{
eckey_restart_ctx *rs_ctx;
- void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) );
+ void *ctx = mbedtls_calloc(1, sizeof(eckey_restart_ctx));
- if( ctx != NULL )
- {
+ if (ctx != NULL) {
rs_ctx = ctx;
- mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs );
- mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx );
+ mbedtls_ecdsa_restart_init(&rs_ctx->ecdsa_rs);
+ mbedtls_ecdsa_init(&rs_ctx->ecdsa_ctx);
}
- return( ctx );
+ return ctx;
}
-static void eckey_rs_free( void *ctx )
+static void eckey_rs_free(void *ctx)
{
eckey_restart_ctx *rs_ctx;
- if( ctx == NULL)
+ if (ctx == NULL) {
return;
+ }
rs_ctx = ctx;
- mbedtls_ecdsa_restart_free( &rs_ctx->ecdsa_rs );
- mbedtls_ecdsa_free( &rs_ctx->ecdsa_ctx );
+ mbedtls_ecdsa_restart_free(&rs_ctx->ecdsa_rs);
+ mbedtls_ecdsa_free(&rs_ctx->ecdsa_ctx);
- mbedtls_free( ctx );
+ mbedtls_free(ctx);
}
-static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len,
- void *rs_ctx )
+static int eckey_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len,
+ void *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
eckey_restart_ctx *rs = rs_ctx;
/* Should never happen */
- if( rs == NULL )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (rs == NULL) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
/* set up our own sub-context if needed (that is, on first run) */
- if( rs->ecdsa_ctx.grp.pbits == 0 )
- MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
+ if (rs->ecdsa_ctx.grp.pbits == 0) {
+ MBEDTLS_MPI_CHK(mbedtls_ecdsa_from_keypair(&rs->ecdsa_ctx, ctx));
+ }
- MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( &rs->ecdsa_ctx,
- md_alg, hash, hash_len,
- sig, sig_len, &rs->ecdsa_rs ) );
+ MBEDTLS_MPI_CHK(ecdsa_verify_rs_wrap(&rs->ecdsa_ctx,
+ md_alg, hash, hash_len,
+ sig, sig_len, &rs->ecdsa_rs));
cleanup:
- return( ret );
+ return ret;
}
-static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- void *rs_ctx )
+static int eckey_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ void *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
eckey_restart_ctx *rs = rs_ctx;
/* Should never happen */
- if( rs == NULL )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (rs == NULL) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
/* set up our own sub-context if needed (that is, on first run) */
- if( rs->ecdsa_ctx.grp.pbits == 0 )
- MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
+ if (rs->ecdsa_ctx.grp.pbits == 0) {
+ MBEDTLS_MPI_CHK(mbedtls_ecdsa_from_keypair(&rs->ecdsa_ctx, ctx));
+ }
- MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( &rs->ecdsa_ctx, md_alg,
- hash, hash_len, sig, sig_len,
- f_rng, p_rng, &rs->ecdsa_rs ) );
+ MBEDTLS_MPI_CHK(ecdsa_sign_rs_wrap(&rs->ecdsa_ctx, md_alg,
+ hash, hash_len, sig, sig_len,
+ f_rng, p_rng, &rs->ecdsa_rs));
cleanup:
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
#endif /* MBEDTLS_ECDSA_C */
-static int eckey_check_pair( const void *pub, const void *prv )
+static int eckey_check_pair(const void *pub, const void *prv)
{
- return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
- (const mbedtls_ecp_keypair *) prv ) );
+ return mbedtls_ecp_check_pub_priv((const mbedtls_ecp_keypair *) pub,
+ (const mbedtls_ecp_keypair *) prv);
}
-static void *eckey_alloc_wrap( void )
+static void *eckey_alloc_wrap(void)
{
- void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
+ void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair));
- if( ctx != NULL )
- mbedtls_ecp_keypair_init( ctx );
+ if (ctx != NULL) {
+ mbedtls_ecp_keypair_init(ctx);
+ }
- return( ctx );
+ return ctx;
}
-static void eckey_free_wrap( void *ctx )
+static void eckey_free_wrap(void *ctx)
{
- mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx );
- mbedtls_free( ctx );
+ mbedtls_ecp_keypair_free((mbedtls_ecp_keypair *) ctx);
+ mbedtls_free(ctx);
}
-static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items )
+static void eckey_debug(const void *ctx, mbedtls_pk_debug_item *items)
{
items->type = MBEDTLS_PK_DEBUG_ECP;
items->name = "eckey.Q";
- items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q );
+ items->value = &(((mbedtls_ecp_keypair *) ctx)->Q);
}
const mbedtls_pk_info_t mbedtls_eckey_info = {
@@ -435,10 +449,10 @@
/*
* EC key restricted to ECDH
*/
-static int eckeydh_can_do( mbedtls_pk_type_t type )
+static int eckeydh_can_do(mbedtls_pk_type_t type)
{
- return( type == MBEDTLS_PK_ECKEY ||
- type == MBEDTLS_PK_ECKEY_DH );
+ return type == MBEDTLS_PK_ECKEY ||
+ type == MBEDTLS_PK_ECKEY_DH;
}
const mbedtls_pk_info_t mbedtls_eckeydh_info = {
@@ -466,9 +480,9 @@
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_ECDSA_C)
-static int ecdsa_can_do( mbedtls_pk_type_t type )
+static int ecdsa_can_do(mbedtls_pk_type_t type)
{
- return( type == MBEDTLS_PK_ECDSA );
+ return type == MBEDTLS_PK_ECDSA;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -476,33 +490,32 @@
* An ASN.1 encoded signature is a sequence of two ASN.1 integers. Parse one of
* those integers and convert it to the fixed-length encoding expected by PSA.
*/
-static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end,
- unsigned char *to, size_t to_len )
+static int extract_ecdsa_sig_int(unsigned char **from, const unsigned char *end,
+ unsigned char *to, size_t to_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t unpadded_len, padding_len;
- if( ( ret = mbedtls_asn1_get_tag( from, end, &unpadded_len,
- MBEDTLS_ASN1_INTEGER ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_asn1_get_tag(from, end, &unpadded_len,
+ MBEDTLS_ASN1_INTEGER)) != 0) {
+ return ret;
}
- while( unpadded_len > 0 && **from == 0x00 )
- {
- ( *from )++;
+ while (unpadded_len > 0 && **from == 0x00) {
+ (*from)++;
unpadded_len--;
}
- if( unpadded_len > to_len || unpadded_len == 0 )
- return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ if (unpadded_len > to_len || unpadded_len == 0) {
+ return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+ }
padding_len = to_len - unpadded_len;
- memset( to, 0x00, padding_len );
- memcpy( to + padding_len, *from, unpadded_len );
- ( *from ) += unpadded_len;
+ memset(to, 0x00, padding_len);
+ memcpy(to + padding_len, *from, unpadded_len);
+ (*from) += unpadded_len;
- return( 0 );
+ return 0;
}
/*
@@ -510,29 +523,32 @@
* to a raw {r,s} buffer. Note: the provided sig buffer must be at least
* twice as big as int_size.
*/
-static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end,
- unsigned char *sig, size_t int_size )
+static int extract_ecdsa_sig(unsigned char **p, const unsigned char *end,
+ unsigned char *sig, size_t int_size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t tmp_size;
- if( ( ret = mbedtls_asn1_get_tag( p, end, &tmp_size,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &tmp_size,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return ret;
+ }
/* Extract r */
- if( ( ret = extract_ecdsa_sig_int( p, end, sig, int_size ) ) != 0 )
- return( ret );
+ if ((ret = extract_ecdsa_sig_int(p, end, sig, int_size)) != 0) {
+ return ret;
+ }
/* Extract s */
- if( ( ret = extract_ecdsa_sig_int( p, end, sig + int_size, int_size ) ) != 0 )
- return( ret );
+ if ((ret = extract_ecdsa_sig_int(p, end, sig + int_size, int_size)) != 0) {
+ return ret;
+ }
- return( 0 );
+ return 0;
}
-static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len )
+static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len)
{
mbedtls_ecdsa_context *ctx = ctx_arg;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -548,162 +564,163 @@
psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY;
size_t curve_bits;
psa_ecc_family_t curve =
- mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits );
- const size_t signature_part_size = ( ctx->grp.nbits + 7 ) / 8;
+ mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits);
+ const size_t signature_part_size = (ctx->grp.nbits + 7) / 8;
((void) md_alg);
- if( curve == 0 )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (curve == 0) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
/* mbedtls_pk_write_pubkey() expects a full PK context;
* re-construct one to make it happy */
key.pk_info = &pk_info;
key.pk_ctx = ctx;
- p = buf + sizeof( buf );
- key_len = mbedtls_pk_write_pubkey( &p, buf, &key );
- if( key_len <= 0 )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ p = buf + sizeof(buf);
+ key_len = mbedtls_pk_write_pubkey(&p, buf, &key);
+ if (key_len <= 0) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
- psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ) );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
- psa_set_key_algorithm( &attributes, psa_sig_md );
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve));
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
+ psa_set_key_algorithm(&attributes, psa_sig_md);
- status = psa_import_key( &attributes,
- buf + sizeof( buf ) - key_len, key_len,
- &key_id );
- if( status != PSA_SUCCESS )
- {
- ret = mbedtls_psa_err_translate_pk( status );
+ status = psa_import_key(&attributes,
+ buf + sizeof(buf) - key_len, key_len,
+ &key_id);
+ if (status != PSA_SUCCESS) {
+ ret = mbedtls_psa_err_translate_pk(status);
goto cleanup;
}
/* We don't need the exported key anymore and can
* reuse its buffer for signature extraction. */
- if( 2 * signature_part_size > sizeof( buf ) )
- {
+ if (2 * signature_part_size > sizeof(buf)) {
ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
goto cleanup;
}
- p = (unsigned char*) sig;
- if( ( ret = extract_ecdsa_sig( &p, sig + sig_len, buf,
- signature_part_size ) ) != 0 )
- {
+ p = (unsigned char *) sig;
+ if ((ret = extract_ecdsa_sig(&p, sig + sig_len, buf,
+ signature_part_size)) != 0) {
goto cleanup;
}
- if( psa_verify_hash( key_id, psa_sig_md,
- hash, hash_len,
- buf, 2 * signature_part_size )
- != PSA_SUCCESS )
- {
- ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
- goto cleanup;
+ if (psa_verify_hash(key_id, psa_sig_md,
+ hash, hash_len,
+ buf, 2 * signature_part_size)
+ != PSA_SUCCESS) {
+ ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
+ goto cleanup;
}
- if( p != sig + sig_len )
- {
+ if (p != sig + sig_len) {
ret = MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
goto cleanup;
}
ret = 0;
cleanup:
- psa_destroy_key( key_id );
- return( ret );
+ psa_destroy_key(key_id);
+ return ret;
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
-static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len )
+static int ecdsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
((void) md_alg);
- ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
- hash, hash_len, sig, sig_len );
+ ret = mbedtls_ecdsa_read_signature((mbedtls_ecdsa_context *) ctx,
+ hash, hash_len, sig, sig_len);
- if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
- return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+ if (ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) {
+ return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
+ }
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int ecdsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx,
- md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
+ return mbedtls_ecdsa_write_signature((mbedtls_ecdsa_context *) ctx,
+ md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng);
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
-static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len,
- void *rs_ctx )
+static int ecdsa_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len,
+ void *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
((void) md_alg);
ret = mbedtls_ecdsa_read_signature_restartable(
- (mbedtls_ecdsa_context *) ctx,
- hash, hash_len, sig, sig_len,
- (mbedtls_ecdsa_restart_ctx *) rs_ctx );
+ (mbedtls_ecdsa_context *) ctx,
+ hash, hash_len, sig, sig_len,
+ (mbedtls_ecdsa_restart_ctx *) rs_ctx);
- if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
- return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+ if (ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) {
+ return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
+ }
- return( ret );
+ return ret;
}
-static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- void *rs_ctx )
+static int ecdsa_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ void *rs_ctx)
{
- return( mbedtls_ecdsa_write_signature_restartable(
- (mbedtls_ecdsa_context *) ctx,
- md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng,
- (mbedtls_ecdsa_restart_ctx *) rs_ctx ) );
+ return mbedtls_ecdsa_write_signature_restartable(
+ (mbedtls_ecdsa_context *) ctx,
+ md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng,
+ (mbedtls_ecdsa_restart_ctx *) rs_ctx);
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
-static void *ecdsa_alloc_wrap( void )
+static void *ecdsa_alloc_wrap(void)
{
- void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
+ void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecdsa_context));
- if( ctx != NULL )
- mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
+ if (ctx != NULL) {
+ mbedtls_ecdsa_init((mbedtls_ecdsa_context *) ctx);
+ }
- return( ctx );
+ return ctx;
}
-static void ecdsa_free_wrap( void *ctx )
+static void ecdsa_free_wrap(void *ctx)
{
- mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
- mbedtls_free( ctx );
+ mbedtls_ecdsa_free((mbedtls_ecdsa_context *) ctx);
+ mbedtls_free(ctx);
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
-static void *ecdsa_rs_alloc( void )
+static void *ecdsa_rs_alloc(void)
{
- void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) );
+ void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecdsa_restart_ctx));
- if( ctx != NULL )
- mbedtls_ecdsa_restart_init( ctx );
+ if (ctx != NULL) {
+ mbedtls_ecdsa_restart_init(ctx);
+ }
- return( ctx );
+ return ctx;
}
-static void ecdsa_rs_free( void *ctx )
+static void ecdsa_rs_free(void *ctx)
{
- mbedtls_ecdsa_restart_free( ctx );
- mbedtls_free( ctx );
+ mbedtls_ecdsa_restart_free(ctx);
+ mbedtls_free(ctx);
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
@@ -736,99 +753,102 @@
* Support for alternative RSA-private implementations
*/
-static int rsa_alt_can_do( mbedtls_pk_type_t type )
+static int rsa_alt_can_do(mbedtls_pk_type_t type)
{
- return( type == MBEDTLS_PK_RSA );
+ return type == MBEDTLS_PK_RSA;
}
-static size_t rsa_alt_get_bitlen( const void *ctx )
+static size_t rsa_alt_get_bitlen(const void *ctx)
{
const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
- return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
+ return 8 * rsa_alt->key_len_func(rsa_alt->key);
}
-static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int rsa_alt_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
#if SIZE_MAX > UINT_MAX
- if( UINT_MAX < hash_len )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (UINT_MAX < hash_len) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
#endif /* SIZE_MAX > UINT_MAX */
- *sig_len = rsa_alt->key_len_func( rsa_alt->key );
- if( *sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ *sig_len = rsa_alt->key_len_func(rsa_alt->key);
+ if (*sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
- return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
- md_alg, (unsigned int) hash_len, hash, sig ) );
+ return rsa_alt->sign_func(rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
+ md_alg, (unsigned int) hash_len, hash, sig);
}
-static int rsa_alt_decrypt_wrap( void *ctx,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int rsa_alt_decrypt_wrap(void *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
((void) f_rng);
((void) p_rng);
- if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (ilen != rsa_alt->key_len_func(rsa_alt->key)) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- return( rsa_alt->decrypt_func( rsa_alt->key,
- MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
+ return rsa_alt->decrypt_func(rsa_alt->key,
+ MBEDTLS_RSA_PRIVATE, olen, input, output, osize);
}
#if defined(MBEDTLS_RSA_C)
-static int rsa_alt_check_pair( const void *pub, const void *prv )
+static int rsa_alt_check_pair(const void *pub, const void *prv)
{
unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
unsigned char hash[32];
size_t sig_len = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-
- memset( hash, 0x2a, sizeof( hash ) );
-
- if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
- hash, sizeof( hash ),
- sig, &sig_len, NULL, NULL ) ) != 0 )
- {
- return( ret );
+ if (rsa_alt_get_bitlen(prv) != rsa_get_bitlen(pub)) {
+ return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
}
- if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
- hash, sizeof( hash ), sig, sig_len ) != 0 )
- {
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+ memset(hash, 0x2a, sizeof(hash));
+
+ if ((ret = rsa_alt_sign_wrap((void *) prv, MBEDTLS_MD_NONE,
+ hash, sizeof(hash),
+ sig, &sig_len, NULL, NULL)) != 0) {
+ return ret;
}
- return( 0 );
+ if (rsa_verify_wrap((void *) pub, MBEDTLS_MD_NONE,
+ hash, sizeof(hash), sig, sig_len) != 0) {
+ return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
+ }
+
+ return 0;
}
#endif /* MBEDTLS_RSA_C */
-static void *rsa_alt_alloc_wrap( void )
+static void *rsa_alt_alloc_wrap(void)
{
- void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) );
+ void *ctx = mbedtls_calloc(1, sizeof(mbedtls_rsa_alt_context));
- if( ctx != NULL )
- memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) );
+ if (ctx != NULL) {
+ memset(ctx, 0, sizeof(mbedtls_rsa_alt_context));
+ }
- return( ctx );
+ return ctx;
}
-static void rsa_alt_free_wrap( void *ctx )
+static void rsa_alt_free_wrap(void *ctx)
{
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
- mbedtls_free( ctx );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_rsa_alt_context));
+ mbedtls_free(ctx);
}
const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
@@ -862,42 +882,43 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-static void *pk_opaque_alloc_wrap( void )
+static void *pk_opaque_alloc_wrap(void)
{
- void *ctx = mbedtls_calloc( 1, sizeof( psa_key_id_t ) );
+ void *ctx = mbedtls_calloc(1, sizeof(psa_key_id_t));
/* no _init() function to call, as calloc() already zeroized */
- return( ctx );
+ return ctx;
}
-static void pk_opaque_free_wrap( void *ctx )
+static void pk_opaque_free_wrap(void *ctx)
{
- mbedtls_platform_zeroize( ctx, sizeof( psa_key_id_t ) );
- mbedtls_free( ctx );
+ mbedtls_platform_zeroize(ctx, sizeof(psa_key_id_t));
+ mbedtls_free(ctx);
}
-static size_t pk_opaque_get_bitlen( const void *ctx )
+static size_t pk_opaque_get_bitlen(const void *ctx)
{
const psa_key_id_t *key = (const psa_key_id_t *) ctx;
size_t bits;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- if( PSA_SUCCESS != psa_get_key_attributes( *key, &attributes ) )
- return( 0 );
+ if (PSA_SUCCESS != psa_get_key_attributes(*key, &attributes)) {
+ return 0;
+ }
- bits = psa_get_key_bits( &attributes );
- psa_reset_key_attributes( &attributes );
- return( bits );
+ bits = psa_get_key_bits(&attributes);
+ psa_reset_key_attributes(&attributes);
+ return bits;
}
-static int pk_opaque_can_do( mbedtls_pk_type_t type )
+static int pk_opaque_can_do(mbedtls_pk_type_t type)
{
/* For now opaque PSA keys can only wrap ECC keypairs,
* as checked by setup_psa().
* Also, ECKEY_DH does not really make sense with the current API. */
- return( type == MBEDTLS_PK_ECKEY ||
- type == MBEDTLS_PK_ECDSA );
+ return type == MBEDTLS_PK_ECKEY ||
+ type == MBEDTLS_PK_ECDSA;
}
#if defined(MBEDTLS_ECDSA_C)
@@ -911,48 +932,49 @@
* start: start of the output buffer, and also of the mpi to write at the end
* n_len: length of the mpi to read from start
*/
-static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
- size_t n_len )
+static int asn1_write_mpibuf(unsigned char **p, unsigned char *start,
+ size_t n_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- if( (size_t)( *p - start ) < n_len )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if ((size_t) (*p - start) < n_len) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
len = n_len;
*p -= len;
- memmove( *p, start, len );
+ memmove(*p, start, len);
/* ASN.1 DER encoding requires minimal length, so skip leading 0s.
* Neither r nor s should be 0, but as a failsafe measure, still detect
* that rather than overflowing the buffer in case of a PSA error. */
- while( len > 0 && **p == 0x00 )
- {
+ while (len > 0 && **p == 0x00) {
++(*p);
--len;
}
/* this is only reached if the signature was invalid */
- if( len == 0 )
- return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+ if (len == 0) {
+ return MBEDTLS_ERR_PK_HW_ACCEL_FAILED;
+ }
/* if the msb is 1, ASN.1 requires that we prepend a 0.
* Neither r nor s can be 0, so we can assume len > 0 at all times. */
- if( **p & 0x80 )
- {
- if( *p - start < 1 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (**p & 0x80) {
+ if (*p - start < 1) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
*--(*p) = 0x00;
len += 1;
}
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
- MBEDTLS_ASN1_INTEGER ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
+ MBEDTLS_ASN1_INTEGER));
- return( (int) len );
+ return (int) len;
}
/* Transcode signature from PSA format to ASN.1 sequence.
@@ -963,33 +985,34 @@
* [in/out] sig_len: signature length pre- and post-transcoding
* [int] buf_len: the available size the in/out buffer
*/
-static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len,
- size_t buf_len )
+static int pk_ecdsa_sig_asn1_from_psa(unsigned char *sig, size_t *sig_len,
+ size_t buf_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
const size_t rs_len = *sig_len / 2;
unsigned char *p = sig + buf_len;
- MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
- MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
+ MBEDTLS_ASN1_CHK_ADD(len, asn1_write_mpibuf(&p, sig + rs_len, rs_len));
+ MBEDTLS_ASN1_CHK_ADD(len, asn1_write_mpibuf(&p, sig, rs_len));
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, sig, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, sig,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, sig, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, sig,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
- memmove( sig, p, len );
+ memmove(sig, p, len);
*sig_len = len;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_ECDSA_C */
-static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int pk_opaque_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
#if !defined(MBEDTLS_ECDSA_C)
((void) ctx);
@@ -1000,11 +1023,11 @@
((void) sig_len);
((void) f_rng);
((void) p_rng);
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
#else /* !MBEDTLS_ECDSA_C */
const psa_key_id_t *key = (const psa_key_id_t *) ctx;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
+ psa_algorithm_t alg = PSA_ALG_ECDSA(mbedtls_psa_translate_md(md_alg));
size_t buf_len;
psa_status_t status;
@@ -1016,22 +1039,25 @@
* that information. Assume that the buffer is large enough for a
* maximal-length signature with that key (otherwise the application is
* buggy anyway). */
- status = psa_get_key_attributes( *key, &attributes );
- if( status != PSA_SUCCESS )
- return( mbedtls_psa_err_translate_pk( status ) );
- buf_len = MBEDTLS_ECDSA_MAX_SIG_LEN( psa_get_key_bits( &attributes ) );
- psa_reset_key_attributes( &attributes );
- if( buf_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ status = psa_get_key_attributes(*key, &attributes);
+ if (status != PSA_SUCCESS) {
+ return mbedtls_psa_err_translate_pk(status);
+ }
+ buf_len = MBEDTLS_ECDSA_MAX_SIG_LEN(psa_get_key_bits(&attributes));
+ psa_reset_key_attributes(&attributes);
+ if (buf_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
/* make the signature */
- status = psa_sign_hash( *key, alg, hash, hash_len,
- sig, buf_len, sig_len );
- if( status != PSA_SUCCESS )
- return( mbedtls_psa_err_translate_pk( status ) );
+ status = psa_sign_hash(*key, alg, hash, hash_len,
+ sig, buf_len, sig_len);
+ if (status != PSA_SUCCESS) {
+ return mbedtls_psa_err_translate_pk(status);
+ }
/* transcode it to ASN.1 sequence */
- return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, buf_len ) );
+ return pk_ecdsa_sig_asn1_from_psa(sig, sig_len, buf_len);
#endif /* !MBEDTLS_ECDSA_C */
}
diff --git a/library/pkcs11.c b/library/pkcs11.c
index a7207cf..8ba40ca 100644
--- a/library/pkcs11.c
+++ b/library/pkcs11.c
@@ -33,46 +33,41 @@
#include <string.h>
-void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx )
+void mbedtls_pkcs11_init(mbedtls_pkcs11_context *ctx)
{
- memset( ctx, 0, sizeof( mbedtls_pkcs11_context ) );
+ memset(ctx, 0, sizeof(mbedtls_pkcs11_context));
}
-int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11_cert )
+int mbedtls_pkcs11_x509_cert_bind(mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11_cert)
{
int ret = 1;
unsigned char *cert_blob = NULL;
size_t cert_blob_size = 0;
- if( cert == NULL )
- {
+ if (cert == NULL) {
ret = 2;
goto cleanup;
}
- if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL,
- &cert_blob_size ) != CKR_OK )
- {
+ if (pkcs11h_certificate_getCertificateBlob(pkcs11_cert, NULL,
+ &cert_blob_size) != CKR_OK) {
ret = 3;
goto cleanup;
}
- cert_blob = mbedtls_calloc( 1, cert_blob_size );
- if( NULL == cert_blob )
- {
+ cert_blob = mbedtls_calloc(1, cert_blob_size);
+ if (NULL == cert_blob) {
ret = 4;
goto cleanup;
}
- if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob,
- &cert_blob_size ) != CKR_OK )
- {
+ if (pkcs11h_certificate_getCertificateBlob(pkcs11_cert, cert_blob,
+ &cert_blob_size) != CKR_OK) {
ret = 5;
goto cleanup;
}
- if( 0 != mbedtls_x509_crt_parse( cert, cert_blob, cert_blob_size ) )
- {
+ if (0 != mbedtls_x509_crt_parse(cert, cert_blob, cert_blob_size)) {
ret = 6;
goto cleanup;
}
@@ -80,121 +75,128 @@
ret = 0;
cleanup:
- if( NULL != cert_blob )
- mbedtls_free( cert_blob );
+ if (NULL != cert_blob) {
+ mbedtls_free(cert_blob);
+ }
- return( ret );
+ return ret;
}
-int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key,
- pkcs11h_certificate_t pkcs11_cert )
+int mbedtls_pkcs11_priv_key_bind(mbedtls_pkcs11_context *priv_key,
+ pkcs11h_certificate_t pkcs11_cert)
{
int ret = 1;
mbedtls_x509_crt cert;
- mbedtls_x509_crt_init( &cert );
+ mbedtls_x509_crt_init(&cert);
- if( priv_key == NULL )
+ if (priv_key == NULL) {
goto cleanup;
+ }
- if( 0 != mbedtls_pkcs11_x509_cert_bind( &cert, pkcs11_cert ) )
+ if (0 != mbedtls_pkcs11_x509_cert_bind(&cert, pkcs11_cert)) {
goto cleanup;
+ }
- priv_key->len = mbedtls_pk_get_len( &cert.pk );
+ priv_key->len = mbedtls_pk_get_len(&cert.pk);
priv_key->pkcs11h_cert = pkcs11_cert;
ret = 0;
cleanup:
- mbedtls_x509_crt_free( &cert );
+ mbedtls_x509_crt_free(&cert);
- return( ret );
+ return ret;
}
-void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key )
+void mbedtls_pkcs11_priv_key_free(mbedtls_pkcs11_context *priv_key)
{
- if( NULL != priv_key )
- pkcs11h_certificate_freeCertificate( priv_key->pkcs11h_cert );
+ if (NULL != priv_key) {
+ pkcs11h_certificate_freeCertificate(priv_key->pkcs11h_cert);
+ }
}
-int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
- int mode, size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len )
+int mbedtls_pkcs11_decrypt(mbedtls_pkcs11_context *ctx,
+ int mode, size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len)
{
size_t input_len, output_len;
- if( NULL == ctx )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (NULL == ctx) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- if( MBEDTLS_RSA_PRIVATE != mode )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (MBEDTLS_RSA_PRIVATE != mode) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
output_len = input_len = ctx->len;
- if( input_len < 16 || input_len > output_max_len )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (input_len < 16 || input_len > output_max_len) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
/* Determine size of output buffer */
- if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
- input_len, NULL, &output_len ) != CKR_OK )
- {
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (pkcs11h_certificate_decryptAny(ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
+ input_len, NULL, &output_len) != CKR_OK) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
- if( output_len > output_max_len )
- return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
+ if (output_len > output_max_len) {
+ return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
+ }
- if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
- input_len, output, &output_len ) != CKR_OK )
- {
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (pkcs11h_certificate_decryptAny(ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
+ input_len, output, &output_len) != CKR_OK) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
*olen = output_len;
- return( 0 );
+ return 0;
}
-int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig )
+int mbedtls_pkcs11_sign(mbedtls_pkcs11_context *ctx,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig)
{
size_t sig_len = 0, asn_len = 0, oid_size = 0;
unsigned char *p = sig;
const char *oid;
- if( NULL == ctx )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (NULL == ctx) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- if( MBEDTLS_RSA_PRIVATE != mode )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (MBEDTLS_RSA_PRIVATE != mode) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- if( md_alg != MBEDTLS_MD_NONE )
- {
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
- if( md_info == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (md_alg != MBEDTLS_MD_NONE) {
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg);
+ if (md_info == NULL) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (mbedtls_oid_get_oid_by_md(md_alg, &oid, &oid_size) != 0) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- hashlen = mbedtls_md_get_size( md_info );
+ hashlen = mbedtls_md_get_size(md_info);
asn_len = 10 + oid_size;
}
sig_len = ctx->len;
- if( hashlen > sig_len || asn_len > sig_len ||
- hashlen + asn_len > sig_len )
- {
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (hashlen > sig_len || asn_len > sig_len ||
+ hashlen + asn_len > sig_len) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
- if( md_alg != MBEDTLS_MD_NONE )
- {
+ if (md_alg != MBEDTLS_MD_NONE) {
/*
* DigestInfo ::= SEQUENCE {
* digestAlgorithm DigestAlgorithmIdentifier,
@@ -205,12 +207,12 @@
* Digest ::= OCTET STRING
*/
*p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
- *p++ = (unsigned char) ( 0x08 + oid_size + hashlen );
+ *p++ = (unsigned char) (0x08 + oid_size + hashlen);
*p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
- *p++ = (unsigned char) ( 0x04 + oid_size );
+ *p++ = (unsigned char) (0x04 + oid_size);
*p++ = MBEDTLS_ASN1_OID;
*p++ = oid_size & 0xFF;
- memcpy( p, oid, oid_size );
+ memcpy(p, oid, oid_size);
p += oid_size;
*p++ = MBEDTLS_ASN1_NULL;
*p++ = 0x00;
@@ -218,15 +220,14 @@
*p++ = hashlen;
}
- memcpy( p, hash, hashlen );
+ memcpy(p, hash, hashlen);
- if( pkcs11h_certificate_signAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, sig,
- asn_len + hashlen, sig, &sig_len ) != CKR_OK )
- {
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (pkcs11h_certificate_signAny(ctx->pkcs11h_cert, CKM_RSA_PKCS, sig,
+ asn_len + hashlen, sig, &sig_len) != CKR_OK) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
- return( 0 );
+ return 0;
}
#endif /* defined(MBEDTLS_PKCS11_C) */
diff --git a/library/pkcs12.c b/library/pkcs12.c
index cacf7db..039026b 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -45,8 +45,8 @@
#if defined(MBEDTLS_ASN1_PARSE_C)
-static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
- mbedtls_asn1_buf *salt, int *iterations )
+static int pkcs12_parse_pbe_params(mbedtls_asn1_buf *params,
+ mbedtls_asn1_buf *salt, int *iterations)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char **p = ¶ms->p;
@@ -59,76 +59,82 @@
* }
*
*/
- if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+ if (params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+ }
- if( ( ret = mbedtls_asn1_get_tag( p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret);
+ }
salt->p = *p;
*p += salt->len;
- if( ( ret = mbedtls_asn1_get_int( p, end, iterations ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_int(p, end, iterations)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret);
+ }
- if( *p != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- return( 0 );
+ return 0;
}
#define PKCS12_MAX_PWDLEN 128
-static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type,
- const unsigned char *pwd, size_t pwdlen,
- unsigned char *key, size_t keylen,
- unsigned char *iv, size_t ivlen )
+static int pkcs12_pbe_derive_key_iv(mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type,
+ const unsigned char *pwd, size_t pwdlen,
+ unsigned char *key, size_t keylen,
+ unsigned char *iv, size_t ivlen)
{
int ret, iterations = 0;
mbedtls_asn1_buf salt;
size_t i;
unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
- if( pwdlen > PKCS12_MAX_PWDLEN )
- return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
+ if (pwdlen > PKCS12_MAX_PWDLEN) {
+ return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA;
+ }
- memset( &salt, 0, sizeof(mbedtls_asn1_buf) );
- memset( &unipwd, 0, sizeof(unipwd) );
+ memset(&salt, 0, sizeof(mbedtls_asn1_buf));
+ memset(&unipwd, 0, sizeof(unipwd));
- if( ( ret = pkcs12_parse_pbe_params( pbe_params, &salt,
- &iterations ) ) != 0 )
- return( ret );
+ if ((ret = pkcs12_parse_pbe_params(pbe_params, &salt,
+ &iterations)) != 0) {
+ return ret;
+ }
- for( i = 0; i < pwdlen; i++ )
+ for (i = 0; i < pwdlen; i++) {
unipwd[i * 2 + 1] = pwd[i];
-
- if( ( ret = mbedtls_pkcs12_derivation( key, keylen, unipwd, pwdlen * 2 + 2,
- salt.p, salt.len, md_type,
- MBEDTLS_PKCS12_DERIVE_KEY, iterations ) ) != 0 )
- {
- return( ret );
}
- if( iv == NULL || ivlen == 0 )
- return( 0 );
-
- if( ( ret = mbedtls_pkcs12_derivation( iv, ivlen, unipwd, pwdlen * 2 + 2,
- salt.p, salt.len, md_type,
- MBEDTLS_PKCS12_DERIVE_IV, iterations ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_pkcs12_derivation(key, keylen, unipwd, pwdlen * 2 + 2,
+ salt.p, salt.len, md_type,
+ MBEDTLS_PKCS12_DERIVE_KEY, iterations)) != 0) {
+ return ret;
}
- return( 0 );
+
+ if (iv == NULL || ivlen == 0) {
+ return 0;
+ }
+
+ if ((ret = mbedtls_pkcs12_derivation(iv, ivlen, unipwd, pwdlen * 2 + 2,
+ salt.p, salt.len, md_type,
+ MBEDTLS_PKCS12_DERIVE_IV, iterations)) != 0) {
+ return ret;
+ }
+ return 0;
}
#undef PKCS12_MAX_PWDLEN
-int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *data, size_t len,
- unsigned char *output )
+int mbedtls_pkcs12_pbe_sha1_rc4_128(mbedtls_asn1_buf *pbe_params, int mode,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t len,
+ unsigned char *output)
{
#if !defined(MBEDTLS_ARC4_C)
((void) pbe_params);
@@ -138,39 +144,39 @@
((void) data);
((void) len);
((void) output);
- return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE;
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char key[16];
mbedtls_arc4_context ctx;
((void) mode);
- mbedtls_arc4_init( &ctx );
+ mbedtls_arc4_init(&ctx);
- if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, MBEDTLS_MD_SHA1,
- pwd, pwdlen,
- key, 16, NULL, 0 ) ) != 0 )
- {
- return( ret );
+ if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, MBEDTLS_MD_SHA1,
+ pwd, pwdlen,
+ key, 16, NULL, 0)) != 0) {
+ return ret;
}
- mbedtls_arc4_setup( &ctx, key, 16 );
- if( ( ret = mbedtls_arc4_crypt( &ctx, len, data, output ) ) != 0 )
+ mbedtls_arc4_setup(&ctx, key, 16);
+ if ((ret = mbedtls_arc4_crypt(&ctx, len, data, output)) != 0) {
goto exit;
+ }
exit:
- mbedtls_platform_zeroize( key, sizeof( key ) );
- mbedtls_arc4_free( &ctx );
+ mbedtls_platform_zeroize(key, sizeof(key));
+ mbedtls_arc4_free(&ctx);
- return( ret );
+ return ret;
#endif /* MBEDTLS_ARC4_C */
}
-int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
- mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *data, size_t len,
- unsigned char *output )
+int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
+ mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t len,
+ unsigned char *output)
{
int ret, keylen = 0;
unsigned char key[32];
@@ -179,73 +185,76 @@
mbedtls_cipher_context_t cipher_ctx;
size_t olen = 0;
- if( pwd == NULL && pwdlen != 0 )
- return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
+ if (pwd == NULL && pwdlen != 0) {
+ return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA;
+ }
- cipher_info = mbedtls_cipher_info_from_type( cipher_type );
- if( cipher_info == NULL )
- return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
+ cipher_info = mbedtls_cipher_info_from_type(cipher_type);
+ if (cipher_info == NULL) {
+ return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE;
+ }
keylen = cipher_info->key_bitlen / 8;
- if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, md_type, pwd, pwdlen,
- key, keylen,
- iv, cipher_info->iv_size ) ) != 0 )
- {
- return( ret );
+ if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, md_type, pwd, pwdlen,
+ key, keylen,
+ iv, cipher_info->iv_size)) != 0) {
+ return ret;
}
- mbedtls_cipher_init( &cipher_ctx );
+ mbedtls_cipher_init(&cipher_ctx);
- if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
- goto exit;
-
- if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 )
- goto exit;
-
- if( ( ret = mbedtls_cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 )
- goto exit;
-
- if( ( ret = mbedtls_cipher_reset( &cipher_ctx ) ) != 0 )
- goto exit;
-
- if( ( ret = mbedtls_cipher_update( &cipher_ctx, data, len,
- output, &olen ) ) != 0 )
- {
+ if ((ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0) {
goto exit;
}
- if( ( ret = mbedtls_cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
+ if ((ret =
+ mbedtls_cipher_setkey(&cipher_ctx, key, 8 * keylen,
+ (mbedtls_operation_t) mode)) != 0) {
+ goto exit;
+ }
+
+ if ((ret = mbedtls_cipher_set_iv(&cipher_ctx, iv, cipher_info->iv_size)) != 0) {
+ goto exit;
+ }
+
+ if ((ret = mbedtls_cipher_reset(&cipher_ctx)) != 0) {
+ goto exit;
+ }
+
+ if ((ret = mbedtls_cipher_update(&cipher_ctx, data, len,
+ output, &olen)) != 0) {
+ goto exit;
+ }
+
+ if ((ret = mbedtls_cipher_finish(&cipher_ctx, output + olen, &olen)) != 0) {
ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH;
+ }
exit:
- mbedtls_platform_zeroize( key, sizeof( key ) );
- mbedtls_platform_zeroize( iv, sizeof( iv ) );
- mbedtls_cipher_free( &cipher_ctx );
+ mbedtls_platform_zeroize(key, sizeof(key));
+ mbedtls_platform_zeroize(iv, sizeof(iv));
+ mbedtls_cipher_free(&cipher_ctx);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_ASN1_PARSE_C */
-static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
- const unsigned char *filler, size_t fill_len )
+static void pkcs12_fill_buffer(unsigned char *data, size_t data_len,
+ const unsigned char *filler, size_t fill_len)
{
unsigned char *p = data;
size_t use_len;
- if( filler != NULL && fill_len != 0 )
- {
- while( data_len > 0 )
- {
- use_len = ( data_len > fill_len ) ? fill_len : data_len;
- memcpy( p, filler, use_len );
+ if (filler != NULL && fill_len != 0) {
+ while (data_len > 0) {
+ use_len = (data_len > fill_len) ? fill_len : data_len;
+ memcpy(p, filler, use_len);
p += use_len;
data_len -= use_len;
}
- }
- else
- {
+ } else {
/* If either of the above are not true then clearly there is nothing
* that this function can do. The function should *not* be called
* under either of those circumstances, as you could end up with an
@@ -254,10 +263,10 @@
}
}
-int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *salt, size_t saltlen,
- mbedtls_md_type_t md_type, int id, int iterations )
+int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *salt, size_t saltlen,
+ mbedtls_md_type_t md_type, int id, int iterations)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned int j;
@@ -276,114 +285,119 @@
mbedtls_md_context_t md_ctx;
// This version only allows max of 64 bytes of password or salt
- if( datalen > 128 || pwdlen > 64 || saltlen > 64 )
- return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
-
- if( pwd == NULL && pwdlen != 0 )
- return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
-
- if( salt == NULL && saltlen != 0 )
- return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
-
- use_password = ( pwd && pwdlen != 0 );
- use_salt = ( salt && saltlen != 0 );
-
- md_info = mbedtls_md_info_from_type( md_type );
- if( md_info == NULL )
- return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
-
- mbedtls_md_init( &md_ctx );
-
- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
- return( ret );
- hlen = mbedtls_md_get_size( md_info );
-
- if( hlen <= 32 )
- v = 64;
- else
- v = 128;
-
- memset( diversifier, (unsigned char) id, v );
-
- if( use_salt != 0 )
- {
- pkcs12_fill_buffer( salt_block, v, salt, saltlen );
+ if (datalen > 128 || pwdlen > 64 || saltlen > 64) {
+ return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA;
}
- if( use_password != 0 )
- {
- pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen );
+ if (pwd == NULL && pwdlen != 0) {
+ return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA;
+ }
+
+ if (salt == NULL && saltlen != 0) {
+ return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA;
+ }
+
+ use_password = (pwd && pwdlen != 0);
+ use_salt = (salt && saltlen != 0);
+
+ md_info = mbedtls_md_info_from_type(md_type);
+ if (md_info == NULL) {
+ return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE;
+ }
+
+ mbedtls_md_init(&md_ctx);
+
+ if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) {
+ return ret;
+ }
+ hlen = mbedtls_md_get_size(md_info);
+
+ if (hlen <= 32) {
+ v = 64;
+ } else {
+ v = 128;
+ }
+
+ memset(diversifier, (unsigned char) id, v);
+
+ if (use_salt != 0) {
+ pkcs12_fill_buffer(salt_block, v, salt, saltlen);
+ }
+
+ if (use_password != 0) {
+ pkcs12_fill_buffer(pwd_block, v, pwd, pwdlen);
}
p = data;
- while( datalen > 0 )
- {
+ while (datalen > 0) {
// Calculate hash( diversifier || salt_block || pwd_block )
- if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )
+ if ((ret = mbedtls_md_starts(&md_ctx)) != 0) {
goto exit;
-
- if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 )
- goto exit;
-
- if( use_salt != 0 )
- {
- if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v )) != 0 )
- goto exit;
}
- if( use_password != 0)
- {
- if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v )) != 0 )
- goto exit;
- }
-
- if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 )
+ if ((ret = mbedtls_md_update(&md_ctx, diversifier, v)) != 0) {
goto exit;
-
- // Perform remaining ( iterations - 1 ) recursive hash calculations
- for( i = 1; i < (size_t) iterations; i++ )
- {
- if( ( ret = mbedtls_md( md_info, hash_output, hlen, hash_output ) ) != 0 )
- goto exit;
}
- use_len = ( datalen > hlen ) ? hlen : datalen;
- memcpy( p, hash_output, use_len );
- datalen -= use_len;
- p += use_len;
-
- if( datalen == 0 )
- break;
-
- // Concatenating copies of hash_output into hash_block (B)
- pkcs12_fill_buffer( hash_block, v, hash_output, hlen );
-
- // B += 1
- for( i = v; i > 0; i-- )
- if( ++hash_block[i - 1] != 0 )
- break;
-
- if( use_salt != 0 )
- {
- // salt_block += B
- c = 0;
- for( i = v; i > 0; i-- )
- {
- j = salt_block[i - 1] + hash_block[i - 1] + c;
- c = MBEDTLS_BYTE_1( j );
- salt_block[i - 1] = MBEDTLS_BYTE_0( j );
+ if (use_salt != 0) {
+ if ((ret = mbedtls_md_update(&md_ctx, salt_block, v)) != 0) {
+ goto exit;
}
}
- if( use_password != 0 )
- {
+ if (use_password != 0) {
+ if ((ret = mbedtls_md_update(&md_ctx, pwd_block, v)) != 0) {
+ goto exit;
+ }
+ }
+
+ if ((ret = mbedtls_md_finish(&md_ctx, hash_output)) != 0) {
+ goto exit;
+ }
+
+ // Perform remaining ( iterations - 1 ) recursive hash calculations
+ for (i = 1; i < (size_t) iterations; i++) {
+ if ((ret = mbedtls_md(md_info, hash_output, hlen, hash_output)) != 0) {
+ goto exit;
+ }
+ }
+
+ use_len = (datalen > hlen) ? hlen : datalen;
+ memcpy(p, hash_output, use_len);
+ datalen -= use_len;
+ p += use_len;
+
+ if (datalen == 0) {
+ break;
+ }
+
+ // Concatenating copies of hash_output into hash_block (B)
+ pkcs12_fill_buffer(hash_block, v, hash_output, hlen);
+
+ // B += 1
+ for (i = v; i > 0; i--) {
+ if (++hash_block[i - 1] != 0) {
+ break;
+ }
+ }
+
+ if (use_salt != 0) {
+ // salt_block += B
+ c = 0;
+ for (i = v; i > 0; i--) {
+ j = salt_block[i - 1] + hash_block[i - 1] + c;
+ c = MBEDTLS_BYTE_1(j);
+ salt_block[i - 1] = MBEDTLS_BYTE_0(j);
+ }
+ }
+
+ if (use_password != 0) {
// pwd_block += B
c = 0;
- for( i = v; i > 0; i-- )
- {
+ for (i = v; i > 0; i--) {
j = pwd_block[i - 1] + hash_block[i - 1] + c;
- c = MBEDTLS_BYTE_1( j );
- pwd_block[i - 1] = MBEDTLS_BYTE_0( j );
+ c = MBEDTLS_BYTE_1(j);
+ pwd_block[i - 1] = MBEDTLS_BYTE_0(j);
}
}
}
@@ -391,14 +405,14 @@
ret = 0;
exit:
- mbedtls_platform_zeroize( salt_block, sizeof( salt_block ) );
- mbedtls_platform_zeroize( pwd_block, sizeof( pwd_block ) );
- mbedtls_platform_zeroize( hash_block, sizeof( hash_block ) );
- mbedtls_platform_zeroize( hash_output, sizeof( hash_output ) );
+ mbedtls_platform_zeroize(salt_block, sizeof(salt_block));
+ mbedtls_platform_zeroize(pwd_block, sizeof(pwd_block));
+ mbedtls_platform_zeroize(hash_block, sizeof(hash_block));
+ mbedtls_platform_zeroize(hash_output, sizeof(hash_output));
- mbedtls_md_free( &md_ctx );
+ mbedtls_md_free(&md_ctx);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_PKCS12_C */
diff --git a/library/pkcs5.c b/library/pkcs5.c
index f9d0137..52f1a0d 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -45,18 +45,19 @@
#include "mbedtls/platform.h"
#if defined(MBEDTLS_ASN1_PARSE_C)
-static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
- mbedtls_asn1_buf *salt, int *iterations,
- int *keylen, mbedtls_md_type_t *md_type )
+static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params,
+ mbedtls_asn1_buf *salt, int *iterations,
+ int *keylen, mbedtls_md_type_t *md_type)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_asn1_buf prf_alg_oid;
unsigned char *p = params->p;
const unsigned char *end = params->p + params->len;
- if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+ if (params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+ }
/*
* PBKDF2-params ::= SEQUENCE {
* salt OCTET STRING,
@@ -66,45 +67,52 @@
* }
*
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &salt->len,
- MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &salt->len,
+ MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret);
+ }
salt->p = p;
p += salt->len;
- if( ( ret = mbedtls_asn1_get_int( &p, end, iterations ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
-
- if( p == end )
- return( 0 );
-
- if( ( ret = mbedtls_asn1_get_int( &p, end, keylen ) ) != 0 )
- {
- if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_int(&p, end, iterations)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret);
}
- if( p == end )
- return( 0 );
+ if (p == end) {
+ return 0;
+ }
- if( ( ret = mbedtls_asn1_get_alg_null( &p, end, &prf_alg_oid ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_int(&p, end, keylen)) != 0) {
+ if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret);
+ }
+ }
- if( mbedtls_oid_get_md_hmac( &prf_alg_oid, md_type ) != 0 )
- return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
+ if (p == end) {
+ return 0;
+ }
- if( p != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if ((ret = mbedtls_asn1_get_alg_null(&p, end, &prf_alg_oid)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret);
+ }
- return( 0 );
+ if (mbedtls_oid_get_md_hmac(&prf_alg_oid, md_type) != 0) {
+ return MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE;
+ }
+
+ if (p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
+
+ return 0;
}
-int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *data, size_t datalen,
- unsigned char *output )
+int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t datalen,
+ unsigned char *output)
{
int ret, iterations = 0, keylen = 0;
unsigned char *p, *end;
@@ -128,42 +136,46 @@
* encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
* }
*/
- if( pbe_params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+ if (pbe_params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+ }
- if( ( ret = mbedtls_asn1_get_alg( &p, end, &kdf_alg_oid,
- &kdf_alg_params ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_alg(&p, end, &kdf_alg_oid,
+ &kdf_alg_params)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret);
+ }
// Only PBKDF2 supported at the moment
//
- if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBKDF2, &kdf_alg_oid ) != 0 )
- return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-
- if( ( ret = pkcs5_parse_pbkdf2_params( &kdf_alg_params,
- &salt, &iterations, &keylen,
- &md_type ) ) != 0 )
- {
- return( ret );
+ if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS5_PBKDF2, &kdf_alg_oid) != 0) {
+ return MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE;
}
- md_info = mbedtls_md_info_from_type( md_type );
- if( md_info == NULL )
- return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-
- if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid,
- &enc_scheme_params ) ) != 0 )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
+ if ((ret = pkcs5_parse_pbkdf2_params(&kdf_alg_params,
+ &salt, &iterations, &keylen,
+ &md_type)) != 0) {
+ return ret;
}
- if( mbedtls_oid_get_cipher_alg( &enc_scheme_oid, &cipher_alg ) != 0 )
- return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
+ md_info = mbedtls_md_info_from_type(md_type);
+ if (md_info == NULL) {
+ return MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE;
+ }
- cipher_info = mbedtls_cipher_info_from_type( cipher_alg );
- if( cipher_info == NULL )
- return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
+ if ((ret = mbedtls_asn1_get_alg(&p, end, &enc_scheme_oid,
+ &enc_scheme_params)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret);
+ }
+
+ if (mbedtls_oid_get_cipher_alg(&enc_scheme_oid, &cipher_alg) != 0) {
+ return MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE;
+ }
+
+ cipher_info = mbedtls_cipher_info_from_type(cipher_alg);
+ if (cipher_info == NULL) {
+ return MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE;
+ }
/*
* The value of keylen from pkcs5_parse_pbkdf2_params() is ignored
@@ -171,143 +183,156 @@
*/
keylen = cipher_info->key_bitlen / 8;
- if( enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING ||
- enc_scheme_params.len != cipher_info->iv_size )
- {
- return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT );
+ if (enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING ||
+ enc_scheme_params.len != cipher_info->iv_size) {
+ return MBEDTLS_ERR_PKCS5_INVALID_FORMAT;
}
- mbedtls_md_init( &md_ctx );
- mbedtls_cipher_init( &cipher_ctx );
+ mbedtls_md_init(&md_ctx);
+ mbedtls_cipher_init(&cipher_ctx);
- memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
+ memcpy(iv, enc_scheme_params.p, enc_scheme_params.len);
- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
- goto exit;
-
- if( ( ret = mbedtls_pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len,
- iterations, keylen, key ) ) != 0 )
- {
+ if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) {
goto exit;
}
- if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
+ if ((ret = mbedtls_pkcs5_pbkdf2_hmac(&md_ctx, pwd, pwdlen, salt.p, salt.len,
+ iterations, keylen, key)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen,
- (mbedtls_operation_t) mode ) ) != 0 )
+ if ((ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_cipher_crypt( &cipher_ctx, iv, enc_scheme_params.len,
- data, datalen, output, &olen ) ) != 0 )
+ if ((ret = mbedtls_cipher_setkey(&cipher_ctx, key, 8 * keylen,
+ (mbedtls_operation_t) mode)) != 0) {
+ goto exit;
+ }
+
+ if ((ret = mbedtls_cipher_crypt(&cipher_ctx, iv, enc_scheme_params.len,
+ data, datalen, output, &olen)) != 0) {
ret = MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH;
+ }
exit:
- mbedtls_md_free( &md_ctx );
- mbedtls_cipher_free( &cipher_ctx );
+ mbedtls_md_free(&md_ctx);
+ mbedtls_cipher_free(&cipher_ctx);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_ASN1_PARSE_C */
-int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx,
- const unsigned char *password,
- size_t plen, const unsigned char *salt, size_t slen,
- unsigned int iteration_count,
- uint32_t key_length, unsigned char *output )
+int mbedtls_pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx,
+ const unsigned char *password,
+ size_t plen, const unsigned char *salt, size_t slen,
+ unsigned int iteration_count,
+ uint32_t key_length, unsigned char *output)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int j;
unsigned int i;
unsigned char md1[MBEDTLS_MD_MAX_SIZE];
unsigned char work[MBEDTLS_MD_MAX_SIZE];
- unsigned char md_size = mbedtls_md_get_size( ctx->md_info );
+ unsigned char md_size = mbedtls_md_get_size(ctx->md_info);
size_t use_len;
unsigned char *out_p = output;
unsigned char counter[4];
- memset( counter, 0, 4 );
+ memset(counter, 0, 4);
counter[3] = 1;
#if UINT_MAX > 0xFFFFFFFF
- if( iteration_count > 0xFFFFFFFF )
- return( MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA );
+ if (iteration_count > 0xFFFFFFFF) {
+ return MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA;
+ }
#endif
- if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 )
- return( ret );
- while( key_length )
- {
+ if ((ret = mbedtls_md_hmac_starts(ctx, password, plen)) != 0) {
+ return ret;
+ }
+ while (key_length) {
// U1 ends up in work
//
- if( ( ret = mbedtls_md_hmac_update( ctx, salt, slen ) ) != 0 )
+ if ((ret = mbedtls_md_hmac_update(ctx, salt, slen)) != 0) {
goto cleanup;
+ }
- if( ( ret = mbedtls_md_hmac_update( ctx, counter, 4 ) ) != 0 )
+ if ((ret = mbedtls_md_hmac_update(ctx, counter, 4)) != 0) {
goto cleanup;
+ }
- if( ( ret = mbedtls_md_hmac_finish( ctx, work ) ) != 0 )
+ if ((ret = mbedtls_md_hmac_finish(ctx, work)) != 0) {
goto cleanup;
+ }
- if( ( ret = mbedtls_md_hmac_reset( ctx ) ) != 0 )
+ if ((ret = mbedtls_md_hmac_reset(ctx)) != 0) {
goto cleanup;
+ }
- memcpy( md1, work, md_size );
+ memcpy(md1, work, md_size);
- for( i = 1; i < iteration_count; i++ )
- {
+ for (i = 1; i < iteration_count; i++) {
// U2 ends up in md1
//
- if( ( ret = mbedtls_md_hmac_update( ctx, md1, md_size ) ) != 0 )
+ if ((ret = mbedtls_md_hmac_update(ctx, md1, md_size)) != 0) {
goto cleanup;
+ }
- if( ( ret = mbedtls_md_hmac_finish( ctx, md1 ) ) != 0 )
+ if ((ret = mbedtls_md_hmac_finish(ctx, md1)) != 0) {
goto cleanup;
+ }
- if( ( ret = mbedtls_md_hmac_reset( ctx ) ) != 0 )
+ if ((ret = mbedtls_md_hmac_reset(ctx)) != 0) {
goto cleanup;
+ }
// U1 xor U2
//
- for( j = 0; j < md_size; j++ )
+ for (j = 0; j < md_size; j++) {
work[j] ^= md1[j];
+ }
}
- use_len = ( key_length < md_size ) ? key_length : md_size;
- memcpy( out_p, work, use_len );
+ use_len = (key_length < md_size) ? key_length : md_size;
+ memcpy(out_p, work, use_len);
key_length -= (uint32_t) use_len;
out_p += use_len;
- for( i = 4; i > 0; i-- )
- if( ++counter[i - 1] != 0 )
+ for (i = 4; i > 0; i--) {
+ if (++counter[i - 1] != 0) {
break;
+ }
+ }
}
cleanup:
/* Zeroise buffers to clear sensitive data from memory. */
- mbedtls_platform_zeroize( work, MBEDTLS_MD_MAX_SIZE );
- mbedtls_platform_zeroize( md1, MBEDTLS_MD_MAX_SIZE );
+ mbedtls_platform_zeroize(work, MBEDTLS_MD_MAX_SIZE);
+ mbedtls_platform_zeroize(md1, MBEDTLS_MD_MAX_SIZE);
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_SELF_TEST)
#if !defined(MBEDTLS_SHA1_C)
-int mbedtls_pkcs5_self_test( int verbose )
+int mbedtls_pkcs5_self_test(int verbose)
{
- if( verbose != 0 )
- mbedtls_printf( " PBKDF2 (SHA1): skipped\n\n" );
+ if (verbose != 0) {
+ mbedtls_printf(" PBKDF2 (SHA1): skipped\n\n");
+ }
- return( 0 );
+ return 0;
}
#else
#define MAX_TESTS 6
static const size_t plen_test_data[MAX_TESTS] =
- { 8, 8, 8, 24, 9 };
+{ 8, 8, 8, 24, 9 };
static const unsigned char password_test_data[MAX_TESTS][32] =
{
@@ -319,7 +344,7 @@
};
static const size_t slen_test_data[MAX_TESTS] =
- { 4, 4, 4, 36, 5 };
+{ 4, 4, 4, 36, 5 };
static const unsigned char salt_test_data[MAX_TESTS][40] =
{
@@ -331,10 +356,10 @@
};
static const uint32_t it_cnt_test_data[MAX_TESTS] =
- { 1, 2, 4096, 4096, 4096 };
+{ 1, 2, 4096, 4096, 4096 };
static const uint32_t key_len_test_data[MAX_TESTS] =
- { 20, 20, 20, 25, 16 };
+{ 20, 20, 20, 25, 16 };
static const unsigned char result_key_test_data[MAX_TESTS][32] =
{
@@ -355,58 +380,58 @@
0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 },
};
-int mbedtls_pkcs5_self_test( int verbose )
+int mbedtls_pkcs5_self_test(int verbose)
{
mbedtls_md_context_t sha1_ctx;
const mbedtls_md_info_t *info_sha1;
int ret, i;
unsigned char key[64];
- mbedtls_md_init( &sha1_ctx );
+ mbedtls_md_init(&sha1_ctx);
- info_sha1 = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
- if( info_sha1 == NULL )
- {
+ info_sha1 = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
+ if (info_sha1 == NULL) {
ret = 1;
goto exit;
}
- if( ( ret = mbedtls_md_setup( &sha1_ctx, info_sha1, 1 ) ) != 0 )
- {
+ if ((ret = mbedtls_md_setup(&sha1_ctx, info_sha1, 1)) != 0) {
ret = 1;
goto exit;
}
- for( i = 0; i < MAX_TESTS; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " PBKDF2 (SHA1) #%d: ", i );
+ for (i = 0; i < MAX_TESTS; i++) {
+ if (verbose != 0) {
+ mbedtls_printf(" PBKDF2 (SHA1) #%d: ", i);
+ }
- ret = mbedtls_pkcs5_pbkdf2_hmac( &sha1_ctx, password_test_data[i],
- plen_test_data[i], salt_test_data[i],
- slen_test_data[i], it_cnt_test_data[i],
- key_len_test_data[i], key );
- if( ret != 0 ||
- memcmp( result_key_test_data[i], key, key_len_test_data[i] ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ ret = mbedtls_pkcs5_pbkdf2_hmac(&sha1_ctx, password_test_data[i],
+ plen_test_data[i], salt_test_data[i],
+ slen_test_data[i], it_cnt_test_data[i],
+ key_len_test_data[i], key);
+ if (ret != 0 ||
+ memcmp(result_key_test_data[i], key, key_len_test_data[i]) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
goto exit;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
exit:
- mbedtls_md_free( &sha1_ctx );
+ mbedtls_md_free(&sha1_ctx);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SHA1_C */
diff --git a/library/pkparse.c b/library/pkparse.c
index 6170d6d..deaff0b 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -51,10 +51,10 @@
#include "mbedtls/platform.h"
/* Parameter validation macros based on platform_util.h */
-#define PK_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
-#define PK_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define PK_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA)
+#define PK_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
#if defined(MBEDTLS_FS_IO)
/*
@@ -64,104 +64,106 @@
* A terminating null byte is always appended. It is included in the announced
* length only if the data looks like it is PEM encoded.
*/
-int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
+int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n)
{
FILE *f;
long size;
- PK_VALIDATE_RET( path != NULL );
- PK_VALIDATE_RET( buf != NULL );
- PK_VALIDATE_RET( n != NULL );
+ PK_VALIDATE_RET(path != NULL);
+ PK_VALIDATE_RET(buf != NULL);
+ PK_VALIDATE_RET(n != NULL);
- if( ( f = fopen( path, "rb" ) ) == NULL )
- return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
-
- fseek( f, 0, SEEK_END );
- if( ( size = ftell( f ) ) == -1 )
- {
- fclose( f );
- return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
+ if ((f = fopen(path, "rb")) == NULL) {
+ return MBEDTLS_ERR_PK_FILE_IO_ERROR;
}
- fseek( f, 0, SEEK_SET );
+
+ fseek(f, 0, SEEK_END);
+ if ((size = ftell(f)) == -1) {
+ fclose(f);
+ return MBEDTLS_ERR_PK_FILE_IO_ERROR;
+ }
+ fseek(f, 0, SEEK_SET);
*n = (size_t) size;
- if( *n + 1 == 0 ||
- ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
- {
- fclose( f );
- return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+ if (*n + 1 == 0 ||
+ (*buf = mbedtls_calloc(1, *n + 1)) == NULL) {
+ fclose(f);
+ return MBEDTLS_ERR_PK_ALLOC_FAILED;
}
- if( fread( *buf, 1, *n, f ) != *n )
- {
- fclose( f );
+ if (fread(*buf, 1, *n, f) != *n) {
+ fclose(f);
- mbedtls_platform_zeroize( *buf, *n );
- mbedtls_free( *buf );
+ mbedtls_platform_zeroize(*buf, *n);
+ mbedtls_free(*buf);
- return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
+ return MBEDTLS_ERR_PK_FILE_IO_ERROR;
}
- fclose( f );
+ fclose(f);
(*buf)[*n] = '\0';
- if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
+ if (strstr((const char *) *buf, "-----BEGIN ") != NULL) {
++*n;
+ }
- return( 0 );
+ return 0;
}
/*
* Load and parse a private key
*/
-int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
- const char *path, const char *pwd )
+int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx,
+ const char *path, const char *pwd)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
unsigned char *buf;
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( path != NULL );
+ PK_VALIDATE_RET(ctx != NULL);
+ PK_VALIDATE_RET(path != NULL);
- if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
+ return ret;
+ }
- if( pwd == NULL )
- ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 );
- else
- ret = mbedtls_pk_parse_key( ctx, buf, n,
- (const unsigned char *) pwd, strlen( pwd ) );
+ if (pwd == NULL) {
+ ret = mbedtls_pk_parse_key(ctx, buf, n, NULL, 0);
+ } else {
+ ret = mbedtls_pk_parse_key(ctx, buf, n,
+ (const unsigned char *) pwd, strlen(pwd));
+ }
- mbedtls_platform_zeroize( buf, n );
- mbedtls_free( buf );
+ mbedtls_platform_zeroize(buf, n);
+ mbedtls_free(buf);
- return( ret );
+ return ret;
}
/*
* Load and parse a public key
*/
-int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
+int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
unsigned char *buf;
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( path != NULL );
+ PK_VALIDATE_RET(ctx != NULL);
+ PK_VALIDATE_RET(path != NULL);
- if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
+ return ret;
+ }
- ret = mbedtls_pk_parse_public_key( ctx, buf, n );
+ ret = mbedtls_pk_parse_public_key(ctx, buf, n);
- mbedtls_platform_zeroize( buf, n );
- mbedtls_free( buf );
+ mbedtls_platform_zeroize(buf, n);
+ mbedtls_free(buf);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_FS_IO */
@@ -174,40 +176,40 @@
* -- implicitCurve NULL
* }
*/
-static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
- mbedtls_asn1_buf *params )
+static int pk_get_ecparams(unsigned char **p, const unsigned char *end,
+ mbedtls_asn1_buf *params)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if ( end - *p < 1 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
+ if (end - *p < 1) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+ }
/* Tag may be either OID or SEQUENCE */
params->tag = **p;
- if( params->tag != MBEDTLS_ASN1_OID
+ if (params->tag != MBEDTLS_ASN1_OID
#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
- && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE )
+ && params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)
#endif
- )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+ ) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
}
- if( ( ret = mbedtls_asn1_get_tag( p, end, ¶ms->len, params->tag ) ) != 0 )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end, ¶ms->len, params->tag)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
params->p = *p;
*p += params->len;
- if( *p != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
@@ -230,7 +232,7 @@
*
* We only support prime-field as field type, and ignore hash and cofactor.
*/
-static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
+static int pk_group_from_specified(const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = params->p;
@@ -240,11 +242,13 @@
int ver;
/* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
- if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_int(&p, end, &ver)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+ }
- if( ver < 1 || ver > 3 )
- return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+ if (ver < 1 || ver > 3) {
+ return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+ }
/*
* FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
@@ -252,9 +256,10 @@
* parameters FIELD-ID.&Type({IOSet}{@fieldType})
* }
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return ret;
+ }
end_field = p + len;
@@ -266,26 +271,28 @@
* }
* prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_asn1_get_tag(&p, end_field, &len, MBEDTLS_ASN1_OID)) != 0) {
+ return ret;
+ }
- if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) ||
- memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
- {
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+ if (len != MBEDTLS_OID_SIZE(MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD) ||
+ memcmp(p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len) != 0) {
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
p += len;
/* Prime-p ::= INTEGER -- Field of size p. */
- if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_mpi(&p, end_field, &grp->P)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+ }
- grp->pbits = mbedtls_mpi_bitlen( &grp->P );
+ grp->pbits = mbedtls_mpi_bitlen(&grp->P);
- if( p != end_field )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (p != end_field) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
/*
* Curve ::= SEQUENCE {
@@ -296,9 +303,10 @@
* -- with version equal to ecdpVer2 or ecdpVer3
* }
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return ret;
+ }
end_curve = p + len;
@@ -306,51 +314,50 @@
* FieldElement ::= OCTET STRING
* containing an integer in the case of a prime field
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
- ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0 ||
+ (ret = mbedtls_mpi_read_binary(&grp->A, p, len)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
p += len;
- if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
- ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0 ||
+ (ret = mbedtls_mpi_read_binary(&grp->B, p, len)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
p += len;
/* Ignore seed BIT STRING OPTIONAL */
- if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 )
+ if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING)) == 0) {
p += len;
+ }
- if( p != end_curve )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (p != end_curve) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
/*
* ECPoint ::= OCTET STRING
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+ }
- if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G,
- ( const unsigned char *) p, len ) ) != 0 )
- {
+ if ((ret = mbedtls_ecp_point_read_binary(grp, &grp->G,
+ (const unsigned char *) p, len)) != 0) {
/*
* If we can't read the point because it's compressed, cheat by
* reading only the X coordinate and the parity bit of Y.
*/
- if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ||
- ( p[0] != 0x02 && p[0] != 0x03 ) ||
- len != mbedtls_mpi_size( &grp->P ) + 1 ||
- mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
- mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
- mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 )
- {
- return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+ if (ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ||
+ (p[0] != 0x02 && p[0] != 0x03) ||
+ len != mbedtls_mpi_size(&grp->P) + 1 ||
+ mbedtls_mpi_read_binary(&grp->G.X, p + 1, len - 1) != 0 ||
+ mbedtls_mpi_lset(&grp->G.Y, p[0] - 2) != 0 ||
+ mbedtls_mpi_lset(&grp->G.Z, 1) != 0) {
+ return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
}
}
@@ -359,83 +366,84 @@
/*
* order INTEGER
*/
- if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_mpi(&p, end, &grp->N)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+ }
- grp->nbits = mbedtls_mpi_bitlen( &grp->N );
+ grp->nbits = mbedtls_mpi_bitlen(&grp->N);
/*
* Allow optional elements by purposefully not enforcing p == end here.
*/
- return( 0 );
+ return 0;
}
/*
* Find the group id associated with an (almost filled) group as generated by
* pk_group_from_specified(), or return an error if unknown.
*/
-static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id )
+static int pk_group_id_from_group(const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id)
{
int ret = 0;
mbedtls_ecp_group ref;
const mbedtls_ecp_group_id *id;
- mbedtls_ecp_group_init( &ref );
+ mbedtls_ecp_group_init(&ref);
- for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ )
- {
+ for (id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++) {
/* Load the group associated to that id */
- mbedtls_ecp_group_free( &ref );
- MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) );
+ mbedtls_ecp_group_free(&ref);
+ MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&ref, *id));
/* Compare to the group we were given, starting with easy tests */
- if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
- mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
- mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
- mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
- mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
- mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
- mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
+ if (grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
+ mbedtls_mpi_cmp_mpi(&grp->P, &ref.P) == 0 &&
+ mbedtls_mpi_cmp_mpi(&grp->A, &ref.A) == 0 &&
+ mbedtls_mpi_cmp_mpi(&grp->B, &ref.B) == 0 &&
+ mbedtls_mpi_cmp_mpi(&grp->N, &ref.N) == 0 &&
+ mbedtls_mpi_cmp_mpi(&grp->G.X, &ref.G.X) == 0 &&
+ mbedtls_mpi_cmp_mpi(&grp->G.Z, &ref.G.Z) == 0 &&
/* For Y we may only know the parity bit, so compare only that */
- mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) )
- {
+ mbedtls_mpi_get_bit(&grp->G.Y, 0) == mbedtls_mpi_get_bit(&ref.G.Y, 0)) {
break;
}
}
cleanup:
- mbedtls_ecp_group_free( &ref );
+ mbedtls_ecp_group_free(&ref);
*grp_id = *id;
- if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE )
+ if (ret == 0 && *id == MBEDTLS_ECP_DP_NONE) {
ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+ }
- return( ret );
+ return ret;
}
/*
* Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
*/
-static int pk_group_id_from_specified( const mbedtls_asn1_buf *params,
- mbedtls_ecp_group_id *grp_id )
+static int pk_group_id_from_specified(const mbedtls_asn1_buf *params,
+ mbedtls_ecp_group_id *grp_id)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group grp;
- mbedtls_ecp_group_init( &grp );
+ mbedtls_ecp_group_init(&grp);
- if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
+ if ((ret = pk_group_from_specified(params, &grp)) != 0) {
goto cleanup;
+ }
- ret = pk_group_id_from_group( &grp, grp_id );
+ ret = pk_group_id_from_group(&grp, grp_id);
cleanup:
- mbedtls_ecp_group_free( &grp );
+ mbedtls_ecp_group_free(&grp);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
@@ -447,36 +455,37 @@
* specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
* -- implicitCurve NULL
*/
-static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
+static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group_id grp_id;
- if( params->tag == MBEDTLS_ASN1_OID )
- {
- if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 )
- return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE );
- }
- else
- {
+ if (params->tag == MBEDTLS_ASN1_OID) {
+ if (mbedtls_oid_get_ec_grp(params, &grp_id) != 0) {
+ return MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE;
+ }
+ } else {
#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
- if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
- return( ret );
+ if ((ret = pk_group_id_from_specified(params, &grp_id)) != 0) {
+ return ret;
+ }
#else
- return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+ return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
#endif
}
/*
* grp may already be initialized; if so, make sure IDs match
*/
- if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
- return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+ if (grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id) {
+ return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+ }
- if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_ecp_group_load(grp, grp_id)) != 0) {
+ return ret;
+ }
- return( 0 );
+ return 0;
}
/*
@@ -486,15 +495,14 @@
* desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
* return code of mbedtls_ecp_point_read_binary() and leave p in a usable state.
*/
-static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
- mbedtls_ecp_keypair *key )
+static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end,
+ mbedtls_ecp_keypair *key)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q,
- (const unsigned char *) *p, end - *p ) ) == 0 )
- {
- ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q );
+ if ((ret = mbedtls_ecp_point_read_binary(&key->grp, &key->Q,
+ (const unsigned char *) *p, end - *p)) == 0) {
+ ret = mbedtls_ecp_check_pubkey(&key->grp, &key->Q);
}
/*
@@ -502,7 +510,7 @@
*/
*p = (unsigned char *) end;
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_ECP_C */
@@ -513,52 +521,58 @@
* publicExponent INTEGER -- e
* }
*/
-static int pk_get_rsapubkey( unsigned char **p,
- const unsigned char *end,
- mbedtls_rsa_context *rsa )
+static int pk_get_rsapubkey(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_rsa_context *rsa)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret);
+ }
- if( *p + len != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p + len != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
/* Import N */
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret);
+ }
- if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0,
- NULL, 0, NULL, 0 ) ) != 0 )
- return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
+ if ((ret = mbedtls_rsa_import_raw(rsa, *p, len, NULL, 0, NULL, 0,
+ NULL, 0, NULL, 0)) != 0) {
+ return MBEDTLS_ERR_PK_INVALID_PUBKEY;
+ }
*p += len;
/* Import E */
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret);
+ }
- if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
- NULL, 0, *p, len ) ) != 0 )
- return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
+ if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0,
+ NULL, 0, *p, len)) != 0) {
+ return MBEDTLS_ERR_PK_INVALID_PUBKEY;
+ }
*p += len;
- if( mbedtls_rsa_complete( rsa ) != 0 ||
- mbedtls_rsa_check_pubkey( rsa ) != 0 )
- {
- return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
+ if (mbedtls_rsa_complete(rsa) != 0 ||
+ mbedtls_rsa_check_pubkey(rsa) != 0) {
+ return MBEDTLS_ERR_PK_INVALID_PUBKEY;
}
- if( *p != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_RSA_C */
@@ -568,32 +582,33 @@
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL }
*/
-static int pk_get_pk_alg( unsigned char **p,
- const unsigned char *end,
- mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params )
+static int pk_get_pk_alg(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_asn1_buf alg_oid;
- memset( params, 0, sizeof(mbedtls_asn1_buf) );
+ memset(params, 0, sizeof(mbedtls_asn1_buf));
- if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_ALG, ret ) );
+ if ((ret = mbedtls_asn1_get_alg(p, end, &alg_oid, params)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, ret);
+ }
- if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
- return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+ if (mbedtls_oid_get_pk_alg(&alg_oid, pk_alg) != 0) {
+ return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
+ }
/*
* No parameters with RSA (only for EC)
*/
- if( *pk_alg == MBEDTLS_PK_RSA &&
- ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) ||
- params->len != 0 ) )
- {
- return( MBEDTLS_ERR_PK_INVALID_ALG );
+ if (*pk_alg == MBEDTLS_PK_RSA &&
+ ((params->tag != MBEDTLS_ASN1_NULL && params->tag != 0) ||
+ params->len != 0)) {
+ return MBEDTLS_ERR_PK_INVALID_ALG;
}
- return( 0 );
+ return 0;
}
/*
@@ -601,8 +616,8 @@
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING }
*/
-int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
- mbedtls_pk_context *pk )
+int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end,
+ mbedtls_pk_context *pk)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
@@ -610,59 +625,64 @@
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
const mbedtls_pk_info_t *pk_info;
- PK_VALIDATE_RET( p != NULL );
- PK_VALIDATE_RET( *p != NULL );
- PK_VALIDATE_RET( end != NULL );
- PK_VALIDATE_RET( pk != NULL );
+ PK_VALIDATE_RET(p != NULL);
+ PK_VALIDATE_RET(*p != NULL);
+ PK_VALIDATE_RET(end != NULL);
+ PK_VALIDATE_RET(pk != NULL);
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
end = *p + len;
- if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
- return( ret );
+ if ((ret = pk_get_pk_alg(p, end, &pk_alg, &alg_params)) != 0) {
+ return ret;
+ }
- if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) );
+ if ((ret = mbedtls_asn1_get_bitstring_null(p, end, &len)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret);
+ }
- if( *p + len != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p + len != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
- return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+ if ((pk_info = mbedtls_pk_info_from_type(pk_alg)) == NULL) {
+ return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
+ }
- if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0) {
+ return ret;
+ }
#if defined(MBEDTLS_RSA_C)
- if( pk_alg == MBEDTLS_PK_RSA )
- {
- ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
+ if (pk_alg == MBEDTLS_PK_RSA) {
+ ret = pk_get_rsapubkey(p, end, mbedtls_pk_rsa(*pk));
} else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
- if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
- {
- ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp );
- if( ret == 0 )
- ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
+ if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) {
+ ret = pk_use_ecparams(&alg_params, &mbedtls_pk_ec(*pk)->grp);
+ if (ret == 0) {
+ ret = pk_get_ecpubkey(p, end, mbedtls_pk_ec(*pk));
+ }
} else
#endif /* MBEDTLS_ECP_C */
- ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
+ ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
- if( ret == 0 && *p != end )
- ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ if (ret == 0 && *p != end) {
+ ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- if( ret != 0 )
- mbedtls_pk_free( pk );
+ if (ret != 0) {
+ mbedtls_pk_free(pk);
+ }
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_RSA_C)
@@ -676,35 +696,37 @@
* Since values can't be omitted in PKCS#1, passing a zero value to
* rsa_complete() would be incorrect, so reject zero values early.
*/
-static int asn1_get_nonzero_mpi( unsigned char **p,
- const unsigned char *end,
- mbedtls_mpi *X )
+static int asn1_get_nonzero_mpi(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_mpi *X)
{
int ret;
- ret = mbedtls_asn1_get_mpi( p, end, X );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_asn1_get_mpi(p, end, X);
+ if (ret != 0) {
+ return ret;
+ }
- if( mbedtls_mpi_cmp_int( X, 0 ) == 0 )
- return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+ if (mbedtls_mpi_cmp_int(X, 0) == 0) {
+ return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+ }
- return( 0 );
+ return 0;
}
/*
* Parse a PKCS#1 encoded private RSA key
*/
-static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
- const unsigned char *key,
- size_t keylen )
+static int pk_parse_key_pkcs1_der(mbedtls_rsa_context *rsa,
+ const unsigned char *key,
+ size_t keylen)
{
int ret, version;
size_t len;
unsigned char *p, *end;
mbedtls_mpi T;
- mbedtls_mpi_init( &T );
+ mbedtls_mpi_init(&T);
p = (unsigned char *) key;
end = p + keylen;
@@ -725,87 +747,93 @@
* otherPrimeInfos OtherPrimeInfos OPTIONAL
* }
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
end = p + len;
- if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
- if( version != 0 )
- {
- return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
+ if (version != 0) {
+ return MBEDTLS_ERR_PK_KEY_INVALID_VERSION;
}
/* Import N */
- if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
- ( ret = mbedtls_rsa_import( rsa, &T, NULL, NULL,
- NULL, NULL ) ) != 0 )
+ if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+ (ret = mbedtls_rsa_import(rsa, &T, NULL, NULL,
+ NULL, NULL)) != 0) {
goto cleanup;
+ }
/* Import E */
- if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
- ( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL,
- NULL, &T ) ) != 0 )
+ if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+ (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL,
+ NULL, &T)) != 0) {
goto cleanup;
+ }
/* Import D */
- if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
- ( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL,
- &T, NULL ) ) != 0 )
+ if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+ (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL,
+ &T, NULL)) != 0) {
goto cleanup;
+ }
/* Import P */
- if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
- ( ret = mbedtls_rsa_import( rsa, NULL, &T, NULL,
- NULL, NULL ) ) != 0 )
+ if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+ (ret = mbedtls_rsa_import(rsa, NULL, &T, NULL,
+ NULL, NULL)) != 0) {
goto cleanup;
+ }
/* Import Q */
- if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
- ( ret = mbedtls_rsa_import( rsa, NULL, NULL, &T,
- NULL, NULL ) ) != 0 )
+ if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+ (ret = mbedtls_rsa_import(rsa, NULL, NULL, &T,
+ NULL, NULL)) != 0) {
goto cleanup;
+ }
#if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT)
/*
- * The RSA CRT parameters DP, DQ and QP are nominally redundant, in
- * that they can be easily recomputed from D, P and Q. However by
- * parsing them from the PKCS1 structure it is possible to avoid
- * recalculating them which both reduces the overhead of loading
- * RSA private keys into memory and also avoids side channels which
- * can arise when computing those values, since all of D, P, and Q
- * are secret. See https://eprint.iacr.org/2020/055 for a
- * description of one such attack.
- */
+ * The RSA CRT parameters DP, DQ and QP are nominally redundant, in
+ * that they can be easily recomputed from D, P and Q. However by
+ * parsing them from the PKCS1 structure it is possible to avoid
+ * recalculating them which both reduces the overhead of loading
+ * RSA private keys into memory and also avoids side channels which
+ * can arise when computing those values, since all of D, P, and Q
+ * are secret. See https://eprint.iacr.org/2020/055 for a
+ * description of one such attack.
+ */
/* Import DP */
- if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
- ( ret = mbedtls_mpi_copy( &rsa->DP, &T ) ) != 0 )
- goto cleanup;
+ if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+ (ret = mbedtls_mpi_copy(&rsa->DP, &T)) != 0) {
+ goto cleanup;
+ }
/* Import DQ */
- if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
- ( ret = mbedtls_mpi_copy( &rsa->DQ, &T ) ) != 0 )
- goto cleanup;
+ if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+ (ret = mbedtls_mpi_copy(&rsa->DQ, &T)) != 0) {
+ goto cleanup;
+ }
/* Import QP */
- if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
- ( ret = mbedtls_mpi_copy( &rsa->QP, &T ) ) != 0 )
- goto cleanup;
+ if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+ (ret = mbedtls_mpi_copy(&rsa->QP, &T)) != 0) {
+ goto cleanup;
+ }
#else
/* Verify existence of the CRT params */
- if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
- ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
- ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 )
- goto cleanup;
+ if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+ (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+ (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0) {
+ goto cleanup;
+ }
#endif
/* rsa_complete() doesn't complete anything with the default
@@ -817,34 +845,32 @@
* Furthermore, we also check the public part for consistency with
* mbedtls_pk_parse_pubkey(), as it includes size minima for example.
*/
- if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 ||
- ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 )
- {
+ if ((ret = mbedtls_rsa_complete(rsa)) != 0 ||
+ (ret = mbedtls_rsa_check_pubkey(rsa)) != 0) {
goto cleanup;
}
- if( p != end )
- {
- ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ if (p != end) {
+ ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
cleanup:
- mbedtls_mpi_free( &T );
+ mbedtls_mpi_free(&T);
- if( ret != 0 )
- {
+ if (ret != 0) {
/* Wrap error code if it's coming from a lower level */
- if( ( ret & 0xff80 ) == 0 )
- ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret );
- else
+ if ((ret & 0xff80) == 0) {
+ ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+ } else {
ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+ }
- mbedtls_rsa_free( rsa );
+ mbedtls_rsa_free(rsa);
}
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_RSA_C */
@@ -852,9 +878,9 @@
/*
* Parse a SEC1 encoded private EC key
*/
-static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
- const unsigned char *key,
- size_t keylen )
+static int pk_parse_key_sec1_der(mbedtls_ecp_keypair *eck,
+ const unsigned char *key,
+ size_t keylen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int version, pubkey_done;
@@ -874,106 +900,100 @@
* publicKey [1] BIT STRING OPTIONAL
* }
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
end = p + len;
- if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+ }
- if( version != 1 )
- return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
+ if (version != 1) {
+ return MBEDTLS_ERR_PK_KEY_INVALID_VERSION;
+ }
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+ }
- if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 )
- {
- mbedtls_ecp_keypair_free( eck );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_mpi_read_binary(&eck->d, p, len)) != 0) {
+ mbedtls_ecp_keypair_free(eck);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
p += len;
pubkey_done = 0;
- if( p != end )
- {
+ if (p != end) {
/*
* Is 'parameters' present?
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
- {
- if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 ||
- ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 )
- {
- mbedtls_ecp_keypair_free( eck );
- return( ret );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
+ 0)) == 0) {
+ if ((ret = pk_get_ecparams(&p, p + len, ¶ms)) != 0 ||
+ (ret = pk_use_ecparams(¶ms, &eck->grp)) != 0) {
+ mbedtls_ecp_keypair_free(eck);
+ return ret;
}
- }
- else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
- {
- mbedtls_ecp_keypair_free( eck );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+ mbedtls_ecp_keypair_free(eck);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
}
- if( p != end )
- {
+ if (p != end) {
/*
* Is 'publickey' present? If not, or if we can't read it (eg because it
* is compressed), create it from the private key.
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
- {
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
+ 1)) == 0) {
end2 = p + len;
- if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_bitstring_null(&p, end2, &len)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+ }
- if( p + len != end2 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (p + len != end2) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
+ if ((ret = pk_get_ecpubkey(&p, end2, eck)) == 0) {
pubkey_done = 1;
- else
- {
+ } else {
/*
* The only acceptable failure mode of pk_get_ecpubkey() above
* is if the point format is not recognized.
*/
- if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE )
- return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+ if (ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE) {
+ return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+ }
}
- }
- else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
- {
- mbedtls_ecp_keypair_free( eck );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+ mbedtls_ecp_keypair_free(eck);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
}
- if( ! pubkey_done &&
- ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
- NULL, NULL ) ) != 0 )
- {
- mbedtls_ecp_keypair_free( eck );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if (!pubkey_done &&
+ (ret = mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G,
+ NULL, NULL)) != 0) {
+ mbedtls_ecp_keypair_free(eck);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
- if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
- {
- mbedtls_ecp_keypair_free( eck );
- return( ret );
+ if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) {
+ mbedtls_ecp_keypair_free(eck);
+ return ret;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_ECP_C */
@@ -991,9 +1011,9 @@
*
*/
static int pk_parse_key_pkcs8_unencrypted_der(
- mbedtls_pk_context *pk,
- const unsigned char* key,
- size_t keylen )
+ mbedtls_pk_context *pk,
+ const unsigned char *key,
+ size_t keylen)
{
int ret, version;
size_t len;
@@ -1019,62 +1039,62 @@
* The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
end = p + len;
- if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-
- if( version != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_VERSION, ret ) );
-
- if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if (version != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_VERSION, ret);
+ }
- if( len < 1 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
+ if ((ret = pk_get_pk_alg(&p, end, &pk_alg, ¶ms)) != 0) {
+ return ret;
+ }
- if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
- return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+ }
- if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
- return( ret );
+ if (len < 1) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+ }
+
+ if ((pk_info = mbedtls_pk_info_from_type(pk_alg)) == NULL) {
+ return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
+ }
+
+ if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0) {
+ return ret;
+ }
#if defined(MBEDTLS_RSA_C)
- if( pk_alg == MBEDTLS_PK_RSA )
- {
- if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 )
- {
- mbedtls_pk_free( pk );
- return( ret );
+ if (pk_alg == MBEDTLS_PK_RSA) {
+ if ((ret = pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), p, len)) != 0) {
+ mbedtls_pk_free(pk);
+ return ret;
}
} else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
- if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
- {
- if( ( ret = pk_use_ecparams( ¶ms, &mbedtls_pk_ec( *pk )->grp ) ) != 0 ||
- ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 )
- {
- mbedtls_pk_free( pk );
- return( ret );
+ if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) {
+ if ((ret = pk_use_ecparams(¶ms, &mbedtls_pk_ec(*pk)->grp)) != 0 ||
+ (ret = pk_parse_key_sec1_der(mbedtls_pk_ec(*pk), p, len)) != 0) {
+ mbedtls_pk_free(pk);
+ return ret;
}
} else
#endif /* MBEDTLS_ECP_C */
- return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+ return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
- return( 0 );
+ return 0;
}
/*
@@ -1088,9 +1108,9 @@
*/
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
static int pk_parse_key_pkcs8_encrypted_der(
- mbedtls_pk_context *pk,
- unsigned char *key, size_t keylen,
- const unsigned char *pwd, size_t pwdlen )
+ mbedtls_pk_context *pk,
+ unsigned char *key, size_t keylen,
+ const unsigned char *pwd, size_t pwdlen)
{
int ret, decrypted = 0;
size_t len;
@@ -1105,8 +1125,9 @@
p = key;
end = p + keylen;
- if( pwdlen == 0 )
- return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
+ if (pwdlen == 0) {
+ return MBEDTLS_ERR_PK_PASSWORD_REQUIRED;
+ }
/*
* This function parses the EncryptedPrivateKeyInfo object (PKCS#8)
@@ -1123,19 +1144,20 @@
* The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
*
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
end = p + len;
- if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_alg(&p, end, &pbe_alg_oid, &pbe_params)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+ }
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+ }
buf = p;
@@ -1143,73 +1165,68 @@
* Decrypt EncryptedData with appropriate PBE
*/
#if defined(MBEDTLS_PKCS12_C)
- if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
- {
- if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
- cipher_alg, md_alg,
- pwd, pwdlen, p, len, buf ) ) != 0 )
- {
- if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH )
- return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
+ if (mbedtls_oid_get_pkcs12_pbe_alg(&pbe_alg_oid, &md_alg, &cipher_alg) == 0) {
+ if ((ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
+ cipher_alg, md_alg,
+ pwd, pwdlen, p, len, buf)) != 0) {
+ if (ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH) {
+ return MBEDTLS_ERR_PK_PASSWORD_MISMATCH;
+ }
- return( ret );
+ return ret;
}
decrypted = 1;
- }
- else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 )
- {
- if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params,
- MBEDTLS_PKCS12_PBE_DECRYPT,
- pwd, pwdlen,
- p, len, buf ) ) != 0 )
- {
- return( ret );
+ } else if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid) == 0) {
+ if ((ret = mbedtls_pkcs12_pbe_sha1_rc4_128(&pbe_params,
+ MBEDTLS_PKCS12_PBE_DECRYPT,
+ pwd, pwdlen,
+ p, len, buf)) != 0) {
+ return ret;
}
// Best guess for password mismatch when using RC4. If first tag is
// not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE
//
- if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
- return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
-
- decrypted = 1;
- }
- else
-#endif /* MBEDTLS_PKCS12_C */
-#if defined(MBEDTLS_PKCS5_C)
- if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 )
- {
- if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
- p, len, buf ) ) != 0 )
- {
- if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH )
- return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
-
- return( ret );
+ if (*buf != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
+ return MBEDTLS_ERR_PK_PASSWORD_MISMATCH;
}
decrypted = 1;
- }
- else
+ } else
+#endif /* MBEDTLS_PKCS12_C */
+#if defined(MBEDTLS_PKCS5_C)
+ if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid) == 0) {
+ if ((ret = mbedtls_pkcs5_pbes2(&pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
+ p, len, buf)) != 0) {
+ if (ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH) {
+ return MBEDTLS_ERR_PK_PASSWORD_MISMATCH;
+ }
+
+ return ret;
+ }
+
+ decrypted = 1;
+ } else
#endif /* MBEDTLS_PKCS5_C */
{
((void) pwd);
}
- if( decrypted == 0 )
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+ if (decrypted == 0) {
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ }
- return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
+ return pk_parse_key_pkcs8_unencrypted_der(pk, buf, len);
}
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
/*
* Parse a private key
*/
-int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
- const unsigned char *key, size_t keylen,
- const unsigned char *pwd, size_t pwdlen )
+int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
+ const unsigned char *key, size_t keylen,
+ const unsigned char *pwd, size_t pwdlen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_pk_info_t *pk_info;
@@ -1218,121 +1235,118 @@
mbedtls_pem_context pem;
#endif
- PK_VALIDATE_RET( pk != NULL );
- if( keylen == 0 )
- return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
- PK_VALIDATE_RET( key != NULL );
+ PK_VALIDATE_RET(pk != NULL);
+ if (keylen == 0) {
+ return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+ }
+ PK_VALIDATE_RET(key != NULL);
#if defined(MBEDTLS_PEM_PARSE_C)
- mbedtls_pem_init( &pem );
+ mbedtls_pem_init(&pem);
#if defined(MBEDTLS_RSA_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( key[keylen - 1] != '\0' )
+ if (key[keylen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
- else
- ret = mbedtls_pem_read_buffer( &pem,
- "-----BEGIN RSA PRIVATE KEY-----",
- "-----END RSA PRIVATE KEY-----",
- key, pwd, pwdlen, &len );
+ } else {
+ ret = mbedtls_pem_read_buffer(&pem,
+ "-----BEGIN RSA PRIVATE KEY-----",
+ "-----END RSA PRIVATE KEY-----",
+ key, pwd, pwdlen, &len);
+ }
- if( ret == 0 )
- {
- pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
- if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
- ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
- pem.buf, pem.buflen ) ) != 0 )
- {
- mbedtls_pk_free( pk );
+ if (ret == 0) {
+ pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
+ if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 ||
+ (ret = pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk),
+ pem.buf, pem.buflen)) != 0) {
+ mbedtls_pk_free(pk);
}
- mbedtls_pem_free( &pem );
- return( ret );
+ mbedtls_pem_free(&pem);
+ return ret;
+ } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) {
+ return MBEDTLS_ERR_PK_PASSWORD_MISMATCH;
+ } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED) {
+ return MBEDTLS_ERR_PK_PASSWORD_REQUIRED;
+ } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+ return ret;
}
- else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
- return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
- else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
- return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
- else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
- return( ret );
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( key[keylen - 1] != '\0' )
+ if (key[keylen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
- else
- ret = mbedtls_pem_read_buffer( &pem,
- "-----BEGIN EC PRIVATE KEY-----",
- "-----END EC PRIVATE KEY-----",
- key, pwd, pwdlen, &len );
- if( ret == 0 )
- {
- pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
+ } else {
+ ret = mbedtls_pem_read_buffer(&pem,
+ "-----BEGIN EC PRIVATE KEY-----",
+ "-----END EC PRIVATE KEY-----",
+ key, pwd, pwdlen, &len);
+ }
+ if (ret == 0) {
+ pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY);
- if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
- ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
- pem.buf, pem.buflen ) ) != 0 )
- {
- mbedtls_pk_free( pk );
+ if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 ||
+ (ret = pk_parse_key_sec1_der(mbedtls_pk_ec(*pk),
+ pem.buf, pem.buflen)) != 0) {
+ mbedtls_pk_free(pk);
}
- mbedtls_pem_free( &pem );
- return( ret );
+ mbedtls_pem_free(&pem);
+ return ret;
+ } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) {
+ return MBEDTLS_ERR_PK_PASSWORD_MISMATCH;
+ } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED) {
+ return MBEDTLS_ERR_PK_PASSWORD_REQUIRED;
+ } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+ return ret;
}
- else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
- return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
- else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
- return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
- else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
- return( ret );
#endif /* MBEDTLS_ECP_C */
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( key[keylen - 1] != '\0' )
+ if (key[keylen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
- else
- ret = mbedtls_pem_read_buffer( &pem,
- "-----BEGIN PRIVATE KEY-----",
- "-----END PRIVATE KEY-----",
- key, NULL, 0, &len );
- if( ret == 0 )
- {
- if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
- pem.buf, pem.buflen ) ) != 0 )
- {
- mbedtls_pk_free( pk );
+ } else {
+ ret = mbedtls_pem_read_buffer(&pem,
+ "-----BEGIN PRIVATE KEY-----",
+ "-----END PRIVATE KEY-----",
+ key, NULL, 0, &len);
+ }
+ if (ret == 0) {
+ if ((ret = pk_parse_key_pkcs8_unencrypted_der(pk,
+ pem.buf, pem.buflen)) != 0) {
+ mbedtls_pk_free(pk);
}
- mbedtls_pem_free( &pem );
- return( ret );
+ mbedtls_pem_free(&pem);
+ return ret;
+ } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+ return ret;
}
- else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
- return( ret );
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( key[keylen - 1] != '\0' )
+ if (key[keylen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
- else
- ret = mbedtls_pem_read_buffer( &pem,
- "-----BEGIN ENCRYPTED PRIVATE KEY-----",
- "-----END ENCRYPTED PRIVATE KEY-----",
- key, NULL, 0, &len );
- if( ret == 0 )
- {
- if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
- pem.buf, pem.buflen,
- pwd, pwdlen ) ) != 0 )
- {
- mbedtls_pk_free( pk );
+ } else {
+ ret = mbedtls_pem_read_buffer(&pem,
+ "-----BEGIN ENCRYPTED PRIVATE KEY-----",
+ "-----END ENCRYPTED PRIVATE KEY-----",
+ key, NULL, 0, &len);
+ }
+ if (ret == 0) {
+ if ((ret = pk_parse_key_pkcs8_encrypted_der(pk,
+ pem.buf, pem.buflen,
+ pwd, pwdlen)) != 0) {
+ mbedtls_pk_free(pk);
}
- mbedtls_pem_free( &pem );
- return( ret );
+ mbedtls_pem_free(&pem);
+ return ret;
+ } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+ return ret;
}
- else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
- return( ret );
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
#else
((void) pwd);
@@ -1350,61 +1364,59 @@
{
unsigned char *key_copy;
- if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
- return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+ if ((key_copy = mbedtls_calloc(1, keylen)) == NULL) {
+ return MBEDTLS_ERR_PK_ALLOC_FAILED;
+ }
- memcpy( key_copy, key, keylen );
+ memcpy(key_copy, key, keylen);
- ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
- pwd, pwdlen );
+ ret = pk_parse_key_pkcs8_encrypted_der(pk, key_copy, keylen,
+ pwd, pwdlen);
- mbedtls_platform_zeroize( key_copy, keylen );
- mbedtls_free( key_copy );
+ mbedtls_platform_zeroize(key_copy, keylen);
+ mbedtls_free(key_copy);
}
- if( ret == 0 )
- return( 0 );
+ if (ret == 0) {
+ return 0;
+ }
- mbedtls_pk_free( pk );
- mbedtls_pk_init( pk );
+ mbedtls_pk_free(pk);
+ mbedtls_pk_init(pk);
- if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
- {
- return( ret );
+ if (ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH) {
+ return ret;
}
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
- ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen );
- if( ret == 0 )
- {
- return( 0 );
+ ret = pk_parse_key_pkcs8_unencrypted_der(pk, key, keylen);
+ if (ret == 0) {
+ return 0;
}
- mbedtls_pk_free( pk );
- mbedtls_pk_init( pk );
+ mbedtls_pk_free(pk);
+ mbedtls_pk_init(pk);
#if defined(MBEDTLS_RSA_C)
- pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
- if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
- pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) == 0 )
- {
- return( 0 );
+ pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
+ if (mbedtls_pk_setup(pk, pk_info) == 0 &&
+ pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), key, keylen) == 0) {
+ return 0;
}
- mbedtls_pk_free( pk );
- mbedtls_pk_init( pk );
+ mbedtls_pk_free(pk);
+ mbedtls_pk_init(pk);
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
- pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
- if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
- pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
- key, keylen ) == 0 )
- {
- return( 0 );
+ pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY);
+ if (mbedtls_pk_setup(pk, pk_info) == 0 &&
+ pk_parse_key_sec1_der(mbedtls_pk_ec(*pk),
+ key, keylen) == 0) {
+ return 0;
}
- mbedtls_pk_free( pk );
+ mbedtls_pk_free(pk);
#endif /* MBEDTLS_ECP_C */
/* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't,
@@ -1417,14 +1429,14 @@
* also ok and in line with the mbedtls_pk_free() calls
* on failed PEM parsing attempts. */
- return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+ return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
}
/*
* Parse a public key
*/
-int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
- const unsigned char *key, size_t keylen )
+int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx,
+ const unsigned char *key, size_t keylen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p;
@@ -1436,104 +1448,100 @@
mbedtls_pem_context pem;
#endif
- PK_VALIDATE_RET( ctx != NULL );
- if( keylen == 0 )
- return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
- PK_VALIDATE_RET( key != NULL || keylen == 0 );
+ PK_VALIDATE_RET(ctx != NULL);
+ if (keylen == 0) {
+ return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+ }
+ PK_VALIDATE_RET(key != NULL || keylen == 0);
#if defined(MBEDTLS_PEM_PARSE_C)
- mbedtls_pem_init( &pem );
+ mbedtls_pem_init(&pem);
#if defined(MBEDTLS_RSA_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( key[keylen - 1] != '\0' )
+ if (key[keylen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
- else
- ret = mbedtls_pem_read_buffer( &pem,
- "-----BEGIN RSA PUBLIC KEY-----",
- "-----END RSA PUBLIC KEY-----",
- key, NULL, 0, &len );
-
- if( ret == 0 )
- {
- p = pem.buf;
- if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
- {
- mbedtls_pem_free( &pem );
- return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
- }
-
- if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
- {
- mbedtls_pem_free( &pem );
- return( ret );
- }
-
- if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 )
- mbedtls_pk_free( ctx );
-
- mbedtls_pem_free( &pem );
- return( ret );
+ } else {
+ ret = mbedtls_pem_read_buffer(&pem,
+ "-----BEGIN RSA PUBLIC KEY-----",
+ "-----END RSA PUBLIC KEY-----",
+ key, NULL, 0, &len);
}
- else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
- {
- mbedtls_pem_free( &pem );
- return( ret );
+
+ if (ret == 0) {
+ p = pem.buf;
+ if ((pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == NULL) {
+ mbedtls_pem_free(&pem);
+ return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
+ }
+
+ if ((ret = mbedtls_pk_setup(ctx, pk_info)) != 0) {
+ mbedtls_pem_free(&pem);
+ return ret;
+ }
+
+ if ((ret = pk_get_rsapubkey(&p, p + pem.buflen, mbedtls_pk_rsa(*ctx))) != 0) {
+ mbedtls_pk_free(ctx);
+ }
+
+ mbedtls_pem_free(&pem);
+ return ret;
+ } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+ mbedtls_pem_free(&pem);
+ return ret;
}
#endif /* MBEDTLS_RSA_C */
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( key[keylen - 1] != '\0' )
+ if (key[keylen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
- else
- ret = mbedtls_pem_read_buffer( &pem,
- "-----BEGIN PUBLIC KEY-----",
- "-----END PUBLIC KEY-----",
- key, NULL, 0, &len );
+ } else {
+ ret = mbedtls_pem_read_buffer(&pem,
+ "-----BEGIN PUBLIC KEY-----",
+ "-----END PUBLIC KEY-----",
+ key, NULL, 0, &len);
+ }
- if( ret == 0 )
- {
+ if (ret == 0) {
/*
* Was PEM encoded
*/
p = pem.buf;
- ret = mbedtls_pk_parse_subpubkey( &p, p + pem.buflen, ctx );
- mbedtls_pem_free( &pem );
- return( ret );
+ ret = mbedtls_pk_parse_subpubkey(&p, p + pem.buflen, ctx);
+ mbedtls_pem_free(&pem);
+ return ret;
+ } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+ mbedtls_pem_free(&pem);
+ return ret;
}
- else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
- {
- mbedtls_pem_free( &pem );
- return( ret );
- }
- mbedtls_pem_free( &pem );
+ mbedtls_pem_free(&pem);
#endif /* MBEDTLS_PEM_PARSE_C */
#if defined(MBEDTLS_RSA_C)
- if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
- return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
-
- if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
- return( ret );
-
- p = (unsigned char *)key;
- ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) );
- if( ret == 0 )
- {
- return( ret );
+ if ((pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == NULL) {
+ return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
}
- mbedtls_pk_free( ctx );
- if( ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) )
- {
- return( ret );
+
+ if ((ret = mbedtls_pk_setup(ctx, pk_info)) != 0) {
+ return ret;
+ }
+
+ p = (unsigned char *) key;
+ ret = pk_get_rsapubkey(&p, p + keylen, mbedtls_pk_rsa(*ctx));
+ if (ret == 0) {
+ return ret;
+ }
+ mbedtls_pk_free(ctx);
+ if (ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG))) {
+ return ret;
}
#endif /* MBEDTLS_RSA_C */
p = (unsigned char *) key;
- ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx );
+ ret = mbedtls_pk_parse_subpubkey(&p, p + keylen, ctx);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_PK_PARSE_C */
diff --git a/library/pkwrite.c b/library/pkwrite.c
index c1ce0e3..0107f20 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -51,10 +51,10 @@
#include "mbedtls/platform.h"
/* Parameter validation macros based on platform_util.h */
-#define PK_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
-#define PK_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define PK_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA)
+#define PK_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
#if defined(MBEDTLS_RSA_C)
/*
@@ -63,38 +63,41 @@
* publicExponent INTEGER -- e
* }
*/
-static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start,
- mbedtls_rsa_context *rsa )
+static int pk_write_rsa_pubkey(unsigned char **p, unsigned char *start,
+ mbedtls_rsa_context *rsa)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
mbedtls_mpi T;
- mbedtls_mpi_init( &T );
+ mbedtls_mpi_init(&T);
/* Export E */
- if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 ||
- ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )
+ if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 ||
+ (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) {
goto end_of_export;
+ }
len += ret;
/* Export N */
- if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 ||
- ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )
+ if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 ||
+ (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) {
goto end_of_export;
+ }
len += ret;
end_of_export:
- mbedtls_mpi_free( &T );
- if( ret < 0 )
- return( ret );
+ mbedtls_mpi_free(&T);
+ if (ret < 0) {
+ return ret;
+ }
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
- return( (int) len );
+ return (int) len;
}
#endif /* MBEDTLS_RSA_C */
@@ -102,27 +105,27 @@
/*
* EC public key is an EC point
*/
-static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
- mbedtls_ecp_keypair *ec )
+static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start,
+ mbedtls_ecp_keypair *ec)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
- if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q,
- MBEDTLS_ECP_PF_UNCOMPRESSED,
- &len, buf, sizeof( buf ) ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q,
+ MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &len, buf, sizeof(buf))) != 0) {
+ return ret;
}
- if( *p < start || (size_t)( *p - start ) < len )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (*p < start || (size_t) (*p - start) < len) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
*p -= len;
- memcpy( *p, buf, len );
+ memcpy(*p, buf, len);
- return( (int) len );
+ return (int) len;
}
/*
@@ -130,93 +133,91 @@
* namedCurve OBJECT IDENTIFIER
* }
*/
-static int pk_write_ec_param( unsigned char **p, unsigned char *start,
- mbedtls_ecp_keypair *ec )
+static int pk_write_ec_param(unsigned char **p, unsigned char *start,
+ mbedtls_ecp_keypair *ec)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
const char *oid;
size_t oid_len;
- if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_oid_get_oid_by_ec_grp(ec->grp.id, &oid, &oid_len)) != 0) {
+ return ret;
+ }
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
- return( (int) len );
+ return (int) len;
}
/*
* privateKey OCTET STRING -- always of length ceil(log2(n)/8)
*/
-static int pk_write_ec_private( unsigned char **p, unsigned char *start,
- mbedtls_ecp_keypair *ec )
+static int pk_write_ec_private(unsigned char **p, unsigned char *start,
+ mbedtls_ecp_keypair *ec)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t byte_length = ( ec->grp.pbits + 7 ) / 8;
+ size_t byte_length = (ec->grp.pbits + 7) / 8;
unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
- ret = mbedtls_ecp_write_key( ec, tmp, byte_length );
- if( ret != 0 )
+ ret = mbedtls_ecp_write_key(ec, tmp, byte_length);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_asn1_write_octet_string( p, start, tmp, byte_length );
+ }
+ ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length);
exit:
- mbedtls_platform_zeroize( tmp, byte_length );
- return( ret );
+ mbedtls_platform_zeroize(tmp, byte_length);
+ return ret;
}
#endif /* MBEDTLS_ECP_C */
-int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
- const mbedtls_pk_context *key )
+int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
+ const mbedtls_pk_context *key)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- PK_VALIDATE_RET( p != NULL );
- PK_VALIDATE_RET( *p != NULL );
- PK_VALIDATE_RET( start != NULL );
- PK_VALIDATE_RET( key != NULL );
+ PK_VALIDATE_RET(p != NULL);
+ PK_VALIDATE_RET(*p != NULL);
+ PK_VALIDATE_RET(start != NULL);
+ PK_VALIDATE_RET(key != NULL);
#if defined(MBEDTLS_RSA_C)
- if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
- MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) );
- else
+ if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
+ MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, mbedtls_pk_rsa(*key)));
+ } else
#endif
#if defined(MBEDTLS_ECP_C)
- if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
- MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, mbedtls_pk_ec( *key ) ) );
- else
+ if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
+ MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, mbedtls_pk_ec(*key)));
+ } else
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE )
- {
+ if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) {
size_t buffer_size;
- psa_key_id_t* key_id = (psa_key_id_t*) key->pk_ctx;
+ psa_key_id_t *key_id = (psa_key_id_t *) key->pk_ctx;
- if ( *p < start )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
- buffer_size = (size_t)( *p - start );
- if ( psa_export_public_key( *key_id, start, buffer_size, &len )
- != PSA_SUCCESS )
- {
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if (*p < start) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
- else
- {
+
+ buffer_size = (size_t) (*p - start);
+ if (psa_export_public_key(*key_id, start, buffer_size, &len)
+ != PSA_SUCCESS) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ } else {
*p -= len;
- memmove( *p, start, len );
+ memmove(*p, start, len);
}
- }
- else
+ } else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
- return( (int) len );
+ return (int) len;
}
-int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
+int mbedtls_pk_write_pubkey_der(mbedtls_pk_context *key, unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *c;
@@ -224,17 +225,19 @@
mbedtls_pk_type_t pk_type;
const char *oid;
- PK_VALIDATE_RET( key != NULL );
- if( size == 0 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
- PK_VALIDATE_RET( buf != NULL );
+ PK_VALIDATE_RET(key != NULL);
+ if (size == 0) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+ PK_VALIDATE_RET(buf != NULL);
c = buf + size;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_pk_write_pubkey(&c, buf, key));
- if( c - buf < 1 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (c - buf < 1) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
/*
* SubjectPublicKeyInfo ::= SEQUENCE {
@@ -244,162 +247,169 @@
*--c = 0;
len += 1;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING));
- pk_type = mbedtls_pk_get_type( key );
+ pk_type = mbedtls_pk_get_type(key);
#if defined(MBEDTLS_ECP_C)
- if( pk_type == MBEDTLS_PK_ECKEY )
- {
- MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, mbedtls_pk_ec( *key ) ) );
+ if (pk_type == MBEDTLS_PK_ECKEY) {
+ MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, mbedtls_pk_ec(*key)));
}
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( pk_type == MBEDTLS_PK_OPAQUE )
- {
+ if (pk_type == MBEDTLS_PK_OPAQUE) {
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type;
psa_key_id_t key_id;
psa_ecc_family_t curve;
size_t bits;
- key_id = *((psa_key_id_t*) key->pk_ctx );
- if( PSA_SUCCESS != psa_get_key_attributes( key_id, &attributes ) )
- return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
- key_type = psa_get_key_type( &attributes );
- bits = psa_get_key_bits( &attributes );
- psa_reset_key_attributes( &attributes );
+ key_id = *((psa_key_id_t *) key->pk_ctx);
+ if (PSA_SUCCESS != psa_get_key_attributes(key_id, &attributes)) {
+ return MBEDTLS_ERR_PK_HW_ACCEL_FAILED;
+ }
+ key_type = psa_get_key_type(&attributes);
+ bits = psa_get_key_bits(&attributes);
+ psa_reset_key_attributes(&attributes);
- curve = PSA_KEY_TYPE_ECC_GET_FAMILY( key_type );
- if( curve == 0 )
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+ curve = PSA_KEY_TYPE_ECC_GET_FAMILY(key_type);
+ if (curve == 0) {
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ }
- ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits, &oid, &oid_len );
- if( ret != 0 )
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+ ret = mbedtls_psa_get_ecc_oid_from_id(curve, bits, &oid, &oid_len);
+ if (ret != 0) {
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ }
/* Write EC algorithm parameters; that's akin
* to pk_write_ec_param() above. */
- MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf,
- oid, oid_len ) );
+ MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_oid(&c, buf,
+ oid, oid_len));
/* The rest of the function works as for legacy EC contexts. */
pk_type = MBEDTLS_PK_ECKEY;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( ( ret = mbedtls_oid_get_oid_by_pk_alg( pk_type, &oid,
- &oid_len ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid,
+ &oid_len)) != 0) {
+ return ret;
}
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len,
- par_len ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier(&c, buf, oid, oid_len,
+ par_len));
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
- return( (int) len );
+ return (int) len;
}
-int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
+int mbedtls_pk_write_key_der(mbedtls_pk_context *key, unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *c;
size_t len = 0;
- PK_VALIDATE_RET( key != NULL );
- if( size == 0 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
- PK_VALIDATE_RET( buf != NULL );
+ PK_VALIDATE_RET(key != NULL);
+ if (size == 0) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+ PK_VALIDATE_RET(buf != NULL);
c = buf + size;
#if defined(MBEDTLS_RSA_C)
- if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
- {
+ if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
mbedtls_mpi T; /* Temporary holding the exported parameters */
- mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *key );
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*key);
/*
* Export the parameters one after another to avoid simultaneous copies.
*/
- mbedtls_mpi_init( &T );
+ mbedtls_mpi_init(&T);
/* Export QP */
- if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, NULL, &T ) ) != 0 ||
- ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
+ if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 ||
+ (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
goto end_of_export;
+ }
len += ret;
/* Export DQ */
- if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, &T, NULL ) ) != 0 ||
- ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
+ if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 ||
+ (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
goto end_of_export;
+ }
len += ret;
/* Export DP */
- if( ( ret = mbedtls_rsa_export_crt( rsa, &T, NULL, NULL ) ) != 0 ||
- ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
+ if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 ||
+ (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
goto end_of_export;
+ }
len += ret;
/* Export Q */
- if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
- &T, NULL, NULL ) ) != 0 ||
- ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
+ if ((ret = mbedtls_rsa_export(rsa, NULL, NULL,
+ &T, NULL, NULL)) != 0 ||
+ (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
goto end_of_export;
+ }
len += ret;
/* Export P */
- if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T,
- NULL, NULL, NULL ) ) != 0 ||
- ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
+ if ((ret = mbedtls_rsa_export(rsa, NULL, &T,
+ NULL, NULL, NULL)) != 0 ||
+ (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
goto end_of_export;
+ }
len += ret;
/* Export D */
- if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
- NULL, &T, NULL ) ) != 0 ||
- ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
+ if ((ret = mbedtls_rsa_export(rsa, NULL, NULL,
+ NULL, &T, NULL)) != 0 ||
+ (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
goto end_of_export;
+ }
len += ret;
/* Export E */
- if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
- NULL, NULL, &T ) ) != 0 ||
- ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
+ if ((ret = mbedtls_rsa_export(rsa, NULL, NULL,
+ NULL, NULL, &T)) != 0 ||
+ (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
goto end_of_export;
+ }
len += ret;
/* Export N */
- if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL,
- NULL, NULL, NULL ) ) != 0 ||
- ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
+ if ((ret = mbedtls_rsa_export(rsa, &T, NULL,
+ NULL, NULL, NULL)) != 0 ||
+ (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
goto end_of_export;
+ }
len += ret;
- end_of_export:
+end_of_export:
- mbedtls_mpi_free( &T );
- if( ret < 0 )
- return( ret );
+ mbedtls_mpi_free(&T);
+ if (ret < 0) {
+ return ret;
+ }
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c,
- buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
- }
- else
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 0));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c,
+ buf, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
+ } else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
- if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
- {
- mbedtls_ecp_keypair *ec = mbedtls_pk_ec( *key );
+ if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
+ mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*key);
size_t pub_len = 0, par_len = 0;
/*
@@ -414,44 +424,46 @@
*/
/* publicKey */
- MBEDTLS_ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, ec ) );
+ MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(&c, buf, ec));
- if( c - buf < 1 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (c - buf < 1) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
*--c = 0;
pub_len += 1;
- MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );
- MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
+ MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(&c, buf, pub_len));
+ MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING));
- MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );
- MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) );
+ MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(&c, buf, pub_len));
+ MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(&c, buf,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED | 1));
len += pub_len;
/* parameters */
- MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, ec ) );
+ MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec));
- MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_len( &c, buf, par_len ) );
- MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_tag( &c, buf,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
+ MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(&c, buf, par_len));
+ MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(&c, buf,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED | 0));
len += par_len;
/* privateKey */
- MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_private( &c, buf, ec ) );
+ MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(&c, buf, ec));
/* version */
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 1 ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 1));
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
- }
- else
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
+ } else
#endif /* MBEDTLS_ECP_C */
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
- return( (int) len );
+ return (int) len;
}
#if defined(MBEDTLS_PEM_WRITE_C)
@@ -481,7 +493,7 @@
* publicExponent INTEGER -- e 1 + 3 + MPI_MAX + 1
* }
*/
-#define RSA_PUB_DER_MAX_BYTES ( 38 + 2 * MBEDTLS_MPI_MAX_SIZE )
+#define RSA_PUB_DER_MAX_BYTES (38 + 2 * MBEDTLS_MPI_MAX_SIZE)
/*
* RSA private keys:
@@ -498,10 +510,10 @@
* otherPrimeInfos OtherPrimeInfos OPTIONAL 0 (not supported)
* }
*/
-#define MPI_MAX_SIZE_2 ( MBEDTLS_MPI_MAX_SIZE / 2 + \
- MBEDTLS_MPI_MAX_SIZE % 2 )
-#define RSA_PRV_DER_MAX_BYTES ( 47 + 3 * MBEDTLS_MPI_MAX_SIZE \
- + 5 * MPI_MAX_SIZE_2 )
+#define MPI_MAX_SIZE_2 (MBEDTLS_MPI_MAX_SIZE / 2 + \
+ MBEDTLS_MPI_MAX_SIZE % 2)
+#define RSA_PRV_DER_MAX_BYTES (47 + 3 * MBEDTLS_MPI_MAX_SIZE \
+ + 5 * MPI_MAX_SIZE_2)
#else /* MBEDTLS_RSA_C */
@@ -522,7 +534,7 @@
* + 2 * ECP_MAX (coords) [1]
* }
*/
-#define ECP_PUB_DER_MAX_BYTES ( 30 + 2 * MBEDTLS_ECP_MAX_BYTES )
+#define ECP_PUB_DER_MAX_BYTES (30 + 2 * MBEDTLS_ECP_MAX_BYTES)
/*
* EC private keys:
@@ -533,7 +545,7 @@
* publicKey [1] BIT STRING OPTIONAL 1 + 2 + [1] above
* }
*/
-#define ECP_PRV_DER_MAX_BYTES ( 29 + 3 * MBEDTLS_ECP_MAX_BYTES )
+#define ECP_PRV_DER_MAX_BYTES (29 + 3 * MBEDTLS_ECP_MAX_BYTES)
#else /* MBEDTLS_ECP_C */
@@ -542,75 +554,69 @@
#endif /* MBEDTLS_ECP_C */
-#define PUB_DER_MAX_BYTES ( RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \
- RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES )
-#define PRV_DER_MAX_BYTES ( RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \
- RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES )
+#define PUB_DER_MAX_BYTES (RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \
+ RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES)
+#define PRV_DER_MAX_BYTES (RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \
+ RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES)
-int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
+int mbedtls_pk_write_pubkey_pem(mbedtls_pk_context *key, unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char output_buf[PUB_DER_MAX_BYTES];
size_t olen = 0;
- PK_VALIDATE_RET( key != NULL );
- PK_VALIDATE_RET( buf != NULL || size == 0 );
+ PK_VALIDATE_RET(key != NULL);
+ PK_VALIDATE_RET(buf != NULL || size == 0);
- if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf,
- sizeof(output_buf) ) ) < 0 )
- {
- return( ret );
+ if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf,
+ sizeof(output_buf))) < 0) {
+ return ret;
}
- if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
- output_buf + sizeof(output_buf) - ret,
- ret, buf, size, &olen ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
+ output_buf + sizeof(output_buf) - ret,
+ ret, buf, size, &olen)) != 0) {
+ return ret;
}
- return( 0 );
+ return 0;
}
-int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
+int mbedtls_pk_write_key_pem(mbedtls_pk_context *key, unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char output_buf[PRV_DER_MAX_BYTES];
const char *begin, *end;
size_t olen = 0;
- PK_VALIDATE_RET( key != NULL );
- PK_VALIDATE_RET( buf != NULL || size == 0 );
+ PK_VALIDATE_RET(key != NULL);
+ PK_VALIDATE_RET(buf != NULL || size == 0);
- if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 )
- return( ret );
+ if ((ret = mbedtls_pk_write_key_der(key, output_buf, sizeof(output_buf))) < 0) {
+ return ret;
+ }
#if defined(MBEDTLS_RSA_C)
- if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
- {
+ if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
begin = PEM_BEGIN_PRIVATE_KEY_RSA;
end = PEM_END_PRIVATE_KEY_RSA;
- }
- else
+ } else
#endif
#if defined(MBEDTLS_ECP_C)
- if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
- {
+ if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
begin = PEM_BEGIN_PRIVATE_KEY_EC;
end = PEM_END_PRIVATE_KEY_EC;
- }
- else
+ } else
#endif
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
- if( ( ret = mbedtls_pem_write_buffer( begin, end,
- output_buf + sizeof(output_buf) - ret,
- ret, buf, size, &olen ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_pem_write_buffer(begin, end,
+ output_buf + sizeof(output_buf) - ret,
+ ret, buf, size, &olen)) != 0) {
+ return ret;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PEM_WRITE_C */
diff --git a/library/platform.c b/library/platform.c
index e742fde..c8b0328 100644
--- a/library/platform.c
+++ b/library/platform.c
@@ -30,22 +30,22 @@
* configuration via mbedtls_platform_set_calloc_free(). So, omit everything
* related to the latter if MBEDTLS_PLATFORM_{FREE/CALLOC}_MACRO are defined. */
#if defined(MBEDTLS_PLATFORM_MEMORY) && \
- !( defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && \
- defined(MBEDTLS_PLATFORM_FREE_MACRO) )
+ !(defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && \
+ defined(MBEDTLS_PLATFORM_FREE_MACRO))
#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
-static void *platform_calloc_uninit( size_t n, size_t size )
+static void *platform_calloc_uninit(size_t n, size_t size)
{
((void) n);
((void) size);
- return( NULL );
+ return NULL;
}
#define MBEDTLS_PLATFORM_STD_CALLOC platform_calloc_uninit
#endif /* !MBEDTLS_PLATFORM_STD_CALLOC */
#if !defined(MBEDTLS_PLATFORM_STD_FREE)
-static void platform_free_uninit( void *ptr )
+static void platform_free_uninit(void *ptr)
{
((void) ptr);
}
@@ -53,25 +53,25 @@
#define MBEDTLS_PLATFORM_STD_FREE platform_free_uninit
#endif /* !MBEDTLS_PLATFORM_STD_FREE */
-static void * (*mbedtls_calloc_func)( size_t, size_t ) = MBEDTLS_PLATFORM_STD_CALLOC;
-static void (*mbedtls_free_func)( void * ) = MBEDTLS_PLATFORM_STD_FREE;
+static void * (*mbedtls_calloc_func)(size_t, size_t) = MBEDTLS_PLATFORM_STD_CALLOC;
+static void (*mbedtls_free_func)(void *) = MBEDTLS_PLATFORM_STD_FREE;
-void * mbedtls_calloc( size_t nmemb, size_t size )
+void *mbedtls_calloc(size_t nmemb, size_t size)
{
- return (*mbedtls_calloc_func)( nmemb, size );
+ return (*mbedtls_calloc_func)(nmemb, size);
}
-void mbedtls_free( void * ptr )
+void mbedtls_free(void *ptr)
{
- (*mbedtls_free_func)( ptr );
+ (*mbedtls_free_func)(ptr);
}
-int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
- void (*free_func)( void * ) )
+int mbedtls_platform_set_calloc_free(void *(*calloc_func)(size_t, size_t),
+ void (*free_func)(void *))
{
mbedtls_calloc_func = calloc_func;
mbedtls_free_func = free_func;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PLATFORM_MEMORY &&
!( defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&
@@ -79,16 +79,16 @@
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
#include <stdarg.h>
-int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... )
+int mbedtls_platform_win32_snprintf(char *s, size_t n, const char *fmt, ...)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
va_list argp;
- va_start( argp, fmt );
- ret = mbedtls_vsnprintf( s, n, fmt, argp );
- va_end( argp );
+ va_start(argp, fmt);
+ ret = mbedtls_vsnprintf(s, n, fmt, argp);
+ va_end(argp);
- return( ret );
+ return ret;
}
#endif
@@ -97,53 +97,53 @@
/*
* Make dummy function to prevent NULL pointer dereferences
*/
-static int platform_snprintf_uninit( char * s, size_t n,
- const char * format, ... )
+static int platform_snprintf_uninit(char *s, size_t n,
+ const char *format, ...)
{
((void) s);
((void) n);
((void) format);
- return( 0 );
+ return 0;
}
#define MBEDTLS_PLATFORM_STD_SNPRINTF platform_snprintf_uninit
#endif /* !MBEDTLS_PLATFORM_STD_SNPRINTF */
-int (*mbedtls_snprintf)( char * s, size_t n,
- const char * format,
- ... ) = MBEDTLS_PLATFORM_STD_SNPRINTF;
+int (*mbedtls_snprintf)(char *s, size_t n,
+ const char *format,
+ ...) = MBEDTLS_PLATFORM_STD_SNPRINTF;
-int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
- const char * format,
- ... ) )
+int mbedtls_platform_set_snprintf(int (*snprintf_func)(char *s, size_t n,
+ const char *format,
+ ...))
{
mbedtls_snprintf = snprintf_func;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
#include <stdarg.h>
-int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg )
+int mbedtls_platform_win32_vsnprintf(char *s, size_t n, const char *fmt, va_list arg)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Avoid calling the invalid parameter handler by checking ourselves */
- if( s == NULL || n == 0 || fmt == NULL )
- return( -1 );
+ if (s == NULL || n == 0 || fmt == NULL) {
+ return -1;
+ }
#if defined(_TRUNCATE)
- ret = vsnprintf_s( s, n, _TRUNCATE, fmt, arg );
+ ret = vsnprintf_s(s, n, _TRUNCATE, fmt, arg);
#else
- ret = vsnprintf( s, n, fmt, arg );
- if( ret < 0 || (size_t) ret == n )
- {
+ ret = vsnprintf(s, n, fmt, arg);
+ if (ret < 0 || (size_t) ret == n) {
s[n-1] = '\0';
ret = -1;
}
#endif
- return( ret );
+ return ret;
}
#endif
@@ -152,29 +152,29 @@
/*
* Make dummy function to prevent NULL pointer dereferences
*/
-static int platform_vsnprintf_uninit( char * s, size_t n,
- const char * format, va_list arg )
+static int platform_vsnprintf_uninit(char *s, size_t n,
+ const char *format, va_list arg)
{
((void) s);
((void) n);
((void) format);
((void) arg);
- return( -1 );
+ return -1;
}
#define MBEDTLS_PLATFORM_STD_VSNPRINTF platform_vsnprintf_uninit
#endif /* !MBEDTLS_PLATFORM_STD_VSNPRINTF */
-int (*mbedtls_vsnprintf)( char * s, size_t n,
- const char * format,
- va_list arg ) = MBEDTLS_PLATFORM_STD_VSNPRINTF;
+int (*mbedtls_vsnprintf)(char *s, size_t n,
+ const char *format,
+ va_list arg) = MBEDTLS_PLATFORM_STD_VSNPRINTF;
-int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
- const char * format,
- va_list arg ) )
+int mbedtls_platform_set_vsnprintf(int (*vsnprintf_func)(char *s, size_t n,
+ const char *format,
+ va_list arg))
{
mbedtls_vsnprintf = vsnprintf_func;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
@@ -183,21 +183,21 @@
/*
* Make dummy function to prevent NULL pointer dereferences
*/
-static int platform_printf_uninit( const char *format, ... )
+static int platform_printf_uninit(const char *format, ...)
{
((void) format);
- return( 0 );
+ return 0;
}
#define MBEDTLS_PLATFORM_STD_PRINTF platform_printf_uninit
#endif /* !MBEDTLS_PLATFORM_STD_PRINTF */
-int (*mbedtls_printf)( const char *, ... ) = MBEDTLS_PLATFORM_STD_PRINTF;
+int (*mbedtls_printf)(const char *, ...) = MBEDTLS_PLATFORM_STD_PRINTF;
-int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) )
+int mbedtls_platform_set_printf(int (*printf_func)(const char *, ...))
{
mbedtls_printf = printf_func;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
@@ -206,23 +206,23 @@
/*
* Make dummy function to prevent NULL pointer dereferences
*/
-static int platform_fprintf_uninit( FILE *stream, const char *format, ... )
+static int platform_fprintf_uninit(FILE *stream, const char *format, ...)
{
((void) stream);
((void) format);
- return( 0 );
+ return 0;
}
#define MBEDTLS_PLATFORM_STD_FPRINTF platform_fprintf_uninit
#endif /* !MBEDTLS_PLATFORM_STD_FPRINTF */
-int (*mbedtls_fprintf)( FILE *, const char *, ... ) =
- MBEDTLS_PLATFORM_STD_FPRINTF;
+int (*mbedtls_fprintf)(FILE *, const char *, ...) =
+ MBEDTLS_PLATFORM_STD_FPRINTF;
-int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *, const char *, ... ) )
+int mbedtls_platform_set_fprintf(int (*fprintf_func)(FILE *, const char *, ...))
{
mbedtls_fprintf = fprintf_func;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
@@ -231,7 +231,7 @@
/*
* Make dummy function to prevent NULL pointer dereferences
*/
-static void platform_exit_uninit( int status )
+static void platform_exit_uninit(int status)
{
((void) status);
}
@@ -239,12 +239,12 @@
#define MBEDTLS_PLATFORM_STD_EXIT platform_exit_uninit
#endif /* !MBEDTLS_PLATFORM_STD_EXIT */
-void (*mbedtls_exit)( int status ) = MBEDTLS_PLATFORM_STD_EXIT;
+void (*mbedtls_exit)(int status) = MBEDTLS_PLATFORM_STD_EXIT;
-int mbedtls_platform_set_exit( void (*exit_func)( int status ) )
+int mbedtls_platform_set_exit(void (*exit_func)(int status))
{
mbedtls_exit = exit_func;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
@@ -255,21 +255,21 @@
/*
* Make dummy function to prevent NULL pointer dereferences
*/
-static mbedtls_time_t platform_time_uninit( mbedtls_time_t* timer )
+static mbedtls_time_t platform_time_uninit(mbedtls_time_t *timer)
{
((void) timer);
- return( 0 );
+ return 0;
}
#define MBEDTLS_PLATFORM_STD_TIME platform_time_uninit
#endif /* !MBEDTLS_PLATFORM_STD_TIME */
-mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* timer ) = MBEDTLS_PLATFORM_STD_TIME;
+mbedtls_time_t (*mbedtls_time)(mbedtls_time_t *timer) = MBEDTLS_PLATFORM_STD_TIME;
-int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* timer ) )
+int mbedtls_platform_set_time(mbedtls_time_t (*time_func)(mbedtls_time_t *timer))
{
mbedtls_time = time_func;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PLATFORM_TIME_ALT */
@@ -280,41 +280,41 @@
/* Default implementations for the platform independent seed functions use
* standard libc file functions to read from and write to a pre-defined filename
*/
-int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len )
+int mbedtls_platform_std_nv_seed_read(unsigned char *buf, size_t buf_len)
{
FILE *file;
size_t n;
- if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL )
- return( -1 );
-
- if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len )
- {
- fclose( file );
- mbedtls_platform_zeroize( buf, buf_len );
- return( -1 );
+ if ((file = fopen(MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb")) == NULL) {
+ return -1;
}
- fclose( file );
- return( (int)n );
+ if ((n = fread(buf, 1, buf_len, file)) != buf_len) {
+ fclose(file);
+ mbedtls_platform_zeroize(buf, buf_len);
+ return -1;
+ }
+
+ fclose(file);
+ return (int) n;
}
-int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len )
+int mbedtls_platform_std_nv_seed_write(unsigned char *buf, size_t buf_len)
{
FILE *file;
size_t n;
- if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL )
- return -1;
-
- if( ( n = fwrite( buf, 1, buf_len, file ) ) != buf_len )
- {
- fclose( file );
+ if ((file = fopen(MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w")) == NULL) {
return -1;
}
- fclose( file );
- return( (int)n );
+ if ((n = fwrite(buf, 1, buf_len, file)) != buf_len) {
+ fclose(file);
+ return -1;
+ }
+
+ fclose(file);
+ return (int) n;
}
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
@@ -323,11 +323,11 @@
/*
* Make dummy function to prevent NULL pointer dereferences
*/
-static int platform_nv_seed_read_uninit( unsigned char *buf, size_t buf_len )
+static int platform_nv_seed_read_uninit(unsigned char *buf, size_t buf_len)
{
((void) buf);
((void) buf_len);
- return( -1 );
+ return -1;
}
#define MBEDTLS_PLATFORM_STD_NV_SEED_READ platform_nv_seed_read_uninit
@@ -337,28 +337,28 @@
/*
* Make dummy function to prevent NULL pointer dereferences
*/
-static int platform_nv_seed_write_uninit( unsigned char *buf, size_t buf_len )
+static int platform_nv_seed_write_uninit(unsigned char *buf, size_t buf_len)
{
((void) buf);
((void) buf_len);
- return( -1 );
+ return -1;
}
#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE platform_nv_seed_write_uninit
#endif /* !MBEDTLS_PLATFORM_STD_NV_SEED_WRITE */
-int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) =
- MBEDTLS_PLATFORM_STD_NV_SEED_READ;
-int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ) =
- MBEDTLS_PLATFORM_STD_NV_SEED_WRITE;
+int (*mbedtls_nv_seed_read)(unsigned char *buf, size_t buf_len) =
+ MBEDTLS_PLATFORM_STD_NV_SEED_READ;
+int (*mbedtls_nv_seed_write)(unsigned char *buf, size_t buf_len) =
+ MBEDTLS_PLATFORM_STD_NV_SEED_WRITE;
int mbedtls_platform_set_nv_seed(
- int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
- int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len ) )
+ int (*nv_seed_read_func)(unsigned char *buf, size_t buf_len),
+ int (*nv_seed_write_func)(unsigned char *buf, size_t buf_len))
{
mbedtls_nv_seed_read = nv_seed_read_func;
mbedtls_nv_seed_write = nv_seed_write_func;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
#endif /* MBEDTLS_ENTROPY_NV_SEED */
@@ -367,19 +367,19 @@
/*
* Placeholder platform setup that does nothing by default
*/
-int mbedtls_platform_setup( mbedtls_platform_context *ctx )
+int mbedtls_platform_setup(mbedtls_platform_context *ctx)
{
- (void)ctx;
+ (void) ctx;
- return( 0 );
+ return 0;
}
/*
* Placeholder platform teardown that does nothing by default
*/
-void mbedtls_platform_teardown( mbedtls_platform_context *ctx )
+void mbedtls_platform_teardown(mbedtls_platform_context *ctx)
{
- (void)ctx;
+ (void) ctx;
}
#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
diff --git a/library/platform_util.c b/library/platform_util.c
index 98fe5de..3783f0e 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -62,14 +62,15 @@
* mbedtls_platform_zeroize() to use a suitable implementation for their
* platform and needs.
*/
-static void * (* const volatile memset_func)( void *, int, size_t ) = memset;
+static void *(*const volatile memset_func)(void *, int, size_t) = memset;
-void mbedtls_platform_zeroize( void *buf, size_t len )
+void mbedtls_platform_zeroize(void *buf, size_t len)
{
- MBEDTLS_INTERNAL_VALIDATE( len == 0 || buf != NULL );
+ MBEDTLS_INTERNAL_VALIDATE(len == 0 || buf != NULL);
- if( len > 0 )
- memset_func( buf, 0, len );
+ if (len > 0) {
+ memset_func(buf, 0, len);
+ }
}
#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
@@ -82,9 +83,9 @@
#endif /* !_WIN32 && (unix || __unix || __unix__ ||
* (__APPLE__ && __MACH__)) */
-#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \
- ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \
- _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) )
+#if !((defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L) || \
+ (defined(_POSIX_THREAD_SAFE_FUNCTIONS) && \
+ _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L))
/*
* This is a convenience shorthand macro to avoid checking the long
* preprocessor conditions above. Ideally, we could expose this macro in
@@ -92,42 +93,43 @@
* threading.h. However, this macro is not part of the Mbed TLS public API, so
* we keep it private by only defining it in this file
*/
-#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) )
+#if !(defined(_WIN32) && !defined(EFIX64) && !defined(EFI32))
#define PLATFORM_UTIL_USE_GMTIME
#endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */
-#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \
- ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \
+#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \
+ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \
_POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) */
-struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
- struct tm *tm_buf )
+struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *tt,
+ struct tm *tm_buf)
{
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
- return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL );
+ return (gmtime_s(tm_buf, tt) == 0) ? tm_buf : NULL;
#elif !defined(PLATFORM_UTIL_USE_GMTIME)
- return( gmtime_r( tt, tm_buf ) );
+ return gmtime_r(tt, tm_buf);
#else
struct tm *lt;
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 )
- return( NULL );
+ if (mbedtls_mutex_lock(&mbedtls_threading_gmtime_mutex) != 0) {
+ return NULL;
+ }
#endif /* MBEDTLS_THREADING_C */
- lt = gmtime( tt );
+ lt = gmtime(tt);
- if( lt != NULL )
- {
- memcpy( tm_buf, lt, sizeof( struct tm ) );
+ if (lt != NULL) {
+ memcpy(tm_buf, lt, sizeof(struct tm));
}
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 )
- return( NULL );
+ if (mbedtls_mutex_unlock(&mbedtls_threading_gmtime_mutex) != 0) {
+ return NULL;
+ }
#endif /* MBEDTLS_THREADING_C */
- return( ( lt == NULL ) ? NULL : tm_buf );
+ return (lt == NULL) ? NULL : tm_buf;
#endif /* _WIN32 && !EFIX64 && !EFI32 */
}
#endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */
diff --git a/library/poly1305.c b/library/poly1305.c
index a1c5b19..510a45a 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -33,19 +33,19 @@
#if !defined(MBEDTLS_POLY1305_ALT)
/* Parameter validation macros */
-#define POLY1305_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )
-#define POLY1305_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define POLY1305_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA)
+#define POLY1305_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
-#define POLY1305_BLOCK_SIZE_BYTES ( 16U )
+#define POLY1305_BLOCK_SIZE_BYTES (16U)
/*
* Our implementation is tuned for 32-bit platforms with a 64-bit multiplier.
* However we provided an alternative for platforms without such a multiplier.
*/
#if defined(MBEDTLS_NO_64BIT_MULTIPLICATION)
-static uint64_t mul64( uint32_t a, uint32_t b )
+static uint64_t mul64(uint32_t a, uint32_t b)
{
/* a = al + 2**16 ah, b = bl + 2**16 bh */
const uint16_t al = (uint16_t) a;
@@ -55,15 +55,15 @@
/* ab = al*bl + 2**16 (ah*bl + bl*bh) + 2**32 ah*bh */
const uint32_t lo = (uint32_t) al * bl;
- const uint64_t me = (uint64_t)( (uint32_t) ah * bl ) + (uint32_t) al * bh;
+ const uint64_t me = (uint64_t) ((uint32_t) ah * bl) + (uint32_t) al * bh;
const uint32_t hi = (uint32_t) ah * bh;
- return( lo + ( me << 16 ) + ( (uint64_t) hi << 32 ) );
+ return lo + (me << 16) + ((uint64_t) hi << 32);
}
#else
-static inline uint64_t mul64( uint32_t a, uint32_t b )
+static inline uint64_t mul64(uint32_t a, uint32_t b)
{
- return( (uint64_t) a * b );
+ return (uint64_t) a * b;
}
#endif
@@ -79,10 +79,10 @@
* applied to the input data before calling this
* function. Otherwise, set this parameter to 1.
*/
-static void poly1305_process( mbedtls_poly1305_context *ctx,
- size_t nblocks,
- const unsigned char *input,
- uint32_t needs_padding )
+static void poly1305_process(mbedtls_poly1305_context *ctx,
+ size_t nblocks,
+ const unsigned char *input,
+ uint32_t needs_padding)
{
uint64_t d0, d1, d2, d3;
uint32_t acc0, acc1, acc2, acc3, acc4;
@@ -96,9 +96,9 @@
r2 = ctx->r[2];
r3 = ctx->r[3];
- rs1 = r1 + ( r1 >> 2U );
- rs2 = r2 + ( r2 >> 2U );
- rs3 = r3 + ( r3 >> 2U );
+ rs1 = r1 + (r1 >> 2U);
+ rs2 = r2 + (r2 >> 2U);
+ rs3 = r3 + (r3 >> 2U);
acc0 = ctx->acc[0];
acc1 = ctx->acc[1];
@@ -107,67 +107,66 @@
acc4 = ctx->acc[4];
/* Process full blocks */
- for( i = 0U; i < nblocks; i++ )
- {
+ for (i = 0U; i < nblocks; i++) {
/* The input block is treated as a 128-bit little-endian integer */
- d0 = MBEDTLS_GET_UINT32_LE( input, offset + 0 );
- d1 = MBEDTLS_GET_UINT32_LE( input, offset + 4 );
- d2 = MBEDTLS_GET_UINT32_LE( input, offset + 8 );
- d3 = MBEDTLS_GET_UINT32_LE( input, offset + 12 );
+ d0 = MBEDTLS_GET_UINT32_LE(input, offset + 0);
+ d1 = MBEDTLS_GET_UINT32_LE(input, offset + 4);
+ d2 = MBEDTLS_GET_UINT32_LE(input, offset + 8);
+ d3 = MBEDTLS_GET_UINT32_LE(input, offset + 12);
/* Compute: acc += (padded) block as a 130-bit integer */
d0 += (uint64_t) acc0;
- d1 += (uint64_t) acc1 + ( d0 >> 32U );
- d2 += (uint64_t) acc2 + ( d1 >> 32U );
- d3 += (uint64_t) acc3 + ( d2 >> 32U );
+ d1 += (uint64_t) acc1 + (d0 >> 32U);
+ d2 += (uint64_t) acc2 + (d1 >> 32U);
+ d3 += (uint64_t) acc3 + (d2 >> 32U);
acc0 = (uint32_t) d0;
acc1 = (uint32_t) d1;
acc2 = (uint32_t) d2;
acc3 = (uint32_t) d3;
- acc4 += (uint32_t) ( d3 >> 32U ) + needs_padding;
+ acc4 += (uint32_t) (d3 >> 32U) + needs_padding;
/* Compute: acc *= r */
- d0 = mul64( acc0, r0 ) +
- mul64( acc1, rs3 ) +
- mul64( acc2, rs2 ) +
- mul64( acc3, rs1 );
- d1 = mul64( acc0, r1 ) +
- mul64( acc1, r0 ) +
- mul64( acc2, rs3 ) +
- mul64( acc3, rs2 ) +
- mul64( acc4, rs1 );
- d2 = mul64( acc0, r2 ) +
- mul64( acc1, r1 ) +
- mul64( acc2, r0 ) +
- mul64( acc3, rs3 ) +
- mul64( acc4, rs2 );
- d3 = mul64( acc0, r3 ) +
- mul64( acc1, r2 ) +
- mul64( acc2, r1 ) +
- mul64( acc3, r0 ) +
- mul64( acc4, rs3 );
+ d0 = mul64(acc0, r0) +
+ mul64(acc1, rs3) +
+ mul64(acc2, rs2) +
+ mul64(acc3, rs1);
+ d1 = mul64(acc0, r1) +
+ mul64(acc1, r0) +
+ mul64(acc2, rs3) +
+ mul64(acc3, rs2) +
+ mul64(acc4, rs1);
+ d2 = mul64(acc0, r2) +
+ mul64(acc1, r1) +
+ mul64(acc2, r0) +
+ mul64(acc3, rs3) +
+ mul64(acc4, rs2);
+ d3 = mul64(acc0, r3) +
+ mul64(acc1, r2) +
+ mul64(acc2, r1) +
+ mul64(acc3, r0) +
+ mul64(acc4, rs3);
acc4 *= r0;
/* Compute: acc %= (2^130 - 5) (partial remainder) */
- d1 += ( d0 >> 32 );
- d2 += ( d1 >> 32 );
- d3 += ( d2 >> 32 );
+ d1 += (d0 >> 32);
+ d2 += (d1 >> 32);
+ d3 += (d2 >> 32);
acc0 = (uint32_t) d0;
acc1 = (uint32_t) d1;
acc2 = (uint32_t) d2;
acc3 = (uint32_t) d3;
- acc4 = (uint32_t) ( d3 >> 32 ) + acc4;
+ acc4 = (uint32_t) (d3 >> 32) + acc4;
- d0 = (uint64_t) acc0 + ( acc4 >> 2 ) + ( acc4 & 0xFFFFFFFCU );
+ d0 = (uint64_t) acc0 + (acc4 >> 2) + (acc4 & 0xFFFFFFFCU);
acc4 &= 3U;
acc0 = (uint32_t) d0;
- d0 = (uint64_t) acc1 + ( d0 >> 32U );
+ d0 = (uint64_t) acc1 + (d0 >> 32U);
acc1 = (uint32_t) d0;
- d0 = (uint64_t) acc2 + ( d0 >> 32U );
+ d0 = (uint64_t) acc2 + (d0 >> 32U);
acc2 = (uint32_t) d0;
- d0 = (uint64_t) acc3 + ( d0 >> 32U );
+ d0 = (uint64_t) acc3 + (d0 >> 32U);
acc3 = (uint32_t) d0;
- d0 = (uint64_t) acc4 + ( d0 >> 32U );
+ d0 = (uint64_t) acc4 + (d0 >> 32U);
acc4 = (uint32_t) d0;
offset += POLY1305_BLOCK_SIZE_BYTES;
@@ -187,8 +186,8 @@
* \param mac The buffer to where the MAC is written. Must be
* big enough to contain the 16-byte MAC.
*/
-static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
- unsigned char mac[16] )
+static void poly1305_compute_mac(const mbedtls_poly1305_context *ctx,
+ unsigned char mac[16])
{
uint64_t d;
uint32_t g0, g1, g2, g3, g4;
@@ -208,73 +207,74 @@
*/
/* Calculate acc + -(2^130 - 5) */
- d = ( (uint64_t) acc0 + 5U );
+ d = ((uint64_t) acc0 + 5U);
g0 = (uint32_t) d;
- d = ( (uint64_t) acc1 + ( d >> 32 ) );
+ d = ((uint64_t) acc1 + (d >> 32));
g1 = (uint32_t) d;
- d = ( (uint64_t) acc2 + ( d >> 32 ) );
+ d = ((uint64_t) acc2 + (d >> 32));
g2 = (uint32_t) d;
- d = ( (uint64_t) acc3 + ( d >> 32 ) );
+ d = ((uint64_t) acc3 + (d >> 32));
g3 = (uint32_t) d;
- g4 = acc4 + (uint32_t) ( d >> 32U );
+ g4 = acc4 + (uint32_t) (d >> 32U);
/* mask == 0xFFFFFFFF if 131st bit is set, otherwise mask == 0 */
- mask = (uint32_t) 0U - ( g4 >> 2U );
+ mask = (uint32_t) 0U - (g4 >> 2U);
mask_inv = ~mask;
/* If 131st bit is set then acc=g, otherwise, acc is unmodified */
- acc0 = ( acc0 & mask_inv ) | ( g0 & mask );
- acc1 = ( acc1 & mask_inv ) | ( g1 & mask );
- acc2 = ( acc2 & mask_inv ) | ( g2 & mask );
- acc3 = ( acc3 & mask_inv ) | ( g3 & mask );
+ acc0 = (acc0 & mask_inv) | (g0 & mask);
+ acc1 = (acc1 & mask_inv) | (g1 & mask);
+ acc2 = (acc2 & mask_inv) | (g2 & mask);
+ acc3 = (acc3 & mask_inv) | (g3 & mask);
/* Add 's' */
d = (uint64_t) acc0 + ctx->s[0];
acc0 = (uint32_t) d;
- d = (uint64_t) acc1 + ctx->s[1] + ( d >> 32U );
+ d = (uint64_t) acc1 + ctx->s[1] + (d >> 32U);
acc1 = (uint32_t) d;
- d = (uint64_t) acc2 + ctx->s[2] + ( d >> 32U );
+ d = (uint64_t) acc2 + ctx->s[2] + (d >> 32U);
acc2 = (uint32_t) d;
- acc3 += ctx->s[3] + (uint32_t) ( d >> 32U );
+ acc3 += ctx->s[3] + (uint32_t) (d >> 32U);
/* Compute MAC (128 least significant bits of the accumulator) */
- MBEDTLS_PUT_UINT32_LE( acc0, mac, 0 );
- MBEDTLS_PUT_UINT32_LE( acc1, mac, 4 );
- MBEDTLS_PUT_UINT32_LE( acc2, mac, 8 );
- MBEDTLS_PUT_UINT32_LE( acc3, mac, 12 );
+ MBEDTLS_PUT_UINT32_LE(acc0, mac, 0);
+ MBEDTLS_PUT_UINT32_LE(acc1, mac, 4);
+ MBEDTLS_PUT_UINT32_LE(acc2, mac, 8);
+ MBEDTLS_PUT_UINT32_LE(acc3, mac, 12);
}
-void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
+void mbedtls_poly1305_init(mbedtls_poly1305_context *ctx)
{
- POLY1305_VALIDATE( ctx != NULL );
+ POLY1305_VALIDATE(ctx != NULL);
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_poly1305_context));
}
-void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
+void mbedtls_poly1305_free(mbedtls_poly1305_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_poly1305_context));
}
-int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
- const unsigned char key[32] )
+int mbedtls_poly1305_starts(mbedtls_poly1305_context *ctx,
+ const unsigned char key[32])
{
- POLY1305_VALIDATE_RET( ctx != NULL );
- POLY1305_VALIDATE_RET( key != NULL );
+ POLY1305_VALIDATE_RET(ctx != NULL);
+ POLY1305_VALIDATE_RET(key != NULL);
/* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */
- ctx->r[0] = MBEDTLS_GET_UINT32_LE( key, 0 ) & 0x0FFFFFFFU;
- ctx->r[1] = MBEDTLS_GET_UINT32_LE( key, 4 ) & 0x0FFFFFFCU;
- ctx->r[2] = MBEDTLS_GET_UINT32_LE( key, 8 ) & 0x0FFFFFFCU;
- ctx->r[3] = MBEDTLS_GET_UINT32_LE( key, 12 ) & 0x0FFFFFFCU;
+ ctx->r[0] = MBEDTLS_GET_UINT32_LE(key, 0) & 0x0FFFFFFFU;
+ ctx->r[1] = MBEDTLS_GET_UINT32_LE(key, 4) & 0x0FFFFFFCU;
+ ctx->r[2] = MBEDTLS_GET_UINT32_LE(key, 8) & 0x0FFFFFFCU;
+ ctx->r[3] = MBEDTLS_GET_UINT32_LE(key, 12) & 0x0FFFFFFCU;
- ctx->s[0] = MBEDTLS_GET_UINT32_LE( key, 16 );
- ctx->s[1] = MBEDTLS_GET_UINT32_LE( key, 20 );
- ctx->s[2] = MBEDTLS_GET_UINT32_LE( key, 24 );
- ctx->s[3] = MBEDTLS_GET_UINT32_LE( key, 28 );
+ ctx->s[0] = MBEDTLS_GET_UINT32_LE(key, 16);
+ ctx->s[1] = MBEDTLS_GET_UINT32_LE(key, 20);
+ ctx->s[2] = MBEDTLS_GET_UINT32_LE(key, 24);
+ ctx->s[3] = MBEDTLS_GET_UINT32_LE(key, 28);
/* Initial accumulator state */
ctx->acc[0] = 0U;
@@ -284,129 +284,124 @@
ctx->acc[4] = 0U;
/* Queue initially empty */
- mbedtls_platform_zeroize( ctx->queue, sizeof( ctx->queue ) );
+ mbedtls_platform_zeroize(ctx->queue, sizeof(ctx->queue));
ctx->queue_len = 0U;
- return( 0 );
+ return 0;
}
-int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
- const unsigned char *input,
- size_t ilen )
+int mbedtls_poly1305_update(mbedtls_poly1305_context *ctx,
+ const unsigned char *input,
+ size_t ilen)
{
size_t offset = 0U;
size_t remaining = ilen;
size_t queue_free_len;
size_t nblocks;
- POLY1305_VALIDATE_RET( ctx != NULL );
- POLY1305_VALIDATE_RET( ilen == 0 || input != NULL );
+ POLY1305_VALIDATE_RET(ctx != NULL);
+ POLY1305_VALIDATE_RET(ilen == 0 || input != NULL);
- if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) )
- {
- queue_free_len = ( POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len );
+ if ((remaining > 0U) && (ctx->queue_len > 0U)) {
+ queue_free_len = (POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len);
- if( ilen < queue_free_len )
- {
+ if (ilen < queue_free_len) {
/* Not enough data to complete the block.
* Store this data with the other leftovers.
*/
- memcpy( &ctx->queue[ctx->queue_len],
- input,
- ilen );
+ memcpy(&ctx->queue[ctx->queue_len],
+ input,
+ ilen);
ctx->queue_len += ilen;
remaining = 0U;
- }
- else
- {
+ } else {
/* Enough data to produce a complete block */
- memcpy( &ctx->queue[ctx->queue_len],
- input,
- queue_free_len );
+ memcpy(&ctx->queue[ctx->queue_len],
+ input,
+ queue_free_len);
ctx->queue_len = 0U;
- poly1305_process( ctx, 1U, ctx->queue, 1U ); /* add padding bit */
+ poly1305_process(ctx, 1U, ctx->queue, 1U); /* add padding bit */
offset += queue_free_len;
remaining -= queue_free_len;
}
}
- if( remaining >= POLY1305_BLOCK_SIZE_BYTES )
- {
+ if (remaining >= POLY1305_BLOCK_SIZE_BYTES) {
nblocks = remaining / POLY1305_BLOCK_SIZE_BYTES;
- poly1305_process( ctx, nblocks, &input[offset], 1U );
+ poly1305_process(ctx, nblocks, &input[offset], 1U);
offset += nblocks * POLY1305_BLOCK_SIZE_BYTES;
remaining %= POLY1305_BLOCK_SIZE_BYTES;
}
- if( remaining > 0U )
- {
+ if (remaining > 0U) {
/* Store partial block */
ctx->queue_len = remaining;
- memcpy( ctx->queue, &input[offset], remaining );
+ memcpy(ctx->queue, &input[offset], remaining);
}
- return( 0 );
+ return 0;
}
-int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
- unsigned char mac[16] )
+int mbedtls_poly1305_finish(mbedtls_poly1305_context *ctx,
+ unsigned char mac[16])
{
- POLY1305_VALIDATE_RET( ctx != NULL );
- POLY1305_VALIDATE_RET( mac != NULL );
+ POLY1305_VALIDATE_RET(ctx != NULL);
+ POLY1305_VALIDATE_RET(mac != NULL);
/* Process any leftover data */
- if( ctx->queue_len > 0U )
- {
+ if (ctx->queue_len > 0U) {
/* Add padding bit */
ctx->queue[ctx->queue_len] = 1U;
ctx->queue_len++;
/* Pad with zeroes */
- memset( &ctx->queue[ctx->queue_len],
- 0,
- POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len );
+ memset(&ctx->queue[ctx->queue_len],
+ 0,
+ POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len);
- poly1305_process( ctx, 1U, /* Process 1 block */
- ctx->queue, 0U ); /* Already padded above */
+ poly1305_process(ctx, 1U, /* Process 1 block */
+ ctx->queue, 0U); /* Already padded above */
}
- poly1305_compute_mac( ctx, mac );
+ poly1305_compute_mac(ctx, mac);
- return( 0 );
+ return 0;
}
-int mbedtls_poly1305_mac( const unsigned char key[32],
- const unsigned char *input,
- size_t ilen,
- unsigned char mac[16] )
+int mbedtls_poly1305_mac(const unsigned char key[32],
+ const unsigned char *input,
+ size_t ilen,
+ unsigned char mac[16])
{
mbedtls_poly1305_context ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- POLY1305_VALIDATE_RET( key != NULL );
- POLY1305_VALIDATE_RET( mac != NULL );
- POLY1305_VALIDATE_RET( ilen == 0 || input != NULL );
+ POLY1305_VALIDATE_RET(key != NULL);
+ POLY1305_VALIDATE_RET(mac != NULL);
+ POLY1305_VALIDATE_RET(ilen == 0 || input != NULL);
- mbedtls_poly1305_init( &ctx );
+ mbedtls_poly1305_init(&ctx);
- ret = mbedtls_poly1305_starts( &ctx, key );
- if( ret != 0 )
+ ret = mbedtls_poly1305_starts(&ctx, key);
+ if (ret != 0) {
goto cleanup;
+ }
- ret = mbedtls_poly1305_update( &ctx, input, ilen );
- if( ret != 0 )
+ ret = mbedtls_poly1305_update(&ctx, input, ilen);
+ if (ret != 0) {
goto cleanup;
+ }
- ret = mbedtls_poly1305_finish( &ctx, mac );
+ ret = mbedtls_poly1305_finish(&ctx, mac);
cleanup:
- mbedtls_poly1305_free( &ctx );
- return( ret );
+ mbedtls_poly1305_free(&ctx);
+ return ret;
}
#endif /* MBEDTLS_POLY1305_ALT */
@@ -479,46 +474,48 @@
/* Make sure no other definition is already present. */
#undef ASSERT
-#define ASSERT( cond, args ) \
+#define ASSERT(cond, args) \
do \
{ \
- if( ! ( cond ) ) \
+ if (!(cond)) \
{ \
- if( verbose != 0 ) \
- mbedtls_printf args; \
+ if (verbose != 0) \
+ mbedtls_printf args; \
\
- return( -1 ); \
+ return -1; \
} \
} \
- while( 0 )
+ while (0)
-int mbedtls_poly1305_self_test( int verbose )
+int mbedtls_poly1305_self_test(int verbose)
{
unsigned char mac[16];
unsigned i;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- for( i = 0U; i < 2U; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " Poly1305 test %u ", i );
+ for (i = 0U; i < 2U; i++) {
+ if (verbose != 0) {
+ mbedtls_printf(" Poly1305 test %u ", i);
+ }
- ret = mbedtls_poly1305_mac( test_keys[i],
- test_data[i],
- test_data_len[i],
- mac );
- ASSERT( 0 == ret, ( "error code: %i\n", ret ) );
+ ret = mbedtls_poly1305_mac(test_keys[i],
+ test_data[i],
+ test_data_len[i],
+ mac);
+ ASSERT(0 == ret, ("error code: %i\n", ret));
- ASSERT( 0 == memcmp( mac, test_mac[i], 16U ), ( "failed (mac)\n" ) );
+ ASSERT(0 == memcmp(mac, test_mac[i], 16U), ("failed (mac)\n"));
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index f129733..9976d72 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -86,15 +86,15 @@
#include "mbedtls/sha512.h"
#include "mbedtls/xtea.h"
-#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
+#define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array)))
/****************************************************************/
/* Global data, support functions and library management */
/****************************************************************/
-static int key_type_is_raw_bytes( psa_key_type_t type )
+static int key_type_is_raw_bytes(psa_key_type_t type)
{
- return( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) );
+ return PSA_KEY_TYPE_IS_UNSTRUCTURED(type);
}
/* Values for psa_global_data_t::rng_state */
@@ -102,8 +102,7 @@
#define RNG_INITIALIZED 1
#define RNG_SEEDED 2
-typedef struct
-{
+typedef struct {
unsigned initialized : 1;
unsigned rng_state : 2;
mbedtls_psa_random_context_t rng;
@@ -117,40 +116,39 @@
#endif
#define GUARD_MODULE_INITIALIZED \
- if( global_data.initialized == 0 ) \
- return( PSA_ERROR_BAD_STATE );
+ if (global_data.initialized == 0) \
+ return PSA_ERROR_BAD_STATE;
-psa_status_t mbedtls_to_psa_error( int ret )
+psa_status_t mbedtls_to_psa_error(int ret)
{
/* Mbed TLS error codes can combine a high-level error code and a
* low-level error code. The low-level error usually reflects the
* root cause better, so dispatch on that preferably. */
- int low_level_ret = - ( -ret & 0x007f );
- switch( low_level_ret != 0 ? low_level_ret : ret )
- {
+ int low_level_ret = -(-ret & 0x007f);
+ switch (low_level_ret != 0 ? low_level_ret : ret) {
case 0:
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH:
case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:
case MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE:
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_AES_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_ASN1_OUT_OF_DATA:
case MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:
case MBEDTLS_ERR_ASN1_INVALID_LENGTH:
case MBEDTLS_ERR_ASN1_LENGTH_MISMATCH:
case MBEDTLS_ERR_ASN1_INVALID_DATA:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_ASN1_ALLOC_FAILED:
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
case MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ return PSA_ERROR_BUFFER_TOO_SMALL;
#if defined(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA)
case MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA:
@@ -158,9 +156,9 @@
case MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH:
#endif
case MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH:
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
#if defined(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA)
case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA:
@@ -168,209 +166,209 @@
case MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH:
#endif
case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH:
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_CCM_BAD_INPUT:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_CCM_AUTH_FAILED:
- return( PSA_ERROR_INVALID_SIGNATURE );
+ return PSA_ERROR_INVALID_SIGNATURE;
case MBEDTLS_ERR_CCM_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_CHACHAPOLY_BAD_STATE:
- return( PSA_ERROR_BAD_STATE );
+ return PSA_ERROR_BAD_STATE;
case MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED:
- return( PSA_ERROR_INVALID_SIGNATURE );
+ return PSA_ERROR_INVALID_SIGNATURE;
case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_CIPHER_ALLOC_FAILED:
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
case MBEDTLS_ERR_CIPHER_INVALID_PADDING:
- return( PSA_ERROR_INVALID_PADDING );
+ return PSA_ERROR_INVALID_PADDING;
case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_CIPHER_AUTH_FAILED:
- return( PSA_ERROR_INVALID_SIGNATURE );
+ return PSA_ERROR_INVALID_SIGNATURE;
case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
- return( PSA_ERROR_CORRUPTION_DETECTED );
+ return PSA_ERROR_CORRUPTION_DETECTED;
case MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
-#if !( defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) || \
- defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE) )
+#if !(defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) || \
+ defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE))
/* Only check CTR_DRBG error codes if underlying mbedtls_xxx
* functions are passed a CTR_DRBG instance. */
case MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED:
- return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+ return PSA_ERROR_INSUFFICIENT_ENTROPY;
case MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG:
case MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG:
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR:
- return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+ return PSA_ERROR_INSUFFICIENT_ENTROPY;
#endif
case MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH:
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_DES_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED:
case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE:
case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED:
- return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+ return PSA_ERROR_INSUFFICIENT_ENTROPY;
case MBEDTLS_ERR_GCM_AUTH_FAILED:
- return( PSA_ERROR_INVALID_SIGNATURE );
+ return PSA_ERROR_INVALID_SIGNATURE;
case MBEDTLS_ERR_GCM_BAD_INPUT:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_GCM_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \
- defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
+ defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
/* Only check HMAC_DRBG error codes if underlying mbedtls_xxx
* functions are passed a HMAC_DRBG instance. */
case MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED:
- return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+ return PSA_ERROR_INSUFFICIENT_ENTROPY;
case MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG:
case MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG:
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR:
- return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+ return PSA_ERROR_INSUFFICIENT_ENTROPY;
#endif
case MBEDTLS_ERR_MD2_HW_ACCEL_FAILED:
case MBEDTLS_ERR_MD4_HW_ACCEL_FAILED:
case MBEDTLS_ERR_MD5_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE:
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_MD_BAD_INPUT_DATA:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_MD_ALLOC_FAILED:
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
case MBEDTLS_ERR_MD_FILE_IO_ERROR:
- return( PSA_ERROR_STORAGE_FAILURE );
+ return PSA_ERROR_STORAGE_FAILURE;
case MBEDTLS_ERR_MD_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_MPI_FILE_IO_ERROR:
- return( PSA_ERROR_STORAGE_FAILURE );
+ return PSA_ERROR_STORAGE_FAILURE;
case MBEDTLS_ERR_MPI_BAD_INPUT_DATA:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_MPI_INVALID_CHARACTER:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ return PSA_ERROR_BUFFER_TOO_SMALL;
case MBEDTLS_ERR_MPI_NEGATIVE_VALUE:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_MPI_DIVISION_BY_ZERO:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_MPI_NOT_ACCEPTABLE:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_MPI_ALLOC_FAILED:
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
case MBEDTLS_ERR_PK_ALLOC_FAILED:
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
case MBEDTLS_ERR_PK_TYPE_MISMATCH:
case MBEDTLS_ERR_PK_BAD_INPUT_DATA:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_PK_FILE_IO_ERROR:
- return( PSA_ERROR_STORAGE_FAILURE );
+ return PSA_ERROR_STORAGE_FAILURE;
case MBEDTLS_ERR_PK_KEY_INVALID_VERSION:
case MBEDTLS_ERR_PK_KEY_INVALID_FORMAT:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_PK_UNKNOWN_PK_ALG:
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_PK_PASSWORD_REQUIRED:
case MBEDTLS_ERR_PK_PASSWORD_MISMATCH:
- return( PSA_ERROR_NOT_PERMITTED );
+ return PSA_ERROR_NOT_PERMITTED;
case MBEDTLS_ERR_PK_INVALID_PUBKEY:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_PK_INVALID_ALG:
case MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE:
case MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE:
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_PK_SIG_LEN_MISMATCH:
- return( PSA_ERROR_INVALID_SIGNATURE );
+ return PSA_ERROR_INVALID_SIGNATURE;
case MBEDTLS_ERR_PK_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_RSA_BAD_INPUT_DATA:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_RSA_INVALID_PADDING:
- return( PSA_ERROR_INVALID_PADDING );
+ return PSA_ERROR_INVALID_PADDING;
case MBEDTLS_ERR_RSA_KEY_GEN_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_RSA_PUBLIC_FAILED:
case MBEDTLS_ERR_RSA_PRIVATE_FAILED:
- return( PSA_ERROR_CORRUPTION_DETECTED );
+ return PSA_ERROR_CORRUPTION_DETECTED;
case MBEDTLS_ERR_RSA_VERIFY_FAILED:
- return( PSA_ERROR_INVALID_SIGNATURE );
+ return PSA_ERROR_INVALID_SIGNATURE;
case MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE:
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ return PSA_ERROR_BUFFER_TOO_SMALL;
case MBEDTLS_ERR_RSA_RNG_FAILED:
- return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+ return PSA_ERROR_INSUFFICIENT_ENTROPY;
case MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_RSA_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED:
case MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED:
case MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_ECP_BAD_INPUT_DATA:
case MBEDTLS_ERR_ECP_INVALID_KEY:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL:
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ return PSA_ERROR_BUFFER_TOO_SMALL;
case MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH:
case MBEDTLS_ERR_ECP_VERIFY_FAILED:
- return( PSA_ERROR_INVALID_SIGNATURE );
+ return PSA_ERROR_INVALID_SIGNATURE;
case MBEDTLS_ERR_ECP_ALLOC_FAILED:
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
case MBEDTLS_ERR_ECP_RANDOM_FAILED:
- return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+ return PSA_ERROR_INSUFFICIENT_ENTROPY;
case MBEDTLS_ERR_ECP_HW_ACCEL_FAILED:
- return( PSA_ERROR_HARDWARE_FAILURE );
+ return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED:
- return( PSA_ERROR_CORRUPTION_DETECTED );
+ return PSA_ERROR_CORRUPTION_DETECTED;
default:
- return( PSA_ERROR_GENERIC_ERROR );
+ return PSA_ERROR_GENERIC_ERROR;
}
}
@@ -386,99 +384,96 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
-mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
- size_t bits,
- int bits_is_sloppy )
+mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
+ size_t bits,
+ int bits_is_sloppy)
{
- switch( curve )
- {
+ switch (curve) {
case PSA_ECC_FAMILY_SECP_R1:
- switch( bits )
- {
+ switch (bits) {
#if defined(PSA_WANT_ECC_SECP_R1_192)
case 192:
- return( MBEDTLS_ECP_DP_SECP192R1 );
+ return MBEDTLS_ECP_DP_SECP192R1;
#endif
#if defined(PSA_WANT_ECC_SECP_R1_224)
case 224:
- return( MBEDTLS_ECP_DP_SECP224R1 );
+ return MBEDTLS_ECP_DP_SECP224R1;
#endif
#if defined(PSA_WANT_ECC_SECP_R1_256)
case 256:
- return( MBEDTLS_ECP_DP_SECP256R1 );
+ return MBEDTLS_ECP_DP_SECP256R1;
#endif
#if defined(PSA_WANT_ECC_SECP_R1_384)
case 384:
- return( MBEDTLS_ECP_DP_SECP384R1 );
+ return MBEDTLS_ECP_DP_SECP384R1;
#endif
#if defined(PSA_WANT_ECC_SECP_R1_521)
case 521:
- return( MBEDTLS_ECP_DP_SECP521R1 );
+ return MBEDTLS_ECP_DP_SECP521R1;
case 528:
- if( bits_is_sloppy )
- return( MBEDTLS_ECP_DP_SECP521R1 );
+ if (bits_is_sloppy) {
+ return MBEDTLS_ECP_DP_SECP521R1;
+ }
break;
#endif
}
break;
case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
- switch( bits )
- {
+ switch (bits) {
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
case 256:
- return( MBEDTLS_ECP_DP_BP256R1 );
+ return MBEDTLS_ECP_DP_BP256R1;
#endif
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
case 384:
- return( MBEDTLS_ECP_DP_BP384R1 );
+ return MBEDTLS_ECP_DP_BP384R1;
#endif
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
case 512:
- return( MBEDTLS_ECP_DP_BP512R1 );
+ return MBEDTLS_ECP_DP_BP512R1;
#endif
}
break;
case PSA_ECC_FAMILY_MONTGOMERY:
- switch( bits )
- {
+ switch (bits) {
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
case 255:
- return( MBEDTLS_ECP_DP_CURVE25519 );
+ return MBEDTLS_ECP_DP_CURVE25519;
case 256:
- if( bits_is_sloppy )
- return( MBEDTLS_ECP_DP_CURVE25519 );
+ if (bits_is_sloppy) {
+ return MBEDTLS_ECP_DP_CURVE25519;
+ }
break;
#endif
#if defined(PSA_WANT_ECC_MONTGOMERY_448)
case 448:
- return( MBEDTLS_ECP_DP_CURVE448 );
+ return MBEDTLS_ECP_DP_CURVE448;
#endif
}
break;
case PSA_ECC_FAMILY_SECP_K1:
- switch( bits )
- {
+ switch (bits) {
#if defined(PSA_WANT_ECC_SECP_K1_192)
case 192:
- return( MBEDTLS_ECP_DP_SECP192K1 );
+ return MBEDTLS_ECP_DP_SECP192K1;
#endif
#if defined(PSA_WANT_ECC_SECP_K1_224)
case 224:
- return( MBEDTLS_ECP_DP_SECP224K1 );
+ return MBEDTLS_ECP_DP_SECP224K1;
#endif
#if defined(PSA_WANT_ECC_SECP_K1_256)
case 256:
- return( MBEDTLS_ECP_DP_SECP256K1 );
+ return MBEDTLS_ECP_DP_SECP256K1;
#endif
}
break;
}
(void) bits_is_sloppy;
- return( MBEDTLS_ECP_DP_NONE );
+ return MBEDTLS_ECP_DP_NONE;
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
@@ -486,59 +481,65 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
-static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type,
- size_t bits )
+static psa_status_t validate_unstructured_key_bit_size(psa_key_type_t type,
+ size_t bits)
{
/* Check that the bit size is acceptable for the key type */
- switch( type )
- {
+ switch (type) {
case PSA_KEY_TYPE_RAW_DATA:
case PSA_KEY_TYPE_HMAC:
case PSA_KEY_TYPE_DERIVE:
break;
#if defined(PSA_WANT_KEY_TYPE_AES)
case PSA_KEY_TYPE_AES:
- if( bits != 128 && bits != 192 && bits != 256 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (bits != 128 && bits != 192 && bits != 256) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
break;
#endif
#if defined(PSA_WANT_KEY_TYPE_ARIA)
case PSA_KEY_TYPE_ARIA:
- if( bits != 128 && bits != 192 && bits != 256 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (bits != 128 && bits != 192 && bits != 256) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
break;
#endif
#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
case PSA_KEY_TYPE_CAMELLIA:
- if( bits != 128 && bits != 192 && bits != 256 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (bits != 128 && bits != 192 && bits != 256) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
break;
#endif
#if defined(PSA_WANT_KEY_TYPE_DES)
case PSA_KEY_TYPE_DES:
- if( bits != 64 && bits != 128 && bits != 192 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (bits != 64 && bits != 128 && bits != 192) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
break;
#endif
#if defined(PSA_WANT_KEY_TYPE_ARC4)
case PSA_KEY_TYPE_ARC4:
- if( bits < 8 || bits > 2048 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (bits < 8 || bits > 2048) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
break;
#endif
#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
case PSA_KEY_TYPE_CHACHA20:
- if( bits != 256 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (bits != 256) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
break;
#endif
default:
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
- if( bits % 8 != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (bits % 8 != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/** Check whether a given key type is valid for use with a given MAC algorithm
@@ -557,124 +558,125 @@
*/
MBEDTLS_STATIC_TESTABLE psa_status_t psa_mac_key_can_do(
psa_algorithm_t algorithm,
- psa_key_type_t key_type )
+ psa_key_type_t key_type)
{
- if( PSA_ALG_IS_HMAC( algorithm ) )
- {
- if( key_type == PSA_KEY_TYPE_HMAC )
- return( PSA_SUCCESS );
- }
-
- if( PSA_ALG_IS_BLOCK_CIPHER_MAC( algorithm ) )
- {
- /* Check that we're calling PSA_BLOCK_CIPHER_BLOCK_LENGTH with a cipher
- * key. */
- if( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) ==
- PSA_KEY_TYPE_CATEGORY_SYMMETRIC )
- {
- /* PSA_BLOCK_CIPHER_BLOCK_LENGTH returns 1 for stream ciphers and
- * the block length (larger than 1) for block ciphers. */
- if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) > 1 )
- return( PSA_SUCCESS );
+ if (PSA_ALG_IS_HMAC(algorithm)) {
+ if (key_type == PSA_KEY_TYPE_HMAC) {
+ return PSA_SUCCESS;
}
}
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (PSA_ALG_IS_BLOCK_CIPHER_MAC(algorithm)) {
+ /* Check that we're calling PSA_BLOCK_CIPHER_BLOCK_LENGTH with a cipher
+ * key. */
+ if ((key_type & PSA_KEY_TYPE_CATEGORY_MASK) ==
+ PSA_KEY_TYPE_CATEGORY_SYMMETRIC) {
+ /* PSA_BLOCK_CIPHER_BLOCK_LENGTH returns 1 for stream ciphers and
+ * the block length (larger than 1) for block ciphers. */
+ if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1) {
+ return PSA_SUCCESS;
+ }
+ }
+ }
+
+ return PSA_ERROR_INVALID_ARGUMENT;
}
-psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot,
- size_t buffer_length )
+psa_status_t psa_allocate_buffer_to_slot(psa_key_slot_t *slot,
+ size_t buffer_length)
{
- if( slot->key.data != NULL )
- return( PSA_ERROR_ALREADY_EXISTS );
+ if (slot->key.data != NULL) {
+ return PSA_ERROR_ALREADY_EXISTS;
+ }
- slot->key.data = mbedtls_calloc( 1, buffer_length );
- if( slot->key.data == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ slot->key.data = mbedtls_calloc(1, buffer_length);
+ if (slot->key.data == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
slot->key.bytes = buffer_length;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot,
- const uint8_t* data,
- size_t data_length )
+psa_status_t psa_copy_key_material_into_slot(psa_key_slot_t *slot,
+ const uint8_t *data,
+ size_t data_length)
{
- psa_status_t status = psa_allocate_buffer_to_slot( slot,
- data_length );
- if( status != PSA_SUCCESS )
- return( status );
+ psa_status_t status = psa_allocate_buffer_to_slot(slot,
+ data_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- memcpy( slot->key.data, data, data_length );
- return( PSA_SUCCESS );
+ memcpy(slot->key.data, data, data_length);
+ return PSA_SUCCESS;
}
psa_status_t psa_import_key_into_slot(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
- size_t *key_buffer_length, size_t *bits )
+ size_t *key_buffer_length, size_t *bits)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_type_t type = attributes->core.type;
/* zero-length keys are never supported. */
- if( data_length == 0 )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (data_length == 0) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
- if( key_type_is_raw_bytes( type ) )
- {
- *bits = PSA_BYTES_TO_BITS( data_length );
+ if (key_type_is_raw_bytes(type)) {
+ *bits = PSA_BYTES_TO_BITS(data_length);
/* Ensure that the bytes-to-bits conversion hasn't overflown. */
- if( data_length > SIZE_MAX / 8 )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (data_length > SIZE_MAX / 8) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
/* Enforce a size limit, and in particular ensure that the bit
* size fits in its representation type. */
- if( ( *bits ) > PSA_MAX_KEY_BITS )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if ((*bits) > PSA_MAX_KEY_BITS) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
- status = validate_unstructured_key_bit_size( type, *bits );
- if( status != PSA_SUCCESS )
- return( status );
+ status = validate_unstructured_key_bit_size(type, *bits);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/* Copy the key material. */
- memcpy( key_buffer, data, data_length );
+ memcpy(key_buffer, data, data_length);
*key_buffer_length = data_length;
- (void)key_buffer_size;
+ (void) key_buffer_size;
- return( PSA_SUCCESS );
- }
- else if( PSA_KEY_TYPE_IS_ASYMMETRIC( type ) )
- {
+ return PSA_SUCCESS;
+ } else if (PSA_KEY_TYPE_IS_ASYMMETRIC(type)) {
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
- if( PSA_KEY_TYPE_IS_ECC( type ) )
- {
- return( mbedtls_psa_ecp_import_key( attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length,
- bits ) );
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
+ if (PSA_KEY_TYPE_IS_ECC(type)) {
+ return mbedtls_psa_ecp_import_key(attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length,
+ bits);
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
- if( PSA_KEY_TYPE_IS_RSA( type ) )
- {
- return( mbedtls_psa_rsa_import_key( attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length,
- bits ) );
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
+ if (PSA_KEY_TYPE_IS_RSA(type)) {
+ return mbedtls_psa_rsa_import_key(attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length,
+ bits);
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
}
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
/** Calculate the intersection of two algorithm usage policies.
@@ -684,63 +686,61 @@
static psa_algorithm_t psa_key_policy_algorithm_intersection(
psa_key_type_t key_type,
psa_algorithm_t alg1,
- psa_algorithm_t alg2 )
+ psa_algorithm_t alg2)
{
/* Common case: both sides actually specify the same policy. */
- if( alg1 == alg2 )
- return( alg1 );
+ if (alg1 == alg2) {
+ return alg1;
+ }
/* If the policies are from the same hash-and-sign family, check
* if one is a wildcard. If so the other has the specific algorithm. */
- if( PSA_ALG_IS_SIGN_HASH( alg1 ) &&
- PSA_ALG_IS_SIGN_HASH( alg2 ) &&
- ( alg1 & ~PSA_ALG_HASH_MASK ) == ( alg2 & ~PSA_ALG_HASH_MASK ) )
- {
- if( PSA_ALG_SIGN_GET_HASH( alg1 ) == PSA_ALG_ANY_HASH )
- return( alg2 );
- if( PSA_ALG_SIGN_GET_HASH( alg2 ) == PSA_ALG_ANY_HASH )
- return( alg1 );
+ if (PSA_ALG_IS_SIGN_HASH(alg1) &&
+ PSA_ALG_IS_SIGN_HASH(alg2) &&
+ (alg1 & ~PSA_ALG_HASH_MASK) == (alg2 & ~PSA_ALG_HASH_MASK)) {
+ if (PSA_ALG_SIGN_GET_HASH(alg1) == PSA_ALG_ANY_HASH) {
+ return alg2;
+ }
+ if (PSA_ALG_SIGN_GET_HASH(alg2) == PSA_ALG_ANY_HASH) {
+ return alg1;
+ }
}
/* If the policies are from the same AEAD family, check whether
* one of them is a minimum-tag-length wildcard. Calculate the most
* restrictive tag length. */
- if( PSA_ALG_IS_AEAD( alg1 ) && PSA_ALG_IS_AEAD( alg2 ) &&
- ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg1, 0 ) ==
- PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg2, 0 ) ) )
- {
- size_t alg1_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg1 );
- size_t alg2_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg2 );
+ if (PSA_ALG_IS_AEAD(alg1) && PSA_ALG_IS_AEAD(alg2) &&
+ (PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg1, 0) ==
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg2, 0))) {
+ size_t alg1_len = PSA_ALG_AEAD_GET_TAG_LENGTH(alg1);
+ size_t alg2_len = PSA_ALG_AEAD_GET_TAG_LENGTH(alg2);
size_t restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len;
/* If both are wildcards, return most restrictive wildcard */
- if( ( ( alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
- ( ( alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
- {
- return( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
- alg1, restricted_len ) );
+ if (((alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0) &&
+ ((alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0)) {
+ return PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
+ alg1, restricted_len);
}
/* If only one is a wildcard, return specific algorithm if compatible. */
- if( ( ( alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
- ( alg1_len <= alg2_len ) )
- {
- return( alg2 );
+ if (((alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0) &&
+ (alg1_len <= alg2_len)) {
+ return alg2;
}
- if( ( ( alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
- ( alg2_len <= alg1_len ) )
- {
- return( alg1 );
+ if (((alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0) &&
+ (alg2_len <= alg1_len)) {
+ return alg1;
}
}
/* If the policies are from the same MAC family, check whether one
* of them is a minimum-MAC-length policy. Calculate the most
* restrictive tag length. */
- if( PSA_ALG_IS_MAC( alg1 ) && PSA_ALG_IS_MAC( alg2 ) &&
- ( PSA_ALG_FULL_LENGTH_MAC( alg1 ) ==
- PSA_ALG_FULL_LENGTH_MAC( alg2 ) ) )
- {
+ if (PSA_ALG_IS_MAC(alg1) && PSA_ALG_IS_MAC(alg2) &&
+ (PSA_ALG_FULL_LENGTH_MAC(alg1) ==
+ PSA_ALG_FULL_LENGTH_MAC(alg2))) {
/* Validate the combination of key type and algorithm. Since the base
* algorithm of alg1 and alg2 are the same, we only need this once. */
- if( PSA_SUCCESS != psa_mac_key_can_do( alg1, key_type ) )
- return( 0 );
+ if (PSA_SUCCESS != psa_mac_key_can_do(alg1, key_type)) {
+ return 0;
+ }
/* Get the (exact or at-least) output lengths for both sides of the
* requested intersection. None of the currently supported algorithms
@@ -750,79 +750,76 @@
* Note that for at-least-this-length wildcard algorithms, the output
* length is set to the shortest allowed length, which allows us to
* calculate the most restrictive tag length for the intersection. */
- size_t alg1_len = PSA_MAC_LENGTH( key_type, 0, alg1 );
- size_t alg2_len = PSA_MAC_LENGTH( key_type, 0, alg2 );
+ size_t alg1_len = PSA_MAC_LENGTH(key_type, 0, alg1);
+ size_t alg2_len = PSA_MAC_LENGTH(key_type, 0, alg2);
size_t restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len;
/* If both are wildcards, return most restrictive wildcard */
- if( ( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
- ( ( alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
- {
- return( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg1, restricted_len ) );
+ if (((alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) &&
+ ((alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0)) {
+ return PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg1, restricted_len);
}
/* If only one is an at-least-this-length policy, the intersection would
* be the other (fixed-length) policy as long as said fixed length is
* equal to or larger than the shortest allowed length. */
- if( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
- {
- return( ( alg1_len <= alg2_len ) ? alg2 : 0 );
+ if ((alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) {
+ return (alg1_len <= alg2_len) ? alg2 : 0;
}
- if( ( alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
- {
- return( ( alg2_len <= alg1_len ) ? alg1 : 0 );
+ if ((alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) {
+ return (alg2_len <= alg1_len) ? alg1 : 0;
}
/* If none of them are wildcards, check whether they define the same tag
* length. This is still possible here when one is default-length and
* the other specific-length. Ensure to always return the
* specific-length version for the intersection. */
- if( alg1_len == alg2_len )
- return( PSA_ALG_TRUNCATED_MAC( alg1, alg1_len ) );
+ if (alg1_len == alg2_len) {
+ return PSA_ALG_TRUNCATED_MAC(alg1, alg1_len);
+ }
}
/* If the policies are incompatible, allow nothing. */
- return( 0 );
+ return 0;
}
-static int psa_key_algorithm_permits( psa_key_type_t key_type,
- psa_algorithm_t policy_alg,
- psa_algorithm_t requested_alg )
+static int psa_key_algorithm_permits(psa_key_type_t key_type,
+ psa_algorithm_t policy_alg,
+ psa_algorithm_t requested_alg)
{
/* Common case: the policy only allows requested_alg. */
- if( requested_alg == policy_alg )
- return( 1 );
+ if (requested_alg == policy_alg) {
+ return 1;
+ }
/* If policy_alg is a hash-and-sign with a wildcard for the hash,
* and requested_alg is the same hash-and-sign family with any hash,
* then requested_alg is compliant with policy_alg. */
- if( PSA_ALG_IS_SIGN_HASH( requested_alg ) &&
- PSA_ALG_SIGN_GET_HASH( policy_alg ) == PSA_ALG_ANY_HASH )
- {
- return( ( policy_alg & ~PSA_ALG_HASH_MASK ) ==
- ( requested_alg & ~PSA_ALG_HASH_MASK ) );
+ if (PSA_ALG_IS_SIGN_HASH(requested_alg) &&
+ PSA_ALG_SIGN_GET_HASH(policy_alg) == PSA_ALG_ANY_HASH) {
+ return (policy_alg & ~PSA_ALG_HASH_MASK) ==
+ (requested_alg & ~PSA_ALG_HASH_MASK);
}
/* If policy_alg is a wildcard AEAD algorithm of the same base as
* the requested algorithm, check the requested tag length to be
* equal-length or longer than the wildcard-specified length. */
- if( PSA_ALG_IS_AEAD( policy_alg ) &&
- PSA_ALG_IS_AEAD( requested_alg ) &&
- ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, 0 ) ==
- PSA_ALG_AEAD_WITH_SHORTENED_TAG( requested_alg, 0 ) ) &&
- ( ( policy_alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
- {
- return( PSA_ALG_AEAD_GET_TAG_LENGTH( policy_alg ) <=
- PSA_ALG_AEAD_GET_TAG_LENGTH( requested_alg ) );
+ if (PSA_ALG_IS_AEAD(policy_alg) &&
+ PSA_ALG_IS_AEAD(requested_alg) &&
+ (PSA_ALG_AEAD_WITH_SHORTENED_TAG(policy_alg, 0) ==
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(requested_alg, 0)) &&
+ ((policy_alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0)) {
+ return PSA_ALG_AEAD_GET_TAG_LENGTH(policy_alg) <=
+ PSA_ALG_AEAD_GET_TAG_LENGTH(requested_alg);
}
/* If policy_alg is a MAC algorithm of the same base as the requested
* algorithm, check whether their MAC lengths are compatible. */
- if( PSA_ALG_IS_MAC( policy_alg ) &&
- PSA_ALG_IS_MAC( requested_alg ) &&
- ( PSA_ALG_FULL_LENGTH_MAC( policy_alg ) ==
- PSA_ALG_FULL_LENGTH_MAC( requested_alg ) ) )
- {
+ if (PSA_ALG_IS_MAC(policy_alg) &&
+ PSA_ALG_IS_MAC(requested_alg) &&
+ (PSA_ALG_FULL_LENGTH_MAC(policy_alg) ==
+ PSA_ALG_FULL_LENGTH_MAC(requested_alg))) {
/* Validate the combination of key type and algorithm. Since the policy
* and requested algorithms are the same, we only need this once. */
- if( PSA_SUCCESS != psa_mac_key_can_do( policy_alg, key_type ) )
- return( 0 );
+ if (PSA_SUCCESS != psa_mac_key_can_do(policy_alg, key_type)) {
+ return 0;
+ }
/* Get both the requested output length for the algorithm which is to be
* verified, and the default output length for the base algorithm.
@@ -830,44 +827,42 @@
* length dependent on actual key size, so setting it to a bogus value
* of 0 is currently OK. */
size_t requested_output_length = PSA_MAC_LENGTH(
- key_type, 0, requested_alg );
+ key_type, 0, requested_alg);
size_t default_output_length = PSA_MAC_LENGTH(
- key_type, 0,
- PSA_ALG_FULL_LENGTH_MAC( requested_alg ) );
+ key_type, 0,
+ PSA_ALG_FULL_LENGTH_MAC(requested_alg));
/* If the policy is default-length, only allow an algorithm with
* a declared exact-length matching the default. */
- if( PSA_MAC_TRUNCATED_LENGTH( policy_alg ) == 0 )
- return( requested_output_length == default_output_length );
+ if (PSA_MAC_TRUNCATED_LENGTH(policy_alg) == 0) {
+ return requested_output_length == default_output_length;
+ }
/* If the requested algorithm is default-length, allow it if the policy
* length exactly matches the default length. */
- if( PSA_MAC_TRUNCATED_LENGTH( requested_alg ) == 0 &&
- PSA_MAC_TRUNCATED_LENGTH( policy_alg ) == default_output_length )
- {
- return( 1 );
+ if (PSA_MAC_TRUNCATED_LENGTH(requested_alg) == 0 &&
+ PSA_MAC_TRUNCATED_LENGTH(policy_alg) == default_output_length) {
+ return 1;
}
/* If policy_alg is an at-least-this-length wildcard MAC algorithm,
* check for the requested MAC length to be equal to or longer than the
* minimum allowed length. */
- if( ( policy_alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
- {
- return( PSA_MAC_TRUNCATED_LENGTH( policy_alg ) <=
- requested_output_length );
+ if ((policy_alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) {
+ return PSA_MAC_TRUNCATED_LENGTH(policy_alg) <=
+ requested_output_length;
}
}
/* If policy_alg is a generic key agreement operation, then using it for
* a key derivation with that key agreement should also be allowed. This
* behaviour is expected to be defined in a future specification version. */
- if( PSA_ALG_IS_RAW_KEY_AGREEMENT( policy_alg ) &&
- PSA_ALG_IS_KEY_AGREEMENT( requested_alg ) )
- {
- return( PSA_ALG_KEY_AGREEMENT_GET_BASE( requested_alg ) ==
- policy_alg );
+ if (PSA_ALG_IS_RAW_KEY_AGREEMENT(policy_alg) &&
+ PSA_ALG_IS_KEY_AGREEMENT(requested_alg)) {
+ return PSA_ALG_KEY_AGREEMENT_GET_BASE(requested_alg) ==
+ policy_alg;
}
/* If it isn't explicitly permitted, it's forbidden. */
- return( 0 );
+ return 0;
}
/** Test whether a policy permits an algorithm.
@@ -885,23 +880,26 @@
* \retval PSA_ERROR_NOT_PERMITTED When \p alg is a specific algorithm, but
* the \p policy does not allow it.
*/
-static psa_status_t psa_key_policy_permits( const psa_key_policy_t *policy,
- psa_key_type_t key_type,
- psa_algorithm_t alg )
+static psa_status_t psa_key_policy_permits(const psa_key_policy_t *policy,
+ psa_key_type_t key_type,
+ psa_algorithm_t alg)
{
/* '0' is not a valid algorithm */
- if( alg == 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (alg == 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
/* A requested algorithm cannot be a wildcard. */
- if( PSA_ALG_IS_WILDCARD( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (PSA_ALG_IS_WILDCARD(alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- if( psa_key_algorithm_permits( key_type, policy->alg, alg ) ||
- psa_key_algorithm_permits( key_type, policy->alg2, alg ) )
- return( PSA_SUCCESS );
- else
- return( PSA_ERROR_NOT_PERMITTED );
+ if (psa_key_algorithm_permits(key_type, policy->alg, alg) ||
+ psa_key_algorithm_permits(key_type, policy->alg2, alg)) {
+ return PSA_SUCCESS;
+ } else {
+ return PSA_ERROR_NOT_PERMITTED;
+ }
}
/** Restrict a key policy based on a constraint.
@@ -925,22 +923,24 @@
static psa_status_t psa_restrict_key_policy(
psa_key_type_t key_type,
psa_key_policy_t *policy,
- const psa_key_policy_t *constraint )
+ const psa_key_policy_t *constraint)
{
psa_algorithm_t intersection_alg =
- psa_key_policy_algorithm_intersection( key_type, policy->alg,
- constraint->alg );
+ psa_key_policy_algorithm_intersection(key_type, policy->alg,
+ constraint->alg);
psa_algorithm_t intersection_alg2 =
- psa_key_policy_algorithm_intersection( key_type, policy->alg2,
- constraint->alg2 );
- if( intersection_alg == 0 && policy->alg != 0 && constraint->alg != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
- if( intersection_alg2 == 0 && policy->alg2 != 0 && constraint->alg2 != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ psa_key_policy_algorithm_intersection(key_type, policy->alg2,
+ constraint->alg2);
+ if (intersection_alg == 0 && policy->alg != 0 && constraint->alg != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ if (intersection_alg2 == 0 && policy->alg2 != 0 && constraint->alg2 != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
policy->usage &= constraint->usage;
policy->alg = intersection_alg;
policy->alg2 = intersection_alg2;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/** Get the description of a key given its identifier and policy constraints
@@ -960,46 +960,47 @@
mbedtls_svc_key_id_t key,
psa_key_slot_t **p_slot,
psa_key_usage_t usage,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
- status = psa_get_and_lock_key_slot( key, p_slot );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_and_lock_key_slot(key, p_slot);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
slot = *p_slot;
/* Enforce that usage policy for the key slot contains all the flags
* required by the usage parameter. There is one exception: public
* keys can always be exported, so we treat public key objects as
* if they had the export flag. */
- if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) )
+ if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) {
usage &= ~PSA_KEY_USAGE_EXPORT;
+ }
- if( ( slot->attr.policy.usage & usage ) != usage )
- {
+ if ((slot->attr.policy.usage & usage) != usage) {
status = PSA_ERROR_NOT_PERMITTED;
goto error;
}
/* Enforce that the usage policy permits the requested algorithm. */
- if( alg != 0 )
- {
- status = psa_key_policy_permits( &slot->attr.policy,
- slot->attr.type,
- alg );
- if( status != PSA_SUCCESS )
+ if (alg != 0) {
+ status = psa_key_policy_permits(&slot->attr.policy,
+ slot->attr.type,
+ alg);
+ if (status != PSA_SUCCESS) {
goto error;
+ }
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
error:
*p_slot = NULL;
- psa_unlock_key_slot( slot );
+ psa_unlock_key_slot(slot);
- return( status );
+ return status;
}
/** Get a key slot containing a transparent key and lock it.
@@ -1019,42 +1020,43 @@
mbedtls_svc_key_id_t key,
psa_key_slot_t **p_slot,
psa_key_usage_t usage,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
- psa_status_t status = psa_get_and_lock_key_slot_with_policy( key, p_slot,
- usage, alg );
- if( status != PSA_SUCCESS )
- return( status );
-
- if( psa_key_lifetime_is_external( (*p_slot)->attr.lifetime ) )
- {
- psa_unlock_key_slot( *p_slot );
- *p_slot = NULL;
- return( PSA_ERROR_NOT_SUPPORTED );
+ psa_status_t status = psa_get_and_lock_key_slot_with_policy(key, p_slot,
+ usage, alg);
+ if (status != PSA_SUCCESS) {
+ return status;
}
- return( PSA_SUCCESS );
+ if (psa_key_lifetime_is_external((*p_slot)->attr.lifetime)) {
+ psa_unlock_key_slot(*p_slot);
+ *p_slot = NULL;
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ return PSA_SUCCESS;
}
-psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
+psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot)
{
/* Data pointer will always be either a valid pointer or NULL in an
* initialized slot, so we can just free it. */
- if( slot->key.data != NULL )
- mbedtls_platform_zeroize( slot->key.data, slot->key.bytes);
+ if (slot->key.data != NULL) {
+ mbedtls_platform_zeroize(slot->key.data, slot->key.bytes);
+ }
- mbedtls_free( slot->key.data );
+ mbedtls_free(slot->key.data);
slot->key.data = NULL;
slot->key.bytes = 0;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/** Completely wipe a slot in memory, including its policy.
* Persistent storage is not affected. */
-psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
+psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot)
{
- psa_status_t status = psa_remove_key_data_from_memory( slot );
+ psa_status_t status = psa_remove_key_data_from_memory(slot);
/*
* As the return error code may not be handled in case of multiple errors,
@@ -1063,10 +1065,9 @@
* part of the execution of a test suite this will stop the test suite
* execution).
*/
- if( slot->lock_count != 1 )
- {
+ if (slot->lock_count != 1) {
#ifdef MBEDTLS_CHECK_PARAMS
- MBEDTLS_PARAM_FAILED( slot->lock_count == 1 );
+ MBEDTLS_PARAM_FAILED(slot->lock_count == 1);
#endif
status = PSA_ERROR_CORRUPTION_DETECTED;
}
@@ -1079,11 +1080,11 @@
/* At this point, key material and other type-specific content has
* been wiped. Clear remaining metadata. We can call memset and not
* zeroize because the metadata is not particularly sensitive. */
- memset( slot, 0, sizeof( *slot ) );
- return( status );
+ memset(slot, 0, sizeof(*slot));
+ return status;
}
-psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key )
+psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key)
{
psa_key_slot_t *slot;
psa_status_t status; /* status of the last operation */
@@ -1092,8 +1093,9 @@
psa_se_drv_table_entry_t *driver;
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- if( mbedtls_svc_key_id_is_null( key ) )
- return( PSA_SUCCESS );
+ if (mbedtls_svc_key_id_is_null(key)) {
+ return PSA_SUCCESS;
+ }
/*
* Get the description of the key in a key slot. In case of a persistent
@@ -1102,9 +1104,10 @@
* the key is operated by an SE or not and this information is needed by
* the current implementation.
*/
- status = psa_get_and_lock_key_slot( key, &slot );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_and_lock_key_slot(key, &slot);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/*
* If the key slot containing the key description is under access by the
@@ -1113,14 +1116,12 @@
* implemented), the key should be destroyed when all accesses have
* stopped.
*/
- if( slot->lock_count > 1 )
- {
- psa_unlock_key_slot( slot );
- return( PSA_ERROR_GENERIC_ERROR );
+ if (slot->lock_count > 1) {
+ psa_unlock_key_slot(slot);
+ return PSA_ERROR_GENERIC_ERROR;
}
- if( PSA_KEY_LIFETIME_IS_READ_ONLY( slot->attr.lifetime ) )
- {
+ if (PSA_KEY_LIFETIME_IS_READ_ONLY(slot->attr.lifetime)) {
/* Refuse the destruction of a read-only key (which may or may not work
* if we attempt it, depending on whether the key is merely read-only
* by policy or actually physically read-only).
@@ -1131,22 +1132,20 @@
}
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- driver = psa_get_se_driver_entry( slot->attr.lifetime );
- if( driver != NULL )
- {
+ driver = psa_get_se_driver_entry(slot->attr.lifetime);
+ if (driver != NULL) {
/* For a key in a secure element, we need to do three things:
* remove the key file in internal storage, destroy the
* key inside the secure element, and update the driver's
* persistent data. Start a transaction that will encompass these
* three actions. */
- psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_DESTROY_KEY );
+ psa_crypto_prepare_transaction(PSA_CRYPTO_TRANSACTION_DESTROY_KEY);
psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
- psa_crypto_transaction.key.slot = psa_key_slot_get_slot_number( slot );
+ psa_crypto_transaction.key.slot = psa_key_slot_get_slot_number(slot);
psa_crypto_transaction.key.id = slot->attr.id;
- status = psa_crypto_save_transaction( );
- if( status != PSA_SUCCESS )
- {
- (void) psa_crypto_stop_transaction( );
+ status = psa_crypto_save_transaction();
+ if (status != PSA_SUCCESS) {
+ (void) psa_crypto_stop_transaction();
/* We should still try to destroy the key in the secure
* element and the key metadata in storage. This is especially
* important if the error is that the storage is full.
@@ -1158,19 +1157,20 @@
goto exit;
}
- status = psa_destroy_se_key( driver,
- psa_key_slot_get_slot_number( slot ) );
- if( overall_status == PSA_SUCCESS )
+ status = psa_destroy_se_key(driver,
+ psa_key_slot_get_slot_number(slot));
+ if (overall_status == PSA_SUCCESS) {
overall_status = status;
+ }
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- if( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
- {
- status = psa_destroy_persistent_key( slot->attr.id );
- if( overall_status == PSA_SUCCESS )
+ if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
+ status = psa_destroy_persistent_key(slot->attr.id);
+ if (overall_status == PSA_SUCCESS) {
overall_status = status;
+ }
/* TODO: other slots may have a copy of the same key. We should
* invalidate them.
@@ -1180,96 +1180,100 @@
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- if( driver != NULL )
- {
- status = psa_save_se_persistent_data( driver );
- if( overall_status == PSA_SUCCESS )
+ if (driver != NULL) {
+ status = psa_save_se_persistent_data(driver);
+ if (overall_status == PSA_SUCCESS) {
overall_status = status;
- status = psa_crypto_stop_transaction( );
- if( overall_status == PSA_SUCCESS )
+ }
+ status = psa_crypto_stop_transaction();
+ if (overall_status == PSA_SUCCESS) {
overall_status = status;
+ }
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
exit:
- status = psa_wipe_key_slot( slot );
+ status = psa_wipe_key_slot(slot);
/* Prioritize CORRUPTION_DETECTED from wiping over a storage error */
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
overall_status = status;
- return( overall_status );
+ }
+ return overall_status;
}
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
static psa_status_t psa_get_rsa_public_exponent(
const mbedtls_rsa_context *rsa,
- psa_key_attributes_t *attributes )
+ psa_key_attributes_t *attributes)
{
mbedtls_mpi mpi;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
uint8_t *buffer = NULL;
size_t buflen;
- mbedtls_mpi_init( &mpi );
+ mbedtls_mpi_init(&mpi);
- ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &mpi );
- if( ret != 0 )
+ ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &mpi);
+ if (ret != 0) {
goto exit;
- if( mbedtls_mpi_cmp_int( &mpi, 65537 ) == 0 )
- {
+ }
+ if (mbedtls_mpi_cmp_int(&mpi, 65537) == 0) {
/* It's the default value, which is reported as an empty string,
* so there's nothing to do. */
goto exit;
}
- buflen = mbedtls_mpi_size( &mpi );
- buffer = mbedtls_calloc( 1, buflen );
- if( buffer == NULL )
- {
+ buflen = mbedtls_mpi_size(&mpi);
+ buffer = mbedtls_calloc(1, buflen);
+ if (buffer == NULL) {
ret = MBEDTLS_ERR_MPI_ALLOC_FAILED;
goto exit;
}
- ret = mbedtls_mpi_write_binary( &mpi, buffer, buflen );
- if( ret != 0 )
+ ret = mbedtls_mpi_write_binary(&mpi, buffer, buflen);
+ if (ret != 0) {
goto exit;
+ }
attributes->domain_parameters = buffer;
attributes->domain_parameters_size = buflen;
exit:
- mbedtls_mpi_free( &mpi );
- if( ret != 0 )
- mbedtls_free( buffer );
- return( mbedtls_to_psa_error( ret ) );
+ mbedtls_mpi_free(&mpi);
+ if (ret != 0) {
+ mbedtls_free(buffer);
+ }
+ return mbedtls_to_psa_error(ret);
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
/** Retrieve all the publicly-accessible attributes of a key.
*/
-psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key,
- psa_key_attributes_t *attributes )
+psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
+ psa_key_attributes_t *attributes)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
- psa_reset_key_attributes( attributes );
+ psa_reset_key_attributes(attributes);
- status = psa_get_and_lock_key_slot_with_policy( key, &slot, 0, 0 );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_and_lock_key_slot_with_policy(key, &slot, 0, 0);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
attributes->core = slot->attr;
- attributes->core.flags &= ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
- MBEDTLS_PSA_KA_MASK_DUAL_USE );
+ attributes->core.flags &= (MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
+ MBEDTLS_PSA_KA_MASK_DUAL_USE);
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- if( psa_get_se_driver_entry( slot->attr.lifetime ) != NULL )
- psa_set_key_slot_number( attributes,
- psa_key_slot_get_slot_number( slot ) );
+ if (psa_get_se_driver_entry(slot->attr.lifetime) != NULL) {
+ psa_set_key_slot_number(attributes,
+ psa_key_slot_get_slot_number(slot));
+ }
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- switch( slot->attr.type )
- {
+ switch (slot->attr.type) {
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
case PSA_KEY_TYPE_RSA_KEY_PAIR:
@@ -1278,22 +1282,22 @@
* is not yet implemented.
* https://github.com/ARMmbed/mbed-crypto/issues/216
*/
- if( ! psa_key_lifetime_is_external( slot->attr.lifetime ) )
- {
+ if (!psa_key_lifetime_is_external(slot->attr.lifetime)) {
mbedtls_rsa_context *rsa = NULL;
status = mbedtls_psa_rsa_load_representation(
- slot->attr.type,
- slot->key.data,
- slot->key.bytes,
- &rsa );
- if( status != PSA_SUCCESS )
+ slot->attr.type,
+ slot->key.data,
+ slot->key.bytes,
+ &rsa);
+ if (status != PSA_SUCCESS) {
break;
+ }
- status = psa_get_rsa_public_exponent( rsa,
- attributes );
- mbedtls_rsa_free( rsa );
- mbedtls_free( rsa );
+ status = psa_get_rsa_public_exponent(rsa,
+ attributes);
+ mbedtls_rsa_free(rsa);
+ mbedtls_free(rsa);
}
break;
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
@@ -1303,72 +1307,70 @@
break;
}
- if( status != PSA_SUCCESS )
- psa_reset_key_attributes( attributes );
+ if (status != PSA_SUCCESS) {
+ psa_reset_key_attributes(attributes);
+ }
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
psa_status_t psa_get_key_slot_number(
const psa_key_attributes_t *attributes,
- psa_key_slot_number_t *slot_number )
+ psa_key_slot_number_t *slot_number)
{
- if( attributes->core.flags & MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER )
- {
+ if (attributes->core.flags & MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER) {
*slot_number = attributes->slot_number;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
+ } else {
+ return PSA_ERROR_INVALID_ARGUMENT;
}
- else
- return( PSA_ERROR_INVALID_ARGUMENT );
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-static psa_status_t psa_export_key_buffer_internal( const uint8_t *key_buffer,
- size_t key_buffer_size,
- uint8_t *data,
- size_t data_size,
- size_t *data_length )
+static psa_status_t psa_export_key_buffer_internal(const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length)
{
- if( key_buffer_size > data_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
- memcpy( data, key_buffer, key_buffer_size );
- memset( data + key_buffer_size, 0,
- data_size - key_buffer_size );
+ if (key_buffer_size > data_size) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
+ memcpy(data, key_buffer, key_buffer_size);
+ memset(data + key_buffer_size, 0,
+ data_size - key_buffer_size);
*data_length = key_buffer_size;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
psa_status_t psa_export_key_internal(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length )
+ uint8_t *data, size_t data_size, size_t *data_length)
{
psa_key_type_t type = attributes->core.type;
- if( key_type_is_raw_bytes( type ) ||
- PSA_KEY_TYPE_IS_RSA( type ) ||
- PSA_KEY_TYPE_IS_ECC( type ) )
- {
- return( psa_export_key_buffer_internal(
- key_buffer, key_buffer_size,
- data, data_size, data_length ) );
- }
- else
- {
+ if (key_type_is_raw_bytes(type) ||
+ PSA_KEY_TYPE_IS_RSA(type) ||
+ PSA_KEY_TYPE_IS_ECC(type)) {
+ return psa_export_key_buffer_internal(
+ key_buffer, key_buffer_size,
+ data, data_size, data_length);
+ } else {
/* This shouldn't happen in the reference implementation, but
it is valid for a special-purpose implementation to omit
support for exporting certain key types. */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
}
-psa_status_t psa_export_key( mbedtls_svc_key_id_t key,
- uint8_t *data,
- size_t data_size,
- size_t *data_length )
+psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -1377,8 +1379,9 @@
/* Reject a zero-length output buffer now, since this can never be a
* valid key representation. This way we know that data must be a valid
* pointer and we can do things like memset(data, ..., data_size). */
- if( data_size == 0 )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (data_size == 0) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
/* Set the key to empty now, so that even when there are errors, we always
* set data_length to a value between 0 and data_size. On error, setting
@@ -1390,21 +1393,22 @@
* which don't require any flag, but
* psa_get_and_lock_key_slot_with_policy() takes care of this.
*/
- status = psa_get_and_lock_key_slot_with_policy( key, &slot,
- PSA_KEY_USAGE_EXPORT, 0 );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_and_lock_key_slot_with_policy(key, &slot,
+ PSA_KEY_USAGE_EXPORT, 0);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
psa_key_attributes_t attributes = {
.core = slot->attr
};
- status = psa_driver_wrapper_export_key( &attributes,
- slot->key.data, slot->key.bytes,
- data, data_size, data_length );
+ status = psa_driver_wrapper_export_key(&attributes,
+ slot->key.data, slot->key.bytes,
+ data, data_size, data_length);
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
psa_status_t psa_export_public_key_internal(
@@ -1413,66 +1417,59 @@
size_t key_buffer_size,
uint8_t *data,
size_t data_size,
- size_t *data_length )
+ size_t *data_length)
{
psa_key_type_t type = attributes->core.type;
- if( PSA_KEY_TYPE_IS_RSA( type ) || PSA_KEY_TYPE_IS_ECC( type ) )
- {
- if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
- {
+ if (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type)) {
+ if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) {
/* Exporting public -> public */
- return( psa_export_key_buffer_internal(
- key_buffer, key_buffer_size,
- data, data_size, data_length ) );
+ return psa_export_key_buffer_internal(
+ key_buffer, key_buffer_size,
+ data, data_size, data_length);
}
- if( PSA_KEY_TYPE_IS_RSA( type ) )
- {
+ if (PSA_KEY_TYPE_IS_RSA(type)) {
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
- return( mbedtls_psa_rsa_export_public_key( attributes,
- key_buffer,
- key_buffer_size,
- data,
- data_size,
- data_length ) );
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
+ return mbedtls_psa_rsa_export_public_key(attributes,
+ key_buffer,
+ key_buffer_size,
+ data,
+ data_size,
+ data_length);
#else
/* We don't know how to convert a private RSA key to public. */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
- }
- else
- {
+ } else {
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
- return( mbedtls_psa_ecp_export_public_key( attributes,
- key_buffer,
- key_buffer_size,
- data,
- data_size,
- data_length ) );
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
+ return mbedtls_psa_ecp_export_public_key(attributes,
+ key_buffer,
+ key_buffer_size,
+ data,
+ data_size,
+ data_length);
#else
/* We don't know how to convert a private ECC key to public */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
}
- }
- else
- {
+ } else {
/* This shouldn't happen in the reference implementation, but
it is valid for a special-purpose implementation to omit
support for exporting certain key types. */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
}
-psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key,
- uint8_t *data,
- size_t data_size,
- size_t *data_length )
+psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -1481,8 +1478,9 @@
/* Reject a zero-length output buffer now, since this can never be a
* valid key representation. This way we know that data must be a valid
* pointer and we can do things like memset(data, ..., data_size). */
- if( data_size == 0 )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (data_size == 0) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
/* Set the key to empty now, so that even when there are errors, we always
* set data_length to a value between 0 and data_size. On error, setting
@@ -1491,14 +1489,14 @@
*data_length = 0;
/* Exporting a public key doesn't require a usage flag. */
- status = psa_get_and_lock_key_slot_with_policy( key, &slot, 0, 0 );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_and_lock_key_slot_with_policy(key, &slot, 0, 0);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) )
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto exit;
+ if (!PSA_KEY_TYPE_IS_ASYMMETRIC(slot->attr.type)) {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
}
psa_key_attributes_t attributes = {
@@ -1506,21 +1504,21 @@
};
status = psa_driver_wrapper_export_public_key(
&attributes, slot->key.data, slot->key.bytes,
- data, data_size, data_length );
+ data, data_size, data_length);
exit:
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
#if defined(static_assert)
-static_assert( ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE ) == 0,
- "One or more key attribute flag is listed as both external-only and dual-use" );
-static_assert( ( PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE ) == 0,
- "One or more key attribute flag is listed as both internal-only and dual-use" );
-static_assert( ( PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ) == 0,
- "One or more key attribute flag is listed as both internal-only and external-only" );
+static_assert((MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0,
+ "One or more key attribute flag is listed as both external-only and dual-use");
+static_assert((PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0,
+ "One or more key attribute flag is listed as both internal-only and dual-use");
+static_assert((PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY) == 0,
+ "One or more key attribute flag is listed as both internal-only and external-only");
#endif
/** Validate that a key policy is internally well-formed.
@@ -1529,20 +1527,21 @@
* consistency of the policy with respect to other attributes of the key
* such as the key type.
*/
-static psa_status_t psa_validate_key_policy( const psa_key_policy_t *policy )
+static psa_status_t psa_validate_key_policy(const psa_key_policy_t *policy)
{
- if( ( policy->usage & ~( PSA_KEY_USAGE_EXPORT |
- PSA_KEY_USAGE_COPY |
- PSA_KEY_USAGE_ENCRYPT |
- PSA_KEY_USAGE_DECRYPT |
- PSA_KEY_USAGE_SIGN_MESSAGE |
- PSA_KEY_USAGE_VERIFY_MESSAGE |
- PSA_KEY_USAGE_SIGN_HASH |
- PSA_KEY_USAGE_VERIFY_HASH |
- PSA_KEY_USAGE_DERIVE ) ) != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if ((policy->usage & ~(PSA_KEY_USAGE_EXPORT |
+ PSA_KEY_USAGE_COPY |
+ PSA_KEY_USAGE_ENCRYPT |
+ PSA_KEY_USAGE_DECRYPT |
+ PSA_KEY_USAGE_SIGN_MESSAGE |
+ PSA_KEY_USAGE_VERIFY_MESSAGE |
+ PSA_KEY_USAGE_SIGN_HASH |
+ PSA_KEY_USAGE_VERIFY_HASH |
+ PSA_KEY_USAGE_DERIVE)) != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/** Validate the internal consistency of key attributes.
@@ -1560,48 +1559,52 @@
*/
static psa_status_t psa_validate_key_attributes(
const psa_key_attributes_t *attributes,
- psa_se_drv_table_entry_t **p_drv )
+ psa_se_drv_table_entry_t **p_drv)
{
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
- psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes );
- mbedtls_svc_key_id_t key = psa_get_key_id( attributes );
+ psa_key_lifetime_t lifetime = psa_get_key_lifetime(attributes);
+ mbedtls_svc_key_id_t key = psa_get_key_id(attributes);
- status = psa_validate_key_location( lifetime, p_drv );
- if( status != PSA_SUCCESS )
- return( status );
-
- status = psa_validate_key_persistence( lifetime );
- if( status != PSA_SUCCESS )
- return( status );
-
- if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
- {
- if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
- }
- else
- {
- if( !psa_is_valid_key_id( psa_get_key_id( attributes ), 0 ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ status = psa_validate_key_location(lifetime, p_drv);
+ if (status != PSA_SUCCESS) {
+ return status;
}
- status = psa_validate_key_policy( &attributes->core.policy );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_validate_key_persistence(lifetime);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
+ if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key) != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ } else {
+ if (!psa_is_valid_key_id(psa_get_key_id(attributes), 0)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ }
+
+ status = psa_validate_key_policy(&attributes->core.policy);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/* Refuse to create overly large keys.
* Note that this doesn't trigger on import if the attributes don't
* explicitly specify a size (so psa_get_key_bits returns 0), so
* psa_import_key() needs its own checks. */
- if( psa_get_key_bits( attributes ) > PSA_MAX_KEY_BITS )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (psa_get_key_bits(attributes) > PSA_MAX_KEY_BITS) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
/* Reject invalid flags. These should not be reachable through the API. */
- if( attributes->core.flags & ~ ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
- MBEDTLS_PSA_KA_MASK_DUAL_USE ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (attributes->core.flags & ~(MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
+ MBEDTLS_PSA_KA_MASK_DUAL_USE)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/** Prepare a key slot to receive key material.
@@ -1637,7 +1640,7 @@
psa_key_creation_method_t method,
const psa_key_attributes_t *attributes,
psa_key_slot_t **p_slot,
- psa_se_drv_table_entry_t **p_drv )
+ psa_se_drv_table_entry_t **p_drv)
{
psa_status_t status;
psa_key_id_t volatile_key_id;
@@ -1646,13 +1649,15 @@
(void) method;
*p_drv = NULL;
- status = psa_validate_key_attributes( attributes, p_drv );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_validate_key_attributes(attributes, p_drv);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- status = psa_get_empty_key_slot( &volatile_key_id, p_slot );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_empty_key_slot(&volatile_key_id, p_slot);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
slot = *p_slot;
/* We're storing the declared bit-size of the key. It's up to each
@@ -1664,8 +1669,7 @@
* definition. */
slot->attr = attributes->core;
- if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
- {
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
slot->attr.id = volatile_key_id;
#else
@@ -1698,40 +1702,37 @@
* secure element driver updates its persistent state, but we do not yet
* save the driver's persistent state, so that if the power fails,
* we can roll back to a state where the key doesn't exist. */
- if( *p_drv != NULL )
- {
+ if (*p_drv != NULL) {
psa_key_slot_number_t slot_number;
- status = psa_find_se_slot_for_key( attributes, method, *p_drv,
- &slot_number );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_find_se_slot_for_key(attributes, method, *p_drv,
+ &slot_number);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- if( ! PSA_KEY_LIFETIME_IS_VOLATILE( attributes->core.lifetime ) )
- {
- psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_CREATE_KEY );
+ if (!PSA_KEY_LIFETIME_IS_VOLATILE(attributes->core.lifetime)) {
+ psa_crypto_prepare_transaction(PSA_CRYPTO_TRANSACTION_CREATE_KEY);
psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
psa_crypto_transaction.key.slot = slot_number;
psa_crypto_transaction.key.id = slot->attr.id;
- status = psa_crypto_save_transaction( );
- if( status != PSA_SUCCESS )
- {
- (void) psa_crypto_stop_transaction( );
- return( status );
+ status = psa_crypto_save_transaction();
+ if (status != PSA_SUCCESS) {
+ (void) psa_crypto_stop_transaction();
+ return status;
}
}
status = psa_copy_key_material_into_slot(
- slot, (uint8_t *)( &slot_number ), sizeof( slot_number ) );
+ slot, (uint8_t *) (&slot_number), sizeof(slot_number));
}
- if( *p_drv == NULL && method == PSA_KEY_CREATION_REGISTER )
- {
+ if (*p_drv == NULL && method == PSA_KEY_CREATION_REGISTER) {
/* Key registration only makes sense with a secure element. */
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/** Finalize the creation of a key once its key material has been set.
@@ -1774,33 +1775,30 @@
(void) driver;
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- if( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
- {
+ if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- if( driver != NULL )
- {
+ if (driver != NULL) {
psa_se_key_data_storage_t data;
psa_key_slot_number_t slot_number =
- psa_key_slot_get_slot_number( slot ) ;
+ psa_key_slot_get_slot_number(slot);
#if defined(static_assert)
- static_assert( sizeof( slot_number ) ==
- sizeof( data.slot_number ),
- "Slot number size does not match psa_se_key_data_storage_t" );
+ static_assert(sizeof(slot_number) ==
+ sizeof(data.slot_number),
+ "Slot number size does not match psa_se_key_data_storage_t");
#endif
- memcpy( &data.slot_number, &slot_number, sizeof( slot_number ) );
- status = psa_save_persistent_key( &slot->attr,
- (uint8_t*) &data,
- sizeof( data ) );
- }
- else
+ memcpy(&data.slot_number, &slot_number, sizeof(slot_number));
+ status = psa_save_persistent_key(&slot->attr,
+ (uint8_t *) &data,
+ sizeof(data));
+ } else
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
{
/* Key material is saved in export representation in the slot, so
* just pass the slot buffer for storage. */
- status = psa_save_persistent_key( &slot->attr,
- slot->key.data,
- slot->key.bytes );
+ status = psa_save_persistent_key(&slot->attr,
+ slot->key.data,
+ slot->key.bytes);
}
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
@@ -1811,28 +1809,26 @@
* by checking whether a transaction is in progress (actual
* creation of a persistent key in a secure element requires a transaction,
* but registration or volatile key creation doesn't use one). */
- if( driver != NULL &&
- psa_crypto_transaction.unknown.type == PSA_CRYPTO_TRANSACTION_CREATE_KEY )
- {
- status = psa_save_se_persistent_data( driver );
- if( status != PSA_SUCCESS )
- {
- psa_destroy_persistent_key( slot->attr.id );
- return( status );
+ if (driver != NULL &&
+ psa_crypto_transaction.unknown.type == PSA_CRYPTO_TRANSACTION_CREATE_KEY) {
+ status = psa_save_se_persistent_data(driver);
+ if (status != PSA_SUCCESS) {
+ psa_destroy_persistent_key(slot->attr.id);
+ return status;
}
- status = psa_crypto_stop_transaction( );
+ status = psa_crypto_stop_transaction();
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- if( status == PSA_SUCCESS )
- {
+ if (status == PSA_SUCCESS) {
*key = slot->attr.id;
- status = psa_unlock_key_slot( slot );
- if( status != PSA_SUCCESS )
+ status = psa_unlock_key_slot(slot);
+ if (status != PSA_SUCCESS) {
*key = MBEDTLS_SVC_KEY_ID_INIT;
+ }
}
- return( status );
+ return status;
}
/** Abort the creation of a key.
@@ -1847,13 +1843,14 @@
* \param[in] driver The secure element driver for the key,
* or NULL for a transparent key.
*/
-static void psa_fail_key_creation( psa_key_slot_t *slot,
- psa_se_drv_table_entry_t *driver )
+static void psa_fail_key_creation(psa_key_slot_t *slot,
+ psa_se_drv_table_entry_t *driver)
{
(void) driver;
- if( slot == NULL )
+ if (slot == NULL) {
return;
+ }
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* TODO: If the key has already been created in the secure
@@ -1869,10 +1866,10 @@
* Earlier functions must already have done what it takes to undo any
* partial creation. All that's left is to update the transaction data
* itself. */
- (void) psa_crypto_stop_transaction( );
+ (void) psa_crypto_stop_transaction();
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- psa_wipe_key_slot( slot );
+ psa_wipe_key_slot(slot);
}
/** Validate optional attributes during key creation.
@@ -1886,74 +1883,76 @@
*/
static psa_status_t psa_validate_optional_attributes(
const psa_key_slot_t *slot,
- const psa_key_attributes_t *attributes )
+ const psa_key_attributes_t *attributes)
{
- if( attributes->core.type != 0 )
- {
- if( attributes->core.type != slot->attr.type )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (attributes->core.type != 0) {
+ if (attributes->core.type != slot->attr.type) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
}
- if( attributes->domain_parameters_size != 0 )
- {
+ if (attributes->domain_parameters_size != 0) {
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
- if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
- {
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
+ if (PSA_KEY_TYPE_IS_RSA(slot->attr.type)) {
mbedtls_rsa_context *rsa = NULL;
mbedtls_mpi actual, required;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_status_t status = mbedtls_psa_rsa_load_representation(
- slot->attr.type,
- slot->key.data,
- slot->key.bytes,
- &rsa );
- if( status != PSA_SUCCESS )
- return( status );
+ slot->attr.type,
+ slot->key.data,
+ slot->key.bytes,
+ &rsa);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- mbedtls_mpi_init( &actual );
- mbedtls_mpi_init( &required );
- ret = mbedtls_rsa_export( rsa,
- NULL, NULL, NULL, NULL, &actual );
- mbedtls_rsa_free( rsa );
- mbedtls_free( rsa );
- if( ret != 0 )
+ mbedtls_mpi_init(&actual);
+ mbedtls_mpi_init(&required);
+ ret = mbedtls_rsa_export(rsa,
+ NULL, NULL, NULL, NULL, &actual);
+ mbedtls_rsa_free(rsa);
+ mbedtls_free(rsa);
+ if (ret != 0) {
goto rsa_exit;
- ret = mbedtls_mpi_read_binary( &required,
- attributes->domain_parameters,
- attributes->domain_parameters_size );
- if( ret != 0 )
+ }
+ ret = mbedtls_mpi_read_binary(&required,
+ attributes->domain_parameters,
+ attributes->domain_parameters_size);
+ if (ret != 0) {
goto rsa_exit;
- if( mbedtls_mpi_cmp_mpi( &actual, &required ) != 0 )
+ }
+ if (mbedtls_mpi_cmp_mpi(&actual, &required) != 0) {
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
- rsa_exit:
- mbedtls_mpi_free( &actual );
- mbedtls_mpi_free( &required );
- if( ret != 0)
- return( mbedtls_to_psa_error( ret ) );
- }
- else
+ }
+rsa_exit:
+ mbedtls_mpi_free(&actual);
+ mbedtls_mpi_free(&required);
+ if (ret != 0) {
+ return mbedtls_to_psa_error(ret);
+ }
+ } else
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
{
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
- if( attributes->core.bits != 0 )
- {
- if( attributes->core.bits != slot->attr.bits )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (attributes->core.bits != 0) {
+ if (attributes->core.bits != slot->attr.bits) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- mbedtls_svc_key_id_t *key )
+psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ mbedtls_svc_key_id_t *key)
{
psa_status_t status;
psa_key_slot_t *slot = NULL;
@@ -1965,57 +1964,61 @@
/* Reject zero-length symmetric keys (including raw data key objects).
* This also rejects any key which might be encoded as an empty string,
* which is never valid. */
- if( data_length == 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (data_length == 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes,
- &slot, &driver );
- if( status != PSA_SUCCESS )
+ status = psa_start_key_creation(PSA_KEY_CREATION_IMPORT, attributes,
+ &slot, &driver);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* In the case of a transparent key or an opaque key stored in local
* storage (thus not in the case of generating a key in a secure element
* or cryptoprocessor with storage), we have to allocate a buffer to
* hold the generated key material. */
- if( slot->key.data == NULL )
- {
- status = psa_allocate_buffer_to_slot( slot, data_length );
- if( status != PSA_SUCCESS )
+ if (slot->key.data == NULL) {
+ status = psa_allocate_buffer_to_slot(slot, data_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
}
bits = slot->attr.bits;
- status = psa_driver_wrapper_import_key( attributes,
- data, data_length,
- slot->key.data,
- slot->key.bytes,
- &slot->key.bytes, &bits );
- if( status != PSA_SUCCESS )
+ status = psa_driver_wrapper_import_key(attributes,
+ data, data_length,
+ slot->key.data,
+ slot->key.bytes,
+ &slot->key.bytes, &bits);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( slot->attr.bits == 0 )
+ if (slot->attr.bits == 0) {
slot->attr.bits = (psa_key_bits_t) bits;
- else if( bits != slot->attr.bits )
- {
+ } else if (bits != slot->attr.bits) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
- status = psa_validate_optional_attributes( slot, attributes );
- if( status != PSA_SUCCESS )
+ status = psa_validate_optional_attributes(slot, attributes);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_finish_key_creation( slot, driver, key );
+ status = psa_finish_key_creation(slot, driver, key);
exit:
- if( status != PSA_SUCCESS )
- psa_fail_key_creation( slot, driver );
+ if (status != PSA_SUCCESS) {
+ psa_fail_key_creation(slot, driver);
+ }
- return( status );
+ return status;
}
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
psa_status_t mbedtls_psa_register_se_key(
- const psa_key_attributes_t *attributes )
+ const psa_key_attributes_t *attributes)
{
psa_status_t status;
psa_key_slot_t *slot = NULL;
@@ -2026,46 +2029,51 @@
* It could make sense to query the key type and size from the
* secure element, but not all secure elements support this
* and the driver HAL doesn't currently support it. */
- if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_NONE )
- return( PSA_ERROR_NOT_SUPPORTED );
- if( psa_get_key_bits( attributes ) == 0 )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (psa_get_key_type(attributes) == PSA_KEY_TYPE_NONE) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ if (psa_get_key_bits(attributes) == 0) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
- status = psa_start_key_creation( PSA_KEY_CREATION_REGISTER, attributes,
- &slot, &driver );
- if( status != PSA_SUCCESS )
+ status = psa_start_key_creation(PSA_KEY_CREATION_REGISTER, attributes,
+ &slot, &driver);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_finish_key_creation( slot, driver, &key );
+ status = psa_finish_key_creation(slot, driver, &key);
exit:
- if( status != PSA_SUCCESS )
- psa_fail_key_creation( slot, driver );
+ if (status != PSA_SUCCESS) {
+ psa_fail_key_creation(slot, driver);
+ }
/* Registration doesn't keep the key in RAM. */
- psa_close_key( key );
- return( status );
+ psa_close_key(key);
+ return status;
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-static psa_status_t psa_copy_key_material( const psa_key_slot_t *source,
- psa_key_slot_t *target )
+static psa_status_t psa_copy_key_material(const psa_key_slot_t *source,
+ psa_key_slot_t *target)
{
- psa_status_t status = psa_copy_key_material_into_slot( target,
- source->key.data,
- source->key.bytes );
- if( status != PSA_SUCCESS )
- return( status );
+ psa_status_t status = psa_copy_key_material_into_slot(target,
+ source->key.data,
+ source->key.bytes);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
target->attr.type = source->attr.type;
target->attr.bits = source->attr.bits;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
- const psa_key_attributes_t *specified_attributes,
- mbedtls_svc_key_id_t *target_key )
+psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
+ const psa_key_attributes_t *specified_attributes,
+ mbedtls_svc_key_id_t *target_key)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -2077,37 +2085,39 @@
*target_key = MBEDTLS_SVC_KEY_ID_INIT;
status = psa_get_and_lock_transparent_key_slot_with_policy(
- source_key, &source_slot, PSA_KEY_USAGE_COPY, 0 );
- if( status != PSA_SUCCESS )
+ source_key, &source_slot, PSA_KEY_USAGE_COPY, 0);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_validate_optional_attributes( source_slot,
- specified_attributes );
- if( status != PSA_SUCCESS )
+ status = psa_validate_optional_attributes(source_slot,
+ specified_attributes);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_restrict_key_policy( source_slot->attr.type,
- &actual_attributes.core.policy,
- &source_slot->attr.policy );
- if( status != PSA_SUCCESS )
+ status = psa_restrict_key_policy(source_slot->attr.type,
+ &actual_attributes.core.policy,
+ &source_slot->attr.policy);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_start_key_creation( PSA_KEY_CREATION_COPY, &actual_attributes,
- &target_slot, &driver );
- if( status != PSA_SUCCESS )
+ status = psa_start_key_creation(PSA_KEY_CREATION_COPY, &actual_attributes,
+ &target_slot, &driver);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- if( driver != NULL )
- {
+ if (driver != NULL) {
/* Copying to a secure element is not implemented yet. */
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- if( psa_key_lifetime_is_external( actual_attributes.core.lifetime ) )
- {
+ if (psa_key_lifetime_is_external(actual_attributes.core.lifetime)) {
/*
* Copying through an opaque driver is not implemented yet, consider
* a lifetime with an external location as an invalid parameter for
@@ -2117,18 +2127,20 @@
goto exit;
}
- status = psa_copy_key_material( source_slot, target_slot );
- if( status != PSA_SUCCESS )
+ status = psa_copy_key_material(source_slot, target_slot);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_finish_key_creation( target_slot, driver, target_key );
+ status = psa_finish_key_creation(target_slot, driver, target_key);
exit:
- if( status != PSA_SUCCESS )
- psa_fail_key_creation( target_slot, driver );
+ if (status != PSA_SUCCESS) {
+ psa_fail_key_creation(target_slot, driver);
+ }
- unlock_status = psa_unlock_key_slot( source_slot );
+ unlock_status = psa_unlock_key_slot(source_slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
@@ -2137,178 +2149,185 @@
/* Message digests */
/****************************************************************/
-psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
+psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
{
/* Aborting a non-active operation is allowed */
- if( operation->id == 0 )
- return( PSA_SUCCESS );
+ if (operation->id == 0) {
+ return PSA_SUCCESS;
+ }
- psa_status_t status = psa_driver_wrapper_hash_abort( operation );
+ psa_status_t status = psa_driver_wrapper_hash_abort(operation);
operation->id = 0;
- return( status );
+ return status;
}
-psa_status_t psa_hash_setup( psa_hash_operation_t *operation,
- psa_algorithm_t alg )
+psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
+ psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* A context must be freshly initialized before it can be set up. */
- if( operation->id != 0 )
- {
+ if (operation->id != 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( !PSA_ALG_IS_HASH( alg ) )
- {
+ if (!PSA_ALG_IS_HASH(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
/* Ensure all of the context is zeroized, since PSA_HASH_OPERATION_INIT only
* directly zeroes the int-sized dummy member of the context union. */
- memset( &operation->ctx, 0, sizeof( operation->ctx ) );
+ memset(&operation->ctx, 0, sizeof(operation->ctx));
- status = psa_driver_wrapper_hash_setup( operation, alg );
+ status = psa_driver_wrapper_hash_setup(operation, alg);
exit:
- if( status != PSA_SUCCESS )
- psa_hash_abort( operation );
+ if (status != PSA_SUCCESS) {
+ psa_hash_abort(operation);
+ }
return status;
}
-psa_status_t psa_hash_update( psa_hash_operation_t *operation,
- const uint8_t *input,
- size_t input_length )
+psa_status_t psa_hash_update(psa_hash_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
/* Don't require hash implementations to behave correctly on a
* zero-length input, which may have an invalid pointer. */
- if( input_length == 0 )
- return( PSA_SUCCESS );
+ if (input_length == 0) {
+ return PSA_SUCCESS;
+ }
- status = psa_driver_wrapper_hash_update( operation, input, input_length );
+ status = psa_driver_wrapper_hash_update(operation, input, input_length);
exit:
- if( status != PSA_SUCCESS )
- psa_hash_abort( operation );
+ if (status != PSA_SUCCESS) {
+ psa_hash_abort(operation);
+ }
- return( status );
+ return status;
}
-psa_status_t psa_hash_finish( psa_hash_operation_t *operation,
- uint8_t *hash,
- size_t hash_size,
- size_t *hash_length )
+psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length)
{
*hash_length = 0;
- if( operation->id == 0 )
- return( PSA_ERROR_BAD_STATE );
+ if (operation->id == 0) {
+ return PSA_ERROR_BAD_STATE;
+ }
psa_status_t status = psa_driver_wrapper_hash_finish(
- operation, hash, hash_size, hash_length );
- psa_hash_abort( operation );
- return( status );
+ operation, hash, hash_size, hash_length);
+ psa_hash_abort(operation);
+ return status;
}
-psa_status_t psa_hash_verify( psa_hash_operation_t *operation,
- const uint8_t *hash,
- size_t hash_length )
+psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
+ const uint8_t *hash,
+ size_t hash_length)
{
uint8_t actual_hash[PSA_HASH_MAX_SIZE];
size_t actual_hash_length;
psa_status_t status = psa_hash_finish(
- operation,
- actual_hash, sizeof( actual_hash ),
- &actual_hash_length );
+ operation,
+ actual_hash, sizeof(actual_hash),
+ &actual_hash_length);
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( actual_hash_length != hash_length )
- {
+ if (actual_hash_length != hash_length) {
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
- if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
+ if (mbedtls_psa_safer_memcmp(hash, actual_hash, actual_hash_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
+ }
exit:
- mbedtls_platform_zeroize( actual_hash, sizeof( actual_hash ) );
- if( status != PSA_SUCCESS )
+ mbedtls_platform_zeroize(actual_hash, sizeof(actual_hash));
+ if (status != PSA_SUCCESS) {
psa_hash_abort(operation);
+ }
- return( status );
+ return status;
}
-psa_status_t psa_hash_compute( psa_algorithm_t alg,
- const uint8_t *input, size_t input_length,
- uint8_t *hash, size_t hash_size,
- size_t *hash_length )
+psa_status_t psa_hash_compute(psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *hash, size_t hash_size,
+ size_t *hash_length)
{
*hash_length = 0;
- if( !PSA_ALG_IS_HASH( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (!PSA_ALG_IS_HASH(alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- return( psa_driver_wrapper_hash_compute( alg, input, input_length,
- hash, hash_size, hash_length ) );
+ return psa_driver_wrapper_hash_compute(alg, input, input_length,
+ hash, hash_size, hash_length);
}
-psa_status_t psa_hash_compare( psa_algorithm_t alg,
- const uint8_t *input, size_t input_length,
- const uint8_t *hash, size_t hash_length )
+psa_status_t psa_hash_compare(psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ const uint8_t *hash, size_t hash_length)
{
uint8_t actual_hash[PSA_HASH_MAX_SIZE];
size_t actual_hash_length;
- if( !PSA_ALG_IS_HASH( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (!PSA_ALG_IS_HASH(alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
psa_status_t status = psa_driver_wrapper_hash_compute(
- alg, input, input_length,
- actual_hash, sizeof(actual_hash),
- &actual_hash_length );
- if( status != PSA_SUCCESS )
+ alg, input, input_length,
+ actual_hash, sizeof(actual_hash),
+ &actual_hash_length);
+ if (status != PSA_SUCCESS) {
goto exit;
- if( actual_hash_length != hash_length )
- {
+ }
+ if (actual_hash_length != hash_length) {
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
- if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
+ if (mbedtls_psa_safer_memcmp(hash, actual_hash, actual_hash_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
+ }
exit:
- mbedtls_platform_zeroize( actual_hash, sizeof( actual_hash ) );
- return( status );
+ mbedtls_platform_zeroize(actual_hash, sizeof(actual_hash));
+ return status;
}
-psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,
- psa_hash_operation_t *target_operation )
+psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
+ psa_hash_operation_t *target_operation)
{
- if( source_operation->id == 0 ||
- target_operation->id != 0 )
- {
- return( PSA_ERROR_BAD_STATE );
+ if (source_operation->id == 0 ||
+ target_operation->id != 0) {
+ return PSA_ERROR_BAD_STATE;
}
- psa_status_t status = psa_driver_wrapper_hash_clone( source_operation,
- target_operation );
- if( status != PSA_SUCCESS )
- psa_hash_abort( target_operation );
+ psa_status_t status = psa_driver_wrapper_hash_clone(source_operation,
+ target_operation);
+ if (status != PSA_SUCCESS) {
+ psa_hash_abort(target_operation);
+ }
- return( status );
+ return status;
}
@@ -2316,59 +2335,59 @@
/* MAC */
/****************************************************************/
-psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
+psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
{
/* Aborting a non-active operation is allowed */
- if( operation->id == 0 )
- return( PSA_SUCCESS );
+ if (operation->id == 0) {
+ return PSA_SUCCESS;
+ }
- psa_status_t status = psa_driver_wrapper_mac_abort( operation );
+ psa_status_t status = psa_driver_wrapper_mac_abort(operation);
operation->mac_size = 0;
operation->is_sign = 0;
operation->id = 0;
- return( status );
+ return status;
}
static psa_status_t psa_mac_finalize_alg_and_key_validation(
psa_algorithm_t alg,
const psa_key_attributes_t *attributes,
- uint8_t *mac_size )
+ uint8_t *mac_size)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_type_t key_type = psa_get_key_type( attributes );
- size_t key_bits = psa_get_key_bits( attributes );
+ psa_key_type_t key_type = psa_get_key_type(attributes);
+ size_t key_bits = psa_get_key_bits(attributes);
- if( ! PSA_ALG_IS_MAC( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (!PSA_ALG_IS_MAC(alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
/* Validate the combination of key type and algorithm */
- status = psa_mac_key_can_do( alg, key_type );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_mac_key_can_do(alg, key_type);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/* Get the output length for the algorithm and key combination */
- *mac_size = PSA_MAC_LENGTH( key_type, key_bits, alg );
+ *mac_size = PSA_MAC_LENGTH(key_type, key_bits, alg);
- if( *mac_size < 4 )
- {
+ if (*mac_size < 4) {
/* A very short MAC is too short for security since it can be
* brute-forced. Ancient protocols with 32-bit MACs do exist,
* so we make this our minimum, even though 32 bits is still
* too small for security. */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
- if( *mac_size > PSA_MAC_LENGTH( key_type, key_bits,
- PSA_ALG_FULL_LENGTH_MAC( alg ) ) )
- {
+ if (*mac_size > PSA_MAC_LENGTH(key_type, key_bits,
+ PSA_ALG_FULL_LENGTH_MAC(alg))) {
/* It's impossible to "truncate" to a larger length than the full length
* of the algorithm. */
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
- if( *mac_size > PSA_MAC_MAX_SIZE )
- {
+ if (*mac_size > PSA_MAC_MAX_SIZE) {
/* PSA_MAC_LENGTH returns the correct length even for a MAC algorithm
* that is disabled in the compile-time configuration. The result can
* therefore be larger than PSA_MAC_MAX_SIZE, which does take the
@@ -2378,144 +2397,142 @@
* PSA_ERROR_BUFFER_TOO_SMALL for an unsupported algorithm whose MAC size
* is larger than PSA_MAC_MAX_SIZE, which is misleading and which breaks
* systematically generated tests. */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- int is_sign )
+static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ int is_sign)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
/* A context must be freshly initialized before it can be set up. */
- if( operation->id != 0 )
- {
+ if (operation->id != 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
status = psa_get_and_lock_key_slot_with_policy(
- key,
- &slot,
- is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE,
- alg );
- if( status != PSA_SUCCESS )
+ key,
+ &slot,
+ is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE,
+ alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
psa_key_attributes_t attributes = {
.core = slot->attr
};
- status = psa_mac_finalize_alg_and_key_validation( alg, &attributes,
- &operation->mac_size );
- if( status != PSA_SUCCESS )
+ status = psa_mac_finalize_alg_and_key_validation(alg, &attributes,
+ &operation->mac_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
operation->is_sign = is_sign;
/* Dispatch the MAC setup call with validated input */
- if( is_sign )
- {
- status = psa_driver_wrapper_mac_sign_setup( operation,
- &attributes,
- slot->key.data,
- slot->key.bytes,
- alg );
- }
- else
- {
- status = psa_driver_wrapper_mac_verify_setup( operation,
- &attributes,
- slot->key.data,
- slot->key.bytes,
- alg );
+ if (is_sign) {
+ status = psa_driver_wrapper_mac_sign_setup(operation,
+ &attributes,
+ slot->key.data,
+ slot->key.bytes,
+ alg);
+ } else {
+ status = psa_driver_wrapper_mac_verify_setup(operation,
+ &attributes,
+ slot->key.data,
+ slot->key.bytes,
+ alg);
}
exit:
- if( status != PSA_SUCCESS )
- psa_mac_abort( operation );
+ if (status != PSA_SUCCESS) {
+ psa_mac_abort(operation);
+ }
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
-psa_status_t psa_mac_sign_setup( psa_mac_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg )
+psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg)
{
- return( psa_mac_setup( operation, key, alg, 1 ) );
+ return psa_mac_setup(operation, key, alg, 1);
}
-psa_status_t psa_mac_verify_setup( psa_mac_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg )
+psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg)
{
- return( psa_mac_setup( operation, key, alg, 0 ) );
+ return psa_mac_setup(operation, key, alg, 0);
}
-psa_status_t psa_mac_update( psa_mac_operation_t *operation,
- const uint8_t *input,
- size_t input_length )
+psa_status_t psa_mac_update(psa_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length)
{
- if( operation->id == 0 )
- return( PSA_ERROR_BAD_STATE );
+ if (operation->id == 0) {
+ return PSA_ERROR_BAD_STATE;
+ }
/* Don't require hash implementations to behave correctly on a
* zero-length input, which may have an invalid pointer. */
- if( input_length == 0 )
- return( PSA_SUCCESS );
+ if (input_length == 0) {
+ return PSA_SUCCESS;
+ }
- psa_status_t status = psa_driver_wrapper_mac_update( operation,
- input, input_length );
- if( status != PSA_SUCCESS )
- psa_mac_abort( operation );
+ psa_status_t status = psa_driver_wrapper_mac_update(operation,
+ input, input_length);
+ if (status != PSA_SUCCESS) {
+ psa_mac_abort(operation);
+ }
- return( status );
+ return status;
}
-psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length )
+psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( ! operation->is_sign )
- {
+ if (!operation->is_sign) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
/* Sanity check. This will guarantee that mac_size != 0 (and so mac != NULL)
* once all the error checks are done. */
- if( operation->mac_size == 0 )
- {
+ if (operation->mac_size == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( mac_size < operation->mac_size )
- {
+ if (mac_size < operation->mac_size) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
- status = psa_driver_wrapper_mac_sign_finish( operation,
- mac, operation->mac_size,
- mac_length );
+ status = psa_driver_wrapper_mac_sign_finish(operation,
+ mac, operation->mac_size,
+ mac_length);
exit:
/* In case of success, set the potential excess room in the output buffer
@@ -2524,63 +2541,60 @@
* such that in case the caller misses an error check, the output would be
* an unachievable MAC.
*/
- if( status != PSA_SUCCESS )
- {
+ if (status != PSA_SUCCESS) {
*mac_length = mac_size;
operation->mac_size = 0;
}
- if( mac_size > operation->mac_size )
- memset( &mac[operation->mac_size], '!',
- mac_size - operation->mac_size );
+ if (mac_size > operation->mac_size) {
+ memset(&mac[operation->mac_size], '!',
+ mac_size - operation->mac_size);
+ }
- abort_status = psa_mac_abort( operation );
+ abort_status = psa_mac_abort(operation);
- return( status == PSA_SUCCESS ? abort_status : status );
+ return status == PSA_SUCCESS ? abort_status : status;
}
-psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
- const uint8_t *mac,
- size_t mac_length )
+psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->is_sign )
- {
+ if (operation->is_sign) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->mac_size != mac_length )
- {
+ if (operation->mac_size != mac_length) {
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
- status = psa_driver_wrapper_mac_verify_finish( operation,
- mac, mac_length );
+ status = psa_driver_wrapper_mac_verify_finish(operation,
+ mac, mac_length);
exit:
- abort_status = psa_mac_abort( operation );
+ abort_status = psa_mac_abort(operation);
- return( status == PSA_SUCCESS ? abort_status : status );
+ return status == PSA_SUCCESS ? abort_status : status;
}
-static psa_status_t psa_mac_compute_internal( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length,
- int is_sign )
+static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length,
+ int is_sign)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -2588,34 +2602,35 @@
uint8_t operation_mac_size = 0;
status = psa_get_and_lock_key_slot_with_policy(
- key,
- &slot,
- is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE,
- alg );
- if( status != PSA_SUCCESS )
+ key,
+ &slot,
+ is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE,
+ alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
psa_key_attributes_t attributes = {
.core = slot->attr
};
- status = psa_mac_finalize_alg_and_key_validation( alg, &attributes,
- &operation_mac_size );
- if( status != PSA_SUCCESS )
+ status = psa_mac_finalize_alg_and_key_validation(alg, &attributes,
+ &operation_mac_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( mac_size < operation_mac_size )
- {
+ if (mac_size < operation_mac_size) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
status = psa_driver_wrapper_mac_compute(
- &attributes,
- slot->key.data, slot->key.bytes,
- alg,
- input, input_length,
- mac, operation_mac_size, mac_length );
+ &attributes,
+ slot->key.data, slot->key.bytes,
+ alg,
+ input, input_length,
+ mac, operation_mac_size, mac_length);
exit:
/* In case of success, set the potential excess room in the output buffer
@@ -2624,102 +2639,100 @@
* such that in case the caller misses an error check, the output would be
* an unachievable MAC.
*/
- if( status != PSA_SUCCESS )
- {
+ if (status != PSA_SUCCESS) {
*mac_length = mac_size;
operation_mac_size = 0;
}
- if( mac_size > operation_mac_size )
- memset( &mac[operation_mac_size], '!', mac_size - operation_mac_size );
+ if (mac_size > operation_mac_size) {
+ memset(&mac[operation_mac_size], '!', mac_size - operation_mac_size);
+ }
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
-psa_status_t psa_mac_compute( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length)
-{
- return( psa_mac_compute_internal( key, alg,
- input, input_length,
- mac, mac_size, mac_length, 1 ) );
-}
-
-psa_status_t psa_mac_verify( mbedtls_svc_key_id_t key,
+psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
- const uint8_t *mac,
- size_t mac_length)
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length)
+{
+ return psa_mac_compute_internal(key, alg,
+ input, input_length,
+ mac, mac_size, mac_length, 1);
+}
+
+psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *mac,
+ size_t mac_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t actual_mac[PSA_MAC_MAX_SIZE];
size_t actual_mac_length;
- status = psa_mac_compute_internal( key, alg,
- input, input_length,
- actual_mac, sizeof( actual_mac ),
- &actual_mac_length, 0 );
- if( status != PSA_SUCCESS )
+ status = psa_mac_compute_internal(key, alg,
+ input, input_length,
+ actual_mac, sizeof(actual_mac),
+ &actual_mac_length, 0);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( mac_length != actual_mac_length )
- {
+ if (mac_length != actual_mac_length) {
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
- if( mbedtls_psa_safer_memcmp( mac, actual_mac, actual_mac_length ) != 0 )
- {
+ if (mbedtls_psa_safer_memcmp(mac, actual_mac, actual_mac_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
exit:
- mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
+ mbedtls_platform_zeroize(actual_mac, sizeof(actual_mac));
- return ( status );
+ return status;
}
/****************************************************************/
/* Asymmetric cryptography */
/****************************************************************/
-static psa_status_t psa_sign_verify_check_alg( int input_is_message,
- psa_algorithm_t alg )
+static psa_status_t psa_sign_verify_check_alg(int input_is_message,
+ psa_algorithm_t alg)
{
- if( input_is_message )
- {
- if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (input_is_message) {
+ if (!PSA_ALG_IS_SIGN_MESSAGE(alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- if ( PSA_ALG_IS_SIGN_HASH( alg ) )
- {
- if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (PSA_ALG_IS_SIGN_HASH(alg)) {
+ if (!PSA_ALG_IS_HASH(PSA_ALG_SIGN_GET_HASH(alg))) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ }
+ } else {
+ if (!PSA_ALG_IS_SIGN_HASH(alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
- else
- {
- if( ! PSA_ALG_IS_SIGN_HASH( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
- }
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key,
- int input_is_message,
- psa_algorithm_t alg,
- const uint8_t * input,
- size_t input_length,
- uint8_t * signature,
- size_t signature_size,
- size_t * signature_length )
+static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key,
+ int input_is_message,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -2727,50 +2740,49 @@
*signature_length = 0;
- status = psa_sign_verify_check_alg( input_is_message, alg );
- if( status != PSA_SUCCESS )
+ status = psa_sign_verify_check_alg(input_is_message, alg);
+ if (status != PSA_SUCCESS) {
return status;
+ }
/* Immediately reject a zero-length signature buffer. This guarantees
* that signature must be a valid pointer. (On the other hand, the input
* buffer can in principle be empty since it doesn't actually have
* to be a hash.) */
- if( signature_size == 0 )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (signature_size == 0) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
status = psa_get_and_lock_key_slot_with_policy(
- key, &slot,
- input_is_message ? PSA_KEY_USAGE_SIGN_MESSAGE :
- PSA_KEY_USAGE_SIGN_HASH,
- alg );
+ key, &slot,
+ input_is_message ? PSA_KEY_USAGE_SIGN_MESSAGE :
+ PSA_KEY_USAGE_SIGN_HASH,
+ alg);
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) )
- {
+ if (!PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
psa_key_attributes_t attributes = {
- .core = slot->attr
+ .core = slot->attr
};
- if( input_is_message )
- {
+ if (input_is_message) {
status = psa_driver_wrapper_sign_message(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length,
- signature, signature_size, signature_length );
- }
- else
- {
+ signature, signature_size, signature_length);
+ } else {
status = psa_driver_wrapper_sign_hash(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length,
- signature, signature_size, signature_length );
+ signature, signature_size, signature_length);
}
@@ -2779,66 +2791,66 @@
* the trailing part on success) with something that isn't a valid signature
* (barring an attack on the signature and deliberately-crafted input),
* in case the caller doesn't check the return status properly. */
- if( status == PSA_SUCCESS )
- memset( signature + *signature_length, '!',
- signature_size - *signature_length );
- else
- memset( signature, '!', signature_size );
+ if (status == PSA_SUCCESS) {
+ memset(signature + *signature_length, '!',
+ signature_size - *signature_length);
+ } else {
+ memset(signature, '!', signature_size);
+ }
/* If signature_size is 0 then we have nothing to do. We must not call
* memset because signature may be NULL in this case. */
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
-static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key,
- int input_is_message,
- psa_algorithm_t alg,
- const uint8_t * input,
- size_t input_length,
- const uint8_t * signature,
- size_t signature_length )
+static psa_status_t psa_verify_internal(mbedtls_svc_key_id_t key,
+ int input_is_message,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *signature,
+ size_t signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
- status = psa_sign_verify_check_alg( input_is_message, alg );
- if( status != PSA_SUCCESS )
+ status = psa_sign_verify_check_alg(input_is_message, alg);
+ if (status != PSA_SUCCESS) {
return status;
+ }
status = psa_get_and_lock_key_slot_with_policy(
- key, &slot,
- input_is_message ? PSA_KEY_USAGE_VERIFY_MESSAGE :
- PSA_KEY_USAGE_VERIFY_HASH,
- alg );
+ key, &slot,
+ input_is_message ? PSA_KEY_USAGE_VERIFY_MESSAGE :
+ PSA_KEY_USAGE_VERIFY_HASH,
+ alg);
- if( status != PSA_SUCCESS )
- return( status );
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
psa_key_attributes_t attributes = {
- .core = slot->attr
+ .core = slot->attr
};
- if( input_is_message )
- {
+ if (input_is_message) {
status = psa_driver_wrapper_verify_message(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length,
- signature, signature_length );
- }
- else
- {
+ signature, signature_length);
+ } else {
status = psa_driver_wrapper_verify_hash(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length,
- signature, signature_length );
+ signature, signature_length);
}
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
@@ -2851,43 +2863,43 @@
size_t input_length,
uint8_t *signature,
size_t signature_size,
- size_t *signature_length )
+ size_t *signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if ( PSA_ALG_IS_SIGN_HASH( alg ) )
- {
+ if (PSA_ALG_IS_SIGN_HASH(alg)) {
size_t hash_length;
uint8_t hash[PSA_HASH_MAX_SIZE];
status = psa_driver_wrapper_hash_compute(
- PSA_ALG_SIGN_GET_HASH( alg ),
- input, input_length,
- hash, sizeof( hash ), &hash_length );
+ PSA_ALG_SIGN_GET_HASH(alg),
+ input, input_length,
+ hash, sizeof(hash), &hash_length);
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
return status;
+ }
return psa_driver_wrapper_sign_hash(
- attributes, key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length );
+ attributes, key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length);
}
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
-psa_status_t psa_sign_message( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t * input,
- size_t input_length,
- uint8_t * signature,
- size_t signature_size,
- size_t * signature_length )
+psa_status_t psa_sign_message(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length)
{
return psa_sign_internal(
key, 1, alg, input, input_length,
- signature, signature_size, signature_length );
+ signature, signature_size, signature_length);
}
psa_status_t psa_verify_message_builtin(
@@ -2898,202 +2910,184 @@
const uint8_t *input,
size_t input_length,
const uint8_t *signature,
- size_t signature_length )
+ size_t signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if ( PSA_ALG_IS_SIGN_HASH( alg ) )
- {
+ if (PSA_ALG_IS_SIGN_HASH(alg)) {
size_t hash_length;
uint8_t hash[PSA_HASH_MAX_SIZE];
status = psa_driver_wrapper_hash_compute(
- PSA_ALG_SIGN_GET_HASH( alg ),
- input, input_length,
- hash, sizeof( hash ), &hash_length );
+ PSA_ALG_SIGN_GET_HASH(alg),
+ input, input_length,
+ hash, sizeof(hash), &hash_length);
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
return status;
+ }
return psa_driver_wrapper_verify_hash(
- attributes, key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length );
+ attributes, key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length);
}
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
-psa_status_t psa_verify_message( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t * input,
- size_t input_length,
- const uint8_t * signature,
- size_t signature_length )
+psa_status_t psa_verify_message(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *signature,
+ size_t signature_length)
{
return psa_verify_internal(
key, 1, alg, input, input_length,
- signature, signature_length );
+ signature, signature_length);
}
psa_status_t psa_sign_hash_builtin(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length )
+ uint8_t *signature, size_t signature_size, size_t *signature_length)
{
- if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
- {
- if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
- PSA_ALG_IS_RSA_PSS( alg) )
- {
+ if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
+ if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
+ PSA_ALG_IS_RSA_PSS(alg)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
- return( mbedtls_psa_rsa_sign_hash(
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length ) );
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
+ return mbedtls_psa_rsa_sign_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length);
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
+ } else {
+ return PSA_ERROR_INVALID_ARGUMENT;
}
- else
- {
- return( PSA_ERROR_INVALID_ARGUMENT );
- }
- }
- else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
- {
- if( PSA_ALG_IS_ECDSA( alg ) )
- {
+ } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
+ if (PSA_ALG_IS_ECDSA(alg)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
- return( mbedtls_psa_ecdsa_sign_hash(
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length ) );
+ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
+ return mbedtls_psa_ecdsa_sign_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length);
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
- }
- else
- {
- return( PSA_ERROR_INVALID_ARGUMENT );
+ } else {
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
- (void)key_buffer;
- (void)key_buffer_size;
- (void)hash;
- (void)hash_length;
- (void)signature;
- (void)signature_size;
- (void)signature_length;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) hash;
+ (void) hash_length;
+ (void) signature;
+ (void) signature_size;
+ (void) signature_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
-psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length )
+psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length)
{
return psa_sign_internal(
key, 0, alg, hash, hash_length,
- signature, signature_size, signature_length );
+ signature, signature_size, signature_length);
}
psa_status_t psa_verify_hash_builtin(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length )
+ const uint8_t *signature, size_t signature_length)
{
- if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
- {
- if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
- PSA_ALG_IS_RSA_PSS( alg) )
- {
+ if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) {
+ if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
+ PSA_ALG_IS_RSA_PSS(alg)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
- return( mbedtls_psa_rsa_verify_hash(
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length ) );
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
+ return mbedtls_psa_rsa_verify_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length);
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
+ } else {
+ return PSA_ERROR_INVALID_ARGUMENT;
}
- else
- {
- return( PSA_ERROR_INVALID_ARGUMENT );
- }
- }
- else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
- {
- if( PSA_ALG_IS_ECDSA( alg ) )
- {
+ } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
+ if (PSA_ALG_IS_ECDSA(alg)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
- return( mbedtls_psa_ecdsa_verify_hash(
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length ) );
+ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
+ return mbedtls_psa_ecdsa_verify_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length);
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
- }
- else
- {
- return( PSA_ERROR_INVALID_ARGUMENT );
+ } else {
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
- (void)key_buffer;
- (void)key_buffer_size;
- (void)hash;
- (void)hash_length;
- (void)signature;
- (void)signature_length;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) hash;
+ (void) hash_length;
+ (void) signature;
+ (void) signature_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
-psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length )
+psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length)
{
return psa_verify_internal(
key, 0, alg, hash, hash_length,
- signature, signature_length );
+ signature, signature_length);
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
-static void psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg,
- mbedtls_rsa_context *rsa )
+static void psa_rsa_oaep_set_padding_mode(psa_algorithm_t alg,
+ mbedtls_rsa_context *rsa)
{
- psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH( alg );
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
- mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
+ psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH(alg);
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa(hash_alg);
+ mbedtls_md_type_t md_alg = mbedtls_md_get_type(md_info);
+ mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_alg);
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
-psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *salt,
- size_t salt_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length )
+psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -3107,107 +3101,101 @@
*output_length = 0;
- if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (!PSA_ALG_IS_RSA_OAEP(alg) && salt_length != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
status = psa_get_and_lock_transparent_key_slot_with_policy(
- key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
- if( status != PSA_SUCCESS )
- return( status );
- if( ! ( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) ||
- PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) )
- {
+ key, &slot, PSA_KEY_USAGE_ENCRYPT, alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ if (!(PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type) ||
+ PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type))) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
- if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
- {
+ if (PSA_KEY_TYPE_IS_RSA(slot->attr.type)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
mbedtls_rsa_context *rsa = NULL;
- status = mbedtls_psa_rsa_load_representation( slot->attr.type,
- slot->key.data,
- slot->key.bytes,
- &rsa );
- if( status != PSA_SUCCESS )
+ status = mbedtls_psa_rsa_load_representation(slot->attr.type,
+ slot->key.data,
+ slot->key.bytes,
+ &rsa);
+ if (status != PSA_SUCCESS) {
goto rsa_exit;
+ }
- if( output_size < mbedtls_rsa_get_len( rsa ) )
- {
+ if (output_size < mbedtls_rsa_get_len(rsa)) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto rsa_exit;
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
- if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
- {
+ if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
status = mbedtls_to_psa_error(
- mbedtls_rsa_pkcs1_encrypt( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PUBLIC,
- input_length,
- input,
- output ) );
+ mbedtls_rsa_pkcs1_encrypt(rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ MBEDTLS_RSA_PUBLIC,
+ input_length,
+ input,
+ output));
#else
status = PSA_ERROR_NOT_SUPPORTED;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
- }
- else
- if( PSA_ALG_IS_RSA_OAEP( alg ) )
- {
+ } else
+ if (PSA_ALG_IS_RSA_OAEP(alg)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
- psa_rsa_oaep_set_padding_mode( alg, rsa );
+ psa_rsa_oaep_set_padding_mode(alg, rsa);
status = mbedtls_to_psa_error(
- mbedtls_rsa_rsaes_oaep_encrypt( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PUBLIC,
- salt, salt_length,
- input_length,
- input,
- output ) );
+ mbedtls_rsa_rsaes_oaep_encrypt(rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ MBEDTLS_RSA_PUBLIC,
+ salt, salt_length,
+ input_length,
+ input,
+ output));
#else
status = PSA_ERROR_NOT_SUPPORTED;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
- }
- else
- {
+ } else {
status = PSA_ERROR_INVALID_ARGUMENT;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
rsa_exit:
- if( status == PSA_SUCCESS )
- *output_length = mbedtls_rsa_get_len( rsa );
+ if (status == PSA_SUCCESS) {
+ *output_length = mbedtls_rsa_get_len(rsa);
+ }
- mbedtls_rsa_free( rsa );
- mbedtls_free( rsa );
+ mbedtls_rsa_free(rsa);
+ mbedtls_free(rsa);
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
- }
- else
- {
+ } else {
status = PSA_ERROR_NOT_SUPPORTED;
}
exit:
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
-psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *salt,
- size_t salt_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length )
+psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -3221,96 +3209,89 @@
*output_length = 0;
- if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (!PSA_ALG_IS_RSA_OAEP(alg) && salt_length != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
status = psa_get_and_lock_transparent_key_slot_with_policy(
- key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
- if( status != PSA_SUCCESS )
- return( status );
- if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) )
- {
+ key, &slot, PSA_KEY_USAGE_DECRYPT, alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ if (!PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
- if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
- {
+ if (slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
mbedtls_rsa_context *rsa = NULL;
- status = mbedtls_psa_rsa_load_representation( slot->attr.type,
- slot->key.data,
- slot->key.bytes,
- &rsa );
- if( status != PSA_SUCCESS )
+ status = mbedtls_psa_rsa_load_representation(slot->attr.type,
+ slot->key.data,
+ slot->key.bytes,
+ &rsa);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( input_length != mbedtls_rsa_get_len( rsa ) )
- {
+ if (input_length != mbedtls_rsa_get_len(rsa)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto rsa_exit;
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
- if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
- {
+ if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
status = mbedtls_to_psa_error(
- mbedtls_rsa_pkcs1_decrypt( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PRIVATE,
- output_length,
- input,
- output,
- output_size ) );
+ mbedtls_rsa_pkcs1_decrypt(rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ MBEDTLS_RSA_PRIVATE,
+ output_length,
+ input,
+ output,
+ output_size));
#else
status = PSA_ERROR_NOT_SUPPORTED;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
- }
- else
- if( PSA_ALG_IS_RSA_OAEP( alg ) )
- {
+ } else
+ if (PSA_ALG_IS_RSA_OAEP(alg)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
- psa_rsa_oaep_set_padding_mode( alg, rsa );
+ psa_rsa_oaep_set_padding_mode(alg, rsa);
status = mbedtls_to_psa_error(
- mbedtls_rsa_rsaes_oaep_decrypt( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PRIVATE,
- salt, salt_length,
- output_length,
- input,
- output,
- output_size ) );
+ mbedtls_rsa_rsaes_oaep_decrypt(rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ MBEDTLS_RSA_PRIVATE,
+ salt, salt_length,
+ output_length,
+ input,
+ output,
+ output_size));
#else
status = PSA_ERROR_NOT_SUPPORTED;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
- }
- else
- {
+ } else {
status = PSA_ERROR_INVALID_ARGUMENT;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
rsa_exit:
- mbedtls_rsa_free( rsa );
- mbedtls_free( rsa );
+ mbedtls_rsa_free(rsa);
+ mbedtls_free(rsa);
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
- }
- else
- {
+ } else {
status = PSA_ERROR_NOT_SUPPORTED;
}
exit:
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
@@ -3319,279 +3300,268 @@
/* Symmetric cryptography */
/****************************************************************/
-static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- mbedtls_operation_t cipher_operation )
+static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ mbedtls_operation_t cipher_operation)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
- psa_key_usage_t usage = ( cipher_operation == MBEDTLS_ENCRYPT ?
- PSA_KEY_USAGE_ENCRYPT :
- PSA_KEY_USAGE_DECRYPT );
+ psa_key_usage_t usage = (cipher_operation == MBEDTLS_ENCRYPT ?
+ PSA_KEY_USAGE_ENCRYPT :
+ PSA_KEY_USAGE_DECRYPT);
/* A context must be freshly initialized before it can be set up. */
- if( operation->id != 0 )
- {
+ if (operation->id != 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( ! PSA_ALG_IS_CIPHER( alg ) )
- {
+ if (!PSA_ALG_IS_CIPHER(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
- status = psa_get_and_lock_key_slot_with_policy( key, &slot, usage, alg );
- if( status != PSA_SUCCESS )
+ status = psa_get_and_lock_key_slot_with_policy(key, &slot, usage, alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* Initialize the operation struct members, except for id. The id member
* is used to indicate to psa_cipher_abort that there are resources to free,
* so we only set it (in the driver wrapper) after resources have been
* allocated/initialized. */
operation->iv_set = 0;
- if( alg == PSA_ALG_ECB_NO_PADDING )
+ if (alg == PSA_ALG_ECB_NO_PADDING) {
operation->iv_required = 0;
- else if( slot->attr.type == PSA_KEY_TYPE_ARC4 )
+ } else if (slot->attr.type == PSA_KEY_TYPE_ARC4) {
operation->iv_required = 0;
- else
+ } else {
operation->iv_required = 1;
- operation->default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg );
+ }
+ operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
psa_key_attributes_t attributes = {
- .core = slot->attr
+ .core = slot->attr
};
/* Try doing the operation through a driver before using software fallback. */
- if( cipher_operation == MBEDTLS_ENCRYPT )
- status = psa_driver_wrapper_cipher_encrypt_setup( operation,
- &attributes,
- slot->key.data,
- slot->key.bytes,
- alg );
- else
- status = psa_driver_wrapper_cipher_decrypt_setup( operation,
- &attributes,
- slot->key.data,
- slot->key.bytes,
- alg );
+ if (cipher_operation == MBEDTLS_ENCRYPT) {
+ status = psa_driver_wrapper_cipher_encrypt_setup(operation,
+ &attributes,
+ slot->key.data,
+ slot->key.bytes,
+ alg);
+ } else {
+ status = psa_driver_wrapper_cipher_decrypt_setup(operation,
+ &attributes,
+ slot->key.data,
+ slot->key.bytes,
+ alg);
+ }
exit:
- if( status != PSA_SUCCESS )
- psa_cipher_abort( operation );
+ if (status != PSA_SUCCESS) {
+ psa_cipher_abort(operation);
+ }
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
-psa_status_t psa_cipher_encrypt_setup( psa_cipher_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg )
+psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg)
{
- return( psa_cipher_setup( operation, key, alg, MBEDTLS_ENCRYPT ) );
+ return psa_cipher_setup(operation, key, alg, MBEDTLS_ENCRYPT);
}
-psa_status_t psa_cipher_decrypt_setup( psa_cipher_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg )
+psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg)
{
- return( psa_cipher_setup( operation, key, alg, MBEDTLS_DECRYPT ) );
+ return psa_cipher_setup(operation, key, alg, MBEDTLS_DECRYPT);
}
-psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
- uint8_t *iv,
- size_t iv_size,
- size_t *iv_length )
+psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
+ uint8_t *iv,
+ size_t iv_size,
+ size_t *iv_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
size_t default_iv_length;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->iv_set || ! operation->iv_required )
- {
+ if (operation->iv_set || !operation->iv_required) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
default_iv_length = operation->default_iv_length;
- if( iv_size < default_iv_length )
- {
+ if (iv_size < default_iv_length) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
- if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE )
- {
+ if (default_iv_length > PSA_CIPHER_IV_MAX_SIZE) {
status = PSA_ERROR_GENERIC_ERROR;
goto exit;
}
- status = psa_generate_random( local_iv, default_iv_length );
- if( status != PSA_SUCCESS )
+ status = psa_generate_random(local_iv, default_iv_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_driver_wrapper_cipher_set_iv( operation,
- local_iv, default_iv_length );
+ status = psa_driver_wrapper_cipher_set_iv(operation,
+ local_iv, default_iv_length);
exit:
- if( status == PSA_SUCCESS )
- {
- memcpy( iv, local_iv, default_iv_length );
+ if (status == PSA_SUCCESS) {
+ memcpy(iv, local_iv, default_iv_length);
*iv_length = default_iv_length;
operation->iv_set = 1;
- }
- else
- {
+ } else {
*iv_length = 0;
- psa_cipher_abort( operation );
+ psa_cipher_abort(operation);
}
- return( status );
+ return status;
}
-psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
- const uint8_t *iv,
- size_t iv_length )
+psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
+ const uint8_t *iv,
+ size_t iv_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->iv_set || ! operation->iv_required )
- {
+ if (operation->iv_set || !operation->iv_required) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( iv_length > PSA_CIPHER_IV_MAX_SIZE )
- {
+ if (iv_length > PSA_CIPHER_IV_MAX_SIZE) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
- status = psa_driver_wrapper_cipher_set_iv( operation,
- iv,
- iv_length );
+ status = psa_driver_wrapper_cipher_set_iv(operation,
+ iv,
+ iv_length);
exit:
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
operation->iv_set = 1;
- else
- psa_cipher_abort( operation );
- return( status );
+ } else {
+ psa_cipher_abort(operation);
+ }
+ return status;
}
-psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length )
+psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->iv_required && ! operation->iv_set )
- {
+ if (operation->iv_required && !operation->iv_set) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- status = psa_driver_wrapper_cipher_update( operation,
- input,
- input_length,
- output,
- output_size,
- output_length );
+ status = psa_driver_wrapper_cipher_update(operation,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length);
exit:
- if( status != PSA_SUCCESS )
- psa_cipher_abort( operation );
+ if (status != PSA_SUCCESS) {
+ psa_cipher_abort(operation);
+ }
- return( status );
+ return status;
}
-psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
- uint8_t *output,
- size_t output_size,
- size_t *output_length )
+psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->iv_required && ! operation->iv_set )
- {
+ if (operation->iv_required && !operation->iv_set) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- status = psa_driver_wrapper_cipher_finish( operation,
- output,
- output_size,
- output_length );
+ status = psa_driver_wrapper_cipher_finish(operation,
+ output,
+ output_size,
+ output_length);
exit:
- if( status == PSA_SUCCESS )
- return( psa_cipher_abort( operation ) );
- else
- {
+ if (status == PSA_SUCCESS) {
+ return psa_cipher_abort(operation);
+ } else {
*output_length = 0;
- (void) psa_cipher_abort( operation );
+ (void) psa_cipher_abort(operation);
- return( status );
+ return status;
}
}
-psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation )
+psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
{
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
/* The object has (apparently) been initialized but it is not (yet)
* in use. It's ok to call abort on such an object, and there's
* nothing to do. */
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
- psa_driver_wrapper_cipher_abort( operation );
+ psa_driver_wrapper_cipher_abort(operation);
operation->id = 0;
operation->iv_set = 0;
operation->iv_required = 0;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length )
+psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -3599,95 +3569,93 @@
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
size_t default_iv_length = 0;
- if( ! PSA_ALG_IS_CIPHER( alg ) )
- {
+ if (!PSA_ALG_IS_CIPHER(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
- status = psa_get_and_lock_key_slot_with_policy( key, &slot,
- PSA_KEY_USAGE_ENCRYPT,
- alg );
- if( status != PSA_SUCCESS )
+ status = psa_get_and_lock_key_slot_with_policy(key, &slot,
+ PSA_KEY_USAGE_ENCRYPT,
+ alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
psa_key_attributes_t attributes = {
- .core = slot->attr
+ .core = slot->attr
};
- default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg );
- if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE )
- {
+ default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
+ if (default_iv_length > PSA_CIPHER_IV_MAX_SIZE) {
status = PSA_ERROR_GENERIC_ERROR;
goto exit;
}
- if( default_iv_length > 0 )
- {
- if( output_size < default_iv_length )
- {
+ if (default_iv_length > 0) {
+ if (output_size < default_iv_length) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
- status = psa_generate_random( local_iv, default_iv_length );
- if( status != PSA_SUCCESS )
+ status = psa_generate_random(local_iv, default_iv_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
}
status = psa_driver_wrapper_cipher_encrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, local_iv, default_iv_length, input, input_length,
- mbedtls_buffer_offset( output, default_iv_length ),
- output_size - default_iv_length, output_length );
+ mbedtls_buffer_offset(output, default_iv_length),
+ output_size - default_iv_length, output_length);
exit:
- unlock_status = psa_unlock_key_slot( slot );
- if( status == PSA_SUCCESS )
+ unlock_status = psa_unlock_key_slot(slot);
+ if (status == PSA_SUCCESS) {
status = unlock_status;
-
- if( status == PSA_SUCCESS )
- {
- if( default_iv_length > 0 )
- memcpy( output, local_iv, default_iv_length );
- *output_length += default_iv_length;
}
- else
- *output_length = 0;
- return( status );
+ if (status == PSA_SUCCESS) {
+ if (default_iv_length > 0) {
+ memcpy(output, local_iv, default_iv_length);
+ }
+ *output_length += default_iv_length;
+ } else {
+ *output_length = 0;
+ }
+
+ return status;
}
-psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length )
+psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
- if( ! PSA_ALG_IS_CIPHER( alg ) )
- {
+ if (!PSA_ALG_IS_CIPHER(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
- status = psa_get_and_lock_key_slot_with_policy( key, &slot,
- PSA_KEY_USAGE_DECRYPT,
- alg );
- if( status != PSA_SUCCESS )
+ status = psa_get_and_lock_key_slot_with_policy(key, &slot,
+ PSA_KEY_USAGE_DECRYPT,
+ alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
psa_key_attributes_t attributes = {
- .core = slot->attr
+ .core = slot->attr
};
- if( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) )
- {
+ if (input_length < PSA_CIPHER_IV_LENGTH(slot->attr.type, alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
@@ -3695,17 +3663,19 @@
status = psa_driver_wrapper_cipher_decrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length,
- output, output_size, output_length );
+ output, output_size, output_length);
exit:
- unlock_status = psa_unlock_key_slot( slot );
- if( status == PSA_SUCCESS )
+ unlock_status = psa_unlock_key_slot(slot);
+ if (status == PSA_SUCCESS) {
status = unlock_status;
+ }
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
*output_length = 0;
+ }
- return( status );
+ return status;
}
@@ -3713,33 +3683,35 @@
/* AEAD */
/****************************************************************/
-psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *nonce,
- size_t nonce_length,
- const uint8_t *additional_data,
- size_t additional_data_length,
- const uint8_t *plaintext,
- size_t plaintext_length,
- uint8_t *ciphertext,
- size_t ciphertext_size,
- size_t *ciphertext_length )
+psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *nonce,
+ size_t nonce_length,
+ const uint8_t *additional_data,
+ size_t additional_data_length,
+ const uint8_t *plaintext,
+ size_t plaintext_length,
+ uint8_t *ciphertext,
+ size_t ciphertext_size,
+ size_t *ciphertext_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
*ciphertext_length = 0;
- if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (!PSA_ALG_IS_AEAD(alg) || PSA_ALG_IS_WILDCARD(alg)) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
status = psa_get_and_lock_key_slot_with_policy(
- key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
- if( status != PSA_SUCCESS )
- return( status );
+ key, &slot, PSA_KEY_USAGE_ENCRYPT, alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
psa_key_attributes_t attributes = {
- .core = slot->attr
+ .core = slot->attr
};
status = psa_driver_wrapper_aead_encrypt(
@@ -3748,43 +3720,46 @@
nonce, nonce_length,
additional_data, additional_data_length,
plaintext, plaintext_length,
- ciphertext, ciphertext_size, ciphertext_length );
+ ciphertext, ciphertext_size, ciphertext_length);
- if( status != PSA_SUCCESS && ciphertext_size != 0 )
- memset( ciphertext, 0, ciphertext_size );
+ if (status != PSA_SUCCESS && ciphertext_size != 0) {
+ memset(ciphertext, 0, ciphertext_size);
+ }
- psa_unlock_key_slot( slot );
+ psa_unlock_key_slot(slot);
- return( status );
+ return status;
}
-psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *nonce,
- size_t nonce_length,
- const uint8_t *additional_data,
- size_t additional_data_length,
- const uint8_t *ciphertext,
- size_t ciphertext_length,
- uint8_t *plaintext,
- size_t plaintext_size,
- size_t *plaintext_length )
+psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *nonce,
+ size_t nonce_length,
+ const uint8_t *additional_data,
+ size_t additional_data_length,
+ const uint8_t *ciphertext,
+ size_t ciphertext_length,
+ uint8_t *plaintext,
+ size_t plaintext_size,
+ size_t *plaintext_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
*plaintext_length = 0;
- if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (!PSA_ALG_IS_AEAD(alg) || PSA_ALG_IS_WILDCARD(alg)) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
status = psa_get_and_lock_key_slot_with_policy(
- key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
- if( status != PSA_SUCCESS )
- return( status );
+ key, &slot, PSA_KEY_USAGE_DECRYPT, alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
psa_key_attributes_t attributes = {
- .core = slot->attr
+ .core = slot->attr
};
status = psa_driver_wrapper_aead_decrypt(
@@ -3793,14 +3768,15 @@
nonce, nonce_length,
additional_data, additional_data_length,
ciphertext, ciphertext_length,
- plaintext, plaintext_size, plaintext_length );
+ plaintext, plaintext_size, plaintext_length);
- if( status != PSA_SUCCESS && plaintext_size != 0 )
- memset( plaintext, 0, plaintext_size );
+ if (status != PSA_SUCCESS && plaintext_size != 0) {
+ memset(plaintext, 0, plaintext_size);
+ }
- psa_unlock_key_slot( slot );
+ psa_unlock_key_slot(slot);
- return( status );
+ return status;
}
/****************************************************************/
@@ -3820,24 +3796,24 @@
psa_mac_operation_t *operation,
psa_algorithm_t hash_alg,
const uint8_t *hmac_key,
- size_t hmac_key_length )
+ size_t hmac_key_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
- psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( hmac_key_length ) );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
+ psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(hmac_key_length));
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
operation->is_sign = 1;
- operation->mac_size = PSA_HASH_LENGTH( hash_alg );
+ operation->mac_size = PSA_HASH_LENGTH(hash_alg);
- status = psa_driver_wrapper_mac_sign_setup( operation,
- &attributes,
- hmac_key, hmac_key_length,
- PSA_ALG_HMAC( hash_alg ) );
+ status = psa_driver_wrapper_mac_sign_setup(operation,
+ &attributes,
+ hmac_key, hmac_key_length,
+ PSA_ALG_HMAC(hash_alg));
- psa_reset_key_attributes( &attributes );
- return( status );
+ psa_reset_key_attributes(&attributes);
+ return status;
}
#endif /* KDF algorithms reliant on HMAC */
@@ -3847,172 +3823,172 @@
#define HKDF_STATE_OUTPUT 3 /* output started */
static psa_algorithm_t psa_key_derivation_get_kdf_alg(
- const psa_key_derivation_operation_t *operation )
+ const psa_key_derivation_operation_t *operation)
{
- if ( PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
- return( PSA_ALG_KEY_AGREEMENT_GET_KDF( operation->alg ) );
- else
- return( operation->alg );
+ if (PSA_ALG_IS_KEY_AGREEMENT(operation->alg)) {
+ return PSA_ALG_KEY_AGREEMENT_GET_KDF(operation->alg);
+ } else {
+ return operation->alg;
+ }
}
-psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation )
+psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
{
psa_status_t status = PSA_SUCCESS;
- psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
- if( kdf_alg == 0 )
- {
+ psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation);
+ if (kdf_alg == 0) {
/* The object has (apparently) been initialized but it is not
* in use. It's ok to call abort on such an object, and there's
* nothing to do. */
- }
- else
+ } else
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
- if( PSA_ALG_IS_HKDF( kdf_alg ) )
- {
- mbedtls_free( operation->ctx.hkdf.info );
- status = psa_mac_abort( &operation->ctx.hkdf.hmac );
- }
- else
+ if (PSA_ALG_IS_HKDF(kdf_alg)) {
+ mbedtls_free(operation->ctx.hkdf.info);
+ status = psa_mac_abort(&operation->ctx.hkdf.hmac);
+ } else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
- if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
- /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */
- PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
- {
- if( operation->ctx.tls12_prf.secret != NULL )
- {
- mbedtls_platform_zeroize( operation->ctx.tls12_prf.secret,
- operation->ctx.tls12_prf.secret_length );
- mbedtls_free( operation->ctx.tls12_prf.secret );
+ if (PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
+ /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */
+ PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
+ if (operation->ctx.tls12_prf.secret != NULL) {
+ mbedtls_platform_zeroize(operation->ctx.tls12_prf.secret,
+ operation->ctx.tls12_prf.secret_length);
+ mbedtls_free(operation->ctx.tls12_prf.secret);
}
- if( operation->ctx.tls12_prf.seed != NULL )
- {
- mbedtls_platform_zeroize( operation->ctx.tls12_prf.seed,
- operation->ctx.tls12_prf.seed_length );
- mbedtls_free( operation->ctx.tls12_prf.seed );
+ if (operation->ctx.tls12_prf.seed != NULL) {
+ mbedtls_platform_zeroize(operation->ctx.tls12_prf.seed,
+ operation->ctx.tls12_prf.seed_length);
+ mbedtls_free(operation->ctx.tls12_prf.seed);
}
- if( operation->ctx.tls12_prf.label != NULL )
- {
- mbedtls_platform_zeroize( operation->ctx.tls12_prf.label,
- operation->ctx.tls12_prf.label_length );
- mbedtls_free( operation->ctx.tls12_prf.label );
+ if (operation->ctx.tls12_prf.label != NULL) {
+ mbedtls_platform_zeroize(operation->ctx.tls12_prf.label,
+ operation->ctx.tls12_prf.label_length);
+ mbedtls_free(operation->ctx.tls12_prf.label);
}
status = PSA_SUCCESS;
/* We leave the fields Ai and output_block to be erased safely by the
* mbedtls_platform_zeroize() in the end of this function. */
- }
- else
+ } else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) */
{
status = PSA_ERROR_BAD_STATE;
}
- mbedtls_platform_zeroize( operation, sizeof( *operation ) );
- return( status );
+ mbedtls_platform_zeroize(operation, sizeof(*operation));
+ return status;
}
psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation,
- size_t *capacity)
+ size_t *capacity)
{
- if( operation->alg == 0 )
- {
+ if (operation->alg == 0) {
/* This is a blank key derivation operation. */
- return( PSA_ERROR_BAD_STATE );
+ return PSA_ERROR_BAD_STATE;
}
*capacity = operation->capacity;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *operation,
- size_t capacity )
+psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *operation,
+ size_t capacity)
{
- if( operation->alg == 0 )
- return( PSA_ERROR_BAD_STATE );
- if( capacity > operation->capacity )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (operation->alg == 0) {
+ return PSA_ERROR_BAD_STATE;
+ }
+ if (capacity > operation->capacity) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
operation->capacity = capacity;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
/* Read some bytes from an HKDF-based operation. This performs a chunk
* of the expand phase of the HKDF algorithm. */
-static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf,
- psa_algorithm_t hash_alg,
- uint8_t *output,
- size_t output_length )
+static psa_status_t psa_key_derivation_hkdf_read(psa_hkdf_key_derivation_t *hkdf,
+ psa_algorithm_t hash_alg,
+ uint8_t *output,
+ size_t output_length)
{
- uint8_t hash_length = PSA_HASH_LENGTH( hash_alg );
+ uint8_t hash_length = PSA_HASH_LENGTH(hash_alg);
size_t hmac_output_length;
psa_status_t status;
- if( hkdf->state < HKDF_STATE_KEYED || ! hkdf->info_set )
- return( PSA_ERROR_BAD_STATE );
+ if (hkdf->state < HKDF_STATE_KEYED || !hkdf->info_set) {
+ return PSA_ERROR_BAD_STATE;
+ }
hkdf->state = HKDF_STATE_OUTPUT;
- while( output_length != 0 )
- {
+ while (output_length != 0) {
/* Copy what remains of the current block */
uint8_t n = hash_length - hkdf->offset_in_block;
- if( n > output_length )
+ if (n > output_length) {
n = (uint8_t) output_length;
- memcpy( output, hkdf->output_block + hkdf->offset_in_block, n );
+ }
+ memcpy(output, hkdf->output_block + hkdf->offset_in_block, n);
output += n;
output_length -= n;
hkdf->offset_in_block += n;
- if( output_length == 0 )
+ if (output_length == 0) {
break;
+ }
/* We can't be wanting more output after block 0xff, otherwise
* the capacity check in psa_key_derivation_output_bytes() would have
* prevented this call. It could happen only if the operation
* object was corrupted or if this function is called directly
* inside the library. */
- if( hkdf->block_number == 0xff )
- return( PSA_ERROR_BAD_STATE );
+ if (hkdf->block_number == 0xff) {
+ return PSA_ERROR_BAD_STATE;
+ }
/* We need a new block */
++hkdf->block_number;
hkdf->offset_in_block = 0;
- status = psa_key_derivation_start_hmac( &hkdf->hmac,
- hash_alg,
- hkdf->prk,
- hash_length );
- if( status != PSA_SUCCESS )
- return( status );
-
- if( hkdf->block_number != 1 )
- {
- status = psa_mac_update( &hkdf->hmac,
- hkdf->output_block,
- hash_length );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_key_derivation_start_hmac(&hkdf->hmac,
+ hash_alg,
+ hkdf->prk,
+ hash_length);
+ if (status != PSA_SUCCESS) {
+ return status;
}
- status = psa_mac_update( &hkdf->hmac,
- hkdf->info,
- hkdf->info_length );
- if( status != PSA_SUCCESS )
- return( status );
- status = psa_mac_update( &hkdf->hmac,
- &hkdf->block_number, 1 );
- if( status != PSA_SUCCESS )
- return( status );
- status = psa_mac_sign_finish( &hkdf->hmac,
- hkdf->output_block,
- sizeof( hkdf->output_block ),
- &hmac_output_length );
- if( status != PSA_SUCCESS )
- return( status );
+
+ if (hkdf->block_number != 1) {
+ status = psa_mac_update(&hkdf->hmac,
+ hkdf->output_block,
+ hash_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ }
+ status = psa_mac_update(&hkdf->hmac,
+ hkdf->info,
+ hkdf->info_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ status = psa_mac_update(&hkdf->hmac,
+ &hkdf->block_number, 1);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ status = psa_mac_sign_finish(&hkdf->hmac,
+ hkdf->output_block,
+ sizeof(hkdf->output_block),
+ &hmac_output_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */
@@ -4020,10 +3996,10 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
static psa_status_t psa_key_derivation_tls12_prf_generate_next_block(
psa_tls12_prf_key_derivation_t *tls12_prf,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
- psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg );
- uint8_t hash_length = PSA_HASH_LENGTH( hash_alg );
+ psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(alg);
+ uint8_t hash_length = PSA_HASH_LENGTH(hash_alg);
psa_mac_operation_t hmac = PSA_MAC_OPERATION_INIT;
size_t hmac_output_length;
psa_status_t status, cleanup_status;
@@ -4033,8 +4009,9 @@
* prevented this call. It could happen only if the operation
* object was corrupted or if this function is called directly
* inside the library. */
- if( tls12_prf->block_number == 0xff )
- return( PSA_ERROR_CORRUPTION_DETECTED );
+ if (tls12_prf->block_number == 0xff) {
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
/* We need a new block */
++tls12_prf->block_number;
@@ -4057,125 +4034,133 @@
* `block_number`.
*/
- status = psa_key_derivation_start_hmac( &hmac,
- hash_alg,
- tls12_prf->secret,
- tls12_prf->secret_length );
- if( status != PSA_SUCCESS )
+ status = psa_key_derivation_start_hmac(&hmac,
+ hash_alg,
+ tls12_prf->secret,
+ tls12_prf->secret_length);
+ if (status != PSA_SUCCESS) {
goto cleanup;
+ }
/* Calculate A(i) where i = tls12_prf->block_number. */
- if( tls12_prf->block_number == 1 )
- {
+ if (tls12_prf->block_number == 1) {
/* A(1) = HMAC_hash(secret, A(0)), where A(0) = seed. (The RFC overloads
* the variable seed and in this instance means it in the context of the
* P_hash function, where seed = label + seed.) */
- status = psa_mac_update( &hmac,
- tls12_prf->label,
- tls12_prf->label_length );
- if( status != PSA_SUCCESS )
+ status = psa_mac_update(&hmac,
+ tls12_prf->label,
+ tls12_prf->label_length);
+ if (status != PSA_SUCCESS) {
goto cleanup;
- status = psa_mac_update( &hmac,
- tls12_prf->seed,
- tls12_prf->seed_length );
- if( status != PSA_SUCCESS )
+ }
+ status = psa_mac_update(&hmac,
+ tls12_prf->seed,
+ tls12_prf->seed_length);
+ if (status != PSA_SUCCESS) {
goto cleanup;
- }
- else
- {
+ }
+ } else {
/* A(i) = HMAC_hash(secret, A(i-1)) */
- status = psa_mac_update( &hmac, tls12_prf->Ai, hash_length );
- if( status != PSA_SUCCESS )
+ status = psa_mac_update(&hmac, tls12_prf->Ai, hash_length);
+ if (status != PSA_SUCCESS) {
goto cleanup;
+ }
}
- status = psa_mac_sign_finish( &hmac,
- tls12_prf->Ai, hash_length,
- &hmac_output_length );
- if( hmac_output_length != hash_length )
+ status = psa_mac_sign_finish(&hmac,
+ tls12_prf->Ai, hash_length,
+ &hmac_output_length);
+ if (hmac_output_length != hash_length) {
status = PSA_ERROR_CORRUPTION_DETECTED;
- if( status != PSA_SUCCESS )
+ }
+ if (status != PSA_SUCCESS) {
goto cleanup;
+ }
/* Calculate HMAC_hash(secret, A(i) + label + seed). */
- status = psa_key_derivation_start_hmac( &hmac,
- hash_alg,
- tls12_prf->secret,
- tls12_prf->secret_length );
- if( status != PSA_SUCCESS )
+ status = psa_key_derivation_start_hmac(&hmac,
+ hash_alg,
+ tls12_prf->secret,
+ tls12_prf->secret_length);
+ if (status != PSA_SUCCESS) {
goto cleanup;
- status = psa_mac_update( &hmac, tls12_prf->Ai, hash_length );
- if( status != PSA_SUCCESS )
+ }
+ status = psa_mac_update(&hmac, tls12_prf->Ai, hash_length);
+ if (status != PSA_SUCCESS) {
goto cleanup;
- status = psa_mac_update( &hmac, tls12_prf->label, tls12_prf->label_length );
- if( status != PSA_SUCCESS )
+ }
+ status = psa_mac_update(&hmac, tls12_prf->label, tls12_prf->label_length);
+ if (status != PSA_SUCCESS) {
goto cleanup;
- status = psa_mac_update( &hmac, tls12_prf->seed, tls12_prf->seed_length );
- if( status != PSA_SUCCESS )
+ }
+ status = psa_mac_update(&hmac, tls12_prf->seed, tls12_prf->seed_length);
+ if (status != PSA_SUCCESS) {
goto cleanup;
- status = psa_mac_sign_finish( &hmac,
- tls12_prf->output_block, hash_length,
- &hmac_output_length );
- if( status != PSA_SUCCESS )
+ }
+ status = psa_mac_sign_finish(&hmac,
+ tls12_prf->output_block, hash_length,
+ &hmac_output_length);
+ if (status != PSA_SUCCESS) {
goto cleanup;
+ }
cleanup:
- cleanup_status = psa_mac_abort( &hmac );
- if( status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS )
+ cleanup_status = psa_mac_abort(&hmac);
+ if (status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS) {
status = cleanup_status;
+ }
- return( status );
+ return status;
}
static psa_status_t psa_key_derivation_tls12_prf_read(
psa_tls12_prf_key_derivation_t *tls12_prf,
psa_algorithm_t alg,
uint8_t *output,
- size_t output_length )
+ size_t output_length)
{
- psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH( alg );
- uint8_t hash_length = PSA_HASH_LENGTH( hash_alg );
+ psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH(alg);
+ uint8_t hash_length = PSA_HASH_LENGTH(hash_alg);
psa_status_t status;
uint8_t offset, length;
- switch( tls12_prf->state )
- {
+ switch (tls12_prf->state) {
case PSA_TLS12_PRF_STATE_LABEL_SET:
tls12_prf->state = PSA_TLS12_PRF_STATE_OUTPUT;
break;
case PSA_TLS12_PRF_STATE_OUTPUT:
break;
default:
- return( PSA_ERROR_BAD_STATE );
+ return PSA_ERROR_BAD_STATE;
}
- while( output_length != 0 )
- {
+ while (output_length != 0) {
/* Check if we have fully processed the current block. */
- if( tls12_prf->left_in_block == 0 )
- {
- status = psa_key_derivation_tls12_prf_generate_next_block( tls12_prf,
- alg );
- if( status != PSA_SUCCESS )
- return( status );
+ if (tls12_prf->left_in_block == 0) {
+ status = psa_key_derivation_tls12_prf_generate_next_block(tls12_prf,
+ alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
continue;
}
- if( tls12_prf->left_in_block > output_length )
+ if (tls12_prf->left_in_block > output_length) {
length = (uint8_t) output_length;
- else
+ } else {
length = tls12_prf->left_in_block;
+ }
offset = hash_length - tls12_prf->left_in_block;
- memcpy( output, tls12_prf->output_block + offset, length );
+ memcpy(output, tls12_prf->output_block + offset, length);
output += length;
output_length -= length;
tls12_prf->left_in_block -= length;
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF ||
* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
@@ -4183,140 +4168,142 @@
psa_status_t psa_key_derivation_output_bytes(
psa_key_derivation_operation_t *operation,
uint8_t *output,
- size_t output_length )
+ size_t output_length)
{
psa_status_t status;
- psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
+ psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation);
- if( operation->alg == 0 )
- {
+ if (operation->alg == 0) {
/* This is a blank operation. */
- return( PSA_ERROR_BAD_STATE );
+ return PSA_ERROR_BAD_STATE;
}
- if( output_length > operation->capacity )
- {
+ if (output_length > operation->capacity) {
operation->capacity = 0;
/* Go through the error path to wipe all confidential data now
* that the operation object is useless. */
status = PSA_ERROR_INSUFFICIENT_DATA;
goto exit;
}
- if( output_length == 0 && operation->capacity == 0 )
- {
+ if (output_length == 0 && operation->capacity == 0) {
/* Edge case: this is a finished operation, and 0 bytes
* were requested. The right error in this case could
* be either INSUFFICIENT_CAPACITY or BAD_STATE. Return
* INSUFFICIENT_CAPACITY, which is right for a finished
* operation, for consistency with the case when
* output_length > 0. */
- return( PSA_ERROR_INSUFFICIENT_DATA );
+ return PSA_ERROR_INSUFFICIENT_DATA;
}
operation->capacity -= output_length;
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
- if( PSA_ALG_IS_HKDF( kdf_alg ) )
- {
- psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
- status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, hash_alg,
- output, output_length );
- }
- else
+ if (PSA_ALG_IS_HKDF(kdf_alg)) {
+ psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg);
+ status = psa_key_derivation_hkdf_read(&operation->ctx.hkdf, hash_alg,
+ output, output_length);
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
- if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
- {
- status = psa_key_derivation_tls12_prf_read( &operation->ctx.tls12_prf,
- kdf_alg, output,
- output_length );
- }
- else
+ if (PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
+ status = psa_key_derivation_tls12_prf_read(&operation->ctx.tls12_prf,
+ kdf_alg, output,
+ output_length);
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF ||
* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
{
(void) kdf_alg;
- return( PSA_ERROR_BAD_STATE );
+ return PSA_ERROR_BAD_STATE;
}
exit:
- if( status != PSA_SUCCESS )
- {
+ if (status != PSA_SUCCESS) {
/* Preserve the algorithm upon errors, but clear all sensitive state.
* This allows us to differentiate between exhausted operations and
* blank operations, so we can return PSA_ERROR_BAD_STATE on blank
* operations. */
psa_algorithm_t alg = operation->alg;
- psa_key_derivation_abort( operation );
+ psa_key_derivation_abort(operation);
operation->alg = alg;
- memset( output, '!', output_length );
+ memset(output, '!', output_length);
}
- return( status );
+ return status;
}
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
-static void psa_des_set_key_parity( uint8_t *data, size_t data_size )
+static void psa_des_set_key_parity(uint8_t *data, size_t data_size)
{
- if( data_size >= 8 )
- mbedtls_des_key_set_parity( data );
- if( data_size >= 16 )
- mbedtls_des_key_set_parity( data + 8 );
- if( data_size >= 24 )
- mbedtls_des_key_set_parity( data + 16 );
+ if (data_size >= 8) {
+ mbedtls_des_key_set_parity(data);
+ }
+ if (data_size >= 16) {
+ mbedtls_des_key_set_parity(data + 8);
+ }
+ if (data_size >= 24) {
+ mbedtls_des_key_set_parity(data + 16);
+ }
}
#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */
static psa_status_t psa_generate_derived_key_internal(
psa_key_slot_t *slot,
size_t bits,
- psa_key_derivation_operation_t *operation )
+ psa_key_derivation_operation_t *operation)
{
uint8_t *data = NULL;
- size_t bytes = PSA_BITS_TO_BYTES( bits );
+ size_t bytes = PSA_BITS_TO_BYTES(bits);
psa_status_t status;
- if( ! key_type_is_raw_bytes( slot->attr.type ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
- if( bits % 8 != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
- data = mbedtls_calloc( 1, bytes );
- if( data == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ if (!key_type_is_raw_bytes(slot->attr.type)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ if (bits % 8 != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ data = mbedtls_calloc(1, bytes);
+ if (data == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
- status = psa_key_derivation_output_bytes( operation, data, bytes );
- if( status != PSA_SUCCESS )
+ status = psa_key_derivation_output_bytes(operation, data, bytes);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
- if( slot->attr.type == PSA_KEY_TYPE_DES )
- psa_des_set_key_parity( data, bytes );
+ if (slot->attr.type == PSA_KEY_TYPE_DES) {
+ psa_des_set_key_parity(data, bytes);
+ }
#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */
- status = psa_allocate_buffer_to_slot( slot, bytes );
- if( status != PSA_SUCCESS )
+ status = psa_allocate_buffer_to_slot(slot, bytes);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
slot->attr.bits = (psa_key_bits_t) bits;
psa_key_attributes_t attributes = {
- .core = slot->attr
+ .core = slot->attr
};
- status = psa_driver_wrapper_import_key( &attributes,
- data, bytes,
- slot->key.data,
- slot->key.bytes,
- &slot->key.bytes, &bits );
- if( bits != slot->attr.bits )
+ status = psa_driver_wrapper_import_key(&attributes,
+ data, bytes,
+ slot->key.data,
+ slot->key.bytes,
+ &slot->key.bytes, &bits);
+ if (bits != slot->attr.bits) {
status = PSA_ERROR_INVALID_ARGUMENT;
+ }
exit:
- mbedtls_free( data );
- return( status );
+ mbedtls_free(data);
+ return status;
}
-psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attributes,
- psa_key_derivation_operation_t *operation,
- mbedtls_svc_key_id_t *key )
+psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attributes,
+ psa_key_derivation_operation_t *operation,
+ mbedtls_svc_key_id_t *key)
{
psa_status_t status;
psa_key_slot_t *slot = NULL;
@@ -4326,36 +4313,39 @@
/* Reject any attempt to create a zero-length key so that we don't
* risk tripping up later, e.g. on a malloc(0) that returns NULL. */
- if( psa_get_key_bits( attributes ) == 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (psa_get_key_bits(attributes) == 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- if( operation->alg == PSA_ALG_NONE )
- return( PSA_ERROR_BAD_STATE );
+ if (operation->alg == PSA_ALG_NONE) {
+ return PSA_ERROR_BAD_STATE;
+ }
- if( ! operation->can_output_key )
- return( PSA_ERROR_NOT_PERMITTED );
+ if (!operation->can_output_key) {
+ return PSA_ERROR_NOT_PERMITTED;
+ }
- status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE, attributes,
- &slot, &driver );
+ status = psa_start_key_creation(PSA_KEY_CREATION_DERIVE, attributes,
+ &slot, &driver);
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- if( driver != NULL )
- {
+ if (driver != NULL) {
/* Deriving a key in a secure element is not implemented yet. */
status = PSA_ERROR_NOT_SUPPORTED;
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- if( status == PSA_SUCCESS )
- {
- status = psa_generate_derived_key_internal( slot,
- attributes->core.bits,
- operation );
+ if (status == PSA_SUCCESS) {
+ status = psa_generate_derived_key_internal(slot,
+ attributes->core.bits,
+ operation);
}
- if( status == PSA_SUCCESS )
- status = psa_finish_key_creation( slot, driver, key );
- if( status != PSA_SUCCESS )
- psa_fail_key_creation( slot, driver );
+ if (status == PSA_SUCCESS) {
+ status = psa_finish_key_creation(slot, driver, key);
+ }
+ if (status != PSA_SUCCESS) {
+ psa_fail_key_creation(slot, driver);
+ }
- return( status );
+ return status;
}
@@ -4365,272 +4355,284 @@
/****************************************************************/
#if defined(AT_LEAST_ONE_BUILTIN_KDF)
-static int is_kdf_alg_supported( psa_algorithm_t kdf_alg )
+static int is_kdf_alg_supported(psa_algorithm_t kdf_alg)
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
- if( PSA_ALG_IS_HKDF( kdf_alg ) )
- return( 1 );
+ if (PSA_ALG_IS_HKDF(kdf_alg)) {
+ return 1;
+ }
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF)
- if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) )
- return( 1 );
+ if (PSA_ALG_IS_TLS12_PRF(kdf_alg)) {
+ return 1;
+ }
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
- if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
- return( 1 );
+ if (PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
+ return 1;
+ }
#endif
- return( 0 );
+ return 0;
}
-static psa_status_t psa_hash_try_support( psa_algorithm_t alg )
+static psa_status_t psa_hash_try_support(psa_algorithm_t alg)
{
psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
- psa_status_t status = psa_hash_setup( &operation, alg );
- psa_hash_abort( &operation );
- return( status );
+ psa_status_t status = psa_hash_setup(&operation, alg);
+ psa_hash_abort(&operation);
+ return status;
}
static psa_status_t psa_key_derivation_setup_kdf(
psa_key_derivation_operation_t *operation,
- psa_algorithm_t kdf_alg )
+ psa_algorithm_t kdf_alg)
{
/* Make sure that operation->ctx is properly zero-initialised. (Macro
* initialisers for this union leave some bytes unspecified.) */
- memset( &operation->ctx, 0, sizeof( operation->ctx ) );
+ memset(&operation->ctx, 0, sizeof(operation->ctx));
/* Make sure that kdf_alg is a supported key derivation algorithm. */
- if( ! is_kdf_alg_supported( kdf_alg ) )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (!is_kdf_alg_supported(kdf_alg)) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
/* All currently supported key derivation algorithms are based on a
* hash algorithm. */
- psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
- size_t hash_size = PSA_HASH_LENGTH( hash_alg );
- if( hash_size == 0 )
- return( PSA_ERROR_NOT_SUPPORTED );
+ psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg);
+ size_t hash_size = PSA_HASH_LENGTH(hash_alg);
+ if (hash_size == 0) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
/* Make sure that hash_alg is a supported hash algorithm. Otherwise
* we might fail later, which is somewhat unfriendly and potentially
* risk-prone. */
- psa_status_t status = psa_hash_try_support( hash_alg );
- if( status != PSA_SUCCESS )
- return( status );
+ psa_status_t status = psa_hash_try_support(hash_alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) &&
- ! ( hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384 ) )
- {
- return( PSA_ERROR_NOT_SUPPORTED );
+ if ((PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) &&
+ !(hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) {
+ return PSA_ERROR_NOT_SUPPORTED;
}
operation->capacity = 255 * hash_size;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-static psa_status_t psa_key_agreement_try_support( psa_algorithm_t alg )
+static psa_status_t psa_key_agreement_try_support(psa_algorithm_t alg)
{
#if defined(PSA_WANT_ALG_ECDH)
- if( alg == PSA_ALG_ECDH )
- return( PSA_SUCCESS );
+ if (alg == PSA_ALG_ECDH) {
+ return PSA_SUCCESS;
+ }
#endif
(void) alg;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
#endif /* AT_LEAST_ONE_BUILTIN_KDF */
-psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation,
- psa_algorithm_t alg )
+psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
+ psa_algorithm_t alg)
{
psa_status_t status;
- if( operation->alg != 0 )
- return( PSA_ERROR_BAD_STATE );
-
- if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
- else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
- {
-#if defined(AT_LEAST_ONE_BUILTIN_KDF)
- psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
- psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( alg );
- status = psa_key_agreement_try_support( ka_alg );
- if( status != PSA_SUCCESS )
- return( status );
- status = psa_key_derivation_setup_kdf( operation, kdf_alg );
-#else
- return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* AT_LEAST_ONE_BUILTIN_KDF */
+ if (operation->alg != 0) {
+ return PSA_ERROR_BAD_STATE;
}
- else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
- {
-#if defined(AT_LEAST_ONE_BUILTIN_KDF)
- status = psa_key_derivation_setup_kdf( operation, alg );
-#else
- return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* AT_LEAST_ONE_BUILTIN_KDF */
- }
- else
- return( PSA_ERROR_INVALID_ARGUMENT );
- if( status == PSA_SUCCESS )
+ if (PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ } else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) {
+#if defined(AT_LEAST_ONE_BUILTIN_KDF)
+ psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg);
+ psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE(alg);
+ status = psa_key_agreement_try_support(ka_alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ status = psa_key_derivation_setup_kdf(operation, kdf_alg);
+#else
+ return PSA_ERROR_NOT_SUPPORTED;
+#endif /* AT_LEAST_ONE_BUILTIN_KDF */
+ } else if (PSA_ALG_IS_KEY_DERIVATION(alg)) {
+#if defined(AT_LEAST_ONE_BUILTIN_KDF)
+ status = psa_key_derivation_setup_kdf(operation, alg);
+#else
+ return PSA_ERROR_NOT_SUPPORTED;
+#endif /* AT_LEAST_ONE_BUILTIN_KDF */
+ } else {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ if (status == PSA_SUCCESS) {
operation->alg = alg;
- return( status );
+ }
+ return status;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
-static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf,
- psa_algorithm_t hash_alg,
- psa_key_derivation_step_t step,
- const uint8_t *data,
- size_t data_length )
+static psa_status_t psa_hkdf_input(psa_hkdf_key_derivation_t *hkdf,
+ psa_algorithm_t hash_alg,
+ psa_key_derivation_step_t step,
+ const uint8_t *data,
+ size_t data_length)
{
psa_status_t status;
- switch( step )
- {
+ switch (step) {
case PSA_KEY_DERIVATION_INPUT_SALT:
- if( hkdf->state != HKDF_STATE_INIT )
- return( PSA_ERROR_BAD_STATE );
- else
- {
- status = psa_key_derivation_start_hmac( &hkdf->hmac,
- hash_alg,
- data, data_length );
- if( status != PSA_SUCCESS )
- return( status );
+ if (hkdf->state != HKDF_STATE_INIT) {
+ return PSA_ERROR_BAD_STATE;
+ } else {
+ status = psa_key_derivation_start_hmac(&hkdf->hmac,
+ hash_alg,
+ data, data_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
hkdf->state = HKDF_STATE_STARTED;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
case PSA_KEY_DERIVATION_INPUT_SECRET:
/* If no salt was provided, use an empty salt. */
- if( hkdf->state == HKDF_STATE_INIT )
- {
- status = psa_key_derivation_start_hmac( &hkdf->hmac,
- hash_alg,
- NULL, 0 );
- if( status != PSA_SUCCESS )
- return( status );
+ if (hkdf->state == HKDF_STATE_INIT) {
+ status = psa_key_derivation_start_hmac(&hkdf->hmac,
+ hash_alg,
+ NULL, 0);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
hkdf->state = HKDF_STATE_STARTED;
}
- if( hkdf->state != HKDF_STATE_STARTED )
- return( PSA_ERROR_BAD_STATE );
- status = psa_mac_update( &hkdf->hmac,
- data, data_length );
- if( status != PSA_SUCCESS )
- return( status );
- status = psa_mac_sign_finish( &hkdf->hmac,
- hkdf->prk,
- sizeof( hkdf->prk ),
- &data_length );
- if( status != PSA_SUCCESS )
- return( status );
- hkdf->offset_in_block = PSA_HASH_LENGTH( hash_alg );
+ if (hkdf->state != HKDF_STATE_STARTED) {
+ return PSA_ERROR_BAD_STATE;
+ }
+ status = psa_mac_update(&hkdf->hmac,
+ data, data_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ status = psa_mac_sign_finish(&hkdf->hmac,
+ hkdf->prk,
+ sizeof(hkdf->prk),
+ &data_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ hkdf->offset_in_block = PSA_HASH_LENGTH(hash_alg);
hkdf->block_number = 0;
hkdf->state = HKDF_STATE_KEYED;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
case PSA_KEY_DERIVATION_INPUT_INFO:
- if( hkdf->state == HKDF_STATE_OUTPUT )
- return( PSA_ERROR_BAD_STATE );
- if( hkdf->info_set )
- return( PSA_ERROR_BAD_STATE );
+ if (hkdf->state == HKDF_STATE_OUTPUT) {
+ return PSA_ERROR_BAD_STATE;
+ }
+ if (hkdf->info_set) {
+ return PSA_ERROR_BAD_STATE;
+ }
hkdf->info_length = data_length;
- if( data_length != 0 )
- {
- hkdf->info = mbedtls_calloc( 1, data_length );
- if( hkdf->info == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
- memcpy( hkdf->info, data, data_length );
+ if (data_length != 0) {
+ hkdf->info = mbedtls_calloc(1, data_length);
+ if (hkdf->info == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
+ memcpy(hkdf->info, data, data_length);
}
hkdf->info_set = 1;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
default:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-static psa_status_t psa_tls12_prf_set_seed( psa_tls12_prf_key_derivation_t *prf,
- const uint8_t *data,
- size_t data_length )
+static psa_status_t psa_tls12_prf_set_seed(psa_tls12_prf_key_derivation_t *prf,
+ const uint8_t *data,
+ size_t data_length)
{
- if( prf->state != PSA_TLS12_PRF_STATE_INIT )
- return( PSA_ERROR_BAD_STATE );
+ if (prf->state != PSA_TLS12_PRF_STATE_INIT) {
+ return PSA_ERROR_BAD_STATE;
+ }
- if( data_length != 0 )
- {
- prf->seed = mbedtls_calloc( 1, data_length );
- if( prf->seed == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ if (data_length != 0) {
+ prf->seed = mbedtls_calloc(1, data_length);
+ if (prf->seed == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
- memcpy( prf->seed, data, data_length );
+ memcpy(prf->seed, data, data_length);
prf->seed_length = data_length;
}
prf->state = PSA_TLS12_PRF_STATE_SEED_SET;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-static psa_status_t psa_tls12_prf_set_key( psa_tls12_prf_key_derivation_t *prf,
- const uint8_t *data,
- size_t data_length )
+static psa_status_t psa_tls12_prf_set_key(psa_tls12_prf_key_derivation_t *prf,
+ const uint8_t *data,
+ size_t data_length)
{
- if( prf->state != PSA_TLS12_PRF_STATE_SEED_SET )
- return( PSA_ERROR_BAD_STATE );
+ if (prf->state != PSA_TLS12_PRF_STATE_SEED_SET) {
+ return PSA_ERROR_BAD_STATE;
+ }
- if( data_length != 0 )
- {
- prf->secret = mbedtls_calloc( 1, data_length );
- if( prf->secret == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ if (data_length != 0) {
+ prf->secret = mbedtls_calloc(1, data_length);
+ if (prf->secret == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
- memcpy( prf->secret, data, data_length );
+ memcpy(prf->secret, data, data_length);
prf->secret_length = data_length;
}
prf->state = PSA_TLS12_PRF_STATE_KEY_SET;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-static psa_status_t psa_tls12_prf_set_label( psa_tls12_prf_key_derivation_t *prf,
- const uint8_t *data,
- size_t data_length )
+static psa_status_t psa_tls12_prf_set_label(psa_tls12_prf_key_derivation_t *prf,
+ const uint8_t *data,
+ size_t data_length)
{
- if( prf->state != PSA_TLS12_PRF_STATE_KEY_SET )
- return( PSA_ERROR_BAD_STATE );
+ if (prf->state != PSA_TLS12_PRF_STATE_KEY_SET) {
+ return PSA_ERROR_BAD_STATE;
+ }
- if( data_length != 0 )
- {
- prf->label = mbedtls_calloc( 1, data_length );
- if( prf->label == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ if (data_length != 0) {
+ prf->label = mbedtls_calloc(1, data_length);
+ if (prf->label == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
- memcpy( prf->label, data, data_length );
+ memcpy(prf->label, data, data_length);
prf->label_length = data_length;
}
prf->state = PSA_TLS12_PRF_STATE_LABEL_SET;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-static psa_status_t psa_tls12_prf_input( psa_tls12_prf_key_derivation_t *prf,
- psa_key_derivation_step_t step,
- const uint8_t *data,
- size_t data_length )
+static psa_status_t psa_tls12_prf_input(psa_tls12_prf_key_derivation_t *prf,
+ psa_key_derivation_step_t step,
+ const uint8_t *data,
+ size_t data_length)
{
- switch( step )
- {
+ switch (step) {
case PSA_KEY_DERIVATION_INPUT_SEED:
- return( psa_tls12_prf_set_seed( prf, data, data_length ) );
+ return psa_tls12_prf_set_seed(prf, data, data_length);
case PSA_KEY_DERIVATION_INPUT_SECRET:
- return( psa_tls12_prf_set_key( prf, data, data_length ) );
+ return psa_tls12_prf_set_key(prf, data, data_length);
case PSA_KEY_DERIVATION_INPUT_LABEL:
- return( psa_tls12_prf_set_label( prf, data, data_length ) );
+ return psa_tls12_prf_set_label(prf, data, data_length);
default:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
@@ -4640,14 +4642,15 @@
static psa_status_t psa_tls12_prf_psk_to_ms_set_key(
psa_tls12_prf_key_derivation_t *prf,
const uint8_t *data,
- size_t data_length )
+ size_t data_length)
{
psa_status_t status;
- uint8_t pms[ 4 + 2 * PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE ];
+ uint8_t pms[4 + 2 * PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE];
uint8_t *cur = pms;
- if( data_length > PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (data_length > PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
/* Quoting RFC 4279, Section 2:
*
@@ -4656,34 +4659,33 @@
* uint16 with the value N, and the PSK itself.
*/
- *cur++ = MBEDTLS_BYTE_1( data_length );
- *cur++ = MBEDTLS_BYTE_0( data_length );
- memset( cur, 0, data_length );
+ *cur++ = MBEDTLS_BYTE_1(data_length);
+ *cur++ = MBEDTLS_BYTE_0(data_length);
+ memset(cur, 0, data_length);
cur += data_length;
*cur++ = pms[0];
*cur++ = pms[1];
- memcpy( cur, data, data_length );
+ memcpy(cur, data, data_length);
cur += data_length;
- status = psa_tls12_prf_set_key( prf, pms, cur - pms );
+ status = psa_tls12_prf_set_key(prf, pms, cur - pms);
- mbedtls_platform_zeroize( pms, sizeof( pms ) );
- return( status );
+ mbedtls_platform_zeroize(pms, sizeof(pms));
+ return status;
}
static psa_status_t psa_tls12_prf_psk_to_ms_input(
psa_tls12_prf_key_derivation_t *prf,
psa_key_derivation_step_t step,
const uint8_t *data,
- size_t data_length )
+ size_t data_length)
{
- if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
- {
- return( psa_tls12_prf_psk_to_ms_set_key( prf,
- data, data_length ) );
+ if (step == PSA_KEY_DERIVATION_INPUT_SECRET) {
+ return psa_tls12_prf_psk_to_ms_set_key(prf,
+ data, data_length);
}
- return( psa_tls12_prf_input( prf, step, data, data_length ) );
+ return psa_tls12_prf_input(prf, step, data, data_length);
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
@@ -4698,27 +4700,30 @@
*/
static int psa_key_derivation_check_input_type(
psa_key_derivation_step_t step,
- psa_key_type_t key_type )
+ psa_key_type_t key_type)
{
- switch( step )
- {
+ switch (step) {
case PSA_KEY_DERIVATION_INPUT_SECRET:
- if( key_type == PSA_KEY_TYPE_DERIVE )
- return( PSA_SUCCESS );
- if( key_type == PSA_KEY_TYPE_NONE )
- return( PSA_SUCCESS );
+ if (key_type == PSA_KEY_TYPE_DERIVE) {
+ return PSA_SUCCESS;
+ }
+ if (key_type == PSA_KEY_TYPE_NONE) {
+ return PSA_SUCCESS;
+ }
break;
case PSA_KEY_DERIVATION_INPUT_LABEL:
case PSA_KEY_DERIVATION_INPUT_SALT:
case PSA_KEY_DERIVATION_INPUT_INFO:
case PSA_KEY_DERIVATION_INPUT_SEED:
- if( key_type == PSA_KEY_TYPE_RAW_DATA )
- return( PSA_SUCCESS );
- if( key_type == PSA_KEY_TYPE_NONE )
- return( PSA_SUCCESS );
+ if (key_type == PSA_KEY_TYPE_RAW_DATA) {
+ return PSA_SUCCESS;
+ }
+ if (key_type == PSA_KEY_TYPE_NONE) {
+ return PSA_SUCCESS;
+ }
break;
}
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
static psa_status_t psa_key_derivation_input_internal(
@@ -4726,95 +4731,91 @@
psa_key_derivation_step_t step,
psa_key_type_t key_type,
const uint8_t *data,
- size_t data_length )
+ size_t data_length)
{
psa_status_t status;
- psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
+ psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation);
- status = psa_key_derivation_check_input_type( step, key_type );
- if( status != PSA_SUCCESS )
+ status = psa_key_derivation_check_input_type(step, key_type);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
- if( PSA_ALG_IS_HKDF( kdf_alg ) )
- {
- status = psa_hkdf_input( &operation->ctx.hkdf,
- PSA_ALG_HKDF_GET_HASH( kdf_alg ),
- step, data, data_length );
- }
- else
+ if (PSA_ALG_IS_HKDF(kdf_alg)) {
+ status = psa_hkdf_input(&operation->ctx.hkdf,
+ PSA_ALG_HKDF_GET_HASH(kdf_alg),
+ step, data, data_length);
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF)
- if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) )
- {
- status = psa_tls12_prf_input( &operation->ctx.tls12_prf,
- step, data, data_length );
- }
- else
+ if (PSA_ALG_IS_TLS12_PRF(kdf_alg)) {
+ status = psa_tls12_prf_input(&operation->ctx.tls12_prf,
+ step, data, data_length);
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
- if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
- {
- status = psa_tls12_prf_psk_to_ms_input( &operation->ctx.tls12_prf,
- step, data, data_length );
- }
- else
+ if (PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
+ status = psa_tls12_prf_psk_to_ms_input(&operation->ctx.tls12_prf,
+ step, data, data_length);
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
{
/* This can't happen unless the operation object was not initialized */
(void) data;
(void) data_length;
(void) kdf_alg;
- return( PSA_ERROR_BAD_STATE );
+ return PSA_ERROR_BAD_STATE;
}
exit:
- if( status != PSA_SUCCESS )
- psa_key_derivation_abort( operation );
- return( status );
+ if (status != PSA_SUCCESS) {
+ psa_key_derivation_abort(operation);
+ }
+ return status;
}
psa_status_t psa_key_derivation_input_bytes(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
const uint8_t *data,
- size_t data_length )
+ size_t data_length)
{
- return( psa_key_derivation_input_internal( operation, step,
- PSA_KEY_TYPE_NONE,
- data, data_length ) );
+ return psa_key_derivation_input_internal(operation, step,
+ PSA_KEY_TYPE_NONE,
+ data, data_length);
}
psa_status_t psa_key_derivation_input_key(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
- mbedtls_svc_key_id_t key )
+ mbedtls_svc_key_id_t key)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
status = psa_get_and_lock_transparent_key_slot_with_policy(
- key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg );
- if( status != PSA_SUCCESS )
- {
- psa_key_derivation_abort( operation );
- return( status );
+ key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg);
+ if (status != PSA_SUCCESS) {
+ psa_key_derivation_abort(operation);
+ return status;
}
/* Passing a key object as a SECRET input unlocks the permission
* to output to a key object. */
- if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
+ if (step == PSA_KEY_DERIVATION_INPUT_SECRET) {
operation->can_output_key = 1;
+ }
- status = psa_key_derivation_input_internal( operation,
- step, slot->attr.type,
- slot->key.data,
- slot->key.bytes );
+ status = psa_key_derivation_input_internal(operation,
+ step, slot->attr.type,
+ slot->key.data,
+ slot->key.bytes);
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
@@ -4824,92 +4825,99 @@
/****************************************************************/
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
-static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key,
- size_t peer_key_length,
- const mbedtls_ecp_keypair *our_key,
- uint8_t *shared_secret,
- size_t shared_secret_size,
- size_t *shared_secret_length )
+static psa_status_t psa_key_agreement_ecdh(const uint8_t *peer_key,
+ size_t peer_key_length,
+ const mbedtls_ecp_keypair *our_key,
+ uint8_t *shared_secret,
+ size_t shared_secret_size,
+ size_t *shared_secret_length)
{
mbedtls_ecp_keypair *their_key = NULL;
mbedtls_ecdh_context ecdh;
psa_status_t status;
size_t bits = 0;
- psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( our_key->grp.id, &bits );
- mbedtls_ecdh_init( &ecdh );
+ psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(our_key->grp.id, &bits);
+ mbedtls_ecdh_init(&ecdh);
status = mbedtls_psa_ecp_load_representation(
- PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve),
- bits,
- peer_key,
- peer_key_length,
- &their_key );
- if( status != PSA_SUCCESS )
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve),
+ bits,
+ peer_key,
+ peer_key_length,
+ &their_key);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
status = mbedtls_to_psa_error(
- mbedtls_ecdh_get_params( &ecdh, their_key, MBEDTLS_ECDH_THEIRS ) );
- if( status != PSA_SUCCESS )
+ mbedtls_ecdh_get_params(&ecdh, their_key, MBEDTLS_ECDH_THEIRS));
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
status = mbedtls_to_psa_error(
- mbedtls_ecdh_get_params( &ecdh, our_key, MBEDTLS_ECDH_OURS ) );
- if( status != PSA_SUCCESS )
+ mbedtls_ecdh_get_params(&ecdh, our_key, MBEDTLS_ECDH_OURS));
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
status = mbedtls_to_psa_error(
- mbedtls_ecdh_calc_secret( &ecdh,
- shared_secret_length,
- shared_secret, shared_secret_size,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE ) );
- if( status != PSA_SUCCESS )
+ mbedtls_ecdh_calc_secret(&ecdh,
+ shared_secret_length,
+ shared_secret, shared_secret_size,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE));
+ if (status != PSA_SUCCESS) {
goto exit;
- if( PSA_BITS_TO_BYTES( bits ) != *shared_secret_length )
+ }
+ if (PSA_BITS_TO_BYTES(bits) != *shared_secret_length) {
status = PSA_ERROR_CORRUPTION_DETECTED;
+ }
exit:
- if( status != PSA_SUCCESS )
- mbedtls_platform_zeroize( shared_secret, shared_secret_size );
- mbedtls_ecdh_free( &ecdh );
- mbedtls_ecp_keypair_free( their_key );
- mbedtls_free( their_key );
+ if (status != PSA_SUCCESS) {
+ mbedtls_platform_zeroize(shared_secret, shared_secret_size);
+ }
+ mbedtls_ecdh_free(&ecdh);
+ mbedtls_ecp_keypair_free(their_key);
+ mbedtls_free(their_key);
- return( status );
+ return status;
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
#define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES
-static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg,
- psa_key_slot_t *private_key,
- const uint8_t *peer_key,
- size_t peer_key_length,
- uint8_t *shared_secret,
- size_t shared_secret_size,
- size_t *shared_secret_length )
+static psa_status_t psa_key_agreement_raw_internal(psa_algorithm_t alg,
+ psa_key_slot_t *private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ uint8_t *shared_secret,
+ size_t shared_secret_size,
+ size_t *shared_secret_length)
{
- switch( alg )
- {
+ switch (alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
case PSA_ALG_ECDH:
- if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( private_key->attr.type ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(private_key->attr.type)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
mbedtls_ecp_keypair *ecp = NULL;
psa_status_t status = mbedtls_psa_ecp_load_representation(
- private_key->attr.type,
- private_key->attr.bits,
- private_key->key.data,
- private_key->key.bytes,
- &ecp );
- if( status != PSA_SUCCESS )
- return( status );
- status = psa_key_agreement_ecdh( peer_key, peer_key_length,
- ecp,
- shared_secret, shared_secret_size,
- shared_secret_length );
- mbedtls_ecp_keypair_free( ecp );
- mbedtls_free( ecp );
- return( status );
+ private_key->attr.type,
+ private_key->attr.bits,
+ private_key->key.data,
+ private_key->key.bytes,
+ &ecp);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ status = psa_key_agreement_ecdh(peer_key, peer_key_length,
+ ecp,
+ shared_secret, shared_secret_size,
+ shared_secret_length);
+ mbedtls_ecp_keypair_free(ecp);
+ mbedtls_free(ecp);
+ return status;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
default:
(void) private_key;
@@ -4918,102 +4926,105 @@
(void) shared_secret;
(void) shared_secret_size;
(void) shared_secret_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
}
/* Note that if this function fails, you must call psa_key_derivation_abort()
* to potentially free embedded data structures and wipe confidential data.
*/
-static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *operation,
- psa_key_derivation_step_t step,
- psa_key_slot_t *private_key,
- const uint8_t *peer_key,
- size_t peer_key_length )
+static psa_status_t psa_key_agreement_internal(psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ psa_key_slot_t *private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length)
{
psa_status_t status;
uint8_t shared_secret[PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE];
size_t shared_secret_length = 0;
- psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( operation->alg );
+ psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE(operation->alg);
/* Step 1: run the secret agreement algorithm to generate the shared
* secret. */
- status = psa_key_agreement_raw_internal( ka_alg,
- private_key,
- peer_key, peer_key_length,
- shared_secret,
- sizeof( shared_secret ),
- &shared_secret_length );
- if( status != PSA_SUCCESS )
+ status = psa_key_agreement_raw_internal(ka_alg,
+ private_key,
+ peer_key, peer_key_length,
+ shared_secret,
+ sizeof(shared_secret),
+ &shared_secret_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* Step 2: set up the key derivation to generate key material from
* the shared secret. A shared secret is permitted wherever a key
* of type DERIVE is permitted. */
- status = psa_key_derivation_input_internal( operation, step,
- PSA_KEY_TYPE_DERIVE,
- shared_secret,
- shared_secret_length );
+ status = psa_key_derivation_input_internal(operation, step,
+ PSA_KEY_TYPE_DERIVE,
+ shared_secret,
+ shared_secret_length);
exit:
- mbedtls_platform_zeroize( shared_secret, shared_secret_length );
- return( status );
+ mbedtls_platform_zeroize(shared_secret, shared_secret_length);
+ return status;
}
-psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation,
- psa_key_derivation_step_t step,
- mbedtls_svc_key_id_t private_key,
- const uint8_t *peer_key,
- size_t peer_key_length )
+psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ mbedtls_svc_key_id_t private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
- if( ! PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (!PSA_ALG_IS_KEY_AGREEMENT(operation->alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
status = psa_get_and_lock_transparent_key_slot_with_policy(
- private_key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg );
- if( status != PSA_SUCCESS )
- return( status );
- status = psa_key_agreement_internal( operation, step,
- slot,
- peer_key, peer_key_length );
- if( status != PSA_SUCCESS )
- psa_key_derivation_abort( operation );
- else
- {
+ private_key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ status = psa_key_agreement_internal(operation, step,
+ slot,
+ peer_key, peer_key_length);
+ if (status != PSA_SUCCESS) {
+ psa_key_derivation_abort(operation);
+ } else {
/* If a private key has been added as SECRET, we allow the derived
* key material to be used as a key in PSA Crypto. */
- if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
+ if (step == PSA_KEY_DERIVATION_INPUT_SECRET) {
operation->can_output_key = 1;
+ }
}
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
-psa_status_t psa_raw_key_agreement( psa_algorithm_t alg,
- mbedtls_svc_key_id_t private_key,
- const uint8_t *peer_key,
- size_t peer_key_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length )
+psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
+ mbedtls_svc_key_id_t private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
- if( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) )
- {
+ if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
status = psa_get_and_lock_transparent_key_slot_with_policy(
- private_key, &slot, PSA_KEY_USAGE_DERIVE, alg );
- if( status != PSA_SUCCESS )
+ private_key, &slot, PSA_KEY_USAGE_DERIVE, alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() is in general an upper bound
* for the output size. The PSA specification only guarantees that this
@@ -5024,21 +5035,19 @@
* If FFDH is implemented, PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() can easily
* be exact for it as well. */
size_t expected_length =
- PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( slot->attr.type, slot->attr.bits );
- if( output_size < expected_length )
- {
+ PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(slot->attr.type, slot->attr.bits);
+ if (output_size < expected_length) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
- status = psa_key_agreement_raw_internal( alg, slot,
- peer_key, peer_key_length,
- output, output_size,
- output_length );
+ status = psa_key_agreement_raw_internal(alg, slot,
+ peer_key, peer_key_length,
+ output, output_size,
+ output_length);
exit:
- if( status != PSA_SUCCESS )
- {
+ if (status != PSA_SUCCESS) {
/* If an error happens and is not handled properly, the output
* may be used as a key to protect sensitive data. Arrange for such
* a key to be random, which is likely to result in decryption or
@@ -5046,13 +5055,13 @@
* some constant data such as zeros, which would result in the data
* being protected with a reproducible, easily knowable key.
*/
- psa_generate_random( output, output_size );
+ psa_generate_random(output, output_size);
*output_length = output_size;
}
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
@@ -5063,97 +5072,101 @@
/** Initialize the PSA random generator.
*/
-static void mbedtls_psa_random_init( mbedtls_psa_random_context_t *rng )
+static void mbedtls_psa_random_init(mbedtls_psa_random_context_t *rng)
{
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
- memset( rng, 0, sizeof( *rng ) );
+ memset(rng, 0, sizeof(*rng));
#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
/* Set default configuration if
* mbedtls_psa_crypto_configure_entropy_sources() hasn't been called. */
- if( rng->entropy_init == NULL )
+ if (rng->entropy_init == NULL) {
rng->entropy_init = mbedtls_entropy_init;
- if( rng->entropy_free == NULL )
+ }
+ if (rng->entropy_free == NULL) {
rng->entropy_free = mbedtls_entropy_free;
+ }
- rng->entropy_init( &rng->entropy );
+ rng->entropy_init(&rng->entropy);
#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
/* The PSA entropy injection feature depends on using NV seed as an entropy
* source. Add NV seed as an entropy source for PSA entropy injection. */
- mbedtls_entropy_add_source( &rng->entropy,
- mbedtls_nv_seed_poll, NULL,
- MBEDTLS_ENTROPY_BLOCK_SIZE,
- MBEDTLS_ENTROPY_SOURCE_STRONG );
+ mbedtls_entropy_add_source(&rng->entropy,
+ mbedtls_nv_seed_poll, NULL,
+ MBEDTLS_ENTROPY_BLOCK_SIZE,
+ MBEDTLS_ENTROPY_SOURCE_STRONG);
#endif
- mbedtls_psa_drbg_init( MBEDTLS_PSA_RANDOM_STATE );
+ mbedtls_psa_drbg_init(MBEDTLS_PSA_RANDOM_STATE);
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
}
/** Deinitialize the PSA random generator.
*/
-static void mbedtls_psa_random_free( mbedtls_psa_random_context_t *rng )
+static void mbedtls_psa_random_free(mbedtls_psa_random_context_t *rng)
{
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
- memset( rng, 0, sizeof( *rng ) );
+ memset(rng, 0, sizeof(*rng));
#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
- mbedtls_psa_drbg_free( MBEDTLS_PSA_RANDOM_STATE );
- rng->entropy_free( &rng->entropy );
+ mbedtls_psa_drbg_free(MBEDTLS_PSA_RANDOM_STATE);
+ rng->entropy_free(&rng->entropy);
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
}
/** Seed the PSA random generator.
*/
-static psa_status_t mbedtls_psa_random_seed( mbedtls_psa_random_context_t *rng )
+static psa_status_t mbedtls_psa_random_seed(mbedtls_psa_random_context_t *rng)
{
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/* Do nothing: the external RNG seeds itself. */
(void) rng;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
const unsigned char drbg_seed[] = "PSA";
- int ret = mbedtls_psa_drbg_seed( &rng->entropy,
- drbg_seed, sizeof( drbg_seed ) - 1 );
- return mbedtls_to_psa_error( ret );
+ int ret = mbedtls_psa_drbg_seed(&rng->entropy,
+ drbg_seed, sizeof(drbg_seed) - 1);
+ return mbedtls_to_psa_error(ret);
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
}
-psa_status_t psa_generate_random( uint8_t *output,
- size_t output_size )
+psa_status_t psa_generate_random(uint8_t *output,
+ size_t output_size)
{
GUARD_MODULE_INITIALIZED;
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
size_t output_length = 0;
- psa_status_t status = mbedtls_psa_external_get_random( &global_data.rng,
- output, output_size,
- &output_length );
- if( status != PSA_SUCCESS )
- return( status );
+ psa_status_t status = mbedtls_psa_external_get_random(&global_data.rng,
+ output, output_size,
+ &output_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/* Breaking up a request into smaller chunks is currently not supported
* for the external RNG interface. */
- if( output_length != output_size )
- return( PSA_ERROR_INSUFFICIENT_ENTROPY );
- return( PSA_SUCCESS );
+ if (output_length != output_size) {
+ return PSA_ERROR_INSUFFICIENT_ENTROPY;
+ }
+ return PSA_SUCCESS;
#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
- while( output_size > 0 )
- {
+ while (output_size > 0) {
size_t request_size =
- ( output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ?
- MBEDTLS_PSA_RANDOM_MAX_REQUEST :
- output_size );
- int ret = mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE,
- output, request_size );
- if( ret != 0 )
- return( mbedtls_to_psa_error( ret ) );
+ (output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ?
+ MBEDTLS_PSA_RANDOM_MAX_REQUEST :
+ output_size);
+ int ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
+ output, request_size);
+ if (ret != 0) {
+ return mbedtls_to_psa_error(ret);
+ }
output_size -= request_size;
output += request_size;
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
}
@@ -5170,10 +5183,10 @@
* classic API, psa_crypto_random_impl.h defines `mbedtls_psa_get_random`
* as a constant function pointer to `mbedtls_xxx_drbg_random`.
*/
-#if defined (MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-int mbedtls_psa_get_random( void *p_rng,
- unsigned char *output,
- size_t output_size )
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+int mbedtls_psa_get_random(void *p_rng,
+ unsigned char *output,
+ size_t output_size)
{
/* This function takes a pointer to the RNG state because that's what
* classic mbedtls functions using an RNG expect. The PSA RNG manages
@@ -5181,29 +5194,32 @@
* So we just ignore the state parameter, and in practice we'll pass
* NULL. */
(void) p_rng;
- psa_status_t status = psa_generate_random( output, output_size );
- if( status == PSA_SUCCESS )
- return( 0 );
- else
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ psa_status_t status = psa_generate_random(output, output_size);
+ if (status == PSA_SUCCESS) {
+ return 0;
+ } else {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ }
}
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
#include "mbedtls/entropy_poll.h"
-psa_status_t mbedtls_psa_inject_entropy( const uint8_t *seed,
- size_t seed_size )
+psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
+ size_t seed_size)
{
- if( global_data.initialized )
- return( PSA_ERROR_NOT_PERMITTED );
+ if (global_data.initialized) {
+ return PSA_ERROR_NOT_PERMITTED;
+ }
- if( ( ( seed_size < MBEDTLS_ENTROPY_MIN_PLATFORM ) ||
- ( seed_size < MBEDTLS_ENTROPY_BLOCK_SIZE ) ) ||
- ( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (((seed_size < MBEDTLS_ENTROPY_MIN_PLATFORM) ||
+ (seed_size < MBEDTLS_ENTROPY_BLOCK_SIZE)) ||
+ (seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- return( mbedtls_psa_storage_inject_entropy( seed, seed_size ) );
+ return mbedtls_psa_storage_inject_entropy(seed, seed_size);
}
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
@@ -5221,103 +5237,97 @@
* the two is not supported.
*/
static psa_status_t psa_validate_key_type_and_size_for_key_generation(
- psa_key_type_t type, size_t bits )
+ psa_key_type_t type, size_t bits)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( key_type_is_raw_bytes( type ) )
- {
- status = validate_unstructured_key_bit_size( type, bits );
- if( status != PSA_SUCCESS )
- return( status );
- }
- else
+ if (key_type_is_raw_bytes(type)) {
+ status = validate_unstructured_key_bit_size(type, bits);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ } else
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
- if( PSA_KEY_TYPE_IS_RSA( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
- {
- if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (PSA_KEY_TYPE_IS_RSA(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
+ if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
/* Accept only byte-aligned keys, for the same reasons as
* in psa_import_rsa_key(). */
- if( bits % 8 != 0 )
- return( PSA_ERROR_NOT_SUPPORTED );
- }
- else
+ if (bits % 8 != 0) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ } else
#endif /* defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) */
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
- if( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
- {
+ if (PSA_KEY_TYPE_IS_ECC(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
/* To avoid empty block, return successfully here. */
- return( PSA_SUCCESS );
- }
- else
+ return PSA_SUCCESS;
+ } else
#endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) */
{
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
psa_status_t psa_generate_key_internal(
const psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_type_t type = attributes->core.type;
- if( ( attributes->domain_parameters == NULL ) &&
- ( attributes->domain_parameters_size != 0 ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if ((attributes->domain_parameters == NULL) &&
+ (attributes->domain_parameters_size != 0)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- if( key_type_is_raw_bytes( type ) )
- {
- status = psa_generate_random( key_buffer, key_buffer_size );
- if( status != PSA_SUCCESS )
- return( status );
+ if (key_type_is_raw_bytes(type)) {
+ status = psa_generate_random(key_buffer, key_buffer_size);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
- if( type == PSA_KEY_TYPE_DES )
- psa_des_set_key_parity( key_buffer, key_buffer_size );
+ if (type == PSA_KEY_TYPE_DES) {
+ psa_des_set_key_parity(key_buffer, key_buffer_size);
+ }
#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */
- }
- else
+ } else
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
defined(MBEDTLS_GENPRIME)
- if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
- {
- return( mbedtls_psa_rsa_generate_key( attributes,
- key_buffer,
- key_buffer_size,
- key_buffer_length ) );
- }
- else
+ if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
+ return mbedtls_psa_rsa_generate_key(attributes,
+ key_buffer,
+ key_buffer_size,
+ key_buffer_length);
+ } else
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
* defined(MBEDTLS_GENPRIME) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
- if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
- {
- return( mbedtls_psa_ecp_generate_key( attributes,
- key_buffer,
- key_buffer_size,
- key_buffer_length ) );
- }
- else
+ if (PSA_KEY_TYPE_IS_ECC(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
+ return mbedtls_psa_ecp_generate_key(attributes,
+ key_buffer,
+ key_buffer_size,
+ key_buffer_length);
+ } else
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
{
- (void)key_buffer_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ (void) key_buffer_length;
+ return PSA_ERROR_NOT_SUPPORTED;
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
- mbedtls_svc_key_id_t *key )
+psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
+ mbedtls_svc_key_id_t *key)
{
psa_status_t status;
psa_key_slot_t *slot = NULL;
@@ -5328,62 +5338,67 @@
/* Reject any attempt to create a zero-length key so that we don't
* risk tripping up later, e.g. on a malloc(0) that returns NULL. */
- if( psa_get_key_bits( attributes ) == 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (psa_get_key_bits(attributes) == 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
/* Reject any attempt to create a public key. */
- if( PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->core.type) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->core.type)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE, attributes,
- &slot, &driver );
- if( status != PSA_SUCCESS )
+ status = psa_start_key_creation(PSA_KEY_CREATION_GENERATE, attributes,
+ &slot, &driver);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* In the case of a transparent key or an opaque key stored in local
* storage (thus not in the case of generating a key in a secure element
* or cryptoprocessor with storage), we have to allocate a buffer to
* hold the generated key material. */
- if( slot->key.data == NULL )
- {
- if ( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) ==
- PSA_KEY_LOCATION_LOCAL_STORAGE )
- {
+ if (slot->key.data == NULL) {
+ if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime) ==
+ PSA_KEY_LOCATION_LOCAL_STORAGE) {
status = psa_validate_key_type_and_size_for_key_generation(
- attributes->core.type, attributes->core.bits );
- if( status != PSA_SUCCESS )
+ attributes->core.type, attributes->core.bits);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
- attributes->core.type,
- attributes->core.bits );
- }
- else
- {
+ attributes->core.type,
+ attributes->core.bits);
+ } else {
status = psa_driver_wrapper_get_key_buffer_size(
- attributes, &key_buffer_size );
- if( status != PSA_SUCCESS )
+ attributes, &key_buffer_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
}
- status = psa_allocate_buffer_to_slot( slot, key_buffer_size );
- if( status != PSA_SUCCESS )
+ status = psa_allocate_buffer_to_slot(slot, key_buffer_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
}
- status = psa_driver_wrapper_generate_key( attributes,
- slot->key.data, slot->key.bytes, &slot->key.bytes );
+ status = psa_driver_wrapper_generate_key(attributes,
+ slot->key.data, slot->key.bytes, &slot->key.bytes);
- if( status != PSA_SUCCESS )
- psa_remove_key_data_from_memory( slot );
+ if (status != PSA_SUCCESS) {
+ psa_remove_key_data_from_memory(slot);
+ }
exit:
- if( status == PSA_SUCCESS )
- status = psa_finish_key_creation( slot, driver, key );
- if( status != PSA_SUCCESS )
- psa_fail_key_creation( slot, driver );
+ if (status == PSA_SUCCESS) {
+ status = psa_finish_key_creation(slot, driver, key);
+ }
+ if (status != PSA_SUCCESS) {
+ psa_fail_key_creation(slot, driver);
+ }
- return( status );
+ return status;
}
/****************************************************************/
@@ -5392,31 +5407,31 @@
#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
- void (* entropy_init )( mbedtls_entropy_context *ctx ),
- void (* entropy_free )( mbedtls_entropy_context *ctx ) )
+ void (* entropy_init)(mbedtls_entropy_context *ctx),
+ void (* entropy_free)(mbedtls_entropy_context *ctx))
{
- if( global_data.rng_state != RNG_NOT_INITIALIZED )
- return( PSA_ERROR_BAD_STATE );
+ if (global_data.rng_state != RNG_NOT_INITIALIZED) {
+ return PSA_ERROR_BAD_STATE;
+ }
global_data.rng.entropy_init = entropy_init;
global_data.rng.entropy_free = entropy_free;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
-void mbedtls_psa_crypto_free( void )
+void mbedtls_psa_crypto_free(void)
{
- psa_wipe_all_key_slots( );
- if( global_data.rng_state != RNG_NOT_INITIALIZED )
- {
- mbedtls_psa_random_free( &global_data.rng );
+ psa_wipe_all_key_slots();
+ if (global_data.rng_state != RNG_NOT_INITIALIZED) {
+ mbedtls_psa_random_free(&global_data.rng);
}
/* Wipe all remaining data, including configuration.
* In particular, this sets all state indicator to the value
* indicating "uninitialized". */
- mbedtls_platform_zeroize( &global_data, sizeof( global_data ) );
+ mbedtls_platform_zeroize(&global_data, sizeof(global_data));
/* Terminate drivers */
- psa_driver_wrapper_free( );
+ psa_driver_wrapper_free();
}
#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
@@ -5427,60 +5442,61 @@
* fails.
*/
static psa_status_t psa_crypto_recover_transaction(
- const psa_crypto_transaction_t *transaction )
+ const psa_crypto_transaction_t *transaction)
{
- switch( transaction->unknown.type )
- {
+ switch (transaction->unknown.type) {
case PSA_CRYPTO_TRANSACTION_CREATE_KEY:
case PSA_CRYPTO_TRANSACTION_DESTROY_KEY:
- /* TODO - fall through to the failure case until this
- * is implemented.
- * https://github.com/ARMmbed/mbed-crypto/issues/218
- */
+ /* TODO - fall through to the failure case until this
+ * is implemented.
+ * https://github.com/ARMmbed/mbed-crypto/issues/218
+ */
default:
/* We found an unsupported transaction in the storage.
* We don't know what state the storage is in. Give up. */
- return( PSA_ERROR_DATA_INVALID );
+ return PSA_ERROR_DATA_INVALID;
}
}
#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
-psa_status_t psa_crypto_init( void )
+psa_status_t psa_crypto_init(void)
{
psa_status_t status;
/* Double initialization is explicitly allowed. */
- if( global_data.initialized != 0 )
- return( PSA_SUCCESS );
+ if (global_data.initialized != 0) {
+ return PSA_SUCCESS;
+ }
/* Initialize and seed the random generator. */
- mbedtls_psa_random_init( &global_data.rng );
+ mbedtls_psa_random_init(&global_data.rng);
global_data.rng_state = RNG_INITIALIZED;
- status = mbedtls_psa_random_seed( &global_data.rng );
- if( status != PSA_SUCCESS )
+ status = mbedtls_psa_random_seed(&global_data.rng);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
global_data.rng_state = RNG_SEEDED;
- status = psa_initialize_key_slots( );
- if( status != PSA_SUCCESS )
+ status = psa_initialize_key_slots();
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* Init drivers */
- status = psa_driver_wrapper_init( );
- if( status != PSA_SUCCESS )
+ status = psa_driver_wrapper_init();
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
- status = psa_crypto_load_transaction( );
- if( status == PSA_SUCCESS )
- {
- status = psa_crypto_recover_transaction( &psa_crypto_transaction );
- if( status != PSA_SUCCESS )
+ status = psa_crypto_load_transaction();
+ if (status == PSA_SUCCESS) {
+ status = psa_crypto_recover_transaction(&psa_crypto_transaction);
+ if (status != PSA_SUCCESS) {
goto exit;
- status = psa_crypto_stop_transaction( );
- }
- else if( status == PSA_ERROR_DOES_NOT_EXIST )
- {
+ }
+ status = psa_crypto_stop_transaction();
+ } else if (status == PSA_ERROR_DOES_NOT_EXIST) {
/* There's no transaction to complete. It's all good. */
status = PSA_SUCCESS;
}
@@ -5490,9 +5506,10 @@
global_data.initialized = 1;
exit:
- if( status != PSA_SUCCESS )
- mbedtls_psa_crypto_free( );
- return( status );
+ if (status != PSA_SUCCESS) {
+ mbedtls_psa_crypto_free();
+ }
+ return status;
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 2b07a68..26ccc1c 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -31,12 +31,10 @@
#include "mbedtls/cipher.h"
#include "mbedtls/gcm.h"
-typedef struct
-{
+typedef struct {
psa_algorithm_t core_alg;
uint8_t tag_length;
- union
- {
+ union {
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
mbedtls_ccm_context ccm;
@@ -50,25 +48,24 @@
} ctx;
} aead_operation_t;
-#define AEAD_OPERATION_INIT {0, 0, {0}}
+#define AEAD_OPERATION_INIT { 0, 0, { 0 } }
-static void psa_aead_abort_internal( aead_operation_t *operation )
+static void psa_aead_abort_internal(aead_operation_t *operation)
{
- switch( operation->core_alg )
- {
+ switch (operation->core_alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
case PSA_ALG_CCM:
- mbedtls_ccm_free( &operation->ctx.ccm );
+ mbedtls_ccm_free(&operation->ctx.ccm);
break;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
case PSA_ALG_GCM:
- mbedtls_gcm_free( &operation->ctx.gcm );
+ mbedtls_gcm_free(&operation->ctx.gcm);
break;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
case PSA_ALG_CHACHA20_POLY1305:
- mbedtls_chachapoly_free( &operation->ctx.chachapoly );
+ mbedtls_chachapoly_free(&operation->ctx.chachapoly);
break;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
}
@@ -78,7 +75,7 @@
aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t key_bits;
@@ -88,85 +85,92 @@
key_bits = attributes->core.bits;
- cipher_info = mbedtls_cipher_info_from_psa( alg,
- attributes->core.type, key_bits,
- &cipher_id );
- if( cipher_info == NULL )
- return( PSA_ERROR_NOT_SUPPORTED );
+ cipher_info = mbedtls_cipher_info_from_psa(alg,
+ attributes->core.type, key_bits,
+ &cipher_id);
+ if (cipher_info == NULL) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
- switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) )
- {
+ switch (PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
- case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0):
operation->core_alg = PSA_ALG_CCM;
full_tag_length = 16;
/* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
* The call to mbedtls_ccm_encrypt_and_tag or
* mbedtls_ccm_auth_decrypt will validate the tag length. */
- if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->core.type) != 16) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- mbedtls_ccm_init( &operation->ctx.ccm );
+ mbedtls_ccm_init(&operation->ctx.ccm);
status = mbedtls_to_psa_error(
- mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id,
- key_buffer, (unsigned int) key_bits ) );
- if( status != PSA_SUCCESS )
- return( status );
+ mbedtls_ccm_setkey(&operation->ctx.ccm, cipher_id,
+ key_buffer, (unsigned int) key_bits));
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
break;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
- case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0):
operation->core_alg = PSA_ALG_GCM;
full_tag_length = 16;
/* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
* The call to mbedtls_gcm_crypt_and_tag or
* mbedtls_gcm_auth_decrypt will validate the tag length. */
- if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->core.type) != 16) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- mbedtls_gcm_init( &operation->ctx.gcm );
+ mbedtls_gcm_init(&operation->ctx.gcm);
status = mbedtls_to_psa_error(
- mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id,
- key_buffer, (unsigned int) key_bits ) );
- if( status != PSA_SUCCESS )
- return( status );
+ mbedtls_gcm_setkey(&operation->ctx.gcm, cipher_id,
+ key_buffer, (unsigned int) key_bits));
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
break;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
- case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0):
operation->core_alg = PSA_ALG_CHACHA20_POLY1305;
full_tag_length = 16;
/* We only support the default tag length. */
- if( alg != PSA_ALG_CHACHA20_POLY1305 )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (alg != PSA_ALG_CHACHA20_POLY1305) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
- mbedtls_chachapoly_init( &operation->ctx.chachapoly );
+ mbedtls_chachapoly_init(&operation->ctx.chachapoly);
status = mbedtls_to_psa_error(
- mbedtls_chachapoly_setkey( &operation->ctx.chachapoly,
- key_buffer ) );
- if( status != PSA_SUCCESS )
- return( status );
+ mbedtls_chachapoly_setkey(&operation->ctx.chachapoly,
+ key_buffer));
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
break;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
default:
(void) status;
(void) key_buffer;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
- if( PSA_AEAD_TAG_LENGTH( attributes->core.type,
- key_bits, alg )
- > full_tag_length )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (PSA_AEAD_TAG_LENGTH(attributes->core.type,
+ key_bits, alg)
+ > full_tag_length) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- operation->tag_length = PSA_AEAD_TAG_LENGTH( attributes->core.type,
- key_bits,
- alg );
+ operation->tag_length = PSA_AEAD_TAG_LENGTH(attributes->core.type,
+ key_bits,
+ alg);
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
psa_status_t mbedtls_psa_aead_encrypt(
@@ -176,82 +180,75 @@
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *plaintext, size_t plaintext_length,
- uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
+ uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
aead_operation_t operation = AEAD_OPERATION_INIT;
uint8_t *tag;
(void) key_buffer_size;
- status = psa_aead_setup( &operation, attributes, key_buffer, alg );
- if( status != PSA_SUCCESS )
+ status = psa_aead_setup(&operation, attributes, key_buffer, alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* For all currently supported modes, the tag is at the end of the
* ciphertext. */
- if( ciphertext_size < ( plaintext_length + operation.tag_length ) )
- {
+ if (ciphertext_size < (plaintext_length + operation.tag_length)) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
tag = ciphertext + plaintext_length;
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
- if( operation.core_alg == PSA_ALG_CCM )
- {
+ if (operation.core_alg == PSA_ALG_CCM) {
status = mbedtls_to_psa_error(
- mbedtls_ccm_encrypt_and_tag( &operation.ctx.ccm,
- plaintext_length,
- nonce, nonce_length,
- additional_data,
- additional_data_length,
- plaintext, ciphertext,
- tag, operation.tag_length ) );
- }
- else
+ mbedtls_ccm_encrypt_and_tag(&operation.ctx.ccm,
+ plaintext_length,
+ nonce, nonce_length,
+ additional_data,
+ additional_data_length,
+ plaintext, ciphertext,
+ tag, operation.tag_length));
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
- if( operation.core_alg == PSA_ALG_GCM )
- {
+ if (operation.core_alg == PSA_ALG_GCM) {
status = mbedtls_to_psa_error(
- mbedtls_gcm_crypt_and_tag( &operation.ctx.gcm,
- MBEDTLS_GCM_ENCRYPT,
- plaintext_length,
- nonce, nonce_length,
- additional_data, additional_data_length,
- plaintext, ciphertext,
- operation.tag_length, tag ) );
- }
- else
+ mbedtls_gcm_crypt_and_tag(&operation.ctx.gcm,
+ MBEDTLS_GCM_ENCRYPT,
+ plaintext_length,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ plaintext, ciphertext,
+ operation.tag_length, tag));
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
- if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
- {
- if( nonce_length != 12 )
- {
- if( nonce_length == 8 )
+ if (operation.core_alg == PSA_ALG_CHACHA20_POLY1305) {
+ if (nonce_length != 12) {
+ if (nonce_length == 8) {
status = PSA_ERROR_NOT_SUPPORTED;
- else
+ } else {
status = PSA_ERROR_INVALID_ARGUMENT;
+ }
goto exit;
}
- if( operation.tag_length != 16 )
- {
+ if (operation.tag_length != 16) {
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
status = mbedtls_to_psa_error(
- mbedtls_chachapoly_encrypt_and_tag( &operation.ctx.chachapoly,
- plaintext_length,
- nonce,
- additional_data,
- additional_data_length,
- plaintext,
- ciphertext,
- tag ) );
- }
- else
+ mbedtls_chachapoly_encrypt_and_tag(&operation.ctx.chachapoly,
+ plaintext_length,
+ nonce,
+ additional_data,
+ additional_data_length,
+ plaintext,
+ ciphertext,
+ tag));
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
{
(void) tag;
@@ -260,16 +257,17 @@
(void) additional_data;
(void) additional_data_length;
(void) plaintext;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
*ciphertext_length = plaintext_length + operation.tag_length;
+ }
exit:
- psa_aead_abort_internal( &operation );
+ psa_aead_abort_internal(&operation);
- return( status );
+ return status;
}
/* Locate the tag in a ciphertext buffer containing the encrypted data
@@ -277,20 +275,22 @@
* *plaintext_length. This is the size of the plaintext in modes where
* the encrypted data has the same size as the plaintext, such as
* CCM and GCM. */
-static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length,
- const uint8_t *ciphertext,
- size_t ciphertext_length,
- size_t plaintext_size,
- const uint8_t **p_tag )
+static psa_status_t psa_aead_unpadded_locate_tag(size_t tag_length,
+ const uint8_t *ciphertext,
+ size_t ciphertext_length,
+ size_t plaintext_size,
+ const uint8_t **p_tag)
{
size_t payload_length;
- if( tag_length > ciphertext_length )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (tag_length > ciphertext_length) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
payload_length = ciphertext_length - tag_length;
- if( payload_length > plaintext_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (payload_length > plaintext_size) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
*p_tag = ciphertext + payload_length;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
psa_status_t mbedtls_psa_aead_decrypt(
@@ -300,79 +300,74 @@
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *ciphertext, size_t ciphertext_length,
- uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
+ uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
aead_operation_t operation = AEAD_OPERATION_INIT;
const uint8_t *tag = NULL;
(void) key_buffer_size;
- status = psa_aead_setup( &operation, attributes, key_buffer, alg );
- if( status != PSA_SUCCESS )
+ status = psa_aead_setup(&operation, attributes, key_buffer, alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_aead_unpadded_locate_tag( operation.tag_length,
- ciphertext, ciphertext_length,
- plaintext_size, &tag );
- if( status != PSA_SUCCESS )
+ status = psa_aead_unpadded_locate_tag(operation.tag_length,
+ ciphertext, ciphertext_length,
+ plaintext_size, &tag);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
- if( operation.core_alg == PSA_ALG_CCM )
- {
+ if (operation.core_alg == PSA_ALG_CCM) {
status = mbedtls_to_psa_error(
- mbedtls_ccm_auth_decrypt( &operation.ctx.ccm,
- ciphertext_length - operation.tag_length,
- nonce, nonce_length,
- additional_data,
- additional_data_length,
- ciphertext, plaintext,
- tag, operation.tag_length ) );
- }
- else
+ mbedtls_ccm_auth_decrypt(&operation.ctx.ccm,
+ ciphertext_length - operation.tag_length,
+ nonce, nonce_length,
+ additional_data,
+ additional_data_length,
+ ciphertext, plaintext,
+ tag, operation.tag_length));
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
- if( operation.core_alg == PSA_ALG_GCM )
- {
+ if (operation.core_alg == PSA_ALG_GCM) {
status = mbedtls_to_psa_error(
- mbedtls_gcm_auth_decrypt( &operation.ctx.gcm,
- ciphertext_length - operation.tag_length,
- nonce, nonce_length,
- additional_data,
- additional_data_length,
- tag, operation.tag_length,
- ciphertext, plaintext ) );
- }
- else
+ mbedtls_gcm_auth_decrypt(&operation.ctx.gcm,
+ ciphertext_length - operation.tag_length,
+ nonce, nonce_length,
+ additional_data,
+ additional_data_length,
+ tag, operation.tag_length,
+ ciphertext, plaintext));
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
- if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
- {
- if( nonce_length != 12 )
- {
- if( nonce_length == 8 )
+ if (operation.core_alg == PSA_ALG_CHACHA20_POLY1305) {
+ if (nonce_length != 12) {
+ if (nonce_length == 8) {
status = PSA_ERROR_NOT_SUPPORTED;
- else
+ } else {
status = PSA_ERROR_INVALID_ARGUMENT;
+ }
goto exit;
}
- if( operation.tag_length != 16 )
- {
+ if (operation.tag_length != 16) {
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
status = mbedtls_to_psa_error(
- mbedtls_chachapoly_auth_decrypt( &operation.ctx.chachapoly,
- ciphertext_length - operation.tag_length,
- nonce,
- additional_data,
- additional_data_length,
- tag,
- ciphertext,
- plaintext ) );
- }
- else
+ mbedtls_chachapoly_auth_decrypt(&operation.ctx.chachapoly,
+ ciphertext_length - operation.tag_length,
+ nonce,
+ additional_data,
+ additional_data_length,
+ tag,
+ ciphertext,
+ plaintext));
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
{
(void) nonce;
@@ -380,19 +375,20 @@
(void) additional_data;
(void) additional_data_length;
(void) plaintext;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
*plaintext_length = ciphertext_length - operation.tag_length;
+ }
exit:
- psa_aead_abort_internal( &operation );
+ psa_aead_abort_internal(&operation);
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
*plaintext_length = ciphertext_length - operation.tag_length;
- return( status );
+ }
+ return status;
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
-
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index e18e85d..320f835 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -83,7 +83,7 @@
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *plaintext, size_t plaintext_length,
- uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length );
+ uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length);
/**
* \brief Process an authenticated decryption operation.
@@ -146,6 +146,6 @@
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *ciphertext, size_t ciphertext_length,
- uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
+ uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length);
#endif /* PSA_CRYPTO_AEAD_H */
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 13006fa..d216339 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -35,18 +35,17 @@
psa_algorithm_t alg,
psa_key_type_t key_type,
size_t key_bits,
- mbedtls_cipher_id_t* cipher_id )
+ mbedtls_cipher_id_t *cipher_id)
{
mbedtls_cipher_mode_t mode;
mbedtls_cipher_id_t cipher_id_tmp;
- if( PSA_ALG_IS_AEAD( alg ) )
- alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 );
+ if (PSA_ALG_IS_AEAD(alg)) {
+ alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0);
+ }
- if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) )
- {
- switch( alg )
- {
+ if (PSA_ALG_IS_CIPHER(alg) || PSA_ALG_IS_AEAD(alg)) {
+ switch (alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER)
case PSA_ALG_STREAM_CIPHER:
mode = MBEDTLS_MODE_STREAM;
@@ -83,31 +82,30 @@
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
- case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0):
mode = MBEDTLS_MODE_CCM;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
- case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0):
mode = MBEDTLS_MODE_GCM;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
- case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0):
mode = MBEDTLS_MODE_CHACHAPOLY;
break;
#endif
default:
- return( NULL );
+ return NULL;
}
- }
- else if( alg == PSA_ALG_CMAC )
+ } else if (alg == PSA_ALG_CMAC) {
mode = MBEDTLS_MODE_ECB;
- else
- return( NULL );
+ } else {
+ return NULL;
+ }
- switch( key_type )
- {
+ switch (key_type) {
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES)
case PSA_KEY_TYPE_AES:
cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
@@ -122,15 +120,17 @@
case PSA_KEY_TYPE_DES:
/* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
* and 192 for three-key Triple-DES. */
- if( key_bits == 64 )
+ if (key_bits == 64) {
cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
- else
+ } else {
cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
+ }
/* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
* but two-key Triple-DES is functionally three-key Triple-DES
* with K1=K3, so that's how we present it to mbedtls. */
- if( key_bits == 128 )
+ if (key_bits == 128) {
key_bits = 192;
+ }
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA)
@@ -149,13 +149,14 @@
break;
#endif
default:
- return( NULL );
+ return NULL;
}
- if( cipher_id != NULL )
+ if (cipher_id != NULL) {
*cipher_id = cipher_id_tmp;
+ }
- return( mbedtls_cipher_info_from_values( cipher_id_tmp,
- (int) key_bits, mode ) );
+ return mbedtls_cipher_info_from_values(cipher_id_tmp,
+ (int) key_bits, mode);
}
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
@@ -165,110 +166,112 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
- mbedtls_operation_t cipher_operation )
+ mbedtls_operation_t cipher_operation)
{
int ret = 0;
size_t key_bits;
const mbedtls_cipher_info_t *cipher_info = NULL;
psa_key_type_t key_type = attributes->core.type;
- (void)key_buffer_size;
+ (void) key_buffer_size;
- mbedtls_cipher_init( &operation->ctx.cipher );
+ mbedtls_cipher_init(&operation->ctx.cipher);
operation->alg = alg;
key_bits = attributes->core.bits;
- cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
- key_bits, NULL );
- if( cipher_info == NULL )
- return( PSA_ERROR_NOT_SUPPORTED );
+ cipher_info = mbedtls_cipher_info_from_psa(alg, key_type,
+ key_bits, NULL);
+ if (cipher_info == NULL) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
- ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info );
- if( ret != 0 )
+ ret = mbedtls_cipher_setup(&operation->ctx.cipher, cipher_info);
+ if (ret != 0) {
goto exit;
+ }
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
- if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 )
- {
+ if (key_type == PSA_KEY_TYPE_DES && key_bits == 128) {
/* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */
uint8_t keys[24];
- memcpy( keys, key_buffer, 16 );
- memcpy( keys + 16, key_buffer, 8 );
- ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
- keys,
- 192, cipher_operation );
- }
- else
+ memcpy(keys, key_buffer, 16);
+ memcpy(keys + 16, key_buffer, 8);
+ ret = mbedtls_cipher_setkey(&operation->ctx.cipher,
+ keys,
+ 192, cipher_operation);
+ } else
#endif
{
- ret = mbedtls_cipher_setkey( &operation->ctx.cipher, key_buffer,
- (int) key_bits, cipher_operation );
+ ret = mbedtls_cipher_setkey(&operation->ctx.cipher, key_buffer,
+ (int) key_bits, cipher_operation);
}
- if( ret != 0 )
+ if (ret != 0) {
goto exit;
+ }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
- switch( alg )
- {
+ switch (alg) {
case PSA_ALG_CBC_NO_PADDING:
- ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
- MBEDTLS_PADDING_NONE );
+ ret = mbedtls_cipher_set_padding_mode(&operation->ctx.cipher,
+ MBEDTLS_PADDING_NONE);
break;
case PSA_ALG_CBC_PKCS7:
- ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
- MBEDTLS_PADDING_PKCS7 );
+ ret = mbedtls_cipher_set_padding_mode(&operation->ctx.cipher,
+ MBEDTLS_PADDING_PKCS7);
break;
default:
/* The algorithm doesn't involve padding. */
ret = 0;
break;
}
- if( ret != 0 )
+ if (ret != 0) {
goto exit;
+ }
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING ||
MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 */
- operation->block_length = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 :
- PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
- operation->iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
+ operation->block_length = (PSA_ALG_IS_STREAM_CIPHER(alg) ? 1 :
+ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type));
+ operation->iv_length = PSA_CIPHER_IV_LENGTH(key_type, alg);
exit:
- return( mbedtls_to_psa_error( ret ) );
+ return mbedtls_to_psa_error(ret);
}
psa_status_t mbedtls_psa_cipher_encrypt_setup(
mbedtls_psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
- return( psa_cipher_setup( operation, attributes,
- key_buffer, key_buffer_size,
- alg, MBEDTLS_ENCRYPT ) );
+ return psa_cipher_setup(operation, attributes,
+ key_buffer, key_buffer_size,
+ alg, MBEDTLS_ENCRYPT);
}
psa_status_t mbedtls_psa_cipher_decrypt_setup(
mbedtls_psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
- return( psa_cipher_setup( operation, attributes,
- key_buffer, key_buffer_size,
- alg, MBEDTLS_DECRYPT ) );
+ return psa_cipher_setup(operation, attributes,
+ key_buffer, key_buffer_size,
+ alg, MBEDTLS_DECRYPT);
}
psa_status_t mbedtls_psa_cipher_set_iv(
mbedtls_psa_cipher_operation_t *operation,
- const uint8_t *iv, size_t iv_length )
+ const uint8_t *iv, size_t iv_length)
{
- if( iv_length != operation->iv_length )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (iv_length != operation->iv_length) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- return( mbedtls_to_psa_error(
- mbedtls_cipher_set_iv( &operation->ctx.cipher,
- iv, iv_length ) ) );
+ return mbedtls_to_psa_error(
+ mbedtls_cipher_set_iv(&operation->ctx.cipher,
+ iv, iv_length));
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
@@ -300,43 +303,42 @@
const uint8_t *input,
size_t input_length,
uint8_t *output,
- size_t *output_length )
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t block_size = ctx->cipher_info->block_size;
size_t internal_output_length = 0;
*output_length = 0;
- if( input_length == 0 )
- {
+ if (input_length == 0) {
status = PSA_SUCCESS;
goto exit;
}
- if( ctx->unprocessed_len > 0 )
- {
+ if (ctx->unprocessed_len > 0) {
/* Fill up to block size, and run the block if there's a full one. */
size_t bytes_to_copy = block_size - ctx->unprocessed_len;
- if( input_length < bytes_to_copy )
+ if (input_length < bytes_to_copy) {
bytes_to_copy = input_length;
+ }
- memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
- input, bytes_to_copy );
+ memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]),
+ input, bytes_to_copy);
input_length -= bytes_to_copy;
input += bytes_to_copy;
ctx->unprocessed_len += bytes_to_copy;
- if( ctx->unprocessed_len == block_size )
- {
+ if (ctx->unprocessed_len == block_size) {
status = mbedtls_to_psa_error(
- mbedtls_cipher_update( ctx,
- ctx->unprocessed_data,
- block_size,
- output, &internal_output_length ) );
+ mbedtls_cipher_update(ctx,
+ ctx->unprocessed_data,
+ block_size,
+ output, &internal_output_length));
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
output += internal_output_length;
*output_length += internal_output_length;
@@ -344,16 +346,16 @@
}
}
- while( input_length >= block_size )
- {
+ while (input_length >= block_size) {
/* Run all full blocks we have, one by one */
status = mbedtls_to_psa_error(
- mbedtls_cipher_update( ctx, input,
- block_size,
- output, &internal_output_length ) );
+ mbedtls_cipher_update(ctx, input,
+ block_size,
+ output, &internal_output_length));
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
input_length -= block_size;
input += block_size;
@@ -362,174 +364,175 @@
*output_length += internal_output_length;
}
- if( input_length > 0 )
- {
+ if (input_length > 0) {
/* Save unprocessed bytes for later processing */
- memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
- input, input_length );
+ memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]),
+ input, input_length);
ctx->unprocessed_len += input_length;
}
status = PSA_SUCCESS;
exit:
- return( status );
+ return status;
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING */
psa_status_t mbedtls_psa_cipher_update(
mbedtls_psa_cipher_operation_t *operation,
const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length )
+ uint8_t *output, size_t output_size, size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t expected_output_size;
- if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) )
- {
+ if (!PSA_ALG_IS_STREAM_CIPHER(operation->alg)) {
/* Take the unprocessed partial block left over from previous
* update calls, if any, plus the input to this call. Remove
* the last partial block, if any. You get the data that will be
* output in this call. */
expected_output_size =
- ( operation->ctx.cipher.unprocessed_len + input_length )
+ (operation->ctx.cipher.unprocessed_len + input_length)
/ operation->block_length * operation->block_length;
- }
- else
- {
+ } else {
expected_output_size = input_length;
}
- if( output_size < expected_output_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (output_size < expected_output_size) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
- if( operation->alg == PSA_ALG_ECB_NO_PADDING )
- {
+ if (operation->alg == PSA_ALG_ECB_NO_PADDING) {
/* mbedtls_cipher_update has an API inconsistency: it will only
- * process a single block at a time in ECB mode. Abstract away that
- * inconsistency here to match the PSA API behaviour. */
- status = psa_cipher_update_ecb( &operation->ctx.cipher,
- input,
- input_length,
- output,
- output_length );
- }
- else
+ * process a single block at a time in ECB mode. Abstract away that
+ * inconsistency here to match the PSA API behaviour. */
+ status = psa_cipher_update_ecb(&operation->ctx.cipher,
+ input,
+ input_length,
+ output,
+ output_length);
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING */
{
status = mbedtls_to_psa_error(
- mbedtls_cipher_update( &operation->ctx.cipher, input,
- input_length, output, output_length ) );
+ mbedtls_cipher_update(&operation->ctx.cipher, input,
+ input_length, output, output_length));
- if( *output_length > output_size )
- return( PSA_ERROR_CORRUPTION_DETECTED );
+ if (*output_length > output_size) {
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
}
- return( status );
+ return status;
}
psa_status_t mbedtls_psa_cipher_finish(
mbedtls_psa_cipher_operation_t *operation,
- uint8_t *output, size_t output_size, size_t *output_length )
+ uint8_t *output, size_t output_size, size_t *output_length)
{
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
- if( operation->ctx.cipher.unprocessed_len != 0 )
- {
- if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
- operation->alg == PSA_ALG_CBC_NO_PADDING )
- {
+ if (operation->ctx.cipher.unprocessed_len != 0) {
+ if (operation->alg == PSA_ALG_ECB_NO_PADDING ||
+ operation->alg == PSA_ALG_CBC_NO_PADDING) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
}
status = mbedtls_to_psa_error(
- mbedtls_cipher_finish( &operation->ctx.cipher,
- temp_output_buffer,
- output_length ) );
- if( status != PSA_SUCCESS )
+ mbedtls_cipher_finish(&operation->ctx.cipher,
+ temp_output_buffer,
+ output_length));
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( *output_length == 0 )
+ if (*output_length == 0) {
; /* Nothing to copy. Note that output may be NULL in this case. */
- else if( output_size >= *output_length )
- memcpy( output, temp_output_buffer, *output_length );
- else
+ } else if (output_size >= *output_length) {
+ memcpy(output, temp_output_buffer, *output_length);
+ } else {
status = PSA_ERROR_BUFFER_TOO_SMALL;
+ }
exit:
- mbedtls_platform_zeroize( temp_output_buffer,
- sizeof( temp_output_buffer ) );
+ mbedtls_platform_zeroize(temp_output_buffer,
+ sizeof(temp_output_buffer));
- return( status );
+ return status;
}
psa_status_t mbedtls_psa_cipher_abort(
- mbedtls_psa_cipher_operation_t *operation )
+ mbedtls_psa_cipher_operation_t *operation)
{
/* Sanity check (shouldn't happen: operation->alg should
* always have been initialized to a valid value). */
- if( ! PSA_ALG_IS_CIPHER( operation->alg ) )
- return( PSA_ERROR_BAD_STATE );
+ if (!PSA_ALG_IS_CIPHER(operation->alg)) {
+ return PSA_ERROR_BAD_STATE;
+ }
- mbedtls_cipher_free( &operation->ctx.cipher );
+ mbedtls_cipher_free(&operation->ctx.cipher);
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *iv,
- size_t iv_length,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length )
+psa_status_t mbedtls_psa_cipher_encrypt(const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *iv,
+ size_t iv_length,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
size_t update_output_length, finish_output_length;
- status = mbedtls_psa_cipher_encrypt_setup( &operation, attributes,
- key_buffer, key_buffer_size,
- alg );
- if( status != PSA_SUCCESS )
+ status = mbedtls_psa_cipher_encrypt_setup(&operation, attributes,
+ key_buffer, key_buffer_size,
+ alg);
+ if (status != PSA_SUCCESS) {
goto exit;
-
- if( iv_length > 0 )
- {
- status = mbedtls_psa_cipher_set_iv( &operation, iv, iv_length );
- if( status != PSA_SUCCESS )
- goto exit;
}
- status = mbedtls_psa_cipher_update( &operation, input, input_length,
- output, output_size, &update_output_length );
- if( status != PSA_SUCCESS )
+ if (iv_length > 0) {
+ status = mbedtls_psa_cipher_set_iv(&operation, iv, iv_length);
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+ }
+
+ status = mbedtls_psa_cipher_update(&operation, input, input_length,
+ output, output_size, &update_output_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
status = mbedtls_psa_cipher_finish(
&operation,
- mbedtls_buffer_offset( output, update_output_length ),
- output_size - update_output_length, &finish_output_length );
- if( status != PSA_SUCCESS )
+ mbedtls_buffer_offset(output, update_output_length),
+ output_size - update_output_length, &finish_output_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
*output_length = update_output_length + finish_output_length;
exit:
- if( status == PSA_SUCCESS )
- status = mbedtls_psa_cipher_abort( &operation );
- else
- mbedtls_psa_cipher_abort( &operation );
+ if (status == PSA_SUCCESS) {
+ status = mbedtls_psa_cipher_abort(&operation);
+ } else {
+ mbedtls_psa_cipher_abort(&operation);
+ }
- return( status );
+ return status;
}
psa_status_t mbedtls_psa_cipher_decrypt(
@@ -541,52 +544,56 @@
size_t input_length,
uint8_t *output,
size_t output_size,
- size_t *output_length )
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
size_t olength, accumulated_length;
- status = mbedtls_psa_cipher_decrypt_setup( &operation, attributes,
- key_buffer, key_buffer_size,
- alg );
- if( status != PSA_SUCCESS )
+ status = mbedtls_psa_cipher_decrypt_setup(&operation, attributes,
+ key_buffer, key_buffer_size,
+ alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( operation.iv_length > 0 )
- {
- status = mbedtls_psa_cipher_set_iv( &operation,
- input, operation.iv_length );
- if( status != PSA_SUCCESS )
+ if (operation.iv_length > 0) {
+ status = mbedtls_psa_cipher_set_iv(&operation,
+ input, operation.iv_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
}
status = mbedtls_psa_cipher_update(
&operation,
- mbedtls_buffer_offset_const( input, operation.iv_length ),
+ mbedtls_buffer_offset_const(input, operation.iv_length),
input_length - operation.iv_length,
- output, output_size, &olength );
- if( status != PSA_SUCCESS )
+ output, output_size, &olength);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
accumulated_length = olength;
status = mbedtls_psa_cipher_finish(
&operation,
- mbedtls_buffer_offset( output, accumulated_length ),
- output_size - accumulated_length, &olength );
- if( status != PSA_SUCCESS )
+ mbedtls_buffer_offset(output, accumulated_length),
+ output_size - accumulated_length, &olength);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
*output_length = accumulated_length + olength;
exit:
- if ( status == PSA_SUCCESS )
- status = mbedtls_psa_cipher_abort( &operation );
- else
- mbedtls_psa_cipher_abort( &operation );
+ if (status == PSA_SUCCESS) {
+ status = mbedtls_psa_cipher_abort(&operation);
+ } else {
+ mbedtls_psa_cipher_abort(&operation);
+ }
- return( status );
+ return status;
}
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h
index 3bd5360..6cc6bf6 100644
--- a/library/psa_crypto_cipher.h
+++ b/library/psa_crypto_cipher.h
@@ -38,7 +38,7 @@
*/
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
psa_algorithm_t alg, psa_key_type_t key_type, size_t key_bits,
- mbedtls_cipher_id_t *cipher_id );
+ mbedtls_cipher_id_t *cipher_id);
/**
* \brief Set the key for a multipart symmetric encryption operation.
@@ -68,7 +68,7 @@
mbedtls_psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
/**
* \brief Set the key for a multipart symmetric decryption operation.
@@ -98,7 +98,7 @@
mbedtls_psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
/** Set the IV for a symmetric encryption or decryption operation.
*
@@ -124,7 +124,7 @@
*/
psa_status_t mbedtls_psa_cipher_set_iv(
mbedtls_psa_cipher_operation_t *operation,
- const uint8_t *iv, size_t iv_length );
+ const uint8_t *iv, size_t iv_length);
/** Encrypt or decrypt a message fragment in an active cipher operation.
*
@@ -150,7 +150,7 @@
psa_status_t mbedtls_psa_cipher_update(
mbedtls_psa_cipher_operation_t *operation,
const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length );
+ uint8_t *output, size_t output_size, size_t *output_length);
/** Finish encrypting or decrypting a message in a cipher operation.
*
@@ -180,7 +180,7 @@
*/
psa_status_t mbedtls_psa_cipher_finish(
mbedtls_psa_cipher_operation_t *operation,
- uint8_t *output, size_t output_size, size_t *output_length );
+ uint8_t *output, size_t output_size, size_t *output_length);
/** Abort a cipher operation.
*
@@ -197,7 +197,7 @@
*
* \retval #PSA_SUCCESS
*/
-psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation );
+psa_status_t mbedtls_psa_cipher_abort(mbedtls_psa_cipher_operation_t *operation);
/** Encrypt a message using a symmetric cipher.
*
@@ -241,17 +241,17 @@
* This is a decryption operation for an algorithm that includes
* padding, and the ciphertext does not contain valid padding.
*/
-psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *iv,
- size_t iv_length,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length );
+psa_status_t mbedtls_psa_cipher_encrypt(const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *iv,
+ size_t iv_length,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
/** Decrypt a message using a symmetric cipher.
*
@@ -292,14 +292,14 @@
* This is a decryption operation for an algorithm that includes
* padding, and the ciphertext does not contain valid padding.
*/
-psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length );
+psa_status_t mbedtls_psa_cipher_decrypt(const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
#endif /* PSA_CRYPTO_CIPHER_H */
diff --git a/library/psa_crypto_client.c b/library/psa_crypto_client.c
index ab79086..c323427 100644
--- a/library/psa_crypto_client.c
+++ b/library/psa_crypto_client.c
@@ -26,32 +26,31 @@
#include <string.h>
#include "mbedtls/platform.h"
-void psa_reset_key_attributes( psa_key_attributes_t *attributes )
+void psa_reset_key_attributes(psa_key_attributes_t *attributes)
{
- mbedtls_free( attributes->domain_parameters );
- memset( attributes, 0, sizeof( *attributes ) );
+ mbedtls_free(attributes->domain_parameters);
+ memset(attributes, 0, sizeof(*attributes));
}
-psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
- psa_key_type_t type,
- const uint8_t *data,
- size_t data_length )
+psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
+ psa_key_type_t type,
+ const uint8_t *data,
+ size_t data_length)
{
uint8_t *copy = NULL;
- if( data_length != 0 )
- {
- copy = mbedtls_calloc( 1, data_length );
- if( copy == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
- memcpy( copy, data, data_length );
+ if (data_length != 0) {
+ copy = mbedtls_calloc(1, data_length);
+ if (copy == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
+ memcpy(copy, data, data_length);
}
/* After this point, this function is guaranteed to succeed, so it
* can start modifying `*attributes`. */
- if( attributes->domain_parameters != NULL )
- {
- mbedtls_free( attributes->domain_parameters );
+ if (attributes->domain_parameters != NULL) {
+ mbedtls_free(attributes->domain_parameters);
attributes->domain_parameters = NULL;
attributes->domain_parameters_size = 0;
}
@@ -59,20 +58,22 @@
attributes->domain_parameters = copy;
attributes->domain_parameters_size = data_length;
attributes->core.type = type;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
psa_status_t psa_get_key_domain_parameters(
const psa_key_attributes_t *attributes,
- uint8_t *data, size_t data_size, size_t *data_length )
+ uint8_t *data, size_t data_size, size_t *data_length)
{
- if( attributes->domain_parameters_size > data_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (attributes->domain_parameters_size > data_size) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
*data_length = attributes->domain_parameters_size;
- if( attributes->domain_parameters_size != 0 )
- memcpy( data, attributes->domain_parameters,
- attributes->domain_parameters_size );
- return( PSA_SUCCESS );
+ if (attributes->domain_parameters_size != 0) {
+ memcpy(data, attributes->domain_parameters,
+ attributes->domain_parameters_size);
+ }
+ return PSA_SUCCESS;
}
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 0d8f71f..672fb5d 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -39,22 +39,22 @@
* \return 0 if the buffer contents are equal, non-zero otherwise
*/
static inline int mbedtls_psa_safer_memcmp(
- const uint8_t *a, const uint8_t *b, size_t n )
+ const uint8_t *a, const uint8_t *b, size_t n)
{
size_t i;
unsigned char diff = 0;
- for( i = 0; i < n; i++ )
+ for (i = 0; i < n; i++) {
diff |= a[i] ^ b[i];
+ }
- return( diff );
+ return diff;
}
/** The data structure representing a key slot, containing key material
* and metadata for one key.
*/
-typedef struct
-{
+typedef struct {
psa_core_key_attributes_t attr;
/*
@@ -84,8 +84,7 @@
/* Dynamically allocated key data buffer.
* Format as specified in psa_export_key(). */
- struct key_data
- {
+ struct key_data {
uint8_t *data;
size_t bytes;
} key;
@@ -94,7 +93,7 @@
/* A mask of key attribute flags used only internally.
* Currently there aren't any. */
#define PSA_KA_MASK_INTERNAL_ONLY ( \
- 0 )
+ 0)
/** Test whether a key slot is occupied.
*
@@ -105,9 +104,9 @@
*
* \return 1 if the slot is occupied, 0 otherwise.
*/
-static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot )
+static inline int psa_is_key_slot_occupied(const psa_key_slot_t *slot)
{
- return( slot->attr.type != 0 );
+ return slot->attr.type != 0;
}
/** Test whether a key slot is locked.
@@ -118,9 +117,9 @@
*
* \return 1 if the slot is locked, 0 otherwise.
*/
-static inline int psa_is_key_slot_locked( const psa_key_slot_t *slot )
+static inline int psa_is_key_slot_locked(const psa_key_slot_t *slot)
{
- return( slot->lock_count > 0 );
+ return slot->lock_count > 0;
}
/** Retrieve flags from psa_key_slot_t::attr::core::flags.
@@ -131,10 +130,10 @@
* \return The key attribute flags in the given slot,
* bitwise-anded with \p mask.
*/
-static inline uint16_t psa_key_slot_get_flags( const psa_key_slot_t *slot,
- uint16_t mask )
+static inline uint16_t psa_key_slot_get_flags(const psa_key_slot_t *slot,
+ uint16_t mask)
{
- return( slot->attr.flags & mask );
+ return slot->attr.flags & mask;
}
/** Set flags in psa_key_slot_t::attr::core::flags.
@@ -143,12 +142,12 @@
* \param mask The mask of bits to modify.
* \param value The new value of the selected bits.
*/
-static inline void psa_key_slot_set_flags( psa_key_slot_t *slot,
- uint16_t mask,
- uint16_t value )
+static inline void psa_key_slot_set_flags(psa_key_slot_t *slot,
+ uint16_t mask,
+ uint16_t value)
{
- slot->attr.flags = ( ( ~mask & slot->attr.flags ) |
- ( mask & value ) );
+ slot->attr.flags = ((~mask & slot->attr.flags) |
+ (mask & value));
}
/** Turn on flags in psa_key_slot_t::attr::core::flags.
@@ -156,8 +155,8 @@
* \param[in,out] slot The key slot to modify.
* \param mask The mask of bits to set.
*/
-static inline void psa_key_slot_set_bits_in_flags( psa_key_slot_t *slot,
- uint16_t mask )
+static inline void psa_key_slot_set_bits_in_flags(psa_key_slot_t *slot,
+ uint16_t mask)
{
slot->attr.flags |= mask;
}
@@ -167,8 +166,8 @@
* \param[in,out] slot The key slot to modify.
* \param mask The mask of bits to clear.
*/
-static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot,
- uint16_t mask )
+static inline void psa_key_slot_clear_bits(psa_key_slot_t *slot,
+ uint16_t mask)
{
slot->attr.flags &= ~mask;
}
@@ -181,9 +180,9 @@
* secure element, otherwise the behaviour is undefined.
*/
static inline psa_key_slot_number_t psa_key_slot_get_slot_number(
- const psa_key_slot_t *slot )
+ const psa_key_slot_t *slot)
{
- return( *( (psa_key_slot_number_t *)( slot->key.data ) ) );
+ return *((psa_key_slot_number_t *) (slot->key.data));
}
#endif
@@ -198,7 +197,7 @@
* already fully wiped.
* \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
-psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
+psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot);
/** Try to allocate a buffer to an empty key slot.
*
@@ -212,11 +211,11 @@
* \retval #PSA_ERROR_ALREADY_EXISTS
* Trying to allocate a buffer to a non-empty key slot.
*/
-psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot,
- size_t buffer_length );
+psa_status_t psa_allocate_buffer_to_slot(psa_key_slot_t *slot,
+ size_t buffer_length);
/** Wipe key data from a slot. Preserves metadata such as the policy. */
-psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot );
+psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot);
/** Copy key data (in export format) into an empty key slot.
*
@@ -235,9 +234,9 @@
* \retval #PSA_ERROR_ALREADY_EXISTS
* There was other key material already present in the slot.
*/
-psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot,
- const uint8_t *data,
- size_t data_length );
+psa_status_t psa_copy_key_material_into_slot(psa_key_slot_t *slot,
+ const uint8_t *data,
+ size_t data_length);
/** Convert an mbed TLS error code to a PSA error code
*
@@ -248,7 +247,7 @@
*
* \return The corresponding PSA error code
*/
-psa_status_t mbedtls_to_psa_error( int ret );
+psa_status_t mbedtls_to_psa_error(int ret);
/** Import a key in binary format.
*
@@ -280,7 +279,7 @@
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
- size_t *key_buffer_length, size_t *bits );
+ size_t *key_buffer_length, size_t *bits);
/** Export a key in binary format
*
@@ -307,7 +306,7 @@
psa_status_t psa_export_key_internal(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length );
+ uint8_t *data, size_t data_size, size_t *data_length);
/** Export a public key or the public part of a key pair in binary format.
*
@@ -335,7 +334,7 @@
psa_status_t psa_export_public_key_internal(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length );
+ uint8_t *data, size_t data_size, size_t *data_length);
/**
* \brief Generate a key.
@@ -357,10 +356,10 @@
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of \p key_buffer is too small.
*/
-psa_status_t psa_generate_key_internal( const psa_key_attributes_t *attributes,
- uint8_t *key_buffer,
- size_t key_buffer_size,
- size_t *key_buffer_length );
+psa_status_t psa_generate_key_internal(const psa_key_attributes_t *attributes,
+ uint8_t *key_buffer,
+ size_t key_buffer_size,
+ size_t *key_buffer_length);
/** Sign a message with a private key. For hash-and-sign algorithms,
* this includes the hashing step.
@@ -403,7 +402,7 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *input, size_t input_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length );
+ uint8_t *signature, size_t signature_size, size_t *signature_length);
/** Verify the signature of a message with a public key, using
* a hash-and-sign verification algorithm.
@@ -440,7 +439,7 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *input, size_t input_length,
- const uint8_t *signature, size_t signature_length );
+ const uint8_t *signature, size_t signature_length);
/** Sign an already-calculated hash with a private key.
*
@@ -479,7 +478,7 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length );
+ uint8_t *signature, size_t signature_size, size_t *signature_length);
/**
* \brief Verify the signature a hash or short message using a public key.
@@ -514,6 +513,6 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length );
+ const uint8_t *signature, size_t signature_length);
#endif /* PSA_CRYPTO_CORE_H */
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index c9b86fe..48ad6d5 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -66,41 +66,44 @@
#include "psa_crypto_se.h"
#endif
-psa_status_t psa_driver_wrapper_init( void )
+psa_status_t psa_driver_wrapper_init(void)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- status = psa_init_all_se_drivers( );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_init_all_se_drivers();
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = mbedtls_test_transparent_init( );
- if( status != PSA_SUCCESS )
- return( status );
+ status = mbedtls_test_transparent_init();
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- status = mbedtls_test_opaque_init( );
- if( status != PSA_SUCCESS )
- return( status );
+ status = mbedtls_test_opaque_init();
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
#endif
(void) status;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-void psa_driver_wrapper_free( void )
+void psa_driver_wrapper_free(void)
{
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Unregister all secure element drivers, so that we restart from
* a pristine state. */
- psa_unregister_all_se_drivers( );
+ psa_unregister_all_se_drivers();
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(PSA_CRYPTO_DRIVER_TEST)
- mbedtls_test_transparent_free( );
- mbedtls_test_opaque_free( );
+ mbedtls_test_transparent_free();
+ mbedtls_test_opaque_free();
#endif
}
@@ -114,70 +117,71 @@
size_t input_length,
uint8_t *signature,
size_t signature_size,
- size_t *signature_length )
+ size_t *signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
- PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
- switch( location )
- {
+ switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_signature_sign_message(
- attributes,
- key_buffer,
- key_buffer_size,
- alg,
- input,
- input_length,
- signature,
- signature_size,
- signature_length );
+ attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ signature,
+ signature_size,
+ signature_length);
/* Declared with fallback == true */
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
break;
- /* Add cases for opaque driver here */
+ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
status = mbedtls_test_opaque_signature_sign_message(
- attributes,
- key_buffer,
- key_buffer_size,
- alg,
- input,
- input_length,
- signature,
- signature_size,
- signature_length );
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ signature,
+ signature_size,
+ signature_length);
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
break;
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
- (void)status;
+ (void) status;
break;
}
- return( psa_sign_message_builtin( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- input,
- input_length,
- signature,
- signature_size,
- signature_length ) );
+ return psa_sign_message_builtin(attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ signature,
+ signature_size,
+ signature_length);
}
psa_status_t psa_driver_wrapper_verify_message(
@@ -188,107 +192,135 @@
const uint8_t *input,
size_t input_length,
const uint8_t *signature,
- size_t signature_length )
+ size_t signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
- PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
- switch( location )
- {
+ switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_signature_verify_message(
- attributes,
- key_buffer,
- key_buffer_size,
- alg,
- input,
- input_length,
- signature,
- signature_length );
+ attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ signature,
+ signature_length);
/* Declared with fallback == true */
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
break;
- /* Add cases for opaque driver here */
+ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( mbedtls_test_opaque_signature_verify_message(
- attributes,
- key_buffer,
- key_buffer_size,
- alg,
- input,
- input_length,
- signature,
- signature_length ) );
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ return mbedtls_test_opaque_signature_verify_message(
+ attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ signature,
+ signature_length);
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
break;
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
- (void)status;
+ (void) status;
break;
}
- return( psa_verify_message_builtin( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- input,
- input_length,
- signature,
- signature_length ) );
+ return psa_verify_message_builtin(attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ signature,
+ signature_length);
}
psa_status_t psa_driver_wrapper_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length )
+ uint8_t *signature, size_t signature_size, size_t *signature_length)
{
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
- if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
- {
- if( drv->asymmetric == NULL ||
- drv->asymmetric->p_sign == NULL )
- {
+ if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
+ if (drv->asymmetric == NULL ||
+ drv->asymmetric->p_sign == NULL) {
/* Key is defined in SE, but we have no way to exercise it */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
- return( drv->asymmetric->p_sign(
- drv_context, *( (psa_key_slot_number_t *)key_buffer ),
- alg, hash, hash_length,
- signature, signature_size, signature_length ) );
+ return drv->asymmetric->p_sign(
+ drv_context, *((psa_key_slot_number_t *) key_buffer),
+ alg, hash, hash_length,
+ signature, signature_size, signature_length);
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
- PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
- switch( location )
- {
+ switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = mbedtls_test_transparent_signature_sign_hash( attributes,
+ status = mbedtls_test_transparent_signature_sign_hash(attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_size,
+ signature_length);
+ /* Declared with fallback == true */
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ /* Fell through, meaning no accelerator supports this operation */
+ return psa_sign_hash_builtin(attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_size,
+ signature_length);
+
+ /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
+ return mbedtls_test_opaque_signature_sign_hash(attributes,
key_buffer,
key_buffer_size,
alg,
@@ -296,42 +328,13 @@
hash_length,
signature,
signature_size,
- signature_length );
- /* Declared with fallback == true */
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- /* Fell through, meaning no accelerator supports this operation */
- return( psa_sign_hash_builtin( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- hash,
- hash_length,
- signature,
- signature_size,
- signature_length ) );
-
- /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( mbedtls_test_opaque_signature_sign_hash( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- hash,
- hash_length,
- signature,
- signature_size,
- signature_length ) );
+ signature_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
- (void)status;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ (void) status;
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
@@ -339,81 +342,79 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length )
+ const uint8_t *signature, size_t signature_length)
{
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
- if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
- {
- if( drv->asymmetric == NULL ||
- drv->asymmetric->p_verify == NULL )
- {
+ if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
+ if (drv->asymmetric == NULL ||
+ drv->asymmetric->p_verify == NULL) {
/* Key is defined in SE, but we have no way to exercise it */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
- return( drv->asymmetric->p_verify(
- drv_context, *( (psa_key_slot_number_t *)key_buffer ),
- alg, hash, hash_length,
- signature, signature_length ) );
+ return drv->asymmetric->p_verify(
+ drv_context, *((psa_key_slot_number_t *) key_buffer),
+ alg, hash, hash_length,
+ signature, signature_length);
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
- PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
- switch( location )
- {
+ switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_signature_verify_hash(
- attributes,
- key_buffer,
- key_buffer_size,
- alg,
- hash,
- hash_length,
- signature,
- signature_length );
+ attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_length);
/* Declared with fallback == true */
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- return( psa_verify_hash_builtin( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- hash,
- hash_length,
- signature,
- signature_length ) );
+ return psa_verify_hash_builtin(attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_length);
- /* Add cases for opaque driver here */
+ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( mbedtls_test_opaque_signature_verify_hash( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- hash,
- hash_length,
- signature,
- signature_length ) );
+ return mbedtls_test_opaque_signature_verify_hash(attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
- (void)status;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ (void) status;
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
@@ -434,42 +435,40 @@
*/
psa_status_t psa_driver_wrapper_get_key_buffer_size(
const psa_key_attributes_t *attributes,
- size_t *key_buffer_size )
+ size_t *key_buffer_size)
{
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
psa_key_type_t key_type = attributes->core.type;
size_t key_bits = attributes->core.bits;
*key_buffer_size = 0;
- switch( location )
- {
+ switch (location) {
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
/* Emulate property 'builtin_key_size' */
- if( psa_key_id_is_builtin(
+ if (psa_key_id_is_builtin(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
- psa_get_key_id( attributes ) ) ) )
- {
- *key_buffer_size = sizeof( psa_drv_slot_number_t );
- return( PSA_SUCCESS );
+ psa_get_key_id(attributes)))) {
+ *key_buffer_size = sizeof(psa_drv_slot_number_t);
+ return PSA_SUCCESS;
}
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
- *key_buffer_size = mbedtls_test_size_function( key_type, key_bits );
- return( ( *key_buffer_size != 0 ) ?
- PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
+ *key_buffer_size = mbedtls_test_size_function(key_type, key_bits);
+ return (*key_buffer_size != 0) ?
+ PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED;
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
- (void)key_type;
- (void)key_bits;
- return( PSA_ERROR_NOT_SUPPORTED );
+ (void) key_type;
+ (void) key_bits;
+ return PSA_ERROR_NOT_SUPPORTED;
}
}
psa_status_t psa_driver_wrapper_generate_key(
const psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
@@ -480,52 +479,49 @@
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
- if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
- {
+ if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
size_t pubkey_length = 0; /* We don't support this feature yet */
- if( drv->key_management == NULL ||
- drv->key_management->p_generate == NULL )
- {
+ if (drv->key_management == NULL ||
+ drv->key_management->p_generate == NULL) {
/* Key is defined as being in SE, but we have no way to generate it */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
- return( drv->key_management->p_generate(
+ return drv->key_management->p_generate(
drv_context,
- *( (psa_key_slot_number_t *)key_buffer ),
- attributes, NULL, 0, &pubkey_length ) );
+ *((psa_key_slot_number_t *) key_buffer),
+ attributes, NULL, 0, &pubkey_length);
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- switch( location )
- {
+ switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
/* Transparent drivers are limited to generating asymmetric keys */
- if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
- {
- /* Cycle through all known transparent accelerators */
+ if (PSA_KEY_TYPE_IS_ASYMMETRIC(attributes->core.type)) {
+ /* Cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_generate_key(
attributes, key_buffer, key_buffer_size,
- key_buffer_length );
+ key_buffer_length);
/* Declared with fallback == true */
- if( status != PSA_ERROR_NOT_SUPPORTED )
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
break;
+ }
#endif /* PSA_CRYPTO_DRIVER_TEST */
}
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Software fallback */
status = psa_generate_key_internal(
- attributes, key_buffer, key_buffer_size, key_buffer_length );
+ attributes, key_buffer, key_buffer_size, key_buffer_length);
break;
- /* Add cases for opaque driver here */
+ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
status = mbedtls_test_opaque_generate_key(
- attributes, key_buffer, key_buffer_size, key_buffer_length );
+ attributes, key_buffer, key_buffer_size, key_buffer_length);
break;
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -536,7 +532,7 @@
break;
}
- return( status );
+ return status;
}
psa_status_t psa_driver_wrapper_import_key(
@@ -546,69 +542,71 @@
uint8_t *key_buffer,
size_t key_buffer_size,
size_t *key_buffer_length,
- size_t *bits )
+ size_t *bits)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
- psa_get_key_lifetime( attributes ) );
+ psa_get_key_lifetime(attributes));
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
- if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
- {
- if( drv->key_management == NULL ||
- drv->key_management->p_import == NULL )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
+ if (drv->key_management == NULL ||
+ drv->key_management->p_import == NULL) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
/* The driver should set the number of key bits, however in
* case it doesn't, we initialize bits to an invalid value. */
*bits = PSA_MAX_KEY_BITS + 1;
status = drv->key_management->p_import(
drv_context,
- *( (psa_key_slot_number_t *)key_buffer ),
- attributes, data, data_length, bits );
+ *((psa_key_slot_number_t *) key_buffer),
+ attributes, data, data_length, bits);
- if( status != PSA_SUCCESS )
- return( status );
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- if( (*bits) > PSA_MAX_KEY_BITS )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if ((*bits) > PSA_MAX_KEY_BITS) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- switch( location )
- {
+ switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_import_key(
- attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits );
+ attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length, bits);
/* Declared with fallback == true */
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
- return( psa_import_key_into_slot( attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits ) );
+ return psa_import_key_into_slot(attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length, bits);
default:
/* Importing a key with external storage in not yet supported.
* Return in error indicating that the lifetime is not valid. */
- (void)status;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ (void) status;
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
@@ -616,157 +614,151 @@
psa_status_t psa_driver_wrapper_export_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length )
+ uint8_t *data, size_t data_size, size_t *data_length)
{
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
- psa_get_key_lifetime( attributes ) );
+ psa_get_key_lifetime(attributes));
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
- if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
- {
- if( ( drv->key_management == NULL ) ||
- ( drv->key_management->p_export == NULL ) )
- {
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
+ if ((drv->key_management == NULL) ||
+ (drv->key_management->p_export == NULL)) {
+ return PSA_ERROR_NOT_SUPPORTED;
}
- return( drv->key_management->p_export(
- drv_context,
- *( (psa_key_slot_number_t *)key_buffer ),
- data, data_size, data_length ) );
+ return drv->key_management->p_export(
+ drv_context,
+ *((psa_key_slot_number_t *) key_buffer),
+ data, data_size, data_length);
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- switch( location )
- {
+ switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
- return( psa_export_key_internal( attributes,
- key_buffer,
- key_buffer_size,
- data,
- data_size,
- data_length ) );
+ return psa_export_key_internal(attributes,
+ key_buffer,
+ key_buffer_size,
+ data,
+ data_size,
+ data_length);
- /* Add cases for opaque driver here */
+ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( mbedtls_test_opaque_export_key( attributes,
- key_buffer,
- key_buffer_size,
- data,
- data_size,
- data_length ) );
+ return mbedtls_test_opaque_export_key(attributes,
+ key_buffer,
+ key_buffer_size,
+ data,
+ data_size,
+ data_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
- return( status );
+ return status;
}
}
psa_status_t psa_driver_wrapper_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length )
+ uint8_t *data, size_t data_size, size_t *data_length)
{
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
- psa_get_key_lifetime( attributes ) );
+ psa_get_key_lifetime(attributes));
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
- if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
- {
- if( ( drv->key_management == NULL ) ||
- ( drv->key_management->p_export_public == NULL ) )
- {
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
+ if ((drv->key_management == NULL) ||
+ (drv->key_management->p_export_public == NULL)) {
+ return PSA_ERROR_NOT_SUPPORTED;
}
- return( drv->key_management->p_export_public(
- drv_context,
- *( (psa_key_slot_number_t *)key_buffer ),
- data, data_size, data_length ) );
+ return drv->key_management->p_export_public(
+ drv_context,
+ *((psa_key_slot_number_t *) key_buffer),
+ data, data_size, data_length);
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- switch( location )
- {
+ switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_export_public_key(
- attributes,
- key_buffer,
- key_buffer_size,
- data,
- data_size,
- data_length );
+ attributes,
+ key_buffer,
+ key_buffer_size,
+ data,
+ data_size,
+ data_length);
/* Declared with fallback == true */
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
- return( psa_export_public_key_internal( attributes,
- key_buffer,
- key_buffer_size,
- data,
- data_size,
- data_length ) );
+ return psa_export_public_key_internal(attributes,
+ key_buffer,
+ key_buffer_size,
+ data,
+ data_size,
+ data_length);
- /* Add cases for opaque driver here */
+ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( mbedtls_test_opaque_export_public_key( attributes,
- key_buffer,
- key_buffer_size,
- data,
- data_size,
- data_length ) );
+ return mbedtls_test_opaque_export_public_key(attributes,
+ key_buffer,
+ key_buffer_size,
+ data,
+ data_size,
+ data_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
- return( status );
+ return status;
}
}
psa_status_t psa_driver_wrapper_get_builtin_key(
psa_drv_slot_number_t slot_number,
psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
{
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
- switch( location )
- {
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
+ switch (location) {
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( mbedtls_test_opaque_get_builtin_key(
- slot_number,
- attributes,
- key_buffer, key_buffer_size, key_buffer_length ) );
+ return mbedtls_test_opaque_get_builtin_key(
+ slot_number,
+ attributes,
+ key_buffer, key_buffer_size, key_buffer_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
(void) slot_number;
(void) key_buffer;
(void) key_buffer_size;
(void) key_buffer_length;
- return( PSA_ERROR_DOES_NOT_EXIST );
+ return PSA_ERROR_DOES_NOT_EXIST;
}
}
@@ -784,84 +776,84 @@
size_t input_length,
uint8_t *output,
size_t output_size,
- size_t *output_length )
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
- PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
- switch( location )
- {
+ switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = mbedtls_test_transparent_cipher_encrypt( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- iv,
- iv_length,
- input,
- input_length,
- output,
- output_size,
- output_length );
+ status = mbedtls_test_transparent_cipher_encrypt(attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ iv,
+ iv_length,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length);
/* Declared with fallback == true */
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return( mbedtls_psa_cipher_encrypt( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- iv,
- iv_length,
- input,
- input_length,
- output,
- output_size,
- output_length ) );
+ return mbedtls_psa_cipher_encrypt(attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ iv,
+ iv_length,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length);
#else
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
- /* Add cases for opaque driver here */
+ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( mbedtls_test_opaque_cipher_encrypt( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- iv,
- iv_length,
- input,
- input_length,
- output,
- output_size,
- output_length ) );
+ return mbedtls_test_opaque_cipher_encrypt(attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ iv,
+ iv_length,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
- (void)status;
- (void)key_buffer;
- (void)key_buffer_size;
- (void)alg;
- (void)iv;
- (void)iv_length;
- (void)input;
- (void)input_length;
- (void)output;
- (void)output_size;
- (void)output_length;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ (void) status;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) alg;
+ (void) iv;
+ (void) iv_length;
+ (void) input;
+ (void) input_length;
+ (void) output;
+ (void) output_size;
+ (void) output_length;
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
@@ -874,76 +866,76 @@
size_t input_length,
uint8_t *output,
size_t output_size,
- size_t *output_length )
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
- PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
- switch( location )
- {
+ switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = mbedtls_test_transparent_cipher_decrypt( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- input,
- input_length,
- output,
- output_size,
- output_length );
+ status = mbedtls_test_transparent_cipher_decrypt(attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length);
/* Declared with fallback == true */
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return( mbedtls_psa_cipher_decrypt( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- input,
- input_length,
- output,
- output_size,
- output_length ) );
+ return mbedtls_psa_cipher_decrypt(attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length);
#else
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
- /* Add cases for opaque driver here */
+ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( mbedtls_test_opaque_cipher_decrypt( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- input,
- input_length,
- output,
- output_size,
- output_length ) );
+ return mbedtls_test_opaque_cipher_decrypt(attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
- (void)status;
- (void)key_buffer;
- (void)key_buffer_size;
- (void)alg;
- (void)input;
- (void)input_length;
- (void)output;
- (void)output_size;
- (void)output_length;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ (void) status;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) alg;
+ (void) input;
+ (void) input_length;
+ (void) output;
+ (void) output_size;
+ (void) output_length;
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
@@ -951,14 +943,13 @@
psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
- PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
- switch( location )
- {
+ switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
@@ -969,31 +960,35 @@
attributes,
key_buffer,
key_buffer_size,
- alg );
+ alg);
/* Declared with fallback == true */
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ }
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
/* Fell through, meaning no accelerator supports this operation */
- status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
- attributes,
- key_buffer,
- key_buffer_size,
- alg );
- if( status == PSA_SUCCESS )
+ status = mbedtls_psa_cipher_encrypt_setup(&operation->ctx.mbedtls_ctx,
+ attributes,
+ key_buffer,
+ key_buffer_size,
+ alg);
+ if (status == PSA_SUCCESS) {
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+ }
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
- /* Add cases for opaque driver here */
+ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
@@ -1001,22 +996,23 @@
&operation->ctx.opaque_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
- alg );
+ alg);
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
+ }
- return( status );
+ return status;
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
- (void)status;
- (void)operation;
- (void)key_buffer;
- (void)key_buffer_size;
- (void)alg;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ (void) status;
+ (void) operation;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) alg;
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
@@ -1024,14 +1020,13 @@
psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location =
- PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
- switch( location )
- {
+ switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
@@ -1042,89 +1037,92 @@
attributes,
key_buffer,
key_buffer_size,
- alg );
+ alg);
/* Declared with fallback == true */
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ }
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
/* Fell through, meaning no accelerator supports this operation */
- status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
- attributes,
- key_buffer,
- key_buffer_size,
- alg );
- if( status == PSA_SUCCESS )
+ status = mbedtls_psa_cipher_decrypt_setup(&operation->ctx.mbedtls_ctx,
+ attributes,
+ key_buffer,
+ key_buffer_size,
+ alg);
+ if (status == PSA_SUCCESS) {
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+ }
- return( status );
+ return status;
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
- /* Add cases for opaque driver here */
+ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
status = mbedtls_test_opaque_cipher_decrypt_setup(
- &operation->ctx.opaque_test_driver_ctx,
- attributes,
- key_buffer, key_buffer_size,
- alg );
+ &operation->ctx.opaque_test_driver_ctx,
+ attributes,
+ key_buffer, key_buffer_size,
+ alg);
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
+ }
- return( status );
+ return status;
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
- (void)status;
- (void)operation;
- (void)key_buffer;
- (void)key_buffer_size;
- (void)alg;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ (void) status;
+ (void) operation;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) alg;
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
psa_status_t psa_driver_wrapper_cipher_set_iv(
psa_cipher_operation_t *operation,
const uint8_t *iv,
- size_t iv_length )
+ size_t iv_length)
{
- switch( operation->id )
- {
+ switch (operation->id) {
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
- iv,
- iv_length ) );
+ return mbedtls_psa_cipher_set_iv(&operation->ctx.mbedtls_ctx,
+ iv,
+ iv_length);
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- return( mbedtls_test_transparent_cipher_set_iv(
- &operation->ctx.transparent_test_driver_ctx,
- iv, iv_length ) );
+ return mbedtls_test_transparent_cipher_set_iv(
+ &operation->ctx.transparent_test_driver_ctx,
+ iv, iv_length);
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
- return( mbedtls_test_opaque_cipher_set_iv(
- &operation->ctx.opaque_test_driver_ctx,
- iv, iv_length ) );
+ return mbedtls_test_opaque_cipher_set_iv(
+ &operation->ctx.opaque_test_driver_ctx,
+ iv, iv_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
- (void)iv;
- (void)iv_length;
+ (void) iv;
+ (void) iv_length;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
psa_status_t psa_driver_wrapper_cipher_update(
@@ -1133,119 +1131,116 @@
size_t input_length,
uint8_t *output,
size_t output_size,
- size_t *output_length )
+ size_t *output_length)
{
- switch( operation->id )
- {
+ switch (operation->id) {
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
- input,
- input_length,
- output,
- output_size,
- output_length ) );
+ return mbedtls_psa_cipher_update(&operation->ctx.mbedtls_ctx,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length);
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- return( mbedtls_test_transparent_cipher_update(
- &operation->ctx.transparent_test_driver_ctx,
- input, input_length,
- output, output_size, output_length ) );
+ return mbedtls_test_transparent_cipher_update(
+ &operation->ctx.transparent_test_driver_ctx,
+ input, input_length,
+ output, output_size, output_length);
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
- return( mbedtls_test_opaque_cipher_update(
- &operation->ctx.opaque_test_driver_ctx,
- input, input_length,
- output, output_size, output_length ) );
+ return mbedtls_test_opaque_cipher_update(
+ &operation->ctx.opaque_test_driver_ctx,
+ input, input_length,
+ output, output_size, output_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
- (void)input;
- (void)input_length;
- (void)output;
- (void)output_size;
- (void)output_length;
+ (void) input;
+ (void) input_length;
+ (void) output;
+ (void) output_size;
+ (void) output_length;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
psa_status_t psa_driver_wrapper_cipher_finish(
psa_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
- size_t *output_length )
+ size_t *output_length)
{
- switch( operation->id )
- {
+ switch (operation->id) {
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
- output,
- output_size,
- output_length ) );
+ return mbedtls_psa_cipher_finish(&operation->ctx.mbedtls_ctx,
+ output,
+ output_size,
+ output_length);
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- return( mbedtls_test_transparent_cipher_finish(
- &operation->ctx.transparent_test_driver_ctx,
- output, output_size, output_length ) );
+ return mbedtls_test_transparent_cipher_finish(
+ &operation->ctx.transparent_test_driver_ctx,
+ output, output_size, output_length);
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
- return( mbedtls_test_opaque_cipher_finish(
- &operation->ctx.opaque_test_driver_ctx,
- output, output_size, output_length ) );
+ return mbedtls_test_opaque_cipher_finish(
+ &operation->ctx.opaque_test_driver_ctx,
+ output, output_size, output_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
- (void)output;
- (void)output_size;
- (void)output_length;
+ (void) output;
+ (void) output_size;
+ (void) output_length;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
psa_status_t psa_driver_wrapper_cipher_abort(
- psa_cipher_operation_t *operation )
+ psa_cipher_operation_t *operation)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- switch( operation->id )
- {
+ switch (operation->id) {
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
+ return mbedtls_psa_cipher_abort(&operation->ctx.mbedtls_ctx);
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
status = mbedtls_test_transparent_cipher_abort(
- &operation->ctx.transparent_test_driver_ctx );
+ &operation->ctx.transparent_test_driver_ctx);
mbedtls_platform_zeroize(
&operation->ctx.transparent_test_driver_ctx,
- sizeof( operation->ctx.transparent_test_driver_ctx ) );
- return( status );
+ sizeof(operation->ctx.transparent_test_driver_ctx));
+ return status;
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
status = mbedtls_test_opaque_cipher_abort(
- &operation->ctx.opaque_test_driver_ctx );
+ &operation->ctx.opaque_test_driver_ctx);
mbedtls_platform_zeroize(
&operation->ctx.opaque_test_driver_ctx,
- sizeof( operation->ctx.opaque_test_driver_ctx ) );
- return( status );
+ sizeof(operation->ctx.opaque_test_driver_ctx));
+ return status;
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
- (void)status;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ (void) status;
+ return PSA_ERROR_INVALID_ARGUMENT;
}
/*
@@ -1264,17 +1259,19 @@
/* Try accelerators first */
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_hash_compute(
- alg, input, input_length, hash, hash_size, hash_length );
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ alg, input, input_length, hash, hash_size, hash_length);
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif
/* If software fallback is compiled in, try fallback */
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
- status = mbedtls_psa_hash_compute( alg, input, input_length,
- hash, hash_size, hash_length );
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ status = mbedtls_psa_hash_compute(alg, input, input_length,
+ hash, hash_size, hash_length);
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif
(void) status;
(void) alg;
@@ -1284,89 +1281,91 @@
(void) hash_size;
(void) hash_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t psa_driver_wrapper_hash_setup(
psa_hash_operation_t *operation,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Try setup on accelerators first */
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_hash_setup(
- &operation->ctx.test_driver_ctx, alg );
- if( status == PSA_SUCCESS )
+ &operation->ctx.test_driver_ctx, alg);
+ if (status == PSA_SUCCESS) {
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ }
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif
/* If software fallback is compiled in, try fallback */
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
- status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
- if( status == PSA_SUCCESS )
+ status = mbedtls_psa_hash_setup(&operation->ctx.mbedtls_ctx, alg);
+ if (status == PSA_SUCCESS) {
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+ }
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif
/* Nothing left to try if we fall through here */
(void) status;
(void) operation;
(void) alg;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t psa_driver_wrapper_hash_clone(
const psa_hash_operation_t *source_operation,
- psa_hash_operation_t *target_operation )
+ psa_hash_operation_t *target_operation)
{
- switch( source_operation->id )
- {
+ switch (source_operation->id) {
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
- return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
- &target_operation->ctx.mbedtls_ctx ) );
+ return mbedtls_psa_hash_clone(&source_operation->ctx.mbedtls_ctx,
+ &target_operation->ctx.mbedtls_ctx);
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
target_operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
- return( mbedtls_test_transparent_hash_clone(
- &source_operation->ctx.test_driver_ctx,
- &target_operation->ctx.test_driver_ctx ) );
+ return mbedtls_test_transparent_hash_clone(
+ &source_operation->ctx.test_driver_ctx,
+ &target_operation->ctx.test_driver_ctx);
#endif
default:
(void) target_operation;
- return( PSA_ERROR_BAD_STATE );
+ return PSA_ERROR_BAD_STATE;
}
}
psa_status_t psa_driver_wrapper_hash_update(
psa_hash_operation_t *operation,
const uint8_t *input,
- size_t input_length )
+ size_t input_length)
{
- switch( operation->id )
- {
+ switch (operation->id) {
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
- input, input_length ) );
+ return mbedtls_psa_hash_update(&operation->ctx.mbedtls_ctx,
+ input, input_length);
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- return( mbedtls_test_transparent_hash_update(
- &operation->ctx.test_driver_ctx,
- input, input_length ) );
+ return mbedtls_test_transparent_hash_update(
+ &operation->ctx.test_driver_ctx,
+ input, input_length);
#endif
default:
(void) input;
(void) input_length;
- return( PSA_ERROR_BAD_STATE );
+ return PSA_ERROR_BAD_STATE;
}
}
@@ -1374,45 +1373,43 @@
psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
- size_t *hash_length )
+ size_t *hash_length)
{
- switch( operation->id )
- {
+ switch (operation->id) {
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
- hash, hash_size, hash_length ) );
+ return mbedtls_psa_hash_finish(&operation->ctx.mbedtls_ctx,
+ hash, hash_size, hash_length);
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- return( mbedtls_test_transparent_hash_finish(
- &operation->ctx.test_driver_ctx,
- hash, hash_size, hash_length ) );
+ return mbedtls_test_transparent_hash_finish(
+ &operation->ctx.test_driver_ctx,
+ hash, hash_size, hash_length);
#endif
default:
(void) hash;
(void) hash_size;
(void) hash_length;
- return( PSA_ERROR_BAD_STATE );
+ return PSA_ERROR_BAD_STATE;
}
}
psa_status_t psa_driver_wrapper_hash_abort(
- psa_hash_operation_t *operation )
+ psa_hash_operation_t *operation)
{
- switch( operation->id )
- {
+ switch (operation->id) {
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
+ return mbedtls_psa_hash_abort(&operation->ctx.mbedtls_ctx);
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- return( mbedtls_test_transparent_hash_abort(
- &operation->ctx.test_driver_ctx ) );
+ return mbedtls_test_transparent_hash_abort(
+ &operation->ctx.test_driver_ctx);
#endif
default:
- return( PSA_ERROR_BAD_STATE );
+ return PSA_ERROR_BAD_STATE;
}
}
@@ -1423,14 +1420,13 @@
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *plaintext, size_t plaintext_length,
- uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
+ uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
- PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
- switch( location )
- {
+ switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
@@ -1438,33 +1434,34 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_aead_encrypt(
- attributes, key_buffer, key_buffer_size,
- alg,
- nonce, nonce_length,
- additional_data, additional_data_length,
- plaintext, plaintext_length,
- ciphertext, ciphertext_size, ciphertext_length );
+ attributes, key_buffer, key_buffer_size,
+ alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ plaintext, plaintext_length,
+ ciphertext, ciphertext_size, ciphertext_length);
/* Declared with fallback == true */
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
- return( mbedtls_psa_aead_encrypt(
- attributes, key_buffer, key_buffer_size,
- alg,
- nonce, nonce_length,
- additional_data, additional_data_length,
- plaintext, plaintext_length,
- ciphertext, ciphertext_size, ciphertext_length ) );
+ return mbedtls_psa_aead_encrypt(
+ attributes, key_buffer, key_buffer_size,
+ alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ plaintext, plaintext_length,
+ ciphertext, ciphertext_size, ciphertext_length);
/* Add cases for opaque driver here */
default:
/* Key is declared with a lifetime not known to us */
- (void)status;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ (void) status;
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
@@ -1475,14 +1472,13 @@
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *ciphertext, size_t ciphertext_length,
- uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
+ uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
- PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
- switch( location )
- {
+ switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
@@ -1490,33 +1486,34 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_aead_decrypt(
- attributes, key_buffer, key_buffer_size,
- alg,
- nonce, nonce_length,
- additional_data, additional_data_length,
- ciphertext, ciphertext_length,
- plaintext, plaintext_size, plaintext_length );
+ attributes, key_buffer, key_buffer_size,
+ alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ ciphertext, ciphertext_length,
+ plaintext, plaintext_size, plaintext_length);
/* Declared with fallback == true */
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
- return( mbedtls_psa_aead_decrypt(
- attributes, key_buffer, key_buffer_size,
- alg,
- nonce, nonce_length,
- additional_data, additional_data_length,
- ciphertext, ciphertext_length,
- plaintext, plaintext_size, plaintext_length ) );
+ return mbedtls_psa_aead_decrypt(
+ attributes, key_buffer, key_buffer_size,
+ alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ ciphertext, ciphertext_length,
+ plaintext, plaintext_size, plaintext_length);
/* Add cases for opaque driver here */
default:
/* Key is declared with a lifetime not known to us */
- (void)status;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ (void) status;
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
@@ -1533,14 +1530,13 @@
size_t input_length,
uint8_t *mac,
size_t mac_size,
- size_t *mac_length )
+ size_t *mac_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
- PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
- switch( location )
- {
+ switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
@@ -1549,10 +1545,11 @@
status = mbedtls_test_transparent_mac_compute(
attributes, key_buffer, key_buffer_size, alg,
input, input_length,
- mac, mac_size, mac_length );
+ mac, mac_size, mac_length);
/* Declared with fallback == true */
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
@@ -1560,21 +1557,22 @@
status = mbedtls_psa_mac_compute(
attributes, key_buffer, key_buffer_size, alg,
input, input_length,
- mac, mac_size, mac_length );
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ mac, mac_size, mac_length);
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
- /* Add cases for opaque driver here */
+ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
status = mbedtls_test_opaque_mac_compute(
attributes, key_buffer, key_buffer_size, alg,
input, input_length,
- mac, mac_size, mac_length );
- return( status );
+ mac, mac_size, mac_length);
+ return status;
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
@@ -1588,7 +1586,7 @@
(void) mac_size;
(void) mac_length;
(void) status;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
@@ -1597,14 +1595,13 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
- PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
- switch( location )
- {
+ switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
@@ -1614,30 +1611,34 @@
&operation->ctx.transparent_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
- alg );
+ alg);
/* Declared with fallback == true */
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ }
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
- status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
- attributes,
- key_buffer, key_buffer_size,
- alg );
- if( status == PSA_SUCCESS )
+ status = mbedtls_psa_mac_sign_setup(&operation->ctx.mbedtls_ctx,
+ attributes,
+ key_buffer, key_buffer_size,
+ alg);
+ if (status == PSA_SUCCESS) {
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+ }
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
- /* Add cases for opaque driver here */
+ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
@@ -1645,12 +1646,13 @@
&operation->ctx.opaque_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
- alg );
+ alg);
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
+ }
- return( status );
+ return status;
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
@@ -1660,7 +1662,7 @@
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
@@ -1669,14 +1671,13 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
- PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
- switch( location )
- {
+ switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
@@ -1686,30 +1687,34 @@
&operation->ctx.transparent_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
- alg );
+ alg);
/* Declared with fallback == true */
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ }
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
- status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
- attributes,
- key_buffer, key_buffer_size,
- alg );
- if( status == PSA_SUCCESS )
+ status = mbedtls_psa_mac_verify_setup(&operation->ctx.mbedtls_ctx,
+ attributes,
+ key_buffer, key_buffer_size,
+ alg);
+ if (status == PSA_SUCCESS) {
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+ }
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ if (status != PSA_ERROR_NOT_SUPPORTED) {
+ return status;
+ }
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
- /* Add cases for opaque driver here */
+ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
@@ -1717,12 +1722,13 @@
&operation->ctx.opaque_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
- alg );
+ alg);
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
+ }
- return( status );
+ return status;
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
@@ -1732,40 +1738,39 @@
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
psa_status_t psa_driver_wrapper_mac_update(
psa_mac_operation_t *operation,
const uint8_t *input,
- size_t input_length )
+ size_t input_length)
{
- switch( operation->id )
- {
+ switch (operation->id) {
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
- input, input_length ) );
+ return mbedtls_psa_mac_update(&operation->ctx.mbedtls_ctx,
+ input, input_length);
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- return( mbedtls_test_transparent_mac_update(
- &operation->ctx.transparent_test_driver_ctx,
- input, input_length ) );
+ return mbedtls_test_transparent_mac_update(
+ &operation->ctx.transparent_test_driver_ctx,
+ input, input_length);
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
- return( mbedtls_test_opaque_mac_update(
- &operation->ctx.opaque_test_driver_ctx,
- input, input_length ) );
+ return mbedtls_test_opaque_mac_update(
+ &operation->ctx.opaque_test_driver_ctx,
+ input, input_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) input;
(void) input_length;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
@@ -1773,92 +1778,89 @@
psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
- size_t *mac_length )
+ size_t *mac_length)
{
- switch( operation->id )
- {
+ switch (operation->id) {
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
- mac, mac_size, mac_length ) );
+ return mbedtls_psa_mac_sign_finish(&operation->ctx.mbedtls_ctx,
+ mac, mac_size, mac_length);
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- return( mbedtls_test_transparent_mac_sign_finish(
- &operation->ctx.transparent_test_driver_ctx,
- mac, mac_size, mac_length ) );
+ return mbedtls_test_transparent_mac_sign_finish(
+ &operation->ctx.transparent_test_driver_ctx,
+ mac, mac_size, mac_length);
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
- return( mbedtls_test_opaque_mac_sign_finish(
- &operation->ctx.opaque_test_driver_ctx,
- mac, mac_size, mac_length ) );
+ return mbedtls_test_opaque_mac_sign_finish(
+ &operation->ctx.opaque_test_driver_ctx,
+ mac, mac_size, mac_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) mac;
(void) mac_size;
(void) mac_length;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
psa_status_t psa_driver_wrapper_mac_verify_finish(
psa_mac_operation_t *operation,
const uint8_t *mac,
- size_t mac_length )
+ size_t mac_length)
{
- switch( operation->id )
- {
+ switch (operation->id) {
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
- mac, mac_length ) );
+ return mbedtls_psa_mac_verify_finish(&operation->ctx.mbedtls_ctx,
+ mac, mac_length);
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- return( mbedtls_test_transparent_mac_verify_finish(
- &operation->ctx.transparent_test_driver_ctx,
- mac, mac_length ) );
+ return mbedtls_test_transparent_mac_verify_finish(
+ &operation->ctx.transparent_test_driver_ctx,
+ mac, mac_length);
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
- return( mbedtls_test_opaque_mac_verify_finish(
- &operation->ctx.opaque_test_driver_ctx,
- mac, mac_length ) );
+ return mbedtls_test_opaque_mac_verify_finish(
+ &operation->ctx.opaque_test_driver_ctx,
+ mac, mac_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) mac;
(void) mac_length;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
psa_status_t psa_driver_wrapper_mac_abort(
- psa_mac_operation_t *operation )
+ psa_mac_operation_t *operation)
{
- switch( operation->id )
- {
+ switch (operation->id) {
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
+ return mbedtls_psa_mac_abort(&operation->ctx.mbedtls_ctx);
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- return( mbedtls_test_transparent_mac_abort(
- &operation->ctx.transparent_test_driver_ctx ) );
+ return mbedtls_test_transparent_mac_abort(
+ &operation->ctx.transparent_test_driver_ctx);
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
- return( mbedtls_test_opaque_mac_abort(
- &operation->ctx.opaque_test_driver_ctx ) );
+ return mbedtls_test_opaque_mac_abort(
+ &operation->ctx.opaque_test_driver_ctx);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index 7cb88a0..9471099 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -28,8 +28,8 @@
/*
* Initialization and termination functions
*/
-psa_status_t psa_driver_wrapper_init( void );
-void psa_driver_wrapper_free( void );
+psa_status_t psa_driver_wrapper_init(void);
+void psa_driver_wrapper_free(void);
/*
* Signature functions
@@ -43,7 +43,7 @@
size_t input_length,
uint8_t *signature,
size_t signature_size,
- size_t *signature_length );
+ size_t *signature_length);
psa_status_t psa_driver_wrapper_verify_message(
const psa_key_attributes_t *attributes,
@@ -53,19 +53,19 @@
const uint8_t *input,
size_t input_length,
const uint8_t *signature,
- size_t signature_length );
+ size_t signature_length);
psa_status_t psa_driver_wrapper_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length );
+ uint8_t *signature, size_t signature_size, size_t *signature_length);
psa_status_t psa_driver_wrapper_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length );
+ const uint8_t *signature, size_t signature_length);
/*
* Key handling functions
@@ -75,30 +75,30 @@
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
- size_t *key_buffer_length, size_t *bits );
+ size_t *key_buffer_length, size_t *bits);
psa_status_t psa_driver_wrapper_export_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length );
+ uint8_t *data, size_t data_size, size_t *data_length);
psa_status_t psa_driver_wrapper_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length );
+ uint8_t *data, size_t data_size, size_t *data_length);
psa_status_t psa_driver_wrapper_get_key_buffer_size(
const psa_key_attributes_t *attributes,
- size_t *key_buffer_size );
+ size_t *key_buffer_size);
psa_status_t psa_driver_wrapper_generate_key(
const psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
psa_status_t psa_driver_wrapper_get_builtin_key(
psa_drv_slot_number_t slot_number,
psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
/*
* Cipher functions
@@ -114,7 +114,7 @@
size_t input_length,
uint8_t *output,
size_t output_size,
- size_t *output_length );
+ size_t *output_length);
psa_status_t psa_driver_wrapper_cipher_decrypt(
const psa_key_attributes_t *attributes,
@@ -125,24 +125,24 @@
size_t input_length,
uint8_t *output,
size_t output_size,
- size_t *output_length );
+ size_t *output_length);
psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_cipher_set_iv(
psa_cipher_operation_t *operation,
const uint8_t *iv,
- size_t iv_length );
+ size_t iv_length);
psa_status_t psa_driver_wrapper_cipher_update(
psa_cipher_operation_t *operation,
@@ -150,16 +150,16 @@
size_t input_length,
uint8_t *output,
size_t output_size,
- size_t *output_length );
+ size_t *output_length);
psa_status_t psa_driver_wrapper_cipher_finish(
psa_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
- size_t *output_length );
+ size_t *output_length);
psa_status_t psa_driver_wrapper_cipher_abort(
- psa_cipher_operation_t *operation );
+ psa_cipher_operation_t *operation);
/*
* Hashing functions
@@ -174,25 +174,25 @@
psa_status_t psa_driver_wrapper_hash_setup(
psa_hash_operation_t *operation,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_hash_clone(
const psa_hash_operation_t *source_operation,
- psa_hash_operation_t *target_operation );
+ psa_hash_operation_t *target_operation);
psa_status_t psa_driver_wrapper_hash_update(
psa_hash_operation_t *operation,
const uint8_t *input,
- size_t input_length );
+ size_t input_length);
psa_status_t psa_driver_wrapper_hash_finish(
psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
- size_t *hash_length );
+ size_t *hash_length);
psa_status_t psa_driver_wrapper_hash_abort(
- psa_hash_operation_t *operation );
+ psa_hash_operation_t *operation);
/*
* AEAD functions
@@ -205,7 +205,7 @@
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *plaintext, size_t plaintext_length,
- uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length );
+ uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length);
psa_status_t psa_driver_wrapper_aead_decrypt(
const psa_key_attributes_t *attributes,
@@ -214,7 +214,7 @@
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *ciphertext, size_t ciphertext_length,
- uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
+ uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length);
/*
* MAC functions
@@ -228,40 +228,40 @@
size_t input_length,
uint8_t *mac,
size_t mac_size,
- size_t *mac_length );
+ size_t *mac_length);
psa_status_t psa_driver_wrapper_mac_sign_setup(
psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_mac_verify_setup(
psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_mac_update(
psa_mac_operation_t *operation,
const uint8_t *input,
- size_t input_length );
+ size_t input_length);
psa_status_t psa_driver_wrapper_mac_sign_finish(
psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
- size_t *mac_length );
+ size_t *mac_length);
psa_status_t psa_driver_wrapper_mac_verify_finish(
psa_mac_operation_t *operation,
const uint8_t *mac,
- size_t mac_length );
+ size_t mac_length);
psa_status_t psa_driver_wrapper_mac_abort(
- psa_mac_operation_t *operation );
+ psa_mac_operation_t *operation);
#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */
diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c
index 144d7fd..ea0eb1b 100644
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@@ -44,25 +44,25 @@
psa_status_t mbedtls_psa_ecp_load_representation(
psa_key_type_t type, size_t curve_bits,
const uint8_t *data, size_t data_length,
- mbedtls_ecp_keypair **p_ecp )
+ mbedtls_ecp_keypair **p_ecp)
{
mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE;
psa_status_t status;
mbedtls_ecp_keypair *ecp = NULL;
size_t curve_bytes = data_length;
- int explicit_bits = ( curve_bits != 0 );
+ int explicit_bits = (curve_bits != 0);
- if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) &&
- PSA_KEY_TYPE_ECC_GET_FAMILY( type ) != PSA_ECC_FAMILY_MONTGOMERY )
- {
+ if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) &&
+ PSA_KEY_TYPE_ECC_GET_FAMILY(type) != PSA_ECC_FAMILY_MONTGOMERY) {
/* A Weierstrass public key is represented as:
* - The byte 0x04;
* - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
* - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
* So its data length is 2m+1 where m is the curve size in bits.
*/
- if( ( data_length & 1 ) == 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if ((data_length & 1) == 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
curve_bytes = data_length / 2;
/* Montgomery public keys are represented in compressed format, meaning
@@ -72,31 +72,29 @@
* format, meaning their curve_bytes is equal to the amount of input. */
}
- if( explicit_bits )
- {
+ if (explicit_bits) {
/* With an explicit bit-size, the data must have the matching length. */
- if( curve_bytes != PSA_BITS_TO_BYTES( curve_bits ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
- }
- else
- {
+ if (curve_bytes != PSA_BITS_TO_BYTES(curve_bits)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ } else {
/* We need to infer the bit-size from the data. Since the only
* information we have is the length in bytes, the value of curve_bits
* at this stage is rounded up to the nearest multiple of 8. */
- curve_bits = PSA_BYTES_TO_BITS( curve_bytes );
+ curve_bits = PSA_BYTES_TO_BITS(curve_bytes);
}
/* Allocate and initialize a key representation. */
- ecp = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
- if( ecp == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
- mbedtls_ecp_keypair_init( ecp );
+ ecp = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair));
+ if (ecp == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
+ mbedtls_ecp_keypair_init(ecp);
/* Load the group. */
- grp_id = mbedtls_ecc_group_of_psa( PSA_KEY_TYPE_ECC_GET_FAMILY( type ),
- curve_bits, !explicit_bits );
- if( grp_id == MBEDTLS_ECP_DP_NONE )
- {
+ grp_id = mbedtls_ecc_group_of_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type),
+ curve_bits, !explicit_bits);
+ if (grp_id == MBEDTLS_ECP_DP_NONE) {
/* We can't distinguish between a nonsensical family/size combination
* (which would warrant PSA_ERROR_INVALID_ARGUMENT) and a
* well-regarded curve that Mbed TLS just doesn't know about (which
@@ -108,48 +106,48 @@
}
status = mbedtls_to_psa_error(
- mbedtls_ecp_group_load( &ecp->grp, grp_id ) );
- if( status != PSA_SUCCESS )
+ mbedtls_ecp_group_load(&ecp->grp, grp_id));
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* Load the key material. */
- if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
- {
+ if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) {
/* Load the public value. */
status = mbedtls_to_psa_error(
- mbedtls_ecp_point_read_binary( &ecp->grp, &ecp->Q,
- data,
- data_length ) );
- if( status != PSA_SUCCESS )
+ mbedtls_ecp_point_read_binary(&ecp->grp, &ecp->Q,
+ data,
+ data_length));
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* Check that the point is on the curve. */
status = mbedtls_to_psa_error(
- mbedtls_ecp_check_pubkey( &ecp->grp, &ecp->Q ) );
- if( status != PSA_SUCCESS )
+ mbedtls_ecp_check_pubkey(&ecp->grp, &ecp->Q));
+ if (status != PSA_SUCCESS) {
goto exit;
- }
- else
- {
+ }
+ } else {
/* Load and validate the secret value. */
status = mbedtls_to_psa_error(
- mbedtls_ecp_read_key( ecp->grp.id,
- ecp,
- data,
- data_length ) );
- if( status != PSA_SUCCESS )
+ mbedtls_ecp_read_key(ecp->grp.id,
+ ecp,
+ data,
+ data_length));
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
}
*p_ecp = ecp;
exit:
- if( status != PSA_SUCCESS )
- {
- mbedtls_ecp_keypair_free( ecp );
- mbedtls_free( ecp );
+ if (status != PSA_SUCCESS) {
+ mbedtls_ecp_keypair_free(ecp);
+ mbedtls_free(ecp);
}
- return( status );
+ return status;
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
@@ -164,116 +162,119 @@
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
- size_t *key_buffer_length, size_t *bits )
+ size_t *key_buffer_length, size_t *bits)
{
psa_status_t status;
mbedtls_ecp_keypair *ecp = NULL;
/* Parse input */
- status = mbedtls_psa_ecp_load_representation( attributes->core.type,
- attributes->core.bits,
- data,
- data_length,
- &ecp );
- if( status != PSA_SUCCESS )
+ status = mbedtls_psa_ecp_load_representation(attributes->core.type,
+ attributes->core.bits,
+ data,
+ data_length,
+ &ecp);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type ) ==
- PSA_ECC_FAMILY_MONTGOMERY )
+ if (PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) ==
+ PSA_ECC_FAMILY_MONTGOMERY) {
*bits = ecp->grp.nbits + 1;
- else
+ } else {
*bits = ecp->grp.nbits;
+ }
/* Re-export the data to PSA export format. There is currently no support
* for other input formats then the export format, so this is a 1-1
* copy operation. */
- status = mbedtls_psa_ecp_export_key( attributes->core.type,
- ecp,
- key_buffer,
- key_buffer_size,
- key_buffer_length );
+ status = mbedtls_psa_ecp_export_key(attributes->core.type,
+ ecp,
+ key_buffer,
+ key_buffer_size,
+ key_buffer_length);
exit:
/* Always free the PK object (will also free contained ECP context) */
- mbedtls_ecp_keypair_free( ecp );
- mbedtls_free( ecp );
+ mbedtls_ecp_keypair_free(ecp);
+ mbedtls_free(ecp);
- return( status );
+ return status;
}
-psa_status_t mbedtls_psa_ecp_export_key( psa_key_type_t type,
- mbedtls_ecp_keypair *ecp,
- uint8_t *data,
- size_t data_size,
- size_t *data_length )
+psa_status_t mbedtls_psa_ecp_export_key(psa_key_type_t type,
+ mbedtls_ecp_keypair *ecp,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length)
{
psa_status_t status;
- if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
- {
+ if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) {
/* Check whether the public part is loaded */
- if( mbedtls_ecp_is_zero( &ecp->Q ) )
- {
+ if (mbedtls_ecp_is_zero(&ecp->Q)) {
/* Calculate the public key */
status = mbedtls_to_psa_error(
- mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE ) );
- if( status != PSA_SUCCESS )
- return( status );
+ mbedtls_ecp_mul(&ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE));
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
}
status = mbedtls_to_psa_error(
- mbedtls_ecp_point_write_binary( &ecp->grp, &ecp->Q,
- MBEDTLS_ECP_PF_UNCOMPRESSED,
- data_length,
- data,
- data_size ) );
- if( status != PSA_SUCCESS )
- memset( data, 0, data_size );
+ mbedtls_ecp_point_write_binary(&ecp->grp, &ecp->Q,
+ MBEDTLS_ECP_PF_UNCOMPRESSED,
+ data_length,
+ data,
+ data_size));
+ if (status != PSA_SUCCESS) {
+ memset(data, 0, data_size);
+ }
- return( status );
- }
- else
- {
- if( data_size < PSA_BITS_TO_BYTES( ecp->grp.nbits ) )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ return status;
+ } else {
+ if (data_size < PSA_BITS_TO_BYTES(ecp->grp.nbits)) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
status = mbedtls_to_psa_error(
- mbedtls_ecp_write_key( ecp,
- data,
- PSA_BITS_TO_BYTES( ecp->grp.nbits ) ) );
- if( status == PSA_SUCCESS )
- *data_length = PSA_BITS_TO_BYTES( ecp->grp.nbits );
- else
- memset( data, 0, data_size );
+ mbedtls_ecp_write_key(ecp,
+ data,
+ PSA_BITS_TO_BYTES(ecp->grp.nbits)));
+ if (status == PSA_SUCCESS) {
+ *data_length = PSA_BITS_TO_BYTES(ecp->grp.nbits);
+ } else {
+ memset(data, 0, data_size);
+ }
- return( status );
+ return status;
}
}
psa_status_t mbedtls_psa_ecp_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length )
+ uint8_t *data, size_t data_size, size_t *data_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_keypair *ecp = NULL;
status = mbedtls_psa_ecp_load_representation(
attributes->core.type, attributes->core.bits,
- key_buffer, key_buffer_size, &ecp );
- if( status != PSA_SUCCESS )
- return( status );
+ key_buffer, key_buffer_size, &ecp);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
status = mbedtls_psa_ecp_export_key(
- PSA_KEY_TYPE_ECC_PUBLIC_KEY(
- PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type ) ),
- ecp, data, data_size, data_length );
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(
+ PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type)),
+ ecp, data, data_size, data_length);
- mbedtls_ecp_keypair_free( ecp );
- mbedtls_free( ecp );
+ mbedtls_ecp_keypair_free(ecp);
+ mbedtls_free(ecp);
- return( status );
+ return status;
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
@@ -281,45 +282,47 @@
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
psa_status_t mbedtls_psa_ecp_generate_key(
const psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
- attributes->core.type );
+ attributes->core.type);
mbedtls_ecp_group_id grp_id =
- mbedtls_ecc_group_of_psa( curve, attributes->core.bits, 0 );
+ mbedtls_ecc_group_of_psa(curve, attributes->core.bits, 0);
const mbedtls_ecp_curve_info *curve_info =
- mbedtls_ecp_curve_info_from_grp_id( grp_id );
+ mbedtls_ecp_curve_info_from_grp_id(grp_id);
mbedtls_ecp_keypair ecp;
- if( attributes->domain_parameters_size != 0 )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (attributes->domain_parameters_size != 0) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
- if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
- mbedtls_ecp_keypair_init( &ecp );
- ret = mbedtls_ecp_gen_key( grp_id, &ecp,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE );
- if( ret != 0 )
- {
- mbedtls_ecp_keypair_free( &ecp );
- return( mbedtls_to_psa_error( ret ) );
+ mbedtls_ecp_keypair_init(&ecp);
+ ret = mbedtls_ecp_gen_key(grp_id, &ecp,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE);
+ if (ret != 0) {
+ mbedtls_ecp_keypair_free(&ecp);
+ return mbedtls_to_psa_error(ret);
}
status = mbedtls_to_psa_error(
- mbedtls_ecp_write_key( &ecp, key_buffer, key_buffer_size ) );
+ mbedtls_ecp_write_key(&ecp, key_buffer, key_buffer_size));
- mbedtls_ecp_keypair_free( &ecp );
+ mbedtls_ecp_keypair_free(&ecp);
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
*key_buffer_length = key_buffer_size;
+ }
- return( status );
+ return status;
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
@@ -333,7 +336,7 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length )
+ uint8_t *signature, size_t signature_size, size_t *signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_keypair *ecp = NULL;
@@ -341,73 +344,71 @@
size_t curve_bytes;
mbedtls_mpi r, s;
- status = mbedtls_psa_ecp_load_representation( attributes->core.type,
- attributes->core.bits,
- key_buffer,
- key_buffer_size,
- &ecp );
- if( status != PSA_SUCCESS )
- return( status );
+ status = mbedtls_psa_ecp_load_representation(attributes->core.type,
+ attributes->core.bits,
+ key_buffer,
+ key_buffer_size,
+ &ecp);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
- mbedtls_mpi_init( &r );
- mbedtls_mpi_init( &s );
+ curve_bytes = PSA_BITS_TO_BYTES(ecp->grp.pbits);
+ mbedtls_mpi_init(&r);
+ mbedtls_mpi_init(&s);
- if( signature_size < 2 * curve_bytes )
- {
+ if (signature_size < 2 * curve_bytes) {
ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
goto cleanup;
}
- if( PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) )
- {
+ if (PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
- psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
- mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
- MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext(
- &ecp->grp, &r, &s,
- &ecp->d, hash,
- hash_length, md_alg,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE ) );
+ psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa(hash_alg);
+ mbedtls_md_type_t md_alg = mbedtls_md_get_type(md_info);
+ MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign_det_ext(
+ &ecp->grp, &r, &s,
+ &ecp->d, hash,
+ hash_length, md_alg,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE));
#else
- ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
- goto cleanup;
+ ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+ goto cleanup;
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
- }
- else
- {
+ } else {
(void) alg;
- MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d,
- hash, hash_length,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign(&ecp->grp, &r, &s, &ecp->d,
+ hash, hash_length,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE));
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r,
- signature,
- curve_bytes ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s,
- signature + curve_bytes,
- curve_bytes ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&r,
+ signature,
+ curve_bytes));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&s,
+ signature + curve_bytes,
+ curve_bytes));
cleanup:
- mbedtls_mpi_free( &r );
- mbedtls_mpi_free( &s );
- if( ret == 0 )
+ mbedtls_mpi_free(&r);
+ mbedtls_mpi_free(&s);
+ if (ret == 0) {
*signature_length = 2 * curve_bytes;
+ }
- mbedtls_ecp_keypair_free( ecp );
- mbedtls_free( ecp );
+ mbedtls_ecp_keypair_free(ecp);
+ mbedtls_free(ecp);
- return( mbedtls_to_psa_error( ret ) );
+ return mbedtls_to_psa_error(ret);
}
psa_status_t mbedtls_psa_ecdsa_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length )
+ const uint8_t *signature, size_t signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_keypair *ecp = NULL;
@@ -415,51 +416,50 @@
size_t curve_bytes;
mbedtls_mpi r, s;
- (void)alg;
+ (void) alg;
- status = mbedtls_psa_ecp_load_representation( attributes->core.type,
- attributes->core.bits,
- key_buffer,
- key_buffer_size,
- &ecp );
- if( status != PSA_SUCCESS )
- return( status );
+ status = mbedtls_psa_ecp_load_representation(attributes->core.type,
+ attributes->core.bits,
+ key_buffer,
+ key_buffer_size,
+ &ecp);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
- mbedtls_mpi_init( &r );
- mbedtls_mpi_init( &s );
+ curve_bytes = PSA_BITS_TO_BYTES(ecp->grp.pbits);
+ mbedtls_mpi_init(&r);
+ mbedtls_mpi_init(&s);
- if( signature_length != 2 * curve_bytes )
- {
+ if (signature_length != 2 * curve_bytes) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r,
- signature,
- curve_bytes ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s,
- signature + curve_bytes,
- curve_bytes ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&r,
+ signature,
+ curve_bytes));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&s,
+ signature + curve_bytes,
+ curve_bytes));
/* Check whether the public part is loaded. If not, load it. */
- if( mbedtls_ecp_is_zero( &ecp->Q ) )
- {
+ if (mbedtls_ecp_is_zero(&ecp->Q)) {
MBEDTLS_MPI_CHK(
- mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
- mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) );
+ mbedtls_ecp_mul(&ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
+ mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE));
}
- ret = mbedtls_ecdsa_verify( &ecp->grp, hash, hash_length,
- &ecp->Q, &r, &s );
+ ret = mbedtls_ecdsa_verify(&ecp->grp, hash, hash_length,
+ &ecp->Q, &r, &s);
cleanup:
- mbedtls_mpi_free( &r );
- mbedtls_mpi_free( &s );
- mbedtls_ecp_keypair_free( ecp );
- mbedtls_free( ecp );
+ mbedtls_mpi_free(&r);
+ mbedtls_mpi_free(&s);
+ mbedtls_ecp_keypair_free(ecp);
+ mbedtls_free(ecp);
- return( mbedtls_to_psa_error( ret ) );
+ return mbedtls_to_psa_error(ret);
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h
index feddd8a..b6dc247 100644
--- a/library/psa_crypto_ecp.h
+++ b/library/psa_crypto_ecp.h
@@ -42,11 +42,11 @@
* contents of the context and the context itself
* when done.
*/
-psa_status_t mbedtls_psa_ecp_load_representation( psa_key_type_t type,
- size_t curve_bits,
- const uint8_t *data,
- size_t data_length,
- mbedtls_ecp_keypair **p_ecp );
+psa_status_t mbedtls_psa_ecp_load_representation(psa_key_type_t type,
+ size_t curve_bits,
+ const uint8_t *data,
+ size_t data_length,
+ mbedtls_ecp_keypair **p_ecp);
/** Import an ECP key in binary format.
*
@@ -78,7 +78,7 @@
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
- size_t *key_buffer_length, size_t *bits );
+ size_t *key_buffer_length, size_t *bits);
/** Export an ECP key to export representation
*
@@ -88,11 +88,11 @@
* \param[in] data_size The length of the buffer to export to
* \param[out] data_length The amount of bytes written to \p data
*/
-psa_status_t mbedtls_psa_ecp_export_key( psa_key_type_t type,
- mbedtls_ecp_keypair *ecp,
- uint8_t *data,
- size_t data_size,
- size_t *data_length );
+psa_status_t mbedtls_psa_ecp_export_key(psa_key_type_t type,
+ mbedtls_ecp_keypair *ecp,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length);
/** Export an ECP public key or the public part of an ECP key pair in binary
* format.
@@ -121,7 +121,7 @@
psa_status_t mbedtls_psa_ecp_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length );
+ uint8_t *data, size_t data_size, size_t *data_length);
/**
* \brief Generate an ECP key.
@@ -144,7 +144,7 @@
*/
psa_status_t mbedtls_psa_ecp_generate_key(
const psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
/** Sign an already-calculated hash with ECDSA.
*
@@ -182,7 +182,7 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length );
+ uint8_t *signature, size_t signature_size, size_t *signature_length);
/**
* \brief Verify an ECDSA hash or short message signature.
@@ -217,6 +217,6 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length );
+ const uint8_t *signature, size_t signature_length);
#endif /* PSA_CRYPTO_ECP_H */
diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c
index 337e557..ef73320 100644
--- a/library/psa_crypto_hash.c
+++ b/library/psa_crypto_hash.c
@@ -33,48 +33,47 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
-const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
+const mbedtls_md_info_t *mbedtls_md_info_from_psa(psa_algorithm_t alg)
{
- switch( alg )
- {
+ switch (alg) {
#if defined(MBEDTLS_MD2_C)
case PSA_ALG_MD2:
- return( &mbedtls_md2_info );
+ return &mbedtls_md2_info;
#endif
#if defined(MBEDTLS_MD4_C)
case PSA_ALG_MD4:
- return( &mbedtls_md4_info );
+ return &mbedtls_md4_info;
#endif
#if defined(MBEDTLS_MD5_C)
case PSA_ALG_MD5:
- return( &mbedtls_md5_info );
+ return &mbedtls_md5_info;
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case PSA_ALG_RIPEMD160:
- return( &mbedtls_ripemd160_info );
+ return &mbedtls_ripemd160_info;
#endif
#if defined(MBEDTLS_SHA1_C)
case PSA_ALG_SHA_1:
- return( &mbedtls_sha1_info );
+ return &mbedtls_sha1_info;
#endif
#if defined(MBEDTLS_SHA256_C)
case PSA_ALG_SHA_224:
- return( &mbedtls_sha224_info );
+ return &mbedtls_sha224_info;
#endif
#if defined(MBEDTLS_SHA256_C)
case PSA_ALG_SHA_256:
- return( &mbedtls_sha256_info );
+ return &mbedtls_sha256_info;
#endif
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
case PSA_ALG_SHA_384:
- return( &mbedtls_sha384_info );
+ return &mbedtls_sha384_info;
#endif
#if defined(MBEDTLS_SHA512_C)
case PSA_ALG_SHA_512:
- return( &mbedtls_sha512_info );
+ return &mbedtls_sha512_info;
#endif
default:
- return( NULL );
+ return NULL;
}
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
@@ -84,10 +83,9 @@
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
psa_status_t mbedtls_psa_hash_abort(
- mbedtls_psa_hash_operation_t *operation )
+ mbedtls_psa_hash_operation_t *operation)
{
- switch( operation->alg )
- {
+ switch (operation->alg) {
case 0:
/* The object has (apparently) been initialized but it is not
* in use. It's ok to call abort on such an object, and there's
@@ -95,289 +93,286 @@
break;
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
case PSA_ALG_MD2:
- mbedtls_md2_free( &operation->ctx.md2 );
+ mbedtls_md2_free(&operation->ctx.md2);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
case PSA_ALG_MD4:
- mbedtls_md4_free( &operation->ctx.md4 );
+ mbedtls_md4_free(&operation->ctx.md4);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
- mbedtls_md5_free( &operation->ctx.md5 );
+ mbedtls_md5_free(&operation->ctx.md5);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
case PSA_ALG_RIPEMD160:
- mbedtls_ripemd160_free( &operation->ctx.ripemd160 );
+ mbedtls_ripemd160_free(&operation->ctx.ripemd160);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
case PSA_ALG_SHA_1:
- mbedtls_sha1_free( &operation->ctx.sha1 );
+ mbedtls_sha1_free(&operation->ctx.sha1);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
case PSA_ALG_SHA_224:
- mbedtls_sha256_free( &operation->ctx.sha256 );
+ mbedtls_sha256_free(&operation->ctx.sha256);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
case PSA_ALG_SHA_256:
- mbedtls_sha256_free( &operation->ctx.sha256 );
+ mbedtls_sha256_free(&operation->ctx.sha256);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
case PSA_ALG_SHA_384:
- mbedtls_sha512_free( &operation->ctx.sha512 );
+ mbedtls_sha512_free(&operation->ctx.sha512);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
case PSA_ALG_SHA_512:
- mbedtls_sha512_free( &operation->ctx.sha512 );
+ mbedtls_sha512_free(&operation->ctx.sha512);
break;
#endif
default:
- return( PSA_ERROR_BAD_STATE );
+ return PSA_ERROR_BAD_STATE;
}
operation->alg = 0;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
psa_status_t mbedtls_psa_hash_setup(
mbedtls_psa_hash_operation_t *operation,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* A context must be freshly initialized before it can be set up. */
- if( operation->alg != 0 )
- {
- return( PSA_ERROR_BAD_STATE );
+ if (operation->alg != 0) {
+ return PSA_ERROR_BAD_STATE;
}
- switch( alg )
- {
+ switch (alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
case PSA_ALG_MD2:
- mbedtls_md2_init( &operation->ctx.md2 );
- ret = mbedtls_md2_starts_ret( &operation->ctx.md2 );
+ mbedtls_md2_init(&operation->ctx.md2);
+ ret = mbedtls_md2_starts_ret(&operation->ctx.md2);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
case PSA_ALG_MD4:
- mbedtls_md4_init( &operation->ctx.md4 );
- ret = mbedtls_md4_starts_ret( &operation->ctx.md4 );
+ mbedtls_md4_init(&operation->ctx.md4);
+ ret = mbedtls_md4_starts_ret(&operation->ctx.md4);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
- mbedtls_md5_init( &operation->ctx.md5 );
- ret = mbedtls_md5_starts_ret( &operation->ctx.md5 );
+ mbedtls_md5_init(&operation->ctx.md5);
+ ret = mbedtls_md5_starts_ret(&operation->ctx.md5);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
case PSA_ALG_RIPEMD160:
- mbedtls_ripemd160_init( &operation->ctx.ripemd160 );
- ret = mbedtls_ripemd160_starts_ret( &operation->ctx.ripemd160 );
+ mbedtls_ripemd160_init(&operation->ctx.ripemd160);
+ ret = mbedtls_ripemd160_starts_ret(&operation->ctx.ripemd160);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
case PSA_ALG_SHA_1:
- mbedtls_sha1_init( &operation->ctx.sha1 );
- ret = mbedtls_sha1_starts_ret( &operation->ctx.sha1 );
+ mbedtls_sha1_init(&operation->ctx.sha1);
+ ret = mbedtls_sha1_starts_ret(&operation->ctx.sha1);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
case PSA_ALG_SHA_224:
- mbedtls_sha256_init( &operation->ctx.sha256 );
- ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 1 );
+ mbedtls_sha256_init(&operation->ctx.sha256);
+ ret = mbedtls_sha256_starts_ret(&operation->ctx.sha256, 1);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
case PSA_ALG_SHA_256:
- mbedtls_sha256_init( &operation->ctx.sha256 );
- ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 0 );
+ mbedtls_sha256_init(&operation->ctx.sha256);
+ ret = mbedtls_sha256_starts_ret(&operation->ctx.sha256, 0);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
case PSA_ALG_SHA_384:
- mbedtls_sha512_init( &operation->ctx.sha512 );
- ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 );
+ mbedtls_sha512_init(&operation->ctx.sha512);
+ ret = mbedtls_sha512_starts_ret(&operation->ctx.sha512, 1);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
case PSA_ALG_SHA_512:
- mbedtls_sha512_init( &operation->ctx.sha512 );
- ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 );
+ mbedtls_sha512_init(&operation->ctx.sha512);
+ ret = mbedtls_sha512_starts_ret(&operation->ctx.sha512, 0);
break;
#endif
default:
- return( PSA_ALG_IS_HASH( alg ) ?
- PSA_ERROR_NOT_SUPPORTED :
- PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ALG_IS_HASH(alg) ?
+ PSA_ERROR_NOT_SUPPORTED :
+ PSA_ERROR_INVALID_ARGUMENT;
}
- if( ret == 0 )
+ if (ret == 0) {
operation->alg = alg;
- else
- mbedtls_psa_hash_abort( operation );
- return( mbedtls_to_psa_error( ret ) );
+ } else {
+ mbedtls_psa_hash_abort(operation);
+ }
+ return mbedtls_to_psa_error(ret);
}
psa_status_t mbedtls_psa_hash_clone(
const mbedtls_psa_hash_operation_t *source_operation,
- mbedtls_psa_hash_operation_t *target_operation )
+ mbedtls_psa_hash_operation_t *target_operation)
{
- switch( source_operation->alg )
- {
+ switch (source_operation->alg) {
case 0:
- return( PSA_ERROR_BAD_STATE );
+ return PSA_ERROR_BAD_STATE;
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
case PSA_ALG_MD2:
- mbedtls_md2_clone( &target_operation->ctx.md2,
- &source_operation->ctx.md2 );
+ mbedtls_md2_clone(&target_operation->ctx.md2,
+ &source_operation->ctx.md2);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
case PSA_ALG_MD4:
- mbedtls_md4_clone( &target_operation->ctx.md4,
- &source_operation->ctx.md4 );
+ mbedtls_md4_clone(&target_operation->ctx.md4,
+ &source_operation->ctx.md4);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
- mbedtls_md5_clone( &target_operation->ctx.md5,
- &source_operation->ctx.md5 );
+ mbedtls_md5_clone(&target_operation->ctx.md5,
+ &source_operation->ctx.md5);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
case PSA_ALG_RIPEMD160:
- mbedtls_ripemd160_clone( &target_operation->ctx.ripemd160,
- &source_operation->ctx.ripemd160 );
+ mbedtls_ripemd160_clone(&target_operation->ctx.ripemd160,
+ &source_operation->ctx.ripemd160);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
case PSA_ALG_SHA_1:
- mbedtls_sha1_clone( &target_operation->ctx.sha1,
- &source_operation->ctx.sha1 );
+ mbedtls_sha1_clone(&target_operation->ctx.sha1,
+ &source_operation->ctx.sha1);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
case PSA_ALG_SHA_224:
- mbedtls_sha256_clone( &target_operation->ctx.sha256,
- &source_operation->ctx.sha256 );
+ mbedtls_sha256_clone(&target_operation->ctx.sha256,
+ &source_operation->ctx.sha256);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
case PSA_ALG_SHA_256:
- mbedtls_sha256_clone( &target_operation->ctx.sha256,
- &source_operation->ctx.sha256 );
+ mbedtls_sha256_clone(&target_operation->ctx.sha256,
+ &source_operation->ctx.sha256);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
case PSA_ALG_SHA_384:
- mbedtls_sha512_clone( &target_operation->ctx.sha512,
- &source_operation->ctx.sha512 );
+ mbedtls_sha512_clone(&target_operation->ctx.sha512,
+ &source_operation->ctx.sha512);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
case PSA_ALG_SHA_512:
- mbedtls_sha512_clone( &target_operation->ctx.sha512,
- &source_operation->ctx.sha512 );
+ mbedtls_sha512_clone(&target_operation->ctx.sha512,
+ &source_operation->ctx.sha512);
break;
#endif
default:
(void) source_operation;
(void) target_operation;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
target_operation->alg = source_operation->alg;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
psa_status_t mbedtls_psa_hash_update(
mbedtls_psa_hash_operation_t *operation,
const uint8_t *input,
- size_t input_length )
+ size_t input_length)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- switch( operation->alg )
- {
+ switch (operation->alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
case PSA_ALG_MD2:
- ret = mbedtls_md2_update_ret( &operation->ctx.md2,
- input, input_length );
+ ret = mbedtls_md2_update_ret(&operation->ctx.md2,
+ input, input_length);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
case PSA_ALG_MD4:
- ret = mbedtls_md4_update_ret( &operation->ctx.md4,
- input, input_length );
+ ret = mbedtls_md4_update_ret(&operation->ctx.md4,
+ input, input_length);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
- ret = mbedtls_md5_update_ret( &operation->ctx.md5,
- input, input_length );
+ ret = mbedtls_md5_update_ret(&operation->ctx.md5,
+ input, input_length);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
case PSA_ALG_RIPEMD160:
- ret = mbedtls_ripemd160_update_ret( &operation->ctx.ripemd160,
- input, input_length );
+ ret = mbedtls_ripemd160_update_ret(&operation->ctx.ripemd160,
+ input, input_length);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
case PSA_ALG_SHA_1:
- ret = mbedtls_sha1_update_ret( &operation->ctx.sha1,
- input, input_length );
+ ret = mbedtls_sha1_update_ret(&operation->ctx.sha1,
+ input, input_length);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
case PSA_ALG_SHA_224:
- ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
- input, input_length );
+ ret = mbedtls_sha256_update_ret(&operation->ctx.sha256,
+ input, input_length);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
case PSA_ALG_SHA_256:
- ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
- input, input_length );
+ ret = mbedtls_sha256_update_ret(&operation->ctx.sha256,
+ input, input_length);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
case PSA_ALG_SHA_384:
- ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
- input, input_length );
+ ret = mbedtls_sha512_update_ret(&operation->ctx.sha512,
+ input, input_length);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
case PSA_ALG_SHA_512:
- ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
- input, input_length );
+ ret = mbedtls_sha512_update_ret(&operation->ctx.sha512,
+ input, input_length);
break;
#endif
default:
(void) input;
(void) input_length;
- return( PSA_ERROR_BAD_STATE );
+ return PSA_ERROR_BAD_STATE;
}
- return( mbedtls_to_psa_error( ret ) );
+ return mbedtls_to_psa_error(ret);
}
psa_status_t mbedtls_psa_hash_finish(
mbedtls_psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
- size_t *hash_length )
+ size_t *hash_length)
{
psa_status_t status;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t actual_hash_length = PSA_HASH_LENGTH( operation->alg );
+ size_t actual_hash_length = PSA_HASH_LENGTH(operation->alg);
/* Fill the output buffer with something that isn't a valid hash
* (barring an attack on the hash and deliberately-crafted input),
@@ -385,72 +380,72 @@
*hash_length = hash_size;
/* If hash_size is 0 then hash may be NULL and then the
* call to memset would have undefined behavior. */
- if( hash_size != 0 )
- memset( hash, '!', hash_size );
+ if (hash_size != 0) {
+ memset(hash, '!', hash_size);
+ }
- if( hash_size < actual_hash_length )
- {
+ if (hash_size < actual_hash_length) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
- switch( operation->alg )
- {
+ switch (operation->alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
case PSA_ALG_MD2:
- ret = mbedtls_md2_finish_ret( &operation->ctx.md2, hash );
+ ret = mbedtls_md2_finish_ret(&operation->ctx.md2, hash);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
case PSA_ALG_MD4:
- ret = mbedtls_md4_finish_ret( &operation->ctx.md4, hash );
+ ret = mbedtls_md4_finish_ret(&operation->ctx.md4, hash);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
- ret = mbedtls_md5_finish_ret( &operation->ctx.md5, hash );
+ ret = mbedtls_md5_finish_ret(&operation->ctx.md5, hash);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
case PSA_ALG_RIPEMD160:
- ret = mbedtls_ripemd160_finish_ret( &operation->ctx.ripemd160, hash );
+ ret = mbedtls_ripemd160_finish_ret(&operation->ctx.ripemd160, hash);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
case PSA_ALG_SHA_1:
- ret = mbedtls_sha1_finish_ret( &operation->ctx.sha1, hash );
+ ret = mbedtls_sha1_finish_ret(&operation->ctx.sha1, hash);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
case PSA_ALG_SHA_224:
- ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
+ ret = mbedtls_sha256_finish_ret(&operation->ctx.sha256, hash);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
case PSA_ALG_SHA_256:
- ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
+ ret = mbedtls_sha256_finish_ret(&operation->ctx.sha256, hash);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
case PSA_ALG_SHA_384:
- ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
+ ret = mbedtls_sha512_finish_ret(&operation->ctx.sha512, hash);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
case PSA_ALG_SHA_512:
- ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
+ ret = mbedtls_sha512_finish_ret(&operation->ctx.sha512, hash);
break;
#endif
default:
(void) hash;
- return( PSA_ERROR_BAD_STATE );
+ return PSA_ERROR_BAD_STATE;
}
- status = mbedtls_to_psa_error( ret );
+ status = mbedtls_to_psa_error(ret);
exit:
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
*hash_length = actual_hash_length;
- return( status );
+ }
+ return status;
}
psa_status_t mbedtls_psa_hash_compute(
@@ -466,22 +461,26 @@
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
*hash_length = hash_size;
- status = mbedtls_psa_hash_setup( &operation, alg );
- if( status != PSA_SUCCESS )
+ status = mbedtls_psa_hash_setup(&operation, alg);
+ if (status != PSA_SUCCESS) {
goto exit;
- status = mbedtls_psa_hash_update( &operation, input, input_length );
- if( status != PSA_SUCCESS )
+ }
+ status = mbedtls_psa_hash_update(&operation, input, input_length);
+ if (status != PSA_SUCCESS) {
goto exit;
- status = mbedtls_psa_hash_finish( &operation, hash, hash_size, hash_length );
- if( status != PSA_SUCCESS )
+ }
+ status = mbedtls_psa_hash_finish(&operation, hash, hash_size, hash_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
exit:
- abort_status = mbedtls_psa_hash_abort( &operation );
- if( status == PSA_SUCCESS )
- return( abort_status );
- else
- return( status );
+ abort_status = mbedtls_psa_hash_abort(&operation);
+ if (status == PSA_SUCCESS) {
+ return abort_status;
+ } else {
+ return status;
+ }
}
#endif /* MBEDTLS_PSA_BUILTIN_HASH */
diff --git a/library/psa_crypto_hash.h b/library/psa_crypto_hash.h
index b99b942..ab07231 100644
--- a/library/psa_crypto_hash.h
+++ b/library/psa_crypto_hash.h
@@ -32,7 +32,7 @@
* \return The Mbed TLS MD information of the hash algorithm. \c NULL if the
* PSA hash algorithm is not supported.
*/
-const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg );
+const mbedtls_md_info_t *mbedtls_md_info_from_psa(psa_algorithm_t alg);
/** Calculate the hash (digest) of a message using Mbed TLS routines.
*
@@ -102,7 +102,7 @@
*/
psa_status_t mbedtls_psa_hash_setup(
mbedtls_psa_hash_operation_t *operation,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
/** Clone an Mbed TLS hash operation.
*
@@ -134,7 +134,7 @@
*/
psa_status_t mbedtls_psa_hash_clone(
const mbedtls_psa_hash_operation_t *source_operation,
- mbedtls_psa_hash_operation_t *target_operation );
+ mbedtls_psa_hash_operation_t *target_operation);
/** Add a message fragment to a multipart Mbed TLS hash operation.
*
@@ -162,7 +162,7 @@
psa_status_t mbedtls_psa_hash_update(
mbedtls_psa_hash_operation_t *operation,
const uint8_t *input,
- size_t input_length );
+ size_t input_length);
/** Finish the calculation of the Mbed TLS-calculated hash of a message.
*
@@ -202,7 +202,7 @@
mbedtls_psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
- size_t *hash_length );
+ size_t *hash_length);
/** Abort an Mbed TLS hash operation.
*
@@ -229,6 +229,6 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t mbedtls_psa_hash_abort(
- mbedtls_psa_hash_operation_t *operation );
+ mbedtls_psa_hash_operation_t *operation);
#endif /* PSA_CRYPTO_HASH_H */
diff --git a/library/psa_crypto_invasive.h b/library/psa_crypto_invasive.h
index 1e5a407..58e357e 100644
--- a/library/psa_crypto_invasive.h
+++ b/library/psa_crypto_invasive.h
@@ -73,14 +73,14 @@
* The library has already been initialized.
*/
psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
- void (* entropy_init )( mbedtls_entropy_context *ctx ),
- void (* entropy_free )( mbedtls_entropy_context *ctx ) );
+ void (* entropy_init)(mbedtls_entropy_context *ctx),
+ void (* entropy_free)(mbedtls_entropy_context *ctx));
#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C)
psa_status_t psa_mac_key_can_do(
psa_algorithm_t algorithm,
- psa_key_type_t key_type );
+ psa_key_type_t key_type);
#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_PSA_CRYPTO_C */
#endif /* PSA_CRYPTO_INVASIVE_H */
diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h
index 1b8dc20..273277f 100644
--- a/library/psa_crypto_its.h
+++ b/library/psa_crypto_its.h
@@ -45,8 +45,7 @@
/**
* \brief A container for metadata associated with a specific uid
*/
-struct psa_storage_info_t
-{
+struct psa_storage_info_t {
uint32_t size; /**< The size of the data associated with a uid **/
psa_storage_create_flags_t flags; /**< The flags set when the uid was created **/
};
@@ -56,8 +55,8 @@
/** \brief PSA storage specific error codes
*/
-#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149)
-#define PSA_ERROR_DATA_CORRUPT ((psa_status_t)-152)
+#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t) -149)
+#define PSA_ERROR_DATA_CORRUPT ((psa_status_t) -152)
#define PSA_ITS_API_VERSION_MAJOR 1 /**< The major version number of the PSA ITS API. It will be incremented on significant updates that may include breaking changes */
#define PSA_ITS_API_VERSION_MINOR 1 /**< The minor version number of the PSA ITS API. It will be incremented in small updates that are unlikely to include breaking changes */
@@ -109,7 +108,7 @@
uint32_t data_offset,
uint32_t data_length,
void *p_data,
- size_t *p_data_length );
+ size_t *p_data_length);
/**
* \brief Retrieve the metadata about the provided uid
diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c
index d771e23..07f123e 100644
--- a/library/psa_crypto_mac.c
+++ b/library/psa_crypto_mac.c
@@ -33,22 +33,22 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
static psa_status_t psa_hmac_abort_internal(
- mbedtls_psa_hmac_operation_t *hmac )
+ mbedtls_psa_hmac_operation_t *hmac)
{
- mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
- return( psa_hash_abort( &hmac->hash_ctx ) );
+ mbedtls_platform_zeroize(hmac->opad, sizeof(hmac->opad));
+ return psa_hash_abort(&hmac->hash_ctx);
}
static psa_status_t psa_hmac_setup_internal(
mbedtls_psa_hmac_operation_t *hmac,
const uint8_t *key,
size_t key_length,
- psa_algorithm_t hash_alg )
+ psa_algorithm_t hash_alg)
{
uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
size_t i;
- size_t hash_size = PSA_HASH_LENGTH( hash_alg );
- size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
+ size_t hash_size = PSA_HASH_LENGTH(hash_alg);
+ size_t block_size = PSA_HASH_BLOCK_LENGTH(hash_alg);
psa_status_t status;
hmac->alg = hash_alg;
@@ -59,134 +59,149 @@
/* The size checks against the ipad and opad buffers cannot be written
* `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )`
* because that triggers -Wlogical-op on GCC 7.3. */
- if( block_size > sizeof( ipad ) )
- return( PSA_ERROR_NOT_SUPPORTED );
- if( block_size > sizeof( hmac->opad ) )
- return( PSA_ERROR_NOT_SUPPORTED );
- if( block_size < hash_size )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (block_size > sizeof(ipad)) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ if (block_size > sizeof(hmac->opad)) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ if (block_size < hash_size) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
- if( key_length > block_size )
- {
- status = psa_hash_compute( hash_alg, key, key_length,
- ipad, sizeof( ipad ), &key_length );
- if( status != PSA_SUCCESS )
+ if (key_length > block_size) {
+ status = psa_hash_compute(hash_alg, key, key_length,
+ ipad, sizeof(ipad), &key_length);
+ if (status != PSA_SUCCESS) {
goto cleanup;
+ }
}
/* A 0-length key is not commonly used in HMAC when used as a MAC,
* but it is permitted. It is common when HMAC is used in HKDF, for
* example. Don't call `memcpy` in the 0-length because `key` could be
* an invalid pointer which would make the behavior undefined. */
- else if( key_length != 0 )
- memcpy( ipad, key, key_length );
+ else if (key_length != 0) {
+ memcpy(ipad, key, key_length);
+ }
/* ipad contains the key followed by garbage. Xor and fill with 0x36
* to create the ipad value. */
- for( i = 0; i < key_length; i++ )
+ for (i = 0; i < key_length; i++) {
ipad[i] ^= 0x36;
- memset( ipad + key_length, 0x36, block_size - key_length );
+ }
+ memset(ipad + key_length, 0x36, block_size - key_length);
/* Copy the key material from ipad to opad, flipping the requisite bits,
* and filling the rest of opad with the requisite constant. */
- for( i = 0; i < key_length; i++ )
+ for (i = 0; i < key_length; i++) {
hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
- memset( hmac->opad + key_length, 0x5C, block_size - key_length );
+ }
+ memset(hmac->opad + key_length, 0x5C, block_size - key_length);
- status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
- if( status != PSA_SUCCESS )
+ status = psa_hash_setup(&hmac->hash_ctx, hash_alg);
+ if (status != PSA_SUCCESS) {
goto cleanup;
+ }
- status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
+ status = psa_hash_update(&hmac->hash_ctx, ipad, block_size);
cleanup:
- mbedtls_platform_zeroize( ipad, sizeof( ipad ) );
+ mbedtls_platform_zeroize(ipad, sizeof(ipad));
- return( status );
+ return status;
}
static psa_status_t psa_hmac_update_internal(
mbedtls_psa_hmac_operation_t *hmac,
const uint8_t *data,
- size_t data_length )
+ size_t data_length)
{
- return( psa_hash_update( &hmac->hash_ctx, data, data_length ) );
+ return psa_hash_update(&hmac->hash_ctx, data, data_length);
}
static psa_status_t psa_hmac_finish_internal(
mbedtls_psa_hmac_operation_t *hmac,
uint8_t *mac,
- size_t mac_size )
+ size_t mac_size)
{
uint8_t tmp[PSA_HASH_MAX_SIZE];
psa_algorithm_t hash_alg = hmac->alg;
size_t hash_size = 0;
- size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
+ size_t block_size = PSA_HASH_BLOCK_LENGTH(hash_alg);
psa_status_t status;
- status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_hash_finish(&hmac->hash_ctx, tmp, sizeof(tmp), &hash_size);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/* From here on, tmp needs to be wiped. */
- status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
- if( status != PSA_SUCCESS )
+ status = psa_hash_setup(&hmac->hash_ctx, hash_alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&hmac->hash_ctx, hmac->opad, block_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&hmac->hash_ctx, tmp, hash_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
- if( status != PSA_SUCCESS )
+ status = psa_hash_finish(&hmac->hash_ctx, tmp, sizeof(tmp), &hash_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- memcpy( mac, tmp, mac_size );
+ memcpy(mac, tmp, mac_size);
exit:
- mbedtls_platform_zeroize( tmp, hash_size );
- return( status );
+ mbedtls_platform_zeroize(tmp, hash_size);
+ return status;
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
-static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer )
+static psa_status_t cmac_setup(mbedtls_psa_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(PSA_WANT_KEY_TYPE_DES)
/* Mbed TLS CMAC does not accept 3DES with only two keys, nor does it accept
* to do CMAC with pure DES, so return NOT_SUPPORTED here. */
- if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_DES &&
- ( psa_get_key_bits( attributes ) == 64 ||
- psa_get_key_bits( attributes ) == 128 ) )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (psa_get_key_type(attributes) == PSA_KEY_TYPE_DES &&
+ (psa_get_key_bits(attributes) == 64 ||
+ psa_get_key_bits(attributes) == 128)) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
#endif
- const mbedtls_cipher_info_t * cipher_info =
+ const mbedtls_cipher_info_t *cipher_info =
mbedtls_cipher_info_from_psa(
PSA_ALG_CMAC,
- psa_get_key_type( attributes ),
- psa_get_key_bits( attributes ),
- NULL );
+ psa_get_key_type(attributes),
+ psa_get_key_bits(attributes),
+ NULL);
- if( cipher_info == NULL )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (cipher_info == NULL) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
- ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
- if( ret != 0 )
+ ret = mbedtls_cipher_setup(&operation->ctx.cmac, cipher_info);
+ if (ret != 0) {
goto exit;
+ }
- ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
- key_buffer,
- psa_get_key_bits( attributes ) );
+ ret = mbedtls_cipher_cmac_starts(&operation->ctx.cmac,
+ key_buffer,
+ psa_get_key_bits(attributes));
exit:
- return( mbedtls_to_psa_error( ret ) );
+ return mbedtls_to_psa_error(ret);
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
@@ -197,62 +212,53 @@
* called, mbedtls_psa_mac_abort can run and will do the right thing. */
static psa_status_t mac_init(
mbedtls_psa_mac_operation_t *operation,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
operation->alg = alg;
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
- if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
- {
- mbedtls_cipher_init( &operation->ctx.cmac );
+ if (PSA_ALG_FULL_LENGTH_MAC(operation->alg) == PSA_ALG_CMAC) {
+ mbedtls_cipher_init(&operation->ctx.cmac);
status = PSA_SUCCESS;
- }
- else
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
- if( PSA_ALG_IS_HMAC( operation->alg ) )
- {
+ if (PSA_ALG_IS_HMAC(operation->alg)) {
/* We'll set up the hash operation later in psa_hmac_setup_internal. */
operation->ctx.hmac.alg = 0;
status = PSA_SUCCESS;
- }
- else
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
{
(void) operation;
status = PSA_ERROR_NOT_SUPPORTED;
}
- if( status != PSA_SUCCESS )
- memset( operation, 0, sizeof( *operation ) );
- return( status );
+ if (status != PSA_SUCCESS) {
+ memset(operation, 0, sizeof(*operation));
+ }
+ return status;
}
-psa_status_t mbedtls_psa_mac_abort( mbedtls_psa_mac_operation_t *operation )
+psa_status_t mbedtls_psa_mac_abort(mbedtls_psa_mac_operation_t *operation)
{
- if( operation->alg == 0 )
- {
+ if (operation->alg == 0) {
/* The object has (apparently) been initialized but it is not
* in use. It's ok to call abort on such an object, and there's
* nothing to do. */
- return( PSA_SUCCESS );
- }
- else
+ return PSA_SUCCESS;
+ } else
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
- if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
- {
- mbedtls_cipher_free( &operation->ctx.cmac );
- }
- else
+ if (PSA_ALG_FULL_LENGTH_MAC(operation->alg) == PSA_ALG_CMAC) {
+ mbedtls_cipher_free(&operation->ctx.cmac);
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
- if( PSA_ALG_IS_HMAC( operation->alg ) )
- {
- psa_hmac_abort_internal( &operation->ctx.hmac );
- }
- else
+ if (PSA_ALG_IS_HMAC(operation->alg)) {
+ psa_hmac_abort_internal(&operation->ctx.hmac);
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
{
/* Sanity check (shouldn't happen: operation->alg should
@@ -262,52 +268,50 @@
operation->alg = 0;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
bad_state:
/* If abort is called on an uninitialized object, we can't trust
* anything. Wipe the object in case it contains confidential data.
* This may result in a memory leak if a pointer gets overwritten,
* but it's too late to do anything about this. */
- memset( operation, 0, sizeof( *operation ) );
- return( PSA_ERROR_BAD_STATE );
+ memset(operation, 0, sizeof(*operation));
+ return PSA_ERROR_BAD_STATE;
}
-static psa_status_t psa_mac_setup( mbedtls_psa_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg )
+static psa_status_t psa_mac_setup(mbedtls_psa_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* A context must be freshly initialized before it can be set up. */
- if( operation->alg != 0 )
- return( PSA_ERROR_BAD_STATE );
+ if (operation->alg != 0) {
+ return PSA_ERROR_BAD_STATE;
+ }
- status = mac_init( operation, alg );
- if( status != PSA_SUCCESS )
- return( status );
+ status = mac_init(operation, alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
- if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
- {
+ if (PSA_ALG_FULL_LENGTH_MAC(alg) == PSA_ALG_CMAC) {
/* Key buffer size for CMAC is dictated by the key bits set on the
* attributes, and previously validated by the core on key import. */
(void) key_buffer_size;
- status = cmac_setup( operation, attributes, key_buffer );
- }
- else
+ status = cmac_setup(operation, attributes, key_buffer);
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
- if( PSA_ALG_IS_HMAC( alg ) )
- {
- status = psa_hmac_setup_internal( &operation->ctx.hmac,
- key_buffer,
- key_buffer_size,
- PSA_ALG_HMAC_GET_HASH( alg ) );
- }
- else
+ if (PSA_ALG_IS_HMAC(alg)) {
+ status = psa_hmac_setup_internal(&operation->ctx.hmac,
+ key_buffer,
+ key_buffer_size,
+ PSA_ALG_HMAC_GET_HASH(alg));
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
{
(void) attributes;
@@ -316,10 +320,11 @@
status = PSA_ERROR_NOT_SUPPORTED;
}
- if( status != PSA_SUCCESS )
- mbedtls_psa_mac_abort( operation );
+ if (status != PSA_SUCCESS) {
+ mbedtls_psa_mac_abort(operation);
+ }
- return( status );
+ return status;
}
psa_status_t mbedtls_psa_mac_sign_setup(
@@ -327,10 +332,10 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
- return( psa_mac_setup( operation, attributes,
- key_buffer, key_buffer_size, alg ) );
+ return psa_mac_setup(operation, attributes,
+ key_buffer, key_buffer_size, alg);
}
psa_status_t mbedtls_psa_mac_verify_setup(
@@ -338,69 +343,63 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
- return( psa_mac_setup( operation, attributes,
- key_buffer, key_buffer_size, alg ) );
+ return psa_mac_setup(operation, attributes,
+ key_buffer, key_buffer_size, alg);
}
psa_status_t mbedtls_psa_mac_update(
mbedtls_psa_mac_operation_t *operation,
const uint8_t *input,
- size_t input_length )
+ size_t input_length)
{
- if( operation->alg == 0 )
- return( PSA_ERROR_BAD_STATE );
+ if (operation->alg == 0) {
+ return PSA_ERROR_BAD_STATE;
+ }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
- if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
- {
- return( mbedtls_to_psa_error(
- mbedtls_cipher_cmac_update( &operation->ctx.cmac,
- input, input_length ) ) );
- }
- else
+ if (PSA_ALG_FULL_LENGTH_MAC(operation->alg) == PSA_ALG_CMAC) {
+ return mbedtls_to_psa_error(
+ mbedtls_cipher_cmac_update(&operation->ctx.cmac,
+ input, input_length));
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
- if( PSA_ALG_IS_HMAC( operation->alg ) )
- {
- return( psa_hmac_update_internal( &operation->ctx.hmac,
- input, input_length ) );
- }
- else
+ if (PSA_ALG_IS_HMAC(operation->alg)) {
+ return psa_hmac_update_internal(&operation->ctx.hmac,
+ input, input_length);
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
{
/* This shouldn't happen if `operation` was initialized by
* a setup function. */
(void) input;
(void) input_length;
- return( PSA_ERROR_BAD_STATE );
+ return PSA_ERROR_BAD_STATE;
}
}
static psa_status_t psa_mac_finish_internal(
mbedtls_psa_mac_operation_t *operation,
- uint8_t *mac, size_t mac_size )
+ uint8_t *mac, size_t mac_size)
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
- if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
- {
+ if (PSA_ALG_FULL_LENGTH_MAC(operation->alg) == PSA_ALG_CMAC) {
uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE];
- int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
- if( ret == 0 )
- memcpy( mac, tmp, mac_size );
- mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
- return( mbedtls_to_psa_error( ret ) );
- }
- else
+ int ret = mbedtls_cipher_cmac_finish(&operation->ctx.cmac, tmp);
+ if (ret == 0) {
+ memcpy(mac, tmp, mac_size);
+ }
+ mbedtls_platform_zeroize(tmp, sizeof(tmp));
+ return mbedtls_to_psa_error(ret);
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
- if( PSA_ALG_IS_HMAC( operation->alg ) )
- {
- return( psa_hmac_finish_internal( &operation->ctx.hmac,
- mac, mac_size ) );
- }
- else
+ if (PSA_ALG_IS_HMAC(operation->alg)) {
+ return psa_hmac_finish_internal(&operation->ctx.hmac,
+ mac, mac_size);
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
{
/* This shouldn't happen if `operation` was initialized by
@@ -408,7 +407,7 @@
(void) operation;
(void) mac;
(void) mac_size;
- return( PSA_ERROR_BAD_STATE );
+ return PSA_ERROR_BAD_STATE;
}
}
@@ -416,46 +415,52 @@
mbedtls_psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
- size_t *mac_length )
+ size_t *mac_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->alg == 0 )
- return( PSA_ERROR_BAD_STATE );
+ if (operation->alg == 0) {
+ return PSA_ERROR_BAD_STATE;
+ }
- status = psa_mac_finish_internal( operation, mac, mac_size );
- if( status == PSA_SUCCESS )
+ status = psa_mac_finish_internal(operation, mac, mac_size);
+ if (status == PSA_SUCCESS) {
*mac_length = mac_size;
+ }
- return( status );
+ return status;
}
psa_status_t mbedtls_psa_mac_verify_finish(
mbedtls_psa_mac_operation_t *operation,
const uint8_t *mac,
- size_t mac_length )
+ size_t mac_length)
{
uint8_t actual_mac[PSA_MAC_MAX_SIZE];
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->alg == 0 )
- return( PSA_ERROR_BAD_STATE );
+ if (operation->alg == 0) {
+ return PSA_ERROR_BAD_STATE;
+ }
/* Consistency check: requested MAC length fits our local buffer */
- if( mac_length > sizeof( actual_mac ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (mac_length > sizeof(actual_mac)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- status = psa_mac_finish_internal( operation, actual_mac, mac_length );
- if( status != PSA_SUCCESS )
+ status = psa_mac_finish_internal(operation, actual_mac, mac_length);
+ if (status != PSA_SUCCESS) {
goto cleanup;
+ }
- if( mbedtls_psa_safer_memcmp( mac, actual_mac, mac_length ) != 0 )
+ if (mbedtls_psa_safer_memcmp(mac, actual_mac, mac_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
+ }
cleanup:
- mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
+ mbedtls_platform_zeroize(actual_mac, sizeof(actual_mac));
- return( status );
+ return status;
}
psa_status_t mbedtls_psa_mac_compute(
@@ -467,32 +472,34 @@
size_t input_length,
uint8_t *mac,
size_t mac_size,
- size_t *mac_length )
+ size_t *mac_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_psa_mac_operation_t operation = MBEDTLS_PSA_MAC_OPERATION_INIT;
- status = psa_mac_setup( &operation,
- attributes, key_buffer, key_buffer_size,
- alg );
- if( status != PSA_SUCCESS )
+ status = psa_mac_setup(&operation,
+ attributes, key_buffer, key_buffer_size,
+ alg);
+ if (status != PSA_SUCCESS) {
goto exit;
-
- if( input_length > 0 )
- {
- status = mbedtls_psa_mac_update( &operation, input, input_length );
- if( status != PSA_SUCCESS )
- goto exit;
}
- status = psa_mac_finish_internal( &operation, mac, mac_size );
- if( status == PSA_SUCCESS )
+ if (input_length > 0) {
+ status = mbedtls_psa_mac_update(&operation, input, input_length);
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+ }
+
+ status = psa_mac_finish_internal(&operation, mac, mac_size);
+ if (status == PSA_SUCCESS) {
*mac_length = mac_size;
+ }
exit:
- mbedtls_psa_mac_abort( &operation );
+ mbedtls_psa_mac_abort(&operation);
- return( status );
+ return status;
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || MBEDTLS_PSA_BUILTIN_ALG_CMAC */
diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h
index a821e74..21c4de6 100644
--- a/library/psa_crypto_mac.h
+++ b/library/psa_crypto_mac.h
@@ -164,7 +164,7 @@
psa_status_t mbedtls_psa_mac_update(
mbedtls_psa_mac_operation_t *operation,
const uint8_t *input,
- size_t input_length );
+ size_t input_length);
/** Finish the calculation of the MAC of a message using Mbed TLS.
*
@@ -207,7 +207,7 @@
mbedtls_psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
- size_t *mac_length );
+ size_t *mac_length);
/** Finish the calculation of the MAC of a message and compare it with
* an expected value using Mbed TLS.
@@ -247,7 +247,7 @@
psa_status_t mbedtls_psa_mac_verify_finish(
mbedtls_psa_mac_operation_t *operation,
const uint8_t *mac,
- size_t mac_length );
+ size_t mac_length);
/** Abort a MAC operation using Mbed TLS.
*
@@ -271,6 +271,6 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t mbedtls_psa_mac_abort(
- mbedtls_psa_mac_operation_t *operation );
+ mbedtls_psa_mac_operation_t *operation);
#endif /* PSA_CRYPTO_MAC_H */
diff --git a/library/psa_crypto_random_impl.h b/library/psa_crypto_random_impl.h
index 3c4c09a..f1a2af1 100644
--- a/library/psa_crypto_random_impl.h
+++ b/library/psa_crypto_random_impl.h
@@ -41,9 +41,9 @@
typedef mbedtls_psa_external_random_context_t mbedtls_psa_random_context_t;
/* Trivial wrapper around psa_generate_random(). */
-int mbedtls_psa_get_random( void *p_rng,
- unsigned char *output,
- size_t output_size );
+int mbedtls_psa_get_random(void *p_rng,
+ unsigned char *output,
+ size_t output_size);
/* The PSA RNG API doesn't need any externally maintained state. */
#define MBEDTLS_PSA_RANDOM_STATE NULL
@@ -89,12 +89,12 @@
*
* \param p_rng Pointer to the Mbed TLS DRBG state.
*/
-static inline void mbedtls_psa_drbg_init( mbedtls_psa_drbg_context_t *p_rng )
+static inline void mbedtls_psa_drbg_init(mbedtls_psa_drbg_context_t *p_rng)
{
#if defined(MBEDTLS_CTR_DRBG_C)
- mbedtls_ctr_drbg_init( p_rng );
+ mbedtls_ctr_drbg_init(p_rng);
#elif defined(MBEDTLS_HMAC_DRBG_C)
- mbedtls_hmac_drbg_init( p_rng );
+ mbedtls_hmac_drbg_init(p_rng);
#endif
}
@@ -102,12 +102,12 @@
*
* \param p_rng Pointer to the Mbed TLS DRBG state.
*/
-static inline void mbedtls_psa_drbg_free( mbedtls_psa_drbg_context_t *p_rng )
+static inline void mbedtls_psa_drbg_free(mbedtls_psa_drbg_context_t *p_rng)
{
#if defined(MBEDTLS_CTR_DRBG_C)
- mbedtls_ctr_drbg_free( p_rng );
+ mbedtls_ctr_drbg_free(p_rng);
#elif defined(MBEDTLS_HMAC_DRBG_C)
- mbedtls_hmac_drbg_free( p_rng );
+ mbedtls_hmac_drbg_free(p_rng);
#endif
}
@@ -116,10 +116,9 @@
* The random generator context is composed of an entropy context and
* a DRBG context.
*/
-typedef struct
-{
- void (* entropy_init )( mbedtls_entropy_context *ctx );
- void (* entropy_free )( mbedtls_entropy_context *ctx );
+typedef struct {
+ void (* entropy_init)(mbedtls_entropy_context *ctx);
+ void (* entropy_free)(mbedtls_entropy_context *ctx);
mbedtls_entropy_context entropy;
mbedtls_psa_drbg_context_t drbg;
} mbedtls_psa_random_context_t;
@@ -182,21 +181,21 @@
*/
static inline int mbedtls_psa_drbg_seed(
mbedtls_entropy_context *entropy,
- const unsigned char *custom, size_t len )
+ const unsigned char *custom, size_t len)
{
#if defined(MBEDTLS_CTR_DRBG_C)
- return( mbedtls_ctr_drbg_seed( MBEDTLS_PSA_RANDOM_STATE,
- mbedtls_entropy_func,
- entropy,
- custom, len ) );
+ return mbedtls_ctr_drbg_seed(MBEDTLS_PSA_RANDOM_STATE,
+ mbedtls_entropy_func,
+ entropy,
+ custom, len);
#elif defined(MBEDTLS_HMAC_DRBG_C)
const mbedtls_md_info_t *md_info =
- mbedtls_md_info_from_type( MBEDTLS_PSA_HMAC_DRBG_MD_TYPE );
- return( mbedtls_hmac_drbg_seed( MBEDTLS_PSA_RANDOM_STATE,
- md_info,
- mbedtls_entropy_func,
- entropy,
- custom, len ) );
+ mbedtls_md_info_from_type(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE);
+ return mbedtls_hmac_drbg_seed(MBEDTLS_PSA_RANDOM_STATE,
+ md_info,
+ mbedtls_entropy_func,
+ entropy,
+ custom, len);
#endif
}
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index d07cdce..853a044 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -50,45 +50,46 @@
* way to return the exact bit size of a key.
* To keep things simple, reject non-byte-aligned key sizes. */
static psa_status_t psa_check_rsa_key_byte_aligned(
- const mbedtls_rsa_context *rsa )
+ const mbedtls_rsa_context *rsa)
{
mbedtls_mpi n;
psa_status_t status;
- mbedtls_mpi_init( &n );
+ mbedtls_mpi_init(&n);
status = mbedtls_to_psa_error(
- mbedtls_rsa_export( rsa, &n, NULL, NULL, NULL, NULL ) );
- if( status == PSA_SUCCESS )
- {
- if( mbedtls_mpi_bitlen( &n ) % 8 != 0 )
+ mbedtls_rsa_export(rsa, &n, NULL, NULL, NULL, NULL));
+ if (status == PSA_SUCCESS) {
+ if (mbedtls_mpi_bitlen(&n) % 8 != 0) {
status = PSA_ERROR_NOT_SUPPORTED;
+ }
}
- mbedtls_mpi_free( &n );
- return( status );
+ mbedtls_mpi_free(&n);
+ return status;
}
psa_status_t mbedtls_psa_rsa_load_representation(
psa_key_type_t type, const uint8_t *data, size_t data_length,
- mbedtls_rsa_context **p_rsa )
+ mbedtls_rsa_context **p_rsa)
{
psa_status_t status;
mbedtls_pk_context ctx;
size_t bits;
- mbedtls_pk_init( &ctx );
+ mbedtls_pk_init(&ctx);
/* Parse the data. */
- if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
+ if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
status = mbedtls_to_psa_error(
- mbedtls_pk_parse_key( &ctx, data, data_length, NULL, 0 ) );
- else
+ mbedtls_pk_parse_key(&ctx, data, data_length, NULL, 0));
+ } else {
status = mbedtls_to_psa_error(
- mbedtls_pk_parse_public_key( &ctx, data, data_length ) );
- if( status != PSA_SUCCESS )
+ mbedtls_pk_parse_public_key(&ctx, data, data_length));
+ }
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* We have something that the pkparse module recognizes. If it is a
* valid RSA key, store it. */
- if( mbedtls_pk_get_type( &ctx ) != MBEDTLS_PK_RSA )
- {
+ if (mbedtls_pk_get_type(&ctx) != MBEDTLS_PK_RSA) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
@@ -96,24 +97,24 @@
/* The size of an RSA key doesn't have to be a multiple of 8. Mbed TLS
* supports non-byte-aligned key sizes, but not well. For example,
* mbedtls_rsa_get_len() returns the key size in bytes, not in bits. */
- bits = PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( mbedtls_pk_rsa( ctx ) ) );
- if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
- {
+ bits = PSA_BYTES_TO_BITS(mbedtls_rsa_get_len(mbedtls_pk_rsa(ctx)));
+ if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) {
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
- status = psa_check_rsa_key_byte_aligned( mbedtls_pk_rsa( ctx ) );
- if( status != PSA_SUCCESS )
+ status = psa_check_rsa_key_byte_aligned(mbedtls_pk_rsa(ctx));
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* Copy out the pointer to the RSA context, and reset the PK context
* such that pk_free doesn't free the RSA context we just grabbed. */
- *p_rsa = mbedtls_pk_rsa( ctx );
+ *p_rsa = mbedtls_pk_rsa(ctx);
ctx.pk_info = NULL;
exit:
- mbedtls_pk_free( &ctx );
- return( status );
+ mbedtls_pk_free(&ctx);
+ return status;
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
@@ -129,179 +130,182 @@
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
- size_t *key_buffer_length, size_t *bits )
+ size_t *key_buffer_length, size_t *bits)
{
psa_status_t status;
mbedtls_rsa_context *rsa = NULL;
/* Parse input */
- status = mbedtls_psa_rsa_load_representation( attributes->core.type,
- data,
- data_length,
- &rsa );
- if( status != PSA_SUCCESS )
+ status = mbedtls_psa_rsa_load_representation(attributes->core.type,
+ data,
+ data_length,
+ &rsa);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- *bits = (psa_key_bits_t) PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( rsa ) );
+ *bits = (psa_key_bits_t) PSA_BYTES_TO_BITS(mbedtls_rsa_get_len(rsa));
/* Re-export the data to PSA export format, such that we can store export
* representation in the key slot. Export representation in case of RSA is
* the smallest representation that's allowed as input, so a straight-up
* allocation of the same size as the input buffer will be large enough. */
- status = mbedtls_psa_rsa_export_key( attributes->core.type,
- rsa,
- key_buffer,
- key_buffer_size,
- key_buffer_length );
+ status = mbedtls_psa_rsa_export_key(attributes->core.type,
+ rsa,
+ key_buffer,
+ key_buffer_size,
+ key_buffer_length);
exit:
/* Always free the RSA object */
- mbedtls_rsa_free( rsa );
- mbedtls_free( rsa );
+ mbedtls_rsa_free(rsa);
+ mbedtls_free(rsa);
- return( status );
+ return status;
}
-psa_status_t mbedtls_psa_rsa_export_key( psa_key_type_t type,
- mbedtls_rsa_context *rsa,
- uint8_t *data,
- size_t data_size,
- size_t *data_length )
+psa_status_t mbedtls_psa_rsa_export_key(psa_key_type_t type,
+ mbedtls_rsa_context *rsa,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length)
{
#if defined(MBEDTLS_PK_WRITE_C)
int ret;
mbedtls_pk_context pk;
uint8_t *pos = data + data_size;
- mbedtls_pk_init( &pk );
+ mbedtls_pk_init(&pk);
pk.pk_info = &mbedtls_rsa_info;
pk.pk_ctx = rsa;
/* PSA Crypto API defines the format of an RSA key as a DER-encoded
* representation of the non-encrypted PKCS#1 RSAPrivateKey for a
* private key and of the RFC3279 RSAPublicKey for a public key. */
- if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
- ret = mbedtls_pk_write_key_der( &pk, data, data_size );
- else
- ret = mbedtls_pk_write_pubkey( &pos, data, &pk );
+ if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
+ ret = mbedtls_pk_write_key_der(&pk, data, data_size);
+ } else {
+ ret = mbedtls_pk_write_pubkey(&pos, data, &pk);
+ }
- if( ret < 0 )
- {
+ if (ret < 0) {
/* Clean up in case pk_write failed halfway through. */
- memset( data, 0, data_size );
- return( mbedtls_to_psa_error( ret ) );
+ memset(data, 0, data_size);
+ return mbedtls_to_psa_error(ret);
}
/* The mbedtls_pk_xxx functions write to the end of the buffer.
* Move the data to the beginning and erase remaining data
* at the original location. */
- if( 2 * (size_t) ret <= data_size )
- {
- memcpy( data, data + data_size - ret, ret );
- memset( data + data_size - ret, 0, ret );
- }
- else if( (size_t) ret < data_size )
- {
- memmove( data, data + data_size - ret, ret );
- memset( data + ret, 0, data_size - ret );
+ if (2 * (size_t) ret <= data_size) {
+ memcpy(data, data + data_size - ret, ret);
+ memset(data + data_size - ret, 0, ret);
+ } else if ((size_t) ret < data_size) {
+ memmove(data, data + data_size - ret, ret);
+ memset(data + ret, 0, data_size - ret);
}
*data_length = ret;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
#else
(void) type;
(void) rsa;
(void) data;
(void) data_size;
(void) data_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
#endif /* MBEDTLS_PK_WRITE_C */
}
psa_status_t mbedtls_psa_rsa_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length )
+ uint8_t *data, size_t data_size, size_t *data_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_rsa_context *rsa = NULL;
status = mbedtls_psa_rsa_load_representation(
- attributes->core.type, key_buffer, key_buffer_size, &rsa );
- if( status != PSA_SUCCESS )
- return( status );
+ attributes->core.type, key_buffer, key_buffer_size, &rsa);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- status = mbedtls_psa_rsa_export_key( PSA_KEY_TYPE_RSA_PUBLIC_KEY,
- rsa,
- data,
- data_size,
- data_length );
+ status = mbedtls_psa_rsa_export_key(PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+ rsa,
+ data,
+ data_size,
+ data_length);
- mbedtls_rsa_free( rsa );
- mbedtls_free( rsa );
+ mbedtls_rsa_free(rsa);
+ mbedtls_free(rsa);
- return( status );
+ return status;
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
defined(MBEDTLS_GENPRIME)
-static psa_status_t psa_rsa_read_exponent( const uint8_t *domain_parameters,
- size_t domain_parameters_size,
- int *exponent )
+static psa_status_t psa_rsa_read_exponent(const uint8_t *domain_parameters,
+ size_t domain_parameters_size,
+ int *exponent)
{
size_t i;
uint32_t acc = 0;
- if( domain_parameters_size == 0 )
- {
+ if (domain_parameters_size == 0) {
*exponent = 65537;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/* Mbed TLS encodes the public exponent as an int. For simplicity, only
* support values that fit in a 32-bit integer, which is larger than
* int on just about every platform anyway. */
- if( domain_parameters_size > sizeof( acc ) )
- return( PSA_ERROR_NOT_SUPPORTED );
- for( i = 0; i < domain_parameters_size; i++ )
- acc = ( acc << 8 ) | domain_parameters[i];
- if( acc > INT_MAX )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (domain_parameters_size > sizeof(acc)) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ for (i = 0; i < domain_parameters_size; i++) {
+ acc = (acc << 8) | domain_parameters[i];
+ }
+ if (acc > INT_MAX) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
*exponent = acc;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
psa_status_t mbedtls_psa_rsa_generate_key(
const psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
{
psa_status_t status;
mbedtls_rsa_context rsa;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int exponent;
- status = psa_rsa_read_exponent( attributes->domain_parameters,
- attributes->domain_parameters_size,
- &exponent );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_rsa_read_exponent(attributes->domain_parameters,
+ attributes->domain_parameters_size,
+ &exponent);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
- ret = mbedtls_rsa_gen_key( &rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- (unsigned int)attributes->core.bits,
- exponent );
- if( ret != 0 )
- return( mbedtls_to_psa_error( ret ) );
+ mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE);
+ ret = mbedtls_rsa_gen_key(&rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ (unsigned int) attributes->core.bits,
+ exponent);
+ if (ret != 0) {
+ return mbedtls_to_psa_error(ret);
+ }
- status = mbedtls_psa_rsa_export_key( attributes->core.type,
- &rsa, key_buffer, key_buffer_size,
- key_buffer_length );
- mbedtls_rsa_free( &rsa );
+ status = mbedtls_psa_rsa_export_key(attributes->core.type,
+ &rsa, key_buffer, key_buffer_size,
+ key_buffer_length);
+ mbedtls_rsa_free(&rsa);
- return( status );
+ return status;
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
* defined(MBEDTLS_GENPRIME) */
@@ -315,127 +319,129 @@
/* Decode the hash algorithm from alg and store the mbedtls encoding in
* md_alg. Verify that the hash length is acceptable. */
-static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
- size_t hash_length,
- mbedtls_md_type_t *md_alg )
+static psa_status_t psa_rsa_decode_md_type(psa_algorithm_t alg,
+ size_t hash_length,
+ mbedtls_md_type_t *md_alg)
{
- psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
- *md_alg = mbedtls_md_get_type( md_info );
+ psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa(hash_alg);
+ *md_alg = mbedtls_md_get_type(md_info);
/* The Mbed TLS RSA module uses an unsigned int for hash length
* parameters. Validate that it fits so that we don't risk an
* overflow later. */
#if SIZE_MAX > UINT_MAX
- if( hash_length > UINT_MAX )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (hash_length > UINT_MAX) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
#endif
/* For signatures using a hash, the hash length must be correct. */
- if( alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
- {
- if( md_info == NULL )
- return( PSA_ERROR_NOT_SUPPORTED );
- if( mbedtls_md_get_size( md_info ) != hash_length )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW) {
+ if (md_info == NULL) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ if (mbedtls_md_get_size(md_info) != hash_length) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
psa_status_t mbedtls_psa_rsa_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length )
+ uint8_t *signature, size_t signature_size, size_t *signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_rsa_context *rsa = NULL;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_type_t md_alg;
- status = mbedtls_psa_rsa_load_representation( attributes->core.type,
- key_buffer,
- key_buffer_size,
- &rsa );
- if( status != PSA_SUCCESS )
- return( status );
+ status = mbedtls_psa_rsa_load_representation(attributes->core.type,
+ key_buffer,
+ key_buffer_size,
+ &rsa);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
- if( status != PSA_SUCCESS )
+ status = psa_rsa_decode_md_type(alg, hash_length, &md_alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( signature_size < mbedtls_rsa_get_len( rsa ) )
- {
+ if (signature_size < mbedtls_rsa_get_len(rsa)) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
- if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
- {
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
- MBEDTLS_MD_NONE );
- ret = mbedtls_rsa_pkcs1_sign( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PRIVATE,
- md_alg,
- (unsigned int) hash_length,
- hash,
- signature );
- }
- else
+ if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)) {
+ mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V15,
+ MBEDTLS_MD_NONE);
+ ret = mbedtls_rsa_pkcs1_sign(rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ MBEDTLS_RSA_PRIVATE,
+ md_alg,
+ (unsigned int) hash_length,
+ hash,
+ signature);
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
- if( PSA_ALG_IS_RSA_PSS( alg ) )
- {
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
- ret = mbedtls_rsa_rsassa_pss_sign( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PRIVATE,
- MBEDTLS_MD_NONE,
- (unsigned int) hash_length,
- hash,
- signature );
- }
- else
+ if (PSA_ALG_IS_RSA_PSS(alg)) {
+ mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_alg);
+ ret = mbedtls_rsa_rsassa_pss_sign(rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ MBEDTLS_RSA_PRIVATE,
+ MBEDTLS_MD_NONE,
+ (unsigned int) hash_length,
+ hash,
+ signature);
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
- if( ret == 0 )
- *signature_length = mbedtls_rsa_get_len( rsa );
- status = mbedtls_to_psa_error( ret );
+ if (ret == 0) {
+ *signature_length = mbedtls_rsa_get_len(rsa);
+ }
+ status = mbedtls_to_psa_error(ret);
exit:
- mbedtls_rsa_free( rsa );
- mbedtls_free( rsa );
+ mbedtls_rsa_free(rsa);
+ mbedtls_free(rsa);
- return( status );
+ return status;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
-static int rsa_pss_expected_salt_len( psa_algorithm_t alg,
- const mbedtls_rsa_context *rsa,
- size_t hash_length )
+static int rsa_pss_expected_salt_len(psa_algorithm_t alg,
+ const mbedtls_rsa_context *rsa,
+ size_t hash_length)
{
- if( PSA_ALG_IS_RSA_PSS_ANY_SALT( alg ) )
- return( MBEDTLS_RSA_SALT_LEN_ANY );
+ if (PSA_ALG_IS_RSA_PSS_ANY_SALT(alg)) {
+ return MBEDTLS_RSA_SALT_LEN_ANY;
+ }
/* Otherwise: standard salt length, i.e. largest possible salt length
* up to the hash length. */
- int klen = (int) mbedtls_rsa_get_len( rsa ); // known to fit
+ int klen = (int) mbedtls_rsa_get_len(rsa); // known to fit
int hlen = (int) hash_length; // known to fit
int room = klen - 2 - hlen;
- if( room < 0 )
- return( 0 ); // there is no valid signature in this case anyway
- else if( room > hlen )
- return( hlen );
- else
- return( room );
+ if (room < 0) {
+ return 0; // there is no valid signature in this case anyway
+ } else if (room > hlen) {
+ return hlen;
+ } else {
+ return room;
+ }
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
@@ -443,63 +449,60 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length )
+ const uint8_t *signature, size_t signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_rsa_context *rsa = NULL;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_type_t md_alg;
- status = mbedtls_psa_rsa_load_representation( attributes->core.type,
- key_buffer,
- key_buffer_size,
- &rsa );
- if( status != PSA_SUCCESS )
+ status = mbedtls_psa_rsa_load_representation(attributes->core.type,
+ key_buffer,
+ key_buffer_size,
+ &rsa);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
- if( status != PSA_SUCCESS )
+ status = psa_rsa_decode_md_type(alg, hash_length, &md_alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( signature_length != mbedtls_rsa_get_len( rsa ) )
- {
+ if (signature_length != mbedtls_rsa_get_len(rsa)) {
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
- if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
- {
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
- MBEDTLS_MD_NONE );
- ret = mbedtls_rsa_pkcs1_verify( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PUBLIC,
- md_alg,
- (unsigned int) hash_length,
- hash,
- signature );
- }
- else
+ if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)) {
+ mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V15,
+ MBEDTLS_MD_NONE);
+ ret = mbedtls_rsa_pkcs1_verify(rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ MBEDTLS_RSA_PUBLIC,
+ md_alg,
+ (unsigned int) hash_length,
+ hash,
+ signature);
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
- if( PSA_ALG_IS_RSA_PSS( alg ) )
- {
- int slen = rsa_pss_expected_salt_len( alg, rsa, hash_length );
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
- ret = mbedtls_rsa_rsassa_pss_verify_ext( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PUBLIC,
- md_alg,
- (unsigned int) hash_length,
- hash,
- md_alg,
- slen,
- signature );
- }
- else
+ if (PSA_ALG_IS_RSA_PSS(alg)) {
+ int slen = rsa_pss_expected_salt_len(alg, rsa, hash_length);
+ mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_alg);
+ ret = mbedtls_rsa_rsassa_pss_verify_ext(rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ MBEDTLS_RSA_PUBLIC,
+ md_alg,
+ (unsigned int) hash_length,
+ hash,
+ md_alg,
+ slen,
+ signature);
+ } else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
{
status = PSA_ERROR_INVALID_ARGUMENT;
@@ -509,15 +512,15 @@
/* Mbed TLS distinguishes "invalid padding" from "valid padding but
* the rest of the signature is invalid". This has little use in
* practice and PSA doesn't report this distinction. */
- status = ( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) ?
+ status = (ret == MBEDTLS_ERR_RSA_INVALID_PADDING) ?
PSA_ERROR_INVALID_SIGNATURE :
- mbedtls_to_psa_error( ret );
+ mbedtls_to_psa_error(ret);
exit:
- mbedtls_rsa_free( rsa );
- mbedtls_free( rsa );
+ mbedtls_rsa_free(rsa);
+ mbedtls_free(rsa);
- return( status );
+ return status;
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h
index b76613e..cee2f52 100644
--- a/library/psa_crypto_rsa.h
+++ b/library/psa_crypto_rsa.h
@@ -34,10 +34,10 @@
* contents of the context and the context itself
* when done.
*/
-psa_status_t mbedtls_psa_rsa_load_representation( psa_key_type_t type,
- const uint8_t *data,
- size_t data_length,
- mbedtls_rsa_context **p_rsa );
+psa_status_t mbedtls_psa_rsa_load_representation(psa_key_type_t type,
+ const uint8_t *data,
+ size_t data_length,
+ mbedtls_rsa_context **p_rsa);
/** Import an RSA key in binary format.
*
@@ -69,7 +69,7 @@
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
- size_t *key_buffer_length, size_t *bits );
+ size_t *key_buffer_length, size_t *bits);
/** Export an RSA key to export representation
*
@@ -79,11 +79,11 @@
* \param[in] data_size The length of the buffer to export to
* \param[out] data_length The amount of bytes written to \p data
*/
-psa_status_t mbedtls_psa_rsa_export_key( psa_key_type_t type,
- mbedtls_rsa_context *rsa,
- uint8_t *data,
- size_t data_size,
- size_t *data_length );
+psa_status_t mbedtls_psa_rsa_export_key(psa_key_type_t type,
+ mbedtls_rsa_context *rsa,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length);
/** Export a public RSA key or the public part of an RSA key pair in binary
* format.
@@ -112,7 +112,7 @@
psa_status_t mbedtls_psa_rsa_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length );
+ uint8_t *data, size_t data_size, size_t *data_length);
/**
* \brief Generate an RSA key.
@@ -135,7 +135,7 @@
*/
psa_status_t mbedtls_psa_rsa_generate_key(
const psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
/** Sign an already-calculated hash with an RSA private key.
*
@@ -174,7 +174,7 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length );
+ uint8_t *signature, size_t signature_size, size_t *signature_length);
/**
* \brief Verify the signature a hash or short message using a public RSA key.
@@ -210,6 +210,6 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length );
+ const uint8_t *signature, size_t signature_length);
#endif /* PSA_CRYPTO_RSA_H */
diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c
index 87d2634..b660393 100644
--- a/library/psa_crypto_se.c
+++ b/library/psa_crypto_se.c
@@ -48,19 +48,16 @@
/* This structure is identical to psa_drv_se_context_t declared in
* `crypto_se_driver.h`, except that some parts are writable here
* (non-const, or pointer to non-const). */
-typedef struct
-{
+typedef struct {
void *persistent_data;
size_t persistent_data_size;
uintptr_t transient_data;
} psa_drv_se_internal_context_t;
-struct psa_se_drv_table_entry_s
-{
+struct psa_se_drv_table_entry_s {
psa_key_location_t location;
const psa_drv_se_t *methods;
- union
- {
+ union {
psa_drv_se_internal_context_t internal;
psa_drv_se_context_t context;
} u;
@@ -69,46 +66,49 @@
static psa_se_drv_table_entry_t driver_table[PSA_MAX_SE_DRIVERS];
psa_se_drv_table_entry_t *psa_get_se_driver_entry(
- psa_key_lifetime_t lifetime )
+ psa_key_lifetime_t lifetime)
{
size_t i;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime);
/* In the driver table, location=0 means an entry that isn't used.
* No driver has a location of 0 because it's a reserved value
* (which designates transparent keys). Make sure we never return
* a driver entry for location 0. */
- if( location == 0 )
- return( NULL );
- for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
- {
- if( driver_table[i].location == location )
- return( &driver_table[i] );
+ if (location == 0) {
+ return NULL;
}
- return( NULL );
+ for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) {
+ if (driver_table[i].location == location) {
+ return &driver_table[i];
+ }
+ }
+ return NULL;
}
const psa_drv_se_t *psa_get_se_driver_methods(
- const psa_se_drv_table_entry_t *driver )
+ const psa_se_drv_table_entry_t *driver)
{
- return( driver->methods );
+ return driver->methods;
}
psa_drv_se_context_t *psa_get_se_driver_context(
- psa_se_drv_table_entry_t *driver )
+ psa_se_drv_table_entry_t *driver)
{
- return( &driver->u.context );
+ return &driver->u.context;
}
-int psa_get_se_driver( psa_key_lifetime_t lifetime,
- const psa_drv_se_t **p_methods,
- psa_drv_se_context_t **p_drv_context)
+int psa_get_se_driver(psa_key_lifetime_t lifetime,
+ const psa_drv_se_t **p_methods,
+ psa_drv_se_context_t **p_drv_context)
{
- psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry( lifetime );
- if( p_methods != NULL )
- *p_methods = ( driver ? driver->methods : NULL );
- if( p_drv_context != NULL )
- *p_drv_context = ( driver ? &driver->u.context : NULL );
- return( driver != NULL );
+ psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry(lifetime);
+ if (p_methods != NULL) {
+ *p_methods = (driver ? driver->methods : NULL);
+ }
+ if (p_drv_context != NULL) {
+ *p_drv_context = (driver ? &driver->u.context : NULL);
+ }
+ return driver != NULL;
}
@@ -119,32 +119,35 @@
static psa_status_t psa_get_se_driver_its_file_uid(
const psa_se_drv_table_entry_t *driver,
- psa_storage_uid_t *uid )
+ psa_storage_uid_t *uid)
{
- if( driver->location > PSA_MAX_SE_LOCATION )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (driver->location > PSA_MAX_SE_LOCATION) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
#if SIZE_MAX > UINT32_MAX
/* ITS file sizes are limited to 32 bits. */
- if( driver->u.internal.persistent_data_size > UINT32_MAX )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (driver->u.internal.persistent_data_size > UINT32_MAX) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
#endif
/* See the documentation of PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. */
*uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->location;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
psa_status_t psa_load_se_persistent_data(
- const psa_se_drv_table_entry_t *driver )
+ const psa_se_drv_table_entry_t *driver)
{
psa_status_t status;
psa_storage_uid_t uid;
size_t length;
- status = psa_get_se_driver_its_file_uid( driver, &uid );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_se_driver_its_file_uid(driver, &uid);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/* Read the amount of persistent data that the driver requests.
* If the data in storage is larger, it is truncated. If the data
@@ -153,97 +156,98 @@
/* psa_get_se_driver_its_file_uid ensures that the size_t
* persistent_data_size is in range, but compilers don't know that,
* so cast to reassure them. */
- return( psa_its_get( uid, 0,
- (uint32_t) driver->u.internal.persistent_data_size,
- driver->u.internal.persistent_data,
- &length ) );
+ return psa_its_get(uid, 0,
+ (uint32_t) driver->u.internal.persistent_data_size,
+ driver->u.internal.persistent_data,
+ &length);
}
psa_status_t psa_save_se_persistent_data(
- const psa_se_drv_table_entry_t *driver )
+ const psa_se_drv_table_entry_t *driver)
{
psa_status_t status;
psa_storage_uid_t uid;
- status = psa_get_se_driver_its_file_uid( driver, &uid );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_se_driver_its_file_uid(driver, &uid);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/* psa_get_se_driver_its_file_uid ensures that the size_t
* persistent_data_size is in range, but compilers don't know that,
* so cast to reassure them. */
- return( psa_its_set( uid,
- (uint32_t) driver->u.internal.persistent_data_size,
- driver->u.internal.persistent_data,
- 0 ) );
+ return psa_its_set(uid,
+ (uint32_t) driver->u.internal.persistent_data_size,
+ driver->u.internal.persistent_data,
+ 0);
}
-psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location )
+psa_status_t psa_destroy_se_persistent_data(psa_key_location_t location)
{
psa_storage_uid_t uid;
- if( location > PSA_MAX_SE_LOCATION )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (location > PSA_MAX_SE_LOCATION) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + location;
- return( psa_its_remove( uid ) );
+ return psa_its_remove(uid);
}
psa_status_t psa_find_se_slot_for_key(
const psa_key_attributes_t *attributes,
psa_key_creation_method_t method,
psa_se_drv_table_entry_t *driver,
- psa_key_slot_number_t *slot_number )
+ psa_key_slot_number_t *slot_number)
{
psa_status_t status;
psa_key_location_t key_location =
- PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( attributes ) );
+ PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes));
/* If the location is wrong, it's a bug in the library. */
- if( driver->location != key_location )
- return( PSA_ERROR_CORRUPTION_DETECTED );
+ if (driver->location != key_location) {
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
/* If the driver doesn't support key creation in any way, give up now. */
- if( driver->methods->key_management == NULL )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (driver->methods->key_management == NULL) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
- if( psa_get_key_slot_number( attributes, slot_number ) == PSA_SUCCESS )
- {
+ if (psa_get_key_slot_number(attributes, slot_number) == PSA_SUCCESS) {
/* The application wants to use a specific slot. Allow it if
* the driver supports it. On a system with isolation,
* the crypto service must check that the application is
* permitted to request this slot. */
psa_drv_se_validate_slot_number_t p_validate_slot_number =
driver->methods->key_management->p_validate_slot_number;
- if( p_validate_slot_number == NULL )
- return( PSA_ERROR_NOT_SUPPORTED );
- status = p_validate_slot_number( &driver->u.context,
- driver->u.internal.persistent_data,
- attributes, method,
- *slot_number );
- }
- else if( method == PSA_KEY_CREATION_REGISTER )
- {
+ if (p_validate_slot_number == NULL) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ status = p_validate_slot_number(&driver->u.context,
+ driver->u.internal.persistent_data,
+ attributes, method,
+ *slot_number);
+ } else if (method == PSA_KEY_CREATION_REGISTER) {
/* The application didn't specify a slot number. This doesn't
* make sense when registering a slot. */
- return( PSA_ERROR_INVALID_ARGUMENT );
- }
- else
- {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ } else {
/* The application didn't tell us which slot to use. Let the driver
* choose. This is the normal case. */
psa_drv_se_allocate_key_t p_allocate =
driver->methods->key_management->p_allocate;
- if( p_allocate == NULL )
- return( PSA_ERROR_NOT_SUPPORTED );
- status = p_allocate( &driver->u.context,
- driver->u.internal.persistent_data,
- attributes, method,
- slot_number );
+ if (p_allocate == NULL) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ status = p_allocate(&driver->u.context,
+ driver->u.internal.persistent_data,
+ attributes, method,
+ slot_number);
}
- return( status );
+ return status;
}
-psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
- psa_key_slot_number_t slot_number )
+psa_status_t psa_destroy_se_key(psa_se_drv_table_entry_t *driver,
+ psa_key_slot_number_t slot_number)
{
psa_status_t status;
psa_status_t storage_status;
@@ -255,40 +259,42 @@
* locked in a read-only state: we can use the keys but not
* destroy them. Hence, if the driver doesn't support destroying
* keys, it's really a lack of permission. */
- if( driver->methods->key_management == NULL ||
- driver->methods->key_management->p_destroy == NULL )
- return( PSA_ERROR_NOT_PERMITTED );
+ if (driver->methods->key_management == NULL ||
+ driver->methods->key_management->p_destroy == NULL) {
+ return PSA_ERROR_NOT_PERMITTED;
+ }
status = driver->methods->key_management->p_destroy(
&driver->u.context,
driver->u.internal.persistent_data,
- slot_number );
- storage_status = psa_save_se_persistent_data( driver );
- return( status == PSA_SUCCESS ? storage_status : status );
+ slot_number);
+ storage_status = psa_save_se_persistent_data(driver);
+ return status == PSA_SUCCESS ? storage_status : status;
}
-psa_status_t psa_init_all_se_drivers( void )
+psa_status_t psa_init_all_se_drivers(void)
{
size_t i;
- for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
- {
+ for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) {
psa_se_drv_table_entry_t *driver = &driver_table[i];
- if( driver->location == 0 )
+ if (driver->location == 0) {
continue; /* skipping unused entry */
- const psa_drv_se_t *methods = psa_get_se_driver_methods( driver );
- if( methods->p_init != NULL )
- {
+ }
+ const psa_drv_se_t *methods = psa_get_se_driver_methods(driver);
+ if (methods->p_init != NULL) {
psa_status_t status = methods->p_init(
&driver->u.context,
driver->u.internal.persistent_data,
- driver->location );
- if( status != PSA_SUCCESS )
- return( status );
- status = psa_save_se_persistent_data( driver );
- if( status != PSA_SUCCESS )
- return( status );
+ driver->location);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ status = psa_save_se_persistent_data(driver);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
}
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
@@ -304,70 +310,74 @@
size_t i;
psa_status_t status;
- if( methods->hal_version != PSA_DRV_SE_HAL_VERSION )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (methods->hal_version != PSA_DRV_SE_HAL_VERSION) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
/* Driver table entries are 0-initialized. 0 is not a valid driver
* location because it means a transparent key. */
#if defined(static_assert)
- static_assert( PSA_KEY_LOCATION_LOCAL_STORAGE == 0,
- "Secure element support requires 0 to mean a local key" );
+ static_assert(PSA_KEY_LOCATION_LOCAL_STORAGE == 0,
+ "Secure element support requires 0 to mean a local key");
#endif
- if( location == PSA_KEY_LOCATION_LOCAL_STORAGE )
- return( PSA_ERROR_INVALID_ARGUMENT );
- if( location > PSA_MAX_SE_LOCATION )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (location == PSA_KEY_LOCATION_LOCAL_STORAGE) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ if (location > PSA_MAX_SE_LOCATION) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
- for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
- {
- if( driver_table[i].location == 0 )
+ for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) {
+ if (driver_table[i].location == 0) {
break;
+ }
/* Check that location isn't already in use up to the first free
* entry. Since entries are created in order and never deleted,
* there can't be a used entry after the first free entry. */
- if( driver_table[i].location == location )
- return( PSA_ERROR_ALREADY_EXISTS );
+ if (driver_table[i].location == location) {
+ return PSA_ERROR_ALREADY_EXISTS;
+ }
}
- if( i == PSA_MAX_SE_DRIVERS )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ if (i == PSA_MAX_SE_DRIVERS) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
driver_table[i].location = location;
driver_table[i].methods = methods;
driver_table[i].u.internal.persistent_data_size =
methods->persistent_data_size;
- if( methods->persistent_data_size != 0 )
- {
+ if (methods->persistent_data_size != 0) {
driver_table[i].u.internal.persistent_data =
- mbedtls_calloc( 1, methods->persistent_data_size );
- if( driver_table[i].u.internal.persistent_data == NULL )
- {
+ mbedtls_calloc(1, methods->persistent_data_size);
+ if (driver_table[i].u.internal.persistent_data == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto error;
}
/* Load the driver's persistent data. On first use, the persistent
* data does not exist in storage, and is initialized to
* all-bits-zero by the calloc call just above. */
- status = psa_load_se_persistent_data( &driver_table[i] );
- if( status != PSA_SUCCESS && status != PSA_ERROR_DOES_NOT_EXIST )
+ status = psa_load_se_persistent_data(&driver_table[i]);
+ if (status != PSA_SUCCESS && status != PSA_ERROR_DOES_NOT_EXIST) {
goto error;
+ }
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
error:
- memset( &driver_table[i], 0, sizeof( driver_table[i] ) );
- return( status );
+ memset(&driver_table[i], 0, sizeof(driver_table[i]));
+ return status;
}
-void psa_unregister_all_se_drivers( void )
+void psa_unregister_all_se_drivers(void)
{
size_t i;
- for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
- {
- if( driver_table[i].u.internal.persistent_data != NULL )
- mbedtls_free( driver_table[i].u.internal.persistent_data );
+ for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) {
+ if (driver_table[i].u.internal.persistent_data != NULL) {
+ mbedtls_free(driver_table[i].u.internal.persistent_data);
+ }
}
- memset( driver_table, 0, sizeof( driver_table ) );
+ memset(driver_table, 0, sizeof(driver_table));
}
diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h
index 6d965ee..373852d 100644
--- a/library/psa_crypto_se.h
+++ b/library/psa_crypto_se.h
@@ -51,7 +51,7 @@
* actually not used since it corresponds to #PSA_KEY_LOCATION_LOCAL_STORAGE
* which doesn't have a driver.
*/
-#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_key_id_t) 0xfffffe00 )
+#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ((psa_key_id_t) 0xfffffe00)
/** The maximum number of registered secure element driver locations. */
#define PSA_MAX_SE_DRIVERS 4
@@ -62,13 +62,13 @@
* state. This function is only intended to be called at the end
* of mbedtls_psa_crypto_free().
*/
-void psa_unregister_all_se_drivers( void );
+void psa_unregister_all_se_drivers(void);
/** Initialize all secure element drivers.
*
* Called from psa_crypto_init().
*/
-psa_status_t psa_init_all_se_drivers( void );
+psa_status_t psa_init_all_se_drivers(void);
/** A structure that describes a registered secure element driver.
*
@@ -93,9 +93,9 @@
* \retval 0
* \p lifetime does not correspond to a registered driver.
*/
-int psa_get_se_driver( psa_key_lifetime_t lifetime,
- const psa_drv_se_t **p_methods,
- psa_drv_se_context_t **p_drv_context);
+int psa_get_se_driver(psa_key_lifetime_t lifetime,
+ const psa_drv_se_t **p_methods,
+ psa_drv_se_context_t **p_drv_context);
/** Return the secure element driver table entry for a lifetime value.
*
@@ -105,7 +105,7 @@
* \p NULL if \p lifetime does not correspond to a registered driver.
*/
psa_se_drv_table_entry_t *psa_get_se_driver_entry(
- psa_key_lifetime_t lifetime );
+ psa_key_lifetime_t lifetime);
/** Return the method table for a secure element driver.
*
@@ -115,7 +115,7 @@
* \c NULL if \p driver is \c NULL.
*/
const psa_drv_se_t *psa_get_se_driver_methods(
- const psa_se_drv_table_entry_t *driver );
+ const psa_se_drv_table_entry_t *driver);
/** Return the context of a secure element driver.
*
@@ -125,7 +125,7 @@
* \c NULL if \p driver is \c NULL.
*/
psa_drv_se_context_t *psa_get_se_driver_context(
- psa_se_drv_table_entry_t *driver );
+ psa_se_drv_table_entry_t *driver);
/** Find a free slot for a key that is to be created.
*
@@ -141,15 +141,15 @@
const psa_key_attributes_t *attributes,
psa_key_creation_method_t method,
psa_se_drv_table_entry_t *driver,
- psa_key_slot_number_t *slot_number );
+ psa_key_slot_number_t *slot_number);
/** Destroy a key in a secure element.
*
* This function calls the relevant driver method to destroy a key
* and updates the driver's persistent data.
*/
-psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
- psa_key_slot_number_t slot_number );
+psa_status_t psa_destroy_se_key(psa_se_drv_table_entry_t *driver,
+ psa_key_slot_number_t slot_number);
/** Load the persistent data of a secure element driver.
*
@@ -164,7 +164,7 @@
* \return #PSA_ERROR_INVALID_ARGUMENT
*/
psa_status_t psa_load_se_persistent_data(
- const psa_se_drv_table_entry_t *driver );
+ const psa_se_drv_table_entry_t *driver);
/** Save the persistent data of a secure element driver.
*
@@ -180,7 +180,7 @@
* \return #PSA_ERROR_INVALID_ARGUMENT
*/
psa_status_t psa_save_se_persistent_data(
- const psa_se_drv_table_entry_t *driver );
+ const psa_se_drv_table_entry_t *driver);
/** Destroy the persistent data of a secure element driver.
*
@@ -189,14 +189,13 @@
* \param[in] location The location identifier for the driver whose
* persistent data is to be erased.
*/
-psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location );
+psa_status_t psa_destroy_se_persistent_data(psa_key_location_t location);
/** The storage representation of a key whose data is in a secure element.
*/
-typedef struct
-{
- uint8_t slot_number[sizeof( psa_key_slot_number_t )];
+typedef struct {
+ uint8_t slot_number[sizeof(psa_key_slot_number_t)];
} psa_se_key_data_storage_t;
#endif /* PSA_CRYPTO_SE_H */
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 3fba736..2d27902 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -36,30 +36,31 @@
#include <string.h>
#include "mbedtls/platform.h"
-#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
+#define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array)))
-typedef struct
-{
+typedef struct {
psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT];
unsigned key_slots_initialized : 1;
} psa_global_data_t;
static psa_global_data_t global_data;
-int psa_is_valid_key_id( mbedtls_svc_key_id_t key, int vendor_ok )
+int psa_is_valid_key_id(mbedtls_svc_key_id_t key, int vendor_ok)
{
- psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key );
+ psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key);
- if( ( PSA_KEY_ID_USER_MIN <= key_id ) &&
- ( key_id <= PSA_KEY_ID_USER_MAX ) )
- return( 1 );
+ if ((PSA_KEY_ID_USER_MIN <= key_id) &&
+ (key_id <= PSA_KEY_ID_USER_MAX)) {
+ return 1;
+ }
- if( vendor_ok &&
- ( PSA_KEY_ID_VENDOR_MIN <= key_id ) &&
- ( key_id <= PSA_KEY_ID_VENDOR_MAX ) )
- return( 1 );
+ if (vendor_ok &&
+ (PSA_KEY_ID_VENDOR_MIN <= key_id) &&
+ (key_id <= PSA_KEY_ID_VENDOR_MAX)) {
+ return 1;
+ }
- return( 0 );
+ return 0;
}
/** Get the description in memory of a key given its identifier and lock it.
@@ -94,16 +95,15 @@
* There is no key with key identifier \p key in the key slots.
*/
static psa_status_t psa_get_and_lock_key_slot_in_memory(
- mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot )
+ mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key );
+ psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key);
size_t slot_idx;
psa_key_slot_t *slot = NULL;
- if( psa_key_id_is_volatile( key_id ) )
- {
- slot = &global_data.key_slots[ key_id - PSA_KEY_ID_VOLATILE_MIN ];
+ if (psa_key_id_is_volatile(key_id)) {
+ slot = &global_data.key_slots[key_id - PSA_KEY_ID_VOLATILE_MIN];
/*
* Check if both the PSA key identifier key_id and the owner
@@ -113,83 +113,79 @@
* is equal to zero. This is an invalid value for a PSA key identifier
* and thus cannot be equal to the valid PSA key identifier key_id.
*/
- status = mbedtls_svc_key_id_equal( key, slot->attr.id ) ?
+ status = mbedtls_svc_key_id_equal(key, slot->attr.id) ?
PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST;
- }
- else
- {
- if ( !psa_is_valid_key_id( key, 1 ) )
- return( PSA_ERROR_INVALID_HANDLE );
-
- for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
- {
- slot = &global_data.key_slots[ slot_idx ];
- if( mbedtls_svc_key_id_equal( key, slot->attr.id ) )
- break;
+ } else {
+ if (!psa_is_valid_key_id(key, 1)) {
+ return PSA_ERROR_INVALID_HANDLE;
}
- status = ( slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT ) ?
+
+ for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
+ slot = &global_data.key_slots[slot_idx];
+ if (mbedtls_svc_key_id_equal(key, slot->attr.id)) {
+ break;
+ }
+ }
+ status = (slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT) ?
PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST;
}
- if( status == PSA_SUCCESS )
- {
- status = psa_lock_key_slot( slot );
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
+ status = psa_lock_key_slot(slot);
+ if (status == PSA_SUCCESS) {
*p_slot = slot;
+ }
}
- return( status );
+ return status;
}
-psa_status_t psa_initialize_key_slots( void )
+psa_status_t psa_initialize_key_slots(void)
{
/* Nothing to do: program startup and psa_wipe_all_key_slots() both
* guarantee that the key slots are initialized to all-zero, which
* means that all the key slots are in a valid, empty state. */
global_data.key_slots_initialized = 1;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-void psa_wipe_all_key_slots( void )
+void psa_wipe_all_key_slots(void)
{
size_t slot_idx;
- for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
- {
- psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ];
+ for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
+ psa_key_slot_t *slot = &global_data.key_slots[slot_idx];
slot->lock_count = 1;
- (void) psa_wipe_key_slot( slot );
+ (void) psa_wipe_key_slot(slot);
}
global_data.key_slots_initialized = 0;
}
-psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id,
- psa_key_slot_t **p_slot )
+psa_status_t psa_get_empty_key_slot(psa_key_id_t *volatile_key_id,
+ psa_key_slot_t **p_slot)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t slot_idx;
psa_key_slot_t *selected_slot, *unlocked_persistent_key_slot;
- if( ! global_data.key_slots_initialized )
- {
+ if (!global_data.key_slots_initialized) {
status = PSA_ERROR_BAD_STATE;
goto error;
}
selected_slot = unlocked_persistent_key_slot = NULL;
- for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
- {
- psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ];
- if( ! psa_is_key_slot_occupied( slot ) )
- {
+ for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
+ psa_key_slot_t *slot = &global_data.key_slots[slot_idx];
+ if (!psa_is_key_slot_occupied(slot)) {
selected_slot = slot;
break;
}
- if( ( unlocked_persistent_key_slot == NULL ) &&
- ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) &&
- ( ! psa_is_key_slot_locked( slot ) ) )
+ if ((unlocked_persistent_key_slot == NULL) &&
+ (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) &&
+ (!psa_is_key_slot_locked(slot))) {
unlocked_persistent_key_slot = slot;
+ }
}
/*
@@ -199,25 +195,24 @@
* persistent key we are evicting now, we will reload its description from
* storage.
*/
- if( ( selected_slot == NULL ) &&
- ( unlocked_persistent_key_slot != NULL ) )
- {
+ if ((selected_slot == NULL) &&
+ (unlocked_persistent_key_slot != NULL)) {
selected_slot = unlocked_persistent_key_slot;
selected_slot->lock_count = 1;
- psa_wipe_key_slot( selected_slot );
+ psa_wipe_key_slot(selected_slot);
}
- if( selected_slot != NULL )
- {
- status = psa_lock_key_slot( selected_slot );
- if( status != PSA_SUCCESS )
- goto error;
+ if (selected_slot != NULL) {
+ status = psa_lock_key_slot(selected_slot);
+ if (status != PSA_SUCCESS) {
+ goto error;
+ }
*volatile_key_id = PSA_KEY_ID_VOLATILE_MIN +
- ( (psa_key_id_t)( selected_slot - global_data.key_slots ) );
+ ((psa_key_id_t) (selected_slot - global_data.key_slots));
*p_slot = selected_slot;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
status = PSA_ERROR_INSUFFICIENT_MEMORY;
@@ -225,53 +220,52 @@
*p_slot = NULL;
*volatile_key_id = 0;
- return( status );
+ return status;
}
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot )
+static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot)
{
psa_status_t status = PSA_SUCCESS;
uint8_t *key_data = NULL;
size_t key_data_length = 0;
- status = psa_load_persistent_key( &slot->attr,
- &key_data, &key_data_length );
- if( status != PSA_SUCCESS )
+ status = psa_load_persistent_key(&slot->attr,
+ &key_data, &key_data_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Special handling is required for loading keys associated with a
* dynamically registered SE interface. */
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
- if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
- {
+ if (psa_get_se_driver(slot->attr.lifetime, &drv, &drv_context)) {
psa_se_key_data_storage_t *data;
- if( key_data_length != sizeof( *data ) )
- {
+ if (key_data_length != sizeof(*data)) {
status = PSA_ERROR_DATA_INVALID;
goto exit;
}
data = (psa_se_key_data_storage_t *) key_data;
status = psa_copy_key_material_into_slot(
- slot, data->slot_number, sizeof( data->slot_number ) );
+ slot, data->slot_number, sizeof(data->slot_number));
goto exit;
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- status = psa_copy_key_material_into_slot( slot, key_data, key_data_length );
+ status = psa_copy_key_material_into_slot(slot, key_data, key_data_length);
exit:
- psa_free_persistent_key_data( key_data, key_data_length );
- return( status );
+ psa_free_persistent_key_data(key_data, key_data_length);
+ return status;
}
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
-static psa_status_t psa_load_builtin_key_into_slot( psa_key_slot_t *slot )
+static psa_status_t psa_load_builtin_key_into_slot(psa_key_slot_t *slot)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -280,91 +274,98 @@
size_t key_buffer_size = 0;
size_t key_buffer_length = 0;
- if( ! psa_key_id_is_builtin(
- MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id ) ) )
- {
- return( PSA_ERROR_DOES_NOT_EXIST );
+ if (!psa_key_id_is_builtin(
+ MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot->attr.id))) {
+ return PSA_ERROR_DOES_NOT_EXIST;
}
/* Check the platform function to see whether this key actually exists */
status = mbedtls_psa_platform_get_builtin_key(
- slot->attr.id, &lifetime, &slot_number );
- if( status != PSA_SUCCESS )
- return( status );
+ slot->attr.id, &lifetime, &slot_number);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/* Set required key attributes to ensure get_builtin_key can retrieve the
* full attributes. */
- psa_set_key_id( &attributes, slot->attr.id );
- psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_id(&attributes, slot->attr.id);
+ psa_set_key_lifetime(&attributes, lifetime);
/* Get the full key attributes from the driver in order to be able to
* calculate the required buffer size. */
status = psa_driver_wrapper_get_builtin_key(
- slot_number, &attributes,
- NULL, 0, NULL );
- if( status != PSA_ERROR_BUFFER_TOO_SMALL )
- {
+ slot_number, &attributes,
+ NULL, 0, NULL);
+ if (status != PSA_ERROR_BUFFER_TOO_SMALL) {
/* Builtin keys cannot be defined by the attributes alone */
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
status = PSA_ERROR_CORRUPTION_DETECTED;
- return( status );
+ }
+ return status;
}
/* If the key should exist according to the platform, then ask the driver
* what its expected size is. */
- status = psa_driver_wrapper_get_key_buffer_size( &attributes,
- &key_buffer_size );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_driver_wrapper_get_key_buffer_size(&attributes,
+ &key_buffer_size);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/* Allocate a buffer of the required size and load the builtin key directly
* into the (now properly sized) slot buffer. */
- status = psa_allocate_buffer_to_slot( slot, key_buffer_size );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_allocate_buffer_to_slot(slot, key_buffer_size);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
status = psa_driver_wrapper_get_builtin_key(
- slot_number, &attributes,
- slot->key.data, slot->key.bytes, &key_buffer_length );
- if( status != PSA_SUCCESS )
+ slot_number, &attributes,
+ slot->key.data, slot->key.bytes, &key_buffer_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* Copy actual key length and core attributes into the slot on success */
slot->key.bytes = key_buffer_length;
slot->attr = attributes.core;
exit:
- if( status != PSA_SUCCESS )
- psa_remove_key_data_from_memory( slot );
- return( status );
+ if (status != PSA_SUCCESS) {
+ psa_remove_key_data_from_memory(slot);
+ }
+ return status;
}
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
-psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key,
- psa_key_slot_t **p_slot )
+psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key,
+ psa_key_slot_t **p_slot)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
*p_slot = NULL;
- if( ! global_data.key_slots_initialized )
- return( PSA_ERROR_BAD_STATE );
+ if (!global_data.key_slots_initialized) {
+ return PSA_ERROR_BAD_STATE;
+ }
/*
* On success, the pointer to the slot is passed directly to the caller
* thus no need to unlock the key slot here.
*/
- status = psa_get_and_lock_key_slot_in_memory( key, p_slot );
- if( status != PSA_ERROR_DOES_NOT_EXIST )
- return( status );
+ status = psa_get_and_lock_key_slot_in_memory(key, p_slot);
+ if (status != PSA_ERROR_DOES_NOT_EXIST) {
+ return status;
+ }
/* Loading keys from storage requires support for such a mechanism */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || \
defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
psa_key_id_t volatile_key_id;
- status = psa_get_empty_key_slot( &volatile_key_id, p_slot );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_empty_key_slot(&volatile_key_id, p_slot);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
(*p_slot)->attr.id = key;
(*p_slot)->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
@@ -372,39 +373,40 @@
status = PSA_ERROR_DOES_NOT_EXIST;
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
/* Load keys in the 'builtin' range through their own interface */
- status = psa_load_builtin_key_into_slot( *p_slot );
+ status = psa_load_builtin_key_into_slot(*p_slot);
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- if( status == PSA_ERROR_DOES_NOT_EXIST )
- status = psa_load_persistent_key_into_slot( *p_slot );
+ if (status == PSA_ERROR_DOES_NOT_EXIST) {
+ status = psa_load_persistent_key_into_slot(*p_slot);
+ }
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
- if( status != PSA_SUCCESS )
- {
- psa_wipe_key_slot( *p_slot );
- if( status == PSA_ERROR_DOES_NOT_EXIST )
+ if (status != PSA_SUCCESS) {
+ psa_wipe_key_slot(*p_slot);
+ if (status == PSA_ERROR_DOES_NOT_EXIST) {
status = PSA_ERROR_INVALID_HANDLE;
- }
- else
+ }
+ } else {
/* Add implicit usage flags. */
- psa_extend_key_usage_flags( &(*p_slot)->attr.policy.usage );
+ psa_extend_key_usage_flags(&(*p_slot)->attr.policy.usage);
+ }
- return( status );
+ return status;
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
- return( PSA_ERROR_INVALID_HANDLE );
+ return PSA_ERROR_INVALID_HANDLE;
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
}
-psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot )
+psa_status_t psa_unlock_key_slot(psa_key_slot_t *slot)
{
- if( slot == NULL )
- return( PSA_SUCCESS );
+ if (slot == NULL) {
+ return PSA_SUCCESS;
+ }
- if( slot->lock_count > 0 )
- {
+ if (slot->lock_count > 0) {
slot->lock_count--;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/*
@@ -415,25 +417,24 @@
* test suite execution).
*/
#ifdef MBEDTLS_CHECK_PARAMS
- MBEDTLS_PARAM_FAILED( slot->lock_count > 0 );
+ MBEDTLS_PARAM_FAILED(slot->lock_count > 0);
#endif
- return( PSA_ERROR_CORRUPTION_DETECTED );
+ return PSA_ERROR_CORRUPTION_DETECTED;
}
-psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
- psa_se_drv_table_entry_t **p_drv )
+psa_status_t psa_validate_key_location(psa_key_lifetime_t lifetime,
+ psa_se_drv_table_entry_t **p_drv)
{
- if ( psa_key_lifetime_is_external( lifetime ) )
- {
+ if (psa_key_lifetime_is_external(lifetime)) {
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Check whether a driver is registered against this lifetime */
- psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry( lifetime );
- if( driver != NULL )
- {
- if (p_drv != NULL)
+ psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry(lifetime);
+ if (driver != NULL) {
+ if (p_drv != NULL) {
*p_drv = driver;
- return( PSA_SUCCESS );
+ }
+ return PSA_SUCCESS;
}
#else /* MBEDTLS_PSA_CRYPTO_SE_C */
(void) p_drv;
@@ -441,139 +442,138 @@
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
/* Key location for external keys gets checked by the wrapper */
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
#else /* MBEDTLS_PSA_CRYPTO_DRIVERS */
/* No support for external lifetimes at all, or dynamic interface
* did not find driver for requested lifetime. */
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
- }
- else
+ } else {
/* Local/internal keys are always valid */
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
+ }
}
-psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime )
+psa_status_t psa_validate_key_persistence(psa_key_lifetime_t lifetime)
{
- if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
- {
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
/* Volatile keys are always supported */
- return( PSA_SUCCESS );
- }
- else
- {
+ return PSA_SUCCESS;
+ } else {
/* Persistent keys require storage support */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- if( PSA_KEY_LIFETIME_IS_READ_ONLY( lifetime ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
- else
- return( PSA_SUCCESS );
+ if (PSA_KEY_LIFETIME_IS_READ_ONLY(lifetime)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ } else {
+ return PSA_SUCCESS;
+ }
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
}
}
-psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle )
+psa_status_t psa_open_key(mbedtls_svc_key_id_t key, psa_key_handle_t *handle)
{
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || \
defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
psa_status_t status;
psa_key_slot_t *slot;
- status = psa_get_and_lock_key_slot( key, &slot );
- if( status != PSA_SUCCESS )
- {
+ status = psa_get_and_lock_key_slot(key, &slot);
+ if (status != PSA_SUCCESS) {
*handle = PSA_KEY_HANDLE_INIT;
- if( status == PSA_ERROR_INVALID_HANDLE )
+ if (status == PSA_ERROR_INVALID_HANDLE) {
status = PSA_ERROR_DOES_NOT_EXIST;
+ }
- return( status );
+ return status;
}
*handle = key;
- return( psa_unlock_key_slot( slot ) );
+ return psa_unlock_key_slot(slot);
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
(void) key;
*handle = PSA_KEY_HANDLE_INIT;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
}
-psa_status_t psa_close_key( psa_key_handle_t handle )
+psa_status_t psa_close_key(psa_key_handle_t handle)
{
psa_status_t status;
psa_key_slot_t *slot;
- if( psa_key_handle_is_null( handle ) )
- return( PSA_SUCCESS );
-
- status = psa_get_and_lock_key_slot_in_memory( handle, &slot );
- if( status != PSA_SUCCESS )
- {
- if( status == PSA_ERROR_DOES_NOT_EXIST )
- status = PSA_ERROR_INVALID_HANDLE;
-
- return( status );
+ if (psa_key_handle_is_null(handle)) {
+ return PSA_SUCCESS;
}
- if( slot->lock_count <= 1 )
- return( psa_wipe_key_slot( slot ) );
- else
- return( psa_unlock_key_slot( slot ) );
+
+ status = psa_get_and_lock_key_slot_in_memory(handle, &slot);
+ if (status != PSA_SUCCESS) {
+ if (status == PSA_ERROR_DOES_NOT_EXIST) {
+ status = PSA_ERROR_INVALID_HANDLE;
+ }
+
+ return status;
+ }
+ if (slot->lock_count <= 1) {
+ return psa_wipe_key_slot(slot);
+ } else {
+ return psa_unlock_key_slot(slot);
+ }
}
-psa_status_t psa_purge_key( mbedtls_svc_key_id_t key )
+psa_status_t psa_purge_key(mbedtls_svc_key_id_t key)
{
psa_status_t status;
psa_key_slot_t *slot;
- status = psa_get_and_lock_key_slot_in_memory( key, &slot );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_and_lock_key_slot_in_memory(key, &slot);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- if( ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) &&
- ( slot->lock_count <= 1 ) )
- return( psa_wipe_key_slot( slot ) );
- else
- return( psa_unlock_key_slot( slot ) );
+ if ((!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) &&
+ (slot->lock_count <= 1)) {
+ return psa_wipe_key_slot(slot);
+ } else {
+ return psa_unlock_key_slot(slot);
+ }
}
-void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats )
+void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats)
{
size_t slot_idx;
- memset( stats, 0, sizeof( *stats ) );
+ memset(stats, 0, sizeof(*stats));
- for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
- {
- const psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ];
- if( psa_is_key_slot_locked( slot ) )
- {
+ for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
+ const psa_key_slot_t *slot = &global_data.key_slots[slot_idx];
+ if (psa_is_key_slot_locked(slot)) {
++stats->locked_slots;
}
- if( ! psa_is_key_slot_occupied( slot ) )
- {
+ if (!psa_is_key_slot_occupied(slot)) {
++stats->empty_slots;
continue;
}
- if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
++stats->volatile_slots;
- else
- {
- psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
+ } else {
+ psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot->attr.id);
++stats->persistent_slots;
- if( id > stats->max_open_internal_key_id )
+ if (id > stats->max_open_internal_key_id) {
stats->max_open_internal_key_id = id;
+ }
}
- if( PSA_KEY_LIFETIME_GET_LOCATION( slot->attr.lifetime ) !=
- PSA_KEY_LOCATION_LOCAL_STORAGE )
- {
- psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
+ if (PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime) !=
+ PSA_KEY_LOCATION_LOCAL_STORAGE) {
+ psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot->attr.id);
++stats->external_slots;
- if( id > stats->max_open_external_key_id )
+ if (id > stats->max_open_external_key_id) {
stats->max_open_external_key_id = id;
+ }
}
}
}
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index d539bdd..ff8ccde 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -35,8 +35,8 @@
/** The minimum value for a volatile key identifier.
*/
-#define PSA_KEY_ID_VOLATILE_MIN ( PSA_KEY_ID_VENDOR_MAX - \
- MBEDTLS_PSA_KEY_SLOT_COUNT + 1 )
+#define PSA_KEY_ID_VOLATILE_MIN (PSA_KEY_ID_VENDOR_MAX - \
+ MBEDTLS_PSA_KEY_SLOT_COUNT + 1)
/** The maximum value for a volatile key identifier.
*/
@@ -51,10 +51,10 @@
* \retval 0
* The key identifier is not a volatile key identifier.
*/
-static inline int psa_key_id_is_volatile( psa_key_id_t key_id )
+static inline int psa_key_id_is_volatile(psa_key_id_t key_id)
{
- return( ( key_id >= PSA_KEY_ID_VOLATILE_MIN ) &&
- ( key_id <= PSA_KEY_ID_VOLATILE_MAX ) );
+ return (key_id >= PSA_KEY_ID_VOLATILE_MIN) &&
+ (key_id <= PSA_KEY_ID_VOLATILE_MAX);
}
/** Get the description of a key given its identifier and lock it.
@@ -92,20 +92,20 @@
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_DATA_CORRUPT
*/
-psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key,
- psa_key_slot_t **p_slot );
+psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key,
+ psa_key_slot_t **p_slot);
/** Initialize the key slot structures.
*
* \retval #PSA_SUCCESS
* Currently this function always succeeds.
*/
-psa_status_t psa_initialize_key_slots( void );
+psa_status_t psa_initialize_key_slots(void);
/** Delete all data from key slots in memory.
*
* This does not affect persistent storage. */
-void psa_wipe_all_key_slots( void );
+void psa_wipe_all_key_slots(void);
/** Find a free key slot.
*
@@ -122,8 +122,8 @@
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BAD_STATE
*/
-psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id,
- psa_key_slot_t **p_slot );
+psa_status_t psa_get_empty_key_slot(psa_key_id_t *volatile_key_id,
+ psa_key_slot_t **p_slot);
/** Lock a key slot.
*
@@ -137,14 +137,15 @@
* The lock counter already reached its maximum value and was not
* increased.
*/
-static inline psa_status_t psa_lock_key_slot( psa_key_slot_t *slot )
+static inline psa_status_t psa_lock_key_slot(psa_key_slot_t *slot)
{
- if( slot->lock_count >= SIZE_MAX )
- return( PSA_ERROR_CORRUPTION_DETECTED );
+ if (slot->lock_count >= SIZE_MAX) {
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
slot->lock_count++;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/** Unlock a key slot.
@@ -163,7 +164,7 @@
* The lock counter was equal to 0.
*
*/
-psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot );
+psa_status_t psa_unlock_key_slot(psa_key_slot_t *slot);
/** Test whether a lifetime designates a key in an external cryptoprocessor.
*
@@ -177,10 +178,10 @@
* The lifetime designates a key that is volatile or in internal
* storage.
*/
-static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime )
+static inline int psa_key_lifetime_is_external(psa_key_lifetime_t lifetime)
{
- return( PSA_KEY_LIFETIME_GET_LOCATION( lifetime )
- != PSA_KEY_LOCATION_LOCAL_STORAGE );
+ return PSA_KEY_LIFETIME_GET_LOCATION(lifetime)
+ != PSA_KEY_LOCATION_LOCAL_STORAGE;
}
/** Validate a key's location.
@@ -197,8 +198,8 @@
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_ARGUMENT
*/
-psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
- psa_se_drv_table_entry_t **p_drv );
+psa_status_t psa_validate_key_location(psa_key_lifetime_t lifetime,
+ psa_se_drv_table_entry_t **p_drv);
/** Validate the persistence of a key.
*
@@ -208,7 +209,7 @@
* \retval #PSA_ERROR_NOT_SUPPORTED The key is persistent but persistent keys
* are not supported.
*/
-psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime );
+psa_status_t psa_validate_key_persistence(psa_key_lifetime_t lifetime);
/** Validate a key identifier.
*
@@ -219,6 +220,6 @@
*
* \retval <> 0 if the key identifier is valid, 0 otherwise.
*/
-int psa_is_valid_key_id( mbedtls_svc_key_id_t key, int vendor_ok );
+int psa_is_valid_key_id(mbedtls_svc_key_id_t key, int vendor_ok);
#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 24bfdae..037a326 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -47,22 +47,22 @@
* other than storing a key. Currently, the only such file is the random seed
* file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID and whose value is
* 0xFFFFFF52. */
-static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key )
+static psa_storage_uid_t psa_its_identifier_of_slot(mbedtls_svc_key_id_t key)
{
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
/* Encode the owner in the upper 32 bits. This means that if
* owner values are nonzero (as they are on a PSA platform),
* no key file will ever have a value less than 0x100000000, so
* the whole range 0..0xffffffff is available for non-key files. */
- uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( key );
- return( ( (uint64_t) unsigned_owner_id << 32 ) |
- MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) );
+ uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(key);
+ return ((uint64_t) unsigned_owner_id << 32) |
+ MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key);
#else
/* Use the key id directly as a file name.
* psa_is_key_id_valid() in psa_crypto_slot_management.c
* is responsible for ensuring that key identifiers do not have a
* value that is reserved for non-key files. */
- return( key );
+ return key;
#endif
}
@@ -84,35 +84,38 @@
* \retval #PSA_ERROR_DOES_NOT_EXIST
*/
static psa_status_t psa_crypto_storage_load(
- const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size )
+ const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size)
{
psa_status_t status;
- psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
struct psa_storage_info_t data_identifier_info;
size_t data_length = 0;
- status = psa_its_get_info( data_identifier, &data_identifier_info );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_its_get_info(data_identifier, &data_identifier_info);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data, &data_length );
- if( data_size != data_length )
- return( PSA_ERROR_DATA_INVALID );
+ status = psa_its_get(data_identifier, 0, (uint32_t) data_size, data, &data_length);
+ if (data_size != data_length) {
+ return PSA_ERROR_DATA_INVALID;
+ }
- return( status );
+ return status;
}
-int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key )
+int psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key)
{
psa_status_t ret;
- psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
struct psa_storage_info_t data_identifier_info;
- ret = psa_its_get_info( data_identifier, &data_identifier_info );
+ ret = psa_its_get_info(data_identifier, &data_identifier_info);
- if( ret == PSA_ERROR_DOES_NOT_EXIST )
- return( 0 );
- return( 1 );
+ if (ret == PSA_ERROR_DOES_NOT_EXIST) {
+ return 0;
+ }
+ return 1;
}
/**
@@ -132,65 +135,65 @@
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_DATA_INVALID
*/
-static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key,
- const uint8_t *data,
- size_t data_length )
+static psa_status_t psa_crypto_storage_store(const mbedtls_svc_key_id_t key,
+ const uint8_t *data,
+ size_t data_length)
{
psa_status_t status;
- psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
struct psa_storage_info_t data_identifier_info;
- if( psa_is_key_present_in_storage( key ) == 1 )
- return( PSA_ERROR_ALREADY_EXISTS );
-
- status = psa_its_set( data_identifier, (uint32_t) data_length, data, 0 );
- if( status != PSA_SUCCESS )
- {
- return( PSA_ERROR_DATA_INVALID );
+ if (psa_is_key_present_in_storage(key) == 1) {
+ return PSA_ERROR_ALREADY_EXISTS;
}
- status = psa_its_get_info( data_identifier, &data_identifier_info );
- if( status != PSA_SUCCESS )
- {
+ status = psa_its_set(data_identifier, (uint32_t) data_length, data, 0);
+ if (status != PSA_SUCCESS) {
+ return PSA_ERROR_DATA_INVALID;
+ }
+
+ status = psa_its_get_info(data_identifier, &data_identifier_info);
+ if (status != PSA_SUCCESS) {
goto exit;
}
- if( data_identifier_info.size != data_length )
- {
+ if (data_identifier_info.size != data_length) {
status = PSA_ERROR_DATA_INVALID;
goto exit;
}
exit:
- if( status != PSA_SUCCESS )
- {
+ if (status != PSA_SUCCESS) {
/* Remove the file in case we managed to create it but something
* went wrong. It's ok if the file doesn't exist. If the file exists
* but the removal fails, we're already reporting an error so there's
* nothing else we can do. */
- (void) psa_its_remove( data_identifier );
+ (void) psa_its_remove(data_identifier);
}
- return( status );
+ return status;
}
-psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key )
+psa_status_t psa_destroy_persistent_key(const mbedtls_svc_key_id_t key)
{
psa_status_t ret;
- psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
struct psa_storage_info_t data_identifier_info;
- ret = psa_its_get_info( data_identifier, &data_identifier_info );
- if( ret == PSA_ERROR_DOES_NOT_EXIST )
- return( PSA_SUCCESS );
+ ret = psa_its_get_info(data_identifier, &data_identifier_info);
+ if (ret == PSA_ERROR_DOES_NOT_EXIST) {
+ return PSA_SUCCESS;
+ }
- if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
- return( PSA_ERROR_DATA_INVALID );
+ if (psa_its_remove(data_identifier) != PSA_SUCCESS) {
+ return PSA_ERROR_DATA_INVALID;
+ }
- ret = psa_its_get_info( data_identifier, &data_identifier_info );
- if( ret != PSA_ERROR_DOES_NOT_EXIST )
- return( PSA_ERROR_DATA_INVALID );
+ ret = psa_its_get_info(data_identifier, &data_identifier_info);
+ if (ret != PSA_ERROR_DOES_NOT_EXIST) {
+ return PSA_ERROR_DATA_INVALID;
+ }
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/**
@@ -207,189 +210,200 @@
*/
static psa_status_t psa_crypto_storage_get_data_length(
const mbedtls_svc_key_id_t key,
- size_t *data_length )
+ size_t *data_length)
{
psa_status_t status;
- psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
struct psa_storage_info_t data_identifier_info;
- status = psa_its_get_info( data_identifier, &data_identifier_info );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_its_get_info(data_identifier, &data_identifier_info);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
*data_length = (size_t) data_identifier_info.size;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/**
* Persistent key storage magic header.
*/
#define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
-#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) )
+#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH (sizeof(PSA_KEY_STORAGE_MAGIC_HEADER))
typedef struct {
uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
uint8_t version[4];
- uint8_t lifetime[sizeof( psa_key_lifetime_t )];
+ uint8_t lifetime[sizeof(psa_key_lifetime_t)];
uint8_t type[2];
uint8_t bits[2];
- uint8_t policy[sizeof( psa_key_policy_t )];
+ uint8_t policy[sizeof(psa_key_policy_t)];
uint8_t data_len[4];
uint8_t key_data[];
} psa_persistent_key_storage_format;
-void psa_format_key_data_for_storage( const uint8_t *data,
- const size_t data_length,
- const psa_core_key_attributes_t *attr,
- uint8_t *storage_data )
+void psa_format_key_data_for_storage(const uint8_t *data,
+ const size_t data_length,
+ const psa_core_key_attributes_t *attr,
+ uint8_t *storage_data)
{
psa_persistent_key_storage_format *storage_format =
(psa_persistent_key_storage_format *) storage_data;
- memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
- MBEDTLS_PUT_UINT32_LE( 0, storage_format->version, 0 );
- MBEDTLS_PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
- MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 );
- MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 );
- MBEDTLS_PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
- MBEDTLS_PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
- MBEDTLS_PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
- MBEDTLS_PUT_UINT32_LE( data_length, storage_format->data_len, 0 );
- memcpy( storage_format->key_data, data, data_length );
+ memcpy(storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER,
+ PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH);
+ MBEDTLS_PUT_UINT32_LE(0, storage_format->version, 0);
+ MBEDTLS_PUT_UINT32_LE(attr->lifetime, storage_format->lifetime, 0);
+ MBEDTLS_PUT_UINT16_LE((uint16_t) attr->type, storage_format->type, 0);
+ MBEDTLS_PUT_UINT16_LE((uint16_t) attr->bits, storage_format->bits, 0);
+ MBEDTLS_PUT_UINT32_LE(attr->policy.usage, storage_format->policy, 0);
+ MBEDTLS_PUT_UINT32_LE(attr->policy.alg, storage_format->policy, sizeof(uint32_t));
+ MBEDTLS_PUT_UINT32_LE(attr->policy.alg2, storage_format->policy, 2 * sizeof(uint32_t));
+ MBEDTLS_PUT_UINT32_LE(data_length, storage_format->data_len, 0);
+ memcpy(storage_format->key_data, data, data_length);
}
-static psa_status_t check_magic_header( const uint8_t *data )
+static psa_status_t check_magic_header(const uint8_t *data)
{
- if( memcmp( data, PSA_KEY_STORAGE_MAGIC_HEADER,
- PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ) != 0 )
- return( PSA_ERROR_DATA_INVALID );
- return( PSA_SUCCESS );
+ if (memcmp(data, PSA_KEY_STORAGE_MAGIC_HEADER,
+ PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH) != 0) {
+ return PSA_ERROR_DATA_INVALID;
+ }
+ return PSA_SUCCESS;
}
-psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
- size_t storage_data_length,
- uint8_t **key_data,
- size_t *key_data_length,
- psa_core_key_attributes_t *attr )
+psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data,
+ size_t storage_data_length,
+ uint8_t **key_data,
+ size_t *key_data_length,
+ psa_core_key_attributes_t *attr)
{
psa_status_t status;
const psa_persistent_key_storage_format *storage_format =
- (const psa_persistent_key_storage_format *)storage_data;
+ (const psa_persistent_key_storage_format *) storage_data;
uint32_t version;
- if( storage_data_length < sizeof(*storage_format) )
- return( PSA_ERROR_DATA_INVALID );
+ if (storage_data_length < sizeof(*storage_format)) {
+ return PSA_ERROR_DATA_INVALID;
+ }
- status = check_magic_header( storage_data );
- if( status != PSA_SUCCESS )
- return( status );
+ status = check_magic_header(storage_data);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- version = MBEDTLS_GET_UINT32_LE( storage_format->version, 0 );
- if( version != 0 )
- return( PSA_ERROR_DATA_INVALID );
+ version = MBEDTLS_GET_UINT32_LE(storage_format->version, 0);
+ if (version != 0) {
+ return PSA_ERROR_DATA_INVALID;
+ }
- *key_data_length = MBEDTLS_GET_UINT32_LE( storage_format->data_len, 0 );
- if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
- *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
- return( PSA_ERROR_DATA_INVALID );
+ *key_data_length = MBEDTLS_GET_UINT32_LE(storage_format->data_len, 0);
+ if (*key_data_length > (storage_data_length - sizeof(*storage_format)) ||
+ *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE) {
+ return PSA_ERROR_DATA_INVALID;
+ }
- if( *key_data_length == 0 )
- {
+ if (*key_data_length == 0) {
*key_data = NULL;
- }
- else
- {
- *key_data = mbedtls_calloc( 1, *key_data_length );
- if( *key_data == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
- memcpy( *key_data, storage_format->key_data, *key_data_length );
+ } else {
+ *key_data = mbedtls_calloc(1, *key_data_length);
+ if (*key_data == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
+ memcpy(*key_data, storage_format->key_data, *key_data_length);
}
- attr->lifetime = MBEDTLS_GET_UINT32_LE( storage_format->lifetime, 0 );
- attr->type = MBEDTLS_GET_UINT16_LE( storage_format->type, 0 );
- attr->bits = MBEDTLS_GET_UINT16_LE( storage_format->bits, 0 );
- attr->policy.usage = MBEDTLS_GET_UINT32_LE( storage_format->policy, 0 );
- attr->policy.alg = MBEDTLS_GET_UINT32_LE( storage_format->policy, sizeof( uint32_t ) );
- attr->policy.alg2 = MBEDTLS_GET_UINT32_LE( storage_format->policy, 2 * sizeof( uint32_t ) );
+ attr->lifetime = MBEDTLS_GET_UINT32_LE(storage_format->lifetime, 0);
+ attr->type = MBEDTLS_GET_UINT16_LE(storage_format->type, 0);
+ attr->bits = MBEDTLS_GET_UINT16_LE(storage_format->bits, 0);
+ attr->policy.usage = MBEDTLS_GET_UINT32_LE(storage_format->policy, 0);
+ attr->policy.alg = MBEDTLS_GET_UINT32_LE(storage_format->policy, sizeof(uint32_t));
+ attr->policy.alg2 = MBEDTLS_GET_UINT32_LE(storage_format->policy, 2 * sizeof(uint32_t));
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
- const uint8_t *data,
- const size_t data_length )
+psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr,
+ const uint8_t *data,
+ const size_t data_length)
{
size_t storage_data_length;
uint8_t *storage_data;
psa_status_t status;
/* All keys saved to persistent storage always have a key context */
- if( data == NULL || data_length == 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
-
- if( data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
- return( PSA_ERROR_INSUFFICIENT_STORAGE );
- storage_data_length = data_length + sizeof( psa_persistent_key_storage_format );
-
- storage_data = mbedtls_calloc( 1, storage_data_length );
- if( storage_data == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
- psa_format_key_data_for_storage( data, data_length, attr, storage_data );
-
- status = psa_crypto_storage_store( attr->id,
- storage_data, storage_data_length );
-
- mbedtls_platform_zeroize( storage_data, storage_data_length );
- mbedtls_free( storage_data );
-
- return( status );
-}
-
-void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length )
-{
- if( key_data != NULL )
- {
- mbedtls_platform_zeroize( key_data, key_data_length );
+ if (data == NULL || data_length == 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
}
- mbedtls_free( key_data );
+
+ if (data_length > PSA_CRYPTO_MAX_STORAGE_SIZE) {
+ return PSA_ERROR_INSUFFICIENT_STORAGE;
+ }
+ storage_data_length = data_length + sizeof(psa_persistent_key_storage_format);
+
+ storage_data = mbedtls_calloc(1, storage_data_length);
+ if (storage_data == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
+
+ psa_format_key_data_for_storage(data, data_length, attr, storage_data);
+
+ status = psa_crypto_storage_store(attr->id,
+ storage_data, storage_data_length);
+
+ mbedtls_platform_zeroize(storage_data, storage_data_length);
+ mbedtls_free(storage_data);
+
+ return status;
}
-psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
- uint8_t **data,
- size_t *data_length )
+void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length)
+{
+ if (key_data != NULL) {
+ mbedtls_platform_zeroize(key_data, key_data_length);
+ }
+ mbedtls_free(key_data);
+}
+
+psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr,
+ uint8_t **data,
+ size_t *data_length)
{
psa_status_t status = PSA_SUCCESS;
uint8_t *loaded_data;
size_t storage_data_length = 0;
mbedtls_svc_key_id_t key = attr->id;
- status = psa_crypto_storage_get_data_length( key, &storage_data_length );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_crypto_storage_get_data_length(key, &storage_data_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- loaded_data = mbedtls_calloc( 1, storage_data_length );
+ loaded_data = mbedtls_calloc(1, storage_data_length);
- if( loaded_data == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ if (loaded_data == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
- status = psa_crypto_storage_load( key, loaded_data, storage_data_length );
- if( status != PSA_SUCCESS )
+ status = psa_crypto_storage_load(key, loaded_data, storage_data_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_parse_key_data_from_storage( loaded_data, storage_data_length,
- data, data_length, attr );
+ status = psa_parse_key_data_from_storage(loaded_data, storage_data_length,
+ data, data_length, attr);
/* All keys saved to persistent storage always have a key context */
- if( status == PSA_SUCCESS &&
- ( *data == NULL || *data_length == 0 ) )
+ if (status == PSA_SUCCESS &&
+ (*data == NULL || *data_length == 0)) {
status = PSA_ERROR_STORAGE_FAILURE;
+ }
exit:
- mbedtls_platform_zeroize( loaded_data, storage_data_length );
- mbedtls_free( loaded_data );
- return( status );
+ mbedtls_platform_zeroize(loaded_data, storage_data_length);
+ mbedtls_free(loaded_data);
+ return status;
}
@@ -402,47 +416,48 @@
psa_crypto_transaction_t psa_crypto_transaction;
-psa_status_t psa_crypto_save_transaction( void )
+psa_status_t psa_crypto_save_transaction(void)
{
struct psa_storage_info_t p_info;
psa_status_t status;
- status = psa_its_get_info( PSA_CRYPTO_ITS_TRANSACTION_UID, &p_info );
- if( status == PSA_SUCCESS )
- {
+ status = psa_its_get_info(PSA_CRYPTO_ITS_TRANSACTION_UID, &p_info);
+ if (status == PSA_SUCCESS) {
/* This shouldn't happen: we're trying to start a transaction while
* there is still a transaction that hasn't been replayed. */
- return( PSA_ERROR_CORRUPTION_DETECTED );
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ } else if (status != PSA_ERROR_DOES_NOT_EXIST) {
+ return status;
}
- else if( status != PSA_ERROR_DOES_NOT_EXIST )
- return( status );
- return( psa_its_set( PSA_CRYPTO_ITS_TRANSACTION_UID,
- sizeof( psa_crypto_transaction ),
- &psa_crypto_transaction,
- 0 ) );
+ return psa_its_set(PSA_CRYPTO_ITS_TRANSACTION_UID,
+ sizeof(psa_crypto_transaction),
+ &psa_crypto_transaction,
+ 0);
}
-psa_status_t psa_crypto_load_transaction( void )
+psa_status_t psa_crypto_load_transaction(void)
{
psa_status_t status;
size_t length;
- status = psa_its_get( PSA_CRYPTO_ITS_TRANSACTION_UID, 0,
- sizeof( psa_crypto_transaction ),
- &psa_crypto_transaction, &length );
- if( status != PSA_SUCCESS )
- return( status );
- if( length != sizeof( psa_crypto_transaction ) )
- return( PSA_ERROR_DATA_INVALID );
- return( PSA_SUCCESS );
+ status = psa_its_get(PSA_CRYPTO_ITS_TRANSACTION_UID, 0,
+ sizeof(psa_crypto_transaction),
+ &psa_crypto_transaction, &length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ if (length != sizeof(psa_crypto_transaction)) {
+ return PSA_ERROR_DATA_INVALID;
+ }
+ return PSA_SUCCESS;
}
-psa_status_t psa_crypto_stop_transaction( void )
+psa_status_t psa_crypto_stop_transaction(void)
{
- psa_status_t status = psa_its_remove( PSA_CRYPTO_ITS_TRANSACTION_UID );
+ psa_status_t status = psa_its_remove(PSA_CRYPTO_ITS_TRANSACTION_UID);
/* Whether or not updating the storage succeeded, the transaction is
* finished now. It's too late to go back, so zero out the in-memory
* data. */
- memset( &psa_crypto_transaction, 0, sizeof( psa_crypto_transaction ) );
- return( status );
+ memset(&psa_crypto_transaction, 0, sizeof(psa_crypto_transaction));
+ return status;
}
#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
@@ -454,24 +469,21 @@
/****************************************************************/
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
- size_t seed_size )
+psa_status_t mbedtls_psa_storage_inject_entropy(const unsigned char *seed,
+ size_t seed_size)
{
psa_status_t status;
struct psa_storage_info_t p_info;
- status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
+ status = psa_its_get_info(PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info);
- if( PSA_ERROR_DOES_NOT_EXIST == status ) /* No seed exists */
- {
- status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
- }
- else if( PSA_SUCCESS == status )
- {
+ if (PSA_ERROR_DOES_NOT_EXIST == status) { /* No seed exists */
+ status = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0);
+ } else if (PSA_SUCCESS == status) {
/* You should not be here. Seed needs to be injected only once */
status = PSA_ERROR_NOT_PERMITTED;
}
- return( status );
+ return status;
}
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h
index 970e108..8e108c5 100644
--- a/library/psa_crypto_storage.h
+++ b/library/psa_crypto_storage.h
@@ -35,7 +35,7 @@
/* Limit the maximum key size in storage. This should have no effect
* since the key size is limited in memory. */
-#define PSA_CRYPTO_MAX_STORAGE_SIZE ( PSA_BITS_TO_BYTES( PSA_MAX_KEY_BITS ) )
+#define PSA_CRYPTO_MAX_STORAGE_SIZE (PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS))
/* Sanity check: a file size must fit in 32 bits. Allow a generous
* 64kB of metadata. */
#if PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000
@@ -72,7 +72,7 @@
* \retval 1
* Persistent data present for slot number
*/
-int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key );
+int psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key);
/**
* \brief Format key data and metadata and save to a location for given key
@@ -105,9 +105,9 @@
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_DATA_CORRUPT
*/
-psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
- const uint8_t *data,
- const size_t data_length );
+psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr,
+ const uint8_t *data,
+ const size_t data_length);
/**
* \brief Parses key data and metadata and load persistent key for given
@@ -135,9 +135,9 @@
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_DOES_NOT_EXIST
*/
-psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
- uint8_t **data,
- size_t *data_length );
+psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr,
+ uint8_t **data,
+ size_t *data_length);
/**
* \brief Remove persistent data for the given key slot number.
@@ -150,7 +150,7 @@
* or the key did not exist.
* \retval #PSA_ERROR_DATA_INVALID
*/
-psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key );
+psa_status_t psa_destroy_persistent_key(const mbedtls_svc_key_id_t key);
/**
* \brief Free the temporary buffer allocated by psa_load_persistent_key().
@@ -162,7 +162,7 @@
* \param key_data_length Size of the key data buffer.
*
*/
-void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length );
+void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length);
/**
* \brief Formats key data and metadata for persistent storage
@@ -173,10 +173,10 @@
* \param[out] storage_data Output buffer for the formatted data.
*
*/
-void psa_format_key_data_for_storage( const uint8_t *data,
- const size_t data_length,
- const psa_core_key_attributes_t *attr,
- uint8_t *storage_data );
+void psa_format_key_data_for_storage(const uint8_t *data,
+ const size_t data_length,
+ const psa_core_key_attributes_t *attr,
+ uint8_t *storage_data);
/**
* \brief Parses persistent storage data into key data and metadata
@@ -194,11 +194,11 @@
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_DATA_INVALID
*/
-psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
- size_t storage_data_length,
- uint8_t **key_data,
- size_t *key_data_length,
- psa_core_key_attributes_t *attr );
+psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data,
+ size_t storage_data_length,
+ uint8_t **key_data,
+ size_t *key_data_length,
+ psa_core_key_attributes_t *attr);
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/** This symbol is defined if transaction support is required. */
@@ -220,7 +220,7 @@
* This has the value 0, so zero-initialization sets a transaction's type to
* this value.
*/
-#define PSA_CRYPTO_TRANSACTION_NONE ( (psa_crypto_transaction_type_t) 0x0000 )
+#define PSA_CRYPTO_TRANSACTION_NONE ((psa_crypto_transaction_type_t) 0x0000)
/** A key creation transaction.
*
@@ -228,7 +228,7 @@
* Keys in RAM or in internal storage are created atomically in storage
* (simple file creation), so they do not need a transaction mechanism.
*/
-#define PSA_CRYPTO_TRANSACTION_CREATE_KEY ( (psa_crypto_transaction_type_t) 0x0001 )
+#define PSA_CRYPTO_TRANSACTION_CREATE_KEY ((psa_crypto_transaction_type_t) 0x0001)
/** A key destruction transaction.
*
@@ -236,7 +236,7 @@
* Keys in RAM or in internal storage are destroyed atomically in storage
* (simple file deletion), so they do not need a transaction mechanism.
*/
-#define PSA_CRYPTO_TRANSACTION_DESTROY_KEY ( (psa_crypto_transaction_type_t) 0x0002 )
+#define PSA_CRYPTO_TRANSACTION_DESTROY_KEY ((psa_crypto_transaction_type_t) 0x0002)
/** Transaction data.
*
@@ -274,8 +274,7 @@
* in psa_crypto.c. If you add a new type of transaction, be
* sure to add code for it in psa_crypto_recover_transaction().
*/
-typedef union
-{
+typedef union {
/* Each element of this union must have the following properties
* to facilitate serialization and deserialization:
*
@@ -284,8 +283,7 @@
* - Elements of the struct are arranged such a way that there is
* no padding.
*/
- struct psa_crypto_transaction_unknown_s
- {
+ struct psa_crypto_transaction_unknown_s {
psa_crypto_transaction_type_t type;
uint16_t unused1;
uint32_t unused2;
@@ -294,8 +292,7 @@
} unknown;
/* ::type is #PSA_CRYPTO_TRANSACTION_CREATE_KEY or
* #PSA_CRYPTO_TRANSACTION_DESTROY_KEY. */
- struct psa_crypto_transaction_key_s
- {
+ struct psa_crypto_transaction_key_s {
psa_crypto_transaction_type_t type;
uint16_t unused1;
psa_key_lifetime_t lifetime;
@@ -315,7 +312,7 @@
* \param type The type of transaction to start.
*/
static inline void psa_crypto_prepare_transaction(
- psa_crypto_transaction_type_t type )
+ psa_crypto_transaction_type_t type)
{
psa_crypto_transaction.unknown.type = type;
}
@@ -330,7 +327,7 @@
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_STORAGE_FAILURE
*/
-psa_status_t psa_crypto_save_transaction( void );
+psa_status_t psa_crypto_save_transaction(void);
/** Load the transaction data from storage, if any.
*
@@ -346,7 +343,7 @@
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_DATA_CORRUPT
*/
-psa_status_t psa_crypto_load_transaction( void );
+psa_status_t psa_crypto_load_transaction(void);
/** Indicate that the current transaction is finished.
*
@@ -366,13 +363,13 @@
* It was impossible to determine whether there was transaction data
* in storage, or the transaction data could not be erased.
*/
-psa_status_t psa_crypto_stop_transaction( void );
+psa_status_t psa_crypto_stop_transaction(void);
/** The ITS file identifier for the transaction data.
*
* 0xffffffNN = special file; 0x74 = 't' for transaction.
*/
-#define PSA_CRYPTO_ITS_TRANSACTION_UID ( (psa_key_id_t) 0xffffff74 )
+#define PSA_CRYPTO_ITS_TRANSACTION_UID ((psa_key_id_t) 0xffffff74)
#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
@@ -388,8 +385,8 @@
* \retval #PSA_ERROR_NOT_PERMITTED
* The entropy seed file already exists.
*/
-psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
- size_t seed_size );
+psa_status_t mbedtls_psa_storage_inject_entropy(const unsigned char *seed,
+ size_t seed_size);
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
#ifdef __cplusplus
diff --git a/library/psa_its_file.c b/library/psa_its_file.c
index ddd9fa9..be3c2d5 100644
--- a/library/psa_its_file.c
+++ b/library/psa_its_file.c
@@ -42,10 +42,10 @@
#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08x%08x"
#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
#define PSA_ITS_STORAGE_FILENAME_LENGTH \
- ( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
- 16 + /*UID (64-bit number in hex)*/ \
- sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \
- 1 /*terminating null byte*/ )
+ (sizeof(PSA_ITS_STORAGE_PREFIX) - 1 + /*prefix without terminating 0*/ \
+ 16 + /*UID (64-bit number in hex)*/ \
+ sizeof(PSA_ITS_STORAGE_SUFFIX) - 1 + /*suffix without terminating 0*/ \
+ 1 /*terminating null byte*/)
#define PSA_ITS_STORAGE_TEMP \
PSA_ITS_STORAGE_PREFIX "tempfile" PSA_ITS_STORAGE_SUFFIX
@@ -59,130 +59,140 @@
* use MoveFileExA with the MOVEFILE_REPLACE_EXISTING flag instead.
* Returns 0 on success, nonzero on failure. */
#if defined(_WIN32)
-#define rename_replace_existing( oldpath, newpath ) \
- ( ! MoveFileExA( oldpath, newpath, MOVEFILE_REPLACE_EXISTING ) )
+#define rename_replace_existing(oldpath, newpath) \
+ (!MoveFileExA(oldpath, newpath, MOVEFILE_REPLACE_EXISTING))
#else
-#define rename_replace_existing( oldpath, newpath ) rename( oldpath, newpath )
+#define rename_replace_existing(oldpath, newpath) rename(oldpath, newpath)
#endif
-typedef struct
-{
+typedef struct {
uint8_t magic[PSA_ITS_MAGIC_LENGTH];
- uint8_t size[sizeof( uint32_t )];
- uint8_t flags[sizeof( psa_storage_create_flags_t )];
+ uint8_t size[sizeof(uint32_t)];
+ uint8_t flags[sizeof(psa_storage_create_flags_t)];
} psa_its_file_header_t;
-static void psa_its_fill_filename( psa_storage_uid_t uid, char *filename )
+static void psa_its_fill_filename(psa_storage_uid_t uid, char *filename)
{
/* Break up the UID into two 32-bit pieces so as not to rely on
* long long support in snprintf. */
- mbedtls_snprintf( filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
- "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
- PSA_ITS_STORAGE_PREFIX,
- (unsigned) ( uid >> 32 ),
- (unsigned) ( uid & 0xffffffff ),
- PSA_ITS_STORAGE_SUFFIX );
+ mbedtls_snprintf(filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
+ "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
+ PSA_ITS_STORAGE_PREFIX,
+ (unsigned) (uid >> 32),
+ (unsigned) (uid & 0xffffffff),
+ PSA_ITS_STORAGE_SUFFIX);
}
-static psa_status_t psa_its_read_file( psa_storage_uid_t uid,
- struct psa_storage_info_t *p_info,
- FILE **p_stream )
+static psa_status_t psa_its_read_file(psa_storage_uid_t uid,
+ struct psa_storage_info_t *p_info,
+ FILE **p_stream)
{
char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
psa_its_file_header_t header;
size_t n;
*p_stream = NULL;
- psa_its_fill_filename( uid, filename );
- *p_stream = fopen( filename, "rb" );
- if( *p_stream == NULL )
- return( PSA_ERROR_DOES_NOT_EXIST );
+ psa_its_fill_filename(uid, filename);
+ *p_stream = fopen(filename, "rb");
+ if (*p_stream == NULL) {
+ return PSA_ERROR_DOES_NOT_EXIST;
+ }
- n = fread( &header, 1, sizeof( header ), *p_stream );
- if( n != sizeof( header ) )
- return( PSA_ERROR_DATA_CORRUPT );
- if( memcmp( header.magic, PSA_ITS_MAGIC_STRING,
- PSA_ITS_MAGIC_LENGTH ) != 0 )
- return( PSA_ERROR_DATA_CORRUPT );
+ n = fread(&header, 1, sizeof(header), *p_stream);
+ if (n != sizeof(header)) {
+ return PSA_ERROR_DATA_CORRUPT;
+ }
+ if (memcmp(header.magic, PSA_ITS_MAGIC_STRING,
+ PSA_ITS_MAGIC_LENGTH) != 0) {
+ return PSA_ERROR_DATA_CORRUPT;
+ }
- p_info->size = ( header.size[0] |
- header.size[1] << 8 |
- header.size[2] << 16 |
- header.size[3] << 24 );
- p_info->flags = ( header.flags[0] |
- header.flags[1] << 8 |
- header.flags[2] << 16 |
- header.flags[3] << 24 );
- return( PSA_SUCCESS );
+ p_info->size = (header.size[0] |
+ header.size[1] << 8 |
+ header.size[2] << 16 |
+ header.size[3] << 24);
+ p_info->flags = (header.flags[0] |
+ header.flags[1] << 8 |
+ header.flags[2] << 16 |
+ header.flags[3] << 24);
+ return PSA_SUCCESS;
}
-psa_status_t psa_its_get_info( psa_storage_uid_t uid,
- struct psa_storage_info_t *p_info )
+psa_status_t psa_its_get_info(psa_storage_uid_t uid,
+ struct psa_storage_info_t *p_info)
{
psa_status_t status;
FILE *stream = NULL;
- status = psa_its_read_file( uid, p_info, &stream );
- if( stream != NULL )
- fclose( stream );
- return( status );
+ status = psa_its_read_file(uid, p_info, &stream);
+ if (stream != NULL) {
+ fclose(stream);
+ }
+ return status;
}
-psa_status_t psa_its_get( psa_storage_uid_t uid,
- uint32_t data_offset,
- uint32_t data_length,
- void *p_data,
- size_t *p_data_length )
+psa_status_t psa_its_get(psa_storage_uid_t uid,
+ uint32_t data_offset,
+ uint32_t data_length,
+ void *p_data,
+ size_t *p_data_length)
{
psa_status_t status;
FILE *stream = NULL;
size_t n;
struct psa_storage_info_t info;
- status = psa_its_read_file( uid, &info, &stream );
- if( status != PSA_SUCCESS )
+ status = psa_its_read_file(uid, &info, &stream);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
status = PSA_ERROR_INVALID_ARGUMENT;
- if( data_offset + data_length < data_offset )
+ if (data_offset + data_length < data_offset) {
goto exit;
+ }
#if SIZE_MAX < 0xffffffff
- if( data_offset + data_length > SIZE_MAX )
+ if (data_offset + data_length > SIZE_MAX) {
goto exit;
+ }
#endif
- if( data_offset + data_length > info.size )
+ if (data_offset + data_length > info.size) {
goto exit;
+ }
status = PSA_ERROR_STORAGE_FAILURE;
#if LONG_MAX < 0xffffffff
- while( data_offset > LONG_MAX )
- {
- if( fseek( stream, LONG_MAX, SEEK_CUR ) != 0 )
+ while (data_offset > LONG_MAX) {
+ if (fseek(stream, LONG_MAX, SEEK_CUR) != 0) {
goto exit;
+ }
data_offset -= LONG_MAX;
}
#endif
- if( fseek( stream, data_offset, SEEK_CUR ) != 0 )
+ if (fseek(stream, data_offset, SEEK_CUR) != 0) {
goto exit;
- n = fread( p_data, 1, data_length, stream );
- if( n != data_length )
+ }
+ n = fread(p_data, 1, data_length, stream);
+ if (n != data_length) {
goto exit;
+ }
status = PSA_SUCCESS;
- if( p_data_length != NULL )
+ if (p_data_length != NULL) {
*p_data_length = n;
+ }
exit:
- if( stream != NULL )
- fclose( stream );
- return( status );
+ if (stream != NULL) {
+ fclose(stream);
+ }
+ return status;
}
-psa_status_t psa_its_set( psa_storage_uid_t uid,
- uint32_t data_length,
- const void *p_data,
- psa_storage_create_flags_t create_flags )
+psa_status_t psa_its_set(psa_storage_uid_t uid,
+ uint32_t data_length,
+ const void *p_data,
+ psa_storage_create_flags_t create_flags)
{
- if( uid == 0 )
- {
- return( PSA_ERROR_INVALID_HANDLE );
+ if (uid == 0) {
+ return PSA_ERROR_INVALID_HANDLE;
}
psa_status_t status = PSA_ERROR_STORAGE_FAILURE;
@@ -191,60 +201,64 @@
psa_its_file_header_t header;
size_t n;
- memcpy( header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH );
- MBEDTLS_PUT_UINT32_LE( data_length, header.size, 0 );
- MBEDTLS_PUT_UINT32_LE( create_flags, header.flags, 0 );
+ memcpy(header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH);
+ MBEDTLS_PUT_UINT32_LE(data_length, header.size, 0);
+ MBEDTLS_PUT_UINT32_LE(create_flags, header.flags, 0);
- psa_its_fill_filename( uid, filename );
- stream = fopen( PSA_ITS_STORAGE_TEMP, "wb" );
- if( stream == NULL )
+ psa_its_fill_filename(uid, filename);
+ stream = fopen(PSA_ITS_STORAGE_TEMP, "wb");
+ if (stream == NULL) {
goto exit;
+ }
status = PSA_ERROR_INSUFFICIENT_STORAGE;
- n = fwrite( &header, 1, sizeof( header ), stream );
- if( n != sizeof( header ) )
+ n = fwrite(&header, 1, sizeof(header), stream);
+ if (n != sizeof(header)) {
goto exit;
- if( data_length != 0 )
- {
- n = fwrite( p_data, 1, data_length, stream );
- if( n != data_length )
+ }
+ if (data_length != 0) {
+ n = fwrite(p_data, 1, data_length, stream);
+ if (n != data_length) {
goto exit;
+ }
}
status = PSA_SUCCESS;
exit:
- if( stream != NULL )
- {
- int ret = fclose( stream );
- if( status == PSA_SUCCESS && ret != 0 )
+ if (stream != NULL) {
+ int ret = fclose(stream);
+ if (status == PSA_SUCCESS && ret != 0) {
status = PSA_ERROR_INSUFFICIENT_STORAGE;
+ }
}
- if( status == PSA_SUCCESS )
- {
- if( rename_replace_existing( PSA_ITS_STORAGE_TEMP, filename ) != 0 )
+ if (status == PSA_SUCCESS) {
+ if (rename_replace_existing(PSA_ITS_STORAGE_TEMP, filename) != 0) {
status = PSA_ERROR_STORAGE_FAILURE;
+ }
}
/* The temporary file may still exist, but only in failure cases where
* we're already reporting an error. So there's nothing we can do on
* failure. If the function succeeded, and in some error cases, the
* temporary file doesn't exist and so remove() is expected to fail.
* Thus we just ignore the return status of remove(). */
- (void) remove( PSA_ITS_STORAGE_TEMP );
- return( status );
+ (void) remove(PSA_ITS_STORAGE_TEMP);
+ return status;
}
-psa_status_t psa_its_remove( psa_storage_uid_t uid )
+psa_status_t psa_its_remove(psa_storage_uid_t uid)
{
char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
FILE *stream;
- psa_its_fill_filename( uid, filename );
- stream = fopen( filename, "rb" );
- if( stream == NULL )
- return( PSA_ERROR_DOES_NOT_EXIST );
- fclose( stream );
- if( remove( filename ) != 0 )
- return( PSA_ERROR_STORAGE_FAILURE );
- return( PSA_SUCCESS );
+ psa_its_fill_filename(uid, filename);
+ stream = fopen(filename, "rb");
+ if (stream == NULL) {
+ return PSA_ERROR_DOES_NOT_EXIST;
+ }
+ fclose(stream);
+ if (remove(filename) != 0) {
+ return PSA_ERROR_STORAGE_FAILURE;
+ }
+ return PSA_SUCCESS;
}
#endif /* MBEDTLS_PSA_ITS_FILE_C */
diff --git a/library/ripemd160.c b/library/ripemd160.c
index 55e259e..f5dc5f5 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -37,21 +37,22 @@
#if !defined(MBEDTLS_RIPEMD160_ALT)
-void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx )
+void mbedtls_ripemd160_init(mbedtls_ripemd160_context *ctx)
{
- memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) );
+ memset(ctx, 0, sizeof(mbedtls_ripemd160_context));
}
-void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx )
+void mbedtls_ripemd160_free(mbedtls_ripemd160_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ripemd160_context));
}
-void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
- const mbedtls_ripemd160_context *src )
+void mbedtls_ripemd160_clone(mbedtls_ripemd160_context *dst,
+ const mbedtls_ripemd160_context *src)
{
*dst = *src;
}
@@ -59,7 +60,7 @@
/*
* RIPEMD-160 context setup
*/
-int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx )
+int mbedtls_ripemd160_starts_ret(mbedtls_ripemd160_context *ctx)
{
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -70,13 +71,13 @@
ctx->state[3] = 0x10325476;
ctx->state[4] = 0xC3D2E1F0;
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx )
+void mbedtls_ripemd160_starts(mbedtls_ripemd160_context *ctx)
{
- mbedtls_ripemd160_starts_ret( ctx );
+ mbedtls_ripemd160_starts_ret(ctx);
}
#endif
@@ -84,30 +85,29 @@
/*
* Process one block
*/
-int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
- const unsigned char data[64] )
+int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx,
+ const unsigned char data[64])
{
- struct
- {
+ struct {
uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
} local;
- local.X[ 0] = MBEDTLS_GET_UINT32_LE( data, 0 );
- local.X[ 1] = MBEDTLS_GET_UINT32_LE( data, 4 );
- local.X[ 2] = MBEDTLS_GET_UINT32_LE( data, 8 );
- local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 );
- local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 );
- local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 );
- local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 );
- local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 );
- local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 );
- local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 );
- local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 );
- local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 );
- local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 );
- local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 );
- local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 );
- local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 );
+ local.X[0] = MBEDTLS_GET_UINT32_LE(data, 0);
+ local.X[1] = MBEDTLS_GET_UINT32_LE(data, 4);
+ local.X[2] = MBEDTLS_GET_UINT32_LE(data, 8);
+ local.X[3] = MBEDTLS_GET_UINT32_LE(data, 12);
+ local.X[4] = MBEDTLS_GET_UINT32_LE(data, 16);
+ local.X[5] = MBEDTLS_GET_UINT32_LE(data, 20);
+ local.X[6] = MBEDTLS_GET_UINT32_LE(data, 24);
+ local.X[7] = MBEDTLS_GET_UINT32_LE(data, 28);
+ local.X[8] = MBEDTLS_GET_UINT32_LE(data, 32);
+ local.X[9] = MBEDTLS_GET_UINT32_LE(data, 36);
+ local.X[10] = MBEDTLS_GET_UINT32_LE(data, 40);
+ local.X[11] = MBEDTLS_GET_UINT32_LE(data, 44);
+ local.X[12] = MBEDTLS_GET_UINT32_LE(data, 48);
+ local.X[13] = MBEDTLS_GET_UINT32_LE(data, 52);
+ local.X[14] = MBEDTLS_GET_UINT32_LE(data, 56);
+ local.X[15] = MBEDTLS_GET_UINT32_LE(data, 60);
local.A = local.Ap = ctx->state[0];
local.B = local.Bp = ctx->state[1];
@@ -115,50 +115,50 @@
local.D = local.Dp = ctx->state[3];
local.E = local.Ep = ctx->state[4];
-#define F1( x, y, z ) ( (x) ^ (y) ^ (z) )
-#define F2( x, y, z ) ( ( (x) & (y) ) | ( ~(x) & (z) ) )
-#define F3( x, y, z ) ( ( (x) | ~(y) ) ^ (z) )
-#define F4( x, y, z ) ( ( (x) & (z) ) | ( (y) & ~(z) ) )
-#define F5( x, y, z ) ( (x) ^ ( (y) | ~(z) ) )
+#define F1(x, y, z) ((x) ^ (y) ^ (z))
+#define F2(x, y, z) (((x) & (y)) | (~(x) & (z)))
+#define F3(x, y, z) (((x) | ~(y)) ^ (z))
+#define F4(x, y, z) (((x) & (z)) | ((y) & ~(z)))
+#define F5(x, y, z) ((x) ^ ((y) | ~(z)))
-#define S( x, n ) ( ( (x) << (n) ) | ( (x) >> (32 - (n)) ) )
+#define S(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
-#define P( a, b, c, d, e, r, s, f, k ) \
+#define P(a, b, c, d, e, r, s, f, k) \
do \
{ \
- (a) += f( (b), (c), (d) ) + local.X[r] + (k); \
- (a) = S( (a), (s) ) + (e); \
- (c) = S( (c), 10 ); \
- } while( 0 )
+ (a) += f((b), (c), (d)) + local.X[r] + (k); \
+ (a) = S((a), (s)) + (e); \
+ (c) = S((c), 10); \
+ } while (0)
-#define P2( a, b, c, d, e, r, s, rp, sp ) \
+#define P2(a, b, c, d, e, r, s, rp, sp) \
do \
{ \
- P( (a), (b), (c), (d), (e), (r), (s), F, K ); \
- P( a ## p, b ## p, c ## p, d ## p, e ## p, \
- (rp), (sp), Fp, Kp ); \
- } while( 0 )
+ P((a), (b), (c), (d), (e), (r), (s), F, K); \
+ P(a ## p, b ## p, c ## p, d ## p, e ## p, \
+ (rp), (sp), Fp, Kp); \
+ } while (0)
#define F F1
#define K 0x00000000
#define Fp F5
#define Kp 0x50A28BE6
- P2( local.A, local.B, local.C, local.D, local.E, 0, 11, 5, 8 );
- P2( local.E, local.A, local.B, local.C, local.D, 1, 14, 14, 9 );
- P2( local.D, local.E, local.A, local.B, local.C, 2, 15, 7, 9 );
- P2( local.C, local.D, local.E, local.A, local.B, 3, 12, 0, 11 );
- P2( local.B, local.C, local.D, local.E, local.A, 4, 5, 9, 13 );
- P2( local.A, local.B, local.C, local.D, local.E, 5, 8, 2, 15 );
- P2( local.E, local.A, local.B, local.C, local.D, 6, 7, 11, 15 );
- P2( local.D, local.E, local.A, local.B, local.C, 7, 9, 4, 5 );
- P2( local.C, local.D, local.E, local.A, local.B, 8, 11, 13, 7 );
- P2( local.B, local.C, local.D, local.E, local.A, 9, 13, 6, 7 );
- P2( local.A, local.B, local.C, local.D, local.E, 10, 14, 15, 8 );
- P2( local.E, local.A, local.B, local.C, local.D, 11, 15, 8, 11 );
- P2( local.D, local.E, local.A, local.B, local.C, 12, 6, 1, 14 );
- P2( local.C, local.D, local.E, local.A, local.B, 13, 7, 10, 14 );
- P2( local.B, local.C, local.D, local.E, local.A, 14, 9, 3, 12 );
- P2( local.A, local.B, local.C, local.D, local.E, 15, 8, 12, 6 );
+ P2(local.A, local.B, local.C, local.D, local.E, 0, 11, 5, 8);
+ P2(local.E, local.A, local.B, local.C, local.D, 1, 14, 14, 9);
+ P2(local.D, local.E, local.A, local.B, local.C, 2, 15, 7, 9);
+ P2(local.C, local.D, local.E, local.A, local.B, 3, 12, 0, 11);
+ P2(local.B, local.C, local.D, local.E, local.A, 4, 5, 9, 13);
+ P2(local.A, local.B, local.C, local.D, local.E, 5, 8, 2, 15);
+ P2(local.E, local.A, local.B, local.C, local.D, 6, 7, 11, 15);
+ P2(local.D, local.E, local.A, local.B, local.C, 7, 9, 4, 5);
+ P2(local.C, local.D, local.E, local.A, local.B, 8, 11, 13, 7);
+ P2(local.B, local.C, local.D, local.E, local.A, 9, 13, 6, 7);
+ P2(local.A, local.B, local.C, local.D, local.E, 10, 14, 15, 8);
+ P2(local.E, local.A, local.B, local.C, local.D, 11, 15, 8, 11);
+ P2(local.D, local.E, local.A, local.B, local.C, 12, 6, 1, 14);
+ P2(local.C, local.D, local.E, local.A, local.B, 13, 7, 10, 14);
+ P2(local.B, local.C, local.D, local.E, local.A, 14, 9, 3, 12);
+ P2(local.A, local.B, local.C, local.D, local.E, 15, 8, 12, 6);
#undef F
#undef K
#undef Fp
@@ -168,22 +168,22 @@
#define K 0x5A827999
#define Fp F4
#define Kp 0x5C4DD124
- P2( local.E, local.A, local.B, local.C, local.D, 7, 7, 6, 9 );
- P2( local.D, local.E, local.A, local.B, local.C, 4, 6, 11, 13 );
- P2( local.C, local.D, local.E, local.A, local.B, 13, 8, 3, 15 );
- P2( local.B, local.C, local.D, local.E, local.A, 1, 13, 7, 7 );
- P2( local.A, local.B, local.C, local.D, local.E, 10, 11, 0, 12 );
- P2( local.E, local.A, local.B, local.C, local.D, 6, 9, 13, 8 );
- P2( local.D, local.E, local.A, local.B, local.C, 15, 7, 5, 9 );
- P2( local.C, local.D, local.E, local.A, local.B, 3, 15, 10, 11 );
- P2( local.B, local.C, local.D, local.E, local.A, 12, 7, 14, 7 );
- P2( local.A, local.B, local.C, local.D, local.E, 0, 12, 15, 7 );
- P2( local.E, local.A, local.B, local.C, local.D, 9, 15, 8, 12 );
- P2( local.D, local.E, local.A, local.B, local.C, 5, 9, 12, 7 );
- P2( local.C, local.D, local.E, local.A, local.B, 2, 11, 4, 6 );
- P2( local.B, local.C, local.D, local.E, local.A, 14, 7, 9, 15 );
- P2( local.A, local.B, local.C, local.D, local.E, 11, 13, 1, 13 );
- P2( local.E, local.A, local.B, local.C, local.D, 8, 12, 2, 11 );
+ P2(local.E, local.A, local.B, local.C, local.D, 7, 7, 6, 9);
+ P2(local.D, local.E, local.A, local.B, local.C, 4, 6, 11, 13);
+ P2(local.C, local.D, local.E, local.A, local.B, 13, 8, 3, 15);
+ P2(local.B, local.C, local.D, local.E, local.A, 1, 13, 7, 7);
+ P2(local.A, local.B, local.C, local.D, local.E, 10, 11, 0, 12);
+ P2(local.E, local.A, local.B, local.C, local.D, 6, 9, 13, 8);
+ P2(local.D, local.E, local.A, local.B, local.C, 15, 7, 5, 9);
+ P2(local.C, local.D, local.E, local.A, local.B, 3, 15, 10, 11);
+ P2(local.B, local.C, local.D, local.E, local.A, 12, 7, 14, 7);
+ P2(local.A, local.B, local.C, local.D, local.E, 0, 12, 15, 7);
+ P2(local.E, local.A, local.B, local.C, local.D, 9, 15, 8, 12);
+ P2(local.D, local.E, local.A, local.B, local.C, 5, 9, 12, 7);
+ P2(local.C, local.D, local.E, local.A, local.B, 2, 11, 4, 6);
+ P2(local.B, local.C, local.D, local.E, local.A, 14, 7, 9, 15);
+ P2(local.A, local.B, local.C, local.D, local.E, 11, 13, 1, 13);
+ P2(local.E, local.A, local.B, local.C, local.D, 8, 12, 2, 11);
#undef F
#undef K
#undef Fp
@@ -193,22 +193,22 @@
#define K 0x6ED9EBA1
#define Fp F3
#define Kp 0x6D703EF3
- P2( local.D, local.E, local.A, local.B, local.C, 3, 11, 15, 9 );
- P2( local.C, local.D, local.E, local.A, local.B, 10, 13, 5, 7 );
- P2( local.B, local.C, local.D, local.E, local.A, 14, 6, 1, 15 );
- P2( local.A, local.B, local.C, local.D, local.E, 4, 7, 3, 11 );
- P2( local.E, local.A, local.B, local.C, local.D, 9, 14, 7, 8 );
- P2( local.D, local.E, local.A, local.B, local.C, 15, 9, 14, 6 );
- P2( local.C, local.D, local.E, local.A, local.B, 8, 13, 6, 6 );
- P2( local.B, local.C, local.D, local.E, local.A, 1, 15, 9, 14 );
- P2( local.A, local.B, local.C, local.D, local.E, 2, 14, 11, 12 );
- P2( local.E, local.A, local.B, local.C, local.D, 7, 8, 8, 13 );
- P2( local.D, local.E, local.A, local.B, local.C, 0, 13, 12, 5 );
- P2( local.C, local.D, local.E, local.A, local.B, 6, 6, 2, 14 );
- P2( local.B, local.C, local.D, local.E, local.A, 13, 5, 10, 13 );
- P2( local.A, local.B, local.C, local.D, local.E, 11, 12, 0, 13 );
- P2( local.E, local.A, local.B, local.C, local.D, 5, 7, 4, 7 );
- P2( local.D, local.E, local.A, local.B, local.C, 12, 5, 13, 5 );
+ P2(local.D, local.E, local.A, local.B, local.C, 3, 11, 15, 9);
+ P2(local.C, local.D, local.E, local.A, local.B, 10, 13, 5, 7);
+ P2(local.B, local.C, local.D, local.E, local.A, 14, 6, 1, 15);
+ P2(local.A, local.B, local.C, local.D, local.E, 4, 7, 3, 11);
+ P2(local.E, local.A, local.B, local.C, local.D, 9, 14, 7, 8);
+ P2(local.D, local.E, local.A, local.B, local.C, 15, 9, 14, 6);
+ P2(local.C, local.D, local.E, local.A, local.B, 8, 13, 6, 6);
+ P2(local.B, local.C, local.D, local.E, local.A, 1, 15, 9, 14);
+ P2(local.A, local.B, local.C, local.D, local.E, 2, 14, 11, 12);
+ P2(local.E, local.A, local.B, local.C, local.D, 7, 8, 8, 13);
+ P2(local.D, local.E, local.A, local.B, local.C, 0, 13, 12, 5);
+ P2(local.C, local.D, local.E, local.A, local.B, 6, 6, 2, 14);
+ P2(local.B, local.C, local.D, local.E, local.A, 13, 5, 10, 13);
+ P2(local.A, local.B, local.C, local.D, local.E, 11, 12, 0, 13);
+ P2(local.E, local.A, local.B, local.C, local.D, 5, 7, 4, 7);
+ P2(local.D, local.E, local.A, local.B, local.C, 12, 5, 13, 5);
#undef F
#undef K
#undef Fp
@@ -218,22 +218,22 @@
#define K 0x8F1BBCDC
#define Fp F2
#define Kp 0x7A6D76E9
- P2( local.C, local.D, local.E, local.A, local.B, 1, 11, 8, 15 );
- P2( local.B, local.C, local.D, local.E, local.A, 9, 12, 6, 5 );
- P2( local.A, local.B, local.C, local.D, local.E, 11, 14, 4, 8 );
- P2( local.E, local.A, local.B, local.C, local.D, 10, 15, 1, 11 );
- P2( local.D, local.E, local.A, local.B, local.C, 0, 14, 3, 14 );
- P2( local.C, local.D, local.E, local.A, local.B, 8, 15, 11, 14 );
- P2( local.B, local.C, local.D, local.E, local.A, 12, 9, 15, 6 );
- P2( local.A, local.B, local.C, local.D, local.E, 4, 8, 0, 14 );
- P2( local.E, local.A, local.B, local.C, local.D, 13, 9, 5, 6 );
- P2( local.D, local.E, local.A, local.B, local.C, 3, 14, 12, 9 );
- P2( local.C, local.D, local.E, local.A, local.B, 7, 5, 2, 12 );
- P2( local.B, local.C, local.D, local.E, local.A, 15, 6, 13, 9 );
- P2( local.A, local.B, local.C, local.D, local.E, 14, 8, 9, 12 );
- P2( local.E, local.A, local.B, local.C, local.D, 5, 6, 7, 5 );
- P2( local.D, local.E, local.A, local.B, local.C, 6, 5, 10, 15 );
- P2( local.C, local.D, local.E, local.A, local.B, 2, 12, 14, 8 );
+ P2(local.C, local.D, local.E, local.A, local.B, 1, 11, 8, 15);
+ P2(local.B, local.C, local.D, local.E, local.A, 9, 12, 6, 5);
+ P2(local.A, local.B, local.C, local.D, local.E, 11, 14, 4, 8);
+ P2(local.E, local.A, local.B, local.C, local.D, 10, 15, 1, 11);
+ P2(local.D, local.E, local.A, local.B, local.C, 0, 14, 3, 14);
+ P2(local.C, local.D, local.E, local.A, local.B, 8, 15, 11, 14);
+ P2(local.B, local.C, local.D, local.E, local.A, 12, 9, 15, 6);
+ P2(local.A, local.B, local.C, local.D, local.E, 4, 8, 0, 14);
+ P2(local.E, local.A, local.B, local.C, local.D, 13, 9, 5, 6);
+ P2(local.D, local.E, local.A, local.B, local.C, 3, 14, 12, 9);
+ P2(local.C, local.D, local.E, local.A, local.B, 7, 5, 2, 12);
+ P2(local.B, local.C, local.D, local.E, local.A, 15, 6, 13, 9);
+ P2(local.A, local.B, local.C, local.D, local.E, 14, 8, 9, 12);
+ P2(local.E, local.A, local.B, local.C, local.D, 5, 6, 7, 5);
+ P2(local.D, local.E, local.A, local.B, local.C, 6, 5, 10, 15);
+ P2(local.C, local.D, local.E, local.A, local.B, 2, 12, 14, 8);
#undef F
#undef K
#undef Fp
@@ -243,22 +243,22 @@
#define K 0xA953FD4E
#define Fp F1
#define Kp 0x00000000
- P2( local.B, local.C, local.D, local.E, local.A, 4, 9, 12, 8 );
- P2( local.A, local.B, local.C, local.D, local.E, 0, 15, 15, 5 );
- P2( local.E, local.A, local.B, local.C, local.D, 5, 5, 10, 12 );
- P2( local.D, local.E, local.A, local.B, local.C, 9, 11, 4, 9 );
- P2( local.C, local.D, local.E, local.A, local.B, 7, 6, 1, 12 );
- P2( local.B, local.C, local.D, local.E, local.A, 12, 8, 5, 5 );
- P2( local.A, local.B, local.C, local.D, local.E, 2, 13, 8, 14 );
- P2( local.E, local.A, local.B, local.C, local.D, 10, 12, 7, 6 );
- P2( local.D, local.E, local.A, local.B, local.C, 14, 5, 6, 8 );
- P2( local.C, local.D, local.E, local.A, local.B, 1, 12, 2, 13 );
- P2( local.B, local.C, local.D, local.E, local.A, 3, 13, 13, 6 );
- P2( local.A, local.B, local.C, local.D, local.E, 8, 14, 14, 5 );
- P2( local.E, local.A, local.B, local.C, local.D, 11, 11, 0, 15 );
- P2( local.D, local.E, local.A, local.B, local.C, 6, 8, 3, 13 );
- P2( local.C, local.D, local.E, local.A, local.B, 15, 5, 9, 11 );
- P2( local.B, local.C, local.D, local.E, local.A, 13, 6, 11, 11 );
+ P2(local.B, local.C, local.D, local.E, local.A, 4, 9, 12, 8);
+ P2(local.A, local.B, local.C, local.D, local.E, 0, 15, 15, 5);
+ P2(local.E, local.A, local.B, local.C, local.D, 5, 5, 10, 12);
+ P2(local.D, local.E, local.A, local.B, local.C, 9, 11, 4, 9);
+ P2(local.C, local.D, local.E, local.A, local.B, 7, 6, 1, 12);
+ P2(local.B, local.C, local.D, local.E, local.A, 12, 8, 5, 5);
+ P2(local.A, local.B, local.C, local.D, local.E, 2, 13, 8, 14);
+ P2(local.E, local.A, local.B, local.C, local.D, 10, 12, 7, 6);
+ P2(local.D, local.E, local.A, local.B, local.C, 14, 5, 6, 8);
+ P2(local.C, local.D, local.E, local.A, local.B, 1, 12, 2, 13);
+ P2(local.B, local.C, local.D, local.E, local.A, 3, 13, 13, 6);
+ P2(local.A, local.B, local.C, local.D, local.E, 8, 14, 14, 5);
+ P2(local.E, local.A, local.B, local.C, local.D, 11, 11, 0, 15);
+ P2(local.D, local.E, local.A, local.B, local.C, 6, 8, 3, 13);
+ P2(local.C, local.D, local.E, local.A, local.B, 15, 5, 9, 11);
+ P2(local.B, local.C, local.D, local.E, local.A, 13, 6, 11, 11);
#undef F
#undef K
#undef Fp
@@ -272,16 +272,16 @@
ctx->state[0] = local.C;
/* Zeroise variables to clear sensitive data from memory. */
- mbedtls_platform_zeroize( &local, sizeof( local ) );
+ mbedtls_platform_zeroize(&local, sizeof(local));
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx,
- const unsigned char data[64] )
+void mbedtls_ripemd160_process(mbedtls_ripemd160_context *ctx,
+ const unsigned char data[64])
{
- mbedtls_internal_ripemd160_process( ctx, data );
+ mbedtls_internal_ripemd160_process(ctx, data);
}
#endif
#endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */
@@ -289,16 +289,17 @@
/*
* RIPEMD-160 process buffer
*/
-int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx,
- const unsigned char *input,
- size_t ilen )
+int mbedtls_ripemd160_update_ret(mbedtls_ripemd160_context *ctx,
+ const unsigned char *input,
+ size_t ilen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t fill;
uint32_t left;
- if( ilen == 0 )
- return( 0 );
+ if (ilen == 0) {
+ return 0;
+ }
left = ctx->total[0] & 0x3F;
fill = 64 - left;
@@ -306,50 +307,50 @@
ctx->total[0] += (uint32_t) ilen;
ctx->total[0] &= 0xFFFFFFFF;
- if( ctx->total[0] < (uint32_t) ilen )
+ if (ctx->total[0] < (uint32_t) ilen) {
ctx->total[1]++;
+ }
- if( left && ilen >= fill )
- {
- memcpy( (void *) (ctx->buffer + left), input, fill );
+ if (left && ilen >= fill) {
+ memcpy((void *) (ctx->buffer + left), input, fill);
- if( ( ret = mbedtls_internal_ripemd160_process( ctx, ctx->buffer ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_internal_ripemd160_process(ctx, ctx->buffer)) != 0) {
+ return ret;
+ }
input += fill;
ilen -= fill;
left = 0;
}
- while( ilen >= 64 )
- {
- if( ( ret = mbedtls_internal_ripemd160_process( ctx, input ) ) != 0 )
- return( ret );
+ while (ilen >= 64) {
+ if ((ret = mbedtls_internal_ripemd160_process(ctx, input)) != 0) {
+ return ret;
+ }
input += 64;
ilen -= 64;
}
- if( ilen > 0 )
- {
- memcpy( (void *) (ctx->buffer + left), input, ilen );
+ if (ilen > 0) {
+ memcpy((void *) (ctx->buffer + left), input, ilen);
}
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
- const unsigned char *input,
- size_t ilen )
+void mbedtls_ripemd160_update(mbedtls_ripemd160_context *ctx,
+ const unsigned char *input,
+ size_t ilen)
{
- mbedtls_ripemd160_update_ret( ctx, input, ilen );
+ mbedtls_ripemd160_update_ret(ctx, input, ilen);
}
#endif
static const unsigned char ripemd160_padding[64] =
{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
@@ -358,46 +359,48 @@
/*
* RIPEMD-160 final digest
*/
-int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx,
- unsigned char output[20] )
+int mbedtls_ripemd160_finish_ret(mbedtls_ripemd160_context *ctx,
+ unsigned char output[20])
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
uint32_t last, padn;
uint32_t high, low;
unsigned char msglen[8];
- high = ( ctx->total[0] >> 29 )
- | ( ctx->total[1] << 3 );
- low = ( ctx->total[0] << 3 );
+ high = (ctx->total[0] >> 29)
+ | (ctx->total[1] << 3);
+ low = (ctx->total[0] << 3);
- MBEDTLS_PUT_UINT32_LE( low, msglen, 0 );
- MBEDTLS_PUT_UINT32_LE( high, msglen, 4 );
+ MBEDTLS_PUT_UINT32_LE(low, msglen, 0);
+ MBEDTLS_PUT_UINT32_LE(high, msglen, 4);
last = ctx->total[0] & 0x3F;
- padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
+ padn = (last < 56) ? (56 - last) : (120 - last);
- ret = mbedtls_ripemd160_update_ret( ctx, ripemd160_padding, padn );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_ripemd160_update_ret(ctx, ripemd160_padding, padn);
+ if (ret != 0) {
+ return ret;
+ }
- ret = mbedtls_ripemd160_update_ret( ctx, msglen, 8 );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_ripemd160_update_ret(ctx, msglen, 8);
+ if (ret != 0) {
+ return ret;
+ }
- MBEDTLS_PUT_UINT32_LE( ctx->state[0], output, 0 );
- MBEDTLS_PUT_UINT32_LE( ctx->state[1], output, 4 );
- MBEDTLS_PUT_UINT32_LE( ctx->state[2], output, 8 );
- MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 );
- MBEDTLS_PUT_UINT32_LE( ctx->state[4], output, 16 );
+ MBEDTLS_PUT_UINT32_LE(ctx->state[0], output, 0);
+ MBEDTLS_PUT_UINT32_LE(ctx->state[1], output, 4);
+ MBEDTLS_PUT_UINT32_LE(ctx->state[2], output, 8);
+ MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12);
+ MBEDTLS_PUT_UINT32_LE(ctx->state[4], output, 16);
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
- unsigned char output[20] )
+void mbedtls_ripemd160_finish(mbedtls_ripemd160_context *ctx,
+ unsigned char output[20])
{
- mbedtls_ripemd160_finish_ret( ctx, output );
+ mbedtls_ripemd160_finish_ret(ctx, output);
}
#endif
@@ -406,36 +409,39 @@
/*
* output = RIPEMD-160( input buffer )
*/
-int mbedtls_ripemd160_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] )
+int mbedtls_ripemd160_ret(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[20])
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ripemd160_context ctx;
- mbedtls_ripemd160_init( &ctx );
+ mbedtls_ripemd160_init(&ctx);
- if( ( ret = mbedtls_ripemd160_starts_ret( &ctx ) ) != 0 )
+ if ((ret = mbedtls_ripemd160_starts_ret(&ctx)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_ripemd160_update_ret( &ctx, input, ilen ) ) != 0 )
+ if ((ret = mbedtls_ripemd160_update_ret(&ctx, input, ilen)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_ripemd160_finish_ret( &ctx, output ) ) != 0 )
+ if ((ret = mbedtls_ripemd160_finish_ret(&ctx, output)) != 0) {
goto exit;
+ }
exit:
- mbedtls_ripemd160_free( &ctx );
+ mbedtls_ripemd160_free(&ctx);
- return( ret );
+ return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] )
+void mbedtls_ripemd160(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[20])
{
- mbedtls_ripemd160_ret( input, ilen, output );
+ mbedtls_ripemd160_ret(input, ilen, output);
}
#endif
@@ -485,43 +491,46 @@
/*
* Checkup routine
*/
-int mbedtls_ripemd160_self_test( int verbose )
+int mbedtls_ripemd160_self_test(int verbose)
{
int i, ret = 0;
unsigned char output[20];
- memset( output, 0, sizeof output );
+ memset(output, 0, sizeof output);
- for( i = 0; i < TESTS; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " RIPEMD-160 test #%d: ", i + 1 );
+ for (i = 0; i < TESTS; i++) {
+ if (verbose != 0) {
+ mbedtls_printf(" RIPEMD-160 test #%d: ", i + 1);
+ }
- ret = mbedtls_ripemd160_ret( ripemd160_test_str[i],
- ripemd160_test_strlen[i], output );
- if( ret != 0 )
+ ret = mbedtls_ripemd160_ret(ripemd160_test_str[i],
+ ripemd160_test_strlen[i], output);
+ if (ret != 0) {
goto fail;
+ }
- if( memcmp( output, ripemd160_test_md[i], 20 ) != 0 )
- {
+ if (memcmp(output, ripemd160_test_md[i], 20) != 0) {
ret = 1;
goto fail;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
- return( 0 );
+ return 0;
fail:
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/rsa.c b/library/rsa.c
index 9c39fa5..f44b2c3 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -62,68 +62,72 @@
#if !defined(MBEDTLS_RSA_ALT)
/* Parameter validation macros */
-#define RSA_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
-#define RSA_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
+#define RSA_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_RSA_BAD_INPUT_DATA)
+#define RSA_VALIDATE(cond) \
+ MBEDTLS_INTERNAL_VALIDATE(cond)
-int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
- const mbedtls_mpi *N,
- const mbedtls_mpi *P, const mbedtls_mpi *Q,
- const mbedtls_mpi *D, const mbedtls_mpi *E )
+int mbedtls_rsa_import(mbedtls_rsa_context *ctx,
+ const mbedtls_mpi *N,
+ const mbedtls_mpi *P, const mbedtls_mpi *Q,
+ const mbedtls_mpi *D, const mbedtls_mpi *E)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
- if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) ||
- ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) ||
- ( Q != NULL && ( ret = mbedtls_mpi_copy( &ctx->Q, Q ) ) != 0 ) ||
- ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) ||
- ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
+ if ((N != NULL && (ret = mbedtls_mpi_copy(&ctx->N, N)) != 0) ||
+ (P != NULL && (ret = mbedtls_mpi_copy(&ctx->P, P)) != 0) ||
+ (Q != NULL && (ret = mbedtls_mpi_copy(&ctx->Q, Q)) != 0) ||
+ (D != NULL && (ret = mbedtls_mpi_copy(&ctx->D, D)) != 0) ||
+ (E != NULL && (ret = mbedtls_mpi_copy(&ctx->E, E)) != 0)) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
}
- if( N != NULL )
- ctx->len = mbedtls_mpi_size( &ctx->N );
+ if (N != NULL) {
+ ctx->len = mbedtls_mpi_size(&ctx->N);
+ }
- return( 0 );
+ return 0;
}
-int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
- unsigned char const *N, size_t N_len,
- unsigned char const *P, size_t P_len,
- unsigned char const *Q, size_t Q_len,
- unsigned char const *D, size_t D_len,
- unsigned char const *E, size_t E_len )
+int mbedtls_rsa_import_raw(mbedtls_rsa_context *ctx,
+ unsigned char const *N, size_t N_len,
+ unsigned char const *P, size_t P_len,
+ unsigned char const *Q, size_t Q_len,
+ unsigned char const *D, size_t D_len,
+ unsigned char const *E, size_t E_len)
{
int ret = 0;
- RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
- if( N != NULL )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->N, N, N_len ) );
- ctx->len = mbedtls_mpi_size( &ctx->N );
+ if (N != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->N, N, N_len));
+ ctx->len = mbedtls_mpi_size(&ctx->N);
}
- if( P != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->P, P, P_len ) );
+ if (P != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->P, P, P_len));
+ }
- if( Q != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->Q, Q, Q_len ) );
+ if (Q != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->Q, Q, Q_len));
+ }
- if( D != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->D, D, D_len ) );
+ if (D != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->D, D, D_len));
+ }
- if( E != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->E, E, E_len ) );
+ if (E != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->E, E, E_len));
+ }
cleanup:
- if( ret != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
+ if (ret != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
+ }
- return( 0 );
+ return 0;
}
/*
@@ -131,8 +135,8 @@
* that the RSA primitives will be able to execute without error.
* It does *not* make guarantees for consistency of the parameters.
*/
-static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv,
- int blinding_needed )
+static int rsa_check_context(mbedtls_rsa_context const *ctx, int is_priv,
+ int blinding_needed)
{
#if !defined(MBEDTLS_RSA_NO_CRT)
/* blinding_needed is only used for NO_CRT to decide whether
@@ -140,10 +144,9 @@
((void) blinding_needed);
#endif
- if( ctx->len != mbedtls_mpi_size( &ctx->N ) ||
- ctx->len > MBEDTLS_MPI_MAX_SIZE )
- {
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (ctx->len != mbedtls_mpi_size(&ctx->N) ||
+ ctx->len > MBEDTLS_MPI_MAX_SIZE) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
/*
@@ -152,23 +155,21 @@
/* Modular exponentiation wrt. N is always used for
* RSA public key operations. */
- if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) <= 0 ||
- mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0 )
- {
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (mbedtls_mpi_cmp_int(&ctx->N, 0) <= 0 ||
+ mbedtls_mpi_get_bit(&ctx->N, 0) == 0) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
#if !defined(MBEDTLS_RSA_NO_CRT)
/* Modular exponentiation for P and Q is only
* used for private key operations and if CRT
* is used. */
- if( is_priv &&
- ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 ||
- mbedtls_mpi_get_bit( &ctx->P, 0 ) == 0 ||
- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ||
- mbedtls_mpi_get_bit( &ctx->Q, 0 ) == 0 ) )
- {
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (is_priv &&
+ (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 ||
+ mbedtls_mpi_get_bit(&ctx->P, 0) == 0 ||
+ mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0 ||
+ mbedtls_mpi_get_bit(&ctx->Q, 0) == 0)) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
#endif /* !MBEDTLS_RSA_NO_CRT */
@@ -177,20 +178,21 @@
*/
/* Always need E for public key operations */
- if( mbedtls_mpi_cmp_int( &ctx->E, 0 ) <= 0 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (mbedtls_mpi_cmp_int(&ctx->E, 0) <= 0) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_RSA_NO_CRT)
/* For private key operations, use D or DP & DQ
* as (unblinded) exponents. */
- if( is_priv && mbedtls_mpi_cmp_int( &ctx->D, 0 ) <= 0 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (is_priv && mbedtls_mpi_cmp_int(&ctx->D, 0) <= 0) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
#else
- if( is_priv &&
- ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) <= 0 ||
- mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) <= 0 ) )
- {
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (is_priv &&
+ (mbedtls_mpi_cmp_int(&ctx->DP, 0) <= 0 ||
+ mbedtls_mpi_cmp_int(&ctx->DQ, 0) <= 0)) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
#endif /* MBEDTLS_RSA_NO_CRT */
@@ -198,28 +200,26 @@
* so check that P, Q >= 1 if that hasn't yet been
* done as part of 1. */
#if defined(MBEDTLS_RSA_NO_CRT)
- if( is_priv && blinding_needed &&
- ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 ||
- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ) )
- {
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (is_priv && blinding_needed &&
+ (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 ||
+ mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0)) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
#endif
/* It wouldn't lead to an error if it wasn't satisfied,
* but check for QP >= 1 nonetheless. */
#if !defined(MBEDTLS_RSA_NO_CRT)
- if( is_priv &&
- mbedtls_mpi_cmp_int( &ctx->QP, 0 ) <= 0 )
- {
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (is_priv &&
+ mbedtls_mpi_cmp_int(&ctx->QP, 0) <= 0) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
#endif
- return( 0 );
+ return 0;
}
-int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
+int mbedtls_rsa_complete(mbedtls_rsa_context *ctx)
{
int ret = 0;
int have_N, have_P, have_Q, have_D, have_E;
@@ -228,18 +228,18 @@
#endif
int n_missing, pq_missing, d_missing, is_pub, is_priv;
- RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
- have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
- have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
- have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
- have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
- have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
+ have_N = (mbedtls_mpi_cmp_int(&ctx->N, 0) != 0);
+ have_P = (mbedtls_mpi_cmp_int(&ctx->P, 0) != 0);
+ have_Q = (mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0);
+ have_D = (mbedtls_mpi_cmp_int(&ctx->D, 0) != 0);
+ have_E = (mbedtls_mpi_cmp_int(&ctx->E, 0) != 0);
#if !defined(MBEDTLS_RSA_NO_CRT)
- have_DP = ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) != 0 );
- have_DQ = ( mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) != 0 );
- have_QP = ( mbedtls_mpi_cmp_int( &ctx->QP, 0 ) != 0 );
+ have_DP = (mbedtls_mpi_cmp_int(&ctx->DP, 0) != 0);
+ have_DQ = (mbedtls_mpi_cmp_int(&ctx->DQ, 0) != 0);
+ have_QP = (mbedtls_mpi_cmp_int(&ctx->QP, 0) != 0);
#endif
/*
@@ -260,44 +260,40 @@
/* These three alternatives are mutually exclusive */
is_priv = n_missing || pq_missing || d_missing;
- if( !is_priv && !is_pub )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (!is_priv && !is_pub) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
/*
* Step 1: Deduce N if P, Q are provided.
*/
- if( !have_N && have_P && have_Q )
- {
- if( ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P,
- &ctx->Q ) ) != 0 )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
+ if (!have_N && have_P && have_Q) {
+ if ((ret = mbedtls_mpi_mul_mpi(&ctx->N, &ctx->P,
+ &ctx->Q)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
}
- ctx->len = mbedtls_mpi_size( &ctx->N );
+ ctx->len = mbedtls_mpi_size(&ctx->N);
}
/*
* Step 2: Deduce and verify all remaining core parameters.
*/
- if( pq_missing )
- {
- ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->E, &ctx->D,
- &ctx->P, &ctx->Q );
- if( ret != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
+ if (pq_missing) {
+ ret = mbedtls_rsa_deduce_primes(&ctx->N, &ctx->E, &ctx->D,
+ &ctx->P, &ctx->Q);
+ if (ret != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
+ }
- }
- else if( d_missing )
- {
- if( ( ret = mbedtls_rsa_deduce_private_exponent( &ctx->P,
- &ctx->Q,
- &ctx->E,
- &ctx->D ) ) != 0 )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
+ } else if (d_missing) {
+ if ((ret = mbedtls_rsa_deduce_private_exponent(&ctx->P,
+ &ctx->Q,
+ &ctx->E,
+ &ctx->D)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
}
}
@@ -307,12 +303,12 @@
*/
#if !defined(MBEDTLS_RSA_NO_CRT)
- if( is_priv && ! ( have_DP && have_DQ && have_QP ) )
- {
- ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
- &ctx->DP, &ctx->DQ, &ctx->QP );
- if( ret != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
+ if (is_priv && !(have_DP && have_DQ && have_QP)) {
+ ret = mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D,
+ &ctx->DP, &ctx->DQ, &ctx->QP);
+ if (ret != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
+ }
}
#endif /* MBEDTLS_RSA_NO_CRT */
@@ -320,94 +316,98 @@
* Step 3: Basic sanity checks
*/
- return( rsa_check_context( ctx, is_priv, 1 ) );
+ return rsa_check_context(ctx, is_priv, 1);
}
-int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
- unsigned char *N, size_t N_len,
- unsigned char *P, size_t P_len,
- unsigned char *Q, size_t Q_len,
- unsigned char *D, size_t D_len,
- unsigned char *E, size_t E_len )
+int mbedtls_rsa_export_raw(const mbedtls_rsa_context *ctx,
+ unsigned char *N, size_t N_len,
+ unsigned char *P, size_t P_len,
+ unsigned char *Q, size_t Q_len,
+ unsigned char *D, size_t D_len,
+ unsigned char *E, size_t E_len)
{
int ret = 0;
int is_priv;
- RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
/* Check if key is private or public */
is_priv =
- mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
+ mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 &&
+ mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 &&
+ mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 &&
+ mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 &&
+ mbedtls_mpi_cmp_int(&ctx->E, 0) != 0;
- if( !is_priv )
- {
+ if (!is_priv) {
/* If we're trying to export private parameters for a public key,
* something must be wrong. */
- if( P != NULL || Q != NULL || D != NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (P != NULL || Q != NULL || D != NULL) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
}
- if( N != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->N, N, N_len ) );
+ if (N != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->N, N, N_len));
+ }
- if( P != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->P, P, P_len ) );
+ if (P != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->P, P, P_len));
+ }
- if( Q != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->Q, Q, Q_len ) );
+ if (Q != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->Q, Q, Q_len));
+ }
- if( D != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->D, D, D_len ) );
+ if (D != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->D, D, D_len));
+ }
- if( E != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->E, E, E_len ) );
+ if (E != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->E, E, E_len));
+ }
cleanup:
- return( ret );
+ return ret;
}
-int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
- mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
- mbedtls_mpi *D, mbedtls_mpi *E )
+int mbedtls_rsa_export(const mbedtls_rsa_context *ctx,
+ mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
+ mbedtls_mpi *D, mbedtls_mpi *E)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int is_priv;
- RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
/* Check if key is private or public */
is_priv =
- mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
+ mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 &&
+ mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 &&
+ mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 &&
+ mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 &&
+ mbedtls_mpi_cmp_int(&ctx->E, 0) != 0;
- if( !is_priv )
- {
+ if (!is_priv) {
/* If we're trying to export private parameters for a public key,
* something must be wrong. */
- if( P != NULL || Q != NULL || D != NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (P != NULL || Q != NULL || D != NULL) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
}
/* Export all requested core parameters. */
- if( ( N != NULL && ( ret = mbedtls_mpi_copy( N, &ctx->N ) ) != 0 ) ||
- ( P != NULL && ( ret = mbedtls_mpi_copy( P, &ctx->P ) ) != 0 ) ||
- ( Q != NULL && ( ret = mbedtls_mpi_copy( Q, &ctx->Q ) ) != 0 ) ||
- ( D != NULL && ( ret = mbedtls_mpi_copy( D, &ctx->D ) ) != 0 ) ||
- ( E != NULL && ( ret = mbedtls_mpi_copy( E, &ctx->E ) ) != 0 ) )
- {
- return( ret );
+ if ((N != NULL && (ret = mbedtls_mpi_copy(N, &ctx->N)) != 0) ||
+ (P != NULL && (ret = mbedtls_mpi_copy(P, &ctx->P)) != 0) ||
+ (Q != NULL && (ret = mbedtls_mpi_copy(Q, &ctx->Q)) != 0) ||
+ (D != NULL && (ret = mbedtls_mpi_copy(D, &ctx->D)) != 0) ||
+ (E != NULL && (ret = mbedtls_mpi_copy(E, &ctx->E)) != 0)) {
+ return ret;
}
- return( 0 );
+ return 0;
}
/*
@@ -416,75 +416,74 @@
* write DER encoded RSA keys. The helper function mbedtls_rsa_deduce_crt
* can be used in this case.
*/
-int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
- mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP )
+int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx,
+ mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int is_priv;
- RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
/* Check if key is private or public */
is_priv =
- mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
+ mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 &&
+ mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 &&
+ mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 &&
+ mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 &&
+ mbedtls_mpi_cmp_int(&ctx->E, 0) != 0;
- if( !is_priv )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (!is_priv) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
#if !defined(MBEDTLS_RSA_NO_CRT)
/* Export all requested blinding parameters. */
- if( ( DP != NULL && ( ret = mbedtls_mpi_copy( DP, &ctx->DP ) ) != 0 ) ||
- ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) ||
- ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
+ if ((DP != NULL && (ret = mbedtls_mpi_copy(DP, &ctx->DP)) != 0) ||
+ (DQ != NULL && (ret = mbedtls_mpi_copy(DQ, &ctx->DQ)) != 0) ||
+ (QP != NULL && (ret = mbedtls_mpi_copy(QP, &ctx->QP)) != 0)) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
}
#else
- if( ( ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
- DP, DQ, QP ) ) != 0 )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
+ if ((ret = mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D,
+ DP, DQ, QP)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
}
#endif
- return( 0 );
+ return 0;
}
/*
* Initialize an RSA context
*/
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
- int padding,
- int hash_id )
+void mbedtls_rsa_init(mbedtls_rsa_context *ctx,
+ int padding,
+ int hash_id)
{
- RSA_VALIDATE( ctx != NULL );
- RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
- padding == MBEDTLS_RSA_PKCS_V21 );
+ RSA_VALIDATE(ctx != NULL);
+ RSA_VALIDATE(padding == MBEDTLS_RSA_PKCS_V15 ||
+ padding == MBEDTLS_RSA_PKCS_V21);
- memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
+ memset(ctx, 0, sizeof(mbedtls_rsa_context));
- mbedtls_rsa_set_padding( ctx, padding, hash_id );
+ mbedtls_rsa_set_padding(ctx, padding, hash_id);
#if defined(MBEDTLS_THREADING_C)
/* Set ctx->ver to nonzero to indicate that the mutex has been
* initialized and will need to be freed. */
ctx->ver = 1;
- mbedtls_mutex_init( &ctx->mutex );
+ mbedtls_mutex_init(&ctx->mutex);
#endif
}
/*
* Set padding for an existing RSA context
*/
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
- int hash_id )
+void mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx, int padding,
+ int hash_id)
{
- RSA_VALIDATE( ctx != NULL );
- RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
- padding == MBEDTLS_RSA_PKCS_V21 );
+ RSA_VALIDATE(ctx != NULL);
+ RSA_VALIDATE(padding == MBEDTLS_RSA_PKCS_V15 ||
+ padding == MBEDTLS_RSA_PKCS_V21);
ctx->padding = padding;
ctx->hash_id = hash_id;
@@ -494,9 +493,9 @@
* Get length in bytes of RSA modulus
*/
-size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx )
+size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx)
{
- return( ctx->len );
+ return ctx->len;
}
@@ -508,31 +507,31 @@
* This generation method follows the RSA key pair generation procedure of
* FIPS 186-4 if 2^16 < exponent < 2^256 and nbits = 2048 or nbits = 3072.
*/
-int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- unsigned int nbits, int exponent )
+int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ unsigned int nbits, int exponent)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi H, G, L;
int prime_quality = 0;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( f_rng != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
+ RSA_VALIDATE_RET(f_rng != NULL);
/*
* If the modulus is 1024 bit long or shorter, then the security strength of
* the RSA algorithm is less than or equal to 80 bits and therefore an error
* rate of 2^-80 is sufficient.
*/
- if( nbits > 1024 )
+ if (nbits > 1024) {
prime_quality = MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR;
+ }
- mbedtls_mpi_init( &H );
- mbedtls_mpi_init( &G );
- mbedtls_mpi_init( &L );
+ mbedtls_mpi_init(&H);
+ mbedtls_mpi_init(&G);
+ mbedtls_mpi_init(&L);
- if( nbits < 128 || exponent < 3 || nbits % 2 != 0 )
- {
+ if (nbits < 128 || exponent < 3 || nbits % 2 != 0) {
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
goto cleanup;
}
@@ -543,54 +542,56 @@
* 2. GCD( E, (P-1)*(Q-1) ) == 1
* 3. E^-1 mod LCM(P-1, Q-1) > 2^( nbits / 2 )
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->E, exponent));
- do
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1,
- prime_quality, f_rng, p_rng ) );
+ do {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_gen_prime(&ctx->P, nbits >> 1,
+ prime_quality, f_rng, p_rng));
- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1,
- prime_quality, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_gen_prime(&ctx->Q, nbits >> 1,
+ prime_quality, f_rng, p_rng));
/* make sure the difference between p and q is not too small (FIPS 186-4 §B.3.3 step 5.4) */
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &H, &ctx->P, &ctx->Q ) );
- if( mbedtls_mpi_bitlen( &H ) <= ( ( nbits >= 200 ) ? ( ( nbits >> 1 ) - 99 ) : 0 ) )
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&H, &ctx->P, &ctx->Q));
+ if (mbedtls_mpi_bitlen(&H) <= ((nbits >= 200) ? ((nbits >> 1) - 99) : 0)) {
continue;
+ }
/* not required by any standards, but some users rely on the fact that P > Q */
- if( H.s < 0 )
- mbedtls_mpi_swap( &ctx->P, &ctx->Q );
+ if (H.s < 0) {
+ mbedtls_mpi_swap(&ctx->P, &ctx->Q);
+ }
/* Temporarily replace P,Q by P-1, Q-1 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &ctx->P, &ctx->Q ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&ctx->P, &ctx->P, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&ctx->Q, &ctx->Q, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&H, &ctx->P, &ctx->Q));
/* check GCD( E, (P-1)*(Q-1) ) == 1 (FIPS 186-4 §B.3.1 criterion 2(a)) */
- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) );
- if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
+ MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, &ctx->E, &H));
+ if (mbedtls_mpi_cmp_int(&G, 1) != 0) {
continue;
+ }
/* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) (FIPS 186-4 §B.3.1 criterion 3(b)) */
- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->P, &ctx->Q ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L, NULL, &H, &G ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &L ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, &ctx->P, &ctx->Q));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(&L, NULL, &H, &G));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&ctx->D, &ctx->E, &L));
- if( mbedtls_mpi_bitlen( &ctx->D ) <= ( ( nbits + 1 ) / 2 ) ) // (FIPS 186-4 §B.3.1 criterion 3(a))
+ if (mbedtls_mpi_bitlen(&ctx->D) <= ((nbits + 1) / 2)) { // (FIPS 186-4 §B.3.1 criterion 3(a))
continue;
+ }
break;
- }
- while( 1 );
+ } while (1);
/* Restore P,Q */
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q, &ctx->Q, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&ctx->P, &ctx->P, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&ctx->Q, &ctx->Q, 1));
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->N, &ctx->P, &ctx->Q));
- ctx->len = mbedtls_mpi_size( &ctx->N );
+ ctx->len = mbedtls_mpi_size(&ctx->N);
#if !defined(MBEDTLS_RSA_NO_CRT)
/*
@@ -598,29 +599,29 @@
* DQ = D mod (Q - 1)
* QP = Q^-1 mod P
*/
- MBEDTLS_MPI_CHK( mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
- &ctx->DP, &ctx->DQ, &ctx->QP ) );
+ MBEDTLS_MPI_CHK(mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D,
+ &ctx->DP, &ctx->DQ, &ctx->QP));
#endif /* MBEDTLS_RSA_NO_CRT */
/* Double-check */
- MBEDTLS_MPI_CHK( mbedtls_rsa_check_privkey( ctx ) );
+ MBEDTLS_MPI_CHK(mbedtls_rsa_check_privkey(ctx));
cleanup:
- mbedtls_mpi_free( &H );
- mbedtls_mpi_free( &G );
- mbedtls_mpi_free( &L );
+ mbedtls_mpi_free(&H);
+ mbedtls_mpi_free(&G);
+ mbedtls_mpi_free(&L);
- if( ret != 0 )
- {
- mbedtls_rsa_free( ctx );
+ if (ret != 0) {
+ mbedtls_rsa_free(ctx);
- if( ( -ret & ~0x7f ) == 0 )
- ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_KEY_GEN_FAILED, ret );
- return( ret );
+ if ((-ret & ~0x7f) == 0) {
+ ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_KEY_GEN_FAILED, ret);
+ }
+ return ret;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_GENPRIME */
@@ -628,130 +629,127 @@
/*
* Check a public RSA key
*/
-int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
+int mbedtls_rsa_check_pubkey(const mbedtls_rsa_context *ctx)
{
- RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
- if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 )
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-
- if( mbedtls_mpi_bitlen( &ctx->N ) < 128 )
- {
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+ if (rsa_check_context(ctx, 0 /* public */, 0 /* no blinding */) != 0) {
+ return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
}
- if( mbedtls_mpi_get_bit( &ctx->E, 0 ) == 0 ||
- mbedtls_mpi_bitlen( &ctx->E ) < 2 ||
- mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 )
- {
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+ if (mbedtls_mpi_bitlen(&ctx->N) < 128) {
+ return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
}
- return( 0 );
+ if (mbedtls_mpi_get_bit(&ctx->E, 0) == 0 ||
+ mbedtls_mpi_bitlen(&ctx->E) < 2 ||
+ mbedtls_mpi_cmp_mpi(&ctx->E, &ctx->N) >= 0) {
+ return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
+ }
+
+ return 0;
}
/*
* Check for the consistency of all fields in an RSA private key context
*/
-int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
+int mbedtls_rsa_check_privkey(const mbedtls_rsa_context *ctx)
{
- RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
- if( mbedtls_rsa_check_pubkey( ctx ) != 0 ||
- rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 )
- {
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+ if (mbedtls_rsa_check_pubkey(ctx) != 0 ||
+ rsa_check_context(ctx, 1 /* private */, 1 /* blinding */) != 0) {
+ return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
}
- if( mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q,
- &ctx->D, &ctx->E, NULL, NULL ) != 0 )
- {
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+ if (mbedtls_rsa_validate_params(&ctx->N, &ctx->P, &ctx->Q,
+ &ctx->D, &ctx->E, NULL, NULL) != 0) {
+ return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
}
#if !defined(MBEDTLS_RSA_NO_CRT)
- else if( mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D,
- &ctx->DP, &ctx->DQ, &ctx->QP ) != 0 )
- {
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+ else if (mbedtls_rsa_validate_crt(&ctx->P, &ctx->Q, &ctx->D,
+ &ctx->DP, &ctx->DQ, &ctx->QP) != 0) {
+ return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
}
#endif
- return( 0 );
+ return 0;
}
/*
* Check if contexts holding a public and private key match
*/
-int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
- const mbedtls_rsa_context *prv )
+int mbedtls_rsa_check_pub_priv(const mbedtls_rsa_context *pub,
+ const mbedtls_rsa_context *prv)
{
- RSA_VALIDATE_RET( pub != NULL );
- RSA_VALIDATE_RET( prv != NULL );
+ RSA_VALIDATE_RET(pub != NULL);
+ RSA_VALIDATE_RET(prv != NULL);
- if( mbedtls_rsa_check_pubkey( pub ) != 0 ||
- mbedtls_rsa_check_privkey( prv ) != 0 )
- {
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+ if (mbedtls_rsa_check_pubkey(pub) != 0 ||
+ mbedtls_rsa_check_privkey(prv) != 0) {
+ return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
}
- if( mbedtls_mpi_cmp_mpi( &pub->N, &prv->N ) != 0 ||
- mbedtls_mpi_cmp_mpi( &pub->E, &prv->E ) != 0 )
- {
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+ if (mbedtls_mpi_cmp_mpi(&pub->N, &prv->N) != 0 ||
+ mbedtls_mpi_cmp_mpi(&pub->E, &prv->E) != 0) {
+ return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
}
- return( 0 );
+ return 0;
}
/*
* Do an RSA public key operation
*/
-int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_rsa_public(mbedtls_rsa_context *ctx,
+ const unsigned char *input,
+ unsigned char *output)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen;
mbedtls_mpi T;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( input != NULL );
- RSA_VALIDATE_RET( output != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
+ RSA_VALIDATE_RET(input != NULL);
+ RSA_VALIDATE_RET(output != NULL);
- if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (rsa_check_context(ctx, 0 /* public */, 0 /* no blinding */)) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- mbedtls_mpi_init( &T );
+ mbedtls_mpi_init(&T);
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+ return ret;
+ }
#endif
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len));
- if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
- {
+ if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) {
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
goto cleanup;
}
olen = ctx->len;
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&T, &T, &ctx->E, &ctx->N, &ctx->RN));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&T, output, olen));
cleanup:
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
- return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+ if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+ return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+ }
#endif
- mbedtls_mpi_free( &T );
+ mbedtls_mpi_free(&T);
- if( ret != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_PUBLIC_FAILED, ret ) );
+ if (ret != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_PUBLIC_FAILED, ret);
+ }
- return( 0 );
+ return 0;
}
/*
@@ -760,63 +758,62 @@
* DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer
* Berlin Heidelberg, 1996. p. 104-113.
*/
-static int rsa_prepare_blinding( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int rsa_prepare_blinding(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
int ret, count = 0;
mbedtls_mpi R;
- mbedtls_mpi_init( &R );
+ mbedtls_mpi_init(&R);
- if( ctx->Vf.p != NULL )
- {
+ if (ctx->Vf.p != NULL) {
/* We already have blinding values, just update them by squaring */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->N ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &ctx->Vi));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &ctx->Vf));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->N));
goto cleanup;
}
/* Unblinding value: Vf = random number, invertible mod N */
do {
- if( count++ > 10 )
- {
+ if (count++ > 10) {
ret = MBEDTLS_ERR_RSA_RNG_FAILED;
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->Vf, ctx->len - 1, f_rng, p_rng));
/* Compute Vf^-1 as R * (R Vf)^-1 to avoid leaks from inv_mod. */
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, ctx->len - 1, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vf, &R ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, ctx->len - 1, f_rng, p_rng));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vf, &R));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N));
/* At this point, Vi is invertible mod N if and only if both Vf and R
* are invertible mod N. If one of them isn't, we don't need to know
* which one, we just loop and choose new values for both of them.
* (Each iteration succeeds with overwhelming probability.) */
- ret = mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vi, &ctx->N );
- if( ret != 0 && ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+ ret = mbedtls_mpi_inv_mod(&ctx->Vi, &ctx->Vi, &ctx->N);
+ if (ret != 0 && ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) {
goto cleanup;
+ }
- } while( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
+ } while (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE);
/* Finish the computation of Vf^-1 = R * (R Vf)^-1 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &R));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N));
/* Blinding value: Vi = Vf^(-e) mod N
* (Vi already contains Vf^-1 at this point) */
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN));
cleanup:
- mbedtls_mpi_free( &R );
+ mbedtls_mpi_free(&R);
- return( ret );
+ return ret;
}
/*
@@ -843,11 +840,11 @@
/*
* Do an RSA private key operation
*/
-int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_rsa_private(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ const unsigned char *input,
+ unsigned char *output)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen;
@@ -884,110 +881,107 @@
* checked result; should be the same in the end. */
mbedtls_mpi I, C;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( input != NULL );
- RSA_VALIDATE_RET( output != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
+ RSA_VALIDATE_RET(input != NULL);
+ RSA_VALIDATE_RET(output != NULL);
- if( rsa_check_context( ctx, 1 /* private key checks */,
- f_rng != NULL /* blinding y/n */ ) != 0 )
- {
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (rsa_check_context(ctx, 1 /* private key checks */,
+ f_rng != NULL /* blinding y/n */) != 0) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+ return ret;
+ }
#endif
/* MPI Initialization */
- mbedtls_mpi_init( &T );
+ mbedtls_mpi_init(&T);
- mbedtls_mpi_init( &P1 );
- mbedtls_mpi_init( &Q1 );
- mbedtls_mpi_init( &R );
+ mbedtls_mpi_init(&P1);
+ mbedtls_mpi_init(&Q1);
+ mbedtls_mpi_init(&R);
- if( f_rng != NULL )
- {
+ if (f_rng != NULL) {
#if defined(MBEDTLS_RSA_NO_CRT)
- mbedtls_mpi_init( &D_blind );
+ mbedtls_mpi_init(&D_blind);
#else
- mbedtls_mpi_init( &DP_blind );
- mbedtls_mpi_init( &DQ_blind );
+ mbedtls_mpi_init(&DP_blind);
+ mbedtls_mpi_init(&DQ_blind);
#endif
}
#if !defined(MBEDTLS_RSA_NO_CRT)
- mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ );
+ mbedtls_mpi_init(&TP); mbedtls_mpi_init(&TQ);
#endif
- mbedtls_mpi_init( &I );
- mbedtls_mpi_init( &C );
+ mbedtls_mpi_init(&I);
+ mbedtls_mpi_init(&C);
/* End of MPI initialization */
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
- if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
- {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len));
+ if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) {
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&I, &T));
- if( f_rng != NULL )
- {
+ if (f_rng != NULL) {
/*
* Blinding
* T = T * Vi mod N
*/
- MBEDTLS_MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
+ MBEDTLS_MPI_CHK(rsa_prepare_blinding(ctx, f_rng, p_rng));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &T, &ctx->Vi));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &T, &ctx->N));
/*
* Exponent blinding
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&P1, &ctx->P, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&Q1, &ctx->Q, 1));
#if defined(MBEDTLS_RSA_NO_CRT)
/*
* D_blind = ( P - 1 ) * ( Q - 1 ) * R + D
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
- f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &P1, &Q1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &D_blind, &R ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &D_blind, &D_blind, &ctx->D ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING,
+ f_rng, p_rng));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&D_blind, &P1, &Q1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&D_blind, &D_blind, &R));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&D_blind, &D_blind, &ctx->D));
D = &D_blind;
#else
/*
* DP_blind = ( P - 1 ) * R + DP
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
- f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DP_blind, &P1, &R ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DP_blind, &DP_blind,
- &ctx->DP ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING,
+ f_rng, p_rng));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&DP_blind, &P1, &R));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&DP_blind, &DP_blind,
+ &ctx->DP));
DP = &DP_blind;
/*
* DQ_blind = ( Q - 1 ) * R + DQ
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
- f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DQ_blind, &Q1, &R ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DQ_blind, &DQ_blind,
- &ctx->DQ ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING,
+ f_rng, p_rng));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&DQ_blind, &Q1, &R));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&DQ_blind, &DQ_blind,
+ &ctx->DQ));
DQ = &DQ_blind;
#endif /* MBEDTLS_RSA_NO_CRT */
}
#if defined(MBEDTLS_RSA_NO_CRT)
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, D, &ctx->N, &ctx->RN ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&T, &T, D, &ctx->N, &ctx->RN));
#else
/*
* Faster decryption using the CRT
@@ -996,78 +990,77 @@
* TQ = input ^ dQ mod Q
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TP, &T, DP, &ctx->P, &ctx->RP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TQ, &T, DQ, &ctx->Q, &ctx->RQ ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TP, &T, DP, &ctx->P, &ctx->RP));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TQ, &T, DQ, &ctx->Q, &ctx->RQ));
/*
* T = (TP - TQ) * (Q^-1 mod P) mod P
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &TP, &TQ ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->QP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &TP, &ctx->P ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&T, &TP, &TQ));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&TP, &T, &ctx->QP));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &TP, &ctx->P));
/*
* T = TQ + T * Q
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->Q ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &TQ, &TP ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&TP, &T, &ctx->Q));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&T, &TQ, &TP));
#endif /* MBEDTLS_RSA_NO_CRT */
- if( f_rng != NULL )
- {
+ if (f_rng != NULL) {
/*
* Unblind
* T = T * Vf mod N
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vf ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &T, &ctx->Vf));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &T, &ctx->N));
}
/* Verify the result to prevent glitching attacks. */
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E,
- &ctx->N, &ctx->RN ) );
- if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 )
- {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&C, &T, &ctx->E,
+ &ctx->N, &ctx->RN));
+ if (mbedtls_mpi_cmp_mpi(&C, &I) != 0) {
ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
goto cleanup;
}
olen = ctx->len;
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&T, output, olen));
cleanup:
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
- return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+ if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+ return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+ }
#endif
- mbedtls_mpi_free( &P1 );
- mbedtls_mpi_free( &Q1 );
- mbedtls_mpi_free( &R );
+ mbedtls_mpi_free(&P1);
+ mbedtls_mpi_free(&Q1);
+ mbedtls_mpi_free(&R);
- if( f_rng != NULL )
- {
+ if (f_rng != NULL) {
#if defined(MBEDTLS_RSA_NO_CRT)
- mbedtls_mpi_free( &D_blind );
+ mbedtls_mpi_free(&D_blind);
#else
- mbedtls_mpi_free( &DP_blind );
- mbedtls_mpi_free( &DQ_blind );
+ mbedtls_mpi_free(&DP_blind);
+ mbedtls_mpi_free(&DQ_blind);
#endif
}
- mbedtls_mpi_free( &T );
+ mbedtls_mpi_free(&T);
#if !defined(MBEDTLS_RSA_NO_CRT)
- mbedtls_mpi_free( &TP ); mbedtls_mpi_free( &TQ );
+ mbedtls_mpi_free(&TP); mbedtls_mpi_free(&TQ);
#endif
- mbedtls_mpi_free( &C );
- mbedtls_mpi_free( &I );
+ mbedtls_mpi_free(&C);
+ mbedtls_mpi_free(&I);
- if( ret != 0 && ret >= -0x007f )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_PRIVATE_FAILED, ret ) );
+ if (ret != 0 && ret >= -0x007f) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_PRIVATE_FAILED, ret);
+ }
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_PKCS1_V21)
@@ -1080,8 +1073,8 @@
* \param slen length of the source buffer
* \param md_ctx message digest context to use
*/
-static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src,
- size_t slen, mbedtls_md_context_t *md_ctx )
+static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src,
+ size_t slen, mbedtls_md_context_t *md_ctx)
{
unsigned char mask[MBEDTLS_MD_MAX_SIZE];
unsigned char counter[4];
@@ -1090,31 +1083,36 @@
size_t i, use_len;
int ret = 0;
- memset( mask, 0, MBEDTLS_MD_MAX_SIZE );
- memset( counter, 0, 4 );
+ memset(mask, 0, MBEDTLS_MD_MAX_SIZE);
+ memset(counter, 0, 4);
- hlen = mbedtls_md_get_size( md_ctx->md_info );
+ hlen = mbedtls_md_get_size(md_ctx->md_info);
/* Generate and apply dbMask */
p = dst;
- while( dlen > 0 )
- {
+ while (dlen > 0) {
use_len = hlen;
- if( dlen < hlen )
+ if (dlen < hlen) {
use_len = dlen;
+ }
- if( ( ret = mbedtls_md_starts( md_ctx ) ) != 0 )
+ if ((ret = mbedtls_md_starts(md_ctx)) != 0) {
goto exit;
- if( ( ret = mbedtls_md_update( md_ctx, src, slen ) ) != 0 )
+ }
+ if ((ret = mbedtls_md_update(md_ctx, src, slen)) != 0) {
goto exit;
- if( ( ret = mbedtls_md_update( md_ctx, counter, 4 ) ) != 0 )
+ }
+ if ((ret = mbedtls_md_update(md_ctx, counter, 4)) != 0) {
goto exit;
- if( ( ret = mbedtls_md_finish( md_ctx, mask ) ) != 0 )
+ }
+ if ((ret = mbedtls_md_finish(md_ctx, mask)) != 0) {
goto exit;
+ }
- for( i = 0; i < use_len; ++i )
+ for (i = 0; i < use_len; ++i) {
*p++ ^= mask[i];
+ }
counter[3]++;
@@ -1122,9 +1120,9 @@
}
exit:
- mbedtls_platform_zeroize( mask, sizeof( mask ) );
+ mbedtls_platform_zeroize(mask, sizeof(mask));
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_PKCS1_V21 */
@@ -1132,14 +1130,14 @@
/*
* Implementation of the PKCS#1 v2.1 RSAES-OAEP-ENCRYPT function
*/
-int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- const unsigned char *label, size_t label_len,
- size_t ilen,
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ const unsigned char *label, size_t label_len,
+ size_t ilen,
+ const unsigned char *input,
+ unsigned char *output)
{
size_t olen;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1148,72 +1146,83 @@
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
- RSA_VALIDATE_RET( output != NULL );
- RSA_VALIDATE_RET( ilen == 0 || input != NULL );
- RSA_VALIDATE_RET( label_len == 0 || label != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
+ RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC);
+ RSA_VALIDATE_RET(output != NULL);
+ RSA_VALIDATE_RET(ilen == 0 || input != NULL);
+ RSA_VALIDATE_RET(label_len == 0 || label != NULL);
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- if( f_rng == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (f_rng == NULL) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
- if( md_info == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) ctx->hash_id);
+ if (md_info == NULL) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
olen = ctx->len;
- hlen = mbedtls_md_get_size( md_info );
+ hlen = mbedtls_md_get_size(md_info);
/* first comparison checks for overflow */
- if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- memset( output, 0, olen );
+ memset(output, 0, olen);
*p++ = 0;
/* Generate a random octet string seed */
- if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
+ if ((ret = f_rng(p_rng, p, hlen)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_RNG_FAILED, ret);
+ }
p += hlen;
/* Construct DB */
- if( ( ret = mbedtls_md( md_info, label, label_len, p ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_md(md_info, label, label_len, p)) != 0) {
+ return ret;
+ }
p += hlen;
p += olen - 2 * hlen - 2 - ilen;
*p++ = 1;
- if( ilen != 0 )
- memcpy( p, input, ilen );
+ if (ilen != 0) {
+ memcpy(p, input, ilen);
+ }
- mbedtls_md_init( &md_ctx );
- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+ mbedtls_md_init(&md_ctx);
+ if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) {
goto exit;
+ }
/* maskedDB: Apply dbMask to DB */
- if( ( ret = mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
- &md_ctx ) ) != 0 )
+ if ((ret = mgf_mask(output + hlen + 1, olen - hlen - 1, output + 1, hlen,
+ &md_ctx)) != 0) {
goto exit;
+ }
/* maskedSeed: Apply seedMask to seed */
- if( ( ret = mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
- &md_ctx ) ) != 0 )
+ if ((ret = mgf_mask(output + 1, hlen, output + hlen + 1, olen - hlen - 1,
+ &md_ctx)) != 0) {
goto exit;
+ }
exit:
- mbedtls_md_free( &md_ctx );
+ mbedtls_md_free(&md_ctx);
- if( ret != 0 )
- return( ret );
+ if (ret != 0) {
+ return ret;
+ }
- return( ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, output, output )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
+ return (mode == MBEDTLS_RSA_PUBLIC)
+ ? mbedtls_rsa_public(ctx, output, output)
+ : mbedtls_rsa_private(ctx, f_rng, p_rng, output, output);
}
#endif /* MBEDTLS_PKCS1_V21 */
@@ -1221,107 +1230,108 @@
/*
* Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-ENCRYPT function
*/
-int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t ilen,
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode, size_t ilen,
+ const unsigned char *input,
+ unsigned char *output)
{
size_t nb_pad, olen;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = output;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
- RSA_VALIDATE_RET( output != NULL );
- RSA_VALIDATE_RET( ilen == 0 || input != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
+ RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC);
+ RSA_VALIDATE_RET(output != NULL);
+ RSA_VALIDATE_RET(ilen == 0 || input != NULL);
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
olen = ctx->len;
/* first comparison checks for overflow */
- if( ilen + 11 < ilen || olen < ilen + 11 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (ilen + 11 < ilen || olen < ilen + 11) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
nb_pad = olen - 3 - ilen;
*p++ = 0;
- if( mode == MBEDTLS_RSA_PUBLIC )
- {
- if( f_rng == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (mode == MBEDTLS_RSA_PUBLIC) {
+ if (f_rng == NULL) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
*p++ = MBEDTLS_RSA_CRYPT;
- while( nb_pad-- > 0 )
- {
+ while (nb_pad-- > 0) {
int rng_dl = 100;
do {
- ret = f_rng( p_rng, p, 1 );
- } while( *p == 0 && --rng_dl && ret == 0 );
+ ret = f_rng(p_rng, p, 1);
+ } while (*p == 0 && --rng_dl && ret == 0);
/* Check if RNG failed to generate data */
- if( rng_dl == 0 || ret != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
+ if (rng_dl == 0 || ret != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_RNG_FAILED, ret);
+ }
p++;
}
- }
- else
- {
+ } else {
*p++ = MBEDTLS_RSA_SIGN;
- while( nb_pad-- > 0 )
+ while (nb_pad-- > 0) {
*p++ = 0xFF;
+ }
}
*p++ = 0;
- if( ilen != 0 )
- memcpy( p, input, ilen );
+ if (ilen != 0) {
+ memcpy(p, input, ilen);
+ }
- return( ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, output, output )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
+ return (mode == MBEDTLS_RSA_PUBLIC)
+ ? mbedtls_rsa_public(ctx, output, output)
+ : mbedtls_rsa_private(ctx, f_rng, p_rng, output, output);
}
#endif /* MBEDTLS_PKCS1_V15 */
/*
* Add the message padding, then do an RSA operation
*/
-int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t ilen,
- const unsigned char *input,
- unsigned char *output )
+int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode, size_t ilen,
+ const unsigned char *input,
+ unsigned char *output)
{
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
- RSA_VALIDATE_RET( output != NULL );
- RSA_VALIDATE_RET( ilen == 0 || input != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
+ RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC);
+ RSA_VALIDATE_RET(output != NULL);
+ RSA_VALIDATE_RET(ilen == 0 || input != NULL);
- switch( ctx->padding )
- {
+ switch (ctx->padding) {
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen,
- input, output );
+ return mbedtls_rsa_rsaes_pkcs1_v15_encrypt(ctx, f_rng, p_rng, mode, ilen,
+ input, output);
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0,
- ilen, input, output );
+ return mbedtls_rsa_rsaes_oaep_encrypt(ctx, f_rng, p_rng, mode, NULL, 0,
+ ilen, input, output);
#endif
default:
- return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+ return MBEDTLS_ERR_RSA_INVALID_PADDING;
}
}
@@ -1329,15 +1339,15 @@
/*
* Implementation of the PKCS#1 v2.1 RSAES-OAEP-DECRYPT function
*/
-int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- const unsigned char *label, size_t label_len,
- size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len )
+int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ const unsigned char *label, size_t label_len,
+ size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t ilen, i, pad_len;
@@ -1348,71 +1358,75 @@
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
- RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
- RSA_VALIDATE_RET( label_len == 0 || label != NULL );
- RSA_VALIDATE_RET( input != NULL );
- RSA_VALIDATE_RET( olen != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
+ RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC);
+ RSA_VALIDATE_RET(output_max_len == 0 || output != NULL);
+ RSA_VALIDATE_RET(label_len == 0 || label != NULL);
+ RSA_VALIDATE_RET(input != NULL);
+ RSA_VALIDATE_RET(olen != NULL);
/*
* Parameters sanity checks
*/
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
ilen = ctx->len;
- if( ilen < 16 || ilen > sizeof( buf ) )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (ilen < 16 || ilen > sizeof(buf)) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
- if( md_info == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) ctx->hash_id);
+ if (md_info == NULL) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- hlen = mbedtls_md_get_size( md_info );
+ hlen = mbedtls_md_get_size(md_info);
// checking for integer underflow
- if( 2 * hlen + 2 > ilen )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (2 * hlen + 2 > ilen) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
/*
* RSA operation
*/
- ret = ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, input, buf )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
+ ret = (mode == MBEDTLS_RSA_PUBLIC)
+ ? mbedtls_rsa_public(ctx, input, buf)
+ : mbedtls_rsa_private(ctx, f_rng, p_rng, input, buf);
- if( ret != 0 )
+ if (ret != 0) {
goto cleanup;
+ }
/*
* Unmask data and generate lHash
*/
- mbedtls_md_init( &md_ctx );
- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
- {
- mbedtls_md_free( &md_ctx );
+ mbedtls_md_init(&md_ctx);
+ if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) {
+ mbedtls_md_free(&md_ctx);
goto cleanup;
}
/* seed: Apply seedMask to maskedSeed */
- if( ( ret = mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
- &md_ctx ) ) != 0 ||
- /* DB: Apply dbMask to maskedDB */
- ( ret = mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
- &md_ctx ) ) != 0 )
- {
- mbedtls_md_free( &md_ctx );
+ if ((ret = mgf_mask(buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
+ &md_ctx)) != 0 ||
+ /* DB: Apply dbMask to maskedDB */
+ (ret = mgf_mask(buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
+ &md_ctx)) != 0) {
+ mbedtls_md_free(&md_ctx);
goto cleanup;
}
- mbedtls_md_free( &md_ctx );
+ mbedtls_md_free(&md_ctx);
/* Generate lHash */
- if( ( ret = mbedtls_md( md_info, label, label_len, lhash ) ) != 0 )
+ if ((ret = mbedtls_md(md_info, label, label_len, lhash)) != 0) {
goto cleanup;
+ }
/*
* Check contents, in "constant-time"
@@ -1425,17 +1439,17 @@
p += hlen; /* Skip seed */
/* Check lHash */
- for( i = 0; i < hlen; i++ )
+ for (i = 0; i < hlen; i++) {
bad |= lhash[i] ^ *p++;
+ }
/* Get zero-padding len, but always read till end of buffer
* (minus one, for the 01 byte) */
pad_len = 0;
pad_done = 0;
- for( i = 0; i < ilen - 2 * hlen - 2; i++ )
- {
+ for (i = 0; i < ilen - 2 * hlen - 2; i++) {
pad_done |= p[i];
- pad_len += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
+ pad_len += ((pad_done | (unsigned char) -pad_done) >> 7) ^ 1;
}
p += pad_len;
@@ -1447,28 +1461,27 @@
* recommendations in PKCS#1 v2.2: an opponent cannot distinguish between
* the different error conditions.
*/
- if( bad != 0 )
- {
+ if (bad != 0) {
ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
goto cleanup;
}
- if( ilen - ( p - buf ) > output_max_len )
- {
+ if (ilen - (p - buf) > output_max_len) {
ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
goto cleanup;
}
*olen = ilen - (p - buf);
- if( *olen != 0 )
- memcpy( output, p, *olen );
+ if (*olen != 0) {
+ memcpy(output, p, *olen);
+ }
ret = 0;
cleanup:
- mbedtls_platform_zeroize( buf, sizeof( buf ) );
- mbedtls_platform_zeroize( lhash, sizeof( lhash ) );
+ mbedtls_platform_zeroize(buf, sizeof(buf));
+ mbedtls_platform_zeroize(lhash, sizeof(lhash));
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_PKCS1_V21 */
@@ -1476,99 +1489,101 @@
/*
* Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-DECRYPT function
*/
-int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len )
+int mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t ilen;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
- RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
- RSA_VALIDATE_RET( input != NULL );
- RSA_VALIDATE_RET( olen != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
+ RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC);
+ RSA_VALIDATE_RET(output_max_len == 0 || output != NULL);
+ RSA_VALIDATE_RET(input != NULL);
+ RSA_VALIDATE_RET(olen != NULL);
ilen = ctx->len;
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- if( ilen < 16 || ilen > sizeof( buf ) )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (ilen < 16 || ilen > sizeof(buf)) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- ret = ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, input, buf )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
+ ret = (mode == MBEDTLS_RSA_PUBLIC)
+ ? mbedtls_rsa_public(ctx, input, buf)
+ : mbedtls_rsa_private(ctx, f_rng, p_rng, input, buf);
- if( ret != 0 )
+ if (ret != 0) {
goto cleanup;
+ }
- ret = mbedtls_ct_rsaes_pkcs1_v15_unpadding( mode, buf, ilen,
- output, output_max_len, olen );
+ ret = mbedtls_ct_rsaes_pkcs1_v15_unpadding(mode, buf, ilen,
+ output, output_max_len, olen);
cleanup:
- mbedtls_platform_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize(buf, sizeof(buf));
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_PKCS1_V15 */
/*
* Do an RSA operation, then remove the message padding
*/
-int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len)
+int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode, size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len)
{
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
- RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
- RSA_VALIDATE_RET( input != NULL );
- RSA_VALIDATE_RET( olen != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
+ RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC);
+ RSA_VALIDATE_RET(output_max_len == 0 || output != NULL);
+ RSA_VALIDATE_RET(input != NULL);
+ RSA_VALIDATE_RET(olen != NULL);
- switch( ctx->padding )
- {
+ switch (ctx->padding) {
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, mode, olen,
- input, output, output_max_len );
+ return mbedtls_rsa_rsaes_pkcs1_v15_decrypt(ctx, f_rng, p_rng, mode, olen,
+ input, output, output_max_len);
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, mode, NULL, 0,
- olen, input, output,
- output_max_len );
+ return mbedtls_rsa_rsaes_oaep_decrypt(ctx, f_rng, p_rng, mode, NULL, 0,
+ olen, input, output,
+ output_max_len);
#endif
default:
- return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+ return MBEDTLS_ERR_RSA_INVALID_PADDING;
}
}
#if defined(MBEDTLS_PKCS1_V21)
-static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- int saltlen,
- unsigned char *sig )
+static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ int saltlen,
+ unsigned char *sig)
{
size_t olen;
unsigned char *p = sig;
@@ -1578,152 +1593,161 @@
size_t msb;
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
- RSA_VALIDATE_RET( sig != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
+ RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC);
+ RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE &&
+ hashlen == 0) ||
+ hash != NULL);
+ RSA_VALIDATE_RET(sig != NULL);
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- if( f_rng == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (f_rng == NULL) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
olen = ctx->len;
- if( md_alg != MBEDTLS_MD_NONE )
- {
+ if (md_alg != MBEDTLS_MD_NONE) {
/* Gather length of hash to sign */
- md_info = mbedtls_md_info_from_type( md_alg );
- if( md_info == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ md_info = mbedtls_md_info_from_type(md_alg);
+ if (md_info == NULL) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- hashlen = mbedtls_md_get_size( md_info );
+ hashlen = mbedtls_md_get_size(md_info);
}
- md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
- if( md_info == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) ctx->hash_id);
+ if (md_info == NULL) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- hlen = mbedtls_md_get_size( md_info );
+ hlen = mbedtls_md_get_size(md_info);
- if (saltlen == MBEDTLS_RSA_SALT_LEN_ANY)
- {
- /* Calculate the largest possible salt length, up to the hash size.
- * Normally this is the hash length, which is the maximum salt length
- * according to FIPS 185-4 §5.5 (e) and common practice. If there is not
- * enough room, use the maximum salt length that fits. The constraint is
- * that the hash length plus the salt length plus 2 bytes must be at most
- * the key length. This complies with FIPS 186-4 §5.5 (e) and RFC 8017
- * (PKCS#1 v2.2) §9.1.1 step 3. */
+ if (saltlen == MBEDTLS_RSA_SALT_LEN_ANY) {
+ /* Calculate the largest possible salt length, up to the hash size.
+ * Normally this is the hash length, which is the maximum salt length
+ * according to FIPS 185-4 §5.5 (e) and common practice. If there is not
+ * enough room, use the maximum salt length that fits. The constraint is
+ * that the hash length plus the salt length plus 2 bytes must be at most
+ * the key length. This complies with FIPS 186-4 §5.5 (e) and RFC 8017
+ * (PKCS#1 v2.2) §9.1.1 step 3. */
min_slen = hlen - 2;
- if( olen < hlen + min_slen + 2 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- else if( olen >= hlen + hlen + 2 )
+ if (olen < hlen + min_slen + 2) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ } else if (olen >= hlen + hlen + 2) {
slen = hlen;
- else
+ } else {
slen = olen - hlen - 2;
- }
- else if ( (saltlen < 0) || (saltlen + hlen + 2 > olen) )
- {
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- }
- else
- {
+ }
+ } else if ((saltlen < 0) || (saltlen + hlen + 2 > olen)) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ } else {
slen = (size_t) saltlen;
}
- memset( sig, 0, olen );
+ memset(sig, 0, olen);
/* Note: EMSA-PSS encoding is over the length of N - 1 bits */
- msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
+ msb = mbedtls_mpi_bitlen(&ctx->N) - 1;
p += olen - hlen - slen - 2;
*p++ = 0x01;
/* Generate salt of length slen in place in the encoded message */
salt = p;
- if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
+ if ((ret = f_rng(p_rng, salt, slen)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_RNG_FAILED, ret);
+ }
p += slen;
- mbedtls_md_init( &md_ctx );
- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+ mbedtls_md_init(&md_ctx);
+ if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) {
goto exit;
+ }
/* Generate H = Hash( M' ) */
- if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )
+ if ((ret = mbedtls_md_starts(&md_ctx)) != 0) {
goto exit;
- if( ( ret = mbedtls_md_update( &md_ctx, p, 8 ) ) != 0 )
+ }
+ if ((ret = mbedtls_md_update(&md_ctx, p, 8)) != 0) {
goto exit;
- if( ( ret = mbedtls_md_update( &md_ctx, hash, hashlen ) ) != 0 )
+ }
+ if ((ret = mbedtls_md_update(&md_ctx, hash, hashlen)) != 0) {
goto exit;
- if( ( ret = mbedtls_md_update( &md_ctx, salt, slen ) ) != 0 )
+ }
+ if ((ret = mbedtls_md_update(&md_ctx, salt, slen)) != 0) {
goto exit;
- if( ( ret = mbedtls_md_finish( &md_ctx, p ) ) != 0 )
+ }
+ if ((ret = mbedtls_md_finish(&md_ctx, p)) != 0) {
goto exit;
+ }
/* Compensate for boundary condition when applying mask */
- if( msb % 8 == 0 )
+ if (msb % 8 == 0) {
offset = 1;
+ }
/* maskedDB: Apply dbMask to DB */
- if( ( ret = mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen,
- &md_ctx ) ) != 0 )
+ if ((ret = mgf_mask(sig + offset, olen - hlen - 1 - offset, p, hlen,
+ &md_ctx)) != 0) {
goto exit;
+ }
- msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
- sig[0] &= 0xFF >> ( olen * 8 - msb );
+ msb = mbedtls_mpi_bitlen(&ctx->N) - 1;
+ sig[0] &= 0xFF >> (olen * 8 - msb);
p += hlen;
*p++ = 0xBC;
exit:
- mbedtls_md_free( &md_ctx );
+ mbedtls_md_free(&md_ctx);
- if( ret != 0 )
- return( ret );
+ if (ret != 0) {
+ return ret;
+ }
- return( ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, sig, sig )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) );
+ return (mode == MBEDTLS_RSA_PUBLIC)
+ ? mbedtls_rsa_public(ctx, sig, sig)
+ : mbedtls_rsa_private(ctx, f_rng, p_rng, sig, sig);
}
/*
* Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function with
* the option to pass in the salt length.
*/
-int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- int saltlen,
- unsigned char *sig )
+int mbedtls_rsa_rsassa_pss_sign_ext(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ int saltlen,
+ unsigned char *sig)
{
- return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg,
- hashlen, hash, saltlen, sig );
+ return rsa_rsassa_pss_sign(ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg,
+ hashlen, hash, saltlen, sig);
}
/*
* Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function
*/
-int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig )
+int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig)
{
- return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg,
- hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig );
+ return rsa_rsassa_pss_sign(ctx, f_rng, p_rng, mode, md_alg,
+ hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig);
}
#endif /* MBEDTLS_PKCS1_V21 */
@@ -1750,11 +1774,11 @@
* - dst points to a buffer of size at least dst_len.
*
*/
-static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- size_t dst_len,
- unsigned char *dst )
+static int rsa_rsassa_pkcs1_v15_encode(mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ size_t dst_len,
+ unsigned char *dst)
{
size_t oid_size = 0;
size_t nb_pad = dst_len;
@@ -1762,23 +1786,25 @@
const char *oid = NULL;
/* Are we signing hashed or raw data? */
- if( md_alg != MBEDTLS_MD_NONE )
- {
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
- if( md_info == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (md_alg != MBEDTLS_MD_NONE) {
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg);
+ if (md_info == NULL) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (mbedtls_oid_get_oid_by_md(md_alg, &oid, &oid_size) != 0) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- hashlen = mbedtls_md_get_size( md_info );
+ hashlen = mbedtls_md_get_size(md_info);
/* Double-check that 8 + hashlen + oid_size can be used as a
* 1-byte ASN.1 length encoding and that there's no overflow. */
- if( 8 + hashlen + oid_size >= 0x80 ||
+ if (8 + hashlen + oid_size >= 0x80 ||
10 + hashlen < hashlen ||
- 10 + hashlen + oid_size < 10 + hashlen )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ 10 + hashlen + oid_size < 10 + hashlen) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
/*
* Static bounds check:
@@ -1788,22 +1814,23 @@
* - Need hashlen bytes for hash
* - Need oid_size bytes for hash alg OID.
*/
- if( nb_pad < 10 + hashlen + oid_size )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (nb_pad < 10 + hashlen + oid_size) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
nb_pad -= 10 + hashlen + oid_size;
- }
- else
- {
- if( nb_pad < hashlen )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ } else {
+ if (nb_pad < hashlen) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
nb_pad -= hashlen;
}
/* Need space for signature header and padding delimiter (3 bytes),
* and 8 bytes for the minimal padding */
- if( nb_pad < 3 + 8 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (nb_pad < 3 + 8) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
nb_pad -= 3;
/* Now nb_pad is the amount of memory to be filled
@@ -1812,15 +1839,14 @@
/* Write signature header and padding */
*p++ = 0;
*p++ = MBEDTLS_RSA_SIGN;
- memset( p, 0xFF, nb_pad );
+ memset(p, 0xFF, nb_pad);
p += nb_pad;
*p++ = 0;
/* Are we signing raw data? */
- if( md_alg == MBEDTLS_MD_NONE )
- {
- memcpy( p, hash, hashlen );
- return( 0 );
+ if (md_alg == MBEDTLS_MD_NONE) {
+ memcpy(p, hash, hashlen);
+ return 0;
}
/* Signing hashed data, add corresponding ASN.1 structure
@@ -1837,73 +1863,73 @@
* TAG-OCTET + LEN [ HASH ] ]
*/
*p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
- *p++ = (unsigned char)( 0x08 + oid_size + hashlen );
+ *p++ = (unsigned char) (0x08 + oid_size + hashlen);
*p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
- *p++ = (unsigned char)( 0x04 + oid_size );
+ *p++ = (unsigned char) (0x04 + oid_size);
*p++ = MBEDTLS_ASN1_OID;
*p++ = (unsigned char) oid_size;
- memcpy( p, oid, oid_size );
+ memcpy(p, oid, oid_size);
p += oid_size;
*p++ = MBEDTLS_ASN1_NULL;
*p++ = 0x00;
*p++ = MBEDTLS_ASN1_OCTET_STRING;
*p++ = (unsigned char) hashlen;
- memcpy( p, hash, hashlen );
+ memcpy(p, hash, hashlen);
p += hashlen;
/* Just a sanity-check, should be automatic
* after the initial bounds check. */
- if( p != dst + dst_len )
- {
- mbedtls_platform_zeroize( dst, dst_len );
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (p != dst + dst_len) {
+ mbedtls_platform_zeroize(dst, dst_len);
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
- return( 0 );
+ return 0;
}
/*
* Do an RSA operation to sign the message digest
*/
-int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig )
+int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *sig_try = NULL, *verif = NULL;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
- RSA_VALIDATE_RET( sig != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
+ RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC);
+ RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE &&
+ hashlen == 0) ||
+ hash != NULL);
+ RSA_VALIDATE_RET(sig != NULL);
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
/*
* Prepare PKCS1-v1.5 encoding (padding and hash identifier)
*/
- if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash,
- ctx->len, sig ) ) != 0 )
- return( ret );
+ if ((ret = rsa_rsassa_pkcs1_v15_encode(md_alg, hashlen, hash,
+ ctx->len, sig)) != 0) {
+ return ret;
+ }
/*
* Call respective RSA primitive
*/
- if( mode == MBEDTLS_RSA_PUBLIC )
- {
+ if (mode == MBEDTLS_RSA_PUBLIC) {
/* Skip verification on a public key operation */
- return( mbedtls_rsa_public( ctx, sig, sig ) );
+ return mbedtls_rsa_public(ctx, sig, sig);
}
/* Private key operation
@@ -1912,76 +1938,75 @@
* temporary buffer and check it before returning it.
*/
- sig_try = mbedtls_calloc( 1, ctx->len );
- if( sig_try == NULL )
- return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-
- verif = mbedtls_calloc( 1, ctx->len );
- if( verif == NULL )
- {
- mbedtls_free( sig_try );
- return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+ sig_try = mbedtls_calloc(1, ctx->len);
+ if (sig_try == NULL) {
+ return MBEDTLS_ERR_MPI_ALLOC_FAILED;
}
- MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
- MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) );
+ verif = mbedtls_calloc(1, ctx->len);
+ if (verif == NULL) {
+ mbedtls_free(sig_try);
+ return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+ }
- if( mbedtls_ct_memcmp( verif, sig, ctx->len ) != 0 )
- {
+ MBEDTLS_MPI_CHK(mbedtls_rsa_private(ctx, f_rng, p_rng, sig, sig_try));
+ MBEDTLS_MPI_CHK(mbedtls_rsa_public(ctx, sig_try, verif));
+
+ if (mbedtls_ct_memcmp(verif, sig, ctx->len) != 0) {
ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
goto cleanup;
}
- memcpy( sig, sig_try, ctx->len );
+ memcpy(sig, sig_try, ctx->len);
cleanup:
- mbedtls_platform_zeroize( sig_try, ctx->len );
- mbedtls_platform_zeroize( verif, ctx->len );
- mbedtls_free( sig_try );
- mbedtls_free( verif );
+ mbedtls_platform_zeroize(sig_try, ctx->len);
+ mbedtls_platform_zeroize(verif, ctx->len);
+ mbedtls_free(sig_try);
+ mbedtls_free(verif);
- if( ret != 0 )
- memset( sig, '!', ctx->len );
- return( ret );
+ if (ret != 0) {
+ memset(sig, '!', ctx->len);
+ }
+ return ret;
}
#endif /* MBEDTLS_PKCS1_V15 */
/*
* Do an RSA operation to sign the message digest
*/
-int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig )
+int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig)
{
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
- RSA_VALIDATE_RET( sig != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
+ RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC);
+ RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE &&
+ hashlen == 0) ||
+ hash != NULL);
+ RSA_VALIDATE_RET(sig != NULL);
- switch( ctx->padding )
- {
+ switch (ctx->padding) {
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg,
- hashlen, hash, sig );
+ return mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx, f_rng, p_rng, mode, md_alg,
+ hashlen, hash, sig);
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg,
- hashlen, hash, sig );
+ return mbedtls_rsa_rsassa_pss_sign(ctx, f_rng, p_rng, mode, md_alg,
+ hashlen, hash, sig);
#endif
default:
- return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+ return MBEDTLS_ERR_RSA_INVALID_PADDING;
}
}
@@ -1989,16 +2014,16 @@
/*
* Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function
*/
-int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- mbedtls_md_type_t mgf1_hash_id,
- int expected_salt_len,
- const unsigned char *sig )
+int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ mbedtls_md_type_t mgf1_hash_id,
+ int expected_salt_len,
+ const unsigned char *sig)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t siglen;
@@ -2012,95 +2037,102 @@
mbedtls_md_context_t md_ctx;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
- RSA_VALIDATE_RET( sig != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
+ RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC);
+ RSA_VALIDATE_RET(sig != NULL);
+ RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE &&
+ hashlen == 0) ||
+ hash != NULL);
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
siglen = ctx->len;
- if( siglen < 16 || siglen > sizeof( buf ) )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (siglen < 16 || siglen > sizeof(buf)) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- ret = ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, sig, buf )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf );
+ ret = (mode == MBEDTLS_RSA_PUBLIC)
+ ? mbedtls_rsa_public(ctx, sig, buf)
+ : mbedtls_rsa_private(ctx, f_rng, p_rng, sig, buf);
- if( ret != 0 )
- return( ret );
+ if (ret != 0) {
+ return ret;
+ }
p = buf;
- if( buf[siglen - 1] != 0xBC )
- return( MBEDTLS_ERR_RSA_INVALID_PADDING );
-
- if( md_alg != MBEDTLS_MD_NONE )
- {
- /* Gather length of hash to sign */
- md_info = mbedtls_md_info_from_type( md_alg );
- if( md_info == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- hashlen = mbedtls_md_get_size( md_info );
+ if (buf[siglen - 1] != 0xBC) {
+ return MBEDTLS_ERR_RSA_INVALID_PADDING;
}
- md_info = mbedtls_md_info_from_type( mgf1_hash_id );
- if( md_info == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (md_alg != MBEDTLS_MD_NONE) {
+ /* Gather length of hash to sign */
+ md_info = mbedtls_md_info_from_type(md_alg);
+ if (md_info == NULL) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
- hlen = mbedtls_md_get_size( md_info );
+ hashlen = mbedtls_md_get_size(md_info);
+ }
- memset( zeros, 0, 8 );
+ md_info = mbedtls_md_info_from_type(mgf1_hash_id);
+ if (md_info == NULL) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
+
+ hlen = mbedtls_md_get_size(md_info);
+
+ memset(zeros, 0, 8);
/*
* Note: EMSA-PSS verification is over the length of N - 1 bits
*/
- msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
+ msb = mbedtls_mpi_bitlen(&ctx->N) - 1;
- if( buf[0] >> ( 8 - siglen * 8 + msb ) )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (buf[0] >> (8 - siglen * 8 + msb)) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
/* Compensate for boundary condition when applying mask */
- if( msb % 8 == 0 )
- {
+ if (msb % 8 == 0) {
p++;
siglen -= 1;
}
- if( siglen < hlen + 2 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (siglen < hlen + 2) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
hash_start = p + siglen - hlen - 1;
- mbedtls_md_init( &md_ctx );
- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+ mbedtls_md_init(&md_ctx);
+ if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) {
goto exit;
+ }
- ret = mgf_mask( p, siglen - hlen - 1, hash_start, hlen, &md_ctx );
- if( ret != 0 )
+ ret = mgf_mask(p, siglen - hlen - 1, hash_start, hlen, &md_ctx);
+ if (ret != 0) {
goto exit;
+ }
- buf[0] &= 0xFF >> ( siglen * 8 - msb );
+ buf[0] &= 0xFF >> (siglen * 8 - msb);
- while( p < hash_start - 1 && *p == 0 )
+ while (p < hash_start - 1 && *p == 0) {
p++;
+ }
- if( *p++ != 0x01 )
- {
+ if (*p++ != 0x01) {
ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
goto exit;
}
observed_salt_len = hash_start - p;
- if( expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY &&
- observed_salt_len != (size_t) expected_salt_len )
- {
+ if (expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY &&
+ observed_salt_len != (size_t) expected_salt_len) {
ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
goto exit;
}
@@ -2108,63 +2140,67 @@
/*
* Generate H = Hash( M' )
*/
- ret = mbedtls_md_starts( &md_ctx );
- if ( ret != 0 )
+ ret = mbedtls_md_starts(&md_ctx);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_update( &md_ctx, zeros, 8 );
- if ( ret != 0 )
+ }
+ ret = mbedtls_md_update(&md_ctx, zeros, 8);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_update( &md_ctx, hash, hashlen );
- if ( ret != 0 )
+ }
+ ret = mbedtls_md_update(&md_ctx, hash, hashlen);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_update( &md_ctx, p, observed_salt_len );
- if ( ret != 0 )
+ }
+ ret = mbedtls_md_update(&md_ctx, p, observed_salt_len);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_finish( &md_ctx, result );
- if ( ret != 0 )
+ }
+ ret = mbedtls_md_finish(&md_ctx, result);
+ if (ret != 0) {
goto exit;
+ }
- if( memcmp( hash_start, result, hlen ) != 0 )
- {
+ if (memcmp(hash_start, result, hlen) != 0) {
ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
goto exit;
}
exit:
- mbedtls_md_free( &md_ctx );
+ mbedtls_md_free(&md_ctx);
- return( ret );
+ return ret;
}
/*
* Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function
*/
-int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig )
+int mbedtls_rsa_rsassa_pss_verify(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ const unsigned char *sig)
{
mbedtls_md_type_t mgf1_hash_id;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
- RSA_VALIDATE_RET( sig != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
+ RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC);
+ RSA_VALIDATE_RET(sig != NULL);
+ RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE &&
+ hashlen == 0) ||
+ hash != NULL);
- mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
+ mgf1_hash_id = (ctx->hash_id != MBEDTLS_MD_NONE)
? (mbedtls_md_type_t) ctx->hash_id
: md_alg;
- return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, p_rng, mode,
- md_alg, hashlen, hash,
- mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY,
- sig ) );
+ return mbedtls_rsa_rsassa_pss_verify_ext(ctx, f_rng, p_rng, mode,
+ md_alg, hashlen, hash,
+ mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY,
+ sig);
}
#endif /* MBEDTLS_PKCS1_V21 */
@@ -2173,196 +2209,195 @@
/*
* Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function
*/
-int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig )
+int mbedtls_rsa_rsassa_pkcs1_v15_verify(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ const unsigned char *sig)
{
int ret = 0;
size_t sig_len;
unsigned char *encoded = NULL, *encoded_expected = NULL;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
- RSA_VALIDATE_RET( sig != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
+ RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC);
+ RSA_VALIDATE_RET(sig != NULL);
+ RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE &&
+ hashlen == 0) ||
+ hash != NULL);
sig_len = ctx->len;
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
/*
* Prepare expected PKCS1 v1.5 encoding of hash.
*/
- if( ( encoded = mbedtls_calloc( 1, sig_len ) ) == NULL ||
- ( encoded_expected = mbedtls_calloc( 1, sig_len ) ) == NULL )
- {
+ if ((encoded = mbedtls_calloc(1, sig_len)) == NULL ||
+ (encoded_expected = mbedtls_calloc(1, sig_len)) == NULL) {
ret = MBEDTLS_ERR_MPI_ALLOC_FAILED;
goto cleanup;
}
- if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash, sig_len,
- encoded_expected ) ) != 0 )
+ if ((ret = rsa_rsassa_pkcs1_v15_encode(md_alg, hashlen, hash, sig_len,
+ encoded_expected)) != 0) {
goto cleanup;
+ }
/*
* Apply RSA primitive to get what should be PKCS1 encoded hash.
*/
- ret = ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, sig, encoded )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, encoded );
- if( ret != 0 )
+ ret = (mode == MBEDTLS_RSA_PUBLIC)
+ ? mbedtls_rsa_public(ctx, sig, encoded)
+ : mbedtls_rsa_private(ctx, f_rng, p_rng, sig, encoded);
+ if (ret != 0) {
goto cleanup;
+ }
/*
* Compare
*/
- if( ( ret = mbedtls_ct_memcmp( encoded, encoded_expected,
- sig_len ) ) != 0 )
- {
+ if ((ret = mbedtls_ct_memcmp(encoded, encoded_expected,
+ sig_len)) != 0) {
ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
goto cleanup;
}
cleanup:
- if( encoded != NULL )
- {
- mbedtls_platform_zeroize( encoded, sig_len );
- mbedtls_free( encoded );
+ if (encoded != NULL) {
+ mbedtls_platform_zeroize(encoded, sig_len);
+ mbedtls_free(encoded);
}
- if( encoded_expected != NULL )
- {
- mbedtls_platform_zeroize( encoded_expected, sig_len );
- mbedtls_free( encoded_expected );
+ if (encoded_expected != NULL) {
+ mbedtls_platform_zeroize(encoded_expected, sig_len);
+ mbedtls_free(encoded_expected);
}
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_PKCS1_V15 */
/*
* Do an RSA operation and check the message digest
*/
-int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig )
+int mbedtls_rsa_pkcs1_verify(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ int mode,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ const unsigned char *sig)
{
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
- RSA_VALIDATE_RET( sig != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
+ RSA_VALIDATE_RET(ctx != NULL);
+ RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC);
+ RSA_VALIDATE_RET(sig != NULL);
+ RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE &&
+ hashlen == 0) ||
+ hash != NULL);
- switch( ctx->padding )
- {
+ switch (ctx->padding) {
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg,
- hashlen, hash, sig );
+ return mbedtls_rsa_rsassa_pkcs1_v15_verify(ctx, f_rng, p_rng, mode, md_alg,
+ hashlen, hash, sig);
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg,
- hashlen, hash, sig );
+ return mbedtls_rsa_rsassa_pss_verify(ctx, f_rng, p_rng, mode, md_alg,
+ hashlen, hash, sig);
#endif
default:
- return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+ return MBEDTLS_ERR_RSA_INVALID_PADDING;
}
}
/*
* Copy the components of an RSA key
*/
-int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
+int mbedtls_rsa_copy(mbedtls_rsa_context *dst, const mbedtls_rsa_context *src)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- RSA_VALIDATE_RET( dst != NULL );
- RSA_VALIDATE_RET( src != NULL );
+ RSA_VALIDATE_RET(dst != NULL);
+ RSA_VALIDATE_RET(src != NULL);
dst->len = src->len;
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->N, &src->N ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->E, &src->E ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->N, &src->N));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->E, &src->E));
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->D, &src->D ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->P, &src->P ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Q, &src->Q ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->D, &src->D));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->P, &src->P));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Q, &src->Q));
#if !defined(MBEDTLS_RSA_NO_CRT)
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DP, &src->DP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DQ, &src->DQ ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->QP, &src->QP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RP, &src->RP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RQ, &src->RQ ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->DP, &src->DP));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->DQ, &src->DQ));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->QP, &src->QP));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RP, &src->RP));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RQ, &src->RQ));
#endif
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RN, &src->RN ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RN, &src->RN));
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vi, &src->Vi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vf, &src->Vf ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Vi, &src->Vi));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Vf, &src->Vf));
dst->padding = src->padding;
dst->hash_id = src->hash_id;
cleanup:
- if( ret != 0 )
- mbedtls_rsa_free( dst );
+ if (ret != 0) {
+ mbedtls_rsa_free(dst);
+ }
- return( ret );
+ return ret;
}
/*
* Free the components of an RSA key
*/
-void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
+void mbedtls_rsa_free(mbedtls_rsa_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_mpi_free( &ctx->Vi );
- mbedtls_mpi_free( &ctx->Vf );
- mbedtls_mpi_free( &ctx->RN );
- mbedtls_mpi_free( &ctx->D );
- mbedtls_mpi_free( &ctx->Q );
- mbedtls_mpi_free( &ctx->P );
- mbedtls_mpi_free( &ctx->E );
- mbedtls_mpi_free( &ctx->N );
+ mbedtls_mpi_free(&ctx->Vi);
+ mbedtls_mpi_free(&ctx->Vf);
+ mbedtls_mpi_free(&ctx->RN);
+ mbedtls_mpi_free(&ctx->D);
+ mbedtls_mpi_free(&ctx->Q);
+ mbedtls_mpi_free(&ctx->P);
+ mbedtls_mpi_free(&ctx->E);
+ mbedtls_mpi_free(&ctx->N);
#if !defined(MBEDTLS_RSA_NO_CRT)
- mbedtls_mpi_free( &ctx->RQ );
- mbedtls_mpi_free( &ctx->RP );
- mbedtls_mpi_free( &ctx->QP );
- mbedtls_mpi_free( &ctx->DQ );
- mbedtls_mpi_free( &ctx->DP );
+ mbedtls_mpi_free(&ctx->RQ);
+ mbedtls_mpi_free(&ctx->RP);
+ mbedtls_mpi_free(&ctx->QP);
+ mbedtls_mpi_free(&ctx->DQ);
+ mbedtls_mpi_free(&ctx->DP);
#endif /* MBEDTLS_RSA_NO_CRT */
#if defined(MBEDTLS_THREADING_C)
/* Free the mutex, but only if it hasn't been freed already. */
- if( ctx->ver != 0 )
- {
- mbedtls_mutex_free( &ctx->mutex );
+ if (ctx->ver != 0) {
+ mbedtls_mutex_free(&ctx->mutex);
ctx->ver = 0;
}
#endif
@@ -2414,31 +2449,34 @@
"\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"
#if defined(MBEDTLS_PKCS1_V15)
-static int myrand( void *rng_state, unsigned char *output, size_t len )
+static int myrand(void *rng_state, unsigned char *output, size_t len)
{
#if !defined(__OpenBSD__) && !defined(__NetBSD__)
size_t i;
- if( rng_state != NULL )
+ if (rng_state != NULL) {
rng_state = NULL;
+ }
- for( i = 0; i < len; ++i )
+ for (i = 0; i < len; ++i) {
output[i] = rand();
+ }
#else
- if( rng_state != NULL )
+ if (rng_state != NULL) {
rng_state = NULL;
+ }
- arc4random_buf( output, len );
+ arc4random_buf(output, len);
#endif /* !OpenBSD && !NetBSD */
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PKCS1_V15 */
/*
* Checkup routine
*/
-int mbedtls_rsa_self_test( int verbose )
+int mbedtls_rsa_self_test(int verbose)
{
int ret = 0;
#if defined(MBEDTLS_PKCS1_V15)
@@ -2453,128 +2491,136 @@
mbedtls_mpi K;
- mbedtls_mpi_init( &K );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_mpi_init(&K);
+ mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0);
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_N ) );
- MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, &K, NULL, NULL, NULL, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_P ) );
- MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, &K, NULL, NULL, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_Q ) );
- MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, &K, NULL, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_D ) );
- MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, &K, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_E ) );
- MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, NULL, &K ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_N));
+ MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, &K, NULL, NULL, NULL, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_P));
+ MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, &K, NULL, NULL, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_Q));
+ MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, NULL, &K, NULL, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_D));
+ MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, NULL, NULL, &K, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_E));
+ MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, NULL, NULL, NULL, &K));
- MBEDTLS_MPI_CHK( mbedtls_rsa_complete( &rsa ) );
+ MBEDTLS_MPI_CHK(mbedtls_rsa_complete(&rsa));
- if( verbose != 0 )
- mbedtls_printf( " RSA key validation: " );
+ if (verbose != 0) {
+ mbedtls_printf(" RSA key validation: ");
+ }
- if( mbedtls_rsa_check_pubkey( &rsa ) != 0 ||
- mbedtls_rsa_check_privkey( &rsa ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (mbedtls_rsa_check_pubkey(&rsa) != 0 ||
+ mbedtls_rsa_check_privkey(&rsa) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
goto cleanup;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n PKCS#1 encryption : " );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n PKCS#1 encryption : ");
+ }
- memcpy( rsa_plaintext, RSA_PT, PT_LEN );
+ memcpy(rsa_plaintext, RSA_PT, PT_LEN);
- if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC,
- PT_LEN, rsa_plaintext,
- rsa_ciphertext ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (mbedtls_rsa_pkcs1_encrypt(&rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC,
+ PT_LEN, rsa_plaintext,
+ rsa_ciphertext) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
goto cleanup;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n PKCS#1 decryption : " );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n PKCS#1 decryption : ");
+ }
- if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE,
- &len, rsa_ciphertext, rsa_decrypted,
- sizeof(rsa_decrypted) ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (mbedtls_rsa_pkcs1_decrypt(&rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE,
+ &len, rsa_ciphertext, rsa_decrypted,
+ sizeof(rsa_decrypted)) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
goto cleanup;
}
- if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (memcmp(rsa_decrypted, rsa_plaintext, len) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
goto cleanup;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
#if defined(MBEDTLS_SHA1_C)
- if( verbose != 0 )
- mbedtls_printf( " PKCS#1 data sign : " );
-
- if( mbedtls_sha1_ret( rsa_plaintext, PT_LEN, sha1sum ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
+ if (verbose != 0) {
+ mbedtls_printf(" PKCS#1 data sign : ");
}
- if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL,
- MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0,
- sha1sum, rsa_ciphertext ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (mbedtls_sha1_ret(rsa_plaintext, PT_LEN, sha1sum) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
+
+ return 1;
+ }
+
+ if (mbedtls_rsa_pkcs1_sign(&rsa, myrand, NULL,
+ MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0,
+ sha1sum, rsa_ciphertext) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
goto cleanup;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n PKCS#1 sig. verify: " );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n PKCS#1 sig. verify: ");
+ }
- if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL,
- MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0,
- sha1sum, rsa_ciphertext ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (mbedtls_rsa_pkcs1_verify(&rsa, NULL, NULL,
+ MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0,
+ sha1sum, rsa_ciphertext) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
goto cleanup;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
#endif /* MBEDTLS_SHA1_C */
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
cleanup:
- mbedtls_mpi_free( &K );
- mbedtls_rsa_free( &rsa );
+ mbedtls_mpi_free(&K);
+ mbedtls_rsa_free(&rsa);
#else /* MBEDTLS_PKCS1_V15 */
((void) verbose);
#endif /* MBEDTLS_PKCS1_V15 */
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/rsa_internal.c b/library/rsa_internal.c
index d6ba97a..2ff51c3 100644
--- a/library/rsa_internal.c
+++ b/library/rsa_internal.c
@@ -59,9 +59,9 @@
* of (a) and (b) above to attempt to factor N.
*
*/
-int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N,
- mbedtls_mpi const *E, mbedtls_mpi const *D,
- mbedtls_mpi *P, mbedtls_mpi *Q )
+int mbedtls_rsa_deduce_primes(mbedtls_mpi const *N,
+ mbedtls_mpi const *E, mbedtls_mpi const *D,
+ mbedtls_mpi *P, mbedtls_mpi *Q)
{
int ret = 0;
@@ -74,48 +74,46 @@
mbedtls_mpi K; /* Temporary holding the current candidate */
const unsigned char primes[] = { 2,
- 3, 5, 7, 11, 13, 17, 19, 23,
- 29, 31, 37, 41, 43, 47, 53, 59,
- 61, 67, 71, 73, 79, 83, 89, 97,
- 101, 103, 107, 109, 113, 127, 131, 137,
- 139, 149, 151, 157, 163, 167, 173, 179,
- 181, 191, 193, 197, 199, 211, 223, 227,
- 229, 233, 239, 241, 251
- };
+ 3, 5, 7, 11, 13, 17, 19, 23,
+ 29, 31, 37, 41, 43, 47, 53, 59,
+ 61, 67, 71, 73, 79, 83, 89, 97,
+ 101, 103, 107, 109, 113, 127, 131, 137,
+ 139, 149, 151, 157, 163, 167, 173, 179,
+ 181, 191, 193, 197, 199, 211, 223, 227,
+ 229, 233, 239, 241, 251 };
- const size_t num_primes = sizeof( primes ) / sizeof( *primes );
+ const size_t num_primes = sizeof(primes) / sizeof(*primes);
- if( P == NULL || Q == NULL || P->p != NULL || Q->p != NULL )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ if (P == NULL || Q == NULL || P->p != NULL || Q->p != NULL) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ }
- if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 ||
- mbedtls_mpi_cmp_int( D, 1 ) <= 0 ||
- mbedtls_mpi_cmp_mpi( D, N ) >= 0 ||
- mbedtls_mpi_cmp_int( E, 1 ) <= 0 ||
- mbedtls_mpi_cmp_mpi( E, N ) >= 0 )
- {
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ if (mbedtls_mpi_cmp_int(N, 0) <= 0 ||
+ mbedtls_mpi_cmp_int(D, 1) <= 0 ||
+ mbedtls_mpi_cmp_mpi(D, N) >= 0 ||
+ mbedtls_mpi_cmp_int(E, 1) <= 0 ||
+ mbedtls_mpi_cmp_mpi(E, N) >= 0) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
/*
* Initializations and temporary changes
*/
- mbedtls_mpi_init( &K );
- mbedtls_mpi_init( &T );
+ mbedtls_mpi_init(&K);
+ mbedtls_mpi_init(&T);
/* T := DE - 1 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, D, E ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &T, &T, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, D, E));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&T, &T, 1));
- if( ( order = (uint16_t) mbedtls_mpi_lsb( &T ) ) == 0 )
- {
+ if ((order = (uint16_t) mbedtls_mpi_lsb(&T)) == 0) {
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
goto cleanup;
}
/* After this operation, T holds the largest odd divisor of DE - 1. */
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &T, order ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&T, order));
/*
* Actual work
@@ -123,49 +121,49 @@
/* Skip trying 2 if N == 1 mod 8 */
attempt = 0;
- if( N->p[0] % 8 == 1 )
+ if (N->p[0] % 8 == 1) {
attempt = 1;
+ }
- for( ; attempt < num_primes; ++attempt )
- {
- mbedtls_mpi_lset( &K, primes[attempt] );
+ for (; attempt < num_primes; ++attempt) {
+ mbedtls_mpi_lset(&K, primes[attempt]);
/* Check if gcd(K,N) = 1 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) );
- if( mbedtls_mpi_cmp_int( P, 1 ) != 0 )
+ MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(P, &K, N));
+ if (mbedtls_mpi_cmp_int(P, 1) != 0) {
continue;
+ }
/* Go through K^T + 1, K^(2T) + 1, K^(4T) + 1, ...
* and check whether they have nontrivial GCD with N. */
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &K, &K, &T, N,
- Q /* temporarily use Q for storing Montgomery
- * multiplication helper values */ ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &K, &T, N,
+ Q /* temporarily use Q for storing Montgomery
+ * multiplication helper values */));
- for( iter = 1; iter <= order; ++iter )
- {
+ for (iter = 1; iter <= order; ++iter) {
/* If we reach 1 prematurely, there's no point
* in continuing to square K */
- if( mbedtls_mpi_cmp_int( &K, 1 ) == 0 )
+ if (mbedtls_mpi_cmp_int(&K, 1) == 0) {
break;
+ }
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&K, &K, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(P, &K, N));
- if( mbedtls_mpi_cmp_int( P, 1 ) == 1 &&
- mbedtls_mpi_cmp_mpi( P, N ) == -1 )
- {
+ if (mbedtls_mpi_cmp_int(P, 1) == 1 &&
+ mbedtls_mpi_cmp_mpi(P, N) == -1) {
/*
* Have found a nontrivial divisor P of N.
* Set Q := N / P.
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, NULL, N, P ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(Q, NULL, N, P));
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &K ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, N ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, &K, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, &K, &K));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&K, &K, N));
}
/*
@@ -175,8 +173,7 @@
* Check if that's the case and abort if not, to avoid very long,
* yet eventually failing, computations if N,D,E were not sane.
*/
- if( mbedtls_mpi_cmp_int( &K, 1 ) != 0 )
- {
+ if (mbedtls_mpi_cmp_int(&K, 1) != 0) {
break;
}
}
@@ -185,125 +182,116 @@
cleanup:
- mbedtls_mpi_free( &K );
- mbedtls_mpi_free( &T );
- return( ret );
+ mbedtls_mpi_free(&K);
+ mbedtls_mpi_free(&T);
+ return ret;
}
/*
* Given P, Q and the public exponent E, deduce D.
* This is essentially a modular inversion.
*/
-int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P,
- mbedtls_mpi const *Q,
- mbedtls_mpi const *E,
- mbedtls_mpi *D )
+int mbedtls_rsa_deduce_private_exponent(mbedtls_mpi const *P,
+ mbedtls_mpi const *Q,
+ mbedtls_mpi const *E,
+ mbedtls_mpi *D)
{
int ret = 0;
mbedtls_mpi K, L;
- if( D == NULL || mbedtls_mpi_cmp_int( D, 0 ) != 0 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
- if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 ||
- mbedtls_mpi_cmp_int( Q, 1 ) <= 0 ||
- mbedtls_mpi_cmp_int( E, 0 ) == 0 )
- {
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ if (D == NULL || mbedtls_mpi_cmp_int(D, 0) != 0) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
- mbedtls_mpi_init( &K );
- mbedtls_mpi_init( &L );
+ if (mbedtls_mpi_cmp_int(P, 1) <= 0 ||
+ mbedtls_mpi_cmp_int(Q, 1) <= 0 ||
+ mbedtls_mpi_cmp_int(E, 0) == 0) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ }
+
+ mbedtls_mpi_init(&K);
+ mbedtls_mpi_init(&L);
/* Temporarily put K := P-1 and L := Q-1 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, P, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&L, Q, 1));
/* Temporarily put D := gcd(P-1, Q-1) */
- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, &K, &L ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(D, &K, &L));
/* K := LCM(P-1, Q-1) */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &L ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &K, NULL, &K, D ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, &K, &L));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(&K, NULL, &K, D));
/* Compute modular inverse of E in LCM(P-1, Q-1) */
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( D, E, &K ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(D, E, &K));
cleanup:
- mbedtls_mpi_free( &K );
- mbedtls_mpi_free( &L );
+ mbedtls_mpi_free(&K);
+ mbedtls_mpi_free(&L);
- return( ret );
+ return ret;
}
/*
* Check that RSA CRT parameters are in accordance with core parameters.
*/
-int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
- const mbedtls_mpi *D, const mbedtls_mpi *DP,
- const mbedtls_mpi *DQ, const mbedtls_mpi *QP )
+int mbedtls_rsa_validate_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q,
+ const mbedtls_mpi *D, const mbedtls_mpi *DP,
+ const mbedtls_mpi *DQ, const mbedtls_mpi *QP)
{
int ret = 0;
mbedtls_mpi K, L;
- mbedtls_mpi_init( &K );
- mbedtls_mpi_init( &L );
+ mbedtls_mpi_init(&K);
+ mbedtls_mpi_init(&L);
/* Check that DP - D == 0 mod P - 1 */
- if( DP != NULL )
- {
- if( P == NULL )
- {
+ if (DP != NULL) {
+ if (P == NULL) {
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DP, D ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, P, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&L, DP, D));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&L, &L, &K));
- if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 )
- {
+ if (mbedtls_mpi_cmp_int(&L, 0) != 0) {
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
goto cleanup;
}
}
/* Check that DQ - D == 0 mod Q - 1 */
- if( DQ != NULL )
- {
- if( Q == NULL )
- {
+ if (DQ != NULL) {
+ if (Q == NULL) {
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DQ, D ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, Q, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&L, DQ, D));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&L, &L, &K));
- if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 )
- {
+ if (mbedtls_mpi_cmp_int(&L, 0) != 0) {
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
goto cleanup;
}
}
/* Check that QP * Q - 1 == 0 mod P */
- if( QP != NULL )
- {
- if( P == NULL || Q == NULL )
- {
+ if (QP != NULL) {
+ if (P == NULL || Q == NULL) {
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, QP, Q ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) );
- if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 )
- {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, QP, Q));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, &K, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&K, &K, P));
+ if (mbedtls_mpi_cmp_int(&K, 0) != 0) {
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
goto cleanup;
}
@@ -312,33 +300,32 @@
cleanup:
/* Wrap MPI error codes by RSA check failure error code */
- if( ret != 0 &&
+ if (ret != 0 &&
ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED &&
- ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
- {
+ ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) {
ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
}
- mbedtls_mpi_free( &K );
- mbedtls_mpi_free( &L );
+ mbedtls_mpi_free(&K);
+ mbedtls_mpi_free(&L);
- return( ret );
+ return ret;
}
/*
* Check that core RSA parameters are sane.
*/
-int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P,
- const mbedtls_mpi *Q, const mbedtls_mpi *D,
- const mbedtls_mpi *E,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_rsa_validate_params(const mbedtls_mpi *N, const mbedtls_mpi *P,
+ const mbedtls_mpi *Q, const mbedtls_mpi *D,
+ const mbedtls_mpi *E,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = 0;
mbedtls_mpi K, L;
- mbedtls_mpi_init( &K );
- mbedtls_mpi_init( &L );
+ mbedtls_mpi_init(&K);
+ mbedtls_mpi_init(&L);
/*
* Step 1: If PRNG provided, check that P and Q are prime
@@ -350,16 +337,14 @@
* rate of at most 2^-100 and we are aiming for the same certainty here as
* well.
*/
- if( f_rng != NULL && P != NULL &&
- ( ret = mbedtls_mpi_is_prime_ext( P, 50, f_rng, p_rng ) ) != 0 )
- {
+ if (f_rng != NULL && P != NULL &&
+ (ret = mbedtls_mpi_is_prime_ext(P, 50, f_rng, p_rng)) != 0) {
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
goto cleanup;
}
- if( f_rng != NULL && Q != NULL &&
- ( ret = mbedtls_mpi_is_prime_ext( Q, 50, f_rng, p_rng ) ) != 0 )
- {
+ if (f_rng != NULL && Q != NULL &&
+ (ret = mbedtls_mpi_is_prime_ext(Q, 50, f_rng, p_rng)) != 0) {
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
goto cleanup;
}
@@ -372,12 +357,10 @@
* Step 2: Check that 1 < N = P * Q
*/
- if( P != NULL && Q != NULL && N != NULL )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) );
- if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 ||
- mbedtls_mpi_cmp_mpi( &K, N ) != 0 )
- {
+ if (P != NULL && Q != NULL && N != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, P, Q));
+ if (mbedtls_mpi_cmp_int(N, 1) <= 0 ||
+ mbedtls_mpi_cmp_mpi(&K, N) != 0) {
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
goto cleanup;
}
@@ -387,13 +370,11 @@
* Step 3: Check and 1 < D, E < N if present.
*/
- if( N != NULL && D != NULL && E != NULL )
- {
- if ( mbedtls_mpi_cmp_int( D, 1 ) <= 0 ||
- mbedtls_mpi_cmp_int( E, 1 ) <= 0 ||
- mbedtls_mpi_cmp_mpi( D, N ) >= 0 ||
- mbedtls_mpi_cmp_mpi( E, N ) >= 0 )
- {
+ if (N != NULL && D != NULL && E != NULL) {
+ if (mbedtls_mpi_cmp_int(D, 1) <= 0 ||
+ mbedtls_mpi_cmp_int(E, 1) <= 0 ||
+ mbedtls_mpi_cmp_mpi(D, N) >= 0 ||
+ mbedtls_mpi_cmp_mpi(E, N) >= 0) {
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
goto cleanup;
}
@@ -403,33 +384,29 @@
* Step 4: Check that D, E are inverse modulo P-1 and Q-1
*/
- if( P != NULL && Q != NULL && D != NULL && E != NULL )
- {
- if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 ||
- mbedtls_mpi_cmp_int( Q, 1 ) <= 0 )
- {
+ if (P != NULL && Q != NULL && D != NULL && E != NULL) {
+ if (mbedtls_mpi_cmp_int(P, 1) <= 0 ||
+ mbedtls_mpi_cmp_int(Q, 1) <= 0) {
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
goto cleanup;
}
/* Compute DE-1 mod P-1 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, P, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) );
- if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 )
- {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, D, E));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, &K, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&L, P, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&K, &K, &L));
+ if (mbedtls_mpi_cmp_int(&K, 0) != 0) {
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
goto cleanup;
}
/* Compute DE-1 mod Q-1 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) );
- if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 )
- {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, D, E));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, &K, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&L, Q, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&K, &K, &L));
+ if (mbedtls_mpi_cmp_int(&K, 0) != 0) {
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
goto cleanup;
}
@@ -437,50 +414,46 @@
cleanup:
- mbedtls_mpi_free( &K );
- mbedtls_mpi_free( &L );
+ mbedtls_mpi_free(&K);
+ mbedtls_mpi_free(&L);
/* Wrap MPI error codes by RSA check failure error code */
- if( ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED )
- {
+ if (ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED) {
ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
}
- return( ret );
+ return ret;
}
-int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
- const mbedtls_mpi *D, mbedtls_mpi *DP,
- mbedtls_mpi *DQ, mbedtls_mpi *QP )
+int mbedtls_rsa_deduce_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q,
+ const mbedtls_mpi *D, mbedtls_mpi *DP,
+ mbedtls_mpi *DQ, mbedtls_mpi *QP)
{
int ret = 0;
mbedtls_mpi K;
- mbedtls_mpi_init( &K );
+ mbedtls_mpi_init(&K);
/* DP = D mod P-1 */
- if( DP != NULL )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, D, &K ) );
+ if (DP != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, P, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(DP, D, &K));
}
/* DQ = D mod Q-1 */
- if( DQ != NULL )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, D, &K ) );
+ if (DQ != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, Q, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(DQ, D, &K));
}
/* QP = Q^{-1} mod P */
- if( QP != NULL )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( QP, Q, P ) );
+ if (QP != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(QP, Q, P));
}
cleanup:
- mbedtls_mpi_free( &K );
+ mbedtls_mpi_free(&K);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_RSA_C */
diff --git a/library/sha1.c b/library/sha1.c
index 7f0c875..6da6414 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -35,32 +35,33 @@
#include "mbedtls/platform.h"
#define SHA1_VALIDATE_RET(cond) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA )
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA)
-#define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
+#define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond)
#if !defined(MBEDTLS_SHA1_ALT)
-void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
+void mbedtls_sha1_init(mbedtls_sha1_context *ctx)
{
- SHA1_VALIDATE( ctx != NULL );
+ SHA1_VALIDATE(ctx != NULL);
- memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
+ memset(ctx, 0, sizeof(mbedtls_sha1_context));
}
-void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
+void mbedtls_sha1_free(mbedtls_sha1_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha1_context));
}
-void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
- const mbedtls_sha1_context *src )
+void mbedtls_sha1_clone(mbedtls_sha1_context *dst,
+ const mbedtls_sha1_context *src)
{
- SHA1_VALIDATE( dst != NULL );
- SHA1_VALIDATE( src != NULL );
+ SHA1_VALIDATE(dst != NULL);
+ SHA1_VALIDATE(src != NULL);
*dst = *src;
}
@@ -68,9 +69,9 @@
/*
* SHA-1 context setup
*/
-int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
+int mbedtls_sha1_starts_ret(mbedtls_sha1_context *ctx)
{
- SHA1_VALIDATE_RET( ctx != NULL );
+ SHA1_VALIDATE_RET(ctx != NULL);
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -81,62 +82,61 @@
ctx->state[3] = 0x10325476;
ctx->state[4] = 0xC3D2E1F0;
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
+void mbedtls_sha1_starts(mbedtls_sha1_context *ctx)
{
- mbedtls_sha1_starts_ret( ctx );
+ mbedtls_sha1_starts_ret(ctx);
}
#endif
#if !defined(MBEDTLS_SHA1_PROCESS_ALT)
-int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
- const unsigned char data[64] )
+int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx,
+ const unsigned char data[64])
{
- struct
- {
+ struct {
uint32_t temp, W[16], A, B, C, D, E;
} local;
- SHA1_VALIDATE_RET( ctx != NULL );
- SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
+ SHA1_VALIDATE_RET(ctx != NULL);
+ SHA1_VALIDATE_RET((const unsigned char *) data != NULL);
- local.W[ 0] = MBEDTLS_GET_UINT32_BE( data, 0 );
- local.W[ 1] = MBEDTLS_GET_UINT32_BE( data, 4 );
- local.W[ 2] = MBEDTLS_GET_UINT32_BE( data, 8 );
- local.W[ 3] = MBEDTLS_GET_UINT32_BE( data, 12 );
- local.W[ 4] = MBEDTLS_GET_UINT32_BE( data, 16 );
- local.W[ 5] = MBEDTLS_GET_UINT32_BE( data, 20 );
- local.W[ 6] = MBEDTLS_GET_UINT32_BE( data, 24 );
- local.W[ 7] = MBEDTLS_GET_UINT32_BE( data, 28 );
- local.W[ 8] = MBEDTLS_GET_UINT32_BE( data, 32 );
- local.W[ 9] = MBEDTLS_GET_UINT32_BE( data, 36 );
- local.W[10] = MBEDTLS_GET_UINT32_BE( data, 40 );
- local.W[11] = MBEDTLS_GET_UINT32_BE( data, 44 );
- local.W[12] = MBEDTLS_GET_UINT32_BE( data, 48 );
- local.W[13] = MBEDTLS_GET_UINT32_BE( data, 52 );
- local.W[14] = MBEDTLS_GET_UINT32_BE( data, 56 );
- local.W[15] = MBEDTLS_GET_UINT32_BE( data, 60 );
+ local.W[0] = MBEDTLS_GET_UINT32_BE(data, 0);
+ local.W[1] = MBEDTLS_GET_UINT32_BE(data, 4);
+ local.W[2] = MBEDTLS_GET_UINT32_BE(data, 8);
+ local.W[3] = MBEDTLS_GET_UINT32_BE(data, 12);
+ local.W[4] = MBEDTLS_GET_UINT32_BE(data, 16);
+ local.W[5] = MBEDTLS_GET_UINT32_BE(data, 20);
+ local.W[6] = MBEDTLS_GET_UINT32_BE(data, 24);
+ local.W[7] = MBEDTLS_GET_UINT32_BE(data, 28);
+ local.W[8] = MBEDTLS_GET_UINT32_BE(data, 32);
+ local.W[9] = MBEDTLS_GET_UINT32_BE(data, 36);
+ local.W[10] = MBEDTLS_GET_UINT32_BE(data, 40);
+ local.W[11] = MBEDTLS_GET_UINT32_BE(data, 44);
+ local.W[12] = MBEDTLS_GET_UINT32_BE(data, 48);
+ local.W[13] = MBEDTLS_GET_UINT32_BE(data, 52);
+ local.W[14] = MBEDTLS_GET_UINT32_BE(data, 56);
+ local.W[15] = MBEDTLS_GET_UINT32_BE(data, 60);
-#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
+#define S(x, n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
#define R(t) \
( \
- local.temp = local.W[( (t) - 3 ) & 0x0F] ^ \
- local.W[( (t) - 8 ) & 0x0F] ^ \
- local.W[( (t) - 14 ) & 0x0F] ^ \
- local.W[ (t) & 0x0F], \
- ( local.W[(t) & 0x0F] = S(local.temp,1) ) \
+ local.temp = local.W[((t) - 3) & 0x0F] ^ \
+ local.W[((t) - 8) & 0x0F] ^ \
+ local.W[((t) - 14) & 0x0F] ^ \
+ local.W[(t) & 0x0F], \
+ (local.W[(t) & 0x0F] = S(local.temp, 1)) \
)
-#define P(a,b,c,d,e,x) \
+#define P(a, b, c, d, e, x) \
do \
{ \
- (e) += S((a),5) + F((b),(c),(d)) + K + (x); \
- (b) = S((b),30); \
- } while( 0 )
+ (e) += S((a), 5) + F((b), (c), (d)) + K + (x); \
+ (b) = S((b), 30); \
+ } while (0)
local.A = ctx->state[0];
local.B = ctx->state[1];
@@ -144,110 +144,110 @@
local.D = ctx->state[3];
local.E = ctx->state[4];
-#define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
+#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
#define K 0x5A827999
- P( local.A, local.B, local.C, local.D, local.E, local.W[0] );
- P( local.E, local.A, local.B, local.C, local.D, local.W[1] );
- P( local.D, local.E, local.A, local.B, local.C, local.W[2] );
- P( local.C, local.D, local.E, local.A, local.B, local.W[3] );
- P( local.B, local.C, local.D, local.E, local.A, local.W[4] );
- P( local.A, local.B, local.C, local.D, local.E, local.W[5] );
- P( local.E, local.A, local.B, local.C, local.D, local.W[6] );
- P( local.D, local.E, local.A, local.B, local.C, local.W[7] );
- P( local.C, local.D, local.E, local.A, local.B, local.W[8] );
- P( local.B, local.C, local.D, local.E, local.A, local.W[9] );
- P( local.A, local.B, local.C, local.D, local.E, local.W[10] );
- P( local.E, local.A, local.B, local.C, local.D, local.W[11] );
- P( local.D, local.E, local.A, local.B, local.C, local.W[12] );
- P( local.C, local.D, local.E, local.A, local.B, local.W[13] );
- P( local.B, local.C, local.D, local.E, local.A, local.W[14] );
- P( local.A, local.B, local.C, local.D, local.E, local.W[15] );
- P( local.E, local.A, local.B, local.C, local.D, R(16) );
- P( local.D, local.E, local.A, local.B, local.C, R(17) );
- P( local.C, local.D, local.E, local.A, local.B, R(18) );
- P( local.B, local.C, local.D, local.E, local.A, R(19) );
+ P(local.A, local.B, local.C, local.D, local.E, local.W[0]);
+ P(local.E, local.A, local.B, local.C, local.D, local.W[1]);
+ P(local.D, local.E, local.A, local.B, local.C, local.W[2]);
+ P(local.C, local.D, local.E, local.A, local.B, local.W[3]);
+ P(local.B, local.C, local.D, local.E, local.A, local.W[4]);
+ P(local.A, local.B, local.C, local.D, local.E, local.W[5]);
+ P(local.E, local.A, local.B, local.C, local.D, local.W[6]);
+ P(local.D, local.E, local.A, local.B, local.C, local.W[7]);
+ P(local.C, local.D, local.E, local.A, local.B, local.W[8]);
+ P(local.B, local.C, local.D, local.E, local.A, local.W[9]);
+ P(local.A, local.B, local.C, local.D, local.E, local.W[10]);
+ P(local.E, local.A, local.B, local.C, local.D, local.W[11]);
+ P(local.D, local.E, local.A, local.B, local.C, local.W[12]);
+ P(local.C, local.D, local.E, local.A, local.B, local.W[13]);
+ P(local.B, local.C, local.D, local.E, local.A, local.W[14]);
+ P(local.A, local.B, local.C, local.D, local.E, local.W[15]);
+ P(local.E, local.A, local.B, local.C, local.D, R(16));
+ P(local.D, local.E, local.A, local.B, local.C, R(17));
+ P(local.C, local.D, local.E, local.A, local.B, R(18));
+ P(local.B, local.C, local.D, local.E, local.A, R(19));
#undef K
#undef F
-#define F(x,y,z) ((x) ^ (y) ^ (z))
+#define F(x, y, z) ((x) ^ (y) ^ (z))
#define K 0x6ED9EBA1
- P( local.A, local.B, local.C, local.D, local.E, R(20) );
- P( local.E, local.A, local.B, local.C, local.D, R(21) );
- P( local.D, local.E, local.A, local.B, local.C, R(22) );
- P( local.C, local.D, local.E, local.A, local.B, R(23) );
- P( local.B, local.C, local.D, local.E, local.A, R(24) );
- P( local.A, local.B, local.C, local.D, local.E, R(25) );
- P( local.E, local.A, local.B, local.C, local.D, R(26) );
- P( local.D, local.E, local.A, local.B, local.C, R(27) );
- P( local.C, local.D, local.E, local.A, local.B, R(28) );
- P( local.B, local.C, local.D, local.E, local.A, R(29) );
- P( local.A, local.B, local.C, local.D, local.E, R(30) );
- P( local.E, local.A, local.B, local.C, local.D, R(31) );
- P( local.D, local.E, local.A, local.B, local.C, R(32) );
- P( local.C, local.D, local.E, local.A, local.B, R(33) );
- P( local.B, local.C, local.D, local.E, local.A, R(34) );
- P( local.A, local.B, local.C, local.D, local.E, R(35) );
- P( local.E, local.A, local.B, local.C, local.D, R(36) );
- P( local.D, local.E, local.A, local.B, local.C, R(37) );
- P( local.C, local.D, local.E, local.A, local.B, R(38) );
- P( local.B, local.C, local.D, local.E, local.A, R(39) );
+ P(local.A, local.B, local.C, local.D, local.E, R(20));
+ P(local.E, local.A, local.B, local.C, local.D, R(21));
+ P(local.D, local.E, local.A, local.B, local.C, R(22));
+ P(local.C, local.D, local.E, local.A, local.B, R(23));
+ P(local.B, local.C, local.D, local.E, local.A, R(24));
+ P(local.A, local.B, local.C, local.D, local.E, R(25));
+ P(local.E, local.A, local.B, local.C, local.D, R(26));
+ P(local.D, local.E, local.A, local.B, local.C, R(27));
+ P(local.C, local.D, local.E, local.A, local.B, R(28));
+ P(local.B, local.C, local.D, local.E, local.A, R(29));
+ P(local.A, local.B, local.C, local.D, local.E, R(30));
+ P(local.E, local.A, local.B, local.C, local.D, R(31));
+ P(local.D, local.E, local.A, local.B, local.C, R(32));
+ P(local.C, local.D, local.E, local.A, local.B, R(33));
+ P(local.B, local.C, local.D, local.E, local.A, R(34));
+ P(local.A, local.B, local.C, local.D, local.E, R(35));
+ P(local.E, local.A, local.B, local.C, local.D, R(36));
+ P(local.D, local.E, local.A, local.B, local.C, R(37));
+ P(local.C, local.D, local.E, local.A, local.B, R(38));
+ P(local.B, local.C, local.D, local.E, local.A, R(39));
#undef K
#undef F
-#define F(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
+#define F(x, y, z) (((x) & (y)) | ((z) & ((x) | (y))))
#define K 0x8F1BBCDC
- P( local.A, local.B, local.C, local.D, local.E, R(40) );
- P( local.E, local.A, local.B, local.C, local.D, R(41) );
- P( local.D, local.E, local.A, local.B, local.C, R(42) );
- P( local.C, local.D, local.E, local.A, local.B, R(43) );
- P( local.B, local.C, local.D, local.E, local.A, R(44) );
- P( local.A, local.B, local.C, local.D, local.E, R(45) );
- P( local.E, local.A, local.B, local.C, local.D, R(46) );
- P( local.D, local.E, local.A, local.B, local.C, R(47) );
- P( local.C, local.D, local.E, local.A, local.B, R(48) );
- P( local.B, local.C, local.D, local.E, local.A, R(49) );
- P( local.A, local.B, local.C, local.D, local.E, R(50) );
- P( local.E, local.A, local.B, local.C, local.D, R(51) );
- P( local.D, local.E, local.A, local.B, local.C, R(52) );
- P( local.C, local.D, local.E, local.A, local.B, R(53) );
- P( local.B, local.C, local.D, local.E, local.A, R(54) );
- P( local.A, local.B, local.C, local.D, local.E, R(55) );
- P( local.E, local.A, local.B, local.C, local.D, R(56) );
- P( local.D, local.E, local.A, local.B, local.C, R(57) );
- P( local.C, local.D, local.E, local.A, local.B, R(58) );
- P( local.B, local.C, local.D, local.E, local.A, R(59) );
+ P(local.A, local.B, local.C, local.D, local.E, R(40));
+ P(local.E, local.A, local.B, local.C, local.D, R(41));
+ P(local.D, local.E, local.A, local.B, local.C, R(42));
+ P(local.C, local.D, local.E, local.A, local.B, R(43));
+ P(local.B, local.C, local.D, local.E, local.A, R(44));
+ P(local.A, local.B, local.C, local.D, local.E, R(45));
+ P(local.E, local.A, local.B, local.C, local.D, R(46));
+ P(local.D, local.E, local.A, local.B, local.C, R(47));
+ P(local.C, local.D, local.E, local.A, local.B, R(48));
+ P(local.B, local.C, local.D, local.E, local.A, R(49));
+ P(local.A, local.B, local.C, local.D, local.E, R(50));
+ P(local.E, local.A, local.B, local.C, local.D, R(51));
+ P(local.D, local.E, local.A, local.B, local.C, R(52));
+ P(local.C, local.D, local.E, local.A, local.B, R(53));
+ P(local.B, local.C, local.D, local.E, local.A, R(54));
+ P(local.A, local.B, local.C, local.D, local.E, R(55));
+ P(local.E, local.A, local.B, local.C, local.D, R(56));
+ P(local.D, local.E, local.A, local.B, local.C, R(57));
+ P(local.C, local.D, local.E, local.A, local.B, R(58));
+ P(local.B, local.C, local.D, local.E, local.A, R(59));
#undef K
#undef F
-#define F(x,y,z) ((x) ^ (y) ^ (z))
+#define F(x, y, z) ((x) ^ (y) ^ (z))
#define K 0xCA62C1D6
- P( local.A, local.B, local.C, local.D, local.E, R(60) );
- P( local.E, local.A, local.B, local.C, local.D, R(61) );
- P( local.D, local.E, local.A, local.B, local.C, R(62) );
- P( local.C, local.D, local.E, local.A, local.B, R(63) );
- P( local.B, local.C, local.D, local.E, local.A, R(64) );
- P( local.A, local.B, local.C, local.D, local.E, R(65) );
- P( local.E, local.A, local.B, local.C, local.D, R(66) );
- P( local.D, local.E, local.A, local.B, local.C, R(67) );
- P( local.C, local.D, local.E, local.A, local.B, R(68) );
- P( local.B, local.C, local.D, local.E, local.A, R(69) );
- P( local.A, local.B, local.C, local.D, local.E, R(70) );
- P( local.E, local.A, local.B, local.C, local.D, R(71) );
- P( local.D, local.E, local.A, local.B, local.C, R(72) );
- P( local.C, local.D, local.E, local.A, local.B, R(73) );
- P( local.B, local.C, local.D, local.E, local.A, R(74) );
- P( local.A, local.B, local.C, local.D, local.E, R(75) );
- P( local.E, local.A, local.B, local.C, local.D, R(76) );
- P( local.D, local.E, local.A, local.B, local.C, R(77) );
- P( local.C, local.D, local.E, local.A, local.B, R(78) );
- P( local.B, local.C, local.D, local.E, local.A, R(79) );
+ P(local.A, local.B, local.C, local.D, local.E, R(60));
+ P(local.E, local.A, local.B, local.C, local.D, R(61));
+ P(local.D, local.E, local.A, local.B, local.C, R(62));
+ P(local.C, local.D, local.E, local.A, local.B, R(63));
+ P(local.B, local.C, local.D, local.E, local.A, R(64));
+ P(local.A, local.B, local.C, local.D, local.E, R(65));
+ P(local.E, local.A, local.B, local.C, local.D, R(66));
+ P(local.D, local.E, local.A, local.B, local.C, R(67));
+ P(local.C, local.D, local.E, local.A, local.B, R(68));
+ P(local.B, local.C, local.D, local.E, local.A, R(69));
+ P(local.A, local.B, local.C, local.D, local.E, R(70));
+ P(local.E, local.A, local.B, local.C, local.D, R(71));
+ P(local.D, local.E, local.A, local.B, local.C, R(72));
+ P(local.C, local.D, local.E, local.A, local.B, R(73));
+ P(local.B, local.C, local.D, local.E, local.A, R(74));
+ P(local.A, local.B, local.C, local.D, local.E, R(75));
+ P(local.E, local.A, local.B, local.C, local.D, R(76));
+ P(local.D, local.E, local.A, local.B, local.C, R(77));
+ P(local.C, local.D, local.E, local.A, local.B, R(78));
+ P(local.B, local.C, local.D, local.E, local.A, R(79));
#undef K
#undef F
@@ -259,16 +259,16 @@
ctx->state[4] += local.E;
/* Zeroise buffers and variables to clear sensitive data from memory. */
- mbedtls_platform_zeroize( &local, sizeof( local ) );
+ mbedtls_platform_zeroize(&local, sizeof(local));
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
- const unsigned char data[64] )
+void mbedtls_sha1_process(mbedtls_sha1_context *ctx,
+ const unsigned char data[64])
{
- mbedtls_internal_sha1_process( ctx, data );
+ mbedtls_internal_sha1_process(ctx, data);
}
#endif
#endif /* !MBEDTLS_SHA1_PROCESS_ALT */
@@ -276,19 +276,20 @@
/*
* SHA-1 process buffer
*/
-int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
- const unsigned char *input,
- size_t ilen )
+int mbedtls_sha1_update_ret(mbedtls_sha1_context *ctx,
+ const unsigned char *input,
+ size_t ilen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t fill;
uint32_t left;
- SHA1_VALIDATE_RET( ctx != NULL );
- SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
+ SHA1_VALIDATE_RET(ctx != NULL);
+ SHA1_VALIDATE_RET(ilen == 0 || input != NULL);
- if( ilen == 0 )
- return( 0 );
+ if (ilen == 0) {
+ return 0;
+ }
left = ctx->total[0] & 0x3F;
fill = 64 - left;
@@ -296,57 +297,59 @@
ctx->total[0] += (uint32_t) ilen;
ctx->total[0] &= 0xFFFFFFFF;
- if( ctx->total[0] < (uint32_t) ilen )
+ if (ctx->total[0] < (uint32_t) ilen) {
ctx->total[1]++;
+ }
- if( left && ilen >= fill )
- {
- memcpy( (void *) (ctx->buffer + left), input, fill );
+ if (left && ilen >= fill) {
+ memcpy((void *) (ctx->buffer + left), input, fill);
- if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {
+ return ret;
+ }
input += fill;
ilen -= fill;
left = 0;
}
- while( ilen >= 64 )
- {
- if( ( ret = mbedtls_internal_sha1_process( ctx, input ) ) != 0 )
- return( ret );
+ while (ilen >= 64) {
+ if ((ret = mbedtls_internal_sha1_process(ctx, input)) != 0) {
+ return ret;
+ }
input += 64;
ilen -= 64;
}
- if( ilen > 0 )
- memcpy( (void *) (ctx->buffer + left), input, ilen );
+ if (ilen > 0) {
+ memcpy((void *) (ctx->buffer + left), input, ilen);
+ }
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
- const unsigned char *input,
- size_t ilen )
+void mbedtls_sha1_update(mbedtls_sha1_context *ctx,
+ const unsigned char *input,
+ size_t ilen)
{
- mbedtls_sha1_update_ret( ctx, input, ilen );
+ mbedtls_sha1_update_ret(ctx, input, ilen);
}
#endif
/*
* SHA-1 final digest
*/
-int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
- unsigned char output[20] )
+int mbedtls_sha1_finish_ret(mbedtls_sha1_context *ctx,
+ unsigned char output[20])
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
uint32_t used;
uint32_t high, low;
- SHA1_VALIDATE_RET( ctx != NULL );
- SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
+ SHA1_VALIDATE_RET(ctx != NULL);
+ SHA1_VALIDATE_RET((unsigned char *) output != NULL);
/*
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
@@ -355,52 +358,51 @@
ctx->buffer[used++] = 0x80;
- if( used <= 56 )
- {
+ if (used <= 56) {
/* Enough room for padding + length in current block */
- memset( ctx->buffer + used, 0, 56 - used );
- }
- else
- {
+ memset(ctx->buffer + used, 0, 56 - used);
+ } else {
/* We'll need an extra block */
- memset( ctx->buffer + used, 0, 64 - used );
+ memset(ctx->buffer + used, 0, 64 - used);
- if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {
+ return ret;
+ }
- memset( ctx->buffer, 0, 56 );
+ memset(ctx->buffer, 0, 56);
}
/*
* Add message length
*/
- high = ( ctx->total[0] >> 29 )
- | ( ctx->total[1] << 3 );
- low = ( ctx->total[0] << 3 );
+ high = (ctx->total[0] >> 29)
+ | (ctx->total[1] << 3);
+ low = (ctx->total[0] << 3);
- MBEDTLS_PUT_UINT32_BE( high, ctx->buffer, 56 );
- MBEDTLS_PUT_UINT32_BE( low, ctx->buffer, 60 );
+ MBEDTLS_PUT_UINT32_BE(high, ctx->buffer, 56);
+ MBEDTLS_PUT_UINT32_BE(low, ctx->buffer, 60);
- if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {
+ return ret;
+ }
/*
* Output final state
*/
- MBEDTLS_PUT_UINT32_BE( ctx->state[0], output, 0 );
- MBEDTLS_PUT_UINT32_BE( ctx->state[1], output, 4 );
- MBEDTLS_PUT_UINT32_BE( ctx->state[2], output, 8 );
- MBEDTLS_PUT_UINT32_BE( ctx->state[3], output, 12 );
- MBEDTLS_PUT_UINT32_BE( ctx->state[4], output, 16 );
+ MBEDTLS_PUT_UINT32_BE(ctx->state[0], output, 0);
+ MBEDTLS_PUT_UINT32_BE(ctx->state[1], output, 4);
+ MBEDTLS_PUT_UINT32_BE(ctx->state[2], output, 8);
+ MBEDTLS_PUT_UINT32_BE(ctx->state[3], output, 12);
+ MBEDTLS_PUT_UINT32_BE(ctx->state[4], output, 16);
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
- unsigned char output[20] )
+void mbedtls_sha1_finish(mbedtls_sha1_context *ctx,
+ unsigned char output[20])
{
- mbedtls_sha1_finish_ret( ctx, output );
+ mbedtls_sha1_finish_ret(ctx, output);
}
#endif
@@ -409,39 +411,42 @@
/*
* output = SHA-1( input buffer )
*/
-int mbedtls_sha1_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] )
+int mbedtls_sha1_ret(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[20])
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_sha1_context ctx;
- SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
- SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
+ SHA1_VALIDATE_RET(ilen == 0 || input != NULL);
+ SHA1_VALIDATE_RET((unsigned char *) output != NULL);
- mbedtls_sha1_init( &ctx );
+ mbedtls_sha1_init(&ctx);
- if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )
+ if ((ret = mbedtls_sha1_starts_ret(&ctx)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_sha1_update_ret( &ctx, input, ilen ) ) != 0 )
+ if ((ret = mbedtls_sha1_update_ret(&ctx, input, ilen)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_sha1_finish_ret( &ctx, output ) ) != 0 )
+ if ((ret = mbedtls_sha1_finish_ret(&ctx, output)) != 0) {
goto exit;
+ }
exit:
- mbedtls_sha1_free( &ctx );
+ mbedtls_sha1_free(&ctx);
- return( ret );
+ return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] )
+void mbedtls_sha1(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[20])
{
- mbedtls_sha1_ret( input, ilen, output );
+ mbedtls_sha1_ret(input, ilen, output);
}
#endif
@@ -474,71 +479,73 @@
/*
* Checkup routine
*/
-int mbedtls_sha1_self_test( int verbose )
+int mbedtls_sha1_self_test(int verbose)
{
int i, j, buflen, ret = 0;
unsigned char buf[1024];
unsigned char sha1sum[20];
mbedtls_sha1_context ctx;
- mbedtls_sha1_init( &ctx );
+ mbedtls_sha1_init(&ctx);
/*
* SHA-1
*/
- for( i = 0; i < 3; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " SHA-1 test #%d: ", i + 1 );
+ for (i = 0; i < 3; i++) {
+ if (verbose != 0) {
+ mbedtls_printf(" SHA-1 test #%d: ", i + 1);
+ }
- if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )
+ if ((ret = mbedtls_sha1_starts_ret(&ctx)) != 0) {
goto fail;
+ }
- if( i == 2 )
- {
- memset( buf, 'a', buflen = 1000 );
+ if (i == 2) {
+ memset(buf, 'a', buflen = 1000);
- for( j = 0; j < 1000; j++ )
- {
- ret = mbedtls_sha1_update_ret( &ctx, buf, buflen );
- if( ret != 0 )
+ for (j = 0; j < 1000; j++) {
+ ret = mbedtls_sha1_update_ret(&ctx, buf, buflen);
+ if (ret != 0) {
goto fail;
+ }
+ }
+ } else {
+ ret = mbedtls_sha1_update_ret(&ctx, sha1_test_buf[i],
+ sha1_test_buflen[i]);
+ if (ret != 0) {
+ goto fail;
}
}
- else
- {
- ret = mbedtls_sha1_update_ret( &ctx, sha1_test_buf[i],
- sha1_test_buflen[i] );
- if( ret != 0 )
- goto fail;
+
+ if ((ret = mbedtls_sha1_finish_ret(&ctx, sha1sum)) != 0) {
+ goto fail;
}
- if( ( ret = mbedtls_sha1_finish_ret( &ctx, sha1sum ) ) != 0 )
- goto fail;
-
- if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
- {
+ if (memcmp(sha1sum, sha1_test_sum[i], 20) != 0) {
ret = 1;
goto fail;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
goto exit;
fail:
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
exit:
- mbedtls_sha1_free( &ctx );
+ mbedtls_sha1_free(&ctx);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/sha256.c b/library/sha256.c
index 6f1306e..f709039 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -35,31 +35,32 @@
#include "mbedtls/platform.h"
#define SHA256_VALIDATE_RET(cond) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
-#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA)
+#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond)
#if !defined(MBEDTLS_SHA256_ALT)
-void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
+void mbedtls_sha256_init(mbedtls_sha256_context *ctx)
{
- SHA256_VALIDATE( ctx != NULL );
+ SHA256_VALIDATE(ctx != NULL);
- memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
+ memset(ctx, 0, sizeof(mbedtls_sha256_context));
}
-void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
+void mbedtls_sha256_free(mbedtls_sha256_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha256_context));
}
-void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
- const mbedtls_sha256_context *src )
+void mbedtls_sha256_clone(mbedtls_sha256_context *dst,
+ const mbedtls_sha256_context *src)
{
- SHA256_VALIDATE( dst != NULL );
- SHA256_VALIDATE( src != NULL );
+ SHA256_VALIDATE(dst != NULL);
+ SHA256_VALIDATE(src != NULL);
*dst = *src;
}
@@ -67,16 +68,15 @@
/*
* SHA-256 context setup
*/
-int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
+int mbedtls_sha256_starts_ret(mbedtls_sha256_context *ctx, int is224)
{
- SHA256_VALIDATE_RET( ctx != NULL );
- SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+ SHA256_VALIDATE_RET(ctx != NULL);
+ SHA256_VALIDATE_RET(is224 == 0 || is224 == 1);
ctx->total[0] = 0;
ctx->total[1] = 0;
- if( is224 == 0 )
- {
+ if (is224 == 0) {
/* SHA-256 */
ctx->state[0] = 0x6A09E667;
ctx->state[1] = 0xBB67AE85;
@@ -86,9 +86,7 @@
ctx->state[5] = 0x9B05688C;
ctx->state[6] = 0x1F83D9AB;
ctx->state[7] = 0x5BE0CD19;
- }
- else
- {
+ } else {
/* SHA-224 */
ctx->state[0] = 0xC1059ED8;
ctx->state[1] = 0x367CD507;
@@ -102,14 +100,14 @@
ctx->is224 = is224;
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
- int is224 )
+void mbedtls_sha256_starts(mbedtls_sha256_context *ctx,
+ int is224)
{
- mbedtls_sha256_starts_ret( ctx, is224 );
+ mbedtls_sha256_starts_ret(ctx, is224);
}
#endif
@@ -134,17 +132,17 @@
0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
};
-#define SHR(x,n) (((x) & 0xFFFFFFFF) >> (n))
-#define ROTR(x,n) (SHR(x,n) | ((x) << (32 - (n))))
+#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n))
+#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n))))
-#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
-#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
+#define S0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
+#define S1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
-#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
-#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
+#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
+#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
-#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
-#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
+#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y))))
+#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
#define R(t) \
( \
@@ -152,41 +150,41 @@
S0(local.W[(t) - 15]) + local.W[(t) - 16] \
)
-#define P(a,b,c,d,e,f,g,h,x,K) \
+#define P(a, b, c, d, e, f, g, h, x, K) \
do \
{ \
- local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
- local.temp2 = S2(a) + F0((a),(b),(c)); \
+ local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \
+ local.temp2 = S2(a) + F0((a), (b), (c)); \
(d) += local.temp1; (h) = local.temp1 + local.temp2; \
- } while( 0 )
+ } while (0)
-int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
- const unsigned char data[64] )
+int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx,
+ const unsigned char data[64])
{
- struct
- {
+ struct {
uint32_t temp1, temp2, W[64];
uint32_t A[8];
} local;
unsigned int i;
- SHA256_VALIDATE_RET( ctx != NULL );
- SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
+ SHA256_VALIDATE_RET(ctx != NULL);
+ SHA256_VALIDATE_RET((const unsigned char *) data != NULL);
- for( i = 0; i < 8; i++ )
+ for (i = 0; i < 8; i++) {
local.A[i] = ctx->state[i];
+ }
#if defined(MBEDTLS_SHA256_SMALLER)
- for( i = 0; i < 64; i++ )
- {
- if( i < 16 )
- local.W[i] = MBEDTLS_GET_UINT32_BE( data, 4 * i );
- else
- R( i );
+ for (i = 0; i < 64; i++) {
+ if (i < 16) {
+ local.W[i] = MBEDTLS_GET_UINT32_BE(data, 4 * i);
+ } else {
+ R(i);
+ }
- P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
- local.A[5], local.A[6], local.A[7], local.W[i], K[i] );
+ P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
+ local.A[5], local.A[6], local.A[7], local.W[i], K[i]);
local.temp1 = local.A[7]; local.A[7] = local.A[6];
local.A[6] = local.A[5]; local.A[5] = local.A[4];
@@ -195,64 +193,64 @@
local.A[0] = local.temp1;
}
#else /* MBEDTLS_SHA256_SMALLER */
- for( i = 0; i < 16; i++ )
- local.W[i] = MBEDTLS_GET_UINT32_BE( data, 4 * i );
-
- for( i = 0; i < 16; i += 8 )
- {
- P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
- local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0] );
- P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
- local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1] );
- P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
- local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2] );
- P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
- local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3] );
- P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
- local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4] );
- P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
- local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5] );
- P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
- local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6] );
- P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
- local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7] );
+ for (i = 0; i < 16; i++) {
+ local.W[i] = MBEDTLS_GET_UINT32_BE(data, 4 * i);
}
- for( i = 16; i < 64; i += 8 )
- {
- P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
- local.A[5], local.A[6], local.A[7], R(i+0), K[i+0] );
- P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
- local.A[4], local.A[5], local.A[6], R(i+1), K[i+1] );
- P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
- local.A[3], local.A[4], local.A[5], R(i+2), K[i+2] );
- P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
- local.A[2], local.A[3], local.A[4], R(i+3), K[i+3] );
- P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
- local.A[1], local.A[2], local.A[3], R(i+4), K[i+4] );
- P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
- local.A[0], local.A[1], local.A[2], R(i+5), K[i+5] );
- P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
- local.A[7], local.A[0], local.A[1], R(i+6), K[i+6] );
- P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
- local.A[6], local.A[7], local.A[0], R(i+7), K[i+7] );
+ for (i = 0; i < 16; i += 8) {
+ P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
+ local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0]);
+ P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
+ local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1]);
+ P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
+ local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2]);
+ P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
+ local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3]);
+ P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
+ local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4]);
+ P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
+ local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5]);
+ P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
+ local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6]);
+ P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
+ local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7]);
+ }
+
+ for (i = 16; i < 64; i += 8) {
+ P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
+ local.A[5], local.A[6], local.A[7], R(i+0), K[i+0]);
+ P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
+ local.A[4], local.A[5], local.A[6], R(i+1), K[i+1]);
+ P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
+ local.A[3], local.A[4], local.A[5], R(i+2), K[i+2]);
+ P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
+ local.A[2], local.A[3], local.A[4], R(i+3), K[i+3]);
+ P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
+ local.A[1], local.A[2], local.A[3], R(i+4), K[i+4]);
+ P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
+ local.A[0], local.A[1], local.A[2], R(i+5), K[i+5]);
+ P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
+ local.A[7], local.A[0], local.A[1], R(i+6), K[i+6]);
+ P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
+ local.A[6], local.A[7], local.A[0], R(i+7), K[i+7]);
}
#endif /* MBEDTLS_SHA256_SMALLER */
- for( i = 0; i < 8; i++ )
+ for (i = 0; i < 8; i++) {
ctx->state[i] += local.A[i];
+ }
/* Zeroise buffers and variables to clear sensitive data from memory. */
- mbedtls_platform_zeroize( &local, sizeof( local ) );
+ mbedtls_platform_zeroize(&local, sizeof(local));
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
- const unsigned char data[64] )
+void mbedtls_sha256_process(mbedtls_sha256_context *ctx,
+ const unsigned char data[64])
{
- mbedtls_internal_sha256_process( ctx, data );
+ mbedtls_internal_sha256_process(ctx, data);
}
#endif
#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
@@ -260,19 +258,20 @@
/*
* SHA-256 process buffer
*/
-int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
- const unsigned char *input,
- size_t ilen )
+int mbedtls_sha256_update_ret(mbedtls_sha256_context *ctx,
+ const unsigned char *input,
+ size_t ilen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t fill;
uint32_t left;
- SHA256_VALIDATE_RET( ctx != NULL );
- SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
+ SHA256_VALIDATE_RET(ctx != NULL);
+ SHA256_VALIDATE_RET(ilen == 0 || input != NULL);
- if( ilen == 0 )
- return( 0 );
+ if (ilen == 0) {
+ return 0;
+ }
left = ctx->total[0] & 0x3F;
fill = 64 - left;
@@ -280,57 +279,59 @@
ctx->total[0] += (uint32_t) ilen;
ctx->total[0] &= 0xFFFFFFFF;
- if( ctx->total[0] < (uint32_t) ilen )
+ if (ctx->total[0] < (uint32_t) ilen) {
ctx->total[1]++;
+ }
- if( left && ilen >= fill )
- {
- memcpy( (void *) (ctx->buffer + left), input, fill );
+ if (left && ilen >= fill) {
+ memcpy((void *) (ctx->buffer + left), input, fill);
- if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) {
+ return ret;
+ }
input += fill;
ilen -= fill;
left = 0;
}
- while( ilen >= 64 )
- {
- if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 )
- return( ret );
+ while (ilen >= 64) {
+ if ((ret = mbedtls_internal_sha256_process(ctx, input)) != 0) {
+ return ret;
+ }
input += 64;
ilen -= 64;
}
- if( ilen > 0 )
- memcpy( (void *) (ctx->buffer + left), input, ilen );
+ if (ilen > 0) {
+ memcpy((void *) (ctx->buffer + left), input, ilen);
+ }
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
- const unsigned char *input,
- size_t ilen )
+void mbedtls_sha256_update(mbedtls_sha256_context *ctx,
+ const unsigned char *input,
+ size_t ilen)
{
- mbedtls_sha256_update_ret( ctx, input, ilen );
+ mbedtls_sha256_update_ret(ctx, input, ilen);
}
#endif
/*
* SHA-256 final digest
*/
-int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
- unsigned char output[32] )
+int mbedtls_sha256_finish_ret(mbedtls_sha256_context *ctx,
+ unsigned char output[32])
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
uint32_t used;
uint32_t high, low;
- SHA256_VALIDATE_RET( ctx != NULL );
- SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
+ SHA256_VALIDATE_RET(ctx != NULL);
+ SHA256_VALIDATE_RET((unsigned char *) output != NULL);
/*
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
@@ -339,57 +340,57 @@
ctx->buffer[used++] = 0x80;
- if( used <= 56 )
- {
+ if (used <= 56) {
/* Enough room for padding + length in current block */
- memset( ctx->buffer + used, 0, 56 - used );
- }
- else
- {
+ memset(ctx->buffer + used, 0, 56 - used);
+ } else {
/* We'll need an extra block */
- memset( ctx->buffer + used, 0, 64 - used );
+ memset(ctx->buffer + used, 0, 64 - used);
- if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) {
+ return ret;
+ }
- memset( ctx->buffer, 0, 56 );
+ memset(ctx->buffer, 0, 56);
}
/*
* Add message length
*/
- high = ( ctx->total[0] >> 29 )
- | ( ctx->total[1] << 3 );
- low = ( ctx->total[0] << 3 );
+ high = (ctx->total[0] >> 29)
+ | (ctx->total[1] << 3);
+ low = (ctx->total[0] << 3);
- MBEDTLS_PUT_UINT32_BE( high, ctx->buffer, 56 );
- MBEDTLS_PUT_UINT32_BE( low, ctx->buffer, 60 );
+ MBEDTLS_PUT_UINT32_BE(high, ctx->buffer, 56);
+ MBEDTLS_PUT_UINT32_BE(low, ctx->buffer, 60);
- if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) {
+ return ret;
+ }
/*
* Output final state
*/
- MBEDTLS_PUT_UINT32_BE( ctx->state[0], output, 0 );
- MBEDTLS_PUT_UINT32_BE( ctx->state[1], output, 4 );
- MBEDTLS_PUT_UINT32_BE( ctx->state[2], output, 8 );
- MBEDTLS_PUT_UINT32_BE( ctx->state[3], output, 12 );
- MBEDTLS_PUT_UINT32_BE( ctx->state[4], output, 16 );
- MBEDTLS_PUT_UINT32_BE( ctx->state[5], output, 20 );
- MBEDTLS_PUT_UINT32_BE( ctx->state[6], output, 24 );
+ MBEDTLS_PUT_UINT32_BE(ctx->state[0], output, 0);
+ MBEDTLS_PUT_UINT32_BE(ctx->state[1], output, 4);
+ MBEDTLS_PUT_UINT32_BE(ctx->state[2], output, 8);
+ MBEDTLS_PUT_UINT32_BE(ctx->state[3], output, 12);
+ MBEDTLS_PUT_UINT32_BE(ctx->state[4], output, 16);
+ MBEDTLS_PUT_UINT32_BE(ctx->state[5], output, 20);
+ MBEDTLS_PUT_UINT32_BE(ctx->state[6], output, 24);
- if( ctx->is224 == 0 )
- MBEDTLS_PUT_UINT32_BE( ctx->state[7], output, 28 );
+ if (ctx->is224 == 0) {
+ MBEDTLS_PUT_UINT32_BE(ctx->state[7], output, 28);
+ }
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
- unsigned char output[32] )
+void mbedtls_sha256_finish(mbedtls_sha256_context *ctx,
+ unsigned char output[32])
{
- mbedtls_sha256_finish_ret( ctx, output );
+ mbedtls_sha256_finish_ret(ctx, output);
}
#endif
@@ -398,42 +399,45 @@
/*
* output = SHA-256( input buffer )
*/
-int mbedtls_sha256_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[32],
- int is224 )
+int mbedtls_sha256_ret(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[32],
+ int is224)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_sha256_context ctx;
- SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
- SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
- SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
+ SHA256_VALIDATE_RET(is224 == 0 || is224 == 1);
+ SHA256_VALIDATE_RET(ilen == 0 || input != NULL);
+ SHA256_VALIDATE_RET((unsigned char *) output != NULL);
- mbedtls_sha256_init( &ctx );
+ mbedtls_sha256_init(&ctx);
- if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
+ if ((ret = mbedtls_sha256_starts_ret(&ctx, is224)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 )
+ if ((ret = mbedtls_sha256_update_ret(&ctx, input, ilen)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 )
+ if ((ret = mbedtls_sha256_finish_ret(&ctx, output)) != 0) {
goto exit;
+ }
exit:
- mbedtls_sha256_free( &ctx );
+ mbedtls_sha256_free(&ctx);
- return( ret );
+ return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256( const unsigned char *input,
- size_t ilen,
- unsigned char output[32],
- int is224 )
+void mbedtls_sha256(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[32],
+ int is224)
{
- mbedtls_sha256_ret( input, ilen, output, is224 );
+ mbedtls_sha256_ret(input, ilen, output, is224);
}
#endif
@@ -491,83 +495,85 @@
/*
* Checkup routine
*/
-int mbedtls_sha256_self_test( int verbose )
+int mbedtls_sha256_self_test(int verbose)
{
int i, j, k, buflen, ret = 0;
unsigned char *buf;
unsigned char sha256sum[32];
mbedtls_sha256_context ctx;
- buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
- if( NULL == buf )
- {
- if( verbose != 0 )
- mbedtls_printf( "Buffer allocation failed\n" );
+ buf = mbedtls_calloc(1024, sizeof(unsigned char));
+ if (NULL == buf) {
+ if (verbose != 0) {
+ mbedtls_printf("Buffer allocation failed\n");
+ }
- return( 1 );
+ return 1;
}
- mbedtls_sha256_init( &ctx );
+ mbedtls_sha256_init(&ctx);
- for( i = 0; i < 6; i++ )
- {
+ for (i = 0; i < 6; i++) {
j = i % 3;
k = i < 3;
- if( verbose != 0 )
- mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
+ if (verbose != 0) {
+ mbedtls_printf(" SHA-%d test #%d: ", 256 - k * 32, j + 1);
+ }
- if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 )
+ if ((ret = mbedtls_sha256_starts_ret(&ctx, k)) != 0) {
goto fail;
+ }
- if( j == 2 )
- {
- memset( buf, 'a', buflen = 1000 );
+ if (j == 2) {
+ memset(buf, 'a', buflen = 1000);
- for( j = 0; j < 1000; j++ )
- {
- ret = mbedtls_sha256_update_ret( &ctx, buf, buflen );
- if( ret != 0 )
+ for (j = 0; j < 1000; j++) {
+ ret = mbedtls_sha256_update_ret(&ctx, buf, buflen);
+ if (ret != 0) {
goto fail;
+ }
}
- }
- else
- {
- ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j],
- sha256_test_buflen[j] );
- if( ret != 0 )
- goto fail;
+ } else {
+ ret = mbedtls_sha256_update_ret(&ctx, sha256_test_buf[j],
+ sha256_test_buflen[j]);
+ if (ret != 0) {
+ goto fail;
+ }
}
- if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 )
+ if ((ret = mbedtls_sha256_finish_ret(&ctx, sha256sum)) != 0) {
goto fail;
+ }
- if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
- {
+ if (memcmp(sha256sum, sha256_test_sum[i], 32 - k * 4) != 0) {
ret = 1;
goto fail;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
goto exit;
fail:
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
exit:
- mbedtls_sha256_free( &ctx );
- mbedtls_free( buf );
+ mbedtls_sha256_free(&ctx);
+ mbedtls_free(buf);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/sha512.c b/library/sha512.c
index 1a6872c..f6b7c1f 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -41,13 +41,13 @@
#include "mbedtls/platform.h"
#define SHA512_VALIDATE_RET(cond) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA )
-#define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
+ MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA)
+#define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond)
#if !defined(MBEDTLS_SHA512_ALT)
#if defined(MBEDTLS_SHA512_SMALLER)
-static void sha512_put_uint64_be( uint64_t n, unsigned char *b, uint8_t i )
+static void sha512_put_uint64_be(uint64_t n, unsigned char *b, uint8_t i)
{
MBEDTLS_PUT_UINT64_BE(n, b, i);
}
@@ -55,26 +55,27 @@
#define sha512_put_uint64_be MBEDTLS_PUT_UINT64_BE
#endif /* MBEDTLS_SHA512_SMALLER */
-void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
+void mbedtls_sha512_init(mbedtls_sha512_context *ctx)
{
- SHA512_VALIDATE( ctx != NULL );
+ SHA512_VALIDATE(ctx != NULL);
- memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
+ memset(ctx, 0, sizeof(mbedtls_sha512_context));
}
-void mbedtls_sha512_free( mbedtls_sha512_context *ctx )
+void mbedtls_sha512_free(mbedtls_sha512_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha512_context));
}
-void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
- const mbedtls_sha512_context *src )
+void mbedtls_sha512_clone(mbedtls_sha512_context *dst,
+ const mbedtls_sha512_context *src)
{
- SHA512_VALIDATE( dst != NULL );
- SHA512_VALIDATE( src != NULL );
+ SHA512_VALIDATE(dst != NULL);
+ SHA512_VALIDATE(src != NULL);
*dst = *src;
}
@@ -82,20 +83,19 @@
/*
* SHA-512 context setup
*/
-int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
+int mbedtls_sha512_starts_ret(mbedtls_sha512_context *ctx, int is384)
{
- SHA512_VALIDATE_RET( ctx != NULL );
+ SHA512_VALIDATE_RET(ctx != NULL);
#if !defined(MBEDTLS_SHA512_NO_SHA384)
- SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
+ SHA512_VALIDATE_RET(is384 == 0 || is384 == 1);
#else
- SHA512_VALIDATE_RET( is384 == 0 );
+ SHA512_VALIDATE_RET(is384 == 0);
#endif
ctx->total[0] = 0;
ctx->total[1] = 0;
- if( is384 == 0 )
- {
+ if (is384 == 0) {
/* SHA-512 */
ctx->state[0] = UL64(0x6A09E667F3BCC908);
ctx->state[1] = UL64(0xBB67AE8584CAA73B);
@@ -105,11 +105,9 @@
ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
ctx->state[7] = UL64(0x5BE0CD19137E2179);
- }
- else
- {
+ } else {
#if defined(MBEDTLS_SHA512_NO_SHA384)
- return( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#else
/* SHA-384 */
ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
@@ -127,14 +125,14 @@
ctx->is384 = is384;
#endif
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
- int is384 )
+void mbedtls_sha512_starts(mbedtls_sha512_context *ctx,
+ int is384)
{
- mbedtls_sha512_starts_ret( ctx, is384 );
+ mbedtls_sha512_starts_ret(ctx, is384);
}
#endif
@@ -187,57 +185,53 @@
UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
};
-int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
- const unsigned char data[128] )
+int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx,
+ const unsigned char data[128])
{
int i;
- struct
- {
+ struct {
uint64_t temp1, temp2, W[80];
uint64_t A[8];
} local;
- SHA512_VALIDATE_RET( ctx != NULL );
- SHA512_VALIDATE_RET( (const unsigned char *)data != NULL );
+ SHA512_VALIDATE_RET(ctx != NULL);
+ SHA512_VALIDATE_RET((const unsigned char *) data != NULL);
-#define SHR(x,n) ((x) >> (n))
-#define ROTR(x,n) (SHR((x),(n)) | ((x) << (64 - (n))))
+#define SHR(x, n) ((x) >> (n))
+#define ROTR(x, n) (SHR((x), (n)) | ((x) << (64 - (n))))
#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
-#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6))
+#define S1(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHR(x, 6))
-#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
-#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
+#define S2(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39))
+#define S3(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41))
-#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
-#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
+#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y))))
+#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
-#define P(a,b,c,d,e,f,g,h,x,K) \
+#define P(a, b, c, d, e, f, g, h, x, K) \
do \
{ \
- local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
- local.temp2 = S2(a) + F0((a),(b),(c)); \
+ local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \
+ local.temp2 = S2(a) + F0((a), (b), (c)); \
(d) += local.temp1; (h) = local.temp1 + local.temp2; \
- } while( 0 )
+ } while (0)
- for( i = 0; i < 8; i++ )
+ for (i = 0; i < 8; i++) {
local.A[i] = ctx->state[i];
+ }
#if defined(MBEDTLS_SHA512_SMALLER)
- for( i = 0; i < 80; i++ )
- {
- if( i < 16 )
- {
- local.W[i] = MBEDTLS_GET_UINT64_BE( data, i << 3 );
- }
- else
- {
+ for (i = 0; i < 80; i++) {
+ if (i < 16) {
+ local.W[i] = MBEDTLS_GET_UINT64_BE(data, i << 3);
+ } else {
local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] +
- S0(local.W[i - 15]) + local.W[i - 16];
+ S0(local.W[i - 15]) + local.W[i - 16];
}
- P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
- local.A[5], local.A[6], local.A[7], local.W[i], K[i] );
+ P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
+ local.A[5], local.A[6], local.A[7], local.W[i], K[i]);
local.temp1 = local.A[7]; local.A[7] = local.A[6];
local.A[6] = local.A[5]; local.A[5] = local.A[4];
@@ -246,54 +240,51 @@
local.A[0] = local.temp1;
}
#else /* MBEDTLS_SHA512_SMALLER */
- for( i = 0; i < 16; i++ )
- {
- local.W[i] = MBEDTLS_GET_UINT64_BE( data, i << 3 );
+ for (i = 0; i < 16; i++) {
+ local.W[i] = MBEDTLS_GET_UINT64_BE(data, i << 3);
}
- for( ; i < 80; i++ )
- {
+ for (; i < 80; i++) {
local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] +
- S0(local.W[i - 15]) + local.W[i - 16];
+ S0(local.W[i - 15]) + local.W[i - 16];
}
i = 0;
- do
- {
- P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
- local.A[5], local.A[6], local.A[7], local.W[i], K[i] ); i++;
- P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
- local.A[4], local.A[5], local.A[6], local.W[i], K[i] ); i++;
- P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
- local.A[3], local.A[4], local.A[5], local.W[i], K[i] ); i++;
- P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
- local.A[2], local.A[3], local.A[4], local.W[i], K[i] ); i++;
- P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
- local.A[1], local.A[2], local.A[3], local.W[i], K[i] ); i++;
- P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
- local.A[0], local.A[1], local.A[2], local.W[i], K[i] ); i++;
- P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
- local.A[7], local.A[0], local.A[1], local.W[i], K[i] ); i++;
- P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
- local.A[6], local.A[7], local.A[0], local.W[i], K[i] ); i++;
- }
- while( i < 80 );
+ do {
+ P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
+ local.A[5], local.A[6], local.A[7], local.W[i], K[i]); i++;
+ P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
+ local.A[4], local.A[5], local.A[6], local.W[i], K[i]); i++;
+ P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
+ local.A[3], local.A[4], local.A[5], local.W[i], K[i]); i++;
+ P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
+ local.A[2], local.A[3], local.A[4], local.W[i], K[i]); i++;
+ P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
+ local.A[1], local.A[2], local.A[3], local.W[i], K[i]); i++;
+ P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
+ local.A[0], local.A[1], local.A[2], local.W[i], K[i]); i++;
+ P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
+ local.A[7], local.A[0], local.A[1], local.W[i], K[i]); i++;
+ P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
+ local.A[6], local.A[7], local.A[0], local.W[i], K[i]); i++;
+ } while (i < 80);
#endif /* MBEDTLS_SHA512_SMALLER */
- for( i = 0; i < 8; i++ )
+ for (i = 0; i < 8; i++) {
ctx->state[i] += local.A[i];
+ }
/* Zeroise buffers and variables to clear sensitive data from memory. */
- mbedtls_platform_zeroize( &local, sizeof( local ) );
+ mbedtls_platform_zeroize(&local, sizeof(local));
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512_process( mbedtls_sha512_context *ctx,
- const unsigned char data[128] )
+void mbedtls_sha512_process(mbedtls_sha512_context *ctx,
+ const unsigned char data[128])
{
- mbedtls_internal_sha512_process( ctx, data );
+ mbedtls_internal_sha512_process(ctx, data);
}
#endif
#endif /* !MBEDTLS_SHA512_PROCESS_ALT */
@@ -301,76 +292,79 @@
/*
* SHA-512 process buffer
*/
-int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
- const unsigned char *input,
- size_t ilen )
+int mbedtls_sha512_update_ret(mbedtls_sha512_context *ctx,
+ const unsigned char *input,
+ size_t ilen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t fill;
unsigned int left;
- SHA512_VALIDATE_RET( ctx != NULL );
- SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
+ SHA512_VALIDATE_RET(ctx != NULL);
+ SHA512_VALIDATE_RET(ilen == 0 || input != NULL);
- if( ilen == 0 )
- return( 0 );
+ if (ilen == 0) {
+ return 0;
+ }
left = (unsigned int) (ctx->total[0] & 0x7F);
fill = 128 - left;
ctx->total[0] += (uint64_t) ilen;
- if( ctx->total[0] < (uint64_t) ilen )
+ if (ctx->total[0] < (uint64_t) ilen) {
ctx->total[1]++;
+ }
- if( left && ilen >= fill )
- {
- memcpy( (void *) (ctx->buffer + left), input, fill );
+ if (left && ilen >= fill) {
+ memcpy((void *) (ctx->buffer + left), input, fill);
- if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
+ return ret;
+ }
input += fill;
ilen -= fill;
left = 0;
}
- while( ilen >= 128 )
- {
- if( ( ret = mbedtls_internal_sha512_process( ctx, input ) ) != 0 )
- return( ret );
+ while (ilen >= 128) {
+ if ((ret = mbedtls_internal_sha512_process(ctx, input)) != 0) {
+ return ret;
+ }
input += 128;
ilen -= 128;
}
- if( ilen > 0 )
- memcpy( (void *) (ctx->buffer + left), input, ilen );
+ if (ilen > 0) {
+ memcpy((void *) (ctx->buffer + left), input, ilen);
+ }
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
- const unsigned char *input,
- size_t ilen )
+void mbedtls_sha512_update(mbedtls_sha512_context *ctx,
+ const unsigned char *input,
+ size_t ilen)
{
- mbedtls_sha512_update_ret( ctx, input, ilen );
+ mbedtls_sha512_update_ret(ctx, input, ilen);
}
#endif
/*
* SHA-512 final digest
*/
-int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
- unsigned char output[64] )
+int mbedtls_sha512_finish_ret(mbedtls_sha512_context *ctx,
+ unsigned char output[64])
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned used;
uint64_t high, low;
- SHA512_VALIDATE_RET( ctx != NULL );
- SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
+ SHA512_VALIDATE_RET(ctx != NULL);
+ SHA512_VALIDATE_RET((unsigned char *) output != NULL);
/*
* Add padding: 0x80 then 0x00 until 16 bytes remain for the length
@@ -379,63 +373,61 @@
ctx->buffer[used++] = 0x80;
- if( used <= 112 )
- {
+ if (used <= 112) {
/* Enough room for padding + length in current block */
- memset( ctx->buffer + used, 0, 112 - used );
- }
- else
- {
+ memset(ctx->buffer + used, 0, 112 - used);
+ } else {
/* We'll need an extra block */
- memset( ctx->buffer + used, 0, 128 - used );
+ memset(ctx->buffer + used, 0, 128 - used);
- if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
+ return ret;
+ }
- memset( ctx->buffer, 0, 112 );
+ memset(ctx->buffer, 0, 112);
}
/*
* Add message length
*/
- high = ( ctx->total[0] >> 61 )
- | ( ctx->total[1] << 3 );
- low = ( ctx->total[0] << 3 );
+ high = (ctx->total[0] >> 61)
+ | (ctx->total[1] << 3);
+ low = (ctx->total[0] << 3);
- sha512_put_uint64_be( high, ctx->buffer, 112 );
- sha512_put_uint64_be( low, ctx->buffer, 120 );
+ sha512_put_uint64_be(high, ctx->buffer, 112);
+ sha512_put_uint64_be(low, ctx->buffer, 120);
- if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
+ return ret;
+ }
/*
* Output final state
*/
- sha512_put_uint64_be( ctx->state[0], output, 0 );
- sha512_put_uint64_be( ctx->state[1], output, 8 );
- sha512_put_uint64_be( ctx->state[2], output, 16 );
- sha512_put_uint64_be( ctx->state[3], output, 24 );
- sha512_put_uint64_be( ctx->state[4], output, 32 );
- sha512_put_uint64_be( ctx->state[5], output, 40 );
+ sha512_put_uint64_be(ctx->state[0], output, 0);
+ sha512_put_uint64_be(ctx->state[1], output, 8);
+ sha512_put_uint64_be(ctx->state[2], output, 16);
+ sha512_put_uint64_be(ctx->state[3], output, 24);
+ sha512_put_uint64_be(ctx->state[4], output, 32);
+ sha512_put_uint64_be(ctx->state[5], output, 40);
int truncated = 0;
#if !defined(MBEDTLS_SHA512_NO_SHA384)
truncated = ctx->is384;
#endif
- if( !truncated )
- {
- sha512_put_uint64_be( ctx->state[6], output, 48 );
- sha512_put_uint64_be( ctx->state[7], output, 56 );
+ if (!truncated) {
+ sha512_put_uint64_be(ctx->state[6], output, 48);
+ sha512_put_uint64_be(ctx->state[7], output, 56);
}
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
- unsigned char output[64] )
+void mbedtls_sha512_finish(mbedtls_sha512_context *ctx,
+ unsigned char output[64])
{
- mbedtls_sha512_finish_ret( ctx, output );
+ mbedtls_sha512_finish_ret(ctx, output);
}
#endif
@@ -444,46 +436,49 @@
/*
* output = SHA-512( input buffer )
*/
-int mbedtls_sha512_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[64],
- int is384 )
+int mbedtls_sha512_ret(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[64],
+ int is384)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_sha512_context ctx;
#if !defined(MBEDTLS_SHA512_NO_SHA384)
- SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
+ SHA512_VALIDATE_RET(is384 == 0 || is384 == 1);
#else
- SHA512_VALIDATE_RET( is384 == 0 );
+ SHA512_VALIDATE_RET(is384 == 0);
#endif
- SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
- SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
+ SHA512_VALIDATE_RET(ilen == 0 || input != NULL);
+ SHA512_VALIDATE_RET((unsigned char *) output != NULL);
- mbedtls_sha512_init( &ctx );
+ mbedtls_sha512_init(&ctx);
- if( ( ret = mbedtls_sha512_starts_ret( &ctx, is384 ) ) != 0 )
+ if ((ret = mbedtls_sha512_starts_ret(&ctx, is384)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_sha512_update_ret( &ctx, input, ilen ) ) != 0 )
+ if ((ret = mbedtls_sha512_update_ret(&ctx, input, ilen)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_sha512_finish_ret( &ctx, output ) ) != 0 )
+ if ((ret = mbedtls_sha512_finish_ret(&ctx, output)) != 0) {
goto exit;
+ }
exit:
- mbedtls_sha512_free( &ctx );
+ mbedtls_sha512_free(&ctx);
- return( ret );
+ return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512( const unsigned char *input,
- size_t ilen,
- unsigned char output[64],
- int is384 )
+void mbedtls_sha512(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[64],
+ int is384)
{
- mbedtls_sha512_ret( input, ilen, output, is384 );
+ mbedtls_sha512_ret(input, ilen, output, is384);
}
#endif
@@ -495,7 +490,9 @@
static const unsigned char sha512_test_buf[3][113] =
{
{ "abc" },
- { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" },
+ {
+ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+ },
{ "" }
};
@@ -559,31 +556,30 @@
0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B }
};
-#define ARRAY_LENGTH( a ) ( sizeof( a ) / sizeof( ( a )[0] ) )
+#define ARRAY_LENGTH(a) (sizeof(a) / sizeof((a)[0]))
/*
* Checkup routine
*/
-int mbedtls_sha512_self_test( int verbose )
+int mbedtls_sha512_self_test(int verbose)
{
int i, j, k, buflen, ret = 0;
unsigned char *buf;
unsigned char sha512sum[64];
mbedtls_sha512_context ctx;
- buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
- if( NULL == buf )
- {
- if( verbose != 0 )
- mbedtls_printf( "Buffer allocation failed\n" );
+ buf = mbedtls_calloc(1024, sizeof(unsigned char));
+ if (NULL == buf) {
+ if (verbose != 0) {
+ mbedtls_printf("Buffer allocation failed\n");
+ }
- return( 1 );
+ return 1;
}
- mbedtls_sha512_init( &ctx );
+ mbedtls_sha512_init(&ctx);
- for( i = 0; i < (int) ARRAY_LENGTH(sha512_test_sum); i++ )
- {
+ for (i = 0; i < (int) ARRAY_LENGTH(sha512_test_sum); i++) {
j = i % 3;
#if !defined(MBEDTLS_SHA512_NO_SHA384)
k = i < 3;
@@ -591,58 +587,61 @@
k = 0;
#endif
- if( verbose != 0 )
- mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 );
+ if (verbose != 0) {
+ mbedtls_printf(" SHA-%d test #%d: ", 512 - k * 128, j + 1);
+ }
- if( ( ret = mbedtls_sha512_starts_ret( &ctx, k ) ) != 0 )
+ if ((ret = mbedtls_sha512_starts_ret(&ctx, k)) != 0) {
goto fail;
+ }
- if( j == 2 )
- {
- memset( buf, 'a', buflen = 1000 );
+ if (j == 2) {
+ memset(buf, 'a', buflen = 1000);
- for( j = 0; j < 1000; j++ )
- {
- ret = mbedtls_sha512_update_ret( &ctx, buf, buflen );
- if( ret != 0 )
+ for (j = 0; j < 1000; j++) {
+ ret = mbedtls_sha512_update_ret(&ctx, buf, buflen);
+ if (ret != 0) {
goto fail;
+ }
+ }
+ } else {
+ ret = mbedtls_sha512_update_ret(&ctx, sha512_test_buf[j],
+ sha512_test_buflen[j]);
+ if (ret != 0) {
+ goto fail;
}
}
- else
- {
- ret = mbedtls_sha512_update_ret( &ctx, sha512_test_buf[j],
- sha512_test_buflen[j] );
- if( ret != 0 )
- goto fail;
+
+ if ((ret = mbedtls_sha512_finish_ret(&ctx, sha512sum)) != 0) {
+ goto fail;
}
- if( ( ret = mbedtls_sha512_finish_ret( &ctx, sha512sum ) ) != 0 )
- goto fail;
-
- if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 )
- {
+ if (memcmp(sha512sum, sha512_test_sum[i], 64 - k * 16) != 0) {
ret = 1;
goto fail;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
goto exit;
fail:
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
exit:
- mbedtls_sha512_free( &ctx );
- mbedtls_free( buf );
+ mbedtls_sha512_free(&ctx);
+ mbedtls_free(buf);
- return( ret );
+ return ret;
}
#undef ARRAY_LENGTH
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 7a600ca..0f0e610 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -32,83 +32,79 @@
#include <string.h>
-void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache )
+void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache)
{
- memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) );
+ memset(cache, 0, sizeof(mbedtls_ssl_cache_context));
cache->timeout = MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT;
cache->max_entries = MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES;
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &cache->mutex );
+ mbedtls_mutex_init(&cache->mutex);
#endif
}
-int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session )
+int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session)
{
int ret = 1;
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t t = mbedtls_time( NULL );
+ mbedtls_time_t t = mbedtls_time(NULL);
#endif
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *cur, *entry;
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_lock( &cache->mutex ) != 0 )
- return( 1 );
+ if (mbedtls_mutex_lock(&cache->mutex) != 0) {
+ return 1;
+ }
#endif
cur = cache->chain;
entry = NULL;
- while( cur != NULL )
- {
+ while (cur != NULL) {
entry = cur;
cur = cur->next;
#if defined(MBEDTLS_HAVE_TIME)
- if( cache->timeout != 0 &&
- (int) ( t - entry->timestamp ) > cache->timeout )
+ if (cache->timeout != 0 &&
+ (int) (t - entry->timestamp) > cache->timeout) {
continue;
+ }
#endif
- if( session->id_len != entry->session.id_len ||
- memcmp( session->id, entry->session.id,
- entry->session.id_len ) != 0 )
- {
+ if (session->id_len != entry->session.id_len ||
+ memcmp(session->id, entry->session.id,
+ entry->session.id_len) != 0) {
continue;
}
- ret = mbedtls_ssl_session_copy( session, &entry->session );
- if( ret != 0 )
- {
+ ret = mbedtls_ssl_session_copy(session, &entry->session);
+ if (ret != 0) {
ret = 1;
goto exit;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
- defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/*
* Restore peer certificate (without rest of the original chain)
*/
- if( entry->peer_cert.p != NULL )
- {
+ if (entry->peer_cert.p != NULL) {
/* `session->peer_cert` is NULL after the call to
* mbedtls_ssl_session_copy(), because cache entries
* have the `peer_cert` field set to NULL. */
- if( ( session->peer_cert = mbedtls_calloc( 1,
- sizeof(mbedtls_x509_crt) ) ) == NULL )
- {
+ if ((session->peer_cert = mbedtls_calloc(1,
+ sizeof(mbedtls_x509_crt))) == NULL) {
ret = 1;
goto exit;
}
- mbedtls_x509_crt_init( session->peer_cert );
- if( mbedtls_x509_crt_parse( session->peer_cert, entry->peer_cert.p,
- entry->peer_cert.len ) != 0 )
- {
- mbedtls_free( session->peer_cert );
+ mbedtls_x509_crt_init(session->peer_cert);
+ if (mbedtls_x509_crt_parse(session->peer_cert, entry->peer_cert.p,
+ entry->peer_cert.len) != 0) {
+ mbedtls_free(session->peer_cert);
session->peer_cert = NULL;
ret = 1;
goto exit;
@@ -122,18 +118,19 @@
exit:
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
+ if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
ret = 1;
+ }
#endif
- return( ret );
+ return ret;
}
-int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
+int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session)
{
int ret = 1;
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t t = mbedtls_time( NULL ), oldest = 0;
+ mbedtls_time_t t = mbedtls_time(NULL), oldest = 0;
mbedtls_ssl_cache_entry *old = NULL;
#endif
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
@@ -141,32 +138,31 @@
int count = 0;
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &cache->mutex ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) {
+ return ret;
+ }
#endif
cur = cache->chain;
prv = NULL;
- while( cur != NULL )
- {
+ while (cur != NULL) {
count++;
#if defined(MBEDTLS_HAVE_TIME)
- if( cache->timeout != 0 &&
- (int) ( t - cur->timestamp ) > cache->timeout )
- {
+ if (cache->timeout != 0 &&
+ (int) (t - cur->timestamp) > cache->timeout) {
cur->timestamp = t;
break; /* expired, reuse this slot, update timestamp */
}
#endif
- if( memcmp( session->id, cur->session.id, cur->session.id_len ) == 0 )
+ if (memcmp(session->id, cur->session.id, cur->session.id_len) == 0) {
break; /* client reconnected, keep timestamp for session id */
+ }
#if defined(MBEDTLS_HAVE_TIME)
- if( oldest == 0 || cur->timestamp < oldest )
- {
+ if (oldest == 0 || cur->timestamp < oldest) {
oldest = cur->timestamp;
old = cur;
}
@@ -176,16 +172,13 @@
cur = cur->next;
}
- if( cur == NULL )
- {
+ if (cur == NULL) {
#if defined(MBEDTLS_HAVE_TIME)
/*
* Reuse oldest entry if max_entries reached
*/
- if( count >= cache->max_entries )
- {
- if( old == NULL )
- {
+ if (count >= cache->max_entries) {
+ if (old == NULL) {
ret = 1;
goto exit;
}
@@ -197,10 +190,8 @@
* Reuse first entry in chain if max_entries reached,
* but move to last place
*/
- if( count >= cache->max_entries )
- {
- if( cache->chain == NULL )
- {
+ if (count >= cache->max_entries) {
+ if (cache->chain == NULL) {
ret = 1;
goto exit;
}
@@ -211,22 +202,21 @@
prv->next = cur;
}
#endif /* MBEDTLS_HAVE_TIME */
- else
- {
+ else {
/*
* max_entries not reached, create new entry
*/
- cur = mbedtls_calloc( 1, sizeof(mbedtls_ssl_cache_entry) );
- if( cur == NULL )
- {
+ cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry));
+ if (cur == NULL) {
ret = 1;
goto exit;
}
- if( prv == NULL )
+ if (prv == NULL) {
cache->chain = cur;
- else
+ } else {
prv->next = cur;
+ }
}
#if defined(MBEDTLS_HAVE_TIME)
@@ -239,10 +229,9 @@
/*
* If we're reusing an entry, free its certificate first
*/
- if( cur->peer_cert.p != NULL )
- {
- mbedtls_free( cur->peer_cert.p );
- memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) );
+ if (cur->peer_cert.p != NULL) {
+ mbedtls_free(cur->peer_cert.p);
+ memset(&cur->peer_cert, 0, sizeof(mbedtls_x509_buf));
}
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -251,9 +240,8 @@
* This inefficiency will go away as soon as we implement on-demand
* parsing of CRTs, in which case there's no need for the `peer_cert`
* field anymore in the first place, and we're done after this call. */
- ret = mbedtls_ssl_session_copy( &cur->session, session );
- if( ret != 0 )
- {
+ ret = mbedtls_ssl_session_copy(&cur->session, session);
+ if (ret != 0) {
ret = 1;
goto exit;
}
@@ -261,23 +249,21 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* If present, free the X.509 structure and only store the raw CRT data. */
- if( cur->session.peer_cert != NULL )
- {
+ if (cur->session.peer_cert != NULL) {
cur->peer_cert.p =
- mbedtls_calloc( 1, cur->session.peer_cert->raw.len );
- if( cur->peer_cert.p == NULL )
- {
+ mbedtls_calloc(1, cur->session.peer_cert->raw.len);
+ if (cur->peer_cert.p == NULL) {
ret = 1;
goto exit;
}
- memcpy( cur->peer_cert.p,
- cur->session.peer_cert->raw.p,
- cur->session.peer_cert->raw.len );
+ memcpy(cur->peer_cert.p,
+ cur->session.peer_cert->raw.p,
+ cur->session.peer_cert->raw.len);
cur->peer_cert.len = session->peer_cert->raw.len;
- mbedtls_x509_crt_free( cur->session.peer_cert );
- mbedtls_free( cur->session.peer_cert );
+ mbedtls_x509_crt_free(cur->session.peer_cert);
+ mbedtls_free(cur->session.peer_cert);
cur->session.peer_cert = NULL;
}
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -286,52 +272,56 @@
exit:
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
+ if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
ret = 1;
+ }
#endif
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_HAVE_TIME)
-void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout )
+void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout)
{
- if( timeout < 0 ) timeout = 0;
+ if (timeout < 0) {
+ timeout = 0;
+ }
cache->timeout = timeout;
}
#endif /* MBEDTLS_HAVE_TIME */
-void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max )
+void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max)
{
- if( max < 0 ) max = 0;
+ if (max < 0) {
+ max = 0;
+ }
cache->max_entries = max;
}
-void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache )
+void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache)
{
mbedtls_ssl_cache_entry *cur, *prv;
cur = cache->chain;
- while( cur != NULL )
- {
+ while (cur != NULL) {
prv = cur;
cur = cur->next;
- mbedtls_ssl_session_free( &prv->session );
+ mbedtls_ssl_session_free(&prv->session);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
- defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- mbedtls_free( prv->peer_cert.p );
+ defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ mbedtls_free(prv->peer_cert.p);
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- mbedtls_free( prv );
+ mbedtls_free(prv);
}
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_free( &cache->mutex );
+ mbedtls_mutex_free(&cache->mutex);
#endif
cache->chain = NULL;
}
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 2bc8a9b..b37921a 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -455,14 +455,16 @@
#if defined(MBEDTLS_CAMELLIA_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
#if defined(MBEDTLS_SHA256_C)
- { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
+ { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+ "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_SHA256_C */
#if defined(HAVE_SHA384)
- { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
+ { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+ "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -472,14 +474,16 @@
#if defined(MBEDTLS_GCM_C)
#if defined(MBEDTLS_SHA256_C)
- { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
+ { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
+ "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_SHA256_C */
#if defined(HAVE_SHA384)
- { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
+ { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
+ "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -574,14 +578,16 @@
#if defined(MBEDTLS_CAMELLIA_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
#if defined(MBEDTLS_SHA256_C)
- { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+ { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_SHA256_C */
#if defined(HAVE_SHA384)
- { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
+ { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+ "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -591,14 +597,16 @@
#if defined(MBEDTLS_GCM_C)
#if defined(MBEDTLS_SHA256_C)
- { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+ { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+ "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_SHA256_C */
#if defined(HAVE_SHA384)
- { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+ { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+ "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -982,14 +990,16 @@
#if defined(MBEDTLS_CAMELLIA_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
#if defined(MBEDTLS_SHA256_C)
- { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+ { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_SHA256_C */
#if defined(HAVE_SHA384)
- { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
+ { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+ "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -999,14 +1009,16 @@
#if defined(MBEDTLS_GCM_C)
#if defined(MBEDTLS_SHA256_C)
- { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+ { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+ "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_SHA256_C */
#if defined(HAVE_SHA384)
- { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+ { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+ "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1101,14 +1113,16 @@
#if defined(MBEDTLS_CAMELLIA_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
#if defined(MBEDTLS_SHA256_C)
- { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
+ { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+ "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_SHA256_C */
#if defined(HAVE_SHA384)
- { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
+ { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+ "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1118,14 +1132,16 @@
#if defined(MBEDTLS_GCM_C)
#if defined(MBEDTLS_SHA256_C)
- { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
+ { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
+ "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_SHA256_C */
#if defined(HAVE_SHA384)
- { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
+ { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
+ "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1478,7 +1494,8 @@
#if defined(MBEDTLS_CAMELLIA_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
#if defined(MBEDTLS_SHA256_C)
- { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+ { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1486,7 +1503,8 @@
#endif /* MBEDTLS_SHA256_C */
#if defined(HAVE_SHA384)
- { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+ { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1808,7 +1826,7 @@
#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
- "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
+ "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1816,7 +1834,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
- "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
+ "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1824,7 +1842,7 @@
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
- "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
+ "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1832,7 +1850,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
- "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
+ "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1845,7 +1863,7 @@
#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
- "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
+ "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1853,7 +1871,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
- "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
+ "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1861,7 +1879,7 @@
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
- "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
+ "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1869,7 +1887,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
- "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
+ "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1882,15 +1900,15 @@
#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
- "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
- MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384,MBEDTLS_KEY_EXCHANGE_PSK,
+ "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
+ MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
- "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
+ "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1898,7 +1916,7 @@
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
- "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
+ "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1906,7 +1924,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
- "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
+ "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1919,7 +1937,7 @@
#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
- "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
+ "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1927,7 +1945,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
- "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
+ "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1935,7 +1953,7 @@
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
- "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
+ "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1943,7 +1961,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
- "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
+ "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1956,7 +1974,7 @@
#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
- "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
+ "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1964,7 +1982,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
- "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
+ "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1972,7 +1990,7 @@
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
- "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
+ "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1980,7 +1998,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
- "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
+ "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -1993,7 +2011,7 @@
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
- "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
+ "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2001,7 +2019,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
- "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
+ "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2014,7 +2032,7 @@
#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
- "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
+ "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2022,7 +2040,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
- "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
+ "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2030,7 +2048,7 @@
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
- "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
+ "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2038,7 +2056,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
- "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
+ "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2051,7 +2069,7 @@
#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
- "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
+ "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2059,7 +2077,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
- "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
+ "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2067,7 +2085,7 @@
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
- "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
+ "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2075,7 +2093,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
- "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
+ "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2088,7 +2106,7 @@
#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
- "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
+ "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2096,7 +2114,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
- "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
+ "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2104,7 +2122,7 @@
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
- "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
+ "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2112,7 +2130,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
- "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
+ "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2125,7 +2143,7 @@
#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
- "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
+ "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2133,7 +2151,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
- "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
+ "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2141,7 +2159,7 @@
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
- "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
+ "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2149,7 +2167,7 @@
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
- "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
+ "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
@@ -2167,56 +2185,53 @@
};
#if defined(MBEDTLS_SSL_CIPHERSUITES)
-const int *mbedtls_ssl_list_ciphersuites( void )
+const int *mbedtls_ssl_list_ciphersuites(void)
{
- return( ciphersuite_preference );
+ return ciphersuite_preference;
}
#else
-#define MAX_CIPHERSUITES sizeof( ciphersuite_definitions ) / \
- sizeof( ciphersuite_definitions[0] )
+#define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \
+ sizeof(ciphersuite_definitions[0])
static int supported_ciphersuites[MAX_CIPHERSUITES];
static int supported_init = 0;
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info )
+static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
{
- (void)cs_info;
+ (void) cs_info;
#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
- if( cs_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
- return( 1 );
+ if (cs_info->cipher == MBEDTLS_CIPHER_ARC4_128) {
+ return 1;
+ }
#endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */
#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
- if( cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_ECB ||
- cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_CBC )
- {
- return( 1 );
+ if (cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_ECB ||
+ cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_CBC) {
+ return 1;
}
#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
- return( 0 );
+ return 0;
}
-const int *mbedtls_ssl_list_ciphersuites( void )
+const int *mbedtls_ssl_list_ciphersuites(void)
{
/*
* On initial call filter out all ciphersuites not supported by current
* build based on presence in the ciphersuite_definitions.
*/
- if( supported_init == 0 )
- {
+ if (supported_init == 0) {
const int *p;
int *q;
- for( p = ciphersuite_preference, q = supported_ciphersuites;
+ for (p = ciphersuite_preference, q = supported_ciphersuites;
*p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
- p++ )
- {
+ p++) {
const mbedtls_ssl_ciphersuite_t *cs_info;
- if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL &&
- !ciphersuite_is_removed( cs_info ) )
- {
+ if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL &&
+ !ciphersuite_is_removed(cs_info)) {
*(q++) = *p;
}
}
@@ -2225,105 +2240,106 @@
supported_init = 1;
}
- return( supported_ciphersuites );
+ return supported_ciphersuites;
}
#endif /* MBEDTLS_SSL_CIPHERSUITES */
const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
- const char *ciphersuite_name )
+ const char *ciphersuite_name)
{
const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
- if( NULL == ciphersuite_name )
- return( NULL );
+ if (NULL == ciphersuite_name) {
+ return NULL;
+ }
- while( cur->id != 0 )
- {
- if( 0 == strcmp( cur->name, ciphersuite_name ) )
- return( cur );
+ while (cur->id != 0) {
+ if (0 == strcmp(cur->name, ciphersuite_name)) {
+ return cur;
+ }
cur++;
}
- return( NULL );
+ return NULL;
}
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite )
+const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
{
const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
- while( cur->id != 0 )
- {
- if( cur->id == ciphersuite )
- return( cur );
+ while (cur->id != 0) {
+ if (cur->id == ciphersuite) {
+ return cur;
+ }
cur++;
}
- return( NULL );
+ return NULL;
}
-const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id )
+const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
{
const mbedtls_ssl_ciphersuite_t *cur;
- cur = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
+ cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
- if( cur == NULL )
- return( "unknown" );
+ if (cur == NULL) {
+ return "unknown";
+ }
- return( cur->name );
+ return cur->name;
}
-int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name )
+int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
{
const mbedtls_ssl_ciphersuite_t *cur;
- cur = mbedtls_ssl_ciphersuite_from_string( ciphersuite_name );
+ cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name);
- if( cur == NULL )
- return( 0 );
+ if (cur == NULL) {
+ return 0;
+ }
- return( cur->id );
+ return cur->id;
}
#if defined(MBEDTLS_PK_C)
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info )
+mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->key_exchange )
- {
+ switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
- return( MBEDTLS_PK_RSA );
+ return MBEDTLS_PK_RSA;
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return( MBEDTLS_PK_ECDSA );
+ return MBEDTLS_PK_ECDSA;
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- return( MBEDTLS_PK_ECKEY );
+ return MBEDTLS_PK_ECKEY;
default:
- return( MBEDTLS_PK_NONE );
+ return MBEDTLS_PK_NONE;
}
}
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info )
+mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->key_exchange )
- {
+ switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
- return( MBEDTLS_PK_RSA );
+ return MBEDTLS_PK_RSA;
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return( MBEDTLS_PK_ECDSA );
+ return MBEDTLS_PK_ECDSA;
default:
- return( MBEDTLS_PK_NONE );
+ return MBEDTLS_PK_NONE;
}
}
@@ -2331,37 +2347,35 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info )
+int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->key_exchange )
- {
+ switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
- return( 1 );
+ return 1;
default:
- return( 0 );
+ return 0;
}
}
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info )
+int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->key_exchange )
- {
+ switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_PSK:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
- return( 1 );
+ return 1;
default:
- return( 0 );
+ return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index b40ddb7..b693d53 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -48,39 +48,40 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_conf_has_static_psk( mbedtls_ssl_config const *conf )
+static int ssl_conf_has_static_psk(mbedtls_ssl_config const *conf)
{
- if( conf->psk_identity == NULL ||
- conf->psk_identity_len == 0 )
- {
- return( 0 );
+ if (conf->psk_identity == NULL ||
+ conf->psk_identity_len == 0) {
+ return 0;
}
- if( conf->psk != NULL && conf->psk_len != 0 )
- return( 1 );
+ if (conf->psk != NULL && conf->psk_len != 0) {
+ return 1;
+ }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
- return( 1 );
+ if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
+ return 1;
+ }
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf )
+static int ssl_conf_has_static_raw_psk(mbedtls_ssl_config const *conf)
{
- if( conf->psk_identity == NULL ||
- conf->psk_identity_len == 0 )
- {
- return( 0 );
+ if (conf->psk_identity == NULL ||
+ conf->psk_identity_len == 0) {
+ return 0;
}
- if( conf->psk != NULL && conf->psk_len != 0 )
- return( 1 );
+ if (conf->psk != NULL && conf->psk_len != 0) {
+ return 1;
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -88,26 +89,27 @@
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
+static int ssl_write_hostname_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen)
{
unsigned char *p = buf;
size_t hostname_len;
*olen = 0;
- if( ssl->hostname == NULL )
- return( 0 );
+ if (ssl->hostname == NULL) {
+ return 0;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding server name extension: %s",
- ssl->hostname ) );
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("client hello, adding server name extension: %s",
+ ssl->hostname));
- hostname_len = strlen( ssl->hostname );
+ hostname_len = strlen(ssl->hostname);
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, hostname_len + 9 );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, hostname_len + 9);
/*
* Sect. 3, RFC 6066 (TLS Extensions Definitions)
@@ -135,34 +137,34 @@
* } ServerNameList;
*
*/
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SERVERNAME, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SERVERNAME, p, 0);
p += 2;
- MBEDTLS_PUT_UINT16_BE( hostname_len + 5, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(hostname_len + 5, p, 0);
p += 2;
- MBEDTLS_PUT_UINT16_BE( hostname_len + 3, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(hostname_len + 3, p, 0);
p += 2;
- *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME );
+ *p++ = MBEDTLS_BYTE_0(MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME);
- MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0);
p += 2;
- memcpy( p, ssl->hostname, hostname_len );
+ memcpy(p, ssl->hostname, hostname_len);
*olen = hostname_len + 9;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
+static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen)
{
unsigned char *p = buf;
@@ -171,29 +173,30 @@
/* We're always including a TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the
* initial ClientHello, in which case also adding the renegotiation
* info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */
- if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
- return( 0 );
+ if (ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
+ return 0;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding renegotiation extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("client hello, adding renegotiation extension"));
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 + ssl->verify_data_len );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5 + ssl->verify_data_len);
/*
* Secure renegotiation
*/
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0);
p += 2;
*p++ = 0x00;
- *p++ = MBEDTLS_BYTE_0( ssl->verify_data_len + 1 );
- *p++ = MBEDTLS_BYTE_0( ssl->verify_data_len );
+ *p++ = MBEDTLS_BYTE_0(ssl->verify_data_len + 1);
+ *p++ = MBEDTLS_BYTE_0(ssl->verify_data_len);
- memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
+ memcpy(p, ssl->own_verify_data, ssl->verify_data_len);
*olen = 5 + ssl->verify_data_len;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
@@ -203,10 +206,10 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
+static int ssl_write_signature_algorithms_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen)
{
unsigned char *p = buf;
size_t sig_alg_len = 0;
@@ -218,50 +221,50 @@
*olen = 0;
- if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
- return( 0 );
+ if (ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) {
+ return 0;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding signature_algorithms extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("client hello, adding signature_algorithms extension"));
- if( ssl->conf->sig_hashes == NULL )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ if (ssl->conf->sig_hashes == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_CONFIG;
+ }
- for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
- {
+ for (md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++) {
#if defined(MBEDTLS_ECDSA_C)
sig_alg_len += 2;
#endif
#if defined(MBEDTLS_RSA_C)
sig_alg_len += 2;
#endif
- if( sig_alg_len > MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "length in bytes of sig-hash-alg extension too big" ) );
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ if (sig_alg_len > MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN) {
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("length in bytes of sig-hash-alg extension too big"));
+ return MBEDTLS_ERR_SSL_BAD_CONFIG;
}
}
/* Empty signature algorithms list, this is a configuration error. */
- if( sig_alg_len == 0 )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ if (sig_alg_len == 0) {
+ return MBEDTLS_ERR_SSL_BAD_CONFIG;
+ }
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, sig_alg_len + 6 );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, sig_alg_len + 6);
/*
* Prepare signature_algorithms extension (TLS 1.2)
*/
sig_alg_len = 0;
- for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
- {
+ for (md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++) {
#if defined(MBEDTLS_ECDSA_C)
- sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
+ sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg(*md);
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
#endif
#if defined(MBEDTLS_RSA_C)
- sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
+ sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg(*md);
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
#endif
}
@@ -283,18 +286,18 @@
* SignatureAndHashAlgorithm
* supported_signature_algorithms<2..2^16-2>;
*/
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SIG_ALG, p, 0);
p += 2;
- MBEDTLS_PUT_UINT16_BE( sig_alg_len + 2, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(sig_alg_len + 2, p, 0);
p += 2;
- MBEDTLS_PUT_UINT16_BE( sig_alg_len, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(sig_alg_len, p, 0);
p += 2;
*olen = 6 + sig_alg_len;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
@@ -302,10 +305,10 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
+static int ssl_write_supported_elliptic_curves_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen)
{
unsigned char *p = buf;
unsigned char *elliptic_curve_list = p + 6;
@@ -315,80 +318,78 @@
*olen = 0;
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding supported_elliptic_curves extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("client hello, adding supported_elliptic_curves extension"));
- if( ssl->conf->curve_list == NULL )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ if (ssl->conf->curve_list == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_CONFIG;
+ }
- for( grp_id = ssl->conf->curve_list;
+ for (grp_id = ssl->conf->curve_list;
*grp_id != MBEDTLS_ECP_DP_NONE;
- grp_id++ )
- {
- info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
- if( info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "invalid curve in ssl configuration" ) );
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ grp_id++) {
+ info = mbedtls_ecp_curve_info_from_grp_id(*grp_id);
+ if (info == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("invalid curve in ssl configuration"));
+ return MBEDTLS_ERR_SSL_BAD_CONFIG;
}
elliptic_curve_len += 2;
- if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "malformed supported_elliptic_curves extension in config" ) );
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ if (elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN) {
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("malformed supported_elliptic_curves extension in config"));
+ return MBEDTLS_ERR_SSL_BAD_CONFIG;
}
}
/* Empty elliptic curve list, this is a configuration error. */
- if( elliptic_curve_len == 0 )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ if (elliptic_curve_len == 0) {
+ return MBEDTLS_ERR_SSL_BAD_CONFIG;
+ }
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6 + elliptic_curve_len);
elliptic_curve_len = 0;
- for( grp_id = ssl->conf->curve_list;
+ for (grp_id = ssl->conf->curve_list;
*grp_id != MBEDTLS_ECP_DP_NONE;
- grp_id++ )
- {
- info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
- elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_1( info->tls_id );
- elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_0( info->tls_id );
+ grp_id++) {
+ info = mbedtls_ecp_curve_info_from_grp_id(*grp_id);
+ elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_1(info->tls_id);
+ elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_0(info->tls_id);
}
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0);
p += 2;
- MBEDTLS_PUT_UINT16_BE( elliptic_curve_len + 2, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(elliptic_curve_len + 2, p, 0);
p += 2;
- MBEDTLS_PUT_UINT16_BE( elliptic_curve_len, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(elliptic_curve_len, p, 0);
p += 2;
*olen = 6 + elliptic_curve_len;
- return( 0 );
+ return 0;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
+static int ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen)
{
unsigned char *p = buf;
(void) ssl; /* ssl used for debugging only */
*olen = 0;
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding supported_point_formats extension" ) );
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("client hello, adding supported_point_formats extension"));
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6);
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0);
p += 2;
*p++ = 0x00;
@@ -399,17 +400,17 @@
*olen = 6;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
+static int ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
@@ -418,15 +419,16 @@
*olen = 0;
/* Skip costly extension if we can't use EC J-PAKE anyway */
- if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
- return( 0 );
+ if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) {
+ return 0;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding ecjpake_kkpp extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("client hello, adding ecjpake_kkpp extension"));
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4);
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0);
p += 2;
/*
@@ -434,56 +436,51 @@
* We don't want to compute fresh values every time (both for performance
* and consistency reasons), so cache the extension content.
*/
- if( ssl->handshake->ecjpake_cache == NULL ||
- ssl->handshake->ecjpake_cache_len == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) );
+ if (ssl->handshake->ecjpake_cache == NULL ||
+ ssl->handshake->ecjpake_cache_len == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("generating new ecjpake parameters"));
- ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
- p + 2, end - p - 2, &kkpp_len,
- ssl->conf->f_rng, ssl->conf->p_rng );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1 ,
- "mbedtls_ecjpake_write_round_one", ret );
- return( ret );
+ ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx,
+ p + 2, end - p - 2, &kkpp_len,
+ ssl->conf->f_rng, ssl->conf->p_rng);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1,
+ "mbedtls_ecjpake_write_round_one", ret);
+ return ret;
}
- ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len );
- if( ssl->handshake->ecjpake_cache == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "allocation failed" ) );
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ ssl->handshake->ecjpake_cache = mbedtls_calloc(1, kkpp_len);
+ if (ssl->handshake->ecjpake_cache == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("allocation failed"));
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
- memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len );
+ memcpy(ssl->handshake->ecjpake_cache, p + 2, kkpp_len);
ssl->handshake->ecjpake_cache_len = kkpp_len;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "re-using cached ecjpake parameters" ) );
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("re-using cached ecjpake parameters"));
kkpp_len = ssl->handshake->ecjpake_cache_len;
- MBEDTLS_SSL_CHK_BUF_PTR( p + 2, end, kkpp_len );
+ MBEDTLS_SSL_CHK_BUF_PTR(p + 2, end, kkpp_len);
- memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
+ memcpy(p + 2, ssl->handshake->ecjpake_cache, kkpp_len);
}
- MBEDTLS_PUT_UINT16_BE( kkpp_len, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(kkpp_len, p, 0);
p += 2;
*olen = kkpp_len + 4;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_cid_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
+static int ssl_write_cid_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen)
{
unsigned char *p = buf;
size_t ext_len;
@@ -495,56 +492,56 @@
* struct {
* opaque cid<0..2^8-1>;
* } ConnectionId;
- */
+ */
*olen = 0;
- if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
- ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
- {
- return( 0 );
+ if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
+ ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) {
+ return 0;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding CID extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding CID extension"));
/* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX
* which is at most 255, so the increment cannot overflow. */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, (unsigned)( ssl->own_cid_len + 5 ) );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, (unsigned) (ssl->own_cid_len + 5));
/* Add extension ID + size */
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_CID, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_CID, p, 0);
p += 2;
ext_len = (size_t) ssl->own_cid_len + 1;
- MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(ext_len, p, 0);
p += 2;
*p++ = (uint8_t) ssl->own_cid_len;
- memcpy( p, ssl->own_cid, ssl->own_cid_len );
+ memcpy(p, ssl->own_cid, ssl->own_cid_len);
*olen = ssl->own_cid_len + 5;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
+static int ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen)
{
unsigned char *p = buf;
*olen = 0;
- if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE )
- return( 0 );
+ if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE) {
+ return 0;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding max_fragment_length extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("client hello, adding max_fragment_length extension"));
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5);
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0);
p += 2;
*p++ = 0x00;
@@ -554,30 +551,31 @@
*olen = 5;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
+static int ssl_write_truncated_hmac_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen)
{
unsigned char *p = buf;
*olen = 0;
- if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
- return( 0 );
+ if (ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED) {
+ return 0;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding truncated_hmac extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("client hello, adding truncated_hmac extension"));
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4);
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_TRUNCATED_HMAC, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_TRUNCATED_HMAC, p, 0);
p += 2;
*p++ = 0x00;
@@ -585,31 +583,32 @@
*olen = 4;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
+static int ssl_write_encrypt_then_mac_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen)
{
unsigned char *p = buf;
*olen = 0;
- if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
- ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
- return( 0 );
+ if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
+ ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) {
+ return 0;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding encrypt_then_mac extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("client hello, adding encrypt_then_mac extension"));
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4);
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0);
p += 2;
*p++ = 0x00;
@@ -617,31 +616,32 @@
*olen = 4;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
+static int ssl_write_extended_ms_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen)
{
unsigned char *p = buf;
*olen = 0;
- if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
- ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
- return( 0 );
+ if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
+ ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) {
+ return 0;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding extended_master_secret extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("client hello, adding extended_master_secret extension"));
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4);
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0);
p += 2;
*p++ = 0x00;
@@ -649,59 +649,61 @@
*olen = 4;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
+static int ssl_write_session_ticket_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen)
{
unsigned char *p = buf;
size_t tlen = ssl->session_negotiate->ticket_len;
*olen = 0;
- if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
- return( 0 );
+ if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED) {
+ return 0;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding session ticket extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("client hello, adding session ticket extension"));
/* The addition is safe here since the ticket length is 16 bit. */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4 + tlen);
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0);
p += 2;
- MBEDTLS_PUT_UINT16_BE( tlen, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(tlen, p, 0);
p += 2;
*olen = 4;
- if( ssl->session_negotiate->ticket == NULL || tlen == 0 )
- return( 0 );
+ if (ssl->session_negotiate->ticket == NULL || tlen == 0) {
+ return 0;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen ) );
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen));
- memcpy( p, ssl->session_negotiate->ticket, tlen );
+ memcpy(p, ssl->session_negotiate->ticket, tlen);
*olen += tlen;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_ALPN)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
+static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen)
{
unsigned char *p = buf;
size_t alpnlen = 0;
@@ -709,17 +711,19 @@
*olen = 0;
- if( ssl->conf->alpn_list == NULL )
- return( 0 );
+ if (ssl->conf->alpn_list == NULL) {
+ return 0;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding alpn extension"));
- for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
- alpnlen += strlen( *cur ) + 1;
+ for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
+ alpnlen += strlen(*cur) + 1;
+ }
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6 + alpnlen);
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ALPN, p, 0);
p += 2;
/*
@@ -733,35 +737,34 @@
/* Skip writing extension and list length for now */
p += 4;
- for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
- {
+ for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
/*
* mbedtls_ssl_conf_set_alpn_protocols() checked that the length of
* protocol names is less than 255.
*/
- *p = (unsigned char)strlen( *cur );
- memcpy( p + 1, *cur, *p );
+ *p = (unsigned char) strlen(*cur);
+ memcpy(p + 1, *cur, *p);
p += 1 + *p;
}
*olen = p - buf;
/* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
- MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 );
+ MBEDTLS_PUT_UINT16_BE(*olen - 6, buf, 4);
/* Extension length = olen - 2 (ext_type) - 2 (ext_len) */
- MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 );
+ MBEDTLS_PUT_UINT16_BE(*olen - 4, buf, 2);
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
+static int ssl_write_use_srtp_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen)
{
unsigned char *p = buf;
size_t protection_profiles_index = 0, ext_len = 0;
@@ -769,11 +772,10 @@
*olen = 0;
- if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ||
- ( ssl->conf->dtls_srtp_profile_list == NULL ) ||
- ( ssl->conf->dtls_srtp_profile_list_len == 0 ) )
- {
- return( 0 );
+ if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
+ (ssl->conf->dtls_srtp_profile_list == NULL) ||
+ (ssl->conf->dtls_srtp_profile_list_len == 0)) {
+ return 0;
}
/* RFC 5764 section 4.1.1
@@ -785,28 +787,27 @@
* } UseSRTPData;
* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
*/
- if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED )
- {
+ if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) {
mki_len = ssl->dtls_srtp_info.mki_len;
}
/* Extension length = 2 bytes for profiles length,
* ssl->conf->dtls_srtp_profile_list_len * 2 (each profile is 2 bytes length ),
* 1 byte for srtp_mki vector length and the mki_len value
*/
- ext_len = 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len;
+ ext_len = 2 + 2 * (ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding use_srtp extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding use_srtp extension"));
/* Check there is room in the buffer for the extension + 4 bytes
* - the extension tag (2 bytes)
* - the extension length (2 bytes)
*/
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, ext_len + 4 );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, ext_len + 4);
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_USE_SRTP, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, p, 0);
p += 2;
- MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(ext_len, p, 0);
p += 2;
/* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */
@@ -818,47 +819,42 @@
* >> 8 ) & 0xFF );
*/
*p++ = 0;
- *p++ = MBEDTLS_BYTE_0( 2 * ssl->conf->dtls_srtp_profile_list_len );
+ *p++ = MBEDTLS_BYTE_0(2 * ssl->conf->dtls_srtp_profile_list_len);
- for( protection_profiles_index=0;
+ for (protection_profiles_index = 0;
protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len;
- protection_profiles_index++ )
- {
+ protection_profiles_index++) {
profile_value = mbedtls_ssl_check_srtp_profile_value
- ( ssl->conf->dtls_srtp_profile_list[protection_profiles_index] );
- if( profile_value != MBEDTLS_TLS_SRTP_UNSET )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
- profile_value ) );
- MBEDTLS_PUT_UINT16_BE( profile_value, p, 0 );
+ (ssl->conf->dtls_srtp_profile_list[protection_profiles_index]);
+ if (profile_value != MBEDTLS_TLS_SRTP_UNSET) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_write_use_srtp_ext, add profile: %04x",
+ profile_value));
+ MBEDTLS_PUT_UINT16_BE(profile_value, p, 0);
p += 2;
- }
- else
- {
+ } else {
/*
* Note: we shall never arrive here as protection profiles
* is checked by mbedtls_ssl_conf_dtls_srtp_protection_profiles function
*/
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, "
- "illegal DTLS-SRTP protection profile %d",
- ssl->conf->dtls_srtp_profile_list[protection_profiles_index]
- ) );
- return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("client hello, "
+ "illegal DTLS-SRTP protection profile %d",
+ ssl->conf->dtls_srtp_profile_list[protection_profiles_index]
+ ));
+ return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
}
}
*p++ = mki_len & 0xFF;
- if( mki_len != 0 )
- {
- memcpy( p, ssl->dtls_srtp_info.mki_value, mki_len );
+ if (mki_len != 0) {
+ memcpy(p, ssl->dtls_srtp_info.mki_value, mki_len);
/*
* Increment p to point to the current position.
*/
p += mki_len;
- MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki", ssl->dtls_srtp_info.mki_value,
- ssl->dtls_srtp_info.mki_len );
+ MBEDTLS_SSL_DEBUG_BUF(3, "sending mki", ssl->dtls_srtp_info.mki_value,
+ ssl->dtls_srtp_info.mki_len);
}
/*
@@ -871,7 +867,7 @@
*/
*olen = p - buf;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
@@ -879,7 +875,7 @@
* Generate random bytes for ClientHello
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_generate_random( mbedtls_ssl_context *ssl )
+static int ssl_generate_random(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = ssl->handshake->randbytes;
@@ -891,31 +887,32 @@
* When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->handshake->verify_cookie != NULL )
- {
- return( 0 );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl->handshake->verify_cookie != NULL) {
+ return 0;
}
#endif
#if defined(MBEDTLS_HAVE_TIME)
- t = mbedtls_time( NULL );
- MBEDTLS_PUT_UINT32_BE( t, p, 0 );
+ t = mbedtls_time(NULL);
+ MBEDTLS_PUT_UINT32_BE(t, p, 0);
p += 4;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
- (long long) t ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
+ (long long) t));
#else
- if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
- return( ret );
+ if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 4)) != 0) {
+ return ret;
+ }
p += 4;
#endif /* MBEDTLS_HAVE_TIME */
- if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 )
- return( ret );
+ if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 28)) != 0) {
+ return ret;
+ }
- return( 0 );
+ return 0;
}
/**
@@ -930,50 +927,54 @@
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_validate_ciphersuite(
- const mbedtls_ssl_ciphersuite_t * suite_info,
- const mbedtls_ssl_context * ssl,
- int min_minor_ver, int max_minor_ver )
+ const mbedtls_ssl_ciphersuite_t *suite_info,
+ const mbedtls_ssl_context *ssl,
+ int min_minor_ver, int max_minor_ver)
{
(void) ssl;
- if( suite_info == NULL )
- return( 1 );
+ if (suite_info == NULL) {
+ return 1;
+ }
- if( suite_info->min_minor_ver > max_minor_ver ||
- suite_info->max_minor_ver < min_minor_ver )
- return( 1 );
+ if (suite_info->min_minor_ver > max_minor_ver ||
+ suite_info->max_minor_ver < min_minor_ver) {
+ return 1;
+ }
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
- return( 1 );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ (suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS)) {
+ return 1;
+ }
#endif
#if defined(MBEDTLS_ARC4_C)
- if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
- suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
- return( 1 );
+ if (ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
+ suite_info->cipher == MBEDTLS_CIPHER_ARC4_128) {
+ return 1;
+ }
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
- mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
- return( 1 );
+ if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
+ mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) {
+ return 1;
+ }
#endif
/* Don't suggest PSK-based ciphersuite if no PSK is available. */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
- ssl_conf_has_static_psk( ssl->conf ) == 0 )
- {
- return( 1 );
+ if (mbedtls_ssl_ciphersuite_uses_psk(suite_info) &&
+ ssl_conf_has_static_psk(ssl->conf) == 0) {
+ return 1;
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
- return( 0 );
+ return 0;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
+static int ssl_write_client_hello(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, n, olen, ext_len = 0;
@@ -990,30 +991,29 @@
int uses_ec = 0;
#endif
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client hello"));
- if( ssl->conf->f_rng == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") );
- return( MBEDTLS_ERR_SSL_NO_RNG );
+ if (ssl->conf->f_rng == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided"));
+ return MBEDTLS_ERR_SSL_NO_RNG;
}
int renegotiating = 0;
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
+ if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
renegotiating = 1;
+ }
#endif
- if( !renegotiating )
- {
+ if (!renegotiating) {
ssl->major_ver = ssl->conf->min_major_ver;
ssl->minor_ver = ssl->conf->min_minor_ver;
}
- if( ssl->conf->max_major_ver == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "configured max major version is invalid, consider using mbedtls_ssl_config_defaults()" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->conf->max_major_ver == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ (
+ "configured max major version is invalid, consider using mbedtls_ssl_config_defaults()"));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
buf = ssl->out_msg;
@@ -1027,7 +1027,7 @@
* Use static upper bounds instead of the actual values
* to allow the compiler to optimize this away.
*/
- MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 38 + 1 + 32 );
+ MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 38 + 1 + 32);
/*
* The 38 first bytes of the ClientHello:
@@ -1043,22 +1043,21 @@
*/
p = buf + 4;
- mbedtls_ssl_write_version( ssl->conf->max_major_ver,
- ssl->conf->max_minor_ver,
- ssl->conf->transport, p );
+ mbedtls_ssl_write_version(ssl->conf->max_major_ver,
+ ssl->conf->max_minor_ver,
+ ssl->conf->transport, p);
p += 2;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]",
- buf[4], buf[5] ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, max version: [%d:%d]",
+ buf[4], buf[5]));
- if( ( ret = ssl_generate_random( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret );
- return( ret );
+ if ((ret = ssl_generate_random(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_generate_random", ret);
+ return ret;
}
- memcpy( p, ssl->handshake->randbytes, 32 );
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", p, 32 );
+ memcpy(p, ssl->handshake->randbytes, 32);
+ MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes", p, 32);
p += 32;
/*
@@ -1075,12 +1074,11 @@
*/
n = ssl->session_negotiate->id_len;
- if( n < 16 || n > 32 ||
+ if (n < 16 || n > 32 ||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
#endif
- ssl->handshake->resume == 0 )
- {
+ ssl->handshake->resume == 0) {
n = 0;
}
@@ -1089,16 +1087,15 @@
* RFC 5077 section 3.4: "When presenting a ticket, the client MAY
* generate and include a Session ID in the TLS ClientHello."
*/
- if( !renegotiating )
- {
- if( ssl->session_negotiate->ticket != NULL &&
- ssl->session_negotiate->ticket_len != 0 )
- {
- ret = ssl->conf->f_rng( ssl->conf->p_rng,
- ssl->session_negotiate->id, 32 );
+ if (!renegotiating) {
+ if (ssl->session_negotiate->ticket != NULL &&
+ ssl->session_negotiate->ticket_len != 0) {
+ ret = ssl->conf->f_rng(ssl->conf->p_rng,
+ ssl->session_negotiate->id, 32);
- if( ret != 0 )
- return( ret );
+ if (ret != 0) {
+ return ret;
+ }
ssl->session_negotiate->id_len = n = 32;
}
@@ -1113,11 +1110,12 @@
*/
*p++ = (unsigned char) n;
- for( i = 0; i < n; i++ )
+ for (i = 0; i < n; i++) {
*p++ = ssl->session_negotiate->id[i];
+ }
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n));
+ MBEDTLS_SSL_DEBUG_BUF(3, "client hello, session id", buf + 39, n);
/*
* With 'n' being the length of the session identifier
@@ -1136,27 +1134,23 @@
* DTLS cookie
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1);
- if( ssl->handshake->verify_cookie == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) );
+ if (ssl->handshake->verify_cookie == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("no verify cookie to send"));
*p++ = 0;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
- ssl->handshake->verify_cookie,
- ssl->handshake->verify_cookie_len );
+ } else {
+ MBEDTLS_SSL_DEBUG_BUF(3, "client hello, cookie",
+ ssl->handshake->verify_cookie,
+ ssl->handshake->verify_cookie_len);
*p++ = ssl->handshake->verify_cookie_len;
- MBEDTLS_SSL_CHK_BUF_PTR( p, end,
- ssl->handshake->verify_cookie_len );
- memcpy( p, ssl->handshake->verify_cookie,
- ssl->handshake->verify_cookie_len );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end,
+ ssl->handshake->verify_cookie_len);
+ memcpy(p, ssl->handshake->verify_cookie,
+ ssl->handshake->verify_cookie_len);
p += ssl->handshake->verify_cookie_len;
}
}
@@ -1171,63 +1165,62 @@
n = 0;
q = p;
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
p += 2;
- for( i = 0; ciphersuites[i] != 0; i++ )
- {
- ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] );
+ for (i = 0; ciphersuites[i] != 0; i++) {
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuites[i]);
- if( ssl_validate_ciphersuite( ciphersuite_info, ssl,
- ssl->conf->min_minor_ver,
- ssl->conf->max_minor_ver ) != 0 )
+ if (ssl_validate_ciphersuite(ciphersuite_info, ssl,
+ ssl->conf->min_minor_ver,
+ ssl->conf->max_minor_ver) != 0) {
continue;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)",
- (unsigned int)ciphersuites[i], ciphersuite_info->name ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, add ciphersuite: %#04x (%s)",
+ (unsigned int) ciphersuites[i], ciphersuite_info->name));
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info );
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ uses_ec |= mbedtls_ssl_ciphersuite_uses_ec(ciphersuite_info);
#endif
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
n++;
- MBEDTLS_PUT_UINT16_BE( ciphersuites[i], p, 0 );
+ MBEDTLS_PUT_UINT16_BE(ciphersuites[i], p, 0);
p += 2;
}
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites (excluding SCSVs)", n ) );
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("client hello, got %" MBEDTLS_PRINTF_SIZET
+ " ciphersuites (excluding SCSVs)", n));
/*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*/
- if( !renegotiating )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO, p, 0 );
+ if (!renegotiating) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("adding EMPTY_RENEGOTIATION_INFO_SCSV"));
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO, p, 0);
p += 2;
n++;
}
/* Some versions of OpenSSL don't handle it correctly if not at end */
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
- if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) );
+ if (ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("adding FALLBACK_SCSV"));
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_SSL_FALLBACK_SCSV_VALUE, p, 0 );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_FALLBACK_SCSV_VALUE, p, 0);
p += 2;
n++;
}
#endif
- *q++ = (unsigned char)( n >> 7 );
- *q++ = (unsigned char)( n << 1 );
+ *q++ = (unsigned char) (n >> 7);
+ *q++ = (unsigned char) (n << 1);
#if defined(MBEDTLS_ZLIB_SUPPORT)
offer_compress = 1;
@@ -1242,43 +1235,40 @@
* an actual need for it.
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
offer_compress = 0;
+ }
#endif
- if( offer_compress )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d",
- MBEDTLS_SSL_COMPRESS_DEFLATE,
- MBEDTLS_SSL_COMPRESS_NULL ) );
+ if (offer_compress) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, compress len.: %d", 2));
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, compress alg.: %d %d",
+ MBEDTLS_SSL_COMPRESS_DEFLATE,
+ MBEDTLS_SSL_COMPRESS_NULL));
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 3);
*p++ = 2;
*p++ = MBEDTLS_SSL_COMPRESS_DEFLATE;
*p++ = MBEDTLS_SSL_COMPRESS_NULL;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 1 ) );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d",
- MBEDTLS_SSL_COMPRESS_NULL ) );
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, compress len.: %d", 1));
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, compress alg.: %d",
+ MBEDTLS_SSL_COMPRESS_NULL));
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
*p++ = 1;
*p++ = MBEDTLS_SSL_COMPRESS_NULL;
}
/* First write extensions, then the total length */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- if( ( ret = ssl_write_hostname_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_hostname_ext", ret );
- return( ret );
+ if ((ret = ssl_write_hostname_ext(ssl, p + 2 + ext_len,
+ end, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_hostname_ext", ret);
+ return ret;
}
ext_len += olen;
#endif
@@ -1286,133 +1276,119 @@
/* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added
* even if MBEDTLS_SSL_RENEGOTIATION is not defined. */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ( ret = ssl_write_renegotiation_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_renegotiation_ext", ret );
- return( ret );
+ if ((ret = ssl_write_renegotiation_ext(ssl, p + 2 + ext_len,
+ end, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_renegotiation_ext", ret);
+ return ret;
}
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- if( ( ret = ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_signature_algorithms_ext", ret );
- return( ret );
+ if ((ret = ssl_write_signature_algorithms_ext(ssl, p + 2 + ext_len,
+ end, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_signature_algorithms_ext", ret);
+ return ret;
}
ext_len += olen;
#endif
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- if( uses_ec )
- {
- if( ( ret = ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_elliptic_curves_ext", ret );
- return( ret );
+ if (uses_ec) {
+ if ((ret = ssl_write_supported_elliptic_curves_ext(ssl, p + 2 + ext_len,
+ end, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_supported_elliptic_curves_ext", ret);
+ return ret;
}
ext_len += olen;
- if( ( ret = ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_point_formats_ext", ret );
- return( ret );
+ if ((ret = ssl_write_supported_point_formats_ext(ssl, p + 2 + ext_len,
+ end, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_supported_point_formats_ext", ret);
+ return ret;
}
ext_len += olen;
}
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_ecjpake_kkpp_ext", ret );
- return( ret );
+ if ((ret = ssl_write_ecjpake_kkpp_ext(ssl, p + 2 + ext_len,
+ end, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_ecjpake_kkpp_ext", ret);
+ return ret;
}
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if( ( ret = ssl_write_cid_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_cid_ext", ret );
- return( ret );
+ if ((ret = ssl_write_cid_ext(ssl, p + 2 + ext_len, end, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_cid_ext", ret);
+ return ret;
}
ext_len += olen;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- if( ( ret = ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_max_fragment_length_ext", ret );
- return( ret );
+ if ((ret = ssl_write_max_fragment_length_ext(ssl, p + 2 + ext_len,
+ end, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_max_fragment_length_ext", ret);
+ return ret;
}
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- if( ( ret = ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_truncated_hmac_ext", ret );
- return( ret );
+ if ((ret = ssl_write_truncated_hmac_ext(ssl, p + 2 + ext_len,
+ end, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_truncated_hmac_ext", ret);
+ return ret;
}
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_encrypt_then_mac_ext", ret );
- return( ret );
+ if ((ret = ssl_write_encrypt_then_mac_ext(ssl, p + 2 + ext_len,
+ end, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_encrypt_then_mac_ext", ret);
+ return ret;
}
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- if( ( ret = ssl_write_extended_ms_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_extended_ms_ext", ret );
- return( ret );
+ if ((ret = ssl_write_extended_ms_ext(ssl, p + 2 + ext_len,
+ end, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_extended_ms_ext", ret);
+ return ret;
}
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_ALPN)
- if( ( ret = ssl_write_alpn_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_alpn_ext", ret );
- return( ret );
+ if ((ret = ssl_write_alpn_ext(ssl, p + 2 + ext_len,
+ end, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_alpn_ext", ret);
+ return ret;
}
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- if( ( ret = ssl_write_use_srtp_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_use_srtp_ext", ret );
- return( ret );
+ if ((ret = ssl_write_use_srtp_ext(ssl, p + 2 + ext_len,
+ end, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_use_srtp_ext", ret);
+ return ret;
}
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- if( ( ret = ssl_write_session_ticket_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_session_ticket_ext", ret );
- return( ret );
+ if ((ret = ssl_write_session_ticket_ext(ssl, p + 2 + ext_len,
+ end, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_session_ticket_ext", ret);
+ return ret;
}
ext_len += olen;
#endif
@@ -1420,14 +1396,13 @@
/* olen unused if all extensions are disabled */
((void) olen);
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
- ext_len ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
+ ext_len));
- if( ext_len > 0 )
- {
+ if (ext_len > 0) {
/* No need to check for space here, because the extension
* writing functions already took care of that. */
- MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(ext_len, p, 0);
p += 2 + ext_len;
}
@@ -1438,363 +1413,343 @@
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- mbedtls_ssl_send_flight_completed( ssl );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ mbedtls_ssl_send_flight_completed(ssl);
+ }
#endif
- if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+ return ret;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
- return( ret );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret);
+ return ret;
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write client hello"));
- return( 0 );
+ return 0;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
- {
+ if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
/* Check verify-data in constant-time. The length OTOH is no secret */
- if( len != 1 + ssl->verify_data_len * 2 ||
+ if (len != 1 + ssl->verify_data_len * 2 ||
buf[0] != ssl->verify_data_len * 2 ||
- mbedtls_ct_memcmp( buf + 1,
- ssl->own_verify_data, ssl->verify_data_len ) != 0 ||
- mbedtls_ct_memcmp( buf + 1 + ssl->verify_data_len,
- ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
+ mbedtls_ct_memcmp(buf + 1,
+ ssl->own_verify_data, ssl->verify_data_len) != 0 ||
+ mbedtls_ct_memcmp(buf + 1 + ssl->verify_data_len,
+ ssl->peer_verify_data, ssl->verify_data_len) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching renegotiation info"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
- }
- else
+ } else
#endif /* MBEDTLS_SSL_RENEGOTIATION */
{
- if( len != 1 || buf[0] != 0x00 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "non-zero length renegotiation info" ) );
+ if (len != 1 || buf[0] != 0x00) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("non-zero length renegotiation info"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
}
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_max_fragment_length_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
/*
* server should use the extension only if we did,
* and if so the server's value should match ours (and len is always 1)
*/
- if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ||
+ if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ||
len != 1 ||
- buf[0] != ssl->conf->mfl_code )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "non-matching max fragment length extension" ) );
+ buf[0] != ssl->conf->mfl_code) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("non-matching max fragment length extension"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_truncated_hmac_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
- if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ||
- len != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "non-matching truncated HMAC extension" ) );
+ if (ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ||
+ len != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("non-matching truncated HMAC extension"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
((void) buf);
ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_cid_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
size_t peer_cid_len;
- if( /* CID extension only makes sense in DTLS */
+ if ( /* CID extension only makes sense in DTLS */
ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
/* The server must only send the CID extension if we have offered it. */
- ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension unexpected" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension unexpected"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
- if( len == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ if (len == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
peer_cid_len = *buf++;
len--;
- if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ if (peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
- if( len != peer_cid_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ if (len != peer_cid_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
- memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
+ memcpy(ssl->handshake->peer_cid, buf, peer_cid_len);
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) );
- MBEDTLS_SSL_DEBUG_BUF( 3, "Server CID", buf, peer_cid_len );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Use of CID extension negotiated"));
+ MBEDTLS_SSL_DEBUG_BUF(3, "Server CID", buf, peer_cid_len);
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_encrypt_then_mac_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
- if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
+ if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
- len != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "non-matching encrypt-then-MAC extension" ) );
+ len != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("non-matching encrypt-then-MAC extension"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
((void) buf);
ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_extended_ms_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
- if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
+ if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
- len != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "non-matching extended master secret extension" ) );
+ len != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("non-matching extended master secret extension"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
((void) buf);
ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
- if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
- len != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "non-matching session ticket extension" ) );
+ if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
+ len != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("non-matching session ticket extension"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
((void) buf);
ssl->handshake->new_session_ticket = 1;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
size_t list_size;
const unsigned char *p;
- if( len == 0 || (size_t)( buf[0] + 1 ) != len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ if (len == 0 || (size_t) (buf[0] + 1) != len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
list_size = buf[0];
p = buf + 1;
- while( list_size > 0 )
- {
- if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
- p[0] == MBEDTLS_ECP_PF_COMPRESSED )
- {
+ while (list_size > 0) {
+ if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
+ p[0] == MBEDTLS_ECP_PF_COMPRESSED) {
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
ssl->handshake->ecdh_ctx.point_format = p[0];
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
ssl->handshake->ecjpake_ctx.point_format = p[0];
#endif
- MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
- return( 0 );
+ MBEDTLS_SSL_DEBUG_MSG(4, ("point format selected: %d", p[0]));
+ return 0;
}
list_size--;
p++;
}
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "no point format in common" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("no point format in common"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ssl->handshake->ciphersuite_info->key_exchange !=
- MBEDTLS_KEY_EXCHANGE_ECJPAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) );
- return( 0 );
+ if (ssl->handshake->ciphersuite_info->key_exchange !=
+ MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("skip ecjpake kkpp extension"));
+ return 0;
}
/* If we got here, we no longer need our cached extension */
- mbedtls_free( ssl->handshake->ecjpake_cache );
+ mbedtls_free(ssl->handshake->ecjpake_cache);
ssl->handshake->ecjpake_cache = NULL;
ssl->handshake->ecjpake_cache_len = 0;
- if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx,
- buf, len ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret );
+ if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx,
+ buf, len)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_one", ret);
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( ret );
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return ret;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_ALPN)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len )
+static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf, size_t len)
{
size_t list_len, name_len;
const char **p;
/* If we didn't send it, the server shouldn't send it */
- if( ssl->conf->alpn_list == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching ALPN extension" ) );
+ if (ssl->conf->alpn_list == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching ALPN extension"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
/*
@@ -1808,62 +1763,58 @@
*/
/* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */
- if( len < 4 )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ if (len < 4) {
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
- list_len = ( buf[0] << 8 ) | buf[1];
- if( list_len != len - 2 )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ list_len = (buf[0] << 8) | buf[1];
+ if (list_len != len - 2) {
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
name_len = buf[2];
- if( name_len != list_len - 1 )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ if (name_len != list_len - 1) {
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
/* Check that the server chosen protocol was in our list and save it */
- for( p = ssl->conf->alpn_list; *p != NULL; p++ )
- {
- if( name_len == strlen( *p ) &&
- memcmp( buf + 3, *p, name_len ) == 0 )
- {
+ for (p = ssl->conf->alpn_list; *p != NULL; p++) {
+ if (name_len == strlen(*p) &&
+ memcmp(buf + 3, *p, name_len) == 0) {
ssl->alpn_chosen = *p;
- return( 0 );
+ return 0;
}
}
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "ALPN extension: no matching protocol" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("ALPN extension: no matching protocol"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
mbedtls_ssl_srtp_profile server_protection = MBEDTLS_TLS_SRTP_UNSET;
size_t i, mki_len = 0;
uint16_t server_protection_profile_value = 0;
/* If use_srtp is not configured, just ignore the extension */
- if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ||
- ( ssl->conf->dtls_srtp_profile_list == NULL ) ||
- ( ssl->conf->dtls_srtp_profile_list_len == 0 ) )
- return( 0 );
+ if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
+ (ssl->conf->dtls_srtp_profile_list == NULL) ||
+ (ssl->conf->dtls_srtp_profile_list_len == 0)) {
+ return 0;
+ }
/* RFC 5764 section 4.1.1
* uint8 SRTPProtectionProfile[2];
@@ -1876,8 +1827,7 @@
* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
*
*/
- if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED )
- {
+ if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) {
mki_len = ssl->dtls_srtp_info.mki_len;
}
@@ -1887,8 +1837,9 @@
* + mki_len(1 byte)
* and optional srtp_mki
*/
- if( ( len < 5 ) || ( len != ( buf[4] + 5u ) ) )
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ if ((len < 5) || (len != (buf[4] + 5u))) {
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
+ }
/*
* get the server protection profile
@@ -1898,17 +1849,17 @@
* protection profile length must be 0x0002 as we must have only
* one protection profile in server Hello
*/
- if( ( buf[0] != 0 ) || ( buf[1] != 2 ) )
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ if ((buf[0] != 0) || (buf[1] != 2)) {
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
+ }
- server_protection_profile_value = ( buf[2] << 8 ) | buf[3];
+ server_protection_profile_value = (buf[2] << 8) | buf[3];
server_protection = mbedtls_ssl_check_srtp_profile_value(
- server_protection_profile_value );
- if( server_protection != MBEDTLS_TLS_SRTP_UNSET )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s",
- mbedtls_ssl_get_srtp_profile_as_string(
- server_protection ) ) );
+ server_protection_profile_value);
+ if (server_protection != MBEDTLS_TLS_SRTP_UNSET) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found srtp profile: %s",
+ mbedtls_ssl_get_srtp_profile_as_string(
+ server_protection)));
}
ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET;
@@ -1916,30 +1867,26 @@
/*
* Check we have the server profile in our list
*/
- for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++)
- {
- if( server_protection == ssl->conf->dtls_srtp_profile_list[i] )
- {
+ for (i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) {
+ if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) {
ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i];
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s",
+ MBEDTLS_SSL_DEBUG_MSG(3, ("selected srtp profile: %s",
mbedtls_ssl_get_srtp_profile_as_string(
- server_protection ) ) );
+ server_protection)));
break;
}
}
/* If no match was found : server problem, it shall never answer with incompatible profile */
- if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET) {
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
/* If server does not use mki in its reply, make sure the client won't keep
* one as negotiated */
- if( len == 5 )
- {
+ if (len == 5) {
ssl->dtls_srtp_info.mki_len = 0;
}
@@ -1949,21 +1896,19 @@
* that is different than the one the client offered, then the client
* MUST abort the handshake and SHOULD send an invalid_parameter alert.
*/
- if( len > 5 && ( buf[4] != mki_len ||
- ( memcmp( ssl->dtls_srtp_info.mki_value, &buf[5], mki_len ) ) ) )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ if (len > 5 && (buf[4] != mki_len ||
+ (memcmp(ssl->dtls_srtp_info.mki_value, &buf[5], mki_len)))) {
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
-#if defined (MBEDTLS_DEBUG_C)
- if( len > 5 )
- {
- MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value,
- ssl->dtls_srtp_info.mki_len );
+#if defined(MBEDTLS_DEBUG_C)
+ if (len > 5) {
+ MBEDTLS_SSL_DEBUG_BUF(3, "received mki", ssl->dtls_srtp_info.mki_value,
+ ssl->dtls_srtp_info.mki_len);
}
#endif
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
@@ -1972,25 +1917,24 @@
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
+static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl)
{
- const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
+ const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
int major_ver, minor_ver;
unsigned char cookie_len;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse hello verify request"));
/* Check that there is enough room for:
* - 2 bytes of version
* - 1 byte of cookie_len
*/
- if( mbedtls_ssl_hs_hdr_len( ssl ) + 3 > ssl->in_msglen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "incoming HelloVerifyRequest message is too short" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ if (mbedtls_ssl_hs_hdr_len(ssl) + 3 > ssl->in_msglen) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("incoming HelloVerifyRequest message is too short"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
/*
@@ -1999,63 +1943,60 @@
* opaque cookie<0..2^8-1>;
* } HelloVerifyRequest;
*/
- MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
- mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p );
+ MBEDTLS_SSL_DEBUG_BUF(3, "server version", p, 2);
+ mbedtls_ssl_read_version(&major_ver, &minor_ver, ssl->conf->transport, p);
p += 2;
/*
* Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1)
* even is lower than our min version.
*/
- if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
+ if (major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
major_ver > ssl->conf->max_major_ver ||
- minor_ver > ssl->conf->max_minor_ver )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) );
+ minor_ver > ssl->conf->max_minor_ver) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server version"));
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION);
- return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
+ return MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION;
}
cookie_len = *p++;
- if( ( ssl->in_msg + ssl->in_msglen ) - p < cookie_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "cookie length does not match incoming message size" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ if ((ssl->in_msg + ssl->in_msglen) - p < cookie_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("cookie length does not match incoming message size"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
- MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
+ MBEDTLS_SSL_DEBUG_BUF(3, "cookie", p, cookie_len);
- mbedtls_free( ssl->handshake->verify_cookie );
+ mbedtls_free(ssl->handshake->verify_cookie);
- ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
- if( ssl->handshake->verify_cookie == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", cookie_len ) );
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ ssl->handshake->verify_cookie = mbedtls_calloc(1, cookie_len);
+ if (ssl->handshake->verify_cookie == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("alloc failed (%d bytes)", cookie_len));
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
- memcpy( ssl->handshake->verify_cookie, p, cookie_len );
+ memcpy(ssl->handshake->verify_cookie, p, cookie_len);
ssl->handshake->verify_cookie_len = cookie_len;
/* Start over at ClientHello */
ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
- mbedtls_ssl_reset_checksum( ssl );
+ mbedtls_ssl_reset_checksum(ssl);
- mbedtls_ssl_recv_flight_completed( ssl );
+ mbedtls_ssl_recv_flight_completed(ssl);
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse hello verify request" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse hello verify request"));
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
-static int is_compression_bad( mbedtls_ssl_context *ssl, unsigned char comp )
+static int is_compression_bad(mbedtls_ssl_context *ssl, unsigned char comp)
{
int bad_comp = 0;
@@ -2064,23 +2005,26 @@
#if defined(MBEDTLS_ZLIB_SUPPORT)
/* See comments in ssl_write_client_hello() */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- comp != MBEDTLS_SSL_COMPRESS_NULL )
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ comp != MBEDTLS_SSL_COMPRESS_NULL) {
bad_comp = 1;
+ }
#endif
- if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
- comp != MBEDTLS_SSL_COMPRESS_DEFLATE )
+ if (comp != MBEDTLS_SSL_COMPRESS_NULL &&
+ comp != MBEDTLS_SSL_COMPRESS_DEFLATE) {
bad_comp = 1;
+ }
#else /* MBEDTLS_ZLIB_SUPPORT */
- if( comp != MBEDTLS_SSL_COMPRESS_NULL )
+ if (comp != MBEDTLS_SSL_COMPRESS_NULL) {
bad_comp = 1;
-#endif/* MBEDTLS_ZLIB_SUPPORT */
+ }
+#endif /* MBEDTLS_ZLIB_SUPPORT */
return bad_comp;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
+static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
{
int ret, i;
size_t n;
@@ -2093,74 +2037,65 @@
int handshake_failure = 0;
const mbedtls_ssl_ciphersuite_t *suite_info;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server hello"));
- if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
- {
+ if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
/* No alert on a read error. */
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
- return( ret );
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+ return ret;
}
buf = ssl->in_msg;
- if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
- {
+ if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
- {
+ if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
ssl->renego_records_seen++;
- if( ssl->conf->renego_max_records >= 0 &&
- ssl->renego_records_seen > ssl->conf->renego_max_records )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "renegotiation requested, but not honored by server" ) );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ if (ssl->conf->renego_max_records >= 0 &&
+ ssl->renego_records_seen > ssl->conf->renego_max_records) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("renegotiation requested, but not honored by server"));
+ return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "non-handshake message during renegotiation" ) );
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("non-handshake message during renegotiation"));
ssl->keep_current_message = 1;
- return( MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO );
+ return MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO;
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
+ return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- if( buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "received hello verify request" ) );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) );
- return( ssl_parse_hello_verify_request( ssl ) );
- }
- else
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ if (buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("received hello verify request"));
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello"));
+ return ssl_parse_hello_verify_request(ssl);
+ } else {
/* We made it through the verification process */
- mbedtls_free( ssl->handshake->verify_cookie );
+ mbedtls_free(ssl->handshake->verify_cookie);
ssl->handshake->verify_cookie = NULL;
ssl->handshake->verify_cookie_len = 0;
}
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- if( ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len( ssl ) ||
- buf[0] != MBEDTLS_SSL_HS_SERVER_HELLO )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ if (ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len(ssl) ||
+ buf[0] != MBEDTLS_SSL_HS_SERVER_HELLO) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
/*
@@ -2174,389 +2109,363 @@
* 38+n . 39+n extensions length (optional)
* 40+n . .. extensions
*/
- buf += mbedtls_ssl_hs_hdr_len( ssl );
+ buf += mbedtls_ssl_hs_hdr_len(ssl);
- MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf + 0, 2 );
- mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
- ssl->conf->transport, buf + 0 );
+ MBEDTLS_SSL_DEBUG_BUF(3, "server hello, version", buf + 0, 2);
+ mbedtls_ssl_read_version(&ssl->major_ver, &ssl->minor_ver,
+ ssl->conf->transport, buf + 0);
- if( ssl->major_ver < ssl->conf->min_major_ver ||
+ if (ssl->major_ver < ssl->conf->min_major_ver ||
ssl->minor_ver < ssl->conf->min_minor_ver ||
ssl->major_ver > ssl->conf->max_major_ver ||
- ssl->minor_ver > ssl->conf->max_minor_ver )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "server version out of bounds - min: [%d:%d], server: [%d:%d], max: [%d:%d]",
- ssl->conf->min_major_ver,
- ssl->conf->min_minor_ver,
- ssl->major_ver, ssl->minor_ver,
- ssl->conf->max_major_ver,
- ssl->conf->max_minor_ver ) );
+ ssl->minor_ver > ssl->conf->max_minor_ver) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ (
+ "server version out of bounds - min: [%d:%d], server: [%d:%d], max: [%d:%d]",
+ ssl->conf->min_major_ver,
+ ssl->conf->min_minor_ver,
+ ssl->major_ver, ssl->minor_ver,
+ ssl->conf->max_major_ver,
+ ssl->conf->max_minor_ver));
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION);
- return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
+ return MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu",
- ( (unsigned long) buf[2] << 24 ) |
- ( (unsigned long) buf[3] << 16 ) |
- ( (unsigned long) buf[4] << 8 ) |
- ( (unsigned long) buf[5] ) ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %lu",
+ ((unsigned long) buf[2] << 24) |
+ ((unsigned long) buf[3] << 16) |
+ ((unsigned long) buf[4] << 8) |
+ ((unsigned long) buf[5])));
- memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
+ memcpy(ssl->handshake->randbytes + 32, buf + 2, 32);
n = buf[34];
- MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 2, 32 );
+ MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", buf + 2, 32);
- if( n > 32 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ if (n > 32) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
- if( ssl->in_hslen > mbedtls_ssl_hs_hdr_len( ssl ) + 39 + n )
- {
- ext_len = ( ( buf[38 + n] << 8 )
- | ( buf[39 + n] ) );
+ if (ssl->in_hslen > mbedtls_ssl_hs_hdr_len(ssl) + 39 + n) {
+ ext_len = ((buf[38 + n] << 8)
+ | (buf[39 + n]));
- if( ( ext_len > 0 && ext_len < 4 ) ||
- ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ if ((ext_len > 0 && ext_len < 4) ||
+ ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 40 + n + ext_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
- }
- else if( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) + 38 + n )
- {
+ } else if (ssl->in_hslen == mbedtls_ssl_hs_hdr_len(ssl) + 38 + n) {
ext_len = 0;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
/* ciphersuite (used later) */
- i = ( buf[35 + n] << 8 ) | buf[36 + n];
+ i = (buf[35 + n] << 8) | buf[36 + n];
/*
* Read and check compression
*/
comp = buf[37 + n];
- if( is_compression_bad( ssl, comp ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "server hello, bad compression: %d", comp ) );
+ if (is_compression_bad(ssl, comp)) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("server hello, bad compression: %d", comp));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
}
/*
* Initialize update checksum functions
*/
- ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i );
- if( ssl->handshake->ciphersuite_info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "ciphersuite info for %04x not found", (unsigned int)i ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(i);
+ if (ssl->handshake->ciphersuite_info == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("ciphersuite info for %04x not found", (unsigned int) i));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
+ mbedtls_ssl_optimize_checksum(ssl, ssl->handshake->ciphersuite_info);
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
- MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n));
+ MBEDTLS_SSL_DEBUG_BUF(3, "server hello, session id", buf + 35, n);
/*
* Check if the session can be resumed
*/
- if( ssl->handshake->resume == 0 || n == 0 ||
+ if (ssl->handshake->resume == 0 || n == 0 ||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
#endif
ssl->session_negotiate->ciphersuite != i ||
ssl->session_negotiate->compression != comp ||
ssl->session_negotiate->id_len != n ||
- memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 )
- {
+ memcmp(ssl->session_negotiate->id, buf + 35, n) != 0) {
ssl->state++;
ssl->handshake->resume = 0;
#if defined(MBEDTLS_HAVE_TIME)
- ssl->session_negotiate->start = mbedtls_time( NULL );
+ ssl->session_negotiate->start = mbedtls_time(NULL);
#endif
ssl->session_negotiate->ciphersuite = i;
ssl->session_negotiate->compression = comp;
ssl->session_negotiate->id_len = n;
- memcpy( ssl->session_negotiate->id, buf + 35, n );
- }
- else
- {
+ memcpy(ssl->session_negotiate->id, buf + 35, n);
+ } else {
ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
- ssl->handshake->resume ? "a" : "no" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed",
+ ssl->handshake->resume ? "a" : "no"));
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", (unsigned) i ) );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
- buf[37 + n] ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: %04x", (unsigned) i));
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, compress alg.: %d",
+ buf[37 + n]));
/*
* Perform cipher suite validation in same way as in ssl_write_client_hello.
*/
i = 0;
- while( 1 )
- {
- if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ while (1) {
+ if (ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
- if( ssl->conf->ciphersuite_list[ssl->minor_ver][i++] ==
- ssl->session_negotiate->ciphersuite )
- {
+ if (ssl->conf->ciphersuite_list[ssl->minor_ver][i++] ==
+ ssl->session_negotiate->ciphersuite) {
break;
}
}
suite_info = mbedtls_ssl_ciphersuite_from_id(
- ssl->session_negotiate->ciphersuite );
- if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver,
- ssl->minor_ver ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ ssl->session_negotiate->ciphersuite);
+ if (ssl_validate_ciphersuite(suite_info, ssl, ssl->minor_ver,
+ ssl->minor_ver) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("server hello, chosen ciphersuite: %s", suite_info->name));
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA &&
- ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
+ if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA &&
+ ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) {
ssl->handshake->ecrs_enabled = 1;
}
#endif
- if( comp != MBEDTLS_SSL_COMPRESS_NULL
+ if (comp != MBEDTLS_SSL_COMPRESS_NULL
#if defined(MBEDTLS_ZLIB_SUPPORT)
&& comp != MBEDTLS_SSL_COMPRESS_DEFLATE
#endif
- )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ ) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
ssl->session_negotiate->compression = comp;
ext = buf + 40 + n;
- MBEDTLS_SSL_DEBUG_MSG( 2,
- ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, ext_len ) );
+ MBEDTLS_SSL_DEBUG_MSG(2,
+ ("server hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
+ ext_len));
- while( ext_len )
- {
- unsigned int ext_id = ( ( ext[0] << 8 )
- | ( ext[1] ) );
- unsigned int ext_size = ( ( ext[2] << 8 )
- | ( ext[3] ) );
+ while (ext_len) {
+ unsigned int ext_id = ((ext[0] << 8)
+ | (ext[1]));
+ unsigned int ext_size = ((ext[2] << 8)
+ | (ext[3]));
- if( ext_size + 4 > ext_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ if (ext_size + 4 > ext_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
mbedtls_ssl_send_alert_message(
ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
- switch( ext_id )
- {
- case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
+ switch (ext_id) {
+ case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found renegotiation extension"));
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- renegotiation_info_seen = 1;
+ renegotiation_info_seen = 1;
#endif
- if( ( ret = ssl_parse_renegotiation_info( ssl, ext + 4,
- ext_size ) ) != 0 )
- return( ret );
+ if ((ret = ssl_parse_renegotiation_info(ssl, ext + 4,
+ ext_size)) != 0) {
+ return ret;
+ }
- break;
+ break;
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "found max_fragment_length extension" ) );
+ case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("found max_fragment_length extension"));
- if( ( ret = ssl_parse_max_fragment_length_ext( ssl,
- ext + 4, ext_size ) ) != 0 )
- {
- return( ret );
- }
+ if ((ret = ssl_parse_max_fragment_length_ext(ssl,
+ ext + 4, ext_size)) != 0) {
+ return ret;
+ }
- break;
+ break;
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated_hmac extension" ) );
+ case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found truncated_hmac extension"));
- if( ( ret = ssl_parse_truncated_hmac_ext( ssl,
- ext + 4, ext_size ) ) != 0 )
- {
- return( ret );
- }
+ if ((ret = ssl_parse_truncated_hmac_ext(ssl,
+ ext + 4, ext_size)) != 0) {
+ return ret;
+ }
- break;
+ break;
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- case MBEDTLS_TLS_EXT_CID:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) );
+ case MBEDTLS_TLS_EXT_CID:
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found CID extension"));
- if( ( ret = ssl_parse_cid_ext( ssl,
- ext + 4,
- ext_size ) ) != 0 )
- {
- return( ret );
- }
+ if ((ret = ssl_parse_cid_ext(ssl,
+ ext + 4,
+ ext_size)) != 0) {
+ return ret;
+ }
- break;
+ break;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt_then_mac extension" ) );
+ case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found encrypt_then_mac extension"));
- if( ( ret = ssl_parse_encrypt_then_mac_ext( ssl,
- ext + 4, ext_size ) ) != 0 )
- {
- return( ret );
- }
+ if ((ret = ssl_parse_encrypt_then_mac_ext(ssl,
+ ext + 4, ext_size)) != 0) {
+ return ret;
+ }
- break;
+ break;
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "found extended_master_secret extension" ) );
+ case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("found extended_master_secret extension"));
- if( ( ret = ssl_parse_extended_ms_ext( ssl,
- ext + 4, ext_size ) ) != 0 )
- {
- return( ret );
- }
+ if ((ret = ssl_parse_extended_ms_ext(ssl,
+ ext + 4, ext_size)) != 0) {
+ return ret;
+ }
- break;
+ break;
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- case MBEDTLS_TLS_EXT_SESSION_TICKET:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session_ticket extension" ) );
+ case MBEDTLS_TLS_EXT_SESSION_TICKET:
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found session_ticket extension"));
- if( ( ret = ssl_parse_session_ticket_ext( ssl,
- ext + 4, ext_size ) ) != 0 )
- {
- return( ret );
- }
+ if ((ret = ssl_parse_session_ticket_ext(ssl,
+ ext + 4, ext_size)) != 0) {
+ return ret;
+ }
- break;
+ break;
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "found supported_point_formats extension" ) );
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("found supported_point_formats extension"));
- if( ( ret = ssl_parse_supported_point_formats_ext( ssl,
- ext + 4, ext_size ) ) != 0 )
- {
- return( ret );
- }
+ if ((ret = ssl_parse_supported_point_formats_ext(ssl,
+ ext + 4, ext_size)) != 0) {
+ return ret;
+ }
- break;
+ break;
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake_kkpp extension" ) );
+ case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found ecjpake_kkpp extension"));
- if( ( ret = ssl_parse_ecjpake_kkpp( ssl,
- ext + 4, ext_size ) ) != 0 )
- {
- return( ret );
- }
+ if ((ret = ssl_parse_ecjpake_kkpp(ssl,
+ ext + 4, ext_size)) != 0) {
+ return ret;
+ }
- break;
+ break;
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_ALPN)
- case MBEDTLS_TLS_EXT_ALPN:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
+ case MBEDTLS_TLS_EXT_ALPN:
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension"));
- if( ( ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ) ) != 0 )
- return( ret );
+ if ((ret = ssl_parse_alpn_ext(ssl, ext + 4, ext_size)) != 0) {
+ return ret;
+ }
- break;
+ break;
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- case MBEDTLS_TLS_EXT_USE_SRTP:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) );
+ case MBEDTLS_TLS_EXT_USE_SRTP:
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found use_srtp extension"));
- if( ( ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ) ) != 0 )
- return( ret );
+ if ((ret = ssl_parse_use_srtp_ext(ssl, ext + 4, ext_size)) != 0) {
+ return ret;
+ }
- break;
+ break;
#endif /* MBEDTLS_SSL_DTLS_SRTP */
- default:
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "unknown extension found: %u (ignoring)", ext_id ) );
+ default:
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("unknown extension found: %u (ignoring)", ext_id));
}
ext_len -= 4 + ext_size;
ext += 4 + ext_size;
- if( ext_len > 0 && ext_len < 4 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ if (ext_len > 0 && ext_len < 4) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
}
@@ -2565,77 +2474,68 @@
* extensions. It sets the transform data for the resumed session which in
* case of DTLS includes the server CID extracted from the CID extension.
*/
- if( ssl->handshake->resume )
- {
- if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
+ if (ssl->handshake->resume) {
+ if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret);
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
- return( ret );
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
+ return ret;
}
}
/*
* Renegotiation security checks
*/
- if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+ if (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
ssl->conf->allow_legacy_renegotiation ==
- MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "legacy renegotiation, breaking off handshake" ) );
+ MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("legacy renegotiation, breaking off handshake"));
handshake_failure = 1;
}
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+ else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION &&
- renegotiation_info_seen == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "renegotiation_info extension missing (secure)" ) );
+ renegotiation_info_seen == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("renegotiation_info extension missing (secure)"));
handshake_failure = 1;
- }
- else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
- ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
- ssl->conf->allow_legacy_renegotiation ==
- MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
+ } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+ ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+ ssl->conf->allow_legacy_renegotiation ==
+ MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation not allowed"));
handshake_failure = 1;
- }
- else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
- ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
- renegotiation_info_seen == 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "renegotiation_info extension present (legacy)" ) );
+ } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+ ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+ renegotiation_info_seen == 1) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("renegotiation_info extension present (legacy)"));
handshake_failure = 1;
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
- if( handshake_failure == 1 )
- {
+ if (handshake_failure == 1) {
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello"));
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
- unsigned char **p,
- unsigned char *end )
+static int ssl_parse_server_dh_params(mbedtls_ssl_context *ssl,
+ unsigned char **p,
+ unsigned char *end)
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
size_t dhm_actual_bitlen;
@@ -2649,27 +2549,25 @@
* opaque dh_Ys<1..2^16-1>;
* } ServerDHParams;
*/
- if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx,
- p, end ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 2, ( "mbedtls_dhm_read_params" ), ret );
- return( ret );
+ if ((ret = mbedtls_dhm_read_params(&ssl->handshake->dhm_ctx,
+ p, end)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(2, ("mbedtls_dhm_read_params"), ret);
+ return ret;
}
- dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P );
- if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u",
- dhm_actual_bitlen,
- ssl->conf->dhm_min_bitlen ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ dhm_actual_bitlen = mbedtls_mpi_bitlen(&ssl->handshake->dhm_ctx.P);
+ if (dhm_actual_bitlen < ssl->conf->dhm_min_bitlen) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u",
+ dhm_actual_bitlen,
+ ssl->conf->dhm_min_bitlen));
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
- MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P );
- MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G );
- MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY );
+ MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P);
+ MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G);
+ MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
@@ -2680,7 +2578,7 @@
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
+static int ssl_check_server_ecdh_params(const mbedtls_ssl_context *ssl)
{
const mbedtls_ecp_curve_info *curve_info;
mbedtls_ecp_group_id grp_id;
@@ -2690,28 +2588,29 @@
grp_id = ssl->handshake->ecdh_ctx.grp_id;
#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
- curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id );
- if( curve_info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ curve_info = mbedtls_ecp_curve_info_from_grp_id(grp_id);
+ if (curve_info == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s", curve_info->name));
#if defined(MBEDTLS_ECP_C)
- if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
- return( -1 );
+ if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {
+ return -1;
+ }
#else
- if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
- ssl->handshake->ecdh_ctx.grp.nbits > 521 )
- return( -1 );
+ if (ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
+ ssl->handshake->ecdh_ctx.grp.nbits > 521) {
+ return -1;
+ }
#endif /* MBEDTLS_ECP_C */
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_QP );
+ MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_QP);
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
@@ -2720,12 +2619,12 @@
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
+ (defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED))
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
- unsigned char **p,
- unsigned char *end )
+static int ssl_parse_server_ecdh_params_psa(mbedtls_ssl_context *ssl,
+ unsigned char **p,
+ unsigned char *end)
{
uint16_t tls_id;
size_t ecdh_bits = 0;
@@ -2736,12 +2635,14 @@
* Parse ECC group
*/
- if( end - *p < 4 )
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ if (end - *p < 4) {
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
+ }
/* First byte is curve_type; only named_curve is handled */
- if( *(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE )
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ if (*(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE) {
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
+ }
/* Next two bytes are the namedcurve value */
tls_id = *(*p)++;
@@ -2749,17 +2650,18 @@
tls_id |= *(*p)++;
/* Check it's a curve we offered */
- if( mbedtls_ssl_check_curve_tls_id( ssl, tls_id ) != 0 )
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ if (mbedtls_ssl_check_curve_tls_id(ssl, tls_id) != 0) {
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
+ }
/* Convert EC group to PSA key type. */
- if( ( handshake->ecdh_psa_type =
- mbedtls_psa_parse_tls_ecc_group( tls_id, &ecdh_bits ) ) == 0 )
- {
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ if ((handshake->ecdh_psa_type =
+ mbedtls_psa_parse_tls_ecc_group(tls_id, &ecdh_bits)) == 0) {
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
- if( ecdh_bits > 0xffff )
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ if (ecdh_bits > 0xffff) {
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
+ }
handshake->ecdh_bits = (uint16_t) ecdh_bits;
/*
@@ -2767,20 +2669,20 @@
*/
ecpoint_len = *(*p)++;
- if( (size_t)( end - *p ) < ecpoint_len )
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ if ((size_t) (end - *p) < ecpoint_len) {
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
+ }
- if( mbedtls_psa_tls_ecpoint_to_psa_ec(
- *p, ecpoint_len,
- handshake->ecdh_psa_peerkey,
- sizeof( handshake->ecdh_psa_peerkey ),
- &handshake->ecdh_psa_peerkey_len ) != 0 )
- {
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ if (mbedtls_psa_tls_ecpoint_to_psa_ec(
+ *p, ecpoint_len,
+ handshake->ecdh_psa_peerkey,
+ sizeof(handshake->ecdh_psa_peerkey),
+ &handshake->ecdh_psa_peerkey_len) != 0) {
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
*p += ecpoint_len;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
@@ -2790,9 +2692,9 @@
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
- unsigned char **p,
- unsigned char *end )
+static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl,
+ unsigned char **p,
+ unsigned char *end)
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
@@ -2804,25 +2706,24 @@
* ECPoint public;
* } ServerECDHParams;
*/
- if( ( ret = mbedtls_ecdh_read_params( &ssl->handshake->ecdh_ctx,
- (const unsigned char **) p, end ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_read_params" ), ret );
+ if ((ret = mbedtls_ecdh_read_params(&ssl->handshake->ecdh_ctx,
+ (const unsigned char **) p, end)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_read_params"), ret);
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+ }
#endif
- return( ret );
+ return ret;
}
- if( ssl_check_server_ecdh_params( ssl ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "bad server key exchange message (ECDHE curve)" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ if (ssl_check_server_ecdh_params(ssl) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("bad server key exchange message (ECDHE curve)"));
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
@@ -2830,9 +2731,9 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
- unsigned char **p,
- unsigned char *end )
+static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl,
+ unsigned char **p,
+ unsigned char *end)
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
uint16_t len;
@@ -2843,20 +2744,18 @@
*
* opaque psk_identity_hint<0..2^16-1>;
*/
- if( end - (*p) < 2 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "bad server key exchange message (psk_identity_hint length)" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ if (end - (*p) < 2) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("bad server key exchange message (psk_identity_hint length)"));
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
len = (*p)[0] << 8 | (*p)[1];
*p += 2;
- if( end - (*p) < len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "bad server key exchange message (psk_identity_hint length)" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ if (end - (*p) < len) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("bad server key exchange message (psk_identity_hint length)"));
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
/*
@@ -2867,7 +2766,7 @@
*p += len;
ret = 0;
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
@@ -2877,19 +2776,18 @@
* Generate a pre-master secret and encrypt it with the server's RSA key
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
- size_t offset, size_t *olen,
- size_t pms_offset )
+static int ssl_write_encrypted_pms(mbedtls_ssl_context *ssl,
+ size_t offset, size_t *olen,
+ size_t pms_offset)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2;
unsigned char *p = ssl->handshake->premaster + pms_offset;
- mbedtls_pk_context * peer_pk;
+ mbedtls_pk_context *peer_pk;
- if( offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small for encrypted pms" ) );
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ if (offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small for encrypted pms"));
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
}
/*
@@ -2899,14 +2797,13 @@
* opaque random[46];
* } PreMasterSecret;
*/
- mbedtls_ssl_write_version( ssl->conf->max_major_ver,
- ssl->conf->max_minor_ver,
- ssl->conf->transport, p );
+ mbedtls_ssl_write_version(ssl->conf->max_major_ver,
+ ssl->conf->max_minor_ver,
+ ssl->conf->transport, p);
- if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret );
- return( ret );
+ if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p + 2, 46)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret);
+ return ret;
}
ssl->handshake->pmslen = 48;
@@ -2914,11 +2811,10 @@
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
peer_pk = &ssl->handshake->peer_pubkey;
#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- if( ssl->session_negotiate->peer_cert == NULL )
- {
+ if (ssl->session_negotiate->peer_cert == NULL) {
/* Should never happen */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
peer_pk = &ssl->session_negotiate->peer_cert->pk;
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -2926,36 +2822,33 @@
/*
* Now write it out, encrypted
*/
- if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_RSA ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate key type mismatch" ) );
- return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
+ if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_RSA)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("certificate key type mismatch"));
+ return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
}
- if( ( ret = mbedtls_pk_encrypt( peer_pk,
- p, ssl->handshake->pmslen,
- ssl->out_msg + offset + len_bytes, olen,
- MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret );
- return( ret );
+ if ((ret = mbedtls_pk_encrypt(peer_pk,
+ p, ssl->handshake->pmslen,
+ ssl->out_msg + offset + len_bytes, olen,
+ MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes,
+ ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_rsa_pkcs1_encrypt", ret);
+ return ret;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( len_bytes == 2 )
- {
- MBEDTLS_PUT_UINT16_BE( *olen, ssl->out_msg, offset );
+ if (len_bytes == 2) {
+ MBEDTLS_PUT_UINT16_BE(*olen, ssl->out_msg, offset);
*olen += 2;
}
#endif
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* We don't need the peer's public key anymore. Free it. */
- mbedtls_pk_free( peer_pk );
+ mbedtls_pk_free(peer_pk);
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
@@ -2965,64 +2858,61 @@
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
- unsigned char **p,
- unsigned char *end,
- mbedtls_md_type_t *md_alg,
- mbedtls_pk_type_t *pk_alg )
+static int ssl_parse_signature_algorithm(mbedtls_ssl_context *ssl,
+ unsigned char **p,
+ unsigned char *end,
+ mbedtls_md_type_t *md_alg,
+ mbedtls_pk_type_t *pk_alg)
{
((void) ssl);
*md_alg = MBEDTLS_MD_NONE;
*pk_alg = MBEDTLS_PK_NONE;
/* Only in TLS 1.2 */
- if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- return( 0 );
+ if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) {
+ return 0;
}
- if( (*p) + 2 > end )
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ if ((*p) + 2 > end) {
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
+ }
/*
* Get hash algorithm
*/
- if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) )
- == MBEDTLS_MD_NONE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "Server used unsupported HashAlgorithm %d", *(p)[0] ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ if ((*md_alg = mbedtls_ssl_md_alg_from_hash((*p)[0]))
+ == MBEDTLS_MD_NONE) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("Server used unsupported HashAlgorithm %d", *(p)[0]));
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
/*
* Get signature algorithm
*/
- if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) )
- == MBEDTLS_PK_NONE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "server used unsupported SignatureAlgorithm %d", (*p)[1] ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ if ((*pk_alg = mbedtls_ssl_pk_alg_from_sig((*p)[1]))
+ == MBEDTLS_PK_NONE) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("server used unsupported SignatureAlgorithm %d", (*p)[1]));
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
/*
* Check if the hash is acceptable
*/
- if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "server used HashAlgorithm %d that was not offered", *(p)[0] ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ if (mbedtls_ssl_check_sig_hash(ssl, *md_alg) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("server used HashAlgorithm %d that was not offered", *(p)[0]));
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d",
- (*p)[1] ) );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d",
- (*p)[0] ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Server used SignatureAlgorithm %d",
+ (*p)[1]));
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Server used HashAlgorithm %d",
+ (*p)[0]));
*p += 2;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
@@ -3032,75 +2922,70 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
+static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_ecp_keypair *peer_key;
- mbedtls_pk_context * peer_pk;
+ mbedtls_pk_context *peer_pk;
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
peer_pk = &ssl->handshake->peer_pubkey;
#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- if( ssl->session_negotiate->peer_cert == NULL )
- {
+ if (ssl->session_negotiate->peer_cert == NULL) {
/* Should never happen */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
peer_pk = &ssl->session_negotiate->peer_cert->pk;
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/* This is a public key, so it can't be opaque, so can_do() is a good
* enough check to ensure pk_ec() is safe to use below. */
- if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECKEY ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
- return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
+ if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_ECKEY)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable"));
+ return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
}
- peer_key = mbedtls_pk_ec( *peer_pk );
+ peer_key = mbedtls_pk_ec(*peer_pk);
- if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
- MBEDTLS_ECDH_THEIRS ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret );
- return( ret );
+ if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key,
+ MBEDTLS_ECDH_THEIRS)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret);
+ return ret;
}
- if( ssl_check_server_ecdh_params( ssl ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+ if (ssl_check_server_ecdh_params(ssl) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
}
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* We don't need the peer's public key anymore. Free it,
* so that more RAM is available for upcoming expensive
* operations like ECDHE. */
- mbedtls_pk_free( peer_pk );
+ mbedtls_pk_free(peer_pk);
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
+static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
unsigned char *p = NULL, *end = NULL;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange"));
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange"));
ssl->state++;
- return( 0 );
+ return 0;
}
((void) p);
((void) end);
@@ -3108,22 +2993,20 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
- {
- if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret );
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) {
+ if ((ret = ssl_get_ecdh_params_from_cert(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret);
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( ret );
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return ret;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange"));
ssl->state++;
- return( 0 );
+ return 0;
}
((void) p);
((void) end);
@@ -3131,174 +3014,155 @@
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ssl->handshake->ecrs_enabled &&
- ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing )
- {
+ if (ssl->handshake->ecrs_enabled &&
+ ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing) {
goto start_processing;
}
#endif
- if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+ return ret;
}
- if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
+ return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
/*
* ServerKeyExchange may be skipped with PSK and RSA-PSK when the server
* doesn't use a psk_identity_hint
*/
- if( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE )
- {
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
- {
+ if (ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE) {
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
/* Current message is probably either
* CertificateRequest or ServerHelloDone */
ssl->keep_current_message = 1;
goto exit;
}
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "server key exchange message must not be skipped" ) );
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("server key exchange message must not be skipped"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ssl->handshake->ecrs_enabled )
+ if (ssl->handshake->ecrs_enabled) {
ssl->handshake->ecrs_state = ssl_ecrs_ske_start_processing;
+ }
start_processing:
#endif
- p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
+ p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
end = ssl->in_msg + ssl->in_hslen;
- MBEDTLS_SSL_DEBUG_BUF( 3, "server key exchange", p, end - p );
+ MBEDTLS_SSL_DEBUG_BUF(3, "server key exchange", p, end - p);
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
- {
- if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
+ if (ssl_parse_server_psk_hint(ssl, &p, end) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
} /* FALLTHROUGH */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
; /* nothing more to do */
- else
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED ||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
- {
- if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
+ if (ssl_parse_server_dh_params(ssl, &p, end) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
- }
- else
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
- {
- if( ssl_parse_server_ecdh_params_psa( ssl, &p, end ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ (defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED))
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) {
+ if (ssl_parse_server_ecdh_params_psa(ssl, &p, end) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
- }
- else
+ } else
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
- {
- if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) {
+ if (ssl_parse_server_ecdh_params(ssl, &p, end) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
- }
- else
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
- {
- ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx,
- p, end - p );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret );
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
+ ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx,
+ p, end - p);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret);
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
- }
- else
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
- if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
- {
+ if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) {
size_t sig_len, hashlen;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
unsigned char hash[PSA_HASH_MAX_SIZE];
@@ -3307,133 +3171,123 @@
#endif
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
- unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
+ unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
size_t params_len = p - params;
void *rs_ctx = NULL;
- mbedtls_pk_context * peer_pk;
+ mbedtls_pk_context *peer_pk;
/*
* Handle the digitally-signed structure
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- if( ssl_parse_signature_algorithm( ssl, &p, end,
- &md_alg, &pk_alg ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "bad server key exchange message" ) );
+ if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) {
+ if (ssl_parse_signature_algorithm(ssl, &p, end,
+ &md_alg, &pk_alg) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("bad server key exchange message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
- if( pk_alg !=
- mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "bad server key exchange message" ) );
+ if (pk_alg !=
+ mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info)) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("bad server key exchange message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
- }
- else
+ } else
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
+ defined(MBEDTLS_SSL_PROTO_TLS1_1)
+ if (ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3) {
+ pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info);
/* Default hash for ECDSA is SHA-1 */
- if( pk_alg == MBEDTLS_PK_ECDSA && md_alg == MBEDTLS_MD_NONE )
+ if (pk_alg == MBEDTLS_PK_ECDSA && md_alg == MBEDTLS_MD_NONE) {
md_alg = MBEDTLS_MD_SHA1;
- }
- else
+ }
+ } else
#endif
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
/*
* Read signature
*/
- if( p > end - 2 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ if (p > end - 2) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
- sig_len = ( p[0] << 8 ) | p[1];
+ sig_len = (p[0] << 8) | p[1];
p += 2;
- if( p != end - sig_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ if (p != end - sig_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
- MBEDTLS_SSL_DEBUG_BUF( 3, "signature", p, sig_len );
+ MBEDTLS_SSL_DEBUG_BUF(3, "signature", p, sig_len);
/*
* Compute the hash that has been signed
*/
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( md_alg == MBEDTLS_MD_NONE )
- {
+ defined(MBEDTLS_SSL_PROTO_TLS1_1)
+ if (md_alg == MBEDTLS_MD_NONE) {
hashlen = 36;
- ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash, params,
- params_len );
- if( ret != 0 )
- return( ret );
- }
- else
+ ret = mbedtls_ssl_get_key_exchange_md_ssl_tls(ssl, hash, params,
+ params_len);
+ if (ret != 0) {
+ return ret;
+ }
+ } else
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
MBEDTLS_SSL_PROTO_TLS1_1 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( md_alg != MBEDTLS_MD_NONE )
- {
- ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
- params, params_len,
- md_alg );
- if( ret != 0 )
- return( ret );
- }
- else
+ defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if (md_alg != MBEDTLS_MD_NONE) {
+ ret = mbedtls_ssl_get_key_exchange_md_tls1_2(ssl, hash, &hashlen,
+ params, params_len,
+ md_alg);
+ if (ret != 0) {
+ return ret;
+ }
+ } else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
MBEDTLS_SSL_PROTO_TLS1_2 */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
+ MBEDTLS_SSL_DEBUG_BUF(3, "parameters hash", hash, hashlen);
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
peer_pk = &ssl->handshake->peer_pubkey;
#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- if( ssl->session_negotiate->peer_cert == NULL )
- {
+ if (ssl->session_negotiate->peer_cert == NULL) {
/* Should never happen */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
peer_pk = &ssl->session_negotiate->peer_cert->pk;
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -3441,44 +3295,42 @@
/*
* Verify signature
*/
- if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ if (!mbedtls_pk_can_do(peer_pk, pk_alg)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
}
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ssl->handshake->ecrs_enabled )
+ if (ssl->handshake->ecrs_enabled) {
rs_ctx = &ssl->handshake->ecrs_ctx.pk;
+ }
#endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */
- if( ( ret = mbedtls_pk_verify_restartable( peer_pk,
- md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 )
- {
+ if ((ret = mbedtls_pk_verify_restartable(peer_pk,
+ md_alg, hash, hashlen, p, sig_len, rs_ctx)) != 0) {
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
- return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
+ if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret);
+ return MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
}
#endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
- return( ret );
+ MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR);
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret);
+ return ret;
}
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* We don't need the peer's public key anymore. Free it,
* so that more RAM is available for upcoming expensive
* operations like ECDHE. */
- mbedtls_pk_free( peer_pk );
+ mbedtls_pk_free(peer_pk);
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
@@ -3486,33 +3338,32 @@
exit:
ssl->state++;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server key exchange" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server key exchange"));
- return( 0 );
+ return 0;
}
-#if ! defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
+#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
+static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl)
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate request"));
- if( ! mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
+ if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request"));
ssl->state++;
- return( 0 );
+ return 0;
}
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#else /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
+static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *buf;
@@ -3521,39 +3372,35 @@
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate request"));
- if( ! mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
+ if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request"));
ssl->state++;
- return( 0 );
+ return 0;
}
- if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+ return ret;
}
- if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
+ if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
+ return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
ssl->state++;
- ssl->client_auth = ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST );
+ ssl->client_auth = (ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST);
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "got %s certificate request",
- ssl->client_auth ? "a" : "no" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("got %s certificate request",
+ ssl->client_auth ? "a" : "no"));
- if( ssl->client_auth == 0 )
- {
+ if (ssl->client_auth == 0) {
/* Current message is probably the ServerHelloDone */
ssl->keep_current_message = 1;
goto exit;
@@ -3586,14 +3433,13 @@
buf = ssl->in_msg;
/* certificate_types */
- if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
+ if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST;
}
- cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )];
+ cert_type_len = buf[mbedtls_ssl_hs_hdr_len(ssl)];
n = cert_type_len;
/*
@@ -3606,23 +3452,21 @@
* therefore the buffer length at this point must be greater than that
* regardless of the actual code path.
*/
- if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
+ if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl) + 2 + n) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST;
}
/* supported_signature_algorithms */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
+ if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) {
size_t sig_alg_len =
- ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
- | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
+ ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] << 8)
+ | (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n]));
#if defined(MBEDTLS_DEBUG_C)
- unsigned char* sig_alg;
+ unsigned char *sig_alg;
size_t i;
#endif
@@ -3638,24 +3482,22 @@
* buf[...hdr_len + 3 + n + sig_alg_len],
* which is one less than we need the buf to be.
*/
- if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl )
- + 3 + n + sig_alg_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
+ if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl)
+ + 3 + n + sig_alg_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST;
}
#if defined(MBEDTLS_DEBUG_C)
- sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
- for( i = 0; i < sig_alg_len; i += 2 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "Supported Signature Algorithm found: %d,%d",
- sig_alg[i], sig_alg[i + 1] ) );
+ sig_alg = buf + mbedtls_ssl_hs_hdr_len(ssl) + 3 + n;
+ for (i = 0; i < sig_alg_len; i += 2) {
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("Supported Signature Algorithm found: %d,%d",
+ sig_alg[i], sig_alg[i + 1]));
}
#endif
@@ -3664,67 +3506,64 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
/* certificate_authorities */
- dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
- | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
+ dn_len = ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] << 8)
+ | (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n]));
n += dn_len;
- if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
+ if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 3 + n) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST;
}
exit:
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate request" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate request"));
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
+static int ssl_parse_server_hello_done(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello done" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server hello done"));
- if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+ return ret;
}
- if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello done message"));
+ return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
- if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ||
- ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE );
+ if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) ||
+ ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello done message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE;
}
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- mbedtls_ssl_recv_flight_completed( ssl );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ mbedtls_ssl_recv_flight_completed(ssl);
+ }
#endif
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello done" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello done"));
- return( 0 );
+ return 0;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
+static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -3733,52 +3572,47 @@
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client key exchange"));
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA )
- {
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) {
/*
* DHM key exchange -- send G^X mod P
*/
content_len = ssl->handshake->dhm_ctx.len;
- MBEDTLS_PUT_UINT16_BE( content_len, ssl->out_msg, 4 );
+ MBEDTLS_PUT_UINT16_BE(content_len, ssl->out_msg, 4);
header_len = 6;
- ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
- (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
- &ssl->out_msg[header_len], content_len,
- ssl->conf->f_rng, ssl->conf->p_rng );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
- return( ret );
+ ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx,
+ (int) mbedtls_mpi_size(&ssl->handshake->dhm_ctx.P),
+ &ssl->out_msg[header_len], content_len,
+ ssl->conf->f_rng, ssl->conf->p_rng);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_public", ret);
+ return ret;
}
- MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X );
- MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
+ MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X);
+ MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX);
- if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
- ssl->handshake->premaster,
- MBEDTLS_PREMASTER_SIZE,
- &ssl->handshake->pmslen,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
- return( ret );
+ if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
+ ssl->handshake->premaster,
+ MBEDTLS_PREMASTER_SIZE,
+ &ssl->handshake->pmslen,
+ ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
+ return ret;
}
- MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
- }
- else
+ MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
- {
+ (defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED))
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t key_attributes;
@@ -3792,7 +3626,7 @@
header_len = 4;
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation."));
/*
* Generate EC private key for ECDHE exchange.
@@ -3806,63 +3640,62 @@
* For the time being, we therefore need to split the computation
* of the ECDH secret and the application of the TLS 1.2 PRF. */
key_attributes = psa_key_attributes_init();
- psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
- psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
- psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
+ psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
+ psa_set_key_type(&key_attributes, handshake->ecdh_psa_type);
+ psa_set_key_bits(&key_attributes, handshake->ecdh_bits);
/* Generate ECDH private key. */
- status = psa_generate_key( &key_attributes,
- &handshake->ecdh_psa_privkey );
- if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ status = psa_generate_key(&key_attributes,
+ &handshake->ecdh_psa_privkey);
+ if (status != PSA_SUCCESS) {
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ }
/* Export the public part of the ECDH private key from PSA
* and convert it to ECPoint format used in ClientKeyExchange. */
- status = psa_export_public_key( handshake->ecdh_psa_privkey,
- own_pubkey, sizeof( own_pubkey ),
- &own_pubkey_len );
- if( status != PSA_SUCCESS )
- {
- psa_destroy_key( handshake->ecdh_psa_privkey );
+ status = psa_export_public_key(handshake->ecdh_psa_privkey,
+ own_pubkey, sizeof(own_pubkey),
+ &own_pubkey_len);
+ if (status != PSA_SUCCESS) {
+ psa_destroy_key(handshake->ecdh_psa_privkey);
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
- if( mbedtls_psa_tls_psa_ec_to_ecpoint( own_pubkey,
- own_pubkey_len,
- &own_pubkey_ecpoint,
- &own_pubkey_ecpoint_len ) != 0 )
- {
- psa_destroy_key( handshake->ecdh_psa_privkey );
+ if (mbedtls_psa_tls_psa_ec_to_ecpoint(own_pubkey,
+ own_pubkey_len,
+ &own_pubkey_ecpoint,
+ &own_pubkey_ecpoint_len) != 0) {
+ psa_destroy_key(handshake->ecdh_psa_privkey);
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
/* Copy ECPoint structure to outgoing message buffer. */
ssl->out_msg[header_len] = (unsigned char) own_pubkey_ecpoint_len;
- memcpy( ssl->out_msg + header_len + 1,
- own_pubkey_ecpoint, own_pubkey_ecpoint_len );
+ memcpy(ssl->out_msg + header_len + 1,
+ own_pubkey_ecpoint, own_pubkey_ecpoint_len);
content_len = own_pubkey_ecpoint_len + 1;
/* The ECDH secret is the premaster secret used for key derivation. */
/* Compute ECDH shared secret. */
- status = psa_raw_key_agreement( PSA_ALG_ECDH,
- handshake->ecdh_psa_privkey,
- handshake->ecdh_psa_peerkey,
- handshake->ecdh_psa_peerkey_len,
- ssl->handshake->premaster,
- sizeof( ssl->handshake->premaster ),
- &ssl->handshake->pmslen );
+ status = psa_raw_key_agreement(PSA_ALG_ECDH,
+ handshake->ecdh_psa_privkey,
+ handshake->ecdh_psa_peerkey,
+ handshake->ecdh_psa_peerkey_len,
+ ssl->handshake->premaster,
+ sizeof(ssl->handshake->premaster),
+ &ssl->handshake->pmslen);
- destruction_status = psa_destroy_key( handshake->ecdh_psa_privkey );
+ destruction_status = psa_destroy_key(handshake->ecdh_psa_privkey);
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
- if( status != PSA_SUCCESS || destruction_status != PSA_SUCCESS )
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
- }
- else
+ if (status != PSA_SUCCESS || destruction_status != PSA_SUCCESS) {
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ }
+ } else
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
@@ -3870,142 +3703,131 @@
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
- {
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) {
/*
* ECDH key exchange -- send client public value
*/
header_len = 4;
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ssl->handshake->ecrs_enabled )
- {
- if( ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret )
+ if (ssl->handshake->ecrs_enabled) {
+ if (ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret) {
goto ecdh_calc_secret;
+ }
- mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx );
+ mbedtls_ecdh_enable_restart(&ssl->handshake->ecdh_ctx);
}
#endif
- ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
- &content_len,
- &ssl->out_msg[header_len], 1000,
- ssl->conf->f_rng, ssl->conf->p_rng );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
+ ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx,
+ &content_len,
+ &ssl->out_msg[header_len], 1000,
+ ssl->conf->f_rng, ssl->conf->p_rng);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_public", ret);
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+ }
#endif
- return( ret );
+ return ret;
}
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Q );
+ MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_Q);
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ssl->handshake->ecrs_enabled )
- {
+ if (ssl->handshake->ecrs_enabled) {
ssl->handshake->ecrs_n = content_len;
ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret;
}
ecdh_calc_secret:
- if( ssl->handshake->ecrs_enabled )
+ if (ssl->handshake->ecrs_enabled) {
content_len = ssl->handshake->ecrs_n;
+ }
#endif
- if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
- &ssl->handshake->pmslen,
- ssl->handshake->premaster,
- MBEDTLS_MPI_MAX_SIZE,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
+ if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx,
+ &ssl->handshake->pmslen,
+ ssl->handshake->premaster,
+ MBEDTLS_MPI_MAX_SIZE,
+ ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret);
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+ }
#endif
- return( ret );
+ return ret;
}
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Z );
- }
- else
+ MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_Z);
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( mbedtls_ssl_ciphersuite_uses_psk( ciphersuite_info ) )
- {
+ if (mbedtls_ssl_ciphersuite_uses_psk(ciphersuite_info)) {
/*
* opaque psk_identity<0..2^16-1>;
*/
- if( ssl_conf_has_static_psk( ssl->conf ) == 0 )
- {
+ if (ssl_conf_has_static_psk(ssl->conf) == 0) {
/* We don't offer PSK suites if we don't have a PSK,
* and we check that the server's choice is among the
* ciphersuites we offered, so this should never happen. */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
header_len = 4;
content_len = ssl->conf->psk_identity_len;
- if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "psk identity too long or SSL buffer too short" ) );
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ if (header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("psk identity too long or SSL buffer too short"));
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
}
- ssl->out_msg[header_len++] = MBEDTLS_BYTE_1( content_len );
- ssl->out_msg[header_len++] = MBEDTLS_BYTE_0( content_len );
+ ssl->out_msg[header_len++] = MBEDTLS_BYTE_1(content_len);
+ ssl->out_msg[header_len++] = MBEDTLS_BYTE_0(content_len);
- memcpy( ssl->out_msg + header_len,
- ssl->conf->psk_identity,
- ssl->conf->psk_identity_len );
+ memcpy(ssl->out_msg + header_len,
+ ssl->conf->psk_identity,
+ ssl->conf->psk_identity_len);
header_len += ssl->conf->psk_identity_len;
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
- {
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) {
content_len = 0;
- }
- else
+ } else
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
- {
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Opaque PSKs are currently only supported for PSK-only suites. */
- if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with RSA-PSK" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ if (ssl_conf_has_static_raw_psk(ssl->conf) == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("opaque PSK not supported with RSA-PSK"));
+ return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
- &content_len, 2 ) ) != 0 )
- return( ret );
- }
- else
+ if ((ret = ssl_write_encrypted_pms(ssl, header_len,
+ &content_len, 2)) != 0) {
+ return ret;
+ }
+ } else
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
- {
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Opaque PSKs are currently only supported for PSK-only suites. */
- if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with DHE-PSK" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ if (ssl_conf_has_static_raw_psk(ssl->conf) == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("opaque PSK not supported with DHE-PSK"));
+ return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -4014,128 +3836,112 @@
*/
content_len = ssl->handshake->dhm_ctx.len;
- if( header_len + 2 + content_len >
- MBEDTLS_SSL_OUT_CONTENT_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "psk identity or DHM size too long or SSL buffer too short" ) );
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ if (header_len + 2 + content_len >
+ MBEDTLS_SSL_OUT_CONTENT_LEN) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("psk identity or DHM size too long or SSL buffer too short"));
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
}
- ssl->out_msg[header_len++] = MBEDTLS_BYTE_1( content_len );
- ssl->out_msg[header_len++] = MBEDTLS_BYTE_0( content_len );
+ ssl->out_msg[header_len++] = MBEDTLS_BYTE_1(content_len);
+ ssl->out_msg[header_len++] = MBEDTLS_BYTE_0(content_len);
- ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
- (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
- &ssl->out_msg[header_len], content_len,
- ssl->conf->f_rng, ssl->conf->p_rng );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
- return( ret );
+ ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx,
+ (int) mbedtls_mpi_size(&ssl->handshake->dhm_ctx.P),
+ &ssl->out_msg[header_len], content_len,
+ ssl->conf->f_rng, ssl->conf->p_rng);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_public", ret);
+ return ret;
}
- }
- else
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
- {
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Opaque PSKs are currently only supported for PSK-only suites. */
- if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with ECDHE-PSK" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ if (ssl_conf_has_static_raw_psk(ssl->conf) == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("opaque PSK not supported with ECDHE-PSK"));
+ return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* ClientECDiffieHellmanPublic public;
*/
- ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
- &content_len,
- &ssl->out_msg[header_len],
- MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
- ssl->conf->f_rng, ssl->conf->p_rng );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
- return( ret );
+ ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx,
+ &content_len,
+ &ssl->out_msg[header_len],
+ MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
+ ssl->conf->f_rng, ssl->conf->p_rng);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_public", ret);
+ return ret;
}
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Q );
- }
- else
+ MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_Q);
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
+ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
- ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "skip PMS generation for opaque PSK" ) );
- }
- else
+ ssl_conf_has_static_raw_psk(ssl->conf) == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("skip PMS generation for opaque PSK"));
+ } else
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
- if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
- ciphersuite_info->key_exchange ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1,
- "mbedtls_ssl_psk_derive_premaster", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_psk_derive_premaster(ssl,
+ ciphersuite_info->key_exchange)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1,
+ "mbedtls_ssl_psk_derive_premaster", ret);
+ return ret;
}
- }
- else
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
- {
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
header_len = 4;
- if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
- &content_len, 0 ) ) != 0 )
- return( ret );
- }
- else
+ if ((ret = ssl_write_encrypted_pms(ssl, header_len,
+ &content_len, 0)) != 0) {
+ return ret;
+ }
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
- {
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
header_len = 4;
- ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
- ssl->out_msg + header_len,
- MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
- &content_len,
- ssl->conf->f_rng, ssl->conf->p_rng );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
- return( ret );
+ ret = mbedtls_ecjpake_write_round_two(&ssl->handshake->ecjpake_ctx,
+ ssl->out_msg + header_len,
+ MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
+ &content_len,
+ ssl->conf->f_rng, ssl->conf->p_rng);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_two", ret);
+ return ret;
}
- ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx,
- ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
- ssl->conf->f_rng, ssl->conf->p_rng );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret );
- return( ret );
+ ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx,
+ ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
+ ssl->conf->f_rng, ssl->conf->p_rng);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_derive_secret", ret);
+ return ret;
}
- }
- else
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
{
((void) ciphersuite_info);
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
ssl->out_msglen = header_len + content_len;
@@ -4144,46 +3950,43 @@
ssl->state++;
- if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+ return ret;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client key exchange" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write client key exchange"));
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
+static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl)
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify"));
- if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret);
+ return ret;
}
- if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
+ if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
ssl->state++;
- return( 0 );
+ return 0;
}
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
+static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
@@ -4195,58 +3998,53 @@
size_t hashlen;
void *rs_ctx = NULL;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify"));
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ssl->handshake->ecrs_enabled &&
- ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign )
- {
+ if (ssl->handshake->ecrs_enabled &&
+ ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign) {
goto sign;
}
#endif
- if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret);
+ return ret;
}
- if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
+ if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
ssl->state++;
- return( 0 );
+ return 0;
}
- if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
+ if (ssl->client_auth == 0 || mbedtls_ssl_own_cert(ssl) == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
ssl->state++;
- return( 0 );
+ return 0;
}
- if( mbedtls_ssl_own_key( ssl ) == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for certificate" ) );
- return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+ if (mbedtls_ssl_own_key(ssl) == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("got no private key for certificate"));
+ return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
}
/*
* Make a signature of the handshake digests
*/
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ssl->handshake->ecrs_enabled )
+ if (ssl->handshake->ecrs_enabled) {
ssl->handshake->ecrs_state = ssl_ecrs_crt_vrfy_sign;
+ }
sign:
#endif
- ssl->handshake->calc_verify( ssl, hash, &hashlen );
+ ssl->handshake->calc_verify(ssl, hash, &hashlen);
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
- {
+ if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) {
/*
* digitally-signed struct {
* opaque md5_hash[16];
@@ -4264,19 +4062,16 @@
/*
* For ECDSA, default hash is SHA-1 only
*/
- if( mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) )
- {
+ if (mbedtls_pk_can_do(mbedtls_ssl_own_key(ssl), MBEDTLS_PK_ECDSA)) {
hash_start += 16;
hashlen -= 16;
md_alg = MBEDTLS_MD_SHA1;
}
- }
- else
+ } else
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
MBEDTLS_SSL_PROTO_TLS1_1 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
+ if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) {
/*
* digitally-signed struct {
* opaque handshake_messages[handshake_messages_length];
@@ -4293,48 +4088,45 @@
* SHA224 in order to satisfy 'weird' needs from the server
* side.
*/
- if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
- {
+ if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
md_alg = MBEDTLS_MD_SHA384;
ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384;
- }
- else
- {
+ } else {
md_alg = MBEDTLS_MD_SHA256;
ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256;
}
- ssl->out_msg[5] = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) );
+ ssl->out_msg[5] = mbedtls_ssl_sig_from_pk(mbedtls_ssl_own_key(ssl));
/* Info from md_alg will be used instead */
hashlen = 0;
offset = 2;
- }
- else
+ } else
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ssl->handshake->ecrs_enabled )
+ if (ssl->handshake->ecrs_enabled) {
rs_ctx = &ssl->handshake->ecrs_ctx.pk;
+ }
#endif
- if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ),
- md_alg, hash_start, hashlen,
- ssl->out_msg + 6 + offset, &n,
- ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
+ if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl),
+ md_alg, hash_start, hashlen,
+ ssl->out_msg + 6 + offset, &n,
+ ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+ }
#endif
- return( ret );
+ return ret;
}
- MBEDTLS_PUT_UINT16_BE( n, ssl->out_msg, offset + 4 );
+ MBEDTLS_PUT_UINT16_BE(n, ssl->out_msg, offset + 4);
ssl->out_msglen = 6 + n + offset;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
@@ -4342,21 +4134,20 @@
ssl->state++;
- if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+ return ret;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate verify"));
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
+static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
uint32_t lifetime;
@@ -4364,22 +4155,20 @@
unsigned char *ticket;
const unsigned char *msg;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse new session ticket" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse new session ticket"));
- if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+ return ret;
}
- if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
+ if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message"));
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
+ return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
/*
@@ -4392,31 +4181,29 @@
* 4 . 5 ticket_len (n)
* 6 . 5+n ticket content
*/
- if( ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET ||
- ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len( ssl ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
+ if (ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET ||
+ ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len(ssl)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET;
}
- msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
+ msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
- lifetime = ( ((uint32_t) msg[0]) << 24 ) | ( msg[1] << 16 ) |
- ( msg[2] << 8 ) | ( msg[3] );
+ lifetime = (((uint32_t) msg[0]) << 24) | (msg[1] << 16) |
+ (msg[2] << 8) | (msg[3]);
- ticket_len = ( msg[4] << 8 ) | ( msg[5] );
+ ticket_len = (msg[4] << 8) | (msg[5]);
- if( ticket_len + 6 + mbedtls_ssl_hs_hdr_len( ssl ) != ssl->in_hslen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
+ if (ticket_len + 6 + mbedtls_ssl_hs_hdr_len(ssl) != ssl->in_hslen) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len));
/* We're not waiting for a NewSessionTicket message any more */
ssl->handshake->new_session_ticket = 0;
@@ -4426,33 +4213,32 @@
* Zero-length ticket means the server changed his mind and doesn't want
* to send a ticket after all, so just forget it
*/
- if( ticket_len == 0 )
- return( 0 );
+ if (ticket_len == 0) {
+ return 0;
+ }
- if( ssl->session != NULL && ssl->session->ticket != NULL )
- {
- mbedtls_platform_zeroize( ssl->session->ticket,
- ssl->session->ticket_len );
- mbedtls_free( ssl->session->ticket );
+ if (ssl->session != NULL && ssl->session->ticket != NULL) {
+ mbedtls_platform_zeroize(ssl->session->ticket,
+ ssl->session->ticket_len);
+ mbedtls_free(ssl->session->ticket);
ssl->session->ticket = NULL;
ssl->session->ticket_len = 0;
}
- mbedtls_platform_zeroize( ssl->session_negotiate->ticket,
- ssl->session_negotiate->ticket_len );
- mbedtls_free( ssl->session_negotiate->ticket );
+ mbedtls_platform_zeroize(ssl->session_negotiate->ticket,
+ ssl->session_negotiate->ticket_len);
+ mbedtls_free(ssl->session_negotiate->ticket);
ssl->session_negotiate->ticket = NULL;
ssl->session_negotiate->ticket_len = 0;
- if( ( ticket = mbedtls_calloc( 1, ticket_len ) ) == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "ticket alloc failed" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ if ((ticket = mbedtls_calloc(1, ticket_len)) == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("ticket alloc failed"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
- memcpy( ticket, msg + 6, ticket_len );
+ memcpy(ticket, msg + 6, ticket_len);
ssl->session_negotiate->ticket = ticket;
ssl->session_negotiate->ticket_len = ticket_len;
@@ -4463,149 +4249,149 @@
* "If the client receives a session ticket from the server, then it
* discards any Session ID that was sent in the ServerHello."
*/
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket in use, discarding session id" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ticket in use, discarding session id"));
ssl->session_negotiate->id_len = 0;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse new session ticket" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse new session ticket"));
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
/*
* SSL handshake -- client side -- single step
*/
-int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
{
int ret = 0;
- if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("client state: %d", ssl->state));
- if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
+ return ret;
+ }
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
- {
- if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
- return( ret );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) {
+ if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) {
+ return ret;
+ }
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/* Change state now, so that it is right in mbedtls_ssl_read_record(), used
* by DTLS for dropping out-of-sequence ChangeCipherSpec records */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- if( ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC &&
- ssl->handshake->new_session_ticket != 0 )
- {
+ if (ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC &&
+ ssl->handshake->new_session_ticket != 0) {
ssl->state = MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET;
}
#endif
- switch( ssl->state )
- {
+ switch (ssl->state) {
case MBEDTLS_SSL_HELLO_REQUEST:
ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
break;
- /*
- * ==> ClientHello
- */
- case MBEDTLS_SSL_CLIENT_HELLO:
- ret = ssl_write_client_hello( ssl );
- break;
+ /*
+ * ==> ClientHello
+ */
+ case MBEDTLS_SSL_CLIENT_HELLO:
+ ret = ssl_write_client_hello(ssl);
+ break;
- /*
- * <== ServerHello
- * Certificate
- * ( ServerKeyExchange )
- * ( CertificateRequest )
- * ServerHelloDone
- */
- case MBEDTLS_SSL_SERVER_HELLO:
- ret = ssl_parse_server_hello( ssl );
- break;
+ /*
+ * <== ServerHello
+ * Certificate
+ * ( ServerKeyExchange )
+ * ( CertificateRequest )
+ * ServerHelloDone
+ */
+ case MBEDTLS_SSL_SERVER_HELLO:
+ ret = ssl_parse_server_hello(ssl);
+ break;
- case MBEDTLS_SSL_SERVER_CERTIFICATE:
- ret = mbedtls_ssl_parse_certificate( ssl );
- break;
+ case MBEDTLS_SSL_SERVER_CERTIFICATE:
+ ret = mbedtls_ssl_parse_certificate(ssl);
+ break;
- case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
- ret = ssl_parse_server_key_exchange( ssl );
- break;
+ case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
+ ret = ssl_parse_server_key_exchange(ssl);
+ break;
- case MBEDTLS_SSL_CERTIFICATE_REQUEST:
- ret = ssl_parse_certificate_request( ssl );
- break;
+ case MBEDTLS_SSL_CERTIFICATE_REQUEST:
+ ret = ssl_parse_certificate_request(ssl);
+ break;
- case MBEDTLS_SSL_SERVER_HELLO_DONE:
- ret = ssl_parse_server_hello_done( ssl );
- break;
+ case MBEDTLS_SSL_SERVER_HELLO_DONE:
+ ret = ssl_parse_server_hello_done(ssl);
+ break;
- /*
- * ==> ( Certificate/Alert )
- * ClientKeyExchange
- * ( CertificateVerify )
- * ChangeCipherSpec
- * Finished
- */
- case MBEDTLS_SSL_CLIENT_CERTIFICATE:
- ret = mbedtls_ssl_write_certificate( ssl );
- break;
+ /*
+ * ==> ( Certificate/Alert )
+ * ClientKeyExchange
+ * ( CertificateVerify )
+ * ChangeCipherSpec
+ * Finished
+ */
+ case MBEDTLS_SSL_CLIENT_CERTIFICATE:
+ ret = mbedtls_ssl_write_certificate(ssl);
+ break;
- case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
- ret = ssl_write_client_key_exchange( ssl );
- break;
+ case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
+ ret = ssl_write_client_key_exchange(ssl);
+ break;
- case MBEDTLS_SSL_CERTIFICATE_VERIFY:
- ret = ssl_write_certificate_verify( ssl );
- break;
+ case MBEDTLS_SSL_CERTIFICATE_VERIFY:
+ ret = ssl_write_certificate_verify(ssl);
+ break;
- case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
- ret = mbedtls_ssl_write_change_cipher_spec( ssl );
- break;
+ case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
+ ret = mbedtls_ssl_write_change_cipher_spec(ssl);
+ break;
- case MBEDTLS_SSL_CLIENT_FINISHED:
- ret = mbedtls_ssl_write_finished( ssl );
- break;
+ case MBEDTLS_SSL_CLIENT_FINISHED:
+ ret = mbedtls_ssl_write_finished(ssl);
+ break;
- /*
- * <== ( NewSessionTicket )
- * ChangeCipherSpec
- * Finished
- */
+ /*
+ * <== ( NewSessionTicket )
+ * ChangeCipherSpec
+ * Finished
+ */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:
- ret = ssl_parse_new_session_ticket( ssl );
- break;
+ case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:
+ ret = ssl_parse_new_session_ticket(ssl);
+ break;
#endif
- case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
- ret = mbedtls_ssl_parse_change_cipher_spec( ssl );
- break;
+ case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
+ ret = mbedtls_ssl_parse_change_cipher_spec(ssl);
+ break;
- case MBEDTLS_SSL_SERVER_FINISHED:
- ret = mbedtls_ssl_parse_finished( ssl );
- break;
+ case MBEDTLS_SSL_SERVER_FINISHED:
+ ret = mbedtls_ssl_parse_finished(ssl);
+ break;
- case MBEDTLS_SSL_FLUSH_BUFFERS:
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
- ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
- break;
+ case MBEDTLS_SSL_FLUSH_BUFFERS:
+ MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done"));
+ ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
+ break;
- case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
- mbedtls_ssl_handshake_wrapup( ssl );
- break;
+ case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
+ mbedtls_ssl_handshake_wrapup(ssl);
+ break;
- default:
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
+ default:
+ MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SSL_CLI_C */
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index f12f28e..1ac9c41 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -60,105 +60,108 @@
* Cookies are formed of a 4-bytes timestamp (or serial number) and
* an HMAC of timestamp and client ID.
*/
-#define COOKIE_LEN ( 4 + COOKIE_HMAC_LEN )
+#define COOKIE_LEN (4 + COOKIE_HMAC_LEN)
-void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx )
+void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx)
{
- mbedtls_md_init( &ctx->hmac_ctx );
+ mbedtls_md_init(&ctx->hmac_ctx);
#if !defined(MBEDTLS_HAVE_TIME)
ctx->serial = 0;
#endif
ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT;
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &ctx->mutex );
+ mbedtls_mutex_init(&ctx->mutex);
#endif
}
-void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay )
+void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long delay)
{
ctx->timeout = delay;
}
-void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
+void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx)
{
- mbedtls_md_free( &ctx->hmac_ctx );
+ mbedtls_md_free(&ctx->hmac_ctx);
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_free( &ctx->mutex );
+ mbedtls_mutex_free(&ctx->mutex);
#endif
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_cookie_ctx));
}
-int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char key[COOKIE_MD_OUTLEN];
- if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
- return( ret );
+ if ((ret = f_rng(p_rng, key, sizeof(key))) != 0) {
+ return ret;
+ }
- ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_md_setup(&ctx->hmac_ctx, mbedtls_md_info_from_type(COOKIE_MD), 1);
+ if (ret != 0) {
+ return ret;
+ }
- ret = mbedtls_md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_md_hmac_starts(&ctx->hmac_ctx, key, sizeof(key));
+ if (ret != 0) {
+ return ret;
+ }
- mbedtls_platform_zeroize( key, sizeof( key ) );
+ mbedtls_platform_zeroize(key, sizeof(key));
- return( 0 );
+ return 0;
}
/*
* Generate the HMAC part of a cookie
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx,
- const unsigned char time[4],
- unsigned char **p, unsigned char *end,
- const unsigned char *cli_id, size_t cli_id_len )
+static int ssl_cookie_hmac(mbedtls_md_context_t *hmac_ctx,
+ const unsigned char time[4],
+ unsigned char **p, unsigned char *end,
+ const unsigned char *cli_id, size_t cli_id_len)
{
unsigned char hmac_out[COOKIE_MD_OUTLEN];
- MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_HMAC_LEN );
+ MBEDTLS_SSL_CHK_BUF_PTR(*p, end, COOKIE_HMAC_LEN);
- if( mbedtls_md_hmac_reset( hmac_ctx ) != 0 ||
- mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 ||
- mbedtls_md_hmac_update( hmac_ctx, cli_id, cli_id_len ) != 0 ||
- mbedtls_md_hmac_finish( hmac_ctx, hmac_out ) != 0 )
- {
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (mbedtls_md_hmac_reset(hmac_ctx) != 0 ||
+ mbedtls_md_hmac_update(hmac_ctx, time, 4) != 0 ||
+ mbedtls_md_hmac_update(hmac_ctx, cli_id, cli_id_len) != 0 ||
+ mbedtls_md_hmac_finish(hmac_ctx, hmac_out) != 0) {
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- memcpy( *p, hmac_out, COOKIE_HMAC_LEN );
+ memcpy(*p, hmac_out, COOKIE_HMAC_LEN);
*p += COOKIE_HMAC_LEN;
- return( 0 );
+ return 0;
}
/*
* Generate cookie for DTLS ClientHello verification
*/
-int mbedtls_ssl_cookie_write( void *p_ctx,
- unsigned char **p, unsigned char *end,
- const unsigned char *cli_id, size_t cli_id_len )
+int mbedtls_ssl_cookie_write(void *p_ctx,
+ unsigned char **p, unsigned char *end,
+ const unsigned char *cli_id, size_t cli_id_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
unsigned long t;
- if( ctx == NULL || cli_id == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ctx == NULL || cli_id == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_LEN );
+ MBEDTLS_SSL_CHK_BUF_PTR(*p, end, COOKIE_LEN);
#if defined(MBEDTLS_HAVE_TIME)
- t = (unsigned long) mbedtls_time( NULL );
+ t = (unsigned long) mbedtls_time(NULL);
#else
t = ctx->serial++;
#endif
@@ -167,28 +170,30 @@
*p += 4;
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
+ if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret);
+ }
#endif
- ret = ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4,
- p, end, cli_id, cli_id_len );
+ ret = ssl_cookie_hmac(&ctx->hmac_ctx, *p - 4,
+ p, end, cli_id, cli_id_len);
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR,
- MBEDTLS_ERR_THREADING_MUTEX_ERROR ) );
+ if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR,
+ MBEDTLS_ERR_THREADING_MUTEX_ERROR);
+ }
#endif
- return( ret );
+ return ret;
}
/*
* Check a cookie
*/
-int mbedtls_ssl_cookie_check( void *p_ctx,
- const unsigned char *cookie, size_t cookie_len,
- const unsigned char *cli_id, size_t cli_id_len )
+int mbedtls_ssl_cookie_check(void *p_ctx,
+ const unsigned char *cookie, size_t cookie_len,
+ const unsigned char *cli_id, size_t cli_id_len)
{
unsigned char ref_hmac[COOKIE_HMAC_LEN];
int ret = 0;
@@ -196,58 +201,60 @@
mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
unsigned long cur_time, cookie_time;
- if( ctx == NULL || cli_id == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ctx == NULL || cli_id == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- if( cookie_len != COOKIE_LEN )
- return( -1 );
+ if (cookie_len != COOKIE_LEN) {
+ return -1;
+ }
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
-#endif
-
- if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie,
- &p, p + sizeof( ref_hmac ),
- cli_id, cli_id_len ) != 0 )
- ret = -1;
-
-#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
- {
- ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR,
- MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+ if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret);
}
#endif
- if( ret != 0 )
- goto exit;
+ if (ssl_cookie_hmac(&ctx->hmac_ctx, cookie,
+ &p, p + sizeof(ref_hmac),
+ cli_id, cli_id_len) != 0) {
+ ret = -1;
+ }
- if( mbedtls_ct_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
- {
+#if defined(MBEDTLS_THREADING_C)
+ if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+ ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR,
+ MBEDTLS_ERR_THREADING_MUTEX_ERROR);
+ }
+#endif
+
+ if (ret != 0) {
+ goto exit;
+ }
+
+ if (mbedtls_ct_memcmp(cookie + 4, ref_hmac, sizeof(ref_hmac)) != 0) {
ret = -1;
goto exit;
}
#if defined(MBEDTLS_HAVE_TIME)
- cur_time = (unsigned long) mbedtls_time( NULL );
+ cur_time = (unsigned long) mbedtls_time(NULL);
#else
cur_time = ctx->serial;
#endif
- cookie_time = ( (unsigned long) cookie[0] << 24 ) |
- ( (unsigned long) cookie[1] << 16 ) |
- ( (unsigned long) cookie[2] << 8 ) |
- ( (unsigned long) cookie[3] );
+ cookie_time = ((unsigned long) cookie[0] << 24) |
+ ((unsigned long) cookie[1] << 16) |
+ ((unsigned long) cookie[2] << 8) |
+ ((unsigned long) cookie[3]);
- if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout )
- {
+ if (ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout) {
ret = -1;
goto exit;
}
exit:
- mbedtls_platform_zeroize( ref_hmac, sizeof( ref_hmac ) );
- return( ret );
+ mbedtls_platform_zeroize(ref_hmac, sizeof(ref_hmac));
+ return ret;
}
#endif /* MBEDTLS_SSL_COOKIE_C */
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index d7bebe0..a38e764 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -52,81 +52,77 @@
#include "mbedtls/oid.h"
#endif
-static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl );
+static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl);
/*
* Start a timer.
* Passing millisecs = 0 cancels a running timer.
*/
-void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs )
+void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs)
{
- if( ssl->f_set_timer == NULL )
+ if (ssl->f_set_timer == NULL) {
return;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "set_timer to %d ms", (int) millisecs ) );
- ssl->f_set_timer( ssl->p_timer, millisecs / 4, millisecs );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("set_timer to %d ms", (int) millisecs));
+ ssl->f_set_timer(ssl->p_timer, millisecs / 4, millisecs);
}
/*
* Return -1 is timer is expired, 0 if it isn't.
*/
-int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl)
{
- if( ssl->f_get_timer == NULL )
- return( 0 );
-
- if( ssl->f_get_timer( ssl->p_timer ) == 2 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) );
- return( -1 );
+ if (ssl->f_get_timer == NULL) {
+ return 0;
}
- return( 0 );
+ if (ssl->f_get_timer(ssl->p_timer) == 2) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("timer expired"));
+ return -1;
+ }
+
+ return 0;
}
#if defined(MBEDTLS_SSL_RECORD_CHECKING)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
- unsigned char *buf,
- size_t len,
- mbedtls_record *rec );
+static int ssl_parse_record_header(mbedtls_ssl_context const *ssl,
+ unsigned char *buf,
+ size_t len,
+ mbedtls_record *rec);
-int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
- unsigned char *buf,
- size_t buflen )
+int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl,
+ unsigned char *buf,
+ size_t buflen)
{
int ret = 0;
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) );
- MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("=> mbedtls_ssl_check_record"));
+ MBEDTLS_SSL_DEBUG_BUF(3, "record buffer", buf, buflen);
/* We don't support record checking in TLS because
* (a) there doesn't seem to be a usecase for it, and
* (b) In SSLv3 and TLS 1.0, CBC record decryption has state
* and we'd need to backup the transform here.
*/
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM) {
ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
goto exit;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- else
- {
+ else {
mbedtls_record rec;
- ret = ssl_parse_record_header( ssl, buf, buflen, &rec );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 3, "ssl_parse_record_header", ret );
+ ret = ssl_parse_record_header(ssl, buf, buflen, &rec);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(3, "ssl_parse_record_header", ret);
goto exit;
}
- if( ssl->transform_in != NULL )
- {
- ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in, &rec );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 3, "mbedtls_ssl_decrypt_buf", ret );
+ if (ssl->transform_in != NULL) {
+ ret = mbedtls_ssl_decrypt_buf(ssl, ssl->transform_in, &rec);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(3, "mbedtls_ssl_decrypt_buf", ret);
goto exit;
}
}
@@ -136,18 +132,17 @@
exit:
/* On success, we have decrypted the buffer in-place, so make
* sure we don't leak any plaintext data. */
- mbedtls_platform_zeroize( buf, buflen );
+ mbedtls_platform_zeroize(buf, buflen);
/* For the purpose of this API, treat messages with unexpected CID
* as well as such from future epochs as unexpected. */
- if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID ||
- ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
- {
+ if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID ||
+ ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) {
ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
}
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) );
- return( ret );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("<= mbedtls_ssl_check_record"));
+ return ret;
}
#endif /* MBEDTLS_SSL_RECORD_CHECKING */
@@ -157,65 +152,66 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
/* Forward declarations for functions related to message buffering. */
-static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
- uint8_t slot );
-static void ssl_free_buffered_record( mbedtls_ssl_context *ssl );
+static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl,
+ uint8_t slot);
+static void ssl_free_buffered_record(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_load_buffered_message( mbedtls_ssl_context *ssl );
+static int ssl_load_buffered_message(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_load_buffered_record( mbedtls_ssl_context *ssl );
+static int ssl_load_buffered_record(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_buffer_message( mbedtls_ssl_context *ssl );
+static int ssl_buffer_message(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
- mbedtls_record const *rec );
+static int ssl_buffer_future_record(mbedtls_ssl_context *ssl,
+ mbedtls_record const *rec);
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl );
+static int ssl_next_record_is_in_datagram(mbedtls_ssl_context *ssl);
-static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
+static size_t ssl_get_maximum_datagram_size(mbedtls_ssl_context const *ssl)
{
- size_t mtu = mbedtls_ssl_get_current_mtu( ssl );
+ size_t mtu = mbedtls_ssl_get_current_mtu(ssl);
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
size_t out_buf_len = ssl->out_buf_len;
#else
size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
#endif
- if( mtu != 0 && mtu < out_buf_len )
- return( mtu );
+ if (mtu != 0 && mtu < out_buf_len) {
+ return mtu;
+ }
- return( out_buf_len );
+ return out_buf_len;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl )
+static int ssl_get_remaining_space_in_datagram(mbedtls_ssl_context const *ssl)
{
size_t const bytes_written = ssl->out_left;
- size_t const mtu = ssl_get_maximum_datagram_size( ssl );
+ size_t const mtu = ssl_get_maximum_datagram_size(ssl);
/* Double-check that the write-index hasn't gone
* past what we can transmit in a single datagram. */
- if( bytes_written > mtu )
- {
+ if (bytes_written > mtu) {
/* Should never happen... */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- return( (int) ( mtu - bytes_written ) );
+ return (int) (mtu - bytes_written);
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl )
+static int ssl_get_remaining_payload_in_datagram(mbedtls_ssl_context const *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t remaining, expansion;
size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl );
+ const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl);
- if( max_len > mfl )
+ if (max_len > mfl) {
max_len = mfl;
+ }
/* By the standard (RFC 6066 Sect. 4), the MFL extension
* only limits the maximum record payload size, so in theory
@@ -226,30 +222,35 @@
* The following reduction of max_len makes sure that we never
* write datagrams larger than MFL + Record Expansion Overhead.
*/
- if( max_len <= ssl->out_left )
- return( 0 );
+ if (max_len <= ssl->out_left) {
+ return 0;
+ }
max_len -= ssl->out_left;
#endif
- ret = ssl_get_remaining_space_in_datagram( ssl );
- if( ret < 0 )
- return( ret );
+ ret = ssl_get_remaining_space_in_datagram(ssl);
+ if (ret < 0) {
+ return ret;
+ }
remaining = (size_t) ret;
- ret = mbedtls_ssl_get_record_expansion( ssl );
- if( ret < 0 )
- return( ret );
+ ret = mbedtls_ssl_get_record_expansion(ssl);
+ if (ret < 0) {
+ return ret;
+ }
expansion = (size_t) ret;
- if( remaining <= expansion )
- return( 0 );
+ if (remaining <= expansion) {
+ return 0;
+ }
remaining -= expansion;
- if( remaining >= max_len )
+ if (remaining >= max_len) {
remaining = max_len;
+ }
- return( (int) remaining );
+ return (int) remaining;
}
/*
@@ -257,12 +258,13 @@
* returning -1 if the maximum value has already been reached.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
+static int ssl_double_retransmit_timeout(mbedtls_ssl_context *ssl)
{
uint32_t new_timeout;
- if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max )
- return( -1 );
+ if (ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max) {
+ return -1;
+ }
/* Implement the final paragraph of RFC 6347 section 4.1.1.1
* in the following way: after the initial transmission and a first
@@ -270,49 +272,47 @@
* This value is guaranteed to be deliverable (if not guaranteed to be
* delivered) of any compliant IPv4 (and IPv6) network, and should work
* on most non-IP stacks too. */
- if( ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min )
- {
+ if (ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min) {
ssl->handshake->mtu = 508;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "mtu autoreduction to %d bytes", ssl->handshake->mtu ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("mtu autoreduction to %d bytes", ssl->handshake->mtu));
}
new_timeout = 2 * ssl->handshake->retransmit_timeout;
/* Avoid arithmetic overflow and range overflow */
- if( new_timeout < ssl->handshake->retransmit_timeout ||
- new_timeout > ssl->conf->hs_timeout_max )
- {
+ if (new_timeout < ssl->handshake->retransmit_timeout ||
+ new_timeout > ssl->conf->hs_timeout_max) {
new_timeout = ssl->conf->hs_timeout_max;
}
ssl->handshake->retransmit_timeout = new_timeout;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs",
- (unsigned long) ssl->handshake->retransmit_timeout ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("update timeout value to %lu millisecs",
+ (unsigned long) ssl->handshake->retransmit_timeout));
- return( 0 );
+ return 0;
}
-static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
+static void ssl_reset_retransmit_timeout(mbedtls_ssl_context *ssl)
{
ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs",
- (unsigned long) ssl->handshake->retransmit_timeout ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("update timeout value to %lu millisecs",
+ (unsigned long) ssl->handshake->retransmit_timeout));
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
-int (*mbedtls_ssl_hw_record_init)( mbedtls_ssl_context *ssl,
- const unsigned char *key_enc, const unsigned char *key_dec,
- size_t keylen,
- const unsigned char *iv_enc, const unsigned char *iv_dec,
- size_t ivlen,
- const unsigned char *mac_enc, const unsigned char *mac_dec,
- size_t maclen ) = NULL;
-int (*mbedtls_ssl_hw_record_activate)( mbedtls_ssl_context *ssl, int direction) = NULL;
-int (*mbedtls_ssl_hw_record_reset)( mbedtls_ssl_context *ssl ) = NULL;
-int (*mbedtls_ssl_hw_record_write)( mbedtls_ssl_context *ssl ) = NULL;
-int (*mbedtls_ssl_hw_record_read)( mbedtls_ssl_context *ssl ) = NULL;
-int (*mbedtls_ssl_hw_record_finish)( mbedtls_ssl_context *ssl ) = NULL;
+int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl,
+ const unsigned char *key_enc, const unsigned char *key_dec,
+ size_t keylen,
+ const unsigned char *iv_enc, const unsigned char *iv_dec,
+ size_t ivlen,
+ const unsigned char *mac_enc, const unsigned char *mac_dec,
+ size_t maclen) = NULL;
+int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction) = NULL;
+int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl) = NULL;
+int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl) = NULL;
+int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl) = NULL;
+int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl) = NULL;
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
/*
@@ -322,10 +322,10 @@
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) || \
defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-static size_t ssl_compute_padding_length( size_t len,
- size_t granularity )
+static size_t ssl_compute_padding_length(size_t len,
+ size_t granularity)
{
- return( ( granularity - ( len + 1 ) % granularity ) % granularity );
+ return (granularity - (len + 1) % granularity) % granularity;
}
/* This functions transforms a (D)TLS plaintext fragment and a record content
@@ -357,62 +357,64 @@
* for the expansion.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_build_inner_plaintext( unsigned char *content,
- size_t *content_size,
- size_t remaining,
- uint8_t rec_type,
- size_t pad )
+static int ssl_build_inner_plaintext(unsigned char *content,
+ size_t *content_size,
+ size_t remaining,
+ uint8_t rec_type,
+ size_t pad)
{
size_t len = *content_size;
/* Write real content type */
- if( remaining == 0 )
- return( -1 );
- content[ len ] = rec_type;
+ if (remaining == 0) {
+ return -1;
+ }
+ content[len] = rec_type;
len++;
remaining--;
- if( remaining < pad )
- return( -1 );
- memset( content + len, 0, pad );
+ if (remaining < pad) {
+ return -1;
+ }
+ memset(content + len, 0, pad);
len += pad;
remaining -= pad;
*content_size = len;
- return( 0 );
+ return 0;
}
/* This function parses a (D)TLSInnerPlaintext structure.
* See ssl_build_inner_plaintext() for details. */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_inner_plaintext( unsigned char const *content,
- size_t *content_size,
- uint8_t *rec_type )
+static int ssl_parse_inner_plaintext(unsigned char const *content,
+ size_t *content_size,
+ uint8_t *rec_type)
{
size_t remaining = *content_size;
/* Determine length of padding by skipping zeroes from the back. */
- do
- {
- if( remaining == 0 )
- return( -1 );
+ do {
+ if (remaining == 0) {
+ return -1;
+ }
remaining--;
- } while( content[ remaining ] == 0 );
+ } while (content[remaining] == 0);
*content_size = remaining;
- *rec_type = content[ remaining ];
+ *rec_type = content[remaining];
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID ||
MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
/* `add_data` must have size 13 Bytes if the CID extension is disabled,
* and 13 + 1 + CID-length Bytes if the CID extension is enabled. */
-static void ssl_extract_add_data_from_record( unsigned char* add_data,
- size_t *add_data_len,
- mbedtls_record *rec,
- unsigned minor_ver )
+static void ssl_extract_add_data_from_record(unsigned char *add_data,
+ size_t *add_data_len,
+ mbedtls_record *rec,
+ unsigned minor_ver)
{
/* Quoting RFC 5246 (TLS 1.2):
*
@@ -437,38 +439,36 @@
int is_tls13 = 0;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+ if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) {
is_tls13 = 1;
+ }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
- if( !is_tls13 )
- {
+ if (!is_tls13) {
((void) minor_ver);
- memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
- cur += sizeof( rec->ctr );
+ memcpy(cur, rec->ctr, sizeof(rec->ctr));
+ cur += sizeof(rec->ctr);
}
*cur = rec->type;
cur++;
- memcpy( cur, rec->ver, sizeof( rec->ver ) );
- cur += sizeof( rec->ver );
+ memcpy(cur, rec->ver, sizeof(rec->ver));
+ cur += sizeof(rec->ver);
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if( rec->cid_len != 0 )
- {
- memcpy( cur, rec->cid, rec->cid_len );
+ if (rec->cid_len != 0) {
+ memcpy(cur, rec->cid, rec->cid_len);
cur += rec->cid_len;
*cur = rec->cid_len;
cur++;
- MBEDTLS_PUT_UINT16_BE( rec->data_len, cur, 0 );
+ MBEDTLS_PUT_UINT16_BE(rec->data_len, cur, 0);
cur += 2;
- }
- else
+ } else
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
{
- MBEDTLS_PUT_UINT16_BE( rec->data_len, cur, 0 );
+ MBEDTLS_PUT_UINT16_BE(rec->data_len, cur, 0);
cur += 2;
}
@@ -483,67 +483,79 @@
* SSLv3.0 MAC functions
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_mac( mbedtls_md_context_t *md_ctx,
- const unsigned char *secret,
- const unsigned char *buf, size_t len,
- const unsigned char *ctr, int type,
- unsigned char out[SSL3_MAC_MAX_BYTES] )
+static int ssl_mac(mbedtls_md_context_t *md_ctx,
+ const unsigned char *secret,
+ const unsigned char *buf, size_t len,
+ const unsigned char *ctr, int type,
+ unsigned char out[SSL3_MAC_MAX_BYTES])
{
unsigned char header[11];
unsigned char padding[48];
int padlen;
- int md_size = mbedtls_md_get_size( md_ctx->md_info );
- int md_type = mbedtls_md_get_type( md_ctx->md_info );
+ int md_size = mbedtls_md_get_size(md_ctx->md_info);
+ int md_type = mbedtls_md_get_type(md_ctx->md_info);
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Only MD5 and SHA-1 supported */
- if( md_type == MBEDTLS_MD_MD5 )
+ if (md_type == MBEDTLS_MD_MD5) {
padlen = 48;
- else
+ } else {
padlen = 40;
+ }
- memcpy( header, ctr, 8 );
+ memcpy(header, ctr, 8);
header[8] = (unsigned char) type;
- MBEDTLS_PUT_UINT16_BE( len, header, 9);
+ MBEDTLS_PUT_UINT16_BE(len, header, 9);
- memset( padding, 0x36, padlen );
- ret = mbedtls_md_starts( md_ctx );
- if( ret != 0 )
- return( ret );
- ret = mbedtls_md_update( md_ctx, secret, md_size );
- if( ret != 0 )
- return( ret );
- ret = mbedtls_md_update( md_ctx, padding, padlen );
- if( ret != 0 )
- return( ret );
- ret = mbedtls_md_update( md_ctx, header, 11 );
- if( ret != 0 )
- return( ret );
- ret = mbedtls_md_update( md_ctx, buf, len );
- if( ret != 0 )
- return( ret );
- ret = mbedtls_md_finish( md_ctx, out );
- if( ret != 0 )
- return( ret );
+ memset(padding, 0x36, padlen);
+ ret = mbedtls_md_starts(md_ctx);
+ if (ret != 0) {
+ return ret;
+ }
+ ret = mbedtls_md_update(md_ctx, secret, md_size);
+ if (ret != 0) {
+ return ret;
+ }
+ ret = mbedtls_md_update(md_ctx, padding, padlen);
+ if (ret != 0) {
+ return ret;
+ }
+ ret = mbedtls_md_update(md_ctx, header, 11);
+ if (ret != 0) {
+ return ret;
+ }
+ ret = mbedtls_md_update(md_ctx, buf, len);
+ if (ret != 0) {
+ return ret;
+ }
+ ret = mbedtls_md_finish(md_ctx, out);
+ if (ret != 0) {
+ return ret;
+ }
- memset( padding, 0x5C, padlen );
- ret = mbedtls_md_starts( md_ctx );
- if( ret != 0 )
- return( ret );
- ret = mbedtls_md_update( md_ctx, secret, md_size );
- if( ret != 0 )
- return( ret );
- ret = mbedtls_md_update( md_ctx, padding, padlen );
- if( ret != 0 )
- return( ret );
- ret = mbedtls_md_update( md_ctx, out, md_size );
- if( ret != 0 )
- return( ret );
- ret = mbedtls_md_finish( md_ctx, out );
- if( ret != 0 )
- return( ret );
+ memset(padding, 0x5C, padlen);
+ ret = mbedtls_md_starts(md_ctx);
+ if (ret != 0) {
+ return ret;
+ }
+ ret = mbedtls_md_update(md_ctx, secret, md_size);
+ if (ret != 0) {
+ return ret;
+ }
+ ret = mbedtls_md_update(md_ctx, padding, padlen);
+ if (ret != 0) {
+ return ret;
+ }
+ ret = mbedtls_md_update(md_ctx, out, md_size);
+ if (ret != 0) {
+ return ret;
+ }
+ ret = mbedtls_md_finish(md_ctx, out);
+ if (ret != 0) {
+ return ret;
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
@@ -552,9 +564,9 @@
defined(MBEDTLS_CHACHAPOLY_C)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_transform_aead_dynamic_iv_is_explicit(
- mbedtls_ssl_transform const *transform )
+ mbedtls_ssl_transform const *transform)
{
- return( transform->ivlen != transform->fixed_ivlen );
+ return transform->ivlen != transform->fixed_ivlen;
}
/* Compute IV := ( fixed_iv || 0 ) XOR ( 0 || dynamic_IV )
@@ -580,35 +592,36 @@
* which has to be ensured by the caller. If this precondition
* violated, the behavior of this function is undefined.
*/
-static void ssl_build_record_nonce( unsigned char *dst_iv,
- size_t dst_iv_len,
- unsigned char const *fixed_iv,
- size_t fixed_iv_len,
- unsigned char const *dynamic_iv,
- size_t dynamic_iv_len )
+static void ssl_build_record_nonce(unsigned char *dst_iv,
+ size_t dst_iv_len,
+ unsigned char const *fixed_iv,
+ size_t fixed_iv_len,
+ unsigned char const *dynamic_iv,
+ size_t dynamic_iv_len)
{
size_t i;
/* Start with Fixed IV || 0 */
- memset( dst_iv, 0, dst_iv_len );
- memcpy( dst_iv, fixed_iv, fixed_iv_len );
+ memset(dst_iv, 0, dst_iv_len);
+ memcpy(dst_iv, fixed_iv, fixed_iv_len);
dst_iv += dst_iv_len - dynamic_iv_len;
- for( i = 0; i < dynamic_iv_len; i++ )
+ for (i = 0; i < dynamic_iv_len; i++) {
dst_iv[i] ^= dynamic_iv[i];
+ }
}
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
-int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
- mbedtls_ssl_transform *transform,
- mbedtls_record *rec,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform,
+ mbedtls_record *rec,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
mbedtls_cipher_mode_t mode;
int auth_done = 0;
- unsigned char * data;
- unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
+ unsigned char *data;
+ unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX];
size_t add_data_len;
size_t post_avail;
@@ -620,46 +633,43 @@
/* The PRNG is used for dynamic IV generation that's used
* for CBC transformations in TLS 1.1 and TLS 1.2. */
-#if !( defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
- ( defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) ) )
+#if !(defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
+ (defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)))
((void) f_rng);
((void) p_rng);
#endif
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> encrypt buf"));
- if( transform == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "no transform provided to encrypt_buf" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (transform == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("no transform provided to encrypt_buf"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- if( rec == NULL
+ if (rec == NULL
|| rec->buf == NULL
|| rec->buf_len < rec->data_offset
|| rec->buf_len - rec->data_offset < rec->data_len
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|| rec->cid_len != 0
#endif
- )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to encrypt_buf" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ ) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad record structure provided to encrypt_buf"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
data = rec->buf + rec->data_offset;
- post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
- MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
- data, rec->data_len );
+ post_avail = rec->buf_len - (rec->data_len + rec->data_offset);
+ MBEDTLS_SSL_DEBUG_BUF(4, "before encrypt: output payload",
+ data, rec->data_len);
- mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc );
+ mode = mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc);
- if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %" MBEDTLS_PRINTF_SIZET
- " too large, maximum %" MBEDTLS_PRINTF_SIZET,
- rec->data_len,
- (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Record content %" MBEDTLS_PRINTF_SIZET
+ " too large, maximum %" MBEDTLS_PRINTF_SIZET,
+ rec->data_len,
+ (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
/* The following two code paths implement the (D)TLSInnerPlaintext
@@ -675,18 +685,16 @@
* is hence no risk of double-addition of the inner plaintext.
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
- if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
- {
+ if (transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) {
size_t padding =
- ssl_compute_padding_length( rec->data_len,
- MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY );
- if( ssl_build_inner_plaintext( data,
- &rec->data_len,
- post_avail,
- rec->type,
- padding ) != 0 )
- {
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ ssl_compute_padding_length(rec->data_len,
+ MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY);
+ if (ssl_build_inner_plaintext(data,
+ &rec->data_len,
+ post_avail,
+ rec->type,
+ padding) != 0) {
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
}
rec->type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
@@ -698,14 +706,13 @@
* Add CID information
*/
rec->cid_len = transform->out_cid_len;
- memcpy( rec->cid, transform->out_cid, transform->out_cid_len );
- MBEDTLS_SSL_DEBUG_BUF( 3, "CID", rec->cid, rec->cid_len );
+ memcpy(rec->cid, transform->out_cid, transform->out_cid_len);
+ MBEDTLS_SSL_DEBUG_BUF(3, "CID", rec->cid, rec->cid_len);
- if( rec->cid_len != 0 )
- {
+ if (rec->cid_len != 0) {
size_t padding =
- ssl_compute_padding_length( rec->data_len,
- MBEDTLS_SSL_CID_PADDING_GRANULARITY );
+ ssl_compute_padding_length(rec->data_len,
+ MBEDTLS_SSL_CID_PADDING_GRANULARITY);
/*
* Wrap plaintext into DTLSInnerPlaintext structure.
* See ssl_build_inner_plaintext() for more information.
@@ -713,100 +720,96 @@
* Note that this changes `rec->data_len`, and hence
* `post_avail` needs to be recalculated afterwards.
*/
- if( ssl_build_inner_plaintext( data,
- &rec->data_len,
- post_avail,
- rec->type,
- padding ) != 0 )
- {
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ if (ssl_build_inner_plaintext(data,
+ &rec->data_len,
+ post_avail,
+ rec->type,
+ padding) != 0) {
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
}
rec->type = MBEDTLS_SSL_MSG_CID;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
+ post_avail = rec->buf_len - (rec->data_len + rec->data_offset);
/*
* Add MAC before if needed
*/
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
- if( mode == MBEDTLS_MODE_STREAM ||
- ( mode == MBEDTLS_MODE_CBC
+ if (mode == MBEDTLS_MODE_STREAM ||
+ (mode == MBEDTLS_MODE_CBC
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- && transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
+ && transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
#endif
- ) )
- {
- if( post_avail < transform->maclen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ )) {
+ if (post_avail < transform->maclen) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough"));
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
}
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
- {
+ if (transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) {
unsigned char mac[SSL3_MAC_MAX_BYTES];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ret = ssl_mac( &transform->md_ctx_enc, transform->mac_enc,
- data, rec->data_len, rec->ctr, rec->type, mac );
- if( ret == 0 )
- memcpy( data + rec->data_len, mac, transform->maclen );
- mbedtls_platform_zeroize( mac, transform->maclen );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_mac", ret );
- return( ret );
+ ret = ssl_mac(&transform->md_ctx_enc, transform->mac_enc,
+ data, rec->data_len, rec->ctr, rec->type, mac);
+ if (ret == 0) {
+ memcpy(data + rec->data_len, mac, transform->maclen);
}
- }
- else
+ mbedtls_platform_zeroize(mac, transform->maclen);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_mac", ret);
+ return ret;
+ }
+ } else
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
- {
+ if (transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1) {
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
- transform->minor_ver );
+ ssl_extract_add_data_from_record(add_data, &add_data_len, rec,
+ transform->minor_ver);
- ret = mbedtls_md_hmac_update( &transform->md_ctx_enc,
- add_data, add_data_len );
- if( ret != 0 )
+ ret = mbedtls_md_hmac_update(&transform->md_ctx_enc,
+ add_data, add_data_len);
+ if (ret != 0) {
goto hmac_failed_etm_disabled;
- ret = mbedtls_md_hmac_update( &transform->md_ctx_enc,
- data, rec->data_len );
- if( ret != 0 )
- goto hmac_failed_etm_disabled;
- ret = mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
- if( ret != 0 )
- goto hmac_failed_etm_disabled;
- ret = mbedtls_md_hmac_reset( &transform->md_ctx_enc );
- if( ret != 0 )
- goto hmac_failed_etm_disabled;
-
- memcpy( data + rec->data_len, mac, transform->maclen );
-
- hmac_failed_etm_disabled:
- mbedtls_platform_zeroize( mac, transform->maclen );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_hmac_xxx", ret );
- return( ret );
}
- }
- else
+ ret = mbedtls_md_hmac_update(&transform->md_ctx_enc,
+ data, rec->data_len);
+ if (ret != 0) {
+ goto hmac_failed_etm_disabled;
+ }
+ ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac);
+ if (ret != 0) {
+ goto hmac_failed_etm_disabled;
+ }
+ ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc);
+ if (ret != 0) {
+ goto hmac_failed_etm_disabled;
+ }
+
+ memcpy(data + rec->data_len, mac, transform->maclen);
+
+hmac_failed_etm_disabled:
+ mbedtls_platform_zeroize(mac, transform->maclen);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_hmac_xxx", ret);
+ return ret;
+ }
+ } else
#endif
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", data + rec->data_len,
- transform->maclen );
+ MBEDTLS_SSL_DEBUG_BUF(4, "computed mac", data + rec->data_len,
+ transform->maclen);
rec->data_len += transform->maclen;
post_avail -= transform->maclen;
@@ -818,51 +821,45 @@
* Encrypt
*/
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
- if( mode == MBEDTLS_MODE_STREAM )
- {
+ if (mode == MBEDTLS_MODE_STREAM) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
- "including %d bytes of padding",
- rec->data_len, 0 ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
+ "including %d bytes of padding",
+ rec->data_len, 0));
- if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
- transform->iv_enc, transform->ivlen,
- data, rec->data_len,
- data, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
- return( ret );
+ if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_enc,
+ transform->iv_enc, transform->ivlen,
+ data, rec->data_len,
+ data, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret);
+ return ret;
}
- if( rec->data_len != olen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (rec->data_len != olen) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- }
- else
+ } else
#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
- if( mode == MBEDTLS_MODE_GCM ||
+ if (mode == MBEDTLS_MODE_GCM ||
mode == MBEDTLS_MODE_CCM ||
- mode == MBEDTLS_MODE_CHACHAPOLY )
- {
+ mode == MBEDTLS_MODE_CHACHAPOLY) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char iv[12];
unsigned char *dynamic_iv;
size_t dynamic_iv_len;
int dynamic_iv_is_explicit =
- ssl_transform_aead_dynamic_iv_is_explicit( transform );
+ ssl_transform_aead_dynamic_iv_is_explicit(transform);
/* Check that there's space for the authentication tag. */
- if( post_avail < transform->taglen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ if (post_avail < transform->taglen) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough"));
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
}
/*
@@ -878,95 +875,91 @@
* record sequence number here in all cases.
*/
dynamic_iv = rec->ctr;
- dynamic_iv_len = sizeof( rec->ctr );
+ dynamic_iv_len = sizeof(rec->ctr);
- ssl_build_record_nonce( iv, sizeof( iv ),
- transform->iv_enc,
- transform->fixed_ivlen,
- dynamic_iv,
- dynamic_iv_len );
+ ssl_build_record_nonce(iv, sizeof(iv),
+ transform->iv_enc,
+ transform->fixed_ivlen,
+ dynamic_iv,
+ dynamic_iv_len);
/*
* Build additional data for AEAD encryption.
* This depends on the TLS version.
*/
- ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
- transform->minor_ver );
+ ssl_extract_add_data_from_record(add_data, &add_data_len, rec,
+ transform->minor_ver);
- MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
- iv, transform->ivlen );
- MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)",
- dynamic_iv,
- dynamic_iv_is_explicit ? dynamic_iv_len : 0 );
- MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
- add_data, add_data_len );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
- "including 0 bytes of padding",
- rec->data_len ) );
+ MBEDTLS_SSL_DEBUG_BUF(4, "IV used (internal)",
+ iv, transform->ivlen);
+ MBEDTLS_SSL_DEBUG_BUF(4, "IV used (transmitted)",
+ dynamic_iv,
+ dynamic_iv_is_explicit ? dynamic_iv_len : 0);
+ MBEDTLS_SSL_DEBUG_BUF(4, "additional data used for AEAD",
+ add_data, add_data_len);
+ MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
+ "including 0 bytes of padding",
+ rec->data_len));
/*
* Encrypt and authenticate
*/
- if( ( ret = mbedtls_cipher_auth_encrypt_ext( &transform->cipher_ctx_enc,
- iv, transform->ivlen,
- add_data, add_data_len,
- data, rec->data_len, /* src */
- data, rec->buf_len - (data - rec->buf), /* dst */
- &rec->data_len,
- transform->taglen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret );
- return( ret );
+ if ((ret = mbedtls_cipher_auth_encrypt_ext(&transform->cipher_ctx_enc,
+ iv, transform->ivlen,
+ add_data, add_data_len,
+ data, rec->data_len, /* src */
+ data, rec->buf_len - (data - rec->buf), /* dst */
+ &rec->data_len,
+ transform->taglen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_encrypt", ret);
+ return ret;
}
- MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
- data + rec->data_len - transform->taglen,
- transform->taglen );
+ MBEDTLS_SSL_DEBUG_BUF(4, "after encrypt: tag",
+ data + rec->data_len - transform->taglen,
+ transform->taglen);
/* Account for authentication tag. */
post_avail -= transform->taglen;
/*
* Prefix record content with dynamic IV in case it is explicit.
*/
- if( dynamic_iv_is_explicit != 0 )
- {
- if( rec->data_offset < dynamic_iv_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ if (dynamic_iv_is_explicit != 0) {
+ if (rec->data_offset < dynamic_iv_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough"));
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
}
- memcpy( data - dynamic_iv_len, dynamic_iv, dynamic_iv_len );
+ memcpy(data - dynamic_iv_len, dynamic_iv, dynamic_iv_len);
rec->data_offset -= dynamic_iv_len;
rec->data_len += dynamic_iv_len;
}
auth_done++;
- }
- else
+ } else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
- if( mode == MBEDTLS_MODE_CBC )
- {
+ if (mode == MBEDTLS_MODE_CBC) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t padlen, i;
size_t olen;
/* Currently we're always using minimal padding
* (up to 255 bytes would be allowed). */
- padlen = transform->ivlen - ( rec->data_len + 1 ) % transform->ivlen;
- if( padlen == transform->ivlen )
+ padlen = transform->ivlen - (rec->data_len + 1) % transform->ivlen;
+ if (padlen == transform->ivlen) {
padlen = 0;
-
- /* Check there's enough space in the buffer for the padding. */
- if( post_avail < padlen + 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
- for( i = 0; i <= padlen; i++ )
+ /* Check there's enough space in the buffer for the padding. */
+ if (post_avail < padlen + 1) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough"));
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
+ }
+
+ for (i = 0; i <= padlen; i++) {
data[rec->data_len + i] = (unsigned char) padlen;
+ }
rec->data_len += padlen + 1;
post_avail -= padlen + 1;
@@ -976,65 +969,60 @@
* Prepend per-record IV for block cipher in TLS v1.1 and up as per
* Method 1 (6.2.3.2. in RFC4346 and RFC5246)
*/
- if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
- {
- if( f_rng == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "No PRNG provided to encrypt_record routine" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2) {
+ if (f_rng == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("No PRNG provided to encrypt_record routine"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- if( rec->data_offset < transform->ivlen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ if (rec->data_offset < transform->ivlen) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough"));
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
}
/*
* Generate IV
*/
- ret = f_rng( p_rng, transform->iv_enc, transform->ivlen );
- if( ret != 0 )
- return( ret );
+ ret = f_rng(p_rng, transform->iv_enc, transform->ivlen);
+ if (ret != 0) {
+ return ret;
+ }
- memcpy( data - transform->ivlen, transform->iv_enc,
- transform->ivlen );
+ memcpy(data - transform->ivlen, transform->iv_enc,
+ transform->ivlen);
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
- "including %" MBEDTLS_PRINTF_SIZET
- " bytes of IV and %" MBEDTLS_PRINTF_SIZET " bytes of padding",
- rec->data_len, transform->ivlen,
- padlen + 1 ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
+ "including %"
+ MBEDTLS_PRINTF_SIZET
+ " bytes of IV and %" MBEDTLS_PRINTF_SIZET " bytes of padding",
+ rec->data_len, transform->ivlen,
+ padlen + 1));
- if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
- transform->iv_enc,
- transform->ivlen,
- data, rec->data_len,
- data, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
- return( ret );
+ if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_enc,
+ transform->iv_enc,
+ transform->ivlen,
+ data, rec->data_len,
+ data, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret);
+ return ret;
}
- if( rec->data_len != olen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (rec->data_len != olen) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
- if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
- {
+ if (transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2) {
/*
* Save IV in SSL3 and TLS1
*/
- memcpy( transform->iv_enc, transform->cipher_ctx_enc.iv,
- transform->ivlen );
- }
- else
+ memcpy(transform->iv_enc, transform->cipher_ctx_enc.iv,
+ transform->ivlen);
+ } else
#endif
{
data -= transform->ivlen;
@@ -1043,8 +1031,7 @@
}
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( auth_done == 0 )
- {
+ if (auth_done == 0) {
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
/*
@@ -1056,72 +1043,72 @@
* ENC(content + padding + padding_length));
*/
- if( post_avail < transform->maclen)
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ if (post_avail < transform->maclen) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough"));
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
}
- ssl_extract_add_data_from_record( add_data, &add_data_len,
- rec, transform->minor_ver );
+ ssl_extract_add_data_from_record(add_data, &add_data_len,
+ rec, transform->minor_ver);
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
- MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
- add_data_len );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("using encrypt then mac"));
+ MBEDTLS_SSL_DEBUG_BUF(4, "MAC'd meta-data", add_data,
+ add_data_len);
- ret = mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
- add_data_len );
- if( ret != 0 )
+ ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data,
+ add_data_len);
+ if (ret != 0) {
goto hmac_failed_etm_enabled;
- ret = mbedtls_md_hmac_update( &transform->md_ctx_enc,
- data, rec->data_len );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_update(&transform->md_ctx_enc,
+ data, rec->data_len);
+ if (ret != 0) {
goto hmac_failed_etm_enabled;
- ret = mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac);
+ if (ret != 0) {
goto hmac_failed_etm_enabled;
- ret = mbedtls_md_hmac_reset( &transform->md_ctx_enc );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc);
+ if (ret != 0) {
goto hmac_failed_etm_enabled;
+ }
- memcpy( data + rec->data_len, mac, transform->maclen );
+ memcpy(data + rec->data_len, mac, transform->maclen);
rec->data_len += transform->maclen;
post_avail -= transform->maclen;
auth_done++;
- hmac_failed_etm_enabled:
- mbedtls_platform_zeroize( mac, transform->maclen );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "HMAC calculation failed", ret );
- return( ret );
+hmac_failed_etm_enabled:
+ mbedtls_platform_zeroize(mac, transform->maclen);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "HMAC calculation failed", ret);
+ return ret;
}
}
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
- }
- else
+ } else
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC) */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
/* Make extra sure authentication was performed, exactly once */
- if( auth_done != 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (auth_done != 1) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= encrypt buf"));
- return( 0 );
+ return 0;
}
-int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
- mbedtls_ssl_transform *transform,
- mbedtls_record *rec )
+int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
+ mbedtls_ssl_transform *transform,
+ mbedtls_record *rec)
{
size_t olen;
mbedtls_cipher_mode_t mode;
@@ -1129,8 +1116,8 @@
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
size_t padlen = 0, correct = 1;
#endif
- unsigned char* data;
- unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_IN_LEN_MAX ];
+ unsigned char *data;
+ unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_IN_LEN_MAX];
size_t add_data_len;
#if !defined(MBEDTLS_DEBUG_C)
@@ -1138,59 +1125,52 @@
((void) ssl);
#endif
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
- if( rec == NULL ||
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> decrypt buf"));
+ if (rec == NULL ||
rec->buf == NULL ||
rec->buf_len < rec->data_offset ||
- rec->buf_len - rec->data_offset < rec->data_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to decrypt_buf" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ rec->buf_len - rec->data_offset < rec->data_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad record structure provided to decrypt_buf"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
data = rec->buf + rec->data_offset;
- mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec );
+ mode = mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_dec);
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/*
* Match record's CID with incoming CID.
*/
- if( rec->cid_len != transform->in_cid_len ||
- memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 )
- {
- return( MBEDTLS_ERR_SSL_UNEXPECTED_CID );
+ if (rec->cid_len != transform->in_cid_len ||
+ memcmp(rec->cid, transform->in_cid, rec->cid_len) != 0) {
+ return MBEDTLS_ERR_SSL_UNEXPECTED_CID;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
- if( mode == MBEDTLS_MODE_STREAM )
- {
+ if (mode == MBEDTLS_MODE_STREAM) {
padlen = 0;
- if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec,
- transform->iv_dec,
- transform->ivlen,
- data, rec->data_len,
- data, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
- return( ret );
+ if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_dec,
+ transform->iv_dec,
+ transform->ivlen,
+ data, rec->data_len,
+ data, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret);
+ return ret;
}
- if( rec->data_len != olen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (rec->data_len != olen) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- }
- else
+ } else
#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
- if( mode == MBEDTLS_MODE_GCM ||
+ if (mode == MBEDTLS_MODE_GCM ||
mode == MBEDTLS_MODE_CCM ||
- mode == MBEDTLS_MODE_CHACHAPOLY )
- {
+ mode == MBEDTLS_MODE_CHACHAPOLY) {
unsigned char iv[12];
unsigned char *dynamic_iv;
size_t dynamic_iv_len;
@@ -1203,56 +1183,51 @@
* can be chosen freely - in particular, it need not
* agree with the record sequence number.
*/
- dynamic_iv_len = sizeof( rec->ctr );
- if( ssl_transform_aead_dynamic_iv_is_explicit( transform ) == 1 )
- {
- if( rec->data_len < dynamic_iv_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
- " ) < explicit_iv_len (%" MBEDTLS_PRINTF_SIZET ") ",
- rec->data_len,
- dynamic_iv_len ) );
- return( MBEDTLS_ERR_SSL_INVALID_MAC );
+ dynamic_iv_len = sizeof(rec->ctr);
+ if (ssl_transform_aead_dynamic_iv_is_explicit(transform) == 1) {
+ if (rec->data_len < dynamic_iv_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET
+ " ) < explicit_iv_len (%" MBEDTLS_PRINTF_SIZET ") ",
+ rec->data_len,
+ dynamic_iv_len));
+ return MBEDTLS_ERR_SSL_INVALID_MAC;
}
dynamic_iv = data;
data += dynamic_iv_len;
rec->data_offset += dynamic_iv_len;
rec->data_len -= dynamic_iv_len;
- }
- else
- {
+ } else {
dynamic_iv = rec->ctr;
}
/* Check that there's space for the authentication tag. */
- if( rec->data_len < transform->taglen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
- ") < taglen (%" MBEDTLS_PRINTF_SIZET ") ",
- rec->data_len,
- transform->taglen ) );
- return( MBEDTLS_ERR_SSL_INVALID_MAC );
+ if (rec->data_len < transform->taglen) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET
+ ") < taglen (%" MBEDTLS_PRINTF_SIZET ") ",
+ rec->data_len,
+ transform->taglen));
+ return MBEDTLS_ERR_SSL_INVALID_MAC;
}
rec->data_len -= transform->taglen;
/*
* Prepare nonce from dynamic and static parts.
*/
- ssl_build_record_nonce( iv, sizeof( iv ),
- transform->iv_dec,
- transform->fixed_ivlen,
- dynamic_iv,
- dynamic_iv_len );
+ ssl_build_record_nonce(iv, sizeof(iv),
+ transform->iv_dec,
+ transform->fixed_ivlen,
+ dynamic_iv,
+ dynamic_iv_len);
/*
* Build additional data for AEAD encryption.
* This depends on the TLS version.
*/
- ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
- transform->minor_ver );
- MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
- add_data, add_data_len );
+ ssl_extract_add_data_from_record(add_data, &add_data_len, rec,
+ transform->minor_ver);
+ MBEDTLS_SSL_DEBUG_BUF(4, "additional data used for AEAD",
+ add_data, add_data_len);
/* Because of the check above, we know that there are
* explicit_iv_len Bytes preceding data, and taglen
@@ -1260,49 +1235,45 @@
* the debug message and the invocation of
* mbedtls_cipher_auth_decrypt() below. */
- MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", iv, transform->ivlen );
- MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", data + rec->data_len,
- transform->taglen );
+ MBEDTLS_SSL_DEBUG_BUF(4, "IV used", iv, transform->ivlen);
+ MBEDTLS_SSL_DEBUG_BUF(4, "TAG used", data + rec->data_len,
+ transform->taglen);
/*
* Decrypt and authenticate
*/
- if( ( ret = mbedtls_cipher_auth_decrypt_ext( &transform->cipher_ctx_dec,
- iv, transform->ivlen,
- add_data, add_data_len,
- data, rec->data_len + transform->taglen, /* src */
- data, rec->buf_len - (data - rec->buf), &olen, /* dst */
- transform->taglen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret );
+ if ((ret = mbedtls_cipher_auth_decrypt_ext(&transform->cipher_ctx_dec,
+ iv, transform->ivlen,
+ add_data, add_data_len,
+ data, rec->data_len + transform->taglen, /* src */
+ data, rec->buf_len - (data - rec->buf), &olen, /* dst */
+ transform->taglen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_decrypt", ret);
- if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
- return( MBEDTLS_ERR_SSL_INVALID_MAC );
+ if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) {
+ return MBEDTLS_ERR_SSL_INVALID_MAC;
+ }
- return( ret );
+ return ret;
}
auth_done++;
/* Double-check that AEAD decryption doesn't change content length. */
- if( olen != rec->data_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (olen != rec->data_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- }
- else
+ } else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
- if( mode == MBEDTLS_MODE_CBC )
- {
+ if (mode == MBEDTLS_MODE_CBC) {
size_t minlen = 0;
/*
* Check immediate ciphertext sanity
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
- {
+ if (transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2) {
/* The ciphertext is prefixed with the CBC IV. */
minlen += transform->ivlen;
}
@@ -1329,27 +1300,26 @@
* lower bound minlen + maclen + 1 on the record size, which
* we test for in the second check below.
*/
- if( rec->data_len < minlen + transform->ivlen ||
- rec->data_len < minlen + transform->maclen + 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
- ") < max( ivlen(%" MBEDTLS_PRINTF_SIZET
- "), maclen (%" MBEDTLS_PRINTF_SIZET ") "
- "+ 1 ) ( + expl IV )", rec->data_len,
- transform->ivlen,
- transform->maclen ) );
- return( MBEDTLS_ERR_SSL_INVALID_MAC );
+ if (rec->data_len < minlen + transform->ivlen ||
+ rec->data_len < minlen + transform->maclen + 1) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET
+ ") < max( ivlen(%" MBEDTLS_PRINTF_SIZET
+ "), maclen (%" MBEDTLS_PRINTF_SIZET ") "
+ "+ 1 ) ( + expl IV )",
+ rec->data_len,
+ transform->ivlen,
+ transform->maclen));
+ return MBEDTLS_ERR_SSL_INVALID_MAC;
}
/*
* Authenticate before decrypt if enabled
*/
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
- {
+ if (transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED) {
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("using encrypt then mac"));
/* Update data_len in tandem with add_data.
*
@@ -1362,49 +1332,52 @@
*
* Further, we still know that data_len > minlen */
rec->data_len -= transform->maclen;
- ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
- transform->minor_ver );
+ ssl_extract_add_data_from_record(add_data, &add_data_len, rec,
+ transform->minor_ver);
/* Calculate expected MAC. */
- MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
- add_data_len );
- ret = mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data,
- add_data_len );
- if( ret != 0 )
+ MBEDTLS_SSL_DEBUG_BUF(4, "MAC'd meta-data", add_data,
+ add_data_len);
+ ret = mbedtls_md_hmac_update(&transform->md_ctx_dec, add_data,
+ add_data_len);
+ if (ret != 0) {
goto hmac_failed_etm_enabled;
- ret = mbedtls_md_hmac_update( &transform->md_ctx_dec,
- data, rec->data_len );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_update(&transform->md_ctx_dec,
+ data, rec->data_len);
+ if (ret != 0) {
goto hmac_failed_etm_enabled;
- ret = mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_finish(&transform->md_ctx_dec, mac_expect);
+ if (ret != 0) {
goto hmac_failed_etm_enabled;
- ret = mbedtls_md_hmac_reset( &transform->md_ctx_dec );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_reset(&transform->md_ctx_dec);
+ if (ret != 0) {
goto hmac_failed_etm_enabled;
+ }
- MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", data + rec->data_len,
- transform->maclen );
- MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect,
- transform->maclen );
+ MBEDTLS_SSL_DEBUG_BUF(4, "message mac", data + rec->data_len,
+ transform->maclen);
+ MBEDTLS_SSL_DEBUG_BUF(4, "expected mac", mac_expect,
+ transform->maclen);
/* Compare expected MAC with MAC at the end of the record. */
- if( mbedtls_ct_memcmp( data + rec->data_len, mac_expect,
- transform->maclen ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
+ if (mbedtls_ct_memcmp(data + rec->data_len, mac_expect,
+ transform->maclen) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("message mac does not match"));
ret = MBEDTLS_ERR_SSL_INVALID_MAC;
goto hmac_failed_etm_enabled;
}
auth_done++;
- hmac_failed_etm_enabled:
- mbedtls_platform_zeroize( mac_expect, transform->maclen );
- if( ret != 0 )
- {
- if( ret != MBEDTLS_ERR_SSL_INVALID_MAC )
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_hmac_xxx", ret );
- return( ret );
+hmac_failed_etm_enabled:
+ mbedtls_platform_zeroize(mac_expect, transform->maclen);
+ if (ret != 0) {
+ if (ret != MBEDTLS_ERR_SSL_INVALID_MAC) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_hmac_xxx", ret);
+ }
+ return ret;
}
}
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
@@ -1416,22 +1389,20 @@
/* We know from above that data_len > minlen >= 0,
* so the following check in particular implies that
* data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */
- if( rec->data_len % transform->ivlen != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
- ") %% ivlen (%" MBEDTLS_PRINTF_SIZET ") != 0",
- rec->data_len, transform->ivlen ) );
- return( MBEDTLS_ERR_SSL_INVALID_MAC );
+ if (rec->data_len % transform->ivlen != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET
+ ") %% ivlen (%" MBEDTLS_PRINTF_SIZET ") != 0",
+ rec->data_len, transform->ivlen));
+ return MBEDTLS_ERR_SSL_INVALID_MAC;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
/*
* Initialize for prepended IV for block cipher in TLS v1.1 and up
*/
- if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
- {
+ if (transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2) {
/* Safe because data_len >= minlen + ivlen = 2 * ivlen. */
- memcpy( transform->iv_dec, data, transform->ivlen );
+ memcpy(transform->iv_dec, data, transform->ivlen);
data += transform->ivlen;
rec->data_offset += transform->ivlen;
@@ -1441,32 +1412,29 @@
/* We still have data_len % ivlen == 0 and data_len >= ivlen here. */
- if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec,
- transform->iv_dec, transform->ivlen,
- data, rec->data_len, data, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
- return( ret );
+ if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_dec,
+ transform->iv_dec, transform->ivlen,
+ data, rec->data_len, data, &olen)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret);
+ return ret;
}
/* Double-check that length hasn't changed during decryption. */
- if( rec->data_len != olen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (rec->data_len != olen) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
- if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
- {
+ if (transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2) {
/*
* Save IV in SSL3 and TLS1, where CBC decryption of consecutive
* records is equivalent to CBC decryption of the concatenation
* of the records; in other words, IVs are maintained across
* record decryptions.
*/
- memcpy( transform->iv_dec, transform->cipher_ctx_dec.iv,
- transform->ivlen );
+ memcpy(transform->iv_dec, transform->cipher_ctx_dec.iv,
+ transform->ivlen);
}
#endif
@@ -1476,31 +1444,27 @@
* >= ivlen ). */
padlen = data[rec->data_len - 1];
- if( auth_done == 1 )
- {
+ if (auth_done == 1) {
const size_t mask = mbedtls_ct_size_mask_ge(
- rec->data_len,
- padlen + 1 );
+ rec->data_len,
+ padlen + 1);
correct &= mask;
padlen &= mask;
- }
- else
- {
+ } else {
#if defined(MBEDTLS_SSL_DEBUG_ALL)
- if( rec->data_len < transform->maclen + padlen + 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
- ") < maclen (%" MBEDTLS_PRINTF_SIZET
- ") + padlen (%" MBEDTLS_PRINTF_SIZET ")",
- rec->data_len,
- transform->maclen,
- padlen + 1 ) );
+ if (rec->data_len < transform->maclen + padlen + 1) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET
+ ") < maclen (%" MBEDTLS_PRINTF_SIZET
+ ") + padlen (%" MBEDTLS_PRINTF_SIZET ")",
+ rec->data_len,
+ transform->maclen,
+ padlen + 1));
}
#endif
const size_t mask = mbedtls_ct_size_mask_ge(
- rec->data_len,
- transform->maclen + padlen + 1 );
+ rec->data_len,
+ transform->maclen + padlen + 1);
correct &= mask;
padlen &= mask;
}
@@ -1511,28 +1475,25 @@
* we have data_len >= padlen here. */
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
- {
+ if (transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) {
/* This is the SSL 3.0 path, we don't have to worry about Lucky
* 13, because there's a strictly worse padding attack built in
* the protocol (known as part of POODLE), so we don't care if the
* code is not constant-time, in particular branches are OK. */
- if( padlen > transform->ivlen )
- {
+ if (padlen > transform->ivlen) {
#if defined(MBEDTLS_SSL_DEBUG_ALL)
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %" MBEDTLS_PRINTF_SIZET ", "
- "should be no more than %" MBEDTLS_PRINTF_SIZET,
- padlen, transform->ivlen ) );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad padding length: is %" MBEDTLS_PRINTF_SIZET ", "
+ "should be no more than %"
+ MBEDTLS_PRINTF_SIZET,
+ padlen, transform->ivlen));
#endif
correct = 0;
}
- }
- else
+ } else
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
- {
+ defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if (transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0) {
/* The padding check involves a series of up to 256
* consecutive memory reads at the end of the record
* plaintext buffer. In order to hide the length and
@@ -1540,7 +1501,7 @@
* `min(256,plaintext_len)` reads (but take into account
* only the last `padlen` bytes for the padding check). */
size_t pad_count = 0;
- volatile unsigned char* const check = data;
+ volatile unsigned char * const check = data;
/* Index of first padding byte; it has been ensured above
* that the subtraction is safe. */
@@ -1549,30 +1510,29 @@
size_t const start_idx = rec->data_len - num_checks;
size_t idx;
- for( idx = start_idx; idx < rec->data_len; idx++ )
- {
+ for (idx = start_idx; idx < rec->data_len; idx++) {
/* pad_count += (idx >= padding_idx) &&
* (check[idx] == padlen - 1);
*/
- const size_t mask = mbedtls_ct_size_mask_ge( idx, padding_idx );
- const size_t equal = mbedtls_ct_size_bool_eq( check[idx],
- padlen - 1 );
+ const size_t mask = mbedtls_ct_size_mask_ge(idx, padding_idx);
+ const size_t equal = mbedtls_ct_size_bool_eq(check[idx],
+ padlen - 1);
pad_count += mask & equal;
}
- correct &= mbedtls_ct_size_bool_eq( pad_count, padlen );
+ correct &= mbedtls_ct_size_bool_eq(pad_count, padlen);
#if defined(MBEDTLS_SSL_DEBUG_ALL)
- if( padlen > 0 && correct == 0 )
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
+ if (padlen > 0 && correct == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad padding byte detected"));
+ }
#endif
- padlen &= mbedtls_ct_size_mask( correct );
- }
- else
+ padlen &= mbedtls_ct_size_mask(correct);
+ } else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
MBEDTLS_SSL_PROTO_TLS1_2 */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
/* If the padding was found to be invalid, padlen == 0
@@ -1580,17 +1540,16 @@
* padlen hasn't been changed and the previous assertion
* data_len >= padlen still holds. */
rec->data_len -= padlen;
- }
- else
+ } else
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#if defined(MBEDTLS_SSL_DEBUG_ALL)
- MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption",
- data, rec->data_len );
+ MBEDTLS_SSL_DEBUG_BUF(4, "raw buffer after decryption",
+ data, rec->data_len);
#endif
/*
@@ -1598,8 +1557,7 @@
* Compute the MAC regardless of the padding result (RFC4346, CBCTIME).
*/
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
- if( auth_done == 0 )
- {
+ if (auth_done == 0) {
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD] = { 0 };
unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD] = { 0 };
@@ -1617,30 +1575,26 @@
* hence data_len >= maclen in any case.
*/
rec->data_len -= transform->maclen;
- ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
- transform->minor_ver );
+ ssl_extract_add_data_from_record(add_data, &add_data_len, rec,
+ transform->minor_ver);
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
- {
- ret = ssl_mac( &transform->md_ctx_dec,
- transform->mac_dec,
- data, rec->data_len,
- rec->ctr, rec->type,
- mac_expect );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_mac", ret );
+ if (transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) {
+ ret = ssl_mac(&transform->md_ctx_dec,
+ transform->mac_dec,
+ data, rec->data_len,
+ rec->ctr, rec->type,
+ mac_expect);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_mac", ret);
goto hmac_failed_etm_disabled;
}
- memcpy( mac_peer, data + rec->data_len, transform->maclen );
- }
- else
+ memcpy(mac_peer, data + rec->data_len, transform->maclen);
+ } else
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
- {
+ if (transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0) {
/*
* The next two sizes are the minimum and maximum values of
* data_len over all padlen values.
@@ -1652,92 +1606,90 @@
* length, as we previously did in_msglen -= maclen too.
*/
const size_t max_len = rec->data_len + padlen;
- const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0;
+ const size_t min_len = (max_len > 256) ? max_len - 256 : 0;
- ret = mbedtls_ct_hmac( &transform->md_ctx_dec,
- add_data, add_data_len,
- data, rec->data_len, min_len, max_len,
- mac_expect );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ct_hmac", ret );
+ ret = mbedtls_ct_hmac(&transform->md_ctx_dec,
+ add_data, add_data_len,
+ data, rec->data_len, min_len, max_len,
+ mac_expect);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ct_hmac", ret);
goto hmac_failed_etm_disabled;
}
- mbedtls_ct_memcpy_offset( mac_peer, data,
- rec->data_len,
- min_len, max_len,
- transform->maclen );
- }
- else
+ mbedtls_ct_memcpy_offset(mac_peer, data,
+ rec->data_len,
+ min_len, max_len,
+ transform->maclen);
+ } else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
MBEDTLS_SSL_PROTO_TLS1_2 */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#if defined(MBEDTLS_SSL_DEBUG_ALL)
- MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, transform->maclen );
- MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", mac_peer, transform->maclen );
+ MBEDTLS_SSL_DEBUG_BUF(4, "expected mac", mac_expect, transform->maclen);
+ MBEDTLS_SSL_DEBUG_BUF(4, "message mac", mac_peer, transform->maclen);
#endif
- if( mbedtls_ct_memcmp( mac_peer, mac_expect,
- transform->maclen ) != 0 )
- {
+ if (mbedtls_ct_memcmp(mac_peer, mac_expect,
+ transform->maclen) != 0) {
#if defined(MBEDTLS_SSL_DEBUG_ALL)
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("message mac does not match"));
#endif
correct = 0;
}
auth_done++;
- hmac_failed_etm_disabled:
- mbedtls_platform_zeroize( mac_peer, transform->maclen );
- mbedtls_platform_zeroize( mac_expect, transform->maclen );
- if( ret != 0 )
- return( ret );
+hmac_failed_etm_disabled:
+ mbedtls_platform_zeroize(mac_peer, transform->maclen);
+ mbedtls_platform_zeroize(mac_expect, transform->maclen);
+ if (ret != 0) {
+ return ret;
+ }
}
/*
* Finally check the correct flag
*/
- if( correct == 0 )
- return( MBEDTLS_ERR_SSL_INVALID_MAC );
+ if (correct == 0) {
+ return MBEDTLS_ERR_SSL_INVALID_MAC;
+ }
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
/* Make extra sure authentication was performed, exactly once */
- if( auth_done != 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (auth_done != 1) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
- if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
- {
+ if (transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) {
/* Remove inner padding and infer true content type. */
- ret = ssl_parse_inner_plaintext( data, &rec->data_len,
- &rec->type );
+ ret = ssl_parse_inner_plaintext(data, &rec->data_len,
+ &rec->type);
- if( ret != 0 )
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ if (ret != 0) {
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
+ }
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if( rec->cid_len != 0 )
- {
- ret = ssl_parse_inner_plaintext( data, &rec->data_len,
- &rec->type );
- if( ret != 0 )
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ if (rec->cid_len != 0) {
+ ret = ssl_parse_inner_plaintext(data, &rec->data_len,
+ &rec->type);
+ if (ret != 0) {
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
+ }
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= decrypt buf"));
- return( 0 );
+ return 0;
}
#undef MAC_NONE
@@ -1749,7 +1701,7 @@
* Compression/decompression functions
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_compress_buf( mbedtls_ssl_context *ssl )
+static int ssl_compress_buf(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *msg_post = ssl->out_msg;
@@ -1762,47 +1714,47 @@
size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
#endif
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> compress buf" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> compress buf"));
- if( len_pre == 0 )
- return( 0 );
+ if (len_pre == 0) {
+ return 0;
+ }
- memcpy( msg_pre, ssl->out_msg, len_pre );
+ memcpy(msg_pre, ssl->out_msg, len_pre);
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
- ssl->out_msglen ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("before compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
+ ssl->out_msglen));
- MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload",
- ssl->out_msg, ssl->out_msglen );
+ MBEDTLS_SSL_DEBUG_BUF(4, "before compression: output payload",
+ ssl->out_msg, ssl->out_msglen);
ssl->transform_out->ctx_deflate.next_in = msg_pre;
ssl->transform_out->ctx_deflate.avail_in = len_pre;
ssl->transform_out->ctx_deflate.next_out = msg_post;
ssl->transform_out->ctx_deflate.avail_out = out_buf_len - bytes_written;
- ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH );
- if( ret != Z_OK )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) );
- return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
+ ret = deflate(&ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH);
+ if (ret != Z_OK) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("failed to perform compression (%d)", ret));
+ return MBEDTLS_ERR_SSL_COMPRESSION_FAILED;
}
ssl->out_msglen = out_buf_len -
ssl->transform_out->ctx_deflate.avail_out - bytes_written;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
- ssl->out_msglen ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("after compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
+ ssl->out_msglen));
- MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload",
- ssl->out_msg, ssl->out_msglen );
+ MBEDTLS_SSL_DEBUG_BUF(4, "after compression: output payload",
+ ssl->out_msg, ssl->out_msglen);
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= compress buf" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= compress buf"));
- return( 0 );
+ return 0;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
+static int ssl_decompress_buf(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *msg_post = ssl->in_msg;
@@ -1815,43 +1767,43 @@
size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
#endif
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> decompress buf"));
- if( len_pre == 0 )
- return( 0 );
+ if (len_pre == 0) {
+ return 0;
+ }
- memcpy( msg_pre, ssl->in_msg, len_pre );
+ memcpy(msg_pre, ssl->in_msg, len_pre);
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
- ssl->in_msglen ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("before decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
+ ssl->in_msglen));
- MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload",
- ssl->in_msg, ssl->in_msglen );
+ MBEDTLS_SSL_DEBUG_BUF(4, "before decompression: input payload",
+ ssl->in_msg, ssl->in_msglen);
ssl->transform_in->ctx_inflate.next_in = msg_pre;
ssl->transform_in->ctx_inflate.avail_in = len_pre;
ssl->transform_in->ctx_inflate.next_out = msg_post;
ssl->transform_in->ctx_inflate.avail_out = in_buf_len - header_bytes;
- ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH );
- if( ret != Z_OK )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) );
- return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
+ ret = inflate(&ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH);
+ if (ret != Z_OK) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("failed to perform decompression (%d)", ret));
+ return MBEDTLS_ERR_SSL_COMPRESSION_FAILED;
}
ssl->in_msglen = in_buf_len -
ssl->transform_in->ctx_inflate.avail_out - header_bytes;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
- ssl->in_msglen ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("after decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
+ ssl->in_msglen));
- MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload",
- ssl->in_msg, ssl->in_msglen );
+ MBEDTLS_SSL_DEBUG_BUF(4, "after decompression: input payload",
+ ssl->in_msg, ssl->in_msglen);
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= decompress buf"));
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_ZLIB_SUPPORT */
@@ -1870,7 +1822,7 @@
* For DTLS, it is up to the caller to set ssl->next_record_offset when
* they're done reading a record.
*/
-int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
+int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
@@ -1880,23 +1832,20 @@
size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
#endif
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> fetch input" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> fetch input"));
- if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->f_recv == NULL && ssl->f_recv_timeout == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Bad usage of mbedtls_ssl_set_bio() "));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- if( nb_want > in_buf_len - (size_t)( ssl->in_hdr - ssl->in_buf ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "requesting more data than fits" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (nb_want > in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("requesting more data than fits"));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
uint32_t timeout;
/*
@@ -1909,40 +1858,36 @@
/*
* Move to the next record in the already read datagram if applicable
*/
- if( ssl->next_record_offset != 0 )
- {
- if( ssl->in_left < ssl->next_record_offset )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (ssl->next_record_offset != 0) {
+ if (ssl->in_left < ssl->next_record_offset) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
ssl->in_left -= ssl->next_record_offset;
- if( ssl->in_left != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %"
- MBEDTLS_PRINTF_SIZET,
- ssl->next_record_offset ) );
- memmove( ssl->in_hdr,
- ssl->in_hdr + ssl->next_record_offset,
- ssl->in_left );
+ if (ssl->in_left != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("next record in same datagram, offset: %"
+ MBEDTLS_PRINTF_SIZET,
+ ssl->next_record_offset));
+ memmove(ssl->in_hdr,
+ ssl->in_hdr + ssl->next_record_offset,
+ ssl->in_left);
}
ssl->next_record_offset = 0;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
- ", nb_want: %" MBEDTLS_PRINTF_SIZET,
- ssl->in_left, nb_want ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET
+ ", nb_want: %" MBEDTLS_PRINTF_SIZET,
+ ssl->in_left, nb_want));
/*
* Done if we already have enough data.
*/
- if( nb_want <= ssl->in_left)
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
- return( 0 );
+ if (nb_want <= ssl->in_left) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= fetch input"));
+ return 0;
}
/*
@@ -1950,10 +1895,9 @@
* are not at the beginning of a new record, the caller did something
* wrong.
*/
- if( ssl->in_left != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (ssl->in_left != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
/*
@@ -1961,195 +1905,182 @@
* This avoids by-passing the timer when repeatedly receiving messages
* that will end up being dropped.
*/
- if( mbedtls_ssl_check_timer( ssl ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "timer has expired" ) );
+ if (mbedtls_ssl_check_timer(ssl) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("timer has expired"));
ret = MBEDTLS_ERR_SSL_TIMEOUT;
- }
- else
- {
- len = in_buf_len - ( ssl->in_hdr - ssl->in_buf );
+ } else {
+ len = in_buf_len - (ssl->in_hdr - ssl->in_buf);
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
timeout = ssl->handshake->retransmit_timeout;
- else
+ } else {
timeout = ssl->conf->read_timeout;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %lu ms", (unsigned long) timeout ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("f_recv_timeout: %lu ms", (unsigned long) timeout));
- if( ssl->f_recv_timeout != NULL )
- ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len,
- timeout );
- else
- ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr, len );
+ if (ssl->f_recv_timeout != NULL) {
+ ret = ssl->f_recv_timeout(ssl->p_bio, ssl->in_hdr, len,
+ timeout);
+ } else {
+ ret = ssl->f_recv(ssl->p_bio, ssl->in_hdr, len);
+ }
- MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
+ MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_recv(_timeout)", ret);
- if( ret == 0 )
- return( MBEDTLS_ERR_SSL_CONN_EOF );
+ if (ret == 0) {
+ return MBEDTLS_ERR_SSL_CONN_EOF;
+ }
}
- if( ret == MBEDTLS_ERR_SSL_TIMEOUT )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) );
- mbedtls_ssl_set_timer( ssl, 0 );
+ if (ret == MBEDTLS_ERR_SSL_TIMEOUT) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("timeout"));
+ mbedtls_ssl_set_timer(ssl, 0);
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
- {
- if( ssl_double_retransmit_timeout( ssl ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake timeout" ) );
- return( MBEDTLS_ERR_SSL_TIMEOUT );
+ if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
+ if (ssl_double_retransmit_timeout(ssl) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("handshake timeout"));
+ return MBEDTLS_ERR_SSL_TIMEOUT;
}
- if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_resend(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend", ret);
+ return ret;
}
- return( MBEDTLS_ERR_SSL_WANT_READ );
+ return MBEDTLS_ERR_SSL_WANT_READ;
}
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
- else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
- ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
- {
- if( ( ret = mbedtls_ssl_resend_hello_request( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend_hello_request",
- ret );
- return( ret );
+ else if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
+ ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) {
+ if ((ret = mbedtls_ssl_resend_hello_request(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend_hello_request",
+ ret);
+ return ret;
}
- return( MBEDTLS_ERR_SSL_WANT_READ );
+ return MBEDTLS_ERR_SSL_WANT_READ;
}
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
}
- if( ret < 0 )
- return( ret );
+ if (ret < 0) {
+ return ret;
+ }
ssl->in_left = ret;
- }
- else
+ } else
#endif
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
- ", nb_want: %" MBEDTLS_PRINTF_SIZET,
- ssl->in_left, nb_want ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET
+ ", nb_want: %" MBEDTLS_PRINTF_SIZET,
+ ssl->in_left, nb_want));
- while( ssl->in_left < nb_want )
- {
+ while (ssl->in_left < nb_want) {
len = nb_want - ssl->in_left;
- if( mbedtls_ssl_check_timer( ssl ) != 0 )
+ if (mbedtls_ssl_check_timer(ssl) != 0) {
ret = MBEDTLS_ERR_SSL_TIMEOUT;
- else
- {
- if( ssl->f_recv_timeout != NULL )
- {
- ret = ssl->f_recv_timeout( ssl->p_bio,
- ssl->in_hdr + ssl->in_left, len,
- ssl->conf->read_timeout );
- }
- else
- {
- ret = ssl->f_recv( ssl->p_bio,
- ssl->in_hdr + ssl->in_left, len );
+ } else {
+ if (ssl->f_recv_timeout != NULL) {
+ ret = ssl->f_recv_timeout(ssl->p_bio,
+ ssl->in_hdr + ssl->in_left, len,
+ ssl->conf->read_timeout);
+ } else {
+ ret = ssl->f_recv(ssl->p_bio,
+ ssl->in_hdr + ssl->in_left, len);
}
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
- ", nb_want: %" MBEDTLS_PRINTF_SIZET,
- ssl->in_left, nb_want ) );
- MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET
+ ", nb_want: %" MBEDTLS_PRINTF_SIZET,
+ ssl->in_left, nb_want));
+ MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_recv(_timeout)", ret);
- if( ret == 0 )
- return( MBEDTLS_ERR_SSL_CONN_EOF );
+ if (ret == 0) {
+ return MBEDTLS_ERR_SSL_CONN_EOF;
+ }
- if( ret < 0 )
- return( ret );
+ if (ret < 0) {
+ return ret;
+ }
- if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " were requested",
- ret, len ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if ((size_t) ret > len || (INT_MAX > SIZE_MAX && ret > (int) SIZE_MAX)) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET
+ " were requested",
+ ret, len));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
ssl->in_left += ret;
}
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= fetch input"));
- return( 0 );
+ return 0;
}
/*
* Flush any data not yet written
*/
-int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *buf;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> flush output"));
- if( ssl->f_send == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->f_send == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Bad usage of mbedtls_ssl_set_bio() "));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
/* Avoid incrementing counter if data is flushed */
- if( ssl->out_left == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
- return( 0 );
+ if (ssl->out_left == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= flush output"));
+ return 0;
}
- while( ssl->out_left > 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %" MBEDTLS_PRINTF_SIZET
- ", out_left: %" MBEDTLS_PRINTF_SIZET,
- mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
+ while (ssl->out_left > 0) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("message length: %" MBEDTLS_PRINTF_SIZET
+ ", out_left: %" MBEDTLS_PRINTF_SIZET,
+ mbedtls_ssl_out_hdr_len(ssl) + ssl->out_msglen, ssl->out_left));
buf = ssl->out_hdr - ssl->out_left;
- ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left );
+ ret = ssl->f_send(ssl->p_bio, buf, ssl->out_left);
- MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", ret );
+ MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_send", ret);
- if( ret <= 0 )
- return( ret );
+ if (ret <= 0) {
+ return ret;
+ }
- if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " bytes were sent",
- ret, ssl->out_left ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if ((size_t) ret > ssl->out_left || (INT_MAX > SIZE_MAX && ret > (int) SIZE_MAX)) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET
+ " bytes were sent",
+ ret, ssl->out_left));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
ssl->out_left -= ret;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
ssl->out_hdr = ssl->out_buf;
- }
- else
+ } else
#endif
{
ssl->out_hdr = ssl->out_buf + 8;
}
- mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out );
+ mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out);
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= flush output"));
- return( 0 );
+ return 0;
}
/*
@@ -2160,64 +2091,61 @@
* Append current handshake message to current outgoing flight
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_flight_append( mbedtls_ssl_context *ssl )
+static int ssl_flight_append(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_flight_item *msg;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_flight_append" ) );
- MBEDTLS_SSL_DEBUG_BUF( 4, "message appended to flight",
- ssl->out_msg, ssl->out_msglen );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_flight_append"));
+ MBEDTLS_SSL_DEBUG_BUF(4, "message appended to flight",
+ ssl->out_msg, ssl->out_msglen);
/* Allocate space for current message */
- if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed",
- sizeof( mbedtls_ssl_flight_item ) ) );
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ if ((msg = mbedtls_calloc(1, sizeof(mbedtls_ssl_flight_item))) == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("alloc %" MBEDTLS_PRINTF_SIZET " bytes failed",
+ sizeof(mbedtls_ssl_flight_item)));
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
- if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed",
- ssl->out_msglen ) );
- mbedtls_free( msg );
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ if ((msg->p = mbedtls_calloc(1, ssl->out_msglen)) == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("alloc %" MBEDTLS_PRINTF_SIZET " bytes failed",
+ ssl->out_msglen));
+ mbedtls_free(msg);
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
/* Copy current handshake message with headers */
- memcpy( msg->p, ssl->out_msg, ssl->out_msglen );
+ memcpy(msg->p, ssl->out_msg, ssl->out_msglen);
msg->len = ssl->out_msglen;
msg->type = ssl->out_msgtype;
msg->next = NULL;
/* Append to the current flight */
- if( ssl->handshake->flight == NULL )
+ if (ssl->handshake->flight == NULL) {
ssl->handshake->flight = msg;
- else
- {
+ } else {
mbedtls_ssl_flight_item *cur = ssl->handshake->flight;
- while( cur->next != NULL )
+ while (cur->next != NULL) {
cur = cur->next;
+ }
cur->next = msg;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_flight_append" ) );
- return( 0 );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_flight_append"));
+ return 0;
}
/*
* Free the current flight of handshake messages
*/
-void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight )
+void mbedtls_ssl_flight_free(mbedtls_ssl_flight_item *flight)
{
mbedtls_ssl_flight_item *cur = flight;
mbedtls_ssl_flight_item *next;
- while( cur != NULL )
- {
+ while (cur != NULL) {
next = cur->next;
- mbedtls_free( cur->p );
- mbedtls_free( cur );
+ mbedtls_free(cur->p);
+ mbedtls_free(cur);
cur = next;
}
@@ -2227,18 +2155,17 @@
* Swap transform_out and out_ctr with the alternative ones
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_swap_epochs( mbedtls_ssl_context *ssl )
+static int ssl_swap_epochs(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_transform *tmp_transform;
unsigned char tmp_out_ctr[8];
- if( ssl->transform_out == ssl->handshake->alt_transform_out )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) );
- return( 0 );
+ if (ssl->transform_out == ssl->handshake->alt_transform_out) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("skip swap epochs"));
+ return 0;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("swap epochs"));
/* Swap transforms */
tmp_transform = ssl->transform_out;
@@ -2246,42 +2173,40 @@
ssl->handshake->alt_transform_out = tmp_transform;
/* Swap epoch + sequence_number */
- memcpy( tmp_out_ctr, ssl->cur_out_ctr, 8 );
- memcpy( ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, 8 );
- memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 );
+ memcpy(tmp_out_ctr, ssl->cur_out_ctr, 8);
+ memcpy(ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, 8);
+ memcpy(ssl->handshake->alt_out_ctr, tmp_out_ctr, 8);
/* Adjust to the newly activated transform */
- mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out );
+ mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out);
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
- if( mbedtls_ssl_hw_record_activate != NULL )
- {
- int ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ if (mbedtls_ssl_hw_record_activate != NULL) {
+ int ret = mbedtls_ssl_hw_record_activate(ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_activate", ret);
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
}
#endif
- return( 0 );
+ return 0;
}
/*
* Retransmit the current flight of messages.
*/
-int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_resend(mbedtls_ssl_context *ssl)
{
int ret = 0;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_resend"));
- ret = mbedtls_ssl_flight_transmit( ssl );
+ ret = mbedtls_ssl_flight_transmit(ssl);
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= mbedtls_ssl_resend"));
- return( ret );
+ return ret;
}
/*
@@ -2291,121 +2216,117 @@
* WANT_WRITE, causing us to exit this function and come back later.
* This function must be called until state is no longer SENDING.
*/
-int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_flight_transmit"));
- if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise flight transmission" ) );
+ if (ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("initialise flight transmission"));
ssl->handshake->cur_msg = ssl->handshake->flight;
ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12;
- ret = ssl_swap_epochs( ssl );
- if( ret != 0 )
- return( ret );
+ ret = ssl_swap_epochs(ssl);
+ if (ret != 0) {
+ return ret;
+ }
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
}
- while( ssl->handshake->cur_msg != NULL )
- {
+ while (ssl->handshake->cur_msg != NULL) {
size_t max_frag_len;
const mbedtls_ssl_flight_item * const cur = ssl->handshake->cur_msg;
int const is_finished =
- ( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
- cur->p[0] == MBEDTLS_SSL_HS_FINISHED );
+ (cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
+ cur->p[0] == MBEDTLS_SSL_HS_FINISHED);
uint8_t const force_flush = ssl->disable_datagram_packing == 1 ?
- SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH;
+ SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH;
/* Swap epochs before sending Finished: we can't do it after
* sending ChangeCipherSpec, in case write returns WANT_READ.
* Must be done before copying, may change out_msg pointer */
- if( is_finished && ssl->handshake->cur_msg_p == ( cur->p + 12 ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "swap epochs to send finished message" ) );
- ret = ssl_swap_epochs( ssl );
- if( ret != 0 )
- return( ret );
+ if (is_finished && ssl->handshake->cur_msg_p == (cur->p + 12)) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("swap epochs to send finished message"));
+ ret = ssl_swap_epochs(ssl);
+ if (ret != 0) {
+ return ret;
+ }
}
- ret = ssl_get_remaining_payload_in_datagram( ssl );
- if( ret < 0 )
- return( ret );
+ ret = ssl_get_remaining_payload_in_datagram(ssl);
+ if (ret < 0) {
+ return ret;
+ }
max_frag_len = (size_t) ret;
/* CCS is copied as is, while HS messages may need fragmentation */
- if( cur->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
- {
- if( max_frag_len == 0 )
- {
- if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
- return( ret );
+ if (cur->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) {
+ if (max_frag_len == 0) {
+ if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
+ return ret;
+ }
continue;
}
- memcpy( ssl->out_msg, cur->p, cur->len );
+ memcpy(ssl->out_msg, cur->p, cur->len);
ssl->out_msglen = cur->len;
ssl->out_msgtype = cur->type;
/* Update position inside current message */
ssl->handshake->cur_msg_p += cur->len;
- }
- else
- {
+ } else {
const unsigned char * const p = ssl->handshake->cur_msg_p;
const size_t hs_len = cur->len - 12;
- const size_t frag_off = p - ( cur->p + 12 );
+ const size_t frag_off = p - (cur->p + 12);
const size_t rem_len = hs_len - frag_off;
size_t cur_hs_frag_len, max_hs_frag_len;
- if( ( max_frag_len < 12 ) || ( max_frag_len == 12 && hs_len != 0 ) )
- {
- if( is_finished )
- {
- ret = ssl_swap_epochs( ssl );
- if( ret != 0 )
- return( ret );
+ if ((max_frag_len < 12) || (max_frag_len == 12 && hs_len != 0)) {
+ if (is_finished) {
+ ret = ssl_swap_epochs(ssl);
+ if (ret != 0) {
+ return ret;
+ }
}
- if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
+ return ret;
+ }
continue;
}
max_hs_frag_len = max_frag_len - 12;
cur_hs_frag_len = rem_len > max_hs_frag_len ?
- max_hs_frag_len : rem_len;
+ max_hs_frag_len : rem_len;
- if( frag_off == 0 && cur_hs_frag_len != hs_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "fragmenting handshake message (%u > %u)",
- (unsigned) cur_hs_frag_len,
- (unsigned) max_hs_frag_len ) );
+ if (frag_off == 0 && cur_hs_frag_len != hs_len) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("fragmenting handshake message (%u > %u)",
+ (unsigned) cur_hs_frag_len,
+ (unsigned) max_hs_frag_len));
}
/* Messages are stored with handshake headers as if not fragmented,
* copy beginning of headers then fill fragmentation fields.
* Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */
- memcpy( ssl->out_msg, cur->p, 6 );
+ memcpy(ssl->out_msg, cur->p, 6);
- ssl->out_msg[6] = MBEDTLS_BYTE_2( frag_off );
- ssl->out_msg[7] = MBEDTLS_BYTE_1( frag_off );
- ssl->out_msg[8] = MBEDTLS_BYTE_0( frag_off );
+ ssl->out_msg[6] = MBEDTLS_BYTE_2(frag_off);
+ ssl->out_msg[7] = MBEDTLS_BYTE_1(frag_off);
+ ssl->out_msg[8] = MBEDTLS_BYTE_0(frag_off);
- ssl->out_msg[ 9] = MBEDTLS_BYTE_2( cur_hs_frag_len );
- ssl->out_msg[10] = MBEDTLS_BYTE_1( cur_hs_frag_len );
- ssl->out_msg[11] = MBEDTLS_BYTE_0( cur_hs_frag_len );
+ ssl->out_msg[9] = MBEDTLS_BYTE_2(cur_hs_frag_len);
+ ssl->out_msg[10] = MBEDTLS_BYTE_1(cur_hs_frag_len);
+ ssl->out_msg[11] = MBEDTLS_BYTE_0(cur_hs_frag_len);
- MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 );
+ MBEDTLS_SSL_DEBUG_BUF(3, "handshake header", ssl->out_msg, 12);
/* Copy the handshake message content and set records fields */
- memcpy( ssl->out_msg + 12, p, cur_hs_frag_len );
+ memcpy(ssl->out_msg + 12, p, cur_hs_frag_len);
ssl->out_msglen = cur_hs_frag_len + 12;
ssl->out_msgtype = cur->type;
@@ -2414,52 +2335,47 @@
}
/* If done with the current message move to the next one if any */
- if( ssl->handshake->cur_msg_p >= cur->p + cur->len )
- {
- if( cur->next != NULL )
- {
+ if (ssl->handshake->cur_msg_p >= cur->p + cur->len) {
+ if (cur->next != NULL) {
ssl->handshake->cur_msg = cur->next;
ssl->handshake->cur_msg_p = cur->next->p + 12;
- }
- else
- {
+ } else {
ssl->handshake->cur_msg = NULL;
ssl->handshake->cur_msg_p = NULL;
}
}
/* Actually send the message out */
- if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_write_record(ssl, force_flush)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret);
+ return ret;
}
}
- if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
- return( ret );
-
- /* Update state and set timer */
- if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
- ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
- else
- {
- ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
- mbedtls_ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
+ if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
+ return ret;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_flight_transmit" ) );
+ /* Update state and set timer */
+ if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) {
+ ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
+ } else {
+ ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
+ mbedtls_ssl_set_timer(ssl, ssl->handshake->retransmit_timeout);
+ }
- return( 0 );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= mbedtls_ssl_flight_transmit"));
+
+ return 0;
}
/*
* To be called when the last message of an incoming flight is received.
*/
-void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl)
{
/* We won't need to resend that one any more */
- mbedtls_ssl_flight_free( ssl->handshake->flight );
+ mbedtls_ssl_flight_free(ssl->handshake->flight);
ssl->handshake->flight = NULL;
ssl->handshake->cur_msg = NULL;
@@ -2470,35 +2386,33 @@
ssl->handshake->buffering.seen_ccs = 0;
/* Clear future message buffering structure. */
- mbedtls_ssl_buffering_free( ssl );
+ mbedtls_ssl_buffering_free(ssl);
/* Cancel timer */
- mbedtls_ssl_set_timer( ssl, 0 );
+ mbedtls_ssl_set_timer(ssl, 0);
- if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
- ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
- {
+ if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+ ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED) {
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
- }
- else
+ } else {
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
+ }
}
/*
* To be called when the last message of an outgoing flight is send.
*/
-void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl)
{
- ssl_reset_retransmit_timeout( ssl );
- mbedtls_ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
+ ssl_reset_retransmit_timeout(ssl);
+ mbedtls_ssl_set_timer(ssl, ssl->handshake->retransmit_timeout);
- if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
- ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
- {
+ if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+ ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED) {
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
- }
- else
+ } else {
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
+ }
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
@@ -2528,49 +2442,46 @@
* (including handshake headers but excluding record headers)
* - ssl->out_msg: the record contents (handshake headers + content)
*/
-int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const size_t hs_len = ssl->out_msglen - 4;
const unsigned char hs_type = ssl->out_msg[0];
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write handshake message" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write handshake message"));
/*
* Sanity checks
*/
- if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
- ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
- {
+ if (ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
+ ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) {
/* In SSLv3, the client might send a NoCertificate alert. */
#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C)
- if( ! ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
- ssl->out_msgtype == MBEDTLS_SSL_MSG_ALERT &&
- ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) )
+ if (!(ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
+ ssl->out_msgtype == MBEDTLS_SSL_MSG_ALERT &&
+ ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT))
#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
}
/* Whenever we send anything different from a
* HelloRequest we should be in a handshake - double check. */
- if( ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
- hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) &&
- ssl->handshake == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (!(ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+ hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST) &&
+ ssl->handshake == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake != NULL &&
- ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#endif
@@ -2582,24 +2493,22 @@
*
* Note: We deliberately do not check for the MTU or MFL here.
*/
- if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record too large: "
- "size %" MBEDTLS_PRINTF_SIZET
- ", maximum %" MBEDTLS_PRINTF_SIZET,
- ssl->out_msglen,
- (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Record too large: "
+ "size %" MBEDTLS_PRINTF_SIZET
+ ", maximum %" MBEDTLS_PRINTF_SIZET,
+ ssl->out_msglen,
+ (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
/*
* Fill handshake headers
*/
- if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
- {
- ssl->out_msg[1] = MBEDTLS_BYTE_2( hs_len );
- ssl->out_msg[2] = MBEDTLS_BYTE_1( hs_len );
- ssl->out_msg[3] = MBEDTLS_BYTE_0( hs_len );
+ if (ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) {
+ ssl->out_msg[1] = MBEDTLS_BYTE_2(hs_len);
+ ssl->out_msg[2] = MBEDTLS_BYTE_1(hs_len);
+ ssl->out_msg[3] = MBEDTLS_BYTE_0(hs_len);
/*
* DTLS has additional fields in the Handshake layer,
@@ -2609,70 +2518,63 @@
* uint24 fragment_length;
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
/* Make room for the additional DTLS fields */
- if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: "
- "size %" MBEDTLS_PRINTF_SIZET ", maximum %" MBEDTLS_PRINTF_SIZET,
- hs_len,
- (size_t) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS handshake message too large: "
+ "size %" MBEDTLS_PRINTF_SIZET ", maximum %"
+ MBEDTLS_PRINTF_SIZET,
+ hs_len,
+ (size_t) (MBEDTLS_SSL_OUT_CONTENT_LEN - 12)));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- memmove( ssl->out_msg + 12, ssl->out_msg + 4, hs_len );
+ memmove(ssl->out_msg + 12, ssl->out_msg + 4, hs_len);
ssl->out_msglen += 8;
/* Write message_seq and update it, except for HelloRequest */
- if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
- {
- MBEDTLS_PUT_UINT16_BE( ssl->handshake->out_msg_seq, ssl->out_msg, 4 );
- ++( ssl->handshake->out_msg_seq );
- }
- else
- {
+ if (hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST) {
+ MBEDTLS_PUT_UINT16_BE(ssl->handshake->out_msg_seq, ssl->out_msg, 4);
+ ++(ssl->handshake->out_msg_seq);
+ } else {
ssl->out_msg[4] = 0;
ssl->out_msg[5] = 0;
}
/* Handshake hashes are computed without fragmentation,
* so set frag_offset = 0 and frag_len = hs_len for now */
- memset( ssl->out_msg + 6, 0x00, 3 );
- memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 );
+ memset(ssl->out_msg + 6, 0x00, 3);
+ memcpy(ssl->out_msg + 9, ssl->out_msg + 1, 3);
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/* Update running hashes of handshake messages seen */
- if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
- ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen );
+ if (hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST) {
+ ssl->handshake->update_checksum(ssl, ssl->out_msg, ssl->out_msglen);
+ }
}
/* Either send now, or just save to be sent (and resent) later */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
- hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) )
- {
- if( ( ret = ssl_flight_append( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_flight_append", ret );
- return( ret );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ !(ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+ hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST)) {
+ if ((ret = ssl_flight_append(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_flight_append", ret);
+ return ret;
}
- }
- else
+ } else
#endif
{
- if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_record", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_record", ret);
+ return ret;
}
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write handshake message" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write handshake message"));
- return( 0 );
+ return 0;
}
/*
@@ -2687,22 +2589,20 @@
* - ssl->out_msglen: length of the record content (excl headers)
* - ssl->out_msg: record content
*/
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
+int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, uint8_t force_flush)
{
int ret, done = 0;
size_t len = ssl->out_msglen;
uint8_t flush = force_flush;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write record"));
#if defined(MBEDTLS_ZLIB_SUPPORT)
- if( ssl->transform_out != NULL &&
- ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
- {
- if( ( ret = ssl_compress_buf( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compress_buf", ret );
- return( ret );
+ if (ssl->transform_out != NULL &&
+ ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE) {
+ if ((ret = ssl_compress_buf(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_compress_buf", ret);
+ return ret;
}
len = ssl->out_msglen;
@@ -2710,23 +2610,21 @@
#endif /*MBEDTLS_ZLIB_SUPPORT */
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
- if( mbedtls_ssl_hw_record_write != NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_write()" ) );
+ if (mbedtls_ssl_hw_record_write != NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("going for mbedtls_ssl_hw_record_write()"));
- ret = mbedtls_ssl_hw_record_write( ssl );
- if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_write", ret );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ ret = mbedtls_ssl_hw_record_write(ssl);
+ if (ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_write", ret);
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
- if( ret == 0 )
+ if (ret == 0) {
done = 1;
+ }
}
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
- if( !done )
- {
+ if (!done) {
unsigned i;
size_t protected_record_size;
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
@@ -2737,24 +2635,23 @@
/* Skip writing the record content type to after the encryption,
* as it may change when using the CID extension. */
- mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
- ssl->conf->transport, ssl->out_hdr + 1 );
+ mbedtls_ssl_write_version(ssl->major_ver, ssl->minor_ver,
+ ssl->conf->transport, ssl->out_hdr + 1);
- memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 );
- MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0);
+ memcpy(ssl->out_ctr, ssl->cur_out_ctr, 8);
+ MBEDTLS_PUT_UINT16_BE(len, ssl->out_len, 0);
- if( ssl->transform_out != NULL )
- {
+ if (ssl->transform_out != NULL) {
mbedtls_record rec;
rec.buf = ssl->out_iv;
- rec.buf_len = out_buf_len - ( ssl->out_iv - ssl->out_buf );
+ rec.buf_len = out_buf_len - (ssl->out_iv - ssl->out_buf);
rec.data_len = ssl->out_msglen;
rec.data_offset = ssl->out_msg - rec.buf;
- memcpy( &rec.ctr[0], ssl->out_ctr, 8 );
- mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
- ssl->conf->transport, rec.ver );
+ memcpy(&rec.ctr[0], ssl->out_ctr, 8);
+ mbedtls_ssl_write_version(ssl->major_ver, ssl->minor_ver,
+ ssl->conf->transport, rec.ver);
rec.type = ssl->out_msgtype;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -2762,43 +2659,40 @@
rec.cid_len = 0;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec,
+ ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_encrypt_buf", ret);
+ return ret;
}
- if( rec.data_offset != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (rec.data_offset != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
/* Update the record content type and CID. */
ssl->out_msgtype = rec.type;
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID )
- memcpy( ssl->out_cid, rec.cid, rec.cid_len );
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ memcpy(ssl->out_cid, rec.cid, rec.cid_len);
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->out_msglen = len = rec.data_len;
- MBEDTLS_PUT_UINT16_BE( rec.data_len, ssl->out_len, 0 );
+ MBEDTLS_PUT_UINT16_BE(rec.data_len, ssl->out_len, 0);
}
- protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
+ protected_record_size = len + mbedtls_ssl_out_hdr_len(ssl);
#if defined(MBEDTLS_SSL_PROTO_DTLS)
/* In case of DTLS, double-check that we don't exceed
* the remaining space in the datagram. */
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- ret = ssl_get_remaining_space_in_datagram( ssl );
- if( ret < 0 )
- return( ret );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ ret = ssl_get_remaining_space_in_datagram(ssl);
+ if (ret < 0) {
+ return ret;
+ }
- if( protected_record_size > (size_t) ret )
- {
+ if (protected_record_size > (size_t) ret) {
/* Should never happen */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
@@ -2806,133 +2700,131 @@
/* Now write the potentially updated record content type. */
ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %u, "
- "version = [%u:%u], msglen = %" MBEDTLS_PRINTF_SIZET,
- ssl->out_hdr[0], ssl->out_hdr[1],
- ssl->out_hdr[2], len ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("output record: msgtype = %u, "
+ "version = [%u:%u], msglen = %" MBEDTLS_PRINTF_SIZET,
+ ssl->out_hdr[0], ssl->out_hdr[1],
+ ssl->out_hdr[2], len));
- MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
- ssl->out_hdr, protected_record_size );
+ MBEDTLS_SSL_DEBUG_BUF(4, "output record sent to network",
+ ssl->out_hdr, protected_record_size);
ssl->out_left += protected_record_size;
ssl->out_hdr += protected_record_size;
- mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out );
+ mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out);
- for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- )
- if( ++ssl->cur_out_ctr[i - 1] != 0 )
+ for (i = 8; i > mbedtls_ssl_ep_len(ssl); i--) {
+ if (++ssl->cur_out_ctr[i - 1] != 0) {
break;
+ }
+ }
/* The loop goes to its end iff the counter is wrapping */
- if( i == mbedtls_ssl_ep_len( ssl ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) );
- return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+ if (i == mbedtls_ssl_ep_len(ssl)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("outgoing message counter would wrap"));
+ return MBEDTLS_ERR_SSL_COUNTER_WRAPPING;
}
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- flush == SSL_DONT_FORCE_FLUSH )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ flush == SSL_DONT_FORCE_FLUSH) {
size_t remaining;
- ret = ssl_get_remaining_payload_in_datagram( ssl );
- if( ret < 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_remaining_payload_in_datagram",
- ret );
- return( ret );
+ ret = ssl_get_remaining_payload_in_datagram(ssl);
+ if (ret < 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_remaining_payload_in_datagram",
+ ret);
+ return ret;
}
remaining = (size_t) ret;
- if( remaining == 0 )
- {
+ if (remaining == 0) {
flush = SSL_FORCE_FLUSH;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Still %u bytes available in current datagram", (unsigned) remaining ) );
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(2,
+ ("Still %u bytes available in current datagram",
+ (unsigned) remaining));
}
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- if( ( flush == SSL_FORCE_FLUSH ) &&
- ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
- return( ret );
+ if ((flush == SSL_FORCE_FLUSH) &&
+ (ret = mbedtls_ssl_flush_output(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flush_output", ret);
+ return ret;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write record" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write record"));
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl )
+static int ssl_hs_is_proper_fragment(mbedtls_ssl_context *ssl)
{
- if( ssl->in_msglen < ssl->in_hslen ||
- memcmp( ssl->in_msg + 6, "\0\0\0", 3 ) != 0 ||
- memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 )
- {
- return( 1 );
+ if (ssl->in_msglen < ssl->in_hslen ||
+ memcmp(ssl->in_msg + 6, "\0\0\0", 3) != 0 ||
+ memcmp(ssl->in_msg + 9, ssl->in_msg + 1, 3) != 0) {
+ return 1;
}
- return( 0 );
+ return 0;
}
-static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context const *ssl )
+static uint32_t ssl_get_hs_frag_len(mbedtls_ssl_context const *ssl)
{
- return( ( ssl->in_msg[9] << 16 ) |
- ( ssl->in_msg[10] << 8 ) |
- ssl->in_msg[11] );
+ return (ssl->in_msg[9] << 16) |
+ (ssl->in_msg[10] << 8) |
+ ssl->in_msg[11];
}
-static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl )
+static uint32_t ssl_get_hs_frag_off(mbedtls_ssl_context const *ssl)
{
- return( ( ssl->in_msg[6] << 16 ) |
- ( ssl->in_msg[7] << 8 ) |
- ssl->in_msg[8] );
+ return (ssl->in_msg[6] << 16) |
+ (ssl->in_msg[7] << 8) |
+ ssl->in_msg[8];
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_hs_header( mbedtls_ssl_context const *ssl )
+static int ssl_check_hs_header(mbedtls_ssl_context const *ssl)
{
uint32_t msg_len, frag_off, frag_len;
- msg_len = ssl_get_hs_total_len( ssl );
- frag_off = ssl_get_hs_frag_off( ssl );
- frag_len = ssl_get_hs_frag_len( ssl );
+ msg_len = ssl_get_hs_total_len(ssl);
+ frag_off = ssl_get_hs_frag_off(ssl);
+ frag_len = ssl_get_hs_frag_len(ssl);
- if( frag_off > msg_len )
- return( -1 );
+ if (frag_off > msg_len) {
+ return -1;
+ }
- if( frag_len > msg_len - frag_off )
- return( -1 );
+ if (frag_len > msg_len - frag_off) {
+ return -1;
+ }
- if( frag_len + 12 > ssl->in_msglen )
- return( -1 );
+ if (frag_len + 12 > ssl->in_msglen) {
+ return -1;
+ }
- return( 0 );
+ return 0;
}
/*
* Mark bits in bitmask (used for DTLS HS reassembly)
*/
-static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len )
+static void ssl_bitmask_set(unsigned char *mask, size_t offset, size_t len)
{
unsigned int start_bits, end_bits;
- start_bits = 8 - ( offset % 8 );
- if( start_bits != 8 )
- {
+ start_bits = 8 - (offset % 8);
+ if (start_bits != 8) {
size_t first_byte_idx = offset / 8;
/* Special case */
- if( len <= start_bits )
- {
- for( ; len != 0; len-- )
- mask[first_byte_idx] |= 1 << ( start_bits - len );
+ if (len <= start_bits) {
+ for (; len != 0; len--) {
+ mask[first_byte_idx] |= 1 << (start_bits - len);
+ }
/* Avoid potential issues with offset or len becoming invalid */
return;
@@ -2941,134 +2833,134 @@
offset += start_bits; /* Now offset % 8 == 0 */
len -= start_bits;
- for( ; start_bits != 0; start_bits-- )
- mask[first_byte_idx] |= 1 << ( start_bits - 1 );
+ for (; start_bits != 0; start_bits--) {
+ mask[first_byte_idx] |= 1 << (start_bits - 1);
+ }
}
end_bits = len % 8;
- if( end_bits != 0 )
- {
- size_t last_byte_idx = ( offset + len ) / 8;
+ if (end_bits != 0) {
+ size_t last_byte_idx = (offset + len) / 8;
len -= end_bits; /* Now len % 8 == 0 */
- for( ; end_bits != 0; end_bits-- )
- mask[last_byte_idx] |= 1 << ( 8 - end_bits );
+ for (; end_bits != 0; end_bits--) {
+ mask[last_byte_idx] |= 1 << (8 - end_bits);
+ }
}
- memset( mask + offset / 8, 0xFF, len / 8 );
+ memset(mask + offset / 8, 0xFF, len / 8);
}
/*
* Check that bitmask is full
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_bitmask_check( unsigned char *mask, size_t len )
+static int ssl_bitmask_check(unsigned char *mask, size_t len)
{
size_t i;
- for( i = 0; i < len / 8; i++ )
- if( mask[i] != 0xFF )
- return( -1 );
+ for (i = 0; i < len / 8; i++) {
+ if (mask[i] != 0xFF) {
+ return -1;
+ }
+ }
- for( i = 0; i < len % 8; i++ )
- if( ( mask[len / 8] & ( 1 << ( 7 - i ) ) ) == 0 )
- return( -1 );
+ for (i = 0; i < len % 8; i++) {
+ if ((mask[len / 8] & (1 << (7 - i))) == 0) {
+ return -1;
+ }
+ }
- return( 0 );
+ return 0;
}
/* msg_len does not include the handshake header */
-static size_t ssl_get_reassembly_buffer_size( size_t msg_len,
- unsigned add_bitmap )
+static size_t ssl_get_reassembly_buffer_size(size_t msg_len,
+ unsigned add_bitmap)
{
size_t alloc_len;
alloc_len = 12; /* Handshake header */
alloc_len += msg_len; /* Content buffer */
- if( add_bitmap )
- alloc_len += msg_len / 8 + ( msg_len % 8 != 0 ); /* Bitmap */
+ if (add_bitmap) {
+ alloc_len += msg_len / 8 + (msg_len % 8 != 0); /* Bitmap */
- return( alloc_len );
+ }
+ return alloc_len;
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
-static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl )
+static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl)
{
- return( ( ssl->in_msg[1] << 16 ) |
- ( ssl->in_msg[2] << 8 ) |
- ssl->in_msg[3] );
+ return (ssl->in_msg[1] << 16) |
+ (ssl->in_msg[2] << 8) |
+ ssl->in_msg[3];
}
-int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
{
- if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %" MBEDTLS_PRINTF_SIZET,
- ssl->in_msglen ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET,
+ ssl->in_msglen));
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
}
- ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl );
+ ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl);
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
- " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %" MBEDTLS_PRINTF_SIZET,
- ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen ="
+ " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %"
+ MBEDTLS_PRINTF_SIZET,
+ ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen));
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
+ unsigned int recv_msg_seq = (ssl->in_msg[4] << 8) | ssl->in_msg[5];
- if( ssl_check_hs_header( ssl ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid handshake header" ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ if (ssl_check_hs_header(ssl) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("invalid handshake header"));
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
}
- if( ssl->handshake != NULL &&
- ( ( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER &&
- recv_msg_seq != ssl->handshake->in_msg_seq ) ||
- ( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
- ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) )
- {
- if( recv_msg_seq > ssl->handshake->in_msg_seq )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "received future handshake message of sequence number %u (next %u)",
- recv_msg_seq,
- ssl->handshake->in_msg_seq ) );
- return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
+ if (ssl->handshake != NULL &&
+ ((ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER &&
+ recv_msg_seq != ssl->handshake->in_msg_seq) ||
+ (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
+ ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO))) {
+ if (recv_msg_seq > ssl->handshake->in_msg_seq) {
+ MBEDTLS_SSL_DEBUG_MSG(2,
+ (
+ "received future handshake message of sequence number %u (next %u)",
+ recv_msg_seq,
+ ssl->handshake->in_msg_seq));
+ return MBEDTLS_ERR_SSL_EARLY_MESSAGE;
}
/* Retransmit only on last message from previous flight, to avoid
* too many retransmissions.
* Besides, No sane server ever retransmits HelloVerifyRequest */
- if( recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 &&
- ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, "
- "message_seq = %u, start_of_flight = %u",
- recv_msg_seq,
- ssl->handshake->in_flight_start_seq ) );
+ if (recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 &&
+ ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("received message from last flight, "
+ "message_seq = %u, start_of_flight = %u",
+ recv_msg_seq,
+ ssl->handshake->in_flight_start_seq));
- if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_resend(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend", ret);
+ return ret;
}
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: "
- "message_seq = %u, expected = %u",
- recv_msg_seq,
- ssl->handshake->in_msg_seq ) );
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("dropping out-of-sequence message: "
+ "message_seq = %u, expected = %u",
+ recv_msg_seq,
+ ssl->handshake->in_msg_seq));
}
- return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
+ return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
}
/* Wait until message completion to increment in_msg_seq */
@@ -3076,38 +2968,33 @@
* messages; the commonality is that both handshake fragments and
* future messages cannot be forwarded immediately to the
* handshake logic layer. */
- if( ssl_hs_is_proper_fragment( ssl ) == 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) );
- return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
+ if (ssl_hs_is_proper_fragment(ssl) == 1) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("found fragmented DTLS handshake message"));
+ return MBEDTLS_ERR_SSL_EARLY_MESSAGE;
}
- }
- else
+ } else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/* With TLS we don't handle fragmentation (for now) */
- if( ssl->in_msglen < ssl->in_hslen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ if (ssl->in_msglen < ssl->in_hslen) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("TLS handshake fragmentation not supported"));
+ return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
}
- return( 0 );
+ return 0;
}
-void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && hs != NULL )
- {
- ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
+ if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && hs != NULL) {
+ ssl->handshake->update_checksum(ssl, ssl->in_msg, ssl->in_hslen);
}
/* Handshake message is complete, increment counter */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->handshake != NULL )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl->handshake != NULL) {
unsigned offset;
mbedtls_ssl_hs_buffer *hs_buf;
@@ -3119,18 +3006,17 @@
*/
/* Free first entry */
- ssl_buffering_free_slot( ssl, 0 );
+ ssl_buffering_free_slot(ssl, 0);
/* Shift all other entries */
- for( offset = 0, hs_buf = &hs->buffering.hs[0];
+ for (offset = 0, hs_buf = &hs->buffering.hs[0];
offset + 1 < MBEDTLS_SSL_MAX_BUFFERED_HS;
- offset++, hs_buf++ )
- {
+ offset++, hs_buf++) {
*hs_buf = *(hs_buf + 1);
}
/* Create a fresh last entry */
- memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) );
+ memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer));
}
#endif
}
@@ -3146,24 +3032,24 @@
* not seen yet).
*/
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_dtls_replay_reset(mbedtls_ssl_context *ssl)
{
ssl->in_window_top = 0;
ssl->in_window = 0;
}
-static inline uint64_t ssl_load_six_bytes( unsigned char *buf )
+static inline uint64_t ssl_load_six_bytes(unsigned char *buf)
{
- return( ( (uint64_t) buf[0] << 40 ) |
- ( (uint64_t) buf[1] << 32 ) |
- ( (uint64_t) buf[2] << 24 ) |
- ( (uint64_t) buf[3] << 16 ) |
- ( (uint64_t) buf[4] << 8 ) |
- ( (uint64_t) buf[5] ) );
+ return ((uint64_t) buf[0] << 40) |
+ ((uint64_t) buf[1] << 32) |
+ ((uint64_t) buf[2] << 24) |
+ ((uint64_t) buf[3] << 16) |
+ ((uint64_t) buf[4] << 8) |
+ ((uint64_t) buf[5]);
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8_t *record_in_ctr )
+static int mbedtls_ssl_dtls_record_replay_check(mbedtls_ssl_context *ssl, uint8_t *record_in_ctr)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *original_in_ctr;
@@ -3174,7 +3060,7 @@
// use counter from record
ssl->in_ctr = record_in_ctr;
- ret = mbedtls_ssl_dtls_replay_check( (mbedtls_ssl_context const *) ssl );
+ ret = mbedtls_ssl_dtls_replay_check((mbedtls_ssl_context const *) ssl);
// restore the counter
ssl->in_ctr = original_in_ctr;
@@ -3185,60 +3071,62 @@
/*
* Return 0 if sequence number is acceptable, -1 otherwise
*/
-int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl )
+int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context const *ssl)
{
- uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 );
+ uint64_t rec_seqnum = ssl_load_six_bytes(ssl->in_ctr + 2);
uint64_t bit;
- if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
- return( 0 );
+ if (ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED) {
+ return 0;
+ }
- if( rec_seqnum > ssl->in_window_top )
- return( 0 );
+ if (rec_seqnum > ssl->in_window_top) {
+ return 0;
+ }
bit = ssl->in_window_top - rec_seqnum;
- if( bit >= 64 )
- return( -1 );
+ if (bit >= 64) {
+ return -1;
+ }
- if( ( ssl->in_window & ( (uint64_t) 1 << bit ) ) != 0 )
- return( -1 );
+ if ((ssl->in_window & ((uint64_t) 1 << bit)) != 0) {
+ return -1;
+ }
- return( 0 );
+ return 0;
}
/*
* Update replay window on new validated record
*/
-void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl)
{
- uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 );
+ uint64_t rec_seqnum = ssl_load_six_bytes(ssl->in_ctr + 2);
- if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
+ if (ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED) {
return;
+ }
- if( rec_seqnum > ssl->in_window_top )
- {
+ if (rec_seqnum > ssl->in_window_top) {
/* Update window_top and the contents of the window */
uint64_t shift = rec_seqnum - ssl->in_window_top;
- if( shift >= 64 )
+ if (shift >= 64) {
ssl->in_window = 1;
- else
- {
+ } else {
ssl->in_window <<= shift;
ssl->in_window |= 1;
}
ssl->in_window_top = rec_seqnum;
- }
- else
- {
+ } else {
/* Mark that number as seen in the current window */
uint64_t bit = ssl->in_window_top - rec_seqnum;
- if( bit < 64 ) /* Always true, but be extra sure */
+ if (bit < 64) { /* Always true, but be extra sure */
ssl->in_window |= (uint64_t) 1 << bit;
+ }
}
}
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
@@ -3258,10 +3146,10 @@
MBEDTLS_CHECK_RETURN_CRITICAL
MBEDTLS_STATIC_TESTABLE
int mbedtls_ssl_check_dtls_clihlo_cookie(
- mbedtls_ssl_context *ssl,
- const unsigned char *cli_id, size_t cli_id_len,
- const unsigned char *in, size_t in_len,
- unsigned char *obuf, size_t buf_len, size_t *olen )
+ mbedtls_ssl_context *ssl,
+ const unsigned char *cli_id, size_t cli_id_len,
+ const unsigned char *in, size_t in_len,
+ unsigned char *obuf, size_t buf_len, size_t *olen)
{
size_t sid_len, cookie_len;
unsigned char *p;
@@ -3292,54 +3180,49 @@
*
* Minimum length is 61 bytes.
*/
- MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: in_len=%u",
- (unsigned) in_len ) );
- MBEDTLS_SSL_DEBUG_BUF( 4, "cli_id", cli_id, cli_id_len );
- if( in_len < 61 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: record too short" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: in_len=%u",
+ (unsigned) in_len));
+ MBEDTLS_SSL_DEBUG_BUF(4, "cli_id", cli_id, cli_id_len);
+ if (in_len < 61) {
+ MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: record too short"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- if( in[0] != MBEDTLS_SSL_MSG_HANDSHAKE ||
+ if (in[0] != MBEDTLS_SSL_MSG_HANDSHAKE ||
in[3] != 0 || in[4] != 0 ||
- in[19] != 0 || in[20] != 0 || in[21] != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: not a good ClientHello" ) );
- MBEDTLS_SSL_DEBUG_MSG( 4, ( " type=%u epoch=%u fragment_offset=%u",
- in[0],
- (unsigned) in[3] << 8 | in[4],
- (unsigned) in[19] << 16 | in[20] << 8 | in[21] ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ in[19] != 0 || in[20] != 0 || in[21] != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: not a good ClientHello"));
+ MBEDTLS_SSL_DEBUG_MSG(4, (" type=%u epoch=%u fragment_offset=%u",
+ in[0],
+ (unsigned) in[3] << 8 | in[4],
+ (unsigned) in[19] << 16 | in[20] << 8 | in[21]));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
sid_len = in[59];
- if( 59 + 1 + sid_len + 1 > in_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: sid_len=%u > %u",
- (unsigned) sid_len,
- (unsigned) in_len - 61 ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (59 + 1 + sid_len + 1 > in_len) {
+ MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: sid_len=%u > %u",
+ (unsigned) sid_len,
+ (unsigned) in_len - 61));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- MBEDTLS_SSL_DEBUG_BUF( 4, "sid received from network",
- in + 60, sid_len );
+ MBEDTLS_SSL_DEBUG_BUF(4, "sid received from network",
+ in + 60, sid_len);
cookie_len = in[60 + sid_len];
- if( 59 + 1 + sid_len + 1 + cookie_len > in_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: cookie_len=%u > %u",
- (unsigned) cookie_len,
- (unsigned) ( in_len - sid_len - 61 ) ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (59 + 1 + sid_len + 1 + cookie_len > in_len) {
+ MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: cookie_len=%u > %u",
+ (unsigned) cookie_len,
+ (unsigned) (in_len - sid_len - 61)));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- MBEDTLS_SSL_DEBUG_BUF( 4, "cookie received from network",
- in + sid_len + 61, cookie_len );
- if( ssl->conf->f_cookie_check( ssl->conf->p_cookie,
- in + sid_len + 61, cookie_len,
- cli_id, cli_id_len ) == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: valid" ) );
- return( 0 );
+ MBEDTLS_SSL_DEBUG_BUF(4, "cookie received from network",
+ in + sid_len + 61, cookie_len);
+ if (ssl->conf->f_cookie_check(ssl->conf->p_cookie,
+ in + sid_len + 61, cookie_len,
+ cli_id, cli_id_len) == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: valid"));
+ return 0;
}
/*
@@ -3362,36 +3245,36 @@
*
* Minimum length is 28.
*/
- if( buf_len < 28 )
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ if (buf_len < 28) {
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
+ }
/* Copy most fields and adapt others */
- memcpy( obuf, in, 25 );
+ memcpy(obuf, in, 25);
obuf[13] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST;
obuf[25] = 0xfe;
obuf[26] = 0xff;
/* Generate and write actual cookie */
p = obuf + 28;
- if( ssl->conf->f_cookie_write( ssl->conf->p_cookie,
- &p, obuf + buf_len,
- cli_id, cli_id_len ) != 0 )
- {
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (ssl->conf->f_cookie_write(ssl->conf->p_cookie,
+ &p, obuf + buf_len,
+ cli_id, cli_id_len) != 0) {
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
*olen = p - obuf;
/* Go back and fill length fields */
- obuf[27] = (unsigned char)( *olen - 28 );
+ obuf[27] = (unsigned char) (*olen - 28);
- obuf[14] = obuf[22] = MBEDTLS_BYTE_2( *olen - 25 );
- obuf[15] = obuf[23] = MBEDTLS_BYTE_1( *olen - 25 );
- obuf[16] = obuf[24] = MBEDTLS_BYTE_0( *olen - 25 );
+ obuf[14] = obuf[22] = MBEDTLS_BYTE_2(*olen - 25);
+ obuf[15] = obuf[23] = MBEDTLS_BYTE_1(*olen - 25);
+ obuf[16] = obuf[24] = MBEDTLS_BYTE_0(*olen - 25);
- MBEDTLS_PUT_UINT16_BE( *olen - 13, obuf, 11 );
+ MBEDTLS_PUT_UINT16_BE(*olen - 13, obuf, 11);
- return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
+ return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED;
}
/*
@@ -3415,73 +3298,68 @@
* errors, and is the right thing to do in both cases).
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
+static int ssl_handle_possible_reconnect(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
- if( ssl->conf->f_cookie_write == NULL ||
- ssl->conf->f_cookie_check == NULL )
- {
+ if (ssl->conf->f_cookie_write == NULL ||
+ ssl->conf->f_cookie_check == NULL) {
/* If we can't use cookies to verify reachability of the peer,
* drop the record. */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "no cookie callbacks, "
- "can't check reconnect validity" ) );
- return( 0 );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("no cookie callbacks, "
+ "can't check reconnect validity"));
+ return 0;
}
ret = mbedtls_ssl_check_dtls_clihlo_cookie(
- ssl,
- ssl->cli_id, ssl->cli_id_len,
- ssl->in_buf, ssl->in_left,
- ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len );
+ ssl,
+ ssl->cli_id, ssl->cli_id_len,
+ ssl->in_buf, ssl->in_left,
+ ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len);
- MBEDTLS_SSL_DEBUG_RET( 2, "mbedtls_ssl_check_dtls_clihlo_cookie", ret );
+ MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_ssl_check_dtls_clihlo_cookie", ret);
- if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
- {
+ if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
int send_ret;
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "sending HelloVerifyRequest" ) );
- MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
- ssl->out_buf, len );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("sending HelloVerifyRequest"));
+ MBEDTLS_SSL_DEBUG_BUF(4, "output record sent to network",
+ ssl->out_buf, len);
/* Don't check write errors as we can't do anything here.
* If the error is permanent we'll catch it later,
* if it's not, then hopefully it'll work next time. */
- send_ret = ssl->f_send( ssl->p_bio, ssl->out_buf, len );
- MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", send_ret );
+ send_ret = ssl->f_send(ssl->p_bio, ssl->out_buf, len);
+ MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_send", send_ret);
(void) send_ret;
- return( 0 );
+ return 0;
}
- if( ret == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "cookie is valid, resetting context" ) );
- if( ( ret = mbedtls_ssl_session_reset_int( ssl, 1 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret );
- return( ret );
+ if (ret == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("cookie is valid, resetting context"));
+ if ((ret = mbedtls_ssl_session_reset_int(ssl, 1)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "reset", ret);
+ return ret;
}
- return( MBEDTLS_ERR_SSL_CLIENT_RECONNECT );
+ return MBEDTLS_ERR_SSL_CLIENT_RECONNECT;
}
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_record_type( uint8_t record_type )
+static int ssl_check_record_type(uint8_t record_type)
{
- if( record_type != MBEDTLS_SSL_MSG_HANDSHAKE &&
+ if (record_type != MBEDTLS_SSL_MSG_HANDSHAKE &&
record_type != MBEDTLS_SSL_MSG_ALERT &&
record_type != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
- record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA )
- {
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA) {
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
}
- return( 0 );
+ return 0;
}
/*
@@ -3504,10 +3382,10 @@
* the first record from a datagram but are still waiting for the others.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
- unsigned char *buf,
- size_t len,
- mbedtls_record *rec )
+static int ssl_parse_record_header(mbedtls_ssl_context const *ssl,
+ unsigned char *buf,
+ size_t len,
+ mbedtls_record *rec)
{
int major_ver, minor_ver;
@@ -3539,38 +3417,36 @@
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
rec_hdr_len_offset = rec_hdr_ctr_offset + rec_hdr_ctr_len;
- }
- else
+ } else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
{
rec_hdr_len_offset = rec_hdr_version_offset + rec_hdr_version_len;
}
- if( len < rec_hdr_len_offset + rec_hdr_len_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "datagram of length %u too small to hold DTLS record header of length %u",
- (unsigned) len,
- (unsigned)( rec_hdr_len_len + rec_hdr_len_len ) ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ if (len < rec_hdr_len_offset + rec_hdr_len_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ (
+ "datagram of length %u too small to hold DTLS record header of length %u",
+ (unsigned) len,
+ (unsigned) (rec_hdr_len_len + rec_hdr_len_len)));
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
}
/*
* Parse and validate record content type
*/
- rec->type = buf[ rec_hdr_type_offset ];
+ rec->type = buf[rec_hdr_type_offset];
/* Check record content type */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
rec->cid_len = 0;
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->conf->cid_len != 0 &&
- rec->type == MBEDTLS_SSL_MSG_CID )
- {
+ rec->type == MBEDTLS_SSL_MSG_CID) {
/* Shift pointers to account for record header including CID
* struct {
* ContentType special_type = tls12_cid;
@@ -3589,70 +3465,65 @@
rec_hdr_cid_len = ssl->conf->cid_len;
rec_hdr_len_offset += rec_hdr_cid_len;
- if( len < rec_hdr_len_offset + rec_hdr_len_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "datagram of length %u too small to hold DTLS record header including CID, length %u",
- (unsigned) len,
- (unsigned)( rec_hdr_len_offset + rec_hdr_len_len ) ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ if (len < rec_hdr_len_offset + rec_hdr_len_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ (
+ "datagram of length %u too small to hold DTLS record header including CID, length %u",
+ (unsigned) len,
+ (unsigned) (rec_hdr_len_offset + rec_hdr_len_len)));
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
}
/* configured CID len is guaranteed at most 255, see
* MBEDTLS_SSL_CID_OUT_LEN_MAX in check_config.h */
rec->cid_len = (uint8_t) rec_hdr_cid_len;
- memcpy( rec->cid, buf + rec_hdr_cid_offset, rec_hdr_cid_len );
- }
- else
+ memcpy(rec->cid, buf + rec_hdr_cid_offset, rec_hdr_cid_len);
+ } else
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
{
- if( ssl_check_record_type( rec->type ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type %u",
- (unsigned) rec->type ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ if (ssl_check_record_type(rec->type)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("unknown record type %u",
+ (unsigned) rec->type));
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
}
}
/*
* Parse and validate record version
*/
- rec->ver[0] = buf[ rec_hdr_version_offset + 0 ];
- rec->ver[1] = buf[ rec_hdr_version_offset + 1 ];
- mbedtls_ssl_read_version( &major_ver, &minor_ver,
- ssl->conf->transport,
- &rec->ver[0] );
+ rec->ver[0] = buf[rec_hdr_version_offset + 0];
+ rec->ver[1] = buf[rec_hdr_version_offset + 1];
+ mbedtls_ssl_read_version(&major_ver, &minor_ver,
+ ssl->conf->transport,
+ &rec->ver[0]);
- if( major_ver != ssl->major_ver )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch: got %u, expected %u",
- (unsigned) major_ver,
- (unsigned) ssl->major_ver ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ if (major_ver != ssl->major_ver) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("major version mismatch: got %u, expected %u",
+ (unsigned) major_ver,
+ (unsigned) ssl->major_ver));
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
}
- if( minor_ver > ssl->conf->max_minor_ver )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch: got %u, expected max %u",
- (unsigned) minor_ver,
- (unsigned) ssl->conf->max_minor_ver ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ if (minor_ver > ssl->conf->max_minor_ver) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("minor version mismatch: got %u, expected max %u",
+ (unsigned) minor_ver,
+ (unsigned) ssl->conf->max_minor_ver));
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
}
/*
* Parse/Copy record sequence number.
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
/* Copy explicit record sequence number from input buffer. */
- memcpy( &rec->ctr[0], buf + rec_hdr_ctr_offset,
- rec_hdr_ctr_len );
- }
- else
+ memcpy(&rec->ctr[0], buf + rec_hdr_ctr_offset,
+ rec_hdr_ctr_len);
+ } else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
{
/* Copy implicit record sequence number from SSL context structure. */
- memcpy( &rec->ctr[0], ssl->in_ctr, rec_hdr_ctr_len );
+ memcpy(&rec->ctr[0], ssl->in_ctr, rec_hdr_ctr_len);
}
/*
@@ -3660,20 +3531,21 @@
*/
rec->data_offset = rec_hdr_len_offset + rec_hdr_len_len;
- rec->data_len = ( (size_t) buf[ rec_hdr_len_offset + 0 ] << 8 ) |
- ( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 );
- MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset );
+ rec->data_len = ((size_t) buf[rec_hdr_len_offset + 0] << 8) |
+ ((size_t) buf[rec_hdr_len_offset + 1] << 0);
+ MBEDTLS_SSL_DEBUG_BUF(4, "input record header", buf, rec->data_offset);
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %u, "
- "version = [%d:%d], msglen = %" MBEDTLS_PRINTF_SIZET,
- rec->type,
- major_ver, minor_ver, rec->data_len ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("input record: msgtype = %u, "
+ "version = [%d:%d], msglen = %" MBEDTLS_PRINTF_SIZET,
+ rec->type,
+ major_ver, minor_ver, rec->data_len));
rec->buf = buf;
rec->buf_len = rec->data_offset + rec->data_len;
- if( rec->data_len == 0 )
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ if (rec->data_len == 0) {
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
+ }
/*
* DTLS-related tests.
@@ -3688,61 +3560,58 @@
* record leads to the entire datagram being dropped.
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- rec_epoch = ( rec->ctr[0] << 8 ) | rec->ctr[1];
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ rec_epoch = (rec->ctr[0] << 8) | rec->ctr[1];
/* Check that the datagram is large enough to contain a record
* of the advertised length. */
- if( len < rec->data_offset + rec->data_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Datagram of length %u too small to contain record of advertised length %u.",
- (unsigned) len,
- (unsigned)( rec->data_offset + rec->data_len ) ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ if (len < rec->data_offset + rec->data_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ (
+ "Datagram of length %u too small to contain record of advertised length %u.",
+ (unsigned) len,
+ (unsigned) (rec->data_offset + rec->data_len)));
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
}
/* Records from other, non-matching epochs are silently discarded.
* (The case of same-port Client reconnects must be considered in
* the caller). */
- if( rec_epoch != ssl->in_epoch )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
- "expected %u, received %lu",
- ssl->in_epoch, (unsigned long) rec_epoch ) );
+ if (rec_epoch != ssl->in_epoch) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("record from another epoch: "
+ "expected %u, received %lu",
+ ssl->in_epoch, (unsigned long) rec_epoch));
/* Records from the next epoch are considered for buffering
* (concretely: early Finished messages). */
- if( rec_epoch == (unsigned) ssl->in_epoch + 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Consider record for buffering" ) );
- return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
+ if (rec_epoch == (unsigned) ssl->in_epoch + 1) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Consider record for buffering"));
+ return MBEDTLS_ERR_SSL_EARLY_MESSAGE;
}
- return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
+ return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
}
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
/* For records from the correct epoch, check whether their
* sequence number has been seen before. */
- else if( mbedtls_ssl_dtls_record_replay_check( (mbedtls_ssl_context *) ssl,
- &rec->ctr[0] ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
+ else if (mbedtls_ssl_dtls_record_replay_check((mbedtls_ssl_context *) ssl,
+ &rec->ctr[0]) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("replayed record"));
+ return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
}
#endif
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl )
+static int ssl_check_client_reconnect(mbedtls_ssl_context *ssl)
{
- unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
+ unsigned int rec_epoch = (ssl->in_ctr[0] << 8) | ssl->in_ctr[1];
/*
* Check for an epoch 0 ClientHello. We can't use in_msg here to
@@ -3750,19 +3619,18 @@
* have an active transform (possibly iv_len != 0), so use the
* fact that the record header len is 13 instead.
*/
- if( rec_epoch == 0 &&
+ if (rec_epoch == 0 &&
ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
ssl->in_left > 13 &&
- ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "possible client reconnect "
- "from the same port" ) );
- return( ssl_handle_possible_reconnect( ssl ) );
+ ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("possible client reconnect "
+ "from the same port"));
+ return ssl_handle_possible_reconnect(ssl);
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
@@ -3770,60 +3638,55 @@
* If applicable, decrypt record content
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
- mbedtls_record *rec )
+static int ssl_prepare_record_content(mbedtls_ssl_context *ssl,
+ mbedtls_record *rec)
{
int ret, done = 0;
- MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network",
- rec->buf, rec->buf_len );
+ MBEDTLS_SSL_DEBUG_BUF(4, "input record from network",
+ rec->buf, rec->buf_len);
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
- if( mbedtls_ssl_hw_record_read != NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_read()" ) );
+ if (mbedtls_ssl_hw_record_read != NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("going for mbedtls_ssl_hw_record_read()"));
- ret = mbedtls_ssl_hw_record_read( ssl );
- if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_read", ret );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ ret = mbedtls_ssl_hw_record_read(ssl);
+ if (ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_read", ret);
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
- if( ret == 0 )
+ if (ret == 0) {
done = 1;
+ }
}
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
- if( !done && ssl->transform_in != NULL )
- {
+ if (!done && ssl->transform_in != NULL) {
unsigned char const old_msg_type = rec->type;
- if( ( ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in,
- rec ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
+ if ((ret = mbedtls_ssl_decrypt_buf(ssl, ssl->transform_in,
+ rec)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_decrypt_buf", ret);
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID &&
+ if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID &&
ssl->conf->ignore_unexpected_cid
- == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ignoring unexpected CID" ) );
+ == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ignoring unexpected CID"));
ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- return( ret );
+ return ret;
}
- if( old_msg_type != rec->type )
- {
- MBEDTLS_SSL_DEBUG_MSG( 4, ( "record type after decrypt (before %d): %d",
- old_msg_type, rec->type ) );
+ if (old_msg_type != rec->type) {
+ MBEDTLS_SSL_DEBUG_MSG(4, ("record type after decrypt (before %d): %d",
+ old_msg_type, rec->type));
}
- MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt",
- rec->buf + rec->data_offset, rec->data_len );
+ MBEDTLS_SSL_DEBUG_BUF(4, "input payload after decrypt",
+ rec->buf + rec->data_offset, rec->data_len);
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* We have already checked the record content type
@@ -3833,22 +3696,19 @@
* Since with the use of CIDs, the record content type
* might change during decryption, re-check the record
* content type, but treat a failure as fatal this time. */
- if( ssl_check_record_type( rec->type ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ if (ssl_check_record_type(rec->type)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("unknown record type"));
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- if( rec->data_len == 0 )
- {
+ if (rec->data_len == 0) {
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3
- && rec->type != MBEDTLS_SSL_MSG_APPLICATION_DATA )
- {
+ if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3
+ && rec->type != MBEDTLS_SSL_MSG_APPLICATION_DATA) {
/* TLS v1.2 explicitly disallows zero-length messages which are not application data */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("invalid zero-length message type: %d", ssl->in_msgtype));
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -3858,58 +3718,54 @@
* Three or more empty messages may be a DoS attack
* (excessive CPU consumption).
*/
- if( ssl->nb_zero > 3 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
- "messages, possible DoS attack" ) );
+ if (ssl->nb_zero > 3) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("received four consecutive empty "
+ "messages, possible DoS attack"));
/* Treat the records as if they were not properly authenticated,
* thereby failing the connection if we see more than allowed
* by the configured bad MAC threshold. */
- return( MBEDTLS_ERR_SSL_INVALID_MAC );
+ return MBEDTLS_ERR_SSL_INVALID_MAC;
}
- }
- else
+ } else {
ssl->nb_zero = 0;
+ }
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
; /* in_ctr read from peer, not maintained internally */
- }
- else
+ } else
#endif
{
unsigned i;
- for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- )
- if( ++ssl->in_ctr[i - 1] != 0 )
+ for (i = 8; i > mbedtls_ssl_ep_len(ssl); i--) {
+ if (++ssl->in_ctr[i - 1] != 0) {
break;
+ }
+ }
/* The loop goes to its end iff the counter is wrapping */
- if( i == mbedtls_ssl_ep_len( ssl ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
- return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+ if (i == mbedtls_ssl_ep_len(ssl)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("incoming message counter would wrap"));
+ return MBEDTLS_ERR_SSL_COUNTER_WRAPPING;
}
}
}
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- mbedtls_ssl_dtls_replay_update( ssl );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ mbedtls_ssl_dtls_replay_update(ssl);
}
#endif
/* Check actual (decrypted) record content length against
* configured maximum. */
- if( rec->data_len > MBEDTLS_SSL_IN_CONTENT_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ if (rec->data_len > MBEDTLS_SSL_IN_CONTENT_LEN) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad message length"));
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
}
- return( 0 );
+ return 0;
}
/*
@@ -3922,131 +3778,125 @@
/* Helper functions for mbedtls_ssl_read_record(). */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_consume_current_message( mbedtls_ssl_context *ssl );
+static int ssl_consume_current_message(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_next_record( mbedtls_ssl_context *ssl );
+static int ssl_get_next_record(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl );
+static int ssl_record_is_in_progress(mbedtls_ssl_context *ssl);
-int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
- unsigned update_hs_digest )
+int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl,
+ unsigned update_hs_digest)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> read record"));
- if( ssl->keep_current_message == 0 )
- {
+ if (ssl->keep_current_message == 0) {
do {
- ret = ssl_consume_current_message( ssl );
- if( ret != 0 )
- return( ret );
+ ret = ssl_consume_current_message(ssl);
+ if (ret != 0) {
+ return ret;
+ }
- if( ssl_record_is_in_progress( ssl ) == 0 )
- {
+ if (ssl_record_is_in_progress(ssl) == 0) {
int dtls_have_buffered = 0;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
/* We only check for buffered messages if the
* current datagram is fully consumed. */
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl_next_record_is_in_datagram( ssl ) == 0 )
- {
- if( ssl_load_buffered_message( ssl ) == 0 )
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl_next_record_is_in_datagram(ssl) == 0) {
+ if (ssl_load_buffered_message(ssl) == 0) {
dtls_have_buffered = 1;
+ }
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- if( dtls_have_buffered == 0 )
- {
- ret = ssl_get_next_record( ssl );
- if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING )
+ if (dtls_have_buffered == 0) {
+ ret = ssl_get_next_record(ssl);
+ if (ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) {
continue;
+ }
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_get_next_record" ), ret );
- return( ret );
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("ssl_get_next_record"), ret);
+ return ret;
}
}
}
- ret = mbedtls_ssl_handle_message_type( ssl );
+ ret = mbedtls_ssl_handle_message_type(ssl);
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
- {
+ if (ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) {
/* Buffer future message */
- ret = ssl_buffer_message( ssl );
- if( ret != 0 )
- return( ret );
+ ret = ssl_buffer_message(ssl);
+ if (ret != 0) {
+ return ret;
+ }
ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- } while( MBEDTLS_ERR_SSL_NON_FATAL == ret ||
- MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret );
+ } while (MBEDTLS_ERR_SSL_NON_FATAL == ret ||
+ MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret);
- if( 0 != ret )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret );
- return( ret );
+ if (0 != ret) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_handle_message_type"), ret);
+ return ret;
}
- if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
- update_hs_digest == 1 )
- {
- mbedtls_ssl_update_handshake_status( ssl );
+ if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+ update_hs_digest == 1) {
+ mbedtls_ssl_update_handshake_status(ssl);
}
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "reuse previously read message" ) );
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("reuse previously read message"));
ssl->keep_current_message = 0;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= read record"));
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl )
+static int ssl_next_record_is_in_datagram(mbedtls_ssl_context *ssl)
{
- if( ssl->in_left > ssl->next_record_offset )
- return( 1 );
+ if (ssl->in_left > ssl->next_record_offset) {
+ return 1;
+ }
- return( 0 );
+ return 0;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
+static int ssl_load_buffered_message(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
- mbedtls_ssl_hs_buffer * hs_buf;
+ mbedtls_ssl_hs_buffer *hs_buf;
int ret = 0;
- if( hs == NULL )
- return( -1 );
+ if (hs == NULL) {
+ return -1;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_message" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_load_buffered_message"));
- if( ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC ||
- ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
- {
+ if (ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC ||
+ ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC) {
/* Check if we have seen a ChangeCipherSpec before.
* If yes, synthesize a CCS record. */
- if( !hs->buffering.seen_ccs )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "CCS not seen in the current flight" ) );
+ if (!hs->buffering.seen_ccs) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("CCS not seen in the current flight"));
ret = -1;
goto exit;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Injecting buffered CCS message" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Injecting buffered CCS message"));
ssl->in_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
ssl->in_msglen = 1;
ssl->in_msg[0] = 1;
@@ -4063,14 +3913,12 @@
/* Debug only */
{
unsigned offset;
- for( offset = 1; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ )
- {
+ for (offset = 1; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++) {
hs_buf = &hs->buffering.hs[offset];
- if( hs_buf->is_valid == 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Future message with sequence number %u %s buffered.",
- hs->in_msg_seq + offset,
- hs_buf->is_complete ? "fully" : "partially" ) );
+ if (hs_buf->is_valid == 1) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Future message with sequence number %u %s buffered.",
+ hs->in_msg_seq + offset,
+ hs_buf->is_complete ? "fully" : "partially"));
}
}
}
@@ -4079,105 +3927,100 @@
/* Check if we have buffered and/or fully reassembled the
* next handshake message. */
hs_buf = &hs->buffering.hs[0];
- if( ( hs_buf->is_valid == 1 ) && ( hs_buf->is_complete == 1 ) )
- {
+ if ((hs_buf->is_valid == 1) && (hs_buf->is_complete == 1)) {
/* Synthesize a record containing the buffered HS message. */
- size_t msg_len = ( hs_buf->data[1] << 16 ) |
- ( hs_buf->data[2] << 8 ) |
- hs_buf->data[3];
+ size_t msg_len = (hs_buf->data[1] << 16) |
+ (hs_buf->data[2] << 8) |
+ hs_buf->data[3];
/* Double-check that we haven't accidentally buffered
* a message that doesn't fit into the input buffer. */
- if( msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message has been buffered - load" ) );
- MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered handshake message (incl. header)",
- hs_buf->data, msg_len + 12 );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message has been buffered - load"));
+ MBEDTLS_SSL_DEBUG_BUF(3, "Buffered handshake message (incl. header)",
+ hs_buf->data, msg_len + 12);
ssl->in_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->in_hslen = msg_len + 12;
ssl->in_msglen = msg_len + 12;
- memcpy( ssl->in_msg, hs_buf->data, ssl->in_hslen );
+ memcpy(ssl->in_msg, hs_buf->data, ssl->in_hslen);
ret = 0;
goto exit;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message %u not or only partially bufffered",
- hs->in_msg_seq ) );
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message %u not or only partially bufffered",
+ hs->in_msg_seq));
}
ret = -1;
exit:
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_load_buffered_message" ) );
- return( ret );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_load_buffered_message"));
+ return ret;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
- size_t desired )
+static int ssl_buffer_make_space(mbedtls_ssl_context *ssl,
+ size_t desired)
{
int offset;
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Attempt to free buffered messages to have %u bytes available",
- (unsigned) desired ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Attempt to free buffered messages to have %u bytes available",
+ (unsigned) desired));
/* Get rid of future records epoch first, if such exist. */
- ssl_free_buffered_record( ssl );
+ ssl_free_buffered_record(ssl);
/* Check if we have enough space available now. */
- if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
- hs->buffering.total_bytes_buffered ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Enough space available after freeing future epoch record" ) );
- return( 0 );
+ if (desired <= (MBEDTLS_SSL_DTLS_MAX_BUFFERING -
+ hs->buffering.total_bytes_buffered)) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Enough space available after freeing future epoch record"));
+ return 0;
}
/* We don't have enough space to buffer the next expected handshake
* message. Remove buffers used for future messages to gain space,
* starting with the most distant one. */
- for( offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1;
- offset >= 0; offset-- )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Free buffering slot %d to make space for reassembly of next handshake message",
- offset ) );
+ for (offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1;
+ offset >= 0; offset--) {
+ MBEDTLS_SSL_DEBUG_MSG(2,
+ (
+ "Free buffering slot %d to make space for reassembly of next handshake message",
+ offset));
- ssl_buffering_free_slot( ssl, (uint8_t) offset );
+ ssl_buffering_free_slot(ssl, (uint8_t) offset);
/* Check if we have enough space available now. */
- if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
- hs->buffering.total_bytes_buffered ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Enough space available after freeing buffered HS messages" ) );
- return( 0 );
+ if (desired <= (MBEDTLS_SSL_DTLS_MAX_BUFFERING -
+ hs->buffering.total_bytes_buffered)) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Enough space available after freeing buffered HS messages"));
+ return 0;
}
}
- return( -1 );
+ return -1;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_buffer_message( mbedtls_ssl_context *ssl )
+static int ssl_buffer_message(mbedtls_ssl_context *ssl)
{
int ret = 0;
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
- if( hs == NULL )
- return( 0 );
+ if (hs == NULL) {
+ return 0;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_buffer_message" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_buffer_message"));
- switch( ssl->in_msgtype )
- {
+ switch (ssl->in_msgtype) {
case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Remember CCS message" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Remember CCS message"));
hs->buffering.seen_ccs = 1;
break;
@@ -4185,113 +4028,115 @@
case MBEDTLS_SSL_MSG_HANDSHAKE:
{
unsigned recv_msg_seq_offset;
- unsigned recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
+ unsigned recv_msg_seq = (ssl->in_msg[4] << 8) | ssl->in_msg[5];
mbedtls_ssl_hs_buffer *hs_buf;
size_t msg_len = ssl->in_hslen - 12;
/* We should never receive an old handshake
* message - double-check nonetheless. */
- if( recv_msg_seq < ssl->handshake->in_msg_seq )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (recv_msg_seq < ssl->handshake->in_msg_seq) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
recv_msg_seq_offset = recv_msg_seq - ssl->handshake->in_msg_seq;
- if( recv_msg_seq_offset >= MBEDTLS_SSL_MAX_BUFFERED_HS )
- {
+ if (recv_msg_seq_offset >= MBEDTLS_SSL_MAX_BUFFERED_HS) {
/* Silently ignore -- message too far in the future */
- MBEDTLS_SSL_DEBUG_MSG( 2,
- ( "Ignore future HS message with sequence number %u, "
- "buffering window %u - %u",
- recv_msg_seq, ssl->handshake->in_msg_seq,
- ssl->handshake->in_msg_seq + MBEDTLS_SSL_MAX_BUFFERED_HS - 1 ) );
+ MBEDTLS_SSL_DEBUG_MSG(2,
+ ("Ignore future HS message with sequence number %u, "
+ "buffering window %u - %u",
+ recv_msg_seq, ssl->handshake->in_msg_seq,
+ ssl->handshake->in_msg_seq + MBEDTLS_SSL_MAX_BUFFERED_HS -
+ 1));
goto exit;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering HS message with sequence number %u, offset %u ",
- recv_msg_seq, recv_msg_seq_offset ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Buffering HS message with sequence number %u, offset %u ",
+ recv_msg_seq, recv_msg_seq_offset));
- hs_buf = &hs->buffering.hs[ recv_msg_seq_offset ];
+ hs_buf = &hs->buffering.hs[recv_msg_seq_offset];
/* Check if the buffering for this seq nr has already commenced. */
- if( !hs_buf->is_valid )
- {
+ if (!hs_buf->is_valid) {
size_t reassembly_buf_sz;
hs_buf->is_fragmented =
- ( ssl_hs_is_proper_fragment( ssl ) == 1 );
+ (ssl_hs_is_proper_fragment(ssl) == 1);
/* We copy the message back into the input buffer
* after reassembly, so check that it's not too large.
* This is an implementation-specific limitation
* and not one from the standard, hence it is not
* checked in ssl_check_hs_header(). */
- if( msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN )
- {
+ if (msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN) {
/* Ignore message */
goto exit;
}
/* Check if we have enough space to buffer the message. */
- if( hs->buffering.total_bytes_buffered >
- MBEDTLS_SSL_DTLS_MAX_BUFFERING )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (hs->buffering.total_bytes_buffered >
+ MBEDTLS_SSL_DTLS_MAX_BUFFERING) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- reassembly_buf_sz = ssl_get_reassembly_buffer_size( msg_len,
- hs_buf->is_fragmented );
+ reassembly_buf_sz = ssl_get_reassembly_buffer_size(msg_len,
+ hs_buf->is_fragmented);
- if( reassembly_buf_sz > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
- hs->buffering.total_bytes_buffered ) )
- {
- if( recv_msg_seq_offset > 0 )
- {
+ if (reassembly_buf_sz > (MBEDTLS_SSL_DTLS_MAX_BUFFERING -
+ hs->buffering.total_bytes_buffered)) {
+ if (recv_msg_seq_offset > 0) {
/* If we can't buffer a future message because
* of space limitations -- ignore. */
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET
- " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
- " (already %" MBEDTLS_PRINTF_SIZET
- " bytes buffered) -- ignore\n",
- msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
- hs->buffering.total_bytes_buffered ) );
+ MBEDTLS_SSL_DEBUG_MSG(2,
+ ("Buffering of future message of size %"
+ MBEDTLS_PRINTF_SIZET
+ " would exceed the compile-time limit %"
+ MBEDTLS_PRINTF_SIZET
+ " (already %" MBEDTLS_PRINTF_SIZET
+ " bytes buffered) -- ignore\n",
+ msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+ hs->buffering.total_bytes_buffered));
goto exit;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET
- " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
- " (already %" MBEDTLS_PRINTF_SIZET
- " bytes buffered) -- attempt to make space by freeing buffered future messages\n",
- msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
- hs->buffering.total_bytes_buffered ) );
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(2,
+ ("Buffering of future message of size %"
+ MBEDTLS_PRINTF_SIZET
+ " would exceed the compile-time limit %"
+ MBEDTLS_PRINTF_SIZET
+ " (already %" MBEDTLS_PRINTF_SIZET
+ " bytes buffered) -- attempt to make space by freeing buffered future messages\n",
+ msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+ hs->buffering.total_bytes_buffered));
}
- if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %" MBEDTLS_PRINTF_SIZET
- " (%" MBEDTLS_PRINTF_SIZET " with bitmap) would exceed"
- " the compile-time limit %" MBEDTLS_PRINTF_SIZET
- " (already %" MBEDTLS_PRINTF_SIZET
- " bytes buffered) -- fail\n",
- msg_len,
- reassembly_buf_sz,
- (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
- hs->buffering.total_bytes_buffered ) );
+ if (ssl_buffer_make_space(ssl, reassembly_buf_sz) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(2,
+ ("Reassembly of next message of size %"
+ MBEDTLS_PRINTF_SIZET
+ " (%" MBEDTLS_PRINTF_SIZET
+ " with bitmap) would exceed"
+ " the compile-time limit %"
+ MBEDTLS_PRINTF_SIZET
+ " (already %" MBEDTLS_PRINTF_SIZET
+ " bytes buffered) -- fail\n",
+ msg_len,
+ reassembly_buf_sz,
+ (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+ hs->buffering.total_bytes_buffered));
ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
goto exit;
}
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %" MBEDTLS_PRINTF_SIZET,
- msg_len ) );
+ MBEDTLS_SSL_DEBUG_MSG(2,
+ ("initialize reassembly, total length = %"
+ MBEDTLS_PRINTF_SIZET,
+ msg_len));
- hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz );
- if( hs_buf->data == NULL )
- {
+ hs_buf->data = mbedtls_calloc(1, reassembly_buf_sz);
+ if (hs_buf->data == NULL) {
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto exit;
}
@@ -4299,27 +4144,23 @@
/* Prepare final header: copy msg_type, length and message_seq,
* then add standardised fragment_offset and fragment_length */
- memcpy( hs_buf->data, ssl->in_msg, 6 );
- memset( hs_buf->data + 6, 0, 3 );
- memcpy( hs_buf->data + 9, hs_buf->data + 1, 3 );
+ memcpy(hs_buf->data, ssl->in_msg, 6);
+ memset(hs_buf->data + 6, 0, 3);
+ memcpy(hs_buf->data + 9, hs_buf->data + 1, 3);
hs_buf->is_valid = 1;
hs->buffering.total_bytes_buffered += reassembly_buf_sz;
- }
- else
- {
+ } else {
/* Make sure msg_type and length are consistent */
- if( memcmp( hs_buf->data, ssl->in_msg, 4 ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Fragment header mismatch - ignore" ) );
+ if (memcmp(hs_buf->data, ssl->in_msg, 4) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Fragment header mismatch - ignore"));
/* Ignore */
goto exit;
}
}
- if( !hs_buf->is_complete )
- {
+ if (!hs_buf->is_complete) {
size_t frag_len, frag_off;
unsigned char * const msg = hs_buf->data + 12;
@@ -4329,28 +4170,25 @@
/* Validation of header fields already done in
* mbedtls_ssl_prepare_handshake_record(). */
- frag_off = ssl_get_hs_frag_off( ssl );
- frag_len = ssl_get_hs_frag_len( ssl );
+ frag_off = ssl_get_hs_frag_off(ssl);
+ frag_len = ssl_get_hs_frag_len(ssl);
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %" MBEDTLS_PRINTF_SIZET
- ", length = %" MBEDTLS_PRINTF_SIZET,
- frag_off, frag_len ) );
- memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("adding fragment, offset = %" MBEDTLS_PRINTF_SIZET
+ ", length = %" MBEDTLS_PRINTF_SIZET,
+ frag_off, frag_len));
+ memcpy(msg + frag_off, ssl->in_msg + 12, frag_len);
- if( hs_buf->is_fragmented )
- {
+ if (hs_buf->is_fragmented) {
unsigned char * const bitmask = msg + msg_len;
- ssl_bitmask_set( bitmask, frag_off, frag_len );
- hs_buf->is_complete = ( ssl_bitmask_check( bitmask,
- msg_len ) == 0 );
- }
- else
- {
+ ssl_bitmask_set(bitmask, frag_off, frag_len);
+ hs_buf->is_complete = (ssl_bitmask_check(bitmask,
+ msg_len) == 0);
+ } else {
hs_buf->is_complete = 1;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "message %scomplete",
- hs_buf->is_complete ? "" : "not yet " ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("message %scomplete",
+ hs_buf->is_complete ? "" : "not yet "));
}
break;
@@ -4363,13 +4201,13 @@
exit:
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_buffer_message" ) );
- return( ret );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_buffer_message"));
+ return ret;
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_consume_current_message( mbedtls_ssl_context *ssl )
+static int ssl_consume_current_message(mbedtls_ssl_context *ssl)
{
/*
* Consume last content-layer message and potentially
@@ -4394,15 +4232,13 @@
*/
/* Case (1): Handshake messages */
- if( ssl->in_hslen != 0 )
- {
+ if (ssl->in_hslen != 0) {
/* Hard assertion to be sure that no application data
* is in flight, as corrupting ssl->in_msglen during
* ssl->in_offt != NULL is fatal. */
- if( ssl->in_offt != NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (ssl->in_offt != NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
/*
@@ -4426,68 +4262,64 @@
* bounds after handling a DTLS message with an unexpected
* sequence number, see mbedtls_ssl_prepare_handshake_record.
*/
- if( ssl->in_hslen < ssl->in_msglen )
- {
+ if (ssl->in_hslen < ssl->in_msglen) {
ssl->in_msglen -= ssl->in_hslen;
- memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen,
- ssl->in_msglen );
+ memmove(ssl->in_msg, ssl->in_msg + ssl->in_hslen,
+ ssl->in_msglen);
- MBEDTLS_SSL_DEBUG_BUF( 4, "remaining content in record",
- ssl->in_msg, ssl->in_msglen );
- }
- else
- {
+ MBEDTLS_SSL_DEBUG_BUF(4, "remaining content in record",
+ ssl->in_msg, ssl->in_msglen);
+ } else {
ssl->in_msglen = 0;
}
ssl->in_hslen = 0;
}
/* Case (4): Application data */
- else if( ssl->in_offt != NULL )
- {
- return( 0 );
+ else if (ssl->in_offt != NULL) {
+ return 0;
}
/* Everything else (CCS & Alerts) */
- else
- {
+ else {
ssl->in_msglen = 0;
}
- return( 0 );
+ return 0;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl )
+static int ssl_record_is_in_progress(mbedtls_ssl_context *ssl)
{
- if( ssl->in_msglen > 0 )
- return( 1 );
+ if (ssl->in_msglen > 0) {
+ return 1;
+ }
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
-static void ssl_free_buffered_record( mbedtls_ssl_context *ssl )
+static void ssl_free_buffered_record(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
- if( hs == NULL )
+ if (hs == NULL) {
return;
+ }
- if( hs->buffering.future_record.data != NULL )
- {
+ if (hs->buffering.future_record.data != NULL) {
hs->buffering.total_bytes_buffered -=
hs->buffering.future_record.len;
- mbedtls_free( hs->buffering.future_record.data );
+ mbedtls_free(hs->buffering.future_record.data);
hs->buffering.future_record.data = NULL;
}
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_load_buffered_record( mbedtls_ssl_context *ssl )
+static int ssl_load_buffered_record(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
- unsigned char * rec;
+ unsigned char *rec;
size_t rec_len;
unsigned rec_epoch;
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
@@ -4495,88 +4327,92 @@
#else
size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
#endif
- if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- return( 0 );
+ if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ return 0;
+ }
- if( hs == NULL )
- return( 0 );
+ if (hs == NULL) {
+ return 0;
+ }
rec = hs->buffering.future_record.data;
rec_len = hs->buffering.future_record.len;
rec_epoch = hs->buffering.future_record.epoch;
- if( rec == NULL )
- return( 0 );
+ if (rec == NULL) {
+ return 0;
+ }
/* Only consider loading future records if the
* input buffer is empty. */
- if( ssl_next_record_is_in_datagram( ssl ) == 1 )
- return( 0 );
+ if (ssl_next_record_is_in_datagram(ssl) == 1) {
+ return 0;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_record" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_load_buffered_record"));
- if( rec_epoch != ssl->in_epoch )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffered record not from current epoch." ) );
+ if (rec_epoch != ssl->in_epoch) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Buffered record not from current epoch."));
goto exit;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Found buffered record from current epoch - load" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Found buffered record from current epoch - load"));
/* Double-check that the record is not too large */
- if( rec_len > in_buf_len - (size_t)( ssl->in_hdr - ssl->in_buf ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (rec_len > in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- memcpy( ssl->in_hdr, rec, rec_len );
+ memcpy(ssl->in_hdr, rec, rec_len);
ssl->in_left = rec_len;
ssl->next_record_offset = 0;
- ssl_free_buffered_record( ssl );
+ ssl_free_buffered_record(ssl);
exit:
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_load_buffered_record" ) );
- return( 0 );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_load_buffered_record"));
+ return 0;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
- mbedtls_record const *rec )
+static int ssl_buffer_future_record(mbedtls_ssl_context *ssl,
+ mbedtls_record const *rec)
{
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
/* Don't buffer future records outside handshakes. */
- if( hs == NULL )
- return( 0 );
+ if (hs == NULL) {
+ return 0;
+ }
/* Only buffer handshake records (we are only interested
* in Finished messages). */
- if( rec->type != MBEDTLS_SSL_MSG_HANDSHAKE )
- return( 0 );
+ if (rec->type != MBEDTLS_SSL_MSG_HANDSHAKE) {
+ return 0;
+ }
/* Don't buffer more than one future epoch record. */
- if( hs->buffering.future_record.data != NULL )
- return( 0 );
+ if (hs->buffering.future_record.data != NULL) {
+ return 0;
+ }
/* Don't buffer record if there's not enough buffering space remaining. */
- if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
- hs->buffering.total_bytes_buffered ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %" MBEDTLS_PRINTF_SIZET
- " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
- " (already %" MBEDTLS_PRINTF_SIZET
- " bytes buffered) -- ignore\n",
- rec->buf_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
- hs->buffering.total_bytes_buffered ) );
- return( 0 );
+ if (rec->buf_len > (MBEDTLS_SSL_DTLS_MAX_BUFFERING -
+ hs->buffering.total_bytes_buffered)) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Buffering of future epoch record of size %" MBEDTLS_PRINTF_SIZET
+ " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
+ " (already %" MBEDTLS_PRINTF_SIZET
+ " bytes buffered) -- ignore\n",
+ rec->buf_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+ hs->buffering.total_bytes_buffered));
+ return 0;
}
/* Buffer record */
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u",
- ssl->in_epoch + 1U ) );
- MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", rec->buf, rec->buf_len );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Buffer record from epoch %u",
+ ssl->in_epoch + 1U));
+ MBEDTLS_SSL_DEBUG_BUF(3, "Buffered record", rec->buf, rec->buf_len);
/* ssl_parse_record_header() only considers records
* of the next epoch as candidates for buffering. */
@@ -4584,24 +4420,23 @@
hs->buffering.future_record.len = rec->buf_len;
hs->buffering.future_record.data =
- mbedtls_calloc( 1, hs->buffering.future_record.len );
- if( hs->buffering.future_record.data == NULL )
- {
+ mbedtls_calloc(1, hs->buffering.future_record.len);
+ if (hs->buffering.future_record.data == NULL) {
/* If we run out of RAM trying to buffer a
* record from the next epoch, just ignore. */
- return( 0 );
+ return 0;
}
- memcpy( hs->buffering.future_record.data, rec->buf, rec->buf_len );
+ memcpy(hs->buffering.future_record.data, rec->buf, rec->buf_len);
hs->buffering.total_bytes_buffered += rec->buf_len;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_next_record( mbedtls_ssl_context *ssl )
+static int ssl_get_next_record(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_record rec;
@@ -4613,44 +4448,41 @@
* the length of the buffered record, so that
* the calls to ssl_fetch_input() below will
* essentially be no-ops. */
- ret = ssl_load_buffered_record( ssl );
- if( ret != 0 )
- return( ret );
+ ret = ssl_load_buffered_record(ssl);
+ if (ret != 0) {
+ return ret;
+ }
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/* Ensure that we have enough space available for the default form
* of TLS / DTLS record headers (5 Bytes for TLS, 13 Bytes for DTLS,
* with no space for CIDs counted in). */
- ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
- return( ret );
+ ret = mbedtls_ssl_fetch_input(ssl, mbedtls_ssl_in_hdr_len(ssl));
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret);
+ return ret;
}
- ret = ssl_parse_record_header( ssl, ssl->in_hdr, ssl->in_left, &rec );
- if( ret != 0 )
- {
+ ret = ssl_parse_record_header(ssl, ssl->in_hdr, ssl->in_left, &rec);
+ if (ret != 0) {
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
- {
- ret = ssl_buffer_future_record( ssl, &rec );
- if( ret != 0 )
- return( ret );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ if (ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) {
+ ret = ssl_buffer_future_record(ssl, &rec);
+ if (ret != 0) {
+ return ret;
+ }
/* Fall through to handling of unexpected records */
ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
}
- if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD )
- {
+ if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD) {
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
/* Reset in pointers to default state for TLS/DTLS records,
* assuming no CID and no offset between record content and
* record plaintext. */
- mbedtls_ssl_update_in_pointers( ssl );
+ mbedtls_ssl_update_in_pointers(ssl);
/* Setup internal message pointers from record structure. */
ssl->in_msgtype = rec.type;
@@ -4660,59 +4492,53 @@
ssl->in_iv = ssl->in_msg = ssl->in_len + 2;
ssl->in_msglen = rec.data_len;
- ret = ssl_check_client_reconnect( ssl );
- MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_client_reconnect", ret );
- if( ret != 0 )
- return( ret );
+ ret = ssl_check_client_reconnect(ssl);
+ MBEDTLS_SSL_DEBUG_RET(2, "ssl_check_client_reconnect", ret);
+ if (ret != 0) {
+ return ret;
+ }
#endif
/* Skip unexpected record (but not whole datagram) */
ssl->next_record_offset = rec.buf_len;
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record "
- "(header)" ) );
- }
- else
- {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("discarding unexpected record "
+ "(header)"));
+ } else {
/* Skip invalid record and the rest of the datagram */
ssl->next_record_offset = 0;
ssl->in_left = 0;
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record "
- "(header)" ) );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("discarding invalid record "
+ "(header)"));
}
/* Get next record */
- return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
- }
- else
+ return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
+ } else
#endif
{
- return( ret );
+ return ret;
}
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
/* Remember offset of next record within datagram. */
ssl->next_record_offset = rec.buf_len;
- if( ssl->next_record_offset < ssl->in_left )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) );
+ if (ssl->next_record_offset < ssl->in_left) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("more than one record within datagram"));
}
- }
- else
+ } else
#endif
{
/*
* Fetch record contents from underlying transport.
*/
- ret = mbedtls_ssl_fetch_input( ssl, rec.buf_len );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
- return( ret );
+ ret = mbedtls_ssl_fetch_input(ssl, rec.buf_len);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret);
+ return ret;
}
ssl->in_left = 0;
@@ -4722,37 +4548,31 @@
* Decrypt record contents.
*/
- if( ( ret = ssl_prepare_record_content( ssl, &rec ) ) != 0 )
- {
+ if ((ret = ssl_prepare_record_content(ssl, &rec)) != 0) {
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
/* Silently discard invalid records */
- if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
- {
+ if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) {
/* Except when waiting for Finished as a bad mac here
* probably means something went wrong in the handshake
* (eg wrong psk used, mitm downgrade attempt, etc.) */
- if( ssl->state == MBEDTLS_SSL_CLIENT_FINISHED ||
- ssl->state == MBEDTLS_SSL_SERVER_FINISHED )
- {
+ if (ssl->state == MBEDTLS_SSL_CLIENT_FINISHED ||
+ ssl->state == MBEDTLS_SSL_SERVER_FINISHED) {
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
- if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
- {
- mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC );
+ if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) {
+ mbedtls_ssl_send_alert_message(ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC);
}
#endif
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
- if( ssl->conf->badmac_limit != 0 &&
- ++ssl->badmac_seen >= ssl->conf->badmac_limit )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) );
- return( MBEDTLS_ERR_SSL_INVALID_MAC );
+ if (ssl->conf->badmac_limit != 0 &&
+ ++ssl->badmac_seen >= ssl->conf->badmac_limit) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("too many records with bad MAC"));
+ return MBEDTLS_ERR_SSL_INVALID_MAC;
}
#endif
@@ -4762,25 +4582,23 @@
ssl->next_record_offset = 0;
ssl->in_left = 0;
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) );
- return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("discarding invalid record (mac)"));
+ return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
}
- return( ret );
- }
- else
+ return ret;
+ } else
#endif
{
/* Error out (and send alert) on invalid records */
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
- if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
- {
- mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC );
+ if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) {
+ mbedtls_ssl_send_alert_message(ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC);
}
#endif
- return( ret );
+ return ret;
}
}
@@ -4788,7 +4606,7 @@
/* Reset in pointers to default state for TLS/DTLS records,
* assuming no CID and no offset between record content and
* record plaintext. */
- mbedtls_ssl_update_in_pointers( ssl );
+ mbedtls_ssl_update_in_pointers(ssl);
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ssl->in_len = ssl->in_cid + rec.cid_len;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -4804,130 +4622,114 @@
ssl->in_hdr[0] = rec.type;
ssl->in_msg = rec.buf + rec.data_offset;
ssl->in_msglen = rec.data_len;
- MBEDTLS_PUT_UINT16_BE( rec.data_len, ssl->in_len, 0 );
+ MBEDTLS_PUT_UINT16_BE(rec.data_len, ssl->in_len, 0);
#if defined(MBEDTLS_ZLIB_SUPPORT)
- if( ssl->transform_in != NULL &&
- ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
- {
- if( ( ret = ssl_decompress_buf( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret );
- return( ret );
+ if (ssl->transform_in != NULL &&
+ ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE) {
+ if ((ret = ssl_decompress_buf(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_decompress_buf", ret);
+ return ret;
}
/* Check actual (decompress) record content length against
* configured maximum. */
- if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ if (ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad message length"));
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
}
}
#endif /* MBEDTLS_ZLIB_SUPPORT */
- return( 0 );
+ return 0;
}
-int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/*
* Handle particular types of records
*/
- if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
- {
- if( ( ret = mbedtls_ssl_prepare_handshake_record( ssl ) ) != 0 )
- {
- return( ret );
+ if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) {
+ if ((ret = mbedtls_ssl_prepare_handshake_record(ssl)) != 0) {
+ return ret;
}
}
- if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
- {
- if( ssl->in_msglen != 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %" MBEDTLS_PRINTF_SIZET,
- ssl->in_msglen ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ if (ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) {
+ if (ssl->in_msglen != 1) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("invalid CCS message, len: %" MBEDTLS_PRINTF_SIZET,
+ ssl->in_msglen));
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
}
- if( ssl->in_msg[0] != 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, content: %02x",
- ssl->in_msg[0] ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ if (ssl->in_msg[0] != 1) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("invalid CCS message, content: %02x",
+ ssl->in_msg[0]));
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
- ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
- {
- if( ssl->handshake == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping ChangeCipherSpec outside handshake" ) );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
+ ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC) {
+ if (ssl->handshake == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("dropping ChangeCipherSpec outside handshake"));
+ return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
}
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "received out-of-order ChangeCipherSpec - remember" ) );
- return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("received out-of-order ChangeCipherSpec - remember"));
+ return MBEDTLS_ERR_SSL_EARLY_MESSAGE;
}
#endif
}
- if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
- {
- if( ssl->in_msglen != 2 )
- {
+ if (ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT) {
+ if (ssl->in_msglen != 2) {
/* Note: Standard allows for more than one 2 byte alert
to be packed in a single message, but Mbed TLS doesn't
currently support this. */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %" MBEDTLS_PRINTF_SIZET,
- ssl->in_msglen ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("invalid alert message, len: %" MBEDTLS_PRINTF_SIZET,
+ ssl->in_msglen));
+ return MBEDTLS_ERR_SSL_INVALID_RECORD;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%u:%u]",
- ssl->in_msg[0], ssl->in_msg[1] ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("got an alert message, type: [%u:%u]",
+ ssl->in_msg[0], ssl->in_msg[1]));
/*
* Ignore non-fatal alerts, except close_notify and no_renegotiation
*/
- if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)",
- ssl->in_msg[1] ) );
- return( MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE );
+ if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("is a fatal alert message (msg %d)",
+ ssl->in_msg[1]));
+ return MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE;
}
- if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
- ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a close notify message" ) );
- return( MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY );
+ if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
+ ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("is a close notify message"));
+ return MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY;
}
#if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED)
- if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
- ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no renegotiation alert" ) );
+ if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
+ ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("is a SSLv3 no renegotiation alert"));
/* Will be handled when trying to parse ServerHello */
- return( 0 );
+ return 0;
}
#endif
#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
+ if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
- ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) );
+ ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("is a SSLv3 no_cert"));
/* Will be handled in mbedtls_ssl_parse_certificate() */
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
@@ -4936,75 +4738,73 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
/* Drop unexpected ApplicationData records,
* except at the beginning of renegotiations */
- if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
+ if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
- ssl->state == MBEDTLS_SSL_SERVER_HELLO )
+ && !(ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+ ssl->state == MBEDTLS_SSL_SERVER_HELLO)
#endif
- )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
- return( MBEDTLS_ERR_SSL_NON_FATAL );
+ ) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("dropping unexpected ApplicationData"));
+ return MBEDTLS_ERR_SSL_NON_FATAL;
}
- if( ssl->handshake != NULL &&
- ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
- {
- mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl );
+ if (ssl->handshake != NULL &&
+ ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) {
+ mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl);
}
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- return( 0 );
+ return 0;
}
-int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl)
{
- return( mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) );
+ return mbedtls_ssl_send_alert_message(ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
}
-int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
- unsigned char level,
- unsigned char message )
+int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl,
+ unsigned char level,
+ unsigned char message)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ssl == NULL || ssl->conf == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl == NULL || ssl->conf == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- if( ssl->out_left != 0 )
- return( mbedtls_ssl_flush_output( ssl ) );
+ if (ssl->out_left != 0) {
+ return mbedtls_ssl_flush_output(ssl);
+ }
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "send alert level=%u message=%u", level, message ));
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> send alert message"));
+ MBEDTLS_SSL_DEBUG_MSG(3, ("send alert level=%u message=%u", level, message));
ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
ssl->out_msglen = 2;
ssl->out_msg[0] = level;
ssl->out_msg[1] = message;
- if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret);
+ return ret;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= send alert message" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= send alert message"));
- return( 0 );
+ return 0;
}
-int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write change cipher spec"));
ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
ssl->out_msglen = 1;
@@ -5012,35 +4812,32 @@
ssl->state++;
- if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+ return ret;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write change cipher spec"));
- return( 0 );
+ return 0;
}
-int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse change cipher spec"));
- if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+ return ret;
}
- if( ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ if (ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad change cipher spec message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
+ return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
/* CCS records are only accepted if they have length 1 and content '1',
@@ -5050,50 +4847,45 @@
* Switch to our negotiated transform and session parameters for inbound
* data.
*/
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("switching to new transform spec for inbound data"));
ssl->transform_in = ssl->transform_negotiate;
ssl->session_in = ssl->session_negotiate;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- mbedtls_ssl_dtls_replay_reset( ssl );
+ mbedtls_ssl_dtls_replay_reset(ssl);
#endif
/* Increment epoch */
- if( ++ssl->in_epoch == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) );
+ if (++ssl->in_epoch == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS epoch would wrap"));
/* This is highly unlikely to happen for legitimate reasons, so
treat it as an attack and don't send an alert. */
- return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+ return MBEDTLS_ERR_SSL_COUNTER_WRAPPING;
}
- }
- else
+ } else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- memset( ssl->in_ctr, 0, 8 );
+ memset(ssl->in_ctr, 0, 8);
- mbedtls_ssl_update_in_pointers( ssl );
+ mbedtls_ssl_update_in_pointers(ssl);
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
- if( mbedtls_ssl_hw_record_activate != NULL )
- {
- if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_INBOUND ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ if (mbedtls_ssl_hw_record_activate != NULL) {
+ if ((ret = mbedtls_ssl_hw_record_activate(ssl, MBEDTLS_SSL_CHANNEL_INBOUND)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_activate", ret);
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
}
#endif
ssl->state++;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse change cipher spec"));
- return( 0 );
+ return 0;
}
/* Once ssl->out_hdr as the address of the beginning of the
@@ -5105,32 +4897,32 @@
*/
static size_t ssl_transform_get_explicit_iv_len(
- mbedtls_ssl_transform const *transform )
+ mbedtls_ssl_transform const *transform)
{
- if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
- return( 0 );
+ if (transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2) {
+ return 0;
+ }
- return( transform->ivlen - transform->fixed_ivlen );
+ return transform->ivlen - transform->fixed_ivlen;
}
-void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
- mbedtls_ssl_transform *transform )
+void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform)
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
ssl->out_ctr = ssl->out_hdr + 3;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ssl->out_cid = ssl->out_ctr + 8;
ssl->out_len = ssl->out_cid;
- if( transform != NULL )
+ if (transform != NULL) {
ssl->out_len += transform->out_cid_len;
+ }
#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->out_len = ssl->out_ctr + 8;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->out_iv = ssl->out_len + 2;
- }
- else
+ } else
#endif
{
ssl->out_ctr = ssl->out_hdr - 8;
@@ -5143,8 +4935,9 @@
ssl->out_msg = ssl->out_iv;
/* Adjust out_msg to make space for explicit IV, if used. */
- if( transform != NULL )
- ssl->out_msg += ssl_transform_get_explicit_iv_len( transform );
+ if (transform != NULL) {
+ ssl->out_msg += ssl_transform_get_explicit_iv_len(transform);
+ }
}
/* Once ssl->in_hdr as the address of the beginning of the
@@ -5155,7 +4948,7 @@
* and the caller has to make sure there's space for this.
*/
-void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl)
{
/* This function sets the pointers to match the case
* of unprotected TLS/DTLS records, with both ssl->in_iv
@@ -5168,8 +4961,7 @@
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
/* This sets the header pointers to match records
* without CID. When we receive a record containing
* a CID, the fields are shifted accordingly in
@@ -5182,8 +4974,7 @@
ssl->in_len = ssl->in_ctr + 8;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->in_iv = ssl->in_len + 2;
- }
- else
+ } else
#endif
{
ssl->in_ctr = ssl->in_hdr - 8;
@@ -5202,16 +4993,14 @@
* Setup an SSL context
*/
-void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl)
{
/* Set the incoming and outgoing record pointers. */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
ssl->out_hdr = ssl->out_buf;
ssl->in_hdr = ssl->in_buf;
- }
- else
+ } else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
{
ssl->out_hdr = ssl->out_buf + 8;
@@ -5219,29 +5008,28 @@
}
/* Derive other internal pointers. */
- mbedtls_ssl_update_out_pointers( ssl, NULL /* no transform enabled */ );
- mbedtls_ssl_update_in_pointers ( ssl );
+ mbedtls_ssl_update_out_pointers(ssl, NULL /* no transform enabled */);
+ mbedtls_ssl_update_in_pointers(ssl);
}
/*
* SSL get accessors
*/
-size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl )
+size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl)
{
- return( ssl->in_offt == NULL ? 0 : ssl->in_msglen );
+ return ssl->in_offt == NULL ? 0 : ssl->in_msglen;
}
-int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl )
+int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl)
{
/*
* Case A: We're currently holding back
* a message for further processing.
*/
- if( ssl->keep_current_message == 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: record held back for processing" ) );
- return( 1 );
+ if (ssl->keep_current_message == 1) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: record held back for processing"));
+ return 1;
}
/*
@@ -5249,11 +5037,10 @@
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->in_left > ssl->next_record_offset )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records within current datagram" ) );
- return( 1 );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl->in_left > ssl->next_record_offset) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: more records within current datagram"));
+ return 1;
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
@@ -5261,19 +5048,18 @@
* Case C: A handshake message is being processed.
*/
- if( ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more handshake messages within current record" ) );
- return( 1 );
+ if (ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen) {
+ MBEDTLS_SSL_DEBUG_MSG(3,
+ ("ssl_check_pending: more handshake messages within current record"));
+ return 1;
}
/*
* Case D: An application data message is being processed
*/
- if( ssl->in_offt != NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: application data record is being processed" ) );
- return( 1 );
+ if (ssl->in_offt != NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: application data record is being processed"));
+ return 1;
}
/*
@@ -5282,29 +5068,30 @@
* we implement support for multiple alerts in single records.
*/
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: nothing pending" ) );
- return( 0 );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: nothing pending"));
+ return 0;
}
-int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
+int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl)
{
size_t transform_expansion = 0;
const mbedtls_ssl_transform *transform = ssl->transform_out;
unsigned block_size;
- size_t out_hdr_len = mbedtls_ssl_out_hdr_len( ssl );
+ size_t out_hdr_len = mbedtls_ssl_out_hdr_len(ssl);
- if( transform == NULL )
- return( (int) out_hdr_len );
+ if (transform == NULL) {
+ return (int) out_hdr_len;
+ }
#if defined(MBEDTLS_ZLIB_SUPPORT)
- if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ if (ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL) {
+ return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ }
#endif
- switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
- {
+ switch (mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc)) {
case MBEDTLS_MODE_GCM:
case MBEDTLS_MODE_CCM:
case MBEDTLS_MODE_CHACHAPOLY:
@@ -5315,7 +5102,7 @@
case MBEDTLS_MODE_CBC:
block_size = mbedtls_cipher_get_block_size(
- &transform->cipher_ctx_enc );
+ &transform->cipher_ctx_enc);
/* Expansion due to the addition of the MAC. */
transform_expansion += transform->maclen;
@@ -5328,23 +5115,25 @@
/* For TLS 1.1 or higher, an explicit IV is added
* after the record header. */
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+ if (ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2) {
transform_expansion += block_size;
+ }
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
break;
default:
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if( transform->out_cid_len != 0 )
+ if (transform->out_cid_len != 0) {
transform_expansion += MBEDTLS_SSL_MAX_CID_EXPANSION;
+ }
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- return( (int)( out_hdr_len + transform_expansion ) );
+ return (int) (out_hdr_len + transform_expansion);
}
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -5352,58 +5141,57 @@
* Check record counters and renegotiate if they're above the limit.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
+static int ssl_check_ctr_renegotiate(mbedtls_ssl_context *ssl)
{
- size_t ep_len = mbedtls_ssl_ep_len( ssl );
+ size_t ep_len = mbedtls_ssl_ep_len(ssl);
int in_ctr_cmp;
int out_ctr_cmp;
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ||
+ if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ||
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ||
- ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED )
- {
- return( 0 );
+ ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED) {
+ return 0;
}
- in_ctr_cmp = memcmp( ssl->in_ctr + ep_len,
- ssl->conf->renego_period + ep_len, 8 - ep_len );
- out_ctr_cmp = memcmp( ssl->cur_out_ctr + ep_len,
- ssl->conf->renego_period + ep_len, 8 - ep_len );
+ in_ctr_cmp = memcmp(ssl->in_ctr + ep_len,
+ ssl->conf->renego_period + ep_len, 8 - ep_len);
+ out_ctr_cmp = memcmp(ssl->cur_out_ctr + ep_len,
+ ssl->conf->renego_period + ep_len, 8 - ep_len);
- if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 )
- {
- return( 0 );
+ if (in_ctr_cmp <= 0 && out_ctr_cmp <= 0) {
+ return 0;
}
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "record counter limit reached: renegotiate" ) );
- return( mbedtls_ssl_renegotiate( ssl ) );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("record counter limit reached: renegotiate"));
+ return mbedtls_ssl_renegotiate(ssl);
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/*
* Receive application data decrypted from the SSL layer
*/
-int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
+int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
- if( ssl == NULL || ssl->conf == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl == NULL || ssl->conf == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> read"));
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
- return( ret );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
+ return ret;
+ }
- if( ssl->handshake != NULL &&
- ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
- {
- if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
- return( ret );
+ if (ssl->handshake != NULL &&
+ ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) {
+ if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) {
+ return ret;
+ }
}
}
#endif
@@ -5421,64 +5209,57 @@
*/
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- ret = ssl_check_ctr_renegotiate( ssl );
- if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
- ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
- return( ret );
+ ret = ssl_check_ctr_renegotiate(ssl);
+ if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
+ ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_check_ctr_renegotiate", ret);
+ return ret;
}
#endif
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
- {
- ret = mbedtls_ssl_handshake( ssl );
- if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
- ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
- return( ret );
+ if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
+ ret = mbedtls_ssl_handshake(ssl);
+ if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
+ ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret);
+ return ret;
}
}
/* Loop as long as no application data record is available */
- while( ssl->in_offt == NULL )
- {
+ while (ssl->in_offt == NULL) {
/* Start timer if not already running */
- if( ssl->f_get_timer != NULL &&
- ssl->f_get_timer( ssl->p_timer ) == -1 )
- {
- mbedtls_ssl_set_timer( ssl, ssl->conf->read_timeout );
+ if (ssl->f_get_timer != NULL &&
+ ssl->f_get_timer(ssl->p_timer) == -1) {
+ mbedtls_ssl_set_timer(ssl, ssl->conf->read_timeout);
}
- if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
- {
- if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
- return( 0 );
+ if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+ if (ret == MBEDTLS_ERR_SSL_CONN_EOF) {
+ return 0;
+ }
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
- return( ret );
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+ return ret;
}
- if( ssl->in_msglen == 0 &&
- ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA )
- {
+ if (ssl->in_msglen == 0 &&
+ ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) {
/*
* OpenSSL sends empty messages to randomize the IV
*/
- if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
- {
- if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
- return( 0 );
+ if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+ if (ret == MBEDTLS_ERR_SSL_CONN_EOF) {
+ return 0;
+ }
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
- return( ret );
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+ return ret;
}
}
- if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
+ if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("received handshake message"));
/*
* - For client-side, expect SERVER_HELLO_REQUEST.
@@ -5487,105 +5268,93 @@
*/
#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
- ( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ||
- ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) );
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+ (ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ||
+ ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl))) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("handshake received (not HelloRequest)"));
/* With DTLS, drop the packet (probably from last handshake) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
continue;
}
#endif
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
#endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
- ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) );
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
+ ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("handshake received (not ClientHello)"));
/* With DTLS, drop the packet (probably from last handshake) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
continue;
}
#endif
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
#endif /* MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
/* Determine whether renegotiation attempt should be accepted */
- if( ! ( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
- ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
- ssl->conf->allow_legacy_renegotiation ==
- MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) ) )
- {
+ if (!(ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
+ (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+ ssl->conf->allow_legacy_renegotiation ==
+ MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION))) {
/*
* Accept renegotiation request
*/
/* DTLS clients need to know renego is server-initiated */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
}
#endif
- ret = mbedtls_ssl_start_renegotiation( ssl );
- if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
- ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_start_renegotiation",
- ret );
- return( ret );
+ ret = mbedtls_ssl_start_renegotiation(ssl);
+ if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
+ ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_start_renegotiation",
+ ret);
+ return ret;
}
- }
- else
+ } else
#endif /* MBEDTLS_SSL_RENEGOTIATION */
{
/*
* Refuse renegotiation
*/
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("refusing renegotiation, sending alert"));
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
- {
+ if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) {
/* SSLv3 does not have a "no_renegotiation" warning, so
we send a fatal alert and abort the connection. */
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
- }
- else
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
+ return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
+ } else
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
- {
- if( ( ret = mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_WARNING,
- MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 )
- {
- return( ret );
+ defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if (ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1) {
+ if ((ret = mbedtls_ssl_send_alert_message(ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_WARNING,
+ MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION))
+ != 0) {
+ return ret;
}
- }
- else
+ } else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 ||
MBEDTLS_SSL_PROTO_TLS1_2 */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
}
@@ -5610,84 +5379,75 @@
continue;
}
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
- {
- if( ssl->conf->renego_max_records >= 0 )
- {
- if( ++ssl->renego_records_seen > ssl->conf->renego_max_records )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
- "but not honored by client" ) );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) {
+ if (ssl->conf->renego_max_records >= 0) {
+ if (++ssl->renego_records_seen > ssl->conf->renego_max_records) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation requested, "
+ "but not honored by client"));
+ return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
}
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/* Fatal and closure alerts handled by mbedtls_ssl_read_record() */
- if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "ignoring non-fatal non-closure alert" ) );
- return( MBEDTLS_ERR_SSL_WANT_READ );
+ if (ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("ignoring non-fatal non-closure alert"));
+ return MBEDTLS_ERR_SSL_WANT_READ;
}
- if( ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad application data message" ) );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ if (ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad application data message"));
+ return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
ssl->in_offt = ssl->in_msg;
/* We're going to return something now, cancel timer,
* except if handshake (renegotiation) is in progress */
- if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
- mbedtls_ssl_set_timer( ssl, 0 );
+ if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) {
+ mbedtls_ssl_set_timer(ssl, 0);
+ }
#if defined(MBEDTLS_SSL_PROTO_DTLS)
/* If we requested renego but received AppData, resend HelloRequest.
* Do it now, after setting in_offt, to avoid taking this branch
* again if ssl_write_hello_request() returns WANT_WRITE */
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
- ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
- {
- if( ( ret = mbedtls_ssl_resend_hello_request( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend_hello_request",
- ret );
- return( ret );
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
+ ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) {
+ if ((ret = mbedtls_ssl_resend_hello_request(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend_hello_request",
+ ret);
+ return ret;
}
}
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
}
- n = ( len < ssl->in_msglen )
+ n = (len < ssl->in_msglen)
? len : ssl->in_msglen;
- memcpy( buf, ssl->in_offt, n );
+ memcpy(buf, ssl->in_offt, n);
ssl->in_msglen -= n;
/* Zeroising the plaintext buffer to erase unused application data
from the memory. */
- mbedtls_platform_zeroize( ssl->in_offt, n );
+ mbedtls_platform_zeroize(ssl->in_offt, n);
- if( ssl->in_msglen == 0 )
- {
+ if (ssl->in_msglen == 0) {
/* all bytes consumed */
ssl->in_offt = NULL;
ssl->keep_current_message = 0;
- }
- else
- {
+ } else {
/* more data available */
ssl->in_offt += n;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= read"));
- return( (int) n );
+ return (int) n;
}
/*
@@ -5703,50 +5463,42 @@
* corresponding return code is 0 on success.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_real( mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len )
+static int ssl_write_real(mbedtls_ssl_context *ssl,
+ const unsigned char *buf, size_t len)
{
- int ret = mbedtls_ssl_get_max_out_record_payload( ssl );
+ int ret = mbedtls_ssl_get_max_out_record_payload(ssl);
const size_t max_len = (size_t) ret;
- if( ret < 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_max_out_record_payload", ret );
- return( ret );
+ if (ret < 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_get_max_out_record_payload", ret);
+ return ret;
}
- if( len > max_len )
- {
+ if (len > max_len) {
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
- "maximum fragment length: %" MBEDTLS_PRINTF_SIZET
- " > %" MBEDTLS_PRINTF_SIZET,
- len, max_len ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
- else
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("fragment larger than the (negotiated) "
+ "maximum fragment length: %" MBEDTLS_PRINTF_SIZET
+ " > %" MBEDTLS_PRINTF_SIZET,
+ len, max_len));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ } else
#endif
- len = max_len;
+ len = max_len;
}
- if( ssl->out_left != 0 )
- {
+ if (ssl->out_left != 0) {
/*
* The user has previously tried to send the data and
* MBEDTLS_ERR_SSL_WANT_WRITE or the message was only partially
* written. In this case, we expect the high-level write function
* (e.g. mbedtls_ssl_write()) to be called with the same parameters
*/
- if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flush_output", ret);
+ return ret;
}
- }
- else
- {
+ } else {
/*
* The user is trying to send a message the first time, so we need to
* copy the data into the internal buffers and setup the data structure
@@ -5754,16 +5506,15 @@
*/
ssl->out_msglen = len;
ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
- memcpy( ssl->out_msg, buf, len );
+ memcpy(ssl->out_msg, buf, len);
- if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret);
+ return ret;
}
}
- return( (int) len );
+ return (int) len;
}
/*
@@ -5775,156 +5526,156 @@
*/
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_split( mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len )
+static int ssl_write_split(mbedtls_ssl_context *ssl,
+ const unsigned char *buf, size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ssl->conf->cbc_record_splitting ==
- MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ||
+ if (ssl->conf->cbc_record_splitting ==
+ MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ||
len <= 1 ||
ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 ||
- mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc )
- != MBEDTLS_MODE_CBC )
- {
- return( ssl_write_real( ssl, buf, len ) );
+ mbedtls_cipher_get_cipher_mode(&ssl->transform_out->cipher_ctx_enc)
+ != MBEDTLS_MODE_CBC) {
+ return ssl_write_real(ssl, buf, len);
}
- if( ssl->split_done == 0 )
- {
- if( ( ret = ssl_write_real( ssl, buf, 1 ) ) <= 0 )
- return( ret );
+ if (ssl->split_done == 0) {
+ if ((ret = ssl_write_real(ssl, buf, 1)) <= 0) {
+ return ret;
+ }
ssl->split_done = 1;
}
- if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) <= 0 )
- return( ret );
+ if ((ret = ssl_write_real(ssl, buf + 1, len - 1)) <= 0) {
+ return ret;
+ }
ssl->split_done = 0;
- return( ret + 1 );
+ return ret + 1;
}
#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
/*
* Write application data (public-facing wrapper)
*/
-int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len )
+int mbedtls_ssl_write(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write"));
- if( ssl == NULL || ssl->conf == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl == NULL || ssl->conf == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
- return( ret );
+ if ((ret = ssl_check_ctr_renegotiate(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_check_ctr_renegotiate", ret);
+ return ret;
}
#endif
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
- {
- if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
- return( ret );
+ if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
+ if ((ret = mbedtls_ssl_handshake(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret);
+ return ret;
}
}
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
- ret = ssl_write_split( ssl, buf, len );
+ ret = ssl_write_split(ssl, buf, len);
#else
- ret = ssl_write_real( ssl, buf, len );
+ ret = ssl_write_real(ssl, buf, len);
#endif
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write"));
- return( ret );
+ return ret;
}
/*
* Notify the peer that the connection is being closed
*/
-int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ssl == NULL || ssl->conf == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl == NULL || ssl->conf == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write close notify"));
- if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
- {
- if( ( ret = mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_WARNING,
- MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_send_alert_message", ret );
- return( ret );
+ if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) {
+ if ((ret = mbedtls_ssl_send_alert_message(ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_WARNING,
+ MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_send_alert_message", ret);
+ return ret;
}
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write close notify" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write close notify"));
- return( 0 );
+ return 0;
}
-void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
+void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform)
{
- if( transform == NULL )
+ if (transform == NULL) {
return;
+ }
#if defined(MBEDTLS_ZLIB_SUPPORT)
- deflateEnd( &transform->ctx_deflate );
- inflateEnd( &transform->ctx_inflate );
+ deflateEnd(&transform->ctx_deflate);
+ inflateEnd(&transform->ctx_inflate);
#endif
- mbedtls_cipher_free( &transform->cipher_ctx_enc );
- mbedtls_cipher_free( &transform->cipher_ctx_dec );
+ mbedtls_cipher_free(&transform->cipher_ctx_enc);
+ mbedtls_cipher_free(&transform->cipher_ctx_dec);
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
- mbedtls_md_free( &transform->md_ctx_enc );
- mbedtls_md_free( &transform->md_ctx_dec );
+ mbedtls_md_free(&transform->md_ctx_enc);
+ mbedtls_md_free(&transform->md_ctx_dec);
#endif
- mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
+ mbedtls_platform_zeroize(transform, sizeof(mbedtls_ssl_transform));
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
-void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_buffering_free(mbedtls_ssl_context *ssl)
{
unsigned offset;
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
- if( hs == NULL )
+ if (hs == NULL) {
return;
+ }
- ssl_free_buffered_record( ssl );
+ ssl_free_buffered_record(ssl);
- for( offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ )
- ssl_buffering_free_slot( ssl, offset );
+ for (offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++) {
+ ssl_buffering_free_slot(ssl, offset);
+ }
}
-static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
- uint8_t slot )
+static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl,
+ uint8_t slot)
{
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
mbedtls_ssl_hs_buffer * const hs_buf = &hs->buffering.hs[slot];
- if( slot >= MBEDTLS_SSL_MAX_BUFFERED_HS )
+ if (slot >= MBEDTLS_SSL_MAX_BUFFERED_HS) {
return;
+ }
- if( hs_buf->is_valid == 1 )
- {
+ if (hs_buf->is_valid == 1) {
hs->buffering.total_bytes_buffered -= hs_buf->data_len;
- mbedtls_platform_zeroize( hs_buf->data, hs_buf->data_len );
- mbedtls_free( hs_buf->data );
- memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) );
+ mbedtls_platform_zeroize(hs_buf->data, hs_buf->data_len);
+ mbedtls_free(hs_buf->data);
+ memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer));
}
}
@@ -5939,19 +5690,18 @@
* 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1)
* 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2)
*/
-void mbedtls_ssl_write_version( int major, int minor, int transport,
- unsigned char ver[2] )
+void mbedtls_ssl_write_version(int major, int minor, int transport,
+ unsigned char ver[2])
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- if( minor == MBEDTLS_SSL_MINOR_VERSION_2 )
+ if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ if (minor == MBEDTLS_SSL_MINOR_VERSION_2) {
--minor; /* DTLS 1.0 stored as TLS 1.1 internally */
- ver[0] = (unsigned char)( 255 - ( major - 2 ) );
- ver[1] = (unsigned char)( 255 - ( minor - 1 ) );
- }
- else
+ }
+ ver[0] = (unsigned char) (255 - (major - 2));
+ ver[1] = (unsigned char) (255 - (minor - 1));
+ } else
#else
((void) transport);
#endif
@@ -5961,19 +5711,18 @@
}
}
-void mbedtls_ssl_read_version( int *major, int *minor, int transport,
- const unsigned char ver[2] )
+void mbedtls_ssl_read_version(int *major, int *minor, int transport,
+ const unsigned char ver[2])
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
*major = 255 - ver[0] + 2;
*minor = 255 - ver[1] + 1;
- if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 )
+ if (*minor == MBEDTLS_SSL_MINOR_VERSION_1) {
++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */
- }
- else
+ }
+ } else
#else
((void) transport);
#endif
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 8efccce..994661a 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -42,28 +42,30 @@
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
- const unsigned char *info,
- size_t ilen )
+int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl,
+ const unsigned char *info,
+ size_t ilen)
{
- if( ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- mbedtls_free( ssl->cli_id );
+ mbedtls_free(ssl->cli_id);
- if( ( ssl->cli_id = mbedtls_calloc( 1, ilen ) ) == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ if ((ssl->cli_id = mbedtls_calloc(1, ilen)) == NULL) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
- memcpy( ssl->cli_id, info, ilen );
+ memcpy(ssl->cli_id, info, ilen);
ssl->cli_id_len = ilen;
- return( 0 );
+ return 0;
}
-void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
- mbedtls_ssl_cookie_write_t *f_cookie_write,
- mbedtls_ssl_cookie_check_t *f_cookie_check,
- void *p_cookie )
+void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf,
+ mbedtls_ssl_cookie_write_t *f_cookie_write,
+ mbedtls_ssl_cookie_check_t *f_cookie_check,
+ void *p_cookie)
{
conf->f_cookie_write = f_cookie_write;
conf->f_cookie_check = f_cookie_check;
@@ -73,153 +75,147 @@
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_servername_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t servername_list_size, hostname_len;
const unsigned char *p;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("parse ServerName extension"));
- if( len < 2 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (len < 2) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
- if( servername_list_size + 2 != len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ servername_list_size = ((buf[0] << 8) | (buf[1]));
+ if (servername_list_size + 2 != len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
p = buf + 2;
- while( servername_list_size > 2 )
- {
- hostname_len = ( ( p[1] << 8 ) | p[2] );
- if( hostname_len + 3 > servername_list_size )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ while (servername_list_size > 2) {
+ hostname_len = ((p[1] << 8) | p[2]);
+ if (hostname_len + 3 > servername_list_size) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- if( p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME )
- {
- ret = ssl->conf->f_sni( ssl->conf->p_sni,
- ssl, p + 3, hostname_len );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_sni_wrapper", ret );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME) {
+ ret = ssl->conf->f_sni(ssl->conf->p_sni,
+ ssl, p + 3, hostname_len);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_sni_wrapper", ret);
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- return( 0 );
+ return 0;
}
servername_list_size -= hostname_len + 3;
p += hostname_len + 3;
}
- if( servername_list_size != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (servername_list_size != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf )
+static int ssl_conf_has_psk_or_cb(mbedtls_ssl_config const *conf)
{
- if( conf->f_psk != NULL )
- return( 1 );
+ if (conf->f_psk != NULL) {
+ return 1;
+ }
- if( conf->psk_identity_len == 0 || conf->psk_identity == NULL )
- return( 0 );
+ if (conf->psk_identity_len == 0 || conf->psk_identity == NULL) {
+ return 0;
+ }
- if( conf->psk != NULL && conf->psk_len != 0 )
- return( 1 );
+ if (conf->psk != NULL && conf->psk_len != 0) {
+ return 1;
+ }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
- return( 1 );
+ if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
+ return 1;
+ }
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
+static int ssl_use_opaque_psk(mbedtls_ssl_context const *ssl)
{
- if( ssl->conf->f_psk != NULL )
- {
+ if (ssl->conf->f_psk != NULL) {
/* If we've used a callback to select the PSK,
* the static configuration is irrelevant. */
- if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
- return( 1 );
+ if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
+ return 1;
+ }
- return( 0 );
+ return 0;
}
- if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
- return( 1 );
+ if (!mbedtls_svc_key_id_is_null(ssl->conf->psk_opaque)) {
+ return 1;
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
- {
+ if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
/* Check verify-data in constant-time. The length OTOH is no secret */
- if( len != 1 + ssl->verify_data_len ||
+ if (len != 1 + ssl->verify_data_len ||
buf[0] != ssl->verify_data_len ||
- mbedtls_ct_memcmp( buf + 1, ssl->peer_verify_data,
- ssl->verify_data_len ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ mbedtls_ct_memcmp(buf + 1, ssl->peer_verify_data,
+ ssl->verify_data_len) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching renegotiation info"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- }
- else
+ } else
#endif /* MBEDTLS_SSL_RENEGOTIATION */
{
- if( len != 1 || buf[0] != 0x0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (len != 1 || buf[0] != 0x0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("non-zero length renegotiation info"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
}
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
@@ -238,9 +234,9 @@
*
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_signature_algorithms_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
size_t sig_alg_list_size;
@@ -250,20 +246,19 @@
mbedtls_md_type_t md_cur;
mbedtls_pk_type_t sig_cur;
- if ( len < 2 ) {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (len < 2) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
- if( sig_alg_list_size + 2 != len ||
- sig_alg_list_size % 2 != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ sig_alg_list_size = ((buf[0] << 8) | (buf[1]));
+ if (sig_alg_list_size + 2 != len ||
+ sig_alg_list_size % 2 != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
/* Currently we only guarantee signing the ServerKeyExchange message according
@@ -275,41 +270,35 @@
* pair list from the extension.
*/
- for( p = buf + 2; p < end; p += 2 )
- {
+ for (p = buf + 2; p < end; p += 2) {
/* Silently ignore unknown signature or hash algorithms. */
- if( ( sig_cur = mbedtls_ssl_pk_alg_from_sig( p[1] ) ) == MBEDTLS_PK_NONE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext"
- " unknown sig alg encoding %d", p[1] ) );
+ if ((sig_cur = mbedtls_ssl_pk_alg_from_sig(p[1])) == MBEDTLS_PK_NONE) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext"
+ " unknown sig alg encoding %d", p[1]));
continue;
}
/* Check if we support the hash the user proposes */
- md_cur = mbedtls_ssl_md_alg_from_hash( p[0] );
- if( md_cur == MBEDTLS_MD_NONE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:"
- " unknown hash alg encoding %d", p[0] ) );
+ md_cur = mbedtls_ssl_md_alg_from_hash(p[0]);
+ if (md_cur == MBEDTLS_MD_NONE) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext:"
+ " unknown hash alg encoding %d", p[0]));
continue;
}
- if( mbedtls_ssl_check_sig_hash( ssl, md_cur ) == 0 )
- {
- mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:"
- " match sig %u and hash %u",
- (unsigned) sig_cur, (unsigned) md_cur ) );
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: "
- "hash alg %u not supported", (unsigned) md_cur ) );
+ if (mbedtls_ssl_check_sig_hash(ssl, md_cur) == 0) {
+ mbedtls_ssl_sig_hash_set_add(&ssl->handshake->hash_algs, sig_cur, md_cur);
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext:"
+ " match sig %u and hash %u",
+ (unsigned) sig_cur, (unsigned) md_cur));
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext: "
+ "hash alg %u not supported", (unsigned) md_cur));
}
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
@@ -317,61 +306,57 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_supported_elliptic_curves(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
size_t list_size, our_size;
const unsigned char *p;
const mbedtls_ecp_curve_info *curve_info, **curves;
- if ( len < 2 ) {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (len < 2) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
- if( list_size + 2 != len ||
- list_size % 2 != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ list_size = ((buf[0] << 8) | (buf[1]));
+ if (list_size + 2 != len ||
+ list_size % 2 != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
/* Should never happen unless client duplicates the extension */
- if( ssl->handshake->curves != NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (ssl->handshake->curves != NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
/* Don't allow our peer to make us allocate too much memory,
* and leave room for a final 0 */
our_size = list_size / 2 + 1;
- if( our_size > MBEDTLS_ECP_DP_MAX )
+ if (our_size > MBEDTLS_ECP_DP_MAX) {
our_size = MBEDTLS_ECP_DP_MAX;
+ }
- if( ( curves = mbedtls_calloc( our_size, sizeof( *curves ) ) ) == NULL )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ if ((curves = mbedtls_calloc(our_size, sizeof(*curves))) == NULL) {
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
ssl->handshake->curves = curves;
p = buf + 2;
- while( list_size > 0 && our_size > 1 )
- {
- curve_info = mbedtls_ecp_curve_info_from_tls_id( ( p[0] << 8 ) | p[1] );
+ while (list_size > 0 && our_size > 1) {
+ curve_info = mbedtls_ecp_curve_info_from_tls_id((p[0] << 8) | p[1]);
- if( curve_info != NULL )
- {
+ if (curve_info != NULL) {
*curves++ = curve_info;
our_size--;
}
@@ -380,116 +365,109 @@
p += 2;
}
- return( 0 );
+ return 0;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
size_t list_size;
const unsigned char *p;
- if( len == 0 || (size_t)( buf[0] + 1 ) != len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (len == 0 || (size_t) (buf[0] + 1) != len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
list_size = buf[0];
p = buf + 1;
- while( list_size > 0 )
- {
- if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
- p[0] == MBEDTLS_ECP_PF_COMPRESSED )
- {
+ while (list_size > 0) {
+ if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
+ p[0] == MBEDTLS_ECP_PF_COMPRESSED) {
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
ssl->handshake->ecdh_ctx.point_format = p[0];
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
ssl->handshake->ecjpake_ctx.point_format = p[0];
#endif
- MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
- return( 0 );
+ MBEDTLS_SSL_DEBUG_MSG(4, ("point format selected: %d", p[0]));
+ return 0;
}
list_size--;
p++;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) );
- return( 0 );
+ if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("skip ecjpake kkpp extension"));
+ return 0;
}
- if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx,
- buf, len ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( ret );
+ if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx,
+ buf, len)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_one", ret);
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return ret;
}
/* Only mark the extension as OK when we're sure it is */
ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_max_fragment_length_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
- if( len != 1 || buf[0] >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (len != 1 || buf[0] >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
ssl->session_negotiate->mfl_code = buf[0];
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_cid_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
size_t peer_cid_len;
/* CID extension only makes sense in DTLS */
- if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
/*
@@ -499,179 +477,170 @@
* struct {
* opaque cid<0..2^8-1>;
* } ConnectionId;
- */
+ */
- if( len < 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (len < 1) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
peer_cid_len = *buf++;
len--;
- if( len != peer_cid_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (len != peer_cid_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
/* Ignore CID if the user has disabled its use. */
- if( ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
- {
+ if (ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) {
/* Leave ssl->handshake->cid_in_use in its default
* value of MBEDTLS_SSL_CID_DISABLED. */
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Client sent CID extension, but CID disabled" ) );
- return( 0 );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Client sent CID extension, but CID disabled"));
+ return 0;
}
- if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
- memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
+ memcpy(ssl->handshake->peer_cid, buf, peer_cid_len);
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) );
- MBEDTLS_SSL_DEBUG_BUF( 3, "Client CID", buf, peer_cid_len );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Use of CID extension negotiated"));
+ MBEDTLS_SSL_DEBUG_BUF(3, "Client CID", buf, peer_cid_len);
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_truncated_hmac_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
- if( len != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (len != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
((void) buf);
- if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
+ if (ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED) {
ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_encrypt_then_mac_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
- if( len != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (len != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
((void) buf);
- if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
- ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
- {
+ if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
+ ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0) {
ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_extended_ms_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
- if( len != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (len != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
((void) buf);
- if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED &&
- ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
- {
+ if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED &&
+ ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0) {
ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t len )
+static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_session session;
- mbedtls_ssl_session_init( &session );
+ mbedtls_ssl_session_init(&session);
- if( ssl->conf->f_ticket_parse == NULL ||
- ssl->conf->f_ticket_write == NULL )
- {
- return( 0 );
+ if (ssl->conf->f_ticket_parse == NULL ||
+ ssl->conf->f_ticket_write == NULL) {
+ return 0;
}
/* Remember the client asked us to send a new ticket */
ssl->handshake->new_session_ticket = 1;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, len ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ticket length: %" MBEDTLS_PRINTF_SIZET, len));
- if( len == 0 )
- return( 0 );
+ if (len == 0) {
+ return 0;
+ }
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket rejected: renegotiating" ) );
- return( 0 );
+ if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ticket rejected: renegotiating"));
+ return 0;
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/*
* Failures are ok: just ignore the ticket and proceed.
*/
- if( ( ret = ssl->conf->f_ticket_parse( ssl->conf->p_ticket, &session,
- buf, len ) ) != 0 )
- {
- mbedtls_ssl_session_free( &session );
+ if ((ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, &session,
+ buf, len)) != 0) {
+ mbedtls_ssl_session_free(&session);
- if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is not authentic" ) );
- else if( ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED )
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is expired" ) );
- else
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_parse", ret );
+ if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic"));
+ } else if (ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is expired"));
+ } else {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_ticket_parse", ret);
+ }
- return( 0 );
+ return 0;
}
/*
@@ -679,37 +648,38 @@
* inform them we're accepting the ticket (RFC 5077 section 3.4)
*/
session.id_len = ssl->session_negotiate->id_len;
- memcpy( &session.id, ssl->session_negotiate->id, session.id_len );
+ memcpy(&session.id, ssl->session_negotiate->id, session.id_len);
- mbedtls_ssl_session_free( ssl->session_negotiate );
- memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) );
+ mbedtls_ssl_session_free(ssl->session_negotiate);
+ memcpy(ssl->session_negotiate, &session, sizeof(mbedtls_ssl_session));
/* Zeroize instead of free as we copied the content */
- mbedtls_platform_zeroize( &session, sizeof( mbedtls_ssl_session ) );
+ mbedtls_platform_zeroize(&session, sizeof(mbedtls_ssl_session));
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from ticket" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("session successfully restored from ticket"));
ssl->handshake->resume = 1;
/* Don't send a new ticket after all, this one is OK */
ssl->handshake->new_session_ticket = 0;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_ALPN)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len )
+static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf, size_t len)
{
size_t list_len, cur_len, ours_len;
const unsigned char *theirs, *start, *end;
const char **ours;
/* If ALPN not configured, just ignore the extension */
- if( ssl->conf->alpn_list == NULL )
- return( 0 );
+ if (ssl->conf->alpn_list == NULL) {
+ return 0;
+ }
/*
* opaque ProtocolName<1..2^8-1>;
@@ -720,19 +690,17 @@
*/
/* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */
- if( len < 4 )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (len < 4) {
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- list_len = ( buf[0] << 8 ) | buf[1];
- if( list_len != len - 2 )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ list_len = (buf[0] << 8) | buf[1];
+ if (list_len != len - 2) {
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
/*
@@ -740,72 +708,65 @@
*/
start = buf + 2;
end = buf + len;
- for( theirs = start; theirs != end; theirs += cur_len )
- {
+ for (theirs = start; theirs != end; theirs += cur_len) {
cur_len = *theirs++;
/* Current identifier must fit in list */
- if( cur_len > (size_t)( end - theirs ) )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (cur_len > (size_t) (end - theirs)) {
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
/* Empty strings MUST NOT be included */
- if( cur_len == 0 )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (cur_len == 0) {
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
}
/*
* Use our order of preference
*/
- for( ours = ssl->conf->alpn_list; *ours != NULL; ours++ )
- {
- ours_len = strlen( *ours );
- for( theirs = start; theirs != end; theirs += cur_len )
- {
+ for (ours = ssl->conf->alpn_list; *ours != NULL; ours++) {
+ ours_len = strlen(*ours);
+ for (theirs = start; theirs != end; theirs += cur_len) {
cur_len = *theirs++;
- if( cur_len == ours_len &&
- memcmp( theirs, *ours, cur_len ) == 0 )
- {
+ if (cur_len == ours_len &&
+ memcmp(theirs, *ours, cur_len) == 0) {
ssl->alpn_chosen = *ours;
- return( 0 );
+ return 0;
}
}
}
/* If we get there, no match was found */
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
mbedtls_ssl_srtp_profile client_protection = MBEDTLS_TLS_SRTP_UNSET;
- size_t i,j;
+ size_t i, j;
size_t profile_length;
uint16_t mki_length;
/*! 2 bytes for profile length and 1 byte for mki len */
const size_t size_of_lengths = 3;
/* If use_srtp is not configured, just ignore the extension */
- if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ||
- ( ssl->conf->dtls_srtp_profile_list == NULL ) ||
- ( ssl->conf->dtls_srtp_profile_list_len == 0 ) )
- {
- return( 0 );
+ if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
+ (ssl->conf->dtls_srtp_profile_list == NULL) ||
+ (ssl->conf->dtls_srtp_profile_list_len == 0)) {
+ return 0;
}
/* RFC5764 section 4.1.1
@@ -825,86 +786,77 @@
* Check here that we have at least 2 bytes of protection profiles length
* and one of srtp_mki length
*/
- if( len < size_of_lengths )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (len < size_of_lengths) {
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET;
+ ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET;
/* first 2 bytes are protection profile length(in bytes) */
- profile_length = ( buf[0] << 8 ) | buf[1];
+ profile_length = (buf[0] << 8) | buf[1];
buf += 2;
/* The profile length cannot be bigger than input buffer size - lengths fields */
- if( profile_length > len - size_of_lengths ||
- profile_length % 2 != 0 ) /* profiles are 2 bytes long, so the length must be even */
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (profile_length > len - size_of_lengths ||
+ profile_length % 2 != 0) { /* profiles are 2 bytes long, so the length must be even */
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
/*
* parse the extension list values are defined in
* http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
*/
- for( j = 0; j < profile_length; j += 2 )
- {
+ for (j = 0; j < profile_length; j += 2) {
uint16_t protection_profile_value = buf[j] << 8 | buf[j + 1];
- client_protection = mbedtls_ssl_check_srtp_profile_value( protection_profile_value );
+ client_protection = mbedtls_ssl_check_srtp_profile_value(protection_profile_value);
- if( client_protection != MBEDTLS_TLS_SRTP_UNSET )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s",
- mbedtls_ssl_get_srtp_profile_as_string(
- client_protection ) ) );
- }
- else
- {
+ if (client_protection != MBEDTLS_TLS_SRTP_UNSET) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found srtp profile: %s",
+ mbedtls_ssl_get_srtp_profile_as_string(
+ client_protection)));
+ } else {
continue;
}
/* check if suggested profile is in our list */
- for( i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++)
- {
- if( client_protection == ssl->conf->dtls_srtp_profile_list[i] )
- {
+ for (i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) {
+ if (client_protection == ssl->conf->dtls_srtp_profile_list[i]) {
ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i];
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s",
- mbedtls_ssl_get_srtp_profile_as_string(
- client_protection ) ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("selected srtp profile: %s",
+ mbedtls_ssl_get_srtp_profile_as_string(
+ client_protection)));
break;
}
}
- if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_TLS_SRTP_UNSET )
+ if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_TLS_SRTP_UNSET) {
break;
+ }
}
buf += profile_length; /* buf points to the mki length */
mki_length = *buf;
buf++;
- if( mki_length > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH ||
- mki_length + profile_length + size_of_lengths != len )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (mki_length > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH ||
+ mki_length + profile_length + size_of_lengths != len) {
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
/* Parse the mki only if present and mki is supported locally */
- if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED &&
- mki_length > 0 )
- {
+ if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED &&
+ mki_length > 0) {
ssl->dtls_srtp_info.mki_len = mki_length;
- memcpy( ssl->dtls_srtp_info.mki_value, buf, mki_length );
+ memcpy(ssl->dtls_srtp_info.mki_value, buf, mki_length);
- MBEDTLS_SSL_DEBUG_BUF( 3, "using mki", ssl->dtls_srtp_info.mki_value,
- ssl->dtls_srtp_info.mki_len );
+ MBEDTLS_SSL_DEBUG_BUF(3, "using mki", ssl->dtls_srtp_info.mki_value,
+ ssl->dtls_srtp_info.mki_len);
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
@@ -918,20 +870,20 @@
*/
#if defined(MBEDTLS_ECDSA_C)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_key_curve( mbedtls_pk_context *pk,
- const mbedtls_ecp_curve_info **curves )
+static int ssl_check_key_curve(mbedtls_pk_context *pk,
+ const mbedtls_ecp_curve_info **curves)
{
const mbedtls_ecp_curve_info **crv = curves;
- mbedtls_ecp_group_id grp_id = mbedtls_pk_ec( *pk )->grp.id;
+ mbedtls_ecp_group_id grp_id = mbedtls_pk_ec(*pk)->grp.id;
- while( *crv != NULL )
- {
- if( (*crv)->grp_id == grp_id )
- return( 0 );
+ while (*crv != NULL) {
+ if ((*crv)->grp_id == grp_id) {
+ return 0;
+ }
crv++;
}
- return( -1 );
+ return -1;
}
#endif /* MBEDTLS_ECDSA_C */
@@ -940,41 +892,39 @@
* return 0 on success and -1 on failure.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_pick_cert( mbedtls_ssl_context *ssl,
- const mbedtls_ssl_ciphersuite_t * ciphersuite_info )
+static int ssl_pick_cert(mbedtls_ssl_context *ssl,
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
{
mbedtls_ssl_key_cert *cur, *list, *fallback = NULL;
mbedtls_pk_type_t pk_alg =
- mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
+ mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info);
uint32_t flags;
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- if( ssl->handshake->sni_key_cert != NULL )
+ if (ssl->handshake->sni_key_cert != NULL) {
list = ssl->handshake->sni_key_cert;
- else
+ } else
#endif
- list = ssl->conf->key_cert;
+ list = ssl->conf->key_cert;
- if( pk_alg == MBEDTLS_PK_NONE )
- return( 0 );
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite requires certificate" ) );
-
- if( list == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server has no certificate" ) );
- return( -1 );
+ if (pk_alg == MBEDTLS_PK_NONE) {
+ return 0;
}
- for( cur = list; cur != NULL; cur = cur->next )
- {
- flags = 0;
- MBEDTLS_SSL_DEBUG_CRT( 3, "candidate certificate chain, certificate",
- cur->cert );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite requires certificate"));
- if( ! mbedtls_pk_can_do( &cur->cert->pk, pk_alg ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: key type" ) );
+ if (list == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server has no certificate"));
+ return -1;
+ }
+
+ for (cur = list; cur != NULL; cur = cur->next) {
+ flags = 0;
+ MBEDTLS_SSL_DEBUG_CRT(3, "candidate certificate chain, certificate",
+ cur->cert);
+
+ if (!mbedtls_pk_can_do(&cur->cert->pk, pk_alg)) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: key type"));
continue;
}
@@ -986,19 +936,17 @@
* different uses based on keyUsage, eg if they want to avoid signing
* and decrypting with the same RSA key.
*/
- if( mbedtls_ssl_check_cert_usage( cur->cert, ciphersuite_info,
- MBEDTLS_SSL_IS_SERVER, &flags ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: "
- "(extended) key usage extension" ) );
+ if (mbedtls_ssl_check_cert_usage(cur->cert, ciphersuite_info,
+ MBEDTLS_SSL_IS_SERVER, &flags) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: "
+ "(extended) key usage extension"));
continue;
}
#if defined(MBEDTLS_ECDSA_C)
- if( pk_alg == MBEDTLS_PK_ECDSA &&
- ssl_check_key_curve( &cur->cert->pk, ssl->handshake->curves ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: elliptic curve" ) );
+ if (pk_alg == MBEDTLS_PK_ECDSA &&
+ ssl_check_key_curve(&cur->cert->pk, ssl->handshake->curves) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: elliptic curve"));
continue;
}
#endif
@@ -1008,15 +956,15 @@
* present them a SHA-higher cert rather than failing if it's the only
* one we got that satisfies the other conditions.
*/
- if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 &&
- cur->cert->sig_md != MBEDTLS_MD_SHA1 )
- {
- if( fallback == NULL )
+ if (ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 &&
+ cur->cert->sig_md != MBEDTLS_MD_SHA1) {
+ if (fallback == NULL) {
fallback = cur;
+ }
{
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate not preferred: "
- "sha-2 with pre-TLS 1.2 client" ) );
- continue;
+ MBEDTLS_SSL_DEBUG_MSG(3, ("certificate not preferred: "
+ "sha-2 with pre-TLS 1.2 client"));
+ continue;
}
}
@@ -1024,19 +972,19 @@
break;
}
- if( cur == NULL )
+ if (cur == NULL) {
cur = fallback;
-
- /* Do not update ssl->handshake->key_cert unless there is a match */
- if( cur != NULL )
- {
- ssl->handshake->key_cert = cur;
- MBEDTLS_SSL_DEBUG_CRT( 3, "selected certificate chain, certificate",
- ssl->handshake->key_cert->cert );
- return( 0 );
}
- return( -1 );
+ /* Do not update ssl->handshake->key_cert unless there is a match */
+ if (cur != NULL) {
+ ssl->handshake->key_cert = cur;
+ MBEDTLS_SSL_DEBUG_CRT(3, "selected certificate chain, certificate",
+ ssl->handshake->key_cert->cert);
+ return 0;
+ }
+
+ return -1;
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@@ -1045,8 +993,8 @@
* Sets ciphersuite_info only if the suite matches.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
- const mbedtls_ssl_ciphersuite_t **ciphersuite_info )
+static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id,
+ const mbedtls_ssl_ciphersuite_t **ciphersuite_info)
{
const mbedtls_ssl_ciphersuite_t *suite_info;
@@ -1055,68 +1003,63 @@
mbedtls_pk_type_t sig_type;
#endif
- suite_info = mbedtls_ssl_ciphersuite_from_id( suite_id );
- if( suite_info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ suite_info = mbedtls_ssl_ciphersuite_from_id(suite_id);
+ if (suite_info == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)",
- (unsigned int) suite_id, suite_info->name ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("trying ciphersuite: %#04x (%s)",
+ (unsigned int) suite_id, suite_info->name));
- if( suite_info->min_minor_ver > ssl->minor_ver ||
- suite_info->max_minor_ver < ssl->minor_ver )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: version" ) );
- return( 0 );
+ if (suite_info->min_minor_ver > ssl->minor_ver ||
+ suite_info->max_minor_ver < ssl->minor_ver) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: version"));
+ return 0;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
- return( 0 );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ (suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS)) {
+ return 0;
+ }
#endif
#if defined(MBEDTLS_ARC4_C)
- if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
- suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: rc4" ) );
- return( 0 );
+ if (ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
+ suite_info->cipher == MBEDTLS_CIPHER_ARC4_128) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: rc4"));
+ return 0;
}
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
- ( ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK ) == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: ecjpake "
- "not configured or ext missing" ) );
- return( 0 );
+ if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
+ (ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK) == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: ecjpake "
+ "not configured or ext missing"));
+ return 0;
}
#endif
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
- if( mbedtls_ssl_ciphersuite_uses_ec( suite_info ) &&
- ( ssl->handshake->curves == NULL ||
- ssl->handshake->curves[0] == NULL ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: "
- "no common elliptic curve" ) );
- return( 0 );
+ if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) &&
+ (ssl->handshake->curves == NULL ||
+ ssl->handshake->curves[0] == NULL)) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: "
+ "no common elliptic curve"));
+ return 0;
}
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/* If the ciphersuite requires a pre-shared key and we don't
* have one, skip it now rather than failing later */
- if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
- ssl_conf_has_psk_or_cb( ssl->conf ) == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no pre-shared key" ) );
- return( 0 );
+ if (mbedtls_ssl_ciphersuite_uses_psk(suite_info) &&
+ ssl_conf_has_psk_or_cb(ssl->conf) == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: no pre-shared key"));
+ return 0;
}
#endif
@@ -1124,15 +1067,14 @@
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* If the ciphersuite requires signing, check whether
* a suitable hash algorithm is present. */
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- sig_type = mbedtls_ssl_get_ciphersuite_sig_alg( suite_info );
- if( sig_type != MBEDTLS_PK_NONE &&
- mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
- "for signature algorithm %u", (unsigned) sig_type ) );
- return( 0 );
+ if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) {
+ sig_type = mbedtls_ssl_get_ciphersuite_sig_alg(suite_info);
+ if (sig_type != MBEDTLS_PK_NONE &&
+ mbedtls_ssl_sig_hash_set_find(&ssl->handshake->hash_algs,
+ sig_type) == MBEDTLS_MD_NONE) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: no suitable hash algorithm "
+ "for signature algorithm %u", (unsigned) sig_type));
+ return 0;
}
}
@@ -1147,21 +1089,20 @@
* - try the next ciphersuite if we don't
* This must be done last since we modify the key_cert list.
*/
- if( ssl_pick_cert( ssl, suite_info ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: "
- "no suitable certificate" ) );
- return( 0 );
+ if (ssl_pick_cert(ssl, suite_info) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: "
+ "no suitable certificate"));
+ return 0;
}
#endif
*ciphersuite_info = suite_info;
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
+static int ssl_parse_client_hello_v2(mbedtls_ssl_context *ssl)
{
int ret, got_common_suite;
unsigned int i, j;
@@ -1171,28 +1112,27 @@
const int *ciphersuites;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello v2" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client hello v2"));
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello v2 illegal for renegotiation" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("client hello v2 illegal for renegotiation"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
buf = ssl->in_hdr;
- MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, 5 );
+ MBEDTLS_SSL_DEBUG_BUF(4, "record header", buf, 5);
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, message type: %d",
- buf[2] ) );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, message len.: %d",
- ( ( buf[0] & 0x7F ) << 8 ) | buf[1] ) );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, max. version: [%d:%d]",
- buf[3], buf[4] ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v2, message type: %d",
+ buf[2]));
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v2, message len.: %d",
+ ((buf[0] & 0x7F) << 8) | buf[1]));
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v2, max. version: [%d:%d]",
+ buf[3], buf[4]));
/*
* SSLv2 Client Hello
@@ -1204,47 +1144,43 @@
* 2 . 2 message type
* 3 . 4 protocol version
*/
- if( buf[2] != MBEDTLS_SSL_HS_CLIENT_HELLO ||
- buf[3] != MBEDTLS_SSL_MAJOR_VERSION_3 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (buf[2] != MBEDTLS_SSL_HS_CLIENT_HELLO ||
+ buf[3] != MBEDTLS_SSL_MAJOR_VERSION_3) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- n = ( ( buf[0] << 8 ) | buf[1] ) & 0x7FFF;
+ n = ((buf[0] << 8) | buf[1]) & 0x7FFF;
- if( n < 17 || n > 512 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (n < 17 || n > 512) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
- ssl->minor_ver = ( buf[4] <= ssl->conf->max_minor_ver )
+ ssl->minor_ver = (buf[4] <= ssl->conf->max_minor_ver)
? buf[4] : ssl->conf->max_minor_ver;
- if( ssl->minor_ver < ssl->conf->min_minor_ver )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
- " [%d:%d] < [%d:%d]",
- ssl->major_ver, ssl->minor_ver,
- ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
+ if (ssl->minor_ver < ssl->conf->min_minor_ver) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("client only supports ssl smaller than minimum"
+ " [%d:%d] < [%d:%d]",
+ ssl->major_ver, ssl->minor_ver,
+ ssl->conf->min_major_ver, ssl->conf->min_minor_ver));
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
- return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION);
+ return MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION;
}
ssl->handshake->max_major_ver = buf[3];
ssl->handshake->max_minor_ver = buf[4];
- if( ( ret = mbedtls_ssl_fetch_input( ssl, 2 + n ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_fetch_input(ssl, 2 + n)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret);
+ return ret;
}
- ssl->handshake->update_checksum( ssl, buf + 2, n );
+ ssl->handshake->update_checksum(ssl, buf + 2, n);
buf = ssl->in_msg;
n = ssl->in_left - 5;
@@ -1257,76 +1193,69 @@
* .. . .. session id
* .. . .. challenge
*/
- MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, n );
+ MBEDTLS_SSL_DEBUG_BUF(4, "record contents", buf, n);
- ciph_len = ( buf[0] << 8 ) | buf[1];
- sess_len = ( buf[2] << 8 ) | buf[3];
- chal_len = ( buf[4] << 8 ) | buf[5];
+ ciph_len = (buf[0] << 8) | buf[1];
+ sess_len = (buf[2] << 8) | buf[3];
+ chal_len = (buf[4] << 8) | buf[5];
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %u, sess_len: %u, chal_len: %u",
- ciph_len, sess_len, chal_len ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ciph_len: %u, sess_len: %u, chal_len: %u",
+ ciph_len, sess_len, chal_len));
/*
* Make sure each parameter length is valid
*/
- if( ciph_len < 3 || ( ciph_len % 3 ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (ciph_len < 3 || (ciph_len % 3) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- if( sess_len > 32 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (sess_len > 32) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- if( chal_len < 8 || chal_len > 32 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (chal_len < 8 || chal_len > 32) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- if( n != 6 + ciph_len + sess_len + chal_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (n != 6 + ciph_len + sess_len + chal_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
- buf + 6, ciph_len );
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id",
- buf + 6 + ciph_len, sess_len );
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, challenge",
- buf + 6 + ciph_len + sess_len, chal_len );
+ MBEDTLS_SSL_DEBUG_BUF(3, "client hello, ciphersuitelist",
+ buf + 6, ciph_len);
+ MBEDTLS_SSL_DEBUG_BUF(3, "client hello, session id",
+ buf + 6 + ciph_len, sess_len);
+ MBEDTLS_SSL_DEBUG_BUF(3, "client hello, challenge",
+ buf + 6 + ciph_len + sess_len, chal_len);
p = buf + 6 + ciph_len;
ssl->session_negotiate->id_len = sess_len;
- memset( ssl->session_negotiate->id, 0,
- sizeof( ssl->session_negotiate->id ) );
- memcpy( ssl->session_negotiate->id, p, ssl->session_negotiate->id_len );
+ memset(ssl->session_negotiate->id, 0,
+ sizeof(ssl->session_negotiate->id));
+ memcpy(ssl->session_negotiate->id, p, ssl->session_negotiate->id_len);
p += sess_len;
- memset( ssl->handshake->randbytes, 0, 64 );
- memcpy( ssl->handshake->randbytes + 32 - chal_len, p, chal_len );
+ memset(ssl->handshake->randbytes, 0, 64);
+ memcpy(ssl->handshake->randbytes + 32 - chal_len, p, chal_len);
/*
* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*/
- for( i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3 )
- {
- if( p[0] == 0 && p[1] == 0 && p[2] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
+ for (i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3) {
+ if (p[0] == 0 && p[1] == 0 && p[2] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("received TLS_EMPTY_RENEGOTIATION_INFO "));
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV "
- "during renegotiation" ) );
+ if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("received RENEGOTIATION SCSV "
+ "during renegotiation"));
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
@@ -1335,21 +1264,18 @@
}
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
- for( i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3 )
- {
- if( p[0] == 0 &&
- MBEDTLS_GET_UINT16_BE(p, 1) != MBEDTLS_SSL_FALLBACK_SCSV_VALUE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "received FALLBACK_SCSV" ) );
+ for (i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3) {
+ if (p[0] == 0 &&
+ MBEDTLS_GET_UINT16_BE(p, 1) != MBEDTLS_SSL_FALLBACK_SCSV_VALUE) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("received FALLBACK_SCSV"));
- if( ssl->minor_ver < ssl->conf->max_minor_ver )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
+ if (ssl->minor_ver < ssl->conf->max_minor_ver) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("inapropriate fallback"));
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK );
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK);
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
break;
@@ -1361,55 +1287,58 @@
ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
ciphersuite_info = NULL;
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
- for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
- for( i = 0; ciphersuites[i] != 0; i++ )
- {
- if( p[0] != 0 ||
- MBEDTLS_GET_UINT16_BE(p, 1) != ciphersuites[i] )
+ for (j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3) {
+ for (i = 0; ciphersuites[i] != 0; i++) {
+ if (p[0] != 0 ||
+ MBEDTLS_GET_UINT16_BE(p, 1) != ciphersuites[i]) {
continue;
+ }
got_common_suite = 1;
- if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
- &ciphersuite_info ) ) != 0 )
- return( ret );
+ if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i],
+ &ciphersuite_info)) != 0) {
+ return ret;
+ }
- if( ciphersuite_info != NULL )
+ if (ciphersuite_info != NULL) {
goto have_ciphersuite_v2;
+ }
}
+ }
#else
- for( i = 0; ciphersuites[i] != 0; i++ )
- for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
- {
- if( p[0] != 0 ||
- MBEDTLS_GET_UINT16_BE(p, 1) != ciphersuites[i] )
+ for (i = 0; ciphersuites[i] != 0; i++) {
+ for (j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3) {
+ if (p[0] != 0 ||
+ MBEDTLS_GET_UINT16_BE(p, 1) != ciphersuites[i]) {
continue;
+ }
got_common_suite = 1;
- if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
- &ciphersuite_info ) ) != 0 )
- return( ret );
+ if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i],
+ &ciphersuite_info)) != 0) {
+ return ret;
+ }
- if( ciphersuite_info != NULL )
+ if (ciphersuite_info != NULL) {
goto have_ciphersuite_v2;
+ }
}
+ }
#endif
- if( got_common_suite )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, "
- "but none of them usable" ) );
- return( MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE );
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
- return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN );
+ if (got_common_suite) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("got ciphersuites in common, "
+ "but none of them usable"));
+ return MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE;
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("got no ciphersuites in common"));
+ return MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN;
}
have_ciphersuite_v2:
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %s", ciphersuite_info->name));
ssl->session_negotiate->ciphersuite = ciphersuites[i];
ssl->handshake->ciphersuite_info = ciphersuite_info;
@@ -1417,21 +1346,20 @@
/*
* SSLv2 Client Hello relevant renegotiation security checks
*/
- if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
- ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+ ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation, breaking off handshake"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
ssl->in_left = 0;
ssl->state++;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client hello v2" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client hello v2"));
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
@@ -1439,7 +1367,7 @@
ClientHello parsing because they might indicate that the client is
not talking SSL/TLS at all and would not understand our alert. */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
+static int ssl_parse_client_hello(mbedtls_ssl_context *ssl)
{
int ret, got_common_suite;
size_t i, j;
@@ -1466,7 +1394,7 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client hello"));
int renegotiating = 0;
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
@@ -1478,16 +1406,15 @@
* ClientHello, which doesn't use the same record layer format.
*/
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
+ if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
renegotiating = 1;
+ }
#endif
- if( !renegotiating )
- {
- if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 )
- {
+ if (!renegotiating) {
+ if ((ret = mbedtls_ssl_fetch_input(ssl, 5)) != 0) {
/* No alert on a read error. */
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
- return( ret );
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret);
+ return ret;
}
}
@@ -1496,15 +1423,18 @@
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
int is_dtls = 0;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
is_dtls = 1;
+ }
#endif
- if( !is_dtls )
- if( ( buf[0] & 0x80 ) != 0 )
- return( ssl_parse_client_hello_v2( ssl ) );
+ if (!is_dtls) {
+ if ((buf[0] & 0x80) != 0) {
+ return ssl_parse_client_hello_v2(ssl);
+ }
+ }
#endif
- MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) );
+ MBEDTLS_SSL_DEBUG_BUF(4, "record header", buf, mbedtls_ssl_in_hdr_len(ssl));
/*
* SSLv3/TLS Client Hello
@@ -1515,104 +1445,95 @@
* 3 . 11 DTLS: epoch + record sequence number
* 3 . 4 message length
*/
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, message type: %d",
- buf[0] ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, message type: %d",
+ buf[0]));
- if( buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, message len.: %d",
- ( ssl->in_len[0] << 8 ) | ssl->in_len[1] ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, message len.: %d",
+ (ssl->in_len[0] << 8) | ssl->in_len[1]));
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, protocol version: [%d:%d]",
- buf[1], buf[2] ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, protocol version: [%d:%d]",
+ buf[1], buf[2]));
- mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 );
+ mbedtls_ssl_read_version(&major, &minor, ssl->conf->transport, buf + 1);
/* According to RFC 5246 Appendix E.1, the version here is typically
* "{03,00}, the lowest version number supported by the client, [or] the
* value of ClientHello.client_version", so the only meaningful check here
* is the major version shouldn't be less than 3 */
- if( major < MBEDTLS_SSL_MAJOR_VERSION_3 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (major < MBEDTLS_SSL_MAJOR_VERSION_3) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
/* For DTLS if this is the initial handshake, remember the client sequence
* number to use it in our next message (RFC 6347 4.2.1) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
#endif
- )
- {
+ ) {
/* Epoch should be 0 for initial handshakes */
- if( ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- memcpy( ssl->cur_out_ctr + 2, ssl->in_ctr + 2, 6 );
+ memcpy(ssl->cur_out_ctr + 2, ssl->in_ctr + 2, 6);
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record, discarding" ) );
+ if (mbedtls_ssl_dtls_replay_check(ssl) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("replayed record, discarding"));
ssl->next_record_offset = 0;
ssl->in_left = 0;
goto read_record_header;
}
/* No MAC to check yet, so we can update right now */
- mbedtls_ssl_dtls_replay_update( ssl );
+ mbedtls_ssl_dtls_replay_update(ssl);
#endif
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- msg_len = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
+ msg_len = (ssl->in_len[0] << 8) | ssl->in_len[1];
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
- {
+ if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
/* Set by mbedtls_ssl_read_record() */
msg_len = ssl->in_hslen;
- }
- else
+ } else
#endif
{
- if( msg_len > MBEDTLS_SSL_IN_CONTENT_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (msg_len > MBEDTLS_SSL_IN_CONTENT_LEN) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- if( ( ret = mbedtls_ssl_fetch_input( ssl,
- mbedtls_ssl_in_hdr_len( ssl ) + msg_len ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_fetch_input(ssl,
+ mbedtls_ssl_in_hdr_len(ssl) + msg_len)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret);
+ return ret;
}
- /* Done reading this record, get ready for the next one */
+ /* Done reading this record, get ready for the next one */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len( ssl );
- else
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len(ssl);
+ } else
#endif
- ssl->in_left = 0;
+ ssl->in_left = 0;
}
buf = ssl->in_msg;
- MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, msg_len );
+ MBEDTLS_SSL_DEBUG_BUF(4, "record contents", buf, msg_len);
- ssl->handshake->update_checksum( ssl, buf, msg_len );
+ ssl->handshake->update_checksum(ssl, buf, msg_len);
/*
* Handshake layer:
@@ -1622,68 +1543,60 @@
* 6 . 8 DTLS only: fragment offset
* 9 . 11 DTLS only: fragment length
*/
- if( msg_len < mbedtls_ssl_hs_hdr_len( ssl ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (msg_len < mbedtls_ssl_hs_hdr_len(ssl)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake type: %d", buf[0] ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake type: %d", buf[0]));
- if( buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d",
- ( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake len.: %d",
+ (buf[1] << 16) | (buf[2] << 8) | buf[3]));
- if( buf[1] != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message: %u != 0",
- (unsigned) buf[1] ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (buf[1] != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message: %u != 0",
+ (unsigned) buf[1]));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
/* We don't support fragmentation of ClientHello (yet?) */
- if( msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message: %u != %u + %u",
- (unsigned) msg_len,
- (unsigned) mbedtls_ssl_hs_hdr_len( ssl ),
- (unsigned) ( buf[2] << 8 ) | buf[3] ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (msg_len != mbedtls_ssl_hs_hdr_len(ssl) + ((buf[2] << 8) | buf[3])) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message: %u != %u + %u",
+ (unsigned) msg_len,
+ (unsigned) mbedtls_ssl_hs_hdr_len(ssl),
+ (unsigned) (buf[2] << 8) | buf[3]));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
/*
* Copy the client's handshake message_seq on initial handshakes,
* check sequence number on renego.
*/
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
- {
+ if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
/* This couldn't be done in ssl_prepare_handshake_record() */
- unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) |
- ssl->in_msg[5];
+ unsigned int cli_msg_seq = (ssl->in_msg[4] << 8) |
+ ssl->in_msg[5];
- if( cli_msg_seq != ssl->handshake->in_msg_seq )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: "
- "%u (expected %u)", cli_msg_seq,
- ssl->handshake->in_msg_seq ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (cli_msg_seq != ssl->handshake->in_msg_seq) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message_seq: "
+ "%u (expected %u)", cli_msg_seq,
+ ssl->handshake->in_msg_seq));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
ssl->handshake->in_msg_seq++;
- }
- else
+ } else
#endif
{
- unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) |
- ssl->in_msg[5];
+ unsigned int cli_msg_seq = (ssl->in_msg[4] << 8) |
+ ssl->in_msg[5];
ssl->handshake->out_msg_seq = cli_msg_seq;
ssl->handshake->in_msg_seq = cli_msg_seq + 1;
}
@@ -1693,21 +1606,20 @@
* fragment_offset == 0 and fragment_length == length
*/
MBEDTLS_SSL_DEBUG_MSG(
- 4, ( "fragment_offset=%u fragment_length=%u length=%u",
- (unsigned) ( ssl->in_msg[6] << 16 | ssl->in_msg[7] << 8 | ssl->in_msg[8] ),
- (unsigned) ( ssl->in_msg[9] << 16 | ssl->in_msg[10] << 8 | ssl->in_msg[11] ),
- (unsigned) ( ssl->in_msg[1] << 16 | ssl->in_msg[2] << 8 | ssl->in_msg[3] ) ) );
- if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 ||
- memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "ClientHello fragmentation not supported" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ 4, ("fragment_offset=%u fragment_length=%u length=%u",
+ (unsigned) (ssl->in_msg[6] << 16 | ssl->in_msg[7] << 8 | ssl->in_msg[8]),
+ (unsigned) (ssl->in_msg[9] << 16 | ssl->in_msg[10] << 8 | ssl->in_msg[11]),
+ (unsigned) (ssl->in_msg[1] << 16 | ssl->in_msg[2] << 8 | ssl->in_msg[3])));
+ if (ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 ||
+ memcmp(ssl->in_msg + 1, ssl->in_msg + 9, 3) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("ClientHello fragmentation not supported"));
+ return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
}
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- buf += mbedtls_ssl_hs_hdr_len( ssl );
- msg_len -= mbedtls_ssl_hs_hdr_len( ssl );
+ buf += mbedtls_ssl_hs_hdr_len(ssl);
+ msg_len -= mbedtls_ssl_hs_hdr_len(ssl);
/*
* ClientHello layer:
@@ -1730,150 +1642,136 @@
* 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can
* read at least up to session id length without worrying.
*/
- if( msg_len < 38 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (msg_len < 38) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
/*
* Check and save the protocol version
*/
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, version", buf, 2 );
+ MBEDTLS_SSL_DEBUG_BUF(3, "client hello, version", buf, 2);
- mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
- ssl->conf->transport, buf );
+ mbedtls_ssl_read_version(&ssl->major_ver, &ssl->minor_ver,
+ ssl->conf->transport, buf);
ssl->handshake->max_major_ver = ssl->major_ver;
ssl->handshake->max_minor_ver = ssl->minor_ver;
- if( ssl->major_ver < ssl->conf->min_major_ver ||
- ssl->minor_ver < ssl->conf->min_minor_ver )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
- " [%d:%d] < [%d:%d]",
- ssl->major_ver, ssl->minor_ver,
- ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
- return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
+ if (ssl->major_ver < ssl->conf->min_major_ver ||
+ ssl->minor_ver < ssl->conf->min_minor_ver) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("client only supports ssl smaller than minimum"
+ " [%d:%d] < [%d:%d]",
+ ssl->major_ver, ssl->minor_ver,
+ ssl->conf->min_major_ver, ssl->conf->min_minor_ver));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION);
+ return MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION;
}
- if( ssl->major_ver > ssl->conf->max_major_ver )
- {
+ if (ssl->major_ver > ssl->conf->max_major_ver) {
ssl->major_ver = ssl->conf->max_major_ver;
ssl->minor_ver = ssl->conf->max_minor_ver;
- }
- else if( ssl->minor_ver > ssl->conf->max_minor_ver )
+ } else if (ssl->minor_ver > ssl->conf->max_minor_ver) {
ssl->minor_ver = ssl->conf->max_minor_ver;
+ }
/*
* Save client random (inc. Unix time)
*/
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf + 2, 32 );
+ MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes", buf + 2, 32);
- memcpy( ssl->handshake->randbytes, buf + 2, 32 );
+ memcpy(ssl->handshake->randbytes, buf + 2, 32);
/*
* Check the session ID length and save session ID
*/
sess_len = buf[34];
- if( sess_len > sizeof( ssl->session_negotiate->id ) ||
- sess_len + 34 + 2 > msg_len ) /* 2 for cipherlist length field */
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (sess_len > sizeof(ssl->session_negotiate->id) ||
+ sess_len + 34 + 2 > msg_len) { /* 2 for cipherlist length field */
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 35, sess_len );
+ MBEDTLS_SSL_DEBUG_BUF(3, "client hello, session id", buf + 35, sess_len);
ssl->session_negotiate->id_len = sess_len;
- memset( ssl->session_negotiate->id, 0,
- sizeof( ssl->session_negotiate->id ) );
- memcpy( ssl->session_negotiate->id, buf + 35,
- ssl->session_negotiate->id_len );
+ memset(ssl->session_negotiate->id, 0,
+ sizeof(ssl->session_negotiate->id));
+ memcpy(ssl->session_negotiate->id, buf + 35,
+ ssl->session_negotiate->id_len);
/*
* Check the cookie length and content
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
cookie_offset = 35 + sess_len;
cookie_len = buf[cookie_offset];
- if( cookie_offset + 1 + cookie_len + 2 > msg_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (cookie_offset + 1 + cookie_len + 2 > msg_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
- buf + cookie_offset + 1, cookie_len );
+ MBEDTLS_SSL_DEBUG_BUF(3, "client hello, cookie",
+ buf + cookie_offset + 1, cookie_len);
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
- if( ssl->conf->f_cookie_check != NULL
+ if (ssl->conf->f_cookie_check != NULL
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
#endif
- )
- {
- if( ssl->conf->f_cookie_check( ssl->conf->p_cookie,
- buf + cookie_offset + 1, cookie_len,
- ssl->cli_id, ssl->cli_id_len ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification failed" ) );
+ ) {
+ if (ssl->conf->f_cookie_check(ssl->conf->p_cookie,
+ buf + cookie_offset + 1, cookie_len,
+ ssl->cli_id, ssl->cli_id_len) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification failed"));
ssl->handshake->verify_cookie_len = 1;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification passed" ) );
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification passed"));
ssl->handshake->verify_cookie_len = 0;
}
- }
- else
+ } else
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
{
/* We know we didn't send a cookie, so it should be empty */
- if( cookie_len != 0 )
- {
+ if (cookie_len != 0) {
/* This may be an attacker's probe, so don't send an alert */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification skipped" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification skipped"));
}
- /*
- * Check the ciphersuitelist length (will be parsed later)
- */
+ /*
+ * Check the ciphersuitelist length (will be parsed later)
+ */
ciph_offset = cookie_offset + 1 + cookie_len;
- }
- else
+ } else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- ciph_offset = 35 + sess_len;
+ ciph_offset = 35 + sess_len;
- ciph_len = ( buf[ciph_offset + 0] << 8 )
- | ( buf[ciph_offset + 1] );
+ ciph_len = (buf[ciph_offset + 0] << 8)
+ | (buf[ciph_offset + 1]);
- if( ciph_len < 2 ||
+ if (ciph_len < 2 ||
ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */
- ( ciph_len % 2 ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ (ciph_len % 2) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
- buf + ciph_offset + 2, ciph_len );
+ MBEDTLS_SSL_DEBUG_BUF(3, "client hello, ciphersuitelist",
+ buf + ciph_offset + 2, ciph_len);
/*
* Check the compression algorithms length and pick one
@@ -1882,25 +1780,22 @@
comp_len = buf[comp_offset];
- if( comp_len < 1 ||
+ if (comp_len < 1 ||
comp_len > 16 ||
- comp_len + comp_offset + 1 > msg_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ comp_len + comp_offset + 1 > msg_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, compression",
- buf + comp_offset + 1, comp_len );
+ MBEDTLS_SSL_DEBUG_BUF(3, "client hello, compression",
+ buf + comp_offset + 1, comp_len);
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
#if defined(MBEDTLS_ZLIB_SUPPORT)
- for( i = 0; i < comp_len; ++i )
- {
- if( buf[comp_offset + 1 + i] == MBEDTLS_SSL_COMPRESS_DEFLATE )
- {
+ for (i = 0; i < comp_len; ++i) {
+ if (buf[comp_offset + 1 + i] == MBEDTLS_SSL_COMPRESS_DEFLATE) {
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_DEFLATE;
break;
}
@@ -1909,99 +1804,97 @@
/* See comments in ssl_write_client_hello() */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
+ }
#endif
/* Do not parse the extensions if the protocol is SSLv3 */
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
- {
+ if ((ssl->major_ver != 3) || (ssl->minor_ver != 0)) {
#endif
- /*
- * Check the extension length
- */
- ext_offset = comp_offset + 1 + comp_len;
- if( msg_len > ext_offset )
- {
- if( msg_len < ext_offset + 2 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
-
- ext_len = ( buf[ext_offset + 0] << 8 )
- | ( buf[ext_offset + 1] );
-
- if( msg_len != ext_offset + 2 + ext_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
+ /*
+ * Check the extension length
+ */
+ ext_offset = comp_offset + 1 + comp_len;
+ if (msg_len > ext_offset) {
+ if (msg_len < ext_offset + 2) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
- else
- ext_len = 0;
- ext = buf + ext_offset + 2;
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len );
+ ext_len = (buf[ext_offset + 0] << 8)
+ | (buf[ext_offset + 1]);
- while( ext_len != 0 )
- {
- unsigned int ext_id;
- unsigned int ext_size;
- if ( ext_len < 4 ) {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
- ext_id = ( ( ext[0] << 8 ) | ( ext[1] ) );
- ext_size = ( ( ext[2] << 8 ) | ( ext[3] ) );
+ if (msg_len != ext_offset + 2 + ext_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
+ }
+ } else {
+ ext_len = 0;
+ }
- if( ext_size + 4 > ext_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
- switch( ext_id )
- {
+ ext = buf + ext_offset + 2;
+ MBEDTLS_SSL_DEBUG_BUF(3, "client hello extensions", ext, ext_len);
+
+ while (ext_len != 0) {
+ unsigned int ext_id;
+ unsigned int ext_size;
+ if (ext_len < 4) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
+ }
+ ext_id = ((ext[0] << 8) | (ext[1]));
+ ext_size = ((ext[2] << 8) | (ext[3]));
+
+ if (ext_size + 4 > ext_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
+ }
+ switch (ext_id) {
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
case MBEDTLS_TLS_EXT_SERVERNAME:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
- if( ssl->conf->f_sni == NULL )
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found ServerName extension"));
+ if (ssl->conf->f_sni == NULL) {
break;
+ }
- ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
+ ret = ssl_parse_servername_ext(ssl, ext + 4, ext_size);
+ if (ret != 0) {
+ return ret;
+ }
break;
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found renegotiation extension"));
#if defined(MBEDTLS_SSL_RENEGOTIATION)
renegotiation_info_seen = 1;
#endif
- ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
+ ret = ssl_parse_renegotiation_info(ssl, ext + 4, ext_size);
+ if (ret != 0) {
+ return ret;
+ }
break;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
case MBEDTLS_TLS_EXT_SIG_ALG:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found signature_algorithms extension"));
- ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
+ ret = ssl_parse_signature_algorithms_ext(ssl, ext + 4, ext_size);
+ if (ret != 0) {
+ return ret;
+ }
sig_hash_alg_ext_present = 1;
break;
@@ -2009,143 +1902,151 @@
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found supported elliptic curves extension"));
- ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
+ ret = ssl_parse_supported_elliptic_curves(ssl, ext + 4, ext_size);
+ if (ret != 0) {
+ return ret;
+ }
break;
case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found supported point formats extension"));
ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT;
- ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
+ ret = ssl_parse_supported_point_formats(ssl, ext + 4, ext_size);
+ if (ret != 0) {
+ return ret;
+ }
break;
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake kkpp extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found ecjpake kkpp extension"));
- ret = ssl_parse_ecjpake_kkpp( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
+ ret = ssl_parse_ecjpake_kkpp(ssl, ext + 4, ext_size);
+ if (ret != 0) {
+ return ret;
+ }
break;
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found max fragment length extension"));
- ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
+ ret = ssl_parse_max_fragment_length_ext(ssl, ext + 4, ext_size);
+ if (ret != 0) {
+ return ret;
+ }
break;
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found truncated hmac extension"));
- ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
+ ret = ssl_parse_truncated_hmac_ext(ssl, ext + 4, ext_size);
+ if (ret != 0) {
+ return ret;
+ }
break;
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
case MBEDTLS_TLS_EXT_CID:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found CID extension"));
- ret = ssl_parse_cid_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
+ ret = ssl_parse_cid_ext(ssl, ext + 4, ext_size);
+ if (ret != 0) {
+ return ret;
+ }
break;
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found encrypt then mac extension"));
- ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
+ ret = ssl_parse_encrypt_then_mac_ext(ssl, ext + 4, ext_size);
+ if (ret != 0) {
+ return ret;
+ }
break;
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found extended master secret extension"));
- ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
+ ret = ssl_parse_extended_ms_ext(ssl, ext + 4, ext_size);
+ if (ret != 0) {
+ return ret;
+ }
break;
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
case MBEDTLS_TLS_EXT_SESSION_TICKET:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found session ticket extension"));
- ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
+ ret = ssl_parse_session_ticket_ext(ssl, ext + 4, ext_size);
+ if (ret != 0) {
+ return ret;
+ }
break;
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_ALPN)
case MBEDTLS_TLS_EXT_ALPN:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension"));
- ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
+ ret = ssl_parse_alpn_ext(ssl, ext + 4, ext_size);
+ if (ret != 0) {
+ return ret;
+ }
break;
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
case MBEDTLS_TLS_EXT_USE_SRTP:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found use_srtp extension"));
- ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
+ ret = ssl_parse_use_srtp_ext(ssl, ext + 4, ext_size);
+ if (ret != 0) {
+ return ret;
+ }
break;
#endif /* MBEDTLS_SSL_DTLS_SRTP */
default:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %u (ignoring)",
- ext_id ) );
- }
-
- ext_len -= 4 + ext_size;
- ext += 4 + ext_size;
+ MBEDTLS_SSL_DEBUG_MSG(3, ("unknown extension found: %u (ignoring)",
+ ext_id));
}
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
+
+ ext_len -= 4 + ext_size;
+ ext += 4 + ext_size;
}
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+}
#endif
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
- for( i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2 )
- {
- if( MBEDTLS_GET_UINT16_BE( p, 0 ) == MBEDTLS_SSL_FALLBACK_SCSV_VALUE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "received FALLBACK_SCSV" ) );
+ for (i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2) {
+ if (MBEDTLS_GET_UINT16_BE(p, 0) == MBEDTLS_SSL_FALLBACK_SCSV_VALUE) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("received FALLBACK_SCSV"));
- if( ssl->minor_ver < ssl->conf->max_minor_ver )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
+ if (ssl->minor_ver < ssl->conf->max_minor_ver) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("inapropriate fallback"));
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK );
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK);
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
break;
@@ -2160,14 +2061,14 @@
* Try to fall back to default hash SHA1 if the client
* hasn't provided any preferred signature-hash combinations.
*/
- if( sig_hash_alg_ext_present == 0 )
- {
+ if (sig_hash_alg_ext_present == 0) {
mbedtls_md_type_t md_default = MBEDTLS_MD_SHA1;
- if( mbedtls_ssl_check_sig_hash( ssl, md_default ) != 0 )
+ if (mbedtls_ssl_check_sig_hash(ssl, md_default) != 0) {
md_default = MBEDTLS_MD_NONE;
+ }
- mbedtls_ssl_sig_hash_set_const_hash( &ssl->handshake->hash_algs, md_default );
+ mbedtls_ssl_sig_hash_set_const_hash(&ssl->handshake->hash_algs, md_default);
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
@@ -2176,19 +2077,16 @@
/*
* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*/
- for( i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2 )
- {
- if( p[0] == 0 && p[1] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
+ for (i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2) {
+ if (p[0] == 0 && p[1] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("received TLS_EMPTY_RENEGOTIATION_INFO "));
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV "
- "during renegotiation" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("received RENEGOTIATION SCSV "
+ "during renegotiation"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
#endif
ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
@@ -2199,41 +2097,34 @@
/*
* Renegotiation security checks
*/
- if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION &&
- ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
+ if (ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION &&
+ ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation, breaking off handshake"));
handshake_failure = 1;
}
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+ else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION &&
- renegotiation_info_seen == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) );
+ renegotiation_info_seen == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation_info extension missing (secure)"));
handshake_failure = 1;
- }
- else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
- ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
- ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
+ } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+ ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+ ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation not allowed"));
handshake_failure = 1;
- }
- else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
- ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
- renegotiation_info_seen == 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) );
+ } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+ ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+ renegotiation_info_seen == 1) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation_info extension present (legacy)"));
handshake_failure = 1;
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
- if( handshake_failure == 1 )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if (handshake_failure == 1) {
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
/*
@@ -2245,57 +2136,60 @@
ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
ciphersuite_info = NULL;
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
- for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
- for( i = 0; ciphersuites[i] != 0; i++ )
- {
- if( MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i] )
+ for (j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2) {
+ for (i = 0; ciphersuites[i] != 0; i++) {
+ if (MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i]) {
continue;
+ }
got_common_suite = 1;
- if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
- &ciphersuite_info ) ) != 0 )
- return( ret );
+ if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i],
+ &ciphersuite_info)) != 0) {
+ return ret;
+ }
- if( ciphersuite_info != NULL )
+ if (ciphersuite_info != NULL) {
goto have_ciphersuite;
+ }
}
+ }
#else
- for( i = 0; ciphersuites[i] != 0; i++ )
- for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
- {
- if( MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i] )
+ for (i = 0; ciphersuites[i] != 0; i++) {
+ for (j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2) {
+ if (MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i]) {
continue;
+ }
got_common_suite = 1;
- if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
- &ciphersuite_info ) ) != 0 )
- return( ret );
+ if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i],
+ &ciphersuite_info)) != 0) {
+ return ret;
+ }
- if( ciphersuite_info != NULL )
+ if (ciphersuite_info != NULL) {
goto have_ciphersuite;
+ }
}
+ }
#endif
- if( got_common_suite )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, "
- "but none of them usable" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE );
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN );
+ if (got_common_suite) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("got ciphersuites in common, "
+ "but none of them usable"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE;
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("got no ciphersuites in common"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+ return MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN;
}
have_ciphersuite:
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %s", ciphersuite_info->name));
ssl->session_negotiate->ciphersuite = ciphersuites[i];
ssl->handshake->ciphersuite_info = ciphersuite_info;
@@ -2303,53 +2197,49 @@
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- mbedtls_ssl_recv_flight_completed( ssl );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ mbedtls_ssl_recv_flight_completed(ssl);
+ }
#endif
/* Debugging-only output for testsuite */
#if defined(MBEDTLS_DEBUG_C) && \
defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg( ciphersuite_info );
- if( sig_alg != MBEDTLS_PK_NONE )
- {
- mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
- sig_alg );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",
- mbedtls_ssl_hash_from_md_alg( md_alg ) ) );
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
- "%u - should not happen", (unsigned) sig_alg ) );
+ if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) {
+ mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg(ciphersuite_info);
+ if (sig_alg != MBEDTLS_PK_NONE) {
+ mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find(&ssl->handshake->hash_algs,
+ sig_alg);
+ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext: %d",
+ mbedtls_ssl_hash_from_md_alg(md_alg)));
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("no hash algorithm for signature algorithm "
+ "%u - should not happen", (unsigned) sig_alg));
}
}
#endif
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client hello" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client hello"));
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static void ssl_write_truncated_hmac_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen)
{
unsigned char *p = buf;
- if( ssl->session_negotiate->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
- {
+ if (ssl->session_negotiate->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED) {
*olen = 0;
return;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding truncated hmac extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding truncated hmac extension"));
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_TRUNCATED_HMAC, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_TRUNCATED_HMAC, p, 0);
p += 2;
*p++ = 0x00;
@@ -2360,9 +2250,9 @@
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static void ssl_write_cid_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen)
{
unsigned char *p = buf;
size_t ext_len;
@@ -2372,18 +2262,18 @@
/* Skip writing the extension if we don't want to use it or if
* the client hasn't offered it. */
- if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED )
- return;
-
- /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX
- * which is at most 255, so the increment cannot overflow. */
- if( end < p || (size_t)( end - p ) < (unsigned)( ssl->own_cid_len + 5 ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED) {
return;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding CID extension" ) );
+ /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX
+ * which is at most 255, so the increment cannot overflow. */
+ if (end < p || (size_t) (end - p) < (unsigned) (ssl->own_cid_len + 5)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small"));
+ return;
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding CID extension"));
/*
* Quoting draft-ietf-tls-dtls-connection-id-05
@@ -2392,31 +2282,32 @@
* struct {
* opaque cid<0..2^8-1>;
* } ConnectionId;
- */
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_CID, p, 0 );
+ */
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_CID, p, 0);
p += 2;
ext_len = (size_t) ssl->own_cid_len + 1;
- MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(ext_len, p, 0);
p += 2;
*p++ = (uint8_t) ssl->own_cid_len;
- memcpy( p, ssl->own_cid, ssl->own_cid_len );
+ memcpy(p, ssl->own_cid, ssl->own_cid_len);
*olen = ssl->own_cid_len + 5;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static void ssl_write_encrypt_then_mac_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen)
{
unsigned char *p = buf;
const mbedtls_ssl_ciphersuite_t *suite = NULL;
const mbedtls_cipher_info_t *cipher = NULL;
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+ if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) {
ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED;
+ }
/*
* RFC 7366: "If a server receives an encrypt-then-MAC request extension
@@ -2424,23 +2315,21 @@
* with Associated Data (AEAD) ciphersuite, it MUST NOT send an
* encrypt-then-MAC response extension back to the client."
*/
- if( ( suite = mbedtls_ssl_ciphersuite_from_id(
- ssl->session_negotiate->ciphersuite ) ) == NULL ||
- ( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL ||
- cipher->mode != MBEDTLS_MODE_CBC )
- {
+ if ((suite = mbedtls_ssl_ciphersuite_from_id(
+ ssl->session_negotiate->ciphersuite)) == NULL ||
+ (cipher = mbedtls_cipher_info_from_type(suite->cipher)) == NULL ||
+ cipher->mode != MBEDTLS_MODE_CBC) {
ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED;
}
- if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED )
- {
+ if (ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED) {
*olen = 0;
return;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding encrypt then mac extension"));
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0);
p += 2;
*p++ = 0x00;
@@ -2451,23 +2340,22 @@
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static void ssl_write_extended_ms_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen)
{
unsigned char *p = buf;
- if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
- ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
- {
+ if (ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
+ ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) {
*olen = 0;
return;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret "
- "extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding extended master secret "
+ "extension"));
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0);
p += 2;
*p++ = 0x00;
@@ -2478,21 +2366,20 @@
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static void ssl_write_session_ticket_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen)
{
unsigned char *p = buf;
- if( ssl->handshake->new_session_ticket == 0 )
- {
+ if (ssl->handshake->new_session_ticket == 0) {
*olen = 0;
return;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding session ticket extension"));
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0);
p += 2;
*p++ = 0x00;
@@ -2502,36 +2389,33 @@
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static void ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen)
{
unsigned char *p = buf;
- if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION )
- {
+ if (ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION) {
*olen = 0;
return;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, secure renegotiation extension"));
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0);
p += 2;
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
- {
+ if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
*p++ = 0x00;
- *p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF;
+ *p++ = (ssl->verify_data_len * 2 + 1) & 0xFF;
*p++ = ssl->verify_data_len * 2 & 0xFF;
- memcpy( p, ssl->peer_verify_data, ssl->verify_data_len );
+ memcpy(p, ssl->peer_verify_data, ssl->verify_data_len);
p += ssl->verify_data_len;
- memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
+ memcpy(p, ssl->own_verify_data, ssl->verify_data_len);
p += ssl->verify_data_len;
- }
- else
+ } else
#endif /* MBEDTLS_SSL_RENEGOTIATION */
{
*p++ = 0x00;
@@ -2543,21 +2427,20 @@
}
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static void ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen)
{
unsigned char *p = buf;
- if( ssl->session_negotiate->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE )
- {
+ if (ssl->session_negotiate->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE) {
*olen = 0;
return;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, max_fragment_length extension"));
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0);
p += 2;
*p++ = 0x00;
@@ -2571,23 +2454,22 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen)
{
unsigned char *p = buf;
((void) ssl);
- if( ( ssl->handshake->cli_exts &
- MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT ) == 0 )
- {
+ if ((ssl->handshake->cli_exts &
+ MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT) == 0) {
*olen = 0;
return;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, supported_point_formats extension"));
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0);
p += 2;
*p++ = 0x00;
@@ -2601,9 +2483,9 @@
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static void ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
@@ -2613,48 +2495,46 @@
*olen = 0;
/* Skip costly computation if not needed */
- if( ssl->handshake->ciphersuite_info->key_exchange !=
- MBEDTLS_KEY_EXCHANGE_ECJPAKE )
- return;
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, ecjpake kkpp extension" ) );
-
- if( end - p < 4 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ if (ssl->handshake->ciphersuite_info->key_exchange !=
+ MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
return;
}
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0 );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, ecjpake kkpp extension"));
+
+ if (end - p < 4) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small"));
+ return;
+ }
+
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0);
p += 2;
- ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
- p + 2, end - p - 2, &kkpp_len,
- ssl->conf->f_rng, ssl->conf->p_rng );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret );
+ ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx,
+ p + 2, end - p - 2, &kkpp_len,
+ ssl->conf->f_rng, ssl->conf->p_rng);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_one", ret);
return;
}
- MBEDTLS_PUT_UINT16_BE( kkpp_len, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(kkpp_len, p, 0);
p += 2;
*olen = kkpp_len + 4;
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-#if defined(MBEDTLS_SSL_ALPN )
-static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf, size_t *olen )
+#if defined(MBEDTLS_SSL_ALPN)
+static void ssl_write_alpn_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf, size_t *olen)
{
- if( ssl->alpn_chosen == NULL )
- {
+ if (ssl->alpn_chosen == NULL) {
*olen = 0;
return;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding alpn extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding alpn extension"));
/*
* 0 . 1 ext identifier
@@ -2663,24 +2543,24 @@
* 6 . 6 protocol name length
* 7 . 7+n protocol name
*/
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, buf, 0);
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ALPN, buf, 0);
- *olen = 7 + strlen( ssl->alpn_chosen );
+ *olen = 7 + strlen(ssl->alpn_chosen);
- MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 );
+ MBEDTLS_PUT_UINT16_BE(*olen - 4, buf, 2);
- MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 );
+ MBEDTLS_PUT_UINT16_BE(*olen - 6, buf, 4);
- buf[6] = MBEDTLS_BYTE_0( *olen - 7 );
+ buf[6] = MBEDTLS_BYTE_0(*olen - 7);
- memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 );
+ memcpy(buf + 7, ssl->alpn_chosen, *olen - 7);
}
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
-#if defined(MBEDTLS_SSL_DTLS_SRTP ) && defined(MBEDTLS_SSL_PROTO_DTLS)
-static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+#if defined(MBEDTLS_SSL_DTLS_SRTP) && defined(MBEDTLS_SSL_PROTO_DTLS)
+static void ssl_write_use_srtp_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen)
{
size_t mki_len = 0, ext_len = 0;
uint16_t profile_value = 0;
@@ -2688,16 +2568,14 @@
*olen = 0;
- if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ||
- ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) )
- {
+ if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
+ (ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET)) {
return;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding use_srtp extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding use_srtp extension"));
- if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED )
- {
+ if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) {
mki_len = ssl->dtls_srtp_info.mki_len;
}
@@ -2709,38 +2587,34 @@
* - 1 byte for the mki length
* + the actual mki length
* Check we have enough room in the output buffer */
- if( (size_t)( end - buf ) < mki_len + 9 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ if ((size_t) (end - buf) < mki_len + 9) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small"));
return;
}
/* extension */
- MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, buf, 0 );
+ MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, buf, 0);
/*
* total length 5 and mki value: only one profile(2 bytes)
* and length(2 bytes) and srtp_mki )
*/
ext_len = 5 + mki_len;
- MBEDTLS_PUT_UINT16_BE( ext_len, buf, 2 );
+ MBEDTLS_PUT_UINT16_BE(ext_len, buf, 2);
/* protection profile length: 2 */
buf[4] = 0x00;
buf[5] = 0x02;
profile_value = mbedtls_ssl_check_srtp_profile_value(
- ssl->dtls_srtp_info.chosen_dtls_srtp_profile );
- if( profile_value != MBEDTLS_TLS_SRTP_UNSET )
- {
- MBEDTLS_PUT_UINT16_BE( profile_value, buf, 6 );
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "use_srtp extension invalid profile" ) );
+ ssl->dtls_srtp_info.chosen_dtls_srtp_profile);
+ if (profile_value != MBEDTLS_TLS_SRTP_UNSET) {
+ MBEDTLS_PUT_UINT16_BE(profile_value, buf, 6);
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("use_srtp extension invalid profile"));
return;
}
buf[8] = mki_len & 0xFF;
- memcpy( &buf[9], ssl->dtls_srtp_info.mki_value, mki_len );
+ memcpy(&buf[9], ssl->dtls_srtp_info.mki_value, mki_len);
*olen = 9 + mki_len;
}
@@ -2748,13 +2622,13 @@
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
+static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = ssl->out_msg + 4;
unsigned char *cookie_len_byte;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello verify request" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write hello verify request"));
/*
* struct {
@@ -2765,32 +2639,30 @@
/* The RFC is not clear on this point, but sending the actual negotiated
* version looks like the most interoperable thing to do. */
- mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
- ssl->conf->transport, p );
- MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
+ mbedtls_ssl_write_version(ssl->major_ver, ssl->minor_ver,
+ ssl->conf->transport, p);
+ MBEDTLS_SSL_DEBUG_BUF(3, "server version", p, 2);
p += 2;
/* If we get here, f_cookie_check is not null */
- if( ssl->conf->f_cookie_write == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "inconsistent cookie callbacks" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (ssl->conf->f_cookie_write == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("inconsistent cookie callbacks"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
/* Skip length byte until we know the length */
cookie_len_byte = p++;
- if( ( ret = ssl->conf->f_cookie_write( ssl->conf->p_cookie,
- &p, ssl->out_buf + MBEDTLS_SSL_OUT_BUFFER_LEN,
- ssl->cli_id, ssl->cli_id_len ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "f_cookie_write", ret );
- return( ret );
+ if ((ret = ssl->conf->f_cookie_write(ssl->conf->p_cookie,
+ &p, ssl->out_buf + MBEDTLS_SSL_OUT_BUFFER_LEN,
+ ssl->cli_id, ssl->cli_id_len)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "f_cookie_write", ret);
+ return ret;
}
- *cookie_len_byte = (unsigned char)( p - ( cookie_len_byte + 1 ) );
+ *cookie_len_byte = (unsigned char) (p - (cookie_len_byte + 1));
- MBEDTLS_SSL_DEBUG_BUF( 3, "cookie sent", cookie_len_byte + 1, *cookie_len_byte );
+ MBEDTLS_SSL_DEBUG_BUF(3, "cookie sent", cookie_len_byte + 1, *cookie_len_byte);
ssl->out_msglen = p - ssl->out_msg;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
@@ -2798,28 +2670,26 @@
ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT;
- if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+ return ret;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
- return( ret );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret);
+ return ret;
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello verify request" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write hello verify request"));
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
-static void ssl_handle_id_based_session_resumption( mbedtls_ssl_context *ssl )
+static void ssl_handle_id_based_session_resumption(mbedtls_ssl_context *ssl)
{
int ret;
mbedtls_ssl_session session_tmp;
@@ -2827,49 +2697,53 @@
/* Resume is 0 by default, see ssl_handshake_init().
* It may be already set to 1 by ssl_parse_session_ticket_ext(). */
- if( ssl->handshake->resume == 1 )
+ if (ssl->handshake->resume == 1) {
return;
- if( session->id_len == 0 )
+ }
+ if (session->id_len == 0) {
return;
- if( ssl->conf->f_get_cache == NULL )
+ }
+ if (ssl->conf->f_get_cache == NULL) {
return;
+ }
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
+ if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
return;
+ }
#endif
- mbedtls_ssl_session_init( &session_tmp );
+ mbedtls_ssl_session_init(&session_tmp);
session_tmp.id_len = session->id_len;
- memcpy( session_tmp.id, session->id, session->id_len );
+ memcpy(session_tmp.id, session->id, session->id_len);
- ret = ssl->conf->f_get_cache( ssl->conf->p_cache,
- &session_tmp );
- if( ret != 0 )
+ ret = ssl->conf->f_get_cache(ssl->conf->p_cache,
+ &session_tmp);
+ if (ret != 0) {
goto exit;
+ }
- if( session->ciphersuite != session_tmp.ciphersuite ||
- session->compression != session_tmp.compression )
- {
+ if (session->ciphersuite != session_tmp.ciphersuite ||
+ session->compression != session_tmp.compression) {
/* Mismatch between cached and negotiated session */
goto exit;
}
/* Move semantics */
- mbedtls_ssl_session_free( session );
+ mbedtls_ssl_session_free(session);
*session = session_tmp;
- memset( &session_tmp, 0, sizeof( session_tmp ) );
+ memset(&session_tmp, 0, sizeof(session_tmp));
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("session successfully restored from cache"));
ssl->handshake->resume = 1;
exit:
- mbedtls_ssl_session_free( &session_tmp );
+ mbedtls_ssl_session_free(&session_tmp);
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
+static int ssl_write_server_hello(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t t;
@@ -2878,23 +2752,21 @@
size_t olen, ext_len = 0, n;
unsigned char *buf, *p;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server hello"));
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->handshake->verify_cookie_len != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello was not authenticated" ) );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl->handshake->verify_cookie_len != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("client hello was not authenticated"));
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello"));
- return( ssl_write_hello_verify_request( ssl ) );
+ return ssl_write_hello_verify_request(ssl);
}
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
- if( ssl->conf->f_rng == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") );
- return( MBEDTLS_ERR_SSL_NO_RNG );
+ if (ssl->conf->f_rng == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided"));
+ return MBEDTLS_ERR_SSL_NO_RNG;
}
/*
@@ -2907,40 +2779,41 @@
buf = ssl->out_msg;
p = buf + 4;
- mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
- ssl->conf->transport, p );
+ mbedtls_ssl_write_version(ssl->major_ver, ssl->minor_ver,
+ ssl->conf->transport, p);
p += 2;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
- buf[4], buf[5] ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen version: [%d:%d]",
+ buf[4], buf[5]));
#if defined(MBEDTLS_HAVE_TIME)
- t = mbedtls_time( NULL );
- MBEDTLS_PUT_UINT32_BE( t, p, 0 );
+ t = mbedtls_time(NULL);
+ MBEDTLS_PUT_UINT32_BE(t, p, 0);
p += 4;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
- (long long) t ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
+ (long long) t));
#else
- if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
- return( ret );
+ if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 4)) != 0) {
+ return ret;
+ }
p += 4;
#endif /* MBEDTLS_HAVE_TIME */
- if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 )
- return( ret );
+ if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 28)) != 0) {
+ return ret;
+ }
p += 28;
- memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 );
+ memcpy(ssl->handshake->randbytes + 32, buf + 6, 32);
- MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 );
+ MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", buf + 6, 32);
- ssl_handle_id_based_session_resumption( ssl );
+ ssl_handle_id_based_session_resumption(ssl);
- if( ssl->handshake->resume == 0 )
- {
+ if (ssl->handshake->resume == 0) {
/*
* New session, create a new session id,
* unless we're about to issue a session ticket
@@ -2948,36 +2821,32 @@
ssl->state++;
#if defined(MBEDTLS_HAVE_TIME)
- ssl->session_negotiate->start = mbedtls_time( NULL );
+ ssl->session_negotiate->start = mbedtls_time(NULL);
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- if( ssl->handshake->new_session_ticket != 0 )
- {
+ if (ssl->handshake->new_session_ticket != 0) {
ssl->session_negotiate->id_len = n = 0;
- memset( ssl->session_negotiate->id, 0, 32 );
- }
- else
+ memset(ssl->session_negotiate->id, 0, 32);
+ } else
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
{
ssl->session_negotiate->id_len = n = 32;
- if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id,
- n ) ) != 0 )
- return( ret );
+ if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, ssl->session_negotiate->id,
+ n)) != 0) {
+ return ret;
+ }
}
- }
- else
- {
+ } else {
/*
* Resuming a session
*/
n = ssl->session_negotiate->id_len;
ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
- if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret);
+ return ret;
}
}
@@ -2990,136 +2859,132 @@
* 44+n . 43+n+m extensions
*/
*p++ = (unsigned char) ssl->session_negotiate->id_len;
- memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
+ memcpy(p, ssl->session_negotiate->id, ssl->session_negotiate->id_len);
p += ssl->session_negotiate->id_len;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
- MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
- ssl->handshake->resume ? "a" : "no" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n));
+ MBEDTLS_SSL_DEBUG_BUF(3, "server hello, session id", buf + 39, n);
+ MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed",
+ ssl->handshake->resume ? "a" : "no"));
- MBEDTLS_PUT_UINT16_BE( ssl->session_negotiate->ciphersuite, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(ssl->session_negotiate->ciphersuite, p, 0);
p += 2;
- *p++ = MBEDTLS_BYTE_0( ssl->session_negotiate->compression );
+ *p++ = MBEDTLS_BYTE_0(ssl->session_negotiate->compression);
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
- mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
- (unsigned int) ssl->session_negotiate->compression ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: %s",
+ mbedtls_ssl_get_ciphersuite_name(ssl->session_negotiate->ciphersuite)));
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, compress alg.: 0x%02X",
+ (unsigned int) ssl->session_negotiate->compression));
/* Do not write the extensions if the protocol is SSLv3 */
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
- {
+ if ((ssl->major_ver != 3) || (ssl->minor_ver != 0)) {
#endif
/*
* First write extensions, then the total length
*/
- ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
+ ssl_write_renegotiation_ext(ssl, p + 2 + ext_len, &olen);
ext_len += olen;
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
+ ssl_write_max_fragment_length_ext(ssl, p + 2 + ext_len, &olen);
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
+ ssl_write_truncated_hmac_ext(ssl, p + 2 + ext_len, &olen);
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen );
+ ssl_write_cid_ext(ssl, p + 2 + ext_len, &olen);
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen );
+ ssl_write_encrypt_then_mac_ext(ssl, p + 2 + ext_len, &olen);
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen );
+ ssl_write_extended_ms_ext(ssl, p + 2 + ext_len, &olen);
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
+ ssl_write_session_ticket_ext(ssl, p + 2 + ext_len, &olen);
ext_len += olen;
#endif
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- if ( mbedtls_ssl_ciphersuite_uses_ec(
- mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ) ) )
- {
- ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
+ if (mbedtls_ssl_ciphersuite_uses_ec(
+ mbedtls_ssl_ciphersuite_from_id(ssl->session_negotiate->ciphersuite))) {
+ ssl_write_supported_point_formats_ext(ssl, p + 2 + ext_len, &olen);
ext_len += olen;
}
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen );
+ ssl_write_ecjpake_kkpp_ext(ssl, p + 2 + ext_len, &olen);
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_ALPN)
- ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
+ ssl_write_alpn_ext(ssl, p + 2 + ext_len, &olen);
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen );
+ ssl_write_use_srtp_ext(ssl, p + 2 + ext_len, &olen);
ext_len += olen;
#endif
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
- ext_len ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
+ ext_len));
- if( ext_len > 0 )
- {
- MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
+ if (ext_len > 0) {
+ MBEDTLS_PUT_UINT16_BE(ext_len, p, 0);
p += 2 + ext_len;
}
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- }
+}
#endif
ssl->out_msglen = p - buf;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO;
- ret = mbedtls_ssl_write_handshake_msg( ssl );
+ ret = mbedtls_ssl_write_handshake_msg(ssl);
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello"));
- return( ret );
+ return ret;
}
#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
+static int ssl_write_certificate_request(mbedtls_ssl_context *ssl)
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request"));
- if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
+ if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request"));
ssl->state++;
- return( 0 );
+ return 0;
}
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
+static int ssl_write_certificate_request(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
@@ -3131,22 +2996,21 @@
const mbedtls_x509_crt *crt;
int authmode;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request"));
ssl->state++;
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET )
+ if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) {
authmode = ssl->handshake->sni_authmode;
- else
+ } else
#endif
- authmode = ssl->conf->authmode;
+ authmode = ssl->conf->authmode;
- if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ||
- authmode == MBEDTLS_SSL_VERIFY_NONE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
- return( 0 );
+ if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info) ||
+ authmode == MBEDTLS_SSL_VERIFY_NONE) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request"));
+ return 0;
}
/*
@@ -3197,19 +3061,18 @@
* enum { (255) } HashAlgorithm;
* enum { (255) } SignatureAlgorithm;
*/
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
+ if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) {
const int *cur;
/*
* Supported signature algorithms
*/
- for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
- {
- unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur );
+ for (cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++) {
+ unsigned char hash = mbedtls_ssl_hash_from_md_alg(*cur);
- if( MBEDTLS_SSL_HASH_NONE == hash || mbedtls_ssl_set_calc_verify_md( ssl, hash ) )
+ if (MBEDTLS_SSL_HASH_NONE == hash || mbedtls_ssl_set_calc_verify_md(ssl, hash)) {
continue;
+ }
#if defined(MBEDTLS_RSA_C)
p[2 + sa_len++] = hash;
@@ -3221,7 +3084,7 @@
#endif
}
- MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(sa_len, p, 0);
sa_len += 2;
p += sa_len;
}
@@ -3235,38 +3098,35 @@
total_dn_size = 0;
- if( ssl->conf->cert_req_ca_list == MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED )
- {
+ if (ssl->conf->cert_req_ca_list == MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED) {
/* NOTE: If trusted certificates are provisioned
* via a CA callback (configured through
* `mbedtls_ssl_conf_ca_cb()`, then the
* CertificateRequest is currently left empty. */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- if( ssl->handshake->sni_ca_chain != NULL )
+ if (ssl->handshake->sni_ca_chain != NULL) {
crt = ssl->handshake->sni_ca_chain;
- else
+ } else
#endif
- crt = ssl->conf->ca_chain;
+ crt = ssl->conf->ca_chain;
- while( crt != NULL && crt->version != 0 )
- {
+ while (crt != NULL && crt->version != 0) {
/* It follows from RFC 5280 A.1 that this length
* can be represented in at most 11 bits. */
dn_size = (uint16_t) crt->subject_raw.len;
- if( end < p || (size_t)( end - p ) < 2 + (size_t) dn_size )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
+ if (end < p || (size_t) (end - p) < 2 + (size_t) dn_size) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("skipping CAs: buffer too short"));
break;
}
- MBEDTLS_PUT_UINT16_BE( dn_size, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(dn_size, p, 0);
p += 2;
- memcpy( p, crt->subject_raw.p, dn_size );
+ memcpy(p, crt->subject_raw.p, dn_size);
p += dn_size;
- MBEDTLS_SSL_DEBUG_BUF( 3, "requested DN", p - dn_size, dn_size );
+ MBEDTLS_SSL_DEBUG_BUF(3, "requested DN", p - dn_size, dn_size);
total_dn_size += 2 + dn_size;
crt = crt->next;
@@ -3276,42 +3136,40 @@
ssl->out_msglen = p - buf;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST;
- MBEDTLS_PUT_UINT16_BE( total_dn_size, ssl->out_msg, 4 + ct_len + sa_len );
+ MBEDTLS_PUT_UINT16_BE(total_dn_size, ssl->out_msg, 4 + ct_len + sa_len);
- ret = mbedtls_ssl_write_handshake_msg( ssl );
+ ret = mbedtls_ssl_write_handshake_msg(ssl);
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate request"));
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
+static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_pk_context *own_key = mbedtls_ssl_own_key( ssl );
+ mbedtls_pk_context *own_key = mbedtls_ssl_own_key(ssl);
/* Check if the key is a transparent ECDH key.
* This also ensures that it is safe to call mbedtls_pk_ec(). */
- if( mbedtls_pk_get_type( own_key ) != MBEDTLS_PK_ECKEY &&
- mbedtls_pk_get_type( own_key ) != MBEDTLS_PK_ECKEY_DH )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
- return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
+ if (mbedtls_pk_get_type(own_key) != MBEDTLS_PK_ECKEY &&
+ mbedtls_pk_get_type(own_key) != MBEDTLS_PK_ECKEY_DH) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable"));
+ return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
}
- if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx,
- mbedtls_pk_ec( *own_key ),
- MBEDTLS_ECDH_OURS ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret );
- return( ret );
+ if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx,
+ mbedtls_pk_ec(*own_key),
+ MBEDTLS_ECDH_OURS)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret);
+ return ret;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
@@ -3319,8 +3177,8 @@
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \
defined(MBEDTLS_SSL_ASYNC_PRIVATE)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
- size_t *signature_len )
+static int ssl_resume_server_key_exchange(mbedtls_ssl_context *ssl,
+ size_t *signature_len)
{
/* Append the signature to ssl->out_msg, leaving 2 bytes for the
* signature length which will be added in ssl_write_server_key_exchange
@@ -3328,17 +3186,16 @@
* ssl_write_server_key_exchange also takes care of incrementing
* ssl->out_msglen. */
unsigned char *sig_start = ssl->out_msg + ssl->out_msglen + 2;
- size_t sig_max_len = ( ssl->out_buf + MBEDTLS_SSL_OUT_CONTENT_LEN
- - sig_start );
- int ret = ssl->conf->f_async_resume( ssl,
- sig_start, signature_len, sig_max_len );
- if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
- {
+ size_t sig_max_len = (ssl->out_buf + MBEDTLS_SSL_OUT_CONTENT_LEN
+ - sig_start);
+ int ret = ssl->conf->f_async_resume(ssl,
+ sig_start, signature_len, sig_max_len);
+ if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) {
ssl->handshake->async_in_progress = 0;
- mbedtls_ssl_set_async_operation_data( ssl, NULL );
+ mbedtls_ssl_set_async_operation_data(ssl, NULL);
}
- MBEDTLS_SSL_DEBUG_RET( 2, "ssl_resume_server_key_exchange", ret );
- return( ret );
+ MBEDTLS_SSL_DEBUG_RET(2, "ssl_resume_server_key_exchange", ret);
+ return ret;
}
#endif /* defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) &&
defined(MBEDTLS_SSL_ASYNC_PRIVATE) */
@@ -3347,8 +3204,8 @@
* calculating the signature if any, but excluding formatting the
* signature and sending the message. */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
- size_t *signature_len )
+static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl,
+ size_t *signature_len)
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
@@ -3376,8 +3233,7 @@
* - ECJPAKE key exchanges
*/
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
- {
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
@@ -3385,11 +3241,10 @@
&ssl->handshake->ecjpake_ctx,
ssl->out_msg + ssl->out_msglen,
MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, &len,
- ssl->conf->f_rng, ssl->conf->p_rng );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
- return( ret );
+ ssl->conf->f_rng, ssl->conf->p_rng);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_two", ret);
+ return ret;
}
ssl->out_msglen += len;
@@ -3403,9 +3258,8 @@
**/
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
- {
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
ssl->out_msg[ssl->out_msglen++] = 0x00;
ssl->out_msg[ssl->out_msglen++] = 0x00;
}
@@ -3416,15 +3270,13 @@
* - DHE key exchanges
*/
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
- if( mbedtls_ssl_ciphersuite_uses_dhe( ciphersuite_info ) )
- {
+ if (mbedtls_ssl_ciphersuite_uses_dhe(ciphersuite_info)) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- if( ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "no DH parameters set" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("no DH parameters set"));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
/*
@@ -3436,22 +3288,20 @@
* opaque dh_Ys<1..2^16-1>;
* } ServerDHParams;
*/
- if( ( ret = mbedtls_dhm_set_group( &ssl->handshake->dhm_ctx,
- &ssl->conf->dhm_P,
- &ssl->conf->dhm_G ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_set_group", ret );
- return( ret );
+ if ((ret = mbedtls_dhm_set_group(&ssl->handshake->dhm_ctx,
+ &ssl->conf->dhm_P,
+ &ssl->conf->dhm_G)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_set_group", ret);
+ return ret;
}
- if( ( ret = mbedtls_dhm_make_params(
- &ssl->handshake->dhm_ctx,
- (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
- ssl->out_msg + ssl->out_msglen, &len,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_params", ret );
- return( ret );
+ if ((ret = mbedtls_dhm_make_params(
+ &ssl->handshake->dhm_ctx,
+ (int) mbedtls_mpi_size(&ssl->handshake->dhm_ctx.P),
+ ssl->out_msg + ssl->out_msglen, &len,
+ ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_params", ret);
+ return ret;
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
@@ -3460,10 +3310,10 @@
ssl->out_msglen += len;
- MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X );
- MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P );
- MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G );
- MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
+ MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X);
+ MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P);
+ MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G);
+ MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX);
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED */
@@ -3471,8 +3321,7 @@
* - ECDHE key exchanges
*/
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
- if( mbedtls_ssl_ciphersuite_uses_ecdhe( ciphersuite_info ) )
- {
+ if (mbedtls_ssl_ciphersuite_uses_ecdhe(ciphersuite_info)) {
/*
* Ephemeral ECDH parameters:
*
@@ -3487,35 +3336,35 @@
size_t len = 0;
/* Match our preference list against the offered curves */
- for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
- for( curve = ssl->handshake->curves; *curve != NULL; curve++ )
- if( (*curve)->grp_id == *gid )
+ for (gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++) {
+ for (curve = ssl->handshake->curves; *curve != NULL; curve++) {
+ if ((*curve)->grp_id == *gid) {
goto curve_matching_done;
+ }
+ }
+ }
curve_matching_done:
- if( curve == NULL || *curve == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "no matching curve for ECDHE" ) );
- return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN );
+ if (curve == NULL || *curve == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("no matching curve for ECDHE"));
+ return MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s", (*curve)->name ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("ECDHE curve: %s", (*curve)->name));
- if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx,
- (*curve)->grp_id ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret );
- return( ret );
+ if ((ret = mbedtls_ecdh_setup(&ssl->handshake->ecdh_ctx,
+ (*curve)->grp_id)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecp_group_load", ret);
+ return ret;
}
- if( ( ret = mbedtls_ecdh_make_params(
- &ssl->handshake->ecdh_ctx, &len,
- ssl->out_msg + ssl->out_msglen,
- MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret );
- return( ret );
+ if ((ret = mbedtls_ecdh_make_params(
+ &ssl->handshake->ecdh_ctx, &len,
+ ssl->out_msg + ssl->out_msglen,
+ MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen,
+ ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_params", ret);
+ return ret;
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
@@ -3524,8 +3373,8 @@
ssl->out_msglen += len;
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Q );
+ MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_Q);
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */
@@ -3536,8 +3385,7 @@
*
*/
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
- if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
- {
+ if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) {
size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed;
size_t hashlen = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -3560,31 +3408,26 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
mbedtls_pk_type_t sig_alg =
- mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
+ mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info);
+ if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) {
/* A: For TLS 1.2, obey signature-hash-algorithm extension
* (RFC 5246, Sec. 7.4.1.4.1). */
- if( sig_alg == MBEDTLS_PK_NONE ||
- ( md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
- sig_alg ) ) == MBEDTLS_MD_NONE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ if (sig_alg == MBEDTLS_PK_NONE ||
+ (md_alg = mbedtls_ssl_sig_hash_set_find(&ssl->handshake->hash_algs,
+ sig_alg)) == MBEDTLS_MD_NONE) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
/* (... because we choose a cipher suite
* only if there is a matching hash.) */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- }
- else
+ } else
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
- {
+ defined(MBEDTLS_SSL_PROTO_TLS1_1)
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) {
/* B: Default hash SHA1 */
md_alg = MBEDTLS_MD_SHA1;
- }
- else
+ } else
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
MBEDTLS_SSL_PROTO_TLS1_1 */
{
@@ -3592,52 +3435,49 @@
md_alg = MBEDTLS_MD_NONE;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", (unsigned) md_alg ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("pick hash algorithm %u for signing", (unsigned) md_alg));
/*
* 2.2: Compute the hash to be signed
*/
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( md_alg == MBEDTLS_MD_NONE )
- {
+ defined(MBEDTLS_SSL_PROTO_TLS1_1)
+ if (md_alg == MBEDTLS_MD_NONE) {
hashlen = 36;
- ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash,
- dig_signed,
- dig_signed_len );
- if( ret != 0 )
- return( ret );
- }
- else
+ ret = mbedtls_ssl_get_key_exchange_md_ssl_tls(ssl, hash,
+ dig_signed,
+ dig_signed_len);
+ if (ret != 0) {
+ return ret;
+ }
+ } else
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
MBEDTLS_SSL_PROTO_TLS1_1 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( md_alg != MBEDTLS_MD_NONE )
- {
- ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
- dig_signed,
- dig_signed_len,
- md_alg );
- if( ret != 0 )
- return( ret );
- }
- else
+ defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if (md_alg != MBEDTLS_MD_NONE) {
+ ret = mbedtls_ssl_get_key_exchange_md_tls1_2(ssl, hash, &hashlen,
+ dig_signed,
+ dig_signed_len,
+ md_alg);
+ if (ret != 0) {
+ return ret;
+ }
+ } else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
MBEDTLS_SSL_PROTO_TLS1_2 */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
+ MBEDTLS_SSL_DEBUG_BUF(3, "parameters hash", hash, hashlen);
/*
* 2.3: Compute and add the signature
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
+ if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) {
/*
* For TLS 1.2, we need to specify signature and hash algorithm
* explicitly through a prefix to the signature.
@@ -3655,40 +3495,37 @@
*/
ssl->out_msg[ssl->out_msglen++] =
- mbedtls_ssl_hash_from_md_alg( md_alg );
+ mbedtls_ssl_hash_from_md_alg(md_alg);
ssl->out_msg[ssl->out_msglen++] =
- mbedtls_ssl_sig_from_pk_alg( sig_alg );
+ mbedtls_ssl_sig_from_pk_alg(sig_alg);
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- if( ssl->conf->f_async_sign_start != NULL )
- {
- ret = ssl->conf->f_async_sign_start( ssl,
- mbedtls_ssl_own_cert( ssl ),
- md_alg, hash, hashlen );
- switch( ret )
- {
- case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH:
- /* act as if f_async_sign was null */
- break;
- case 0:
- ssl->handshake->async_in_progress = 1;
- return( ssl_resume_server_key_exchange( ssl, signature_len ) );
- case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS:
- ssl->handshake->async_in_progress = 1;
- return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
- default:
- MBEDTLS_SSL_DEBUG_RET( 1, "f_async_sign_start", ret );
- return( ret );
+ if (ssl->conf->f_async_sign_start != NULL) {
+ ret = ssl->conf->f_async_sign_start(ssl,
+ mbedtls_ssl_own_cert(ssl),
+ md_alg, hash, hashlen);
+ switch (ret) {
+ case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH:
+ /* act as if f_async_sign was null */
+ break;
+ case 0:
+ ssl->handshake->async_in_progress = 1;
+ return ssl_resume_server_key_exchange(ssl, signature_len);
+ case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS:
+ ssl->handshake->async_in_progress = 1;
+ return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS;
+ default:
+ MBEDTLS_SSL_DEBUG_RET(1, "f_async_sign_start", ret);
+ return ret;
}
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
- if( mbedtls_ssl_own_key( ssl ) == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key" ) );
- return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+ if (mbedtls_ssl_own_key(ssl) == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("got no private key"));
+ return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
}
/* Append the signature to ssl->out_msg, leaving 2 bytes for the
@@ -3696,20 +3533,19 @@
* after the call to ssl_prepare_server_key_exchange.
* ssl_write_server_key_exchange also takes care of incrementing
* ssl->out_msglen. */
- if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ),
- md_alg, hash, hashlen,
- ssl->out_msg + ssl->out_msglen + 2,
- signature_len,
- ssl->conf->f_rng,
- ssl->conf->p_rng ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
- return( ret );
+ if ((ret = mbedtls_pk_sign(mbedtls_ssl_own_key(ssl),
+ md_alg, hash, hashlen,
+ ssl->out_msg + ssl->out_msglen + 2,
+ signature_len,
+ ssl->conf->f_rng,
+ ssl->conf->p_rng)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
+ return ret;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
- return( 0 );
+ return 0;
}
/* Prepare the ServerKeyExchange message and send it. For ciphersuites
@@ -3717,41 +3553,38 @@
* way, if successful, move on to the next step in the SSL state
* machine. */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
+static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t signature_len = 0;
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->handshake->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server key exchange"));
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
/* Extract static ECDH parameters and abort if ServerKeyExchange
* is not needed. */
- if( mbedtls_ssl_ciphersuite_no_pfs( ciphersuite_info ) )
- {
+ if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) {
/* For suites involving ECDH, extract DH parameters
* from certificate at this point. */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
- if( mbedtls_ssl_ciphersuite_uses_ecdh( ciphersuite_info ) )
- {
- ret = ssl_get_ecdh_params_from_cert( ssl );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret );
- return( ret );
+ if (mbedtls_ssl_ciphersuite_uses_ecdh(ciphersuite_info)) {
+ ret = ssl_get_ecdh_params_from_cert(ssl);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret);
+ return ret;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
/* Key exchanges not involving ephemeral keys don't use
* ServerKeyExchange, so end here. */
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write server key exchange"));
ssl->state++;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
@@ -3759,44 +3592,41 @@
defined(MBEDTLS_SSL_ASYNC_PRIVATE)
/* If we have already prepared the message and there is an ongoing
* signature operation, resume signing. */
- if( ssl->handshake->async_in_progress != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "resuming signature operation" ) );
- ret = ssl_resume_server_key_exchange( ssl, &signature_len );
- }
- else
+ if (ssl->handshake->async_in_progress != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("resuming signature operation"));
+ ret = ssl_resume_server_key_exchange(ssl, &signature_len);
+ } else
#endif /* defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) &&
defined(MBEDTLS_SSL_ASYNC_PRIVATE) */
{
/* ServerKeyExchange is needed. Prepare the message. */
- ret = ssl_prepare_server_key_exchange( ssl, &signature_len );
+ ret = ssl_prepare_server_key_exchange(ssl, &signature_len);
}
- if( ret != 0 )
- {
+ if (ret != 0) {
/* If we're starting to write a new message, set ssl->out_msglen
* to 0. But if we're resuming after an asynchronous message,
* out_msglen is the amount of data written so far and mst be
* preserved. */
- if( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server key exchange (pending)" ) );
- else
+ if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server key exchange (pending)"));
+ } else {
ssl->out_msglen = 0;
- return( ret );
+ }
+ return ret;
}
/* If there is a signature, write its length.
* ssl_prepare_server_key_exchange already wrote the signature
* itself at its proper place in the output buffer. */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
- if( signature_len != 0 )
- {
- ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_1( signature_len );
- ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_0( signature_len );
+ if (signature_len != 0) {
+ ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_1(signature_len);
+ ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_0(signature_len);
- MBEDTLS_SSL_DEBUG_BUF( 3, "my signature",
- ssl->out_msg + ssl->out_msglen,
- signature_len );
+ MBEDTLS_SSL_DEBUG_BUF(3, "my signature",
+ ssl->out_msg + ssl->out_msglen,
+ signature_len);
/* Skip over the already-written signature */
ssl->out_msglen += signature_len;
@@ -3809,22 +3639,21 @@
ssl->state++;
- if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+ return ret;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server key exchange" ) );
- return( 0 );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server key exchange"));
+ return 0;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl )
+static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello done" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server hello done"));
ssl->out_msglen = 4;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
@@ -3833,35 +3662,34 @@
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- mbedtls_ssl_send_flight_completed( ssl );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ mbedtls_ssl_send_flight_completed(ssl);
+ }
#endif
- if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+ return ret;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
- return( ret );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret);
+ return ret;
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello done" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello done"));
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char **p,
- const unsigned char *end )
+static int ssl_parse_client_dh_public(mbedtls_ssl_context *ssl, unsigned char **p,
+ const unsigned char *end)
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
size_t n;
@@ -3869,32 +3697,29 @@
/*
* Receive G^Y mod P, premaster = (G^Y)^X mod P
*/
- if( *p + 2 > end )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ if (*p + 2 > end) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE;
}
- n = ( (*p)[0] << 8 ) | (*p)[1];
+ n = ((*p)[0] << 8) | (*p)[1];
*p += 2;
- if( *p + n > end )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ if (*p + n > end) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE;
}
- if( ( ret = mbedtls_dhm_read_public( &ssl->handshake->dhm_ctx, *p, n ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_read_public", ret );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
+ if ((ret = mbedtls_dhm_read_public(&ssl->handshake->dhm_ctx, *p, n)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_read_public", ret);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP;
}
*p += n;
- MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY );
+ MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
@@ -3904,50 +3729,48 @@
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl,
- unsigned char *peer_pms,
- size_t *peer_pmslen,
- size_t peer_pmssize )
+static int ssl_resume_decrypt_pms(mbedtls_ssl_context *ssl,
+ unsigned char *peer_pms,
+ size_t *peer_pmslen,
+ size_t peer_pmssize)
{
- int ret = ssl->conf->f_async_resume( ssl,
- peer_pms, peer_pmslen, peer_pmssize );
- if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
- {
+ int ret = ssl->conf->f_async_resume(ssl,
+ peer_pms, peer_pmslen, peer_pmssize);
+ if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) {
ssl->handshake->async_in_progress = 0;
- mbedtls_ssl_set_async_operation_data( ssl, NULL );
+ mbedtls_ssl_set_async_operation_data(ssl, NULL);
}
- MBEDTLS_SSL_DEBUG_RET( 2, "ssl_decrypt_encrypted_pms", ret );
- return( ret );
+ MBEDTLS_SSL_DEBUG_RET(2, "ssl_decrypt_encrypted_pms", ret);
+ return ret;
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
- const unsigned char *p,
- const unsigned char *end,
- unsigned char *peer_pms,
- size_t *peer_pmslen,
- size_t peer_pmssize )
+static int ssl_decrypt_encrypted_pms(mbedtls_ssl_context *ssl,
+ const unsigned char *p,
+ const unsigned char *end,
+ unsigned char *peer_pms,
+ size_t *peer_pmslen,
+ size_t peer_pmssize)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert( ssl );
- if( own_cert == NULL ) {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no local certificate" ) );
- return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
+ mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert(ssl);
+ if (own_cert == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("got no local certificate"));
+ return MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE;
}
mbedtls_pk_context *public_key = &own_cert->pk;
- mbedtls_pk_context *private_key = mbedtls_ssl_own_key( ssl );
- size_t len = mbedtls_pk_get_len( public_key );
+ mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl);
+ size_t len = mbedtls_pk_get_len(public_key);
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
/* If we have already started decoding the message and there is an ongoing
* decryption operation, resume signing. */
- if( ssl->handshake->async_in_progress != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "resuming decryption operation" ) );
- return( ssl_resume_decrypt_pms( ssl,
- peer_pms, peer_pmslen, peer_pmssize ) );
+ if (ssl->handshake->async_in_progress != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("resuming decryption operation"));
+ return ssl_resume_decrypt_pms(ssl,
+ peer_pms, peer_pmslen, peer_pmssize);
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
@@ -3956,75 +3779,68 @@
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
- {
- if ( p + 2 > end )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0) {
+ if (p + 2 > end) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE;
}
- if( *p++ != MBEDTLS_BYTE_1( len ) ||
- *p++ != MBEDTLS_BYTE_0( len ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ if (*p++ != MBEDTLS_BYTE_1(len) ||
+ *p++ != MBEDTLS_BYTE_0(len)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE;
}
}
#endif
- if( p + len != end )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ if (p + len != end) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE;
}
/*
* Decrypt the premaster secret
*/
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- if( ssl->conf->f_async_decrypt_start != NULL )
- {
- ret = ssl->conf->f_async_decrypt_start( ssl,
- mbedtls_ssl_own_cert( ssl ),
- p, len );
- switch( ret )
- {
- case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH:
- /* act as if f_async_decrypt_start was null */
- break;
- case 0:
- ssl->handshake->async_in_progress = 1;
- return( ssl_resume_decrypt_pms( ssl,
- peer_pms,
- peer_pmslen,
- peer_pmssize ) );
- case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS:
- ssl->handshake->async_in_progress = 1;
- return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
- default:
- MBEDTLS_SSL_DEBUG_RET( 1, "f_async_decrypt_start", ret );
- return( ret );
+ if (ssl->conf->f_async_decrypt_start != NULL) {
+ ret = ssl->conf->f_async_decrypt_start(ssl,
+ mbedtls_ssl_own_cert(ssl),
+ p, len);
+ switch (ret) {
+ case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH:
+ /* act as if f_async_decrypt_start was null */
+ break;
+ case 0:
+ ssl->handshake->async_in_progress = 1;
+ return ssl_resume_decrypt_pms(ssl,
+ peer_pms,
+ peer_pmslen,
+ peer_pmssize);
+ case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS:
+ ssl->handshake->async_in_progress = 1;
+ return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS;
+ default:
+ MBEDTLS_SSL_DEBUG_RET(1, "f_async_decrypt_start", ret);
+ return ret;
}
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
- if( ! mbedtls_pk_can_do( private_key, MBEDTLS_PK_RSA ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no RSA private key" ) );
- return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+ if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_RSA)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("got no RSA private key"));
+ return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
}
- ret = mbedtls_pk_decrypt( private_key, p, len,
- peer_pms, peer_pmslen, peer_pmssize,
- ssl->conf->f_rng, ssl->conf->p_rng );
- return( ret );
+ ret = mbedtls_pk_decrypt(private_key, p, len,
+ peer_pms, peer_pmslen, peer_pmssize,
+ ssl->conf->f_rng, ssl->conf->p_rng);
+ return ret;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
- const unsigned char *p,
- const unsigned char *end,
- size_t pms_offset )
+static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl,
+ const unsigned char *p,
+ const unsigned char *end,
+ size_t pms_offset)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *pms = ssl->handshake->premaster + pms_offset;
@@ -4044,19 +3860,20 @@
peer_pms[0] = peer_pms[1] = ~0;
peer_pmslen = 0;
- ret = ssl_decrypt_encrypted_pms( ssl, p, end,
- peer_pms,
- &peer_pmslen,
- sizeof( peer_pms ) );
+ ret = ssl_decrypt_encrypted_pms(ssl, p, end,
+ peer_pms,
+ &peer_pmslen,
+ sizeof(peer_pms));
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- if ( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
- return( ret );
+ if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) {
+ return ret;
+ }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
- mbedtls_ssl_write_version( ssl->handshake->max_major_ver,
- ssl->handshake->max_minor_ver,
- ssl->conf->transport, ver );
+ mbedtls_ssl_write_version(ssl->handshake->max_major_ver,
+ ssl->handshake->max_minor_ver,
+ ssl->conf->transport, ver);
/* Avoid data-dependent branches while checking for invalid
* padding, to protect against timing-based Bleichenbacher-type
@@ -4067,7 +3884,7 @@
diff |= peer_pms[1] ^ ver[1];
/* mask = diff ? 0xff : 0x00 using bit operations to avoid branches */
- mask = mbedtls_ct_uint_mask( diff );
+ mask = mbedtls_ct_uint_mask(diff);
/*
* Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
@@ -4078,101 +3895,94 @@
* successful. In particular, always generate the fake premaster secret,
* regardless of whether it will ultimately influence the output or not.
*/
- ret = ssl->conf->f_rng( ssl->conf->p_rng, fake_pms, sizeof( fake_pms ) );
- if( ret != 0 )
- {
+ ret = ssl->conf->f_rng(ssl->conf->p_rng, fake_pms, sizeof(fake_pms));
+ if (ret != 0) {
/* It's ok to abort on an RNG failure, since this does not reveal
* anything about the RSA decryption. */
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_SSL_DEBUG_ALL)
- if( diff != 0 )
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+ if (diff != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+ }
#endif
- if( sizeof( ssl->handshake->premaster ) < pms_offset ||
- sizeof( ssl->handshake->premaster ) - pms_offset < 48 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if (sizeof(ssl->handshake->premaster) < pms_offset ||
+ sizeof(ssl->handshake->premaster) - pms_offset < 48) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
ssl->handshake->pmslen = 48;
/* Set pms to either the true or the fake PMS, without
* data-dependent branches. */
- for( i = 0; i < ssl->handshake->pmslen; i++ )
- pms[i] = ( mask & fake_pms[i] ) | ( (~mask) & peer_pms[i] );
+ for (i = 0; i < ssl->handshake->pmslen; i++) {
+ pms[i] = (mask & fake_pms[i]) | ((~mask) & peer_pms[i]);
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned char **p,
- const unsigned char *end )
+static int ssl_parse_client_psk_identity(mbedtls_ssl_context *ssl, unsigned char **p,
+ const unsigned char *end)
{
int ret = 0;
uint16_t n;
- if( ssl_conf_has_psk_or_cb( ssl->conf ) == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no pre-shared key" ) );
- return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+ if (ssl_conf_has_psk_or_cb(ssl->conf) == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("got no pre-shared key"));
+ return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
}
/*
* Receive client pre-shared key identity name
*/
- if( end - *p < 2 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ if (end - *p < 2) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE;
}
- n = ( (*p)[0] << 8 ) | (*p)[1];
+ n = ((*p)[0] << 8) | (*p)[1];
*p += 2;
- if( n == 0 || n > end - *p )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ if (n == 0 || n > end - *p) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE;
}
- if( ssl->conf->f_psk != NULL )
- {
- if( ssl->conf->f_psk( ssl->conf->p_psk, ssl, *p, n ) != 0 )
+ if (ssl->conf->f_psk != NULL) {
+ if (ssl->conf->f_psk(ssl->conf->p_psk, ssl, *p, n) != 0) {
ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
- }
- else
- {
+ }
+ } else {
/* Identity is not a big secret since clients send it in the clear,
* but treat it carefully anyway, just in case */
- if( n != ssl->conf->psk_identity_len ||
- mbedtls_ct_memcmp( ssl->conf->psk_identity, *p, n ) != 0 )
- {
+ if (n != ssl->conf->psk_identity_len ||
+ mbedtls_ct_memcmp(ssl->conf->psk_identity, *p, n) != 0) {
ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
}
}
- if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY )
- {
- MBEDTLS_SSL_DEBUG_BUF( 3, "Unknown PSK identity", *p, n );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY );
- return( MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY );
+ if (ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) {
+ MBEDTLS_SSL_DEBUG_BUF(3, "Unknown PSK identity", *p, n);
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY);
+ return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
}
*p += n;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
+static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@@ -4180,334 +3990,285 @@
ciphersuite_info = ssl->handshake->ciphersuite_info;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client key exchange"));
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \
- ( defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) )
- if( ( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) &&
- ( ssl->handshake->async_in_progress != 0 ) )
- {
+ (defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED))
+ if ((ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) &&
+ (ssl->handshake->async_in_progress != 0)) {
/* We've already read a record and there is an asynchronous
* operation in progress to decrypt it. So skip reading the
* record. */
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "will resume decryption of previously-read record" ) );
- }
- else
+ MBEDTLS_SSL_DEBUG_MSG(3, ("will resume decryption of previously-read record"));
+ } else
#endif
- if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+ return ret;
}
- p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
+ p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
end = ssl->in_msg + ssl->in_hslen;
- if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE;
}
- if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ if (ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE;
}
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA )
- {
- if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret );
- return( ret );
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) {
+ if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_dh_public"), ret);
+ return ret;
}
- if( p != end )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ if (p != end) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE;
}
- if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
- ssl->handshake->premaster,
- MBEDTLS_PREMASTER_SIZE,
- &ssl->handshake->pmslen,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
+ if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
+ ssl->handshake->premaster,
+ MBEDTLS_PREMASTER_SIZE,
+ &ssl->handshake->pmslen,
+ ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS;
}
- MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
- }
- else
+ MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
- {
- if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx,
- p, end - p) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) {
+ if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx,
+ p, end - p)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP;
}
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_QP );
+ MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_QP);
- if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
- &ssl->handshake->pmslen,
- ssl->handshake->premaster,
- MBEDTLS_MPI_MAX_SIZE,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
+ if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx,
+ &ssl->handshake->pmslen,
+ ssl->handshake->premaster,
+ MBEDTLS_MPI_MAX_SIZE,
+ ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS;
}
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Z );
- }
- else
+ MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_Z);
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
- {
- if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
- return( ret );
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) {
+ if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret);
+ return ret;
}
- if( p != end )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ if (p != end) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* For opaque PSKs, we perform the PSK-to-MS derivation automatically
* and skip the intermediate PMS. */
- if( ssl_use_opaque_psk( ssl ) == 1 )
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque PSK" ) );
- else
+ if (ssl_use_opaque_psk(ssl) == 1) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("skip PMS generation for opaque PSK"));
+ } else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
- ciphersuite_info->key_exchange ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_psk_derive_premaster(ssl,
+ ciphersuite_info->key_exchange)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret);
+ return ret;
}
- }
- else
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
- {
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- if ( ssl->handshake->async_in_progress != 0 )
- {
+ if (ssl->handshake->async_in_progress != 0) {
/* There is an asynchronous operation in progress to
* decrypt the encrypted premaster secret, so skip
* directly to resuming this operation. */
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "PSK identity already parsed" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("PSK identity already parsed"));
/* Update p to skip the PSK identity. ssl_parse_encrypted_pms
* won't actually use it, but maintain p anyway for robustness. */
p += ssl->conf->psk_identity_len + 2;
- }
- else
+ } else
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
- if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
- return( ret );
+ if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret);
+ return ret;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Opaque PSKs are currently only supported for PSK-only. */
- if( ssl_use_opaque_psk( ssl ) == 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with RSA-PSK" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ if (ssl_use_opaque_psk(ssl) == 1) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("opaque PSK not supported with RSA-PSK"));
+ return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
}
#endif
- if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 2 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_encrypted_pms" ), ret );
- return( ret );
+ if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 2)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_encrypted_pms"), ret);
+ return ret;
}
- if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
- ciphersuite_info->key_exchange ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_psk_derive_premaster(ssl,
+ ciphersuite_info->key_exchange)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret);
+ return ret;
}
- }
- else
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
- {
- if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
- return( ret );
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
+ if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret);
+ return ret;
}
- if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret );
- return( ret );
+ if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_dh_public"), ret);
+ return ret;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Opaque PSKs are currently only supported for PSK-only. */
- if( ssl_use_opaque_psk( ssl ) == 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with DHE-PSK" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ if (ssl_use_opaque_psk(ssl) == 1) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("opaque PSK not supported with DHE-PSK"));
+ return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
}
#endif
- if( p != end )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ if (p != end) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE;
}
- if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
- ciphersuite_info->key_exchange ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_psk_derive_premaster(ssl,
+ ciphersuite_info->key_exchange)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret);
+ return ret;
}
- }
- else
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
- {
- if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
- return( ret );
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
+ if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret);
+ return ret;
}
- if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx,
- p, end - p ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
+ if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx,
+ p, end - p)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret);
+ return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Opaque PSKs are currently only supported for PSK-only. */
- if( ssl_use_opaque_psk( ssl ) == 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with ECDHE-PSK" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ if (ssl_use_opaque_psk(ssl) == 1) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("opaque PSK not supported with ECDHE-PSK"));
+ return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
}
#endif
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_QP );
+ MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_QP);
- if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
- ciphersuite_info->key_exchange ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_psk_derive_premaster(ssl,
+ ciphersuite_info->key_exchange)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret);
+ return ret;
}
- }
- else
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
- {
- if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 0 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_parse_encrypted_pms_secret" ), ret );
- return( ret );
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
+ if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 0)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_parse_encrypted_pms_secret"), ret);
+ return ret;
}
- }
- else
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
- {
- ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx,
- p, end - p );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
+ ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx,
+ p, end - p);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret);
+ return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE;
}
- ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx,
- ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
- ssl->conf->f_rng, ssl->conf->p_rng );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret );
- return( ret );
+ ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx,
+ ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
+ ssl->conf->f_rng, ssl->conf->p_rng);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_derive_secret", ret);
+ return ret;
}
- }
- else
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret);
+ return ret;
}
ssl->state++;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client key exchange" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client key exchange"));
- return( 0 );
+ return 0;
}
#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
+static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl)
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify"));
- if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+ if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify"));
ssl->state++;
- return( 0 );
+ return 0;
}
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
+static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
size_t i, sig_len;
@@ -4520,60 +4281,54 @@
mbedtls_md_type_t md_alg;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
- mbedtls_pk_context * peer_pk;
+ mbedtls_pk_context *peer_pk;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify"));
- if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+ if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify"));
ssl->state++;
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- if( ssl->session_negotiate->peer_cert == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+ if (ssl->session_negotiate->peer_cert == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify"));
ssl->state++;
- return( 0 );
+ return 0;
}
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- if( ssl->session_negotiate->peer_cert_digest == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+ if (ssl->session_negotiate->peer_cert_digest == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify"));
ssl->state++;
- return( 0 );
+ return 0;
}
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/* Read the message without adding it to the checksum */
- ret = mbedtls_ssl_read_record( ssl, 0 /* no checksum update */ );
- if( 0 != ret )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record" ), ret );
- return( ret );
+ ret = mbedtls_ssl_read_record(ssl, 0 /* no checksum update */);
+ if (0 != ret) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_read_record"), ret);
+ return ret;
}
ssl->state++;
/* Process the message contents */
- if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
- ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+ if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
+ ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY;
}
- i = mbedtls_ssl_hs_hdr_len( ssl );
+ i = mbedtls_ssl_hs_hdr_len(ssl);
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
peer_pk = &ssl->handshake->peer_pubkey;
#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- if( ssl->session_negotiate->peer_cert == NULL )
- {
+ if (ssl->session_negotiate->peer_cert == NULL) {
/* Should never happen */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
peer_pk = &ssl->session_negotiate->peer_cert->pk;
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -4586,46 +4341,41 @@
*/
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
- {
+ if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) {
md_alg = MBEDTLS_MD_NONE;
hashlen = 36;
/* For ECDSA, use SHA-1, not MD-5 + SHA-1 */
- if( mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECDSA ) )
- {
+ if (mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_ECDSA)) {
hash_start += 16;
hashlen -= 16;
md_alg = MBEDTLS_MD_SHA1;
}
- }
- else
+ } else
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 ||
MBEDTLS_SSL_PROTO_TLS1_1 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- if( i + 2 > ssl->in_hslen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+ if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) {
+ if (i + 2 > ssl->in_hslen) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY;
}
/*
* Hash
*/
- md_alg = mbedtls_ssl_md_alg_from_hash( ssl->in_msg[i] );
+ md_alg = mbedtls_ssl_md_alg_from_hash(ssl->in_msg[i]);
- if( md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md( ssl, ssl->in_msg[i] ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
- " for verify message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+ if (md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md(ssl, ssl->in_msg[i])) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("peer not adhering to requested sig_alg"
+ " for verify message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY;
}
#if !defined(MBEDTLS_MD_SHA1)
- if( MBEDTLS_MD_SHA1 == md_alg )
+ if (MBEDTLS_MD_SHA1 == md_alg) {
hash_start += 16;
+ }
#endif
/* Info from md_alg will be used instead */
@@ -4636,78 +4386,72 @@
/*
* Signature
*/
- if( ( pk_alg = mbedtls_ssl_pk_alg_from_sig( ssl->in_msg[i] ) )
- == MBEDTLS_PK_NONE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
- " for verify message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+ if ((pk_alg = mbedtls_ssl_pk_alg_from_sig(ssl->in_msg[i]))
+ == MBEDTLS_PK_NONE) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("peer not adhering to requested sig_alg"
+ " for verify message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY;
}
/*
* Check the certificate's key type matches the signature alg
*/
- if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+ if (!mbedtls_pk_can_do(peer_pk, pk_alg)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("sig_alg doesn't match cert key"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY;
}
i++;
- }
- else
+ } else
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- if( i + 2 > ssl->in_hslen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+ if (i + 2 > ssl->in_hslen) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY;
}
- sig_len = ( ssl->in_msg[i] << 8 ) | ssl->in_msg[i+1];
+ sig_len = (ssl->in_msg[i] << 8) | ssl->in_msg[i+1];
i += 2;
- if( i + sig_len != ssl->in_hslen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+ if (i + sig_len != ssl->in_hslen) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message"));
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY;
}
/* Calculate hash and verify signature */
{
size_t dummy_hlen;
- ssl->handshake->calc_verify( ssl, hash, &dummy_hlen );
+ ssl->handshake->calc_verify(ssl, hash, &dummy_hlen);
}
- if( ( ret = mbedtls_pk_verify( peer_pk,
- md_alg, hash_start, hashlen,
- ssl->in_msg + i, sig_len ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
- return( ret );
+ if ((ret = mbedtls_pk_verify(peer_pk,
+ md_alg, hash_start, hashlen,
+ ssl->in_msg + i, sig_len)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret);
+ return ret;
}
- mbedtls_ssl_update_handshake_status( ssl );
+ mbedtls_ssl_update_handshake_status(ssl);
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate verify"));
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
+static int ssl_write_new_session_ticket(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t tlen;
uint32_t lifetime;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write new session ticket" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write new session ticket"));
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_NEW_SESSION_TICKET;
@@ -4723,18 +4467,17 @@
* 10 . 9+n ticket content
*/
- if( ( ret = ssl->conf->f_ticket_write( ssl->conf->p_ticket,
- ssl->session_negotiate,
- ssl->out_msg + 10,
- ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN,
- &tlen, &lifetime ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_write", ret );
+ if ((ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket,
+ ssl->session_negotiate,
+ ssl->out_msg + 10,
+ ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN,
+ &tlen, &lifetime)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_ticket_write", ret);
tlen = 0;
}
- MBEDTLS_PUT_UINT32_BE( lifetime, ssl->out_msg, 4 );
- MBEDTLS_PUT_UINT16_BE( tlen, ssl->out_msg, 8 );
+ MBEDTLS_PUT_UINT32_BE(lifetime, ssl->out_msg, 4);
+ MBEDTLS_PUT_UINT16_BE(tlen, ssl->out_msg, 8);
ssl->out_msglen = 10 + tlen;
/*
@@ -4743,44 +4486,44 @@
*/
ssl->handshake->new_session_ticket = 0;
- if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+ return ret;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write new session ticket"));
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
/*
* SSL handshake -- server side -- single step
*/
-int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl)
{
int ret = 0;
- if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("server state: %d", ssl->state));
- if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
+ return ret;
+ }
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
- {
- if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
- return( ret );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) {
+ if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) {
+ return ret;
+ }
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- switch( ssl->state )
- {
+ switch (ssl->state) {
case MBEDTLS_SSL_HELLO_REQUEST:
ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
break;
@@ -4789,12 +4532,12 @@
* <== ClientHello
*/
case MBEDTLS_SSL_CLIENT_HELLO:
- ret = ssl_parse_client_hello( ssl );
+ ret = ssl_parse_client_hello(ssl);
break;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:
- return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
+ return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED;
#endif
/*
@@ -4805,23 +4548,23 @@
* ServerHelloDone
*/
case MBEDTLS_SSL_SERVER_HELLO:
- ret = ssl_write_server_hello( ssl );
+ ret = ssl_write_server_hello(ssl);
break;
case MBEDTLS_SSL_SERVER_CERTIFICATE:
- ret = mbedtls_ssl_write_certificate( ssl );
+ ret = mbedtls_ssl_write_certificate(ssl);
break;
case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
- ret = ssl_write_server_key_exchange( ssl );
+ ret = ssl_write_server_key_exchange(ssl);
break;
case MBEDTLS_SSL_CERTIFICATE_REQUEST:
- ret = ssl_write_certificate_request( ssl );
+ ret = ssl_write_certificate_request(ssl);
break;
case MBEDTLS_SSL_SERVER_HELLO_DONE:
- ret = ssl_write_server_hello_done( ssl );
+ ret = ssl_write_server_hello_done(ssl);
break;
/*
@@ -4832,23 +4575,23 @@
* Finished
*/
case MBEDTLS_SSL_CLIENT_CERTIFICATE:
- ret = mbedtls_ssl_parse_certificate( ssl );
+ ret = mbedtls_ssl_parse_certificate(ssl);
break;
case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
- ret = ssl_parse_client_key_exchange( ssl );
+ ret = ssl_parse_client_key_exchange(ssl);
break;
case MBEDTLS_SSL_CERTIFICATE_VERIFY:
- ret = ssl_parse_certificate_verify( ssl );
+ ret = ssl_parse_certificate_verify(ssl);
break;
case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
- ret = mbedtls_ssl_parse_change_cipher_spec( ssl );
+ ret = mbedtls_ssl_parse_change_cipher_spec(ssl);
break;
case MBEDTLS_SSL_CLIENT_FINISHED:
- ret = mbedtls_ssl_parse_finished( ssl );
+ ret = mbedtls_ssl_parse_finished(ssl);
break;
/*
@@ -4858,31 +4601,31 @@
*/
case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- if( ssl->handshake->new_session_ticket != 0 )
- ret = ssl_write_new_session_ticket( ssl );
- else
+ if (ssl->handshake->new_session_ticket != 0) {
+ ret = ssl_write_new_session_ticket(ssl);
+ } else
#endif
- ret = mbedtls_ssl_write_change_cipher_spec( ssl );
+ ret = mbedtls_ssl_write_change_cipher_spec(ssl);
break;
case MBEDTLS_SSL_SERVER_FINISHED:
- ret = mbedtls_ssl_write_finished( ssl );
+ ret = mbedtls_ssl_write_finished(ssl);
break;
case MBEDTLS_SSL_FLUSH_BUFFERS:
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done"));
ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
break;
case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
- mbedtls_ssl_handshake_wrapup( ssl );
+ mbedtls_ssl_handshake_wrapup(ssl);
break;
default:
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SSL_SRV_C */
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 8a57789..0789245 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -33,12 +33,12 @@
/*
* Initialize context
*/
-void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
+void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx)
{
- memset( ctx, 0, sizeof( mbedtls_ssl_ticket_context ) );
+ memset(ctx, 0, sizeof(mbedtls_ssl_ticket_context));
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &ctx->mutex );
+ mbedtls_mutex_init(&ctx->mutex);
#endif
}
@@ -49,81 +49,80 @@
#define TICKET_CRYPT_LEN_BYTES 2
#define TICKET_AUTH_TAG_BYTES 16
-#define TICKET_MIN_LEN ( TICKET_KEY_NAME_BYTES + \
- TICKET_IV_BYTES + \
- TICKET_CRYPT_LEN_BYTES + \
- TICKET_AUTH_TAG_BYTES )
-#define TICKET_ADD_DATA_LEN ( TICKET_KEY_NAME_BYTES + \
- TICKET_IV_BYTES + \
- TICKET_CRYPT_LEN_BYTES )
+#define TICKET_MIN_LEN (TICKET_KEY_NAME_BYTES + \
+ TICKET_IV_BYTES + \
+ TICKET_CRYPT_LEN_BYTES + \
+ TICKET_AUTH_TAG_BYTES)
+#define TICKET_ADD_DATA_LEN (TICKET_KEY_NAME_BYTES + \
+ TICKET_IV_BYTES + \
+ TICKET_CRYPT_LEN_BYTES)
/*
* Generate/update a key
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
- unsigned char index )
+static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx,
+ unsigned char index)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char buf[MAX_KEY_BYTES];
mbedtls_ssl_ticket_key *key = ctx->keys + index;
#if defined(MBEDTLS_HAVE_TIME)
- key->generation_time = (uint32_t) mbedtls_time( NULL );
+ key->generation_time = (uint32_t) mbedtls_time(NULL);
#endif
- if( ( ret = ctx->f_rng( ctx->p_rng, key->name, sizeof( key->name ) ) ) != 0 )
- return( ret );
+ if ((ret = ctx->f_rng(ctx->p_rng, key->name, sizeof(key->name))) != 0) {
+ return ret;
+ }
- if( ( ret = ctx->f_rng( ctx->p_rng, buf, sizeof( buf ) ) ) != 0 )
- return( ret );
+ if ((ret = ctx->f_rng(ctx->p_rng, buf, sizeof(buf))) != 0) {
+ return ret;
+ }
/* With GCM and CCM, same context can encrypt & decrypt */
- ret = mbedtls_cipher_setkey( &key->ctx, buf,
- mbedtls_cipher_get_key_bitlen( &key->ctx ),
- MBEDTLS_ENCRYPT );
+ ret = mbedtls_cipher_setkey(&key->ctx, buf,
+ mbedtls_cipher_get_key_bitlen(&key->ctx),
+ MBEDTLS_ENCRYPT);
- mbedtls_platform_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize(buf, sizeof(buf));
- return( ret );
+ return ret;
}
/*
* Rotate/generate keys if necessary
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
+static int ssl_ticket_update_keys(mbedtls_ssl_ticket_context *ctx)
{
#if !defined(MBEDTLS_HAVE_TIME)
((void) ctx);
#else
- if( ctx->ticket_lifetime != 0 )
- {
- uint32_t current_time = (uint32_t) mbedtls_time( NULL );
+ if (ctx->ticket_lifetime != 0) {
+ uint32_t current_time = (uint32_t) mbedtls_time(NULL);
uint32_t key_time = ctx->keys[ctx->active].generation_time;
- if( current_time >= key_time &&
- current_time - key_time < ctx->ticket_lifetime )
- {
- return( 0 );
+ if (current_time >= key_time &&
+ current_time - key_time < ctx->ticket_lifetime) {
+ return 0;
}
ctx->active = 1 - ctx->active;
- return( ssl_ticket_gen_key( ctx, ctx->active ) );
- }
- else
+ return ssl_ticket_gen_key(ctx, ctx->active);
+ } else
#endif /* MBEDTLS_HAVE_TIME */
- return( 0 );
+ return 0;
}
/*
* Setup context for actual use
*/
-int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_cipher_type_t cipher,
- uint32_t lifetime )
+int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ mbedtls_cipher_type_t cipher,
+ uint32_t lifetime)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
@@ -133,26 +132,26 @@
ctx->ticket_lifetime = lifetime;
- cipher_info = mbedtls_cipher_info_from_type( cipher);
- if( cipher_info == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- if( cipher_info->mode != MBEDTLS_MODE_GCM &&
- cipher_info->mode != MBEDTLS_MODE_CCM )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ cipher_info = mbedtls_cipher_info_from_type(cipher);
+ if (cipher_info == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (cipher_info->mode != MBEDTLS_MODE_GCM &&
+ cipher_info->mode != MBEDTLS_MODE_CCM) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
+
+ if (cipher_info->key_bitlen > 8 * MAX_KEY_BYTES) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
int do_mbedtls_cipher_setup = 1;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- ret = mbedtls_cipher_setup_psa( &ctx->keys[0].ctx,
- cipher_info, TICKET_AUTH_TAG_BYTES );
+ ret = mbedtls_cipher_setup_psa(&ctx->keys[0].ctx,
+ cipher_info, TICKET_AUTH_TAG_BYTES);
- switch( ret )
- {
+ switch (ret) {
case 0:
do_mbedtls_cipher_setup = 0;
break;
@@ -162,37 +161,42 @@
do_mbedtls_cipher_setup = 1;
break;
default:
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( do_mbedtls_cipher_setup )
- if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) )
- != 0 )
- return( ret );
+ if (do_mbedtls_cipher_setup) {
+ if ((ret = mbedtls_cipher_setup(&ctx->keys[0].ctx, cipher_info))
+ != 0) {
+ return ret;
+ }
+ }
do_mbedtls_cipher_setup = 1;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
do_mbedtls_cipher_setup = 0;
- ret = mbedtls_cipher_setup_psa( &ctx->keys[1].ctx,
- cipher_info, TICKET_AUTH_TAG_BYTES );
- if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
- return( ret );
- if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
+ ret = mbedtls_cipher_setup_psa(&ctx->keys[1].ctx,
+ cipher_info, TICKET_AUTH_TAG_BYTES);
+ if (ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) {
+ return ret;
+ }
+ if (ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) {
do_mbedtls_cipher_setup = 1;
+ }
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( do_mbedtls_cipher_setup )
- if( ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) )
- != 0 )
- return( ret );
-
- if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 ||
- ( ret = ssl_ticket_gen_key( ctx, 1 ) ) != 0 )
- {
- return( ret );
+ if (do_mbedtls_cipher_setup) {
+ if ((ret = mbedtls_cipher_setup(&ctx->keys[1].ctx, cipher_info))
+ != 0) {
+ return ret;
+ }
}
- return( 0 );
+ if ((ret = ssl_ticket_gen_key(ctx, 0)) != 0 ||
+ (ret = ssl_ticket_gen_key(ctx, 1)) != 0) {
+ return ret;
+ }
+
+ return 0;
}
/*
@@ -209,12 +213,12 @@
* authenticated data.
*/
-int mbedtls_ssl_ticket_write( void *p_ticket,
- const mbedtls_ssl_session *session,
- unsigned char *start,
- const unsigned char *end,
- size_t *tlen,
- uint32_t *ticket_lifetime )
+int mbedtls_ssl_ticket_write(void *p_ticket,
+ const mbedtls_ssl_session *session,
+ unsigned char *start,
+ const unsigned char *end,
+ size_t *tlen,
+ uint32_t *ticket_lifetime)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_ticket_context *ctx = p_ticket;
@@ -227,53 +231,54 @@
*tlen = 0;
- if( ctx == NULL || ctx->f_rng == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ctx == NULL || ctx->f_rng == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
/* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag,
* in addition to session itself, that will be checked when writing it. */
- MBEDTLS_SSL_CHK_BUF_PTR( start, end, TICKET_MIN_LEN );
+ MBEDTLS_SSL_CHK_BUF_PTR(start, end, TICKET_MIN_LEN);
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+ return ret;
+ }
#endif
- if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 )
+ if ((ret = ssl_ticket_update_keys(ctx)) != 0) {
goto cleanup;
+ }
key = &ctx->keys[ctx->active];
*ticket_lifetime = ctx->ticket_lifetime;
- memcpy( key_name, key->name, TICKET_KEY_NAME_BYTES );
+ memcpy(key_name, key->name, TICKET_KEY_NAME_BYTES);
- if( ( ret = ctx->f_rng( ctx->p_rng, iv, TICKET_IV_BYTES ) ) != 0 )
+ if ((ret = ctx->f_rng(ctx->p_rng, iv, TICKET_IV_BYTES)) != 0) {
goto cleanup;
+ }
/* Dump session state */
- if( ( ret = mbedtls_ssl_session_save( session,
- state, end - state,
- &clear_len ) ) != 0 ||
- (unsigned long) clear_len > 65535 )
- {
- goto cleanup;
- }
- MBEDTLS_PUT_UINT16_BE( clear_len, state_len_bytes, 0 );
-
- /* Encrypt and authenticate */
- if( ( ret = mbedtls_cipher_auth_encrypt_ext( &key->ctx,
- iv, TICKET_IV_BYTES,
- /* Additional data: key name, IV and length */
- key_name, TICKET_ADD_DATA_LEN,
- state, clear_len,
- state, end - state, &ciph_len,
- TICKET_AUTH_TAG_BYTES ) ) != 0 )
- {
+ if ((ret = mbedtls_ssl_session_save(session,
+ state, end - state,
+ &clear_len)) != 0 ||
+ (unsigned long) clear_len > 65535) {
goto cleanup;
}
- if( ciph_len != clear_len + TICKET_AUTH_TAG_BYTES )
- {
+ MBEDTLS_PUT_UINT16_BE(clear_len, state_len_bytes, 0);
+
+ /* Encrypt and authenticate */
+ if ((ret = mbedtls_cipher_auth_encrypt_ext(&key->ctx,
+ iv, TICKET_IV_BYTES,
+ /* Additional data: key name, IV and length */
+ key_name, TICKET_ADD_DATA_LEN,
+ state, clear_len,
+ state, end - state, &ciph_len,
+ TICKET_AUTH_TAG_BYTES)) != 0) {
+ goto cleanup;
+ }
+ if (ciph_len != clear_len + TICKET_AUTH_TAG_BYTES) {
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
goto cleanup;
}
@@ -282,36 +287,39 @@
cleanup:
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
- return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+ if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+ return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+ }
#endif
- return( ret );
+ return ret;
}
/*
* Select key based on name
*/
static mbedtls_ssl_ticket_key *ssl_ticket_select_key(
- mbedtls_ssl_ticket_context *ctx,
- const unsigned char name[4] )
+ mbedtls_ssl_ticket_context *ctx,
+ const unsigned char name[4])
{
unsigned char i;
- for( i = 0; i < sizeof( ctx->keys ) / sizeof( *ctx->keys ); i++ )
- if( memcmp( name, ctx->keys[i].name, 4 ) == 0 )
- return( &ctx->keys[i] );
+ for (i = 0; i < sizeof(ctx->keys) / sizeof(*ctx->keys); i++) {
+ if (memcmp(name, ctx->keys[i].name, 4) == 0) {
+ return &ctx->keys[i];
+ }
+ }
- return( NULL );
+ return NULL;
}
/*
* Load session ticket (see mbedtls_ssl_ticket_write for structure)
*/
-int mbedtls_ssl_ticket_parse( void *p_ticket,
- mbedtls_ssl_session *session,
- unsigned char *buf,
- size_t len )
+int mbedtls_ssl_ticket_parse(void *p_ticket,
+ mbedtls_ssl_session *session,
+ unsigned char *buf,
+ size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_ticket_context *ctx = p_ticket;
@@ -322,31 +330,33 @@
unsigned char *ticket = enc_len_p + TICKET_CRYPT_LEN_BYTES;
size_t enc_len, clear_len;
- if( ctx == NULL || ctx->f_rng == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ctx == NULL || ctx->f_rng == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- if( len < TICKET_MIN_LEN )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (len < TICKET_MIN_LEN) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+ return ret;
+ }
#endif
- if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 )
+ if ((ret = ssl_ticket_update_keys(ctx)) != 0) {
goto cleanup;
+ }
- enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1];
+ enc_len = (enc_len_p[0] << 8) | enc_len_p[1];
- if( len != TICKET_MIN_LEN + enc_len )
- {
+ if (len != TICKET_MIN_LEN + enc_len) {
ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
goto cleanup;
}
/* Select key */
- if( ( key = ssl_ticket_select_key( ctx, key_name ) ) == NULL )
- {
+ if ((key = ssl_ticket_select_key(ctx, key_name)) == NULL) {
/* We can't know for sure but this is a likely option unless we're
* under attack - this is only informative anyway */
ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
@@ -354,37 +364,36 @@
}
/* Decrypt and authenticate */
- if( ( ret = mbedtls_cipher_auth_decrypt_ext( &key->ctx,
- iv, TICKET_IV_BYTES,
- /* Additional data: key name, IV and length */
- key_name, TICKET_ADD_DATA_LEN,
- ticket, enc_len + TICKET_AUTH_TAG_BYTES,
- ticket, enc_len, &clear_len,
- TICKET_AUTH_TAG_BYTES ) ) != 0 )
- {
- if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
+ if ((ret = mbedtls_cipher_auth_decrypt_ext(&key->ctx,
+ iv, TICKET_IV_BYTES,
+ /* Additional data: key name, IV and length */
+ key_name, TICKET_ADD_DATA_LEN,
+ ticket, enc_len + TICKET_AUTH_TAG_BYTES,
+ ticket, enc_len, &clear_len,
+ TICKET_AUTH_TAG_BYTES)) != 0) {
+ if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) {
ret = MBEDTLS_ERR_SSL_INVALID_MAC;
+ }
goto cleanup;
}
- if( clear_len != enc_len )
- {
+ if (clear_len != enc_len) {
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
goto cleanup;
}
/* Actually load session */
- if( ( ret = mbedtls_ssl_session_load( session, ticket, clear_len ) ) != 0 )
+ if ((ret = mbedtls_ssl_session_load(session, ticket, clear_len)) != 0) {
goto cleanup;
+ }
#if defined(MBEDTLS_HAVE_TIME)
{
/* Check for expiration */
- mbedtls_time_t current_time = mbedtls_time( NULL );
+ mbedtls_time_t current_time = mbedtls_time(NULL);
- if( current_time < session->start ||
- (uint32_t)( current_time - session->start ) > ctx->ticket_lifetime )
- {
+ if (current_time < session->start ||
+ (uint32_t) (current_time - session->start) > ctx->ticket_lifetime) {
ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
goto cleanup;
}
@@ -393,26 +402,27 @@
cleanup:
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
- return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+ if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+ return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+ }
#endif
- return( ret );
+ return ret;
}
/*
* Free context
*/
-void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx )
+void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx)
{
- mbedtls_cipher_free( &ctx->keys[0].ctx );
- mbedtls_cipher_free( &ctx->keys[1].ctx );
+ mbedtls_cipher_free(&ctx->keys[0].ctx);
+ mbedtls_cipher_free(&ctx->keys[1].ctx);
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_free( &ctx->mutex );
+ mbedtls_mutex_free(&ctx->mutex);
#endif
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_ticket_context));
}
#endif /* MBEDTLS_SSL_TICKET_C */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 70196a4..494de1b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -55,93 +55,88 @@
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* Top-level Connection ID API */
-int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf,
- size_t len,
- int ignore_other_cid )
+int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf,
+ size_t len,
+ int ignore_other_cid)
{
- if( len > MBEDTLS_SSL_CID_IN_LEN_MAX )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (len > MBEDTLS_SSL_CID_IN_LEN_MAX) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- if( ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_FAIL &&
- ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_IGNORE )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_FAIL &&
+ ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
conf->ignore_unexpected_cid = ignore_other_cid;
conf->cid_len = len;
- return( 0 );
+ return 0;
}
-int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
- int enable,
- unsigned char const *own_cid,
- size_t own_cid_len )
+int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl,
+ int enable,
+ unsigned char const *own_cid,
+ size_t own_cid_len)
{
- if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
ssl->negotiate_cid = enable;
- if( enable == MBEDTLS_SSL_CID_DISABLED )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Disable use of CID extension." ) );
- return( 0 );
+ if (enable == MBEDTLS_SSL_CID_DISABLED) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Disable use of CID extension."));
+ return 0;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Enable use of CID extension." ) );
- MBEDTLS_SSL_DEBUG_BUF( 3, "Own CID", own_cid, own_cid_len );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Enable use of CID extension."));
+ MBEDTLS_SSL_DEBUG_BUF(3, "Own CID", own_cid, own_cid_len);
- if( own_cid_len != ssl->conf->cid_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "CID length %u does not match CID length %u in config",
- (unsigned) own_cid_len,
- (unsigned) ssl->conf->cid_len ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (own_cid_len != ssl->conf->cid_len) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("CID length %u does not match CID length %u in config",
+ (unsigned) own_cid_len,
+ (unsigned) ssl->conf->cid_len));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- memcpy( ssl->own_cid, own_cid, own_cid_len );
+ memcpy(ssl->own_cid, own_cid, own_cid_len);
/* Truncation is not an issue here because
* MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */
ssl->own_cid_len = (uint8_t) own_cid_len;
- return( 0 );
+ return 0;
}
-int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
- int *enabled,
- unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],
- size_t *peer_cid_len )
+int mbedtls_ssl_get_peer_cid(mbedtls_ssl_context *ssl,
+ int *enabled,
+ unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
+ size_t *peer_cid_len)
{
*enabled = MBEDTLS_SSL_CID_DISABLED;
- if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
- ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
+ ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
/* We report MBEDTLS_SSL_CID_DISABLED in case the CID extensions
* were used, but client and server requested the empty CID.
* This is indistinguishable from not using the CID extension
* in the first place. */
- if( ssl->transform_in->in_cid_len == 0 &&
- ssl->transform_in->out_cid_len == 0 )
- {
- return( 0 );
+ if (ssl->transform_in->in_cid_len == 0 &&
+ ssl->transform_in->out_cid_len == 0) {
+ return 0;
}
- if( peer_cid_len != NULL )
- {
+ if (peer_cid_len != NULL) {
*peer_cid_len = ssl->transform_in->out_cid_len;
- if( peer_cid != NULL )
- {
- memcpy( peer_cid, ssl->transform_in->out_cid,
- ssl->transform_in->out_cid_len );
+ if (peer_cid != NULL) {
+ memcpy(peer_cid, ssl->transform_in->out_cid,
+ ssl->transform_in->out_cid_len);
}
}
*enabled = MBEDTLS_SSL_CID_ENABLED;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -156,31 +151,30 @@
* } MaxFragmentLength;
* and we add 0 -> extension unused
*/
-static unsigned int ssl_mfl_code_to_length( int mfl )
+static unsigned int ssl_mfl_code_to_length(int mfl)
{
- switch( mfl )
- {
- case MBEDTLS_SSL_MAX_FRAG_LEN_NONE:
- return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN );
- case MBEDTLS_SSL_MAX_FRAG_LEN_512:
- return 512;
- case MBEDTLS_SSL_MAX_FRAG_LEN_1024:
- return 1024;
- case MBEDTLS_SSL_MAX_FRAG_LEN_2048:
- return 2048;
- case MBEDTLS_SSL_MAX_FRAG_LEN_4096:
- return 4096;
- default:
- return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN );
+ switch (mfl) {
+ case MBEDTLS_SSL_MAX_FRAG_LEN_NONE:
+ return MBEDTLS_TLS_EXT_ADV_CONTENT_LEN;
+ case MBEDTLS_SSL_MAX_FRAG_LEN_512:
+ return 512;
+ case MBEDTLS_SSL_MAX_FRAG_LEN_1024:
+ return 1024;
+ case MBEDTLS_SSL_MAX_FRAG_LEN_2048:
+ return 2048;
+ case MBEDTLS_SSL_MAX_FRAG_LEN_4096:
+ return 4096;
+ default:
+ return MBEDTLS_TLS_EXT_ADV_CONTENT_LEN;
}
}
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
- const mbedtls_ssl_session *src )
+int mbedtls_ssl_session_copy(mbedtls_ssl_session *dst,
+ const mbedtls_ssl_session *src)
{
- mbedtls_ssl_session_free( dst );
- memcpy( dst, src, sizeof( mbedtls_ssl_session ) );
+ mbedtls_ssl_session_free(dst);
+ memcpy(dst, src, sizeof(mbedtls_ssl_session));
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
dst->ticket = NULL;
@@ -189,34 +183,33 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- if( src->peer_cert != NULL )
- {
+ if (src->peer_cert != NULL) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- dst->peer_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
- if( dst->peer_cert == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ dst->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
+ if (dst->peer_cert == NULL) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
- mbedtls_x509_crt_init( dst->peer_cert );
+ mbedtls_x509_crt_init(dst->peer_cert);
- if( ( ret = mbedtls_x509_crt_parse_der( dst->peer_cert, src->peer_cert->raw.p,
- src->peer_cert->raw.len ) ) != 0 )
- {
- mbedtls_free( dst->peer_cert );
+ if ((ret = mbedtls_x509_crt_parse_der(dst->peer_cert, src->peer_cert->raw.p,
+ src->peer_cert->raw.len)) != 0) {
+ mbedtls_free(dst->peer_cert);
dst->peer_cert = NULL;
- return( ret );
+ return ret;
}
}
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- if( src->peer_cert_digest != NULL )
- {
+ if (src->peer_cert_digest != NULL) {
dst->peer_cert_digest =
- mbedtls_calloc( 1, src->peer_cert_digest_len );
- if( dst->peer_cert_digest == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ mbedtls_calloc(1, src->peer_cert_digest_len);
+ if (dst->peer_cert_digest == NULL) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
- memcpy( dst->peer_cert_digest, src->peer_cert_digest,
- src->peer_cert_digest_len );
+ memcpy(dst->peer_cert_digest, src->peer_cert_digest,
+ src->peer_cert_digest_len);
dst->peer_cert_digest_type = src->peer_cert_digest_type;
dst->peer_cert_digest_len = src->peer_cert_digest_len;
}
@@ -225,35 +218,36 @@
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- if( src->ticket != NULL )
- {
- dst->ticket = mbedtls_calloc( 1, src->ticket_len );
- if( dst->ticket == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ if (src->ticket != NULL) {
+ dst->ticket = mbedtls_calloc(1, src->ticket_len);
+ if (dst->ticket == NULL) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
- memcpy( dst->ticket, src->ticket, src->ticket_len );
+ memcpy(dst->ticket, src->ticket, src->ticket_len);
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int resize_buffer( unsigned char **buffer, size_t len_new, size_t *len_old )
+static int resize_buffer(unsigned char **buffer, size_t len_new, size_t *len_old)
{
- unsigned char* resized_buffer = mbedtls_calloc( 1, len_new );
- if( resized_buffer == NULL )
+ unsigned char *resized_buffer = mbedtls_calloc(1, len_new);
+ if (resized_buffer == NULL) {
return -1;
+ }
/* We want to copy len_new bytes when downsizing the buffer, and
* len_old bytes when upsizing, so we choose the smaller of two sizes,
* to fit one buffer into another. Size checks, ensuring that no data is
* lost, are done outside of this function. */
- memcpy( resized_buffer, *buffer,
- ( len_new < *len_old ) ? len_new : *len_old );
- mbedtls_platform_zeroize( *buffer, *len_old );
- mbedtls_free( *buffer );
+ memcpy(resized_buffer, *buffer,
+ (len_new < *len_old) ? len_new : *len_old);
+ mbedtls_platform_zeroize(*buffer, *len_old);
+ mbedtls_free(*buffer);
*buffer = resized_buffer;
*len_old = len_new;
@@ -261,60 +255,49 @@
return 0;
}
-static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing,
- size_t in_buf_new_len,
- size_t out_buf_new_len )
+static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing,
+ size_t in_buf_new_len,
+ size_t out_buf_new_len)
{
int modified = 0;
size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0;
size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0;
- if( ssl->in_buf != NULL )
- {
+ if (ssl->in_buf != NULL) {
written_in = ssl->in_msg - ssl->in_buf;
iv_offset_in = ssl->in_iv - ssl->in_buf;
len_offset_in = ssl->in_len - ssl->in_buf;
- if( downsizing ?
+ if (downsizing ?
ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len :
- ssl->in_buf_len < in_buf_new_len )
- {
- if( resize_buffer( &ssl->in_buf, in_buf_new_len, &ssl->in_buf_len ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %" MBEDTLS_PRINTF_SIZET,
- in_buf_new_len ) );
+ ssl->in_buf_len < in_buf_new_len) {
+ if (resize_buffer(&ssl->in_buf, in_buf_new_len, &ssl->in_buf_len) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("input buffer resizing failed - out of memory"));
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Reallocating in_buf to %" MBEDTLS_PRINTF_SIZET,
+ in_buf_new_len));
modified = 1;
}
}
}
- if( ssl->out_buf != NULL )
- {
+ if (ssl->out_buf != NULL) {
written_out = ssl->out_msg - ssl->out_buf;
iv_offset_out = ssl->out_iv - ssl->out_buf;
len_offset_out = ssl->out_len - ssl->out_buf;
- if( downsizing ?
+ if (downsizing ?
ssl->out_buf_len > out_buf_new_len && ssl->out_left < out_buf_new_len :
- ssl->out_buf_len < out_buf_new_len )
- {
- if( resize_buffer( &ssl->out_buf, out_buf_new_len, &ssl->out_buf_len ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %" MBEDTLS_PRINTF_SIZET,
- out_buf_new_len ) );
+ ssl->out_buf_len < out_buf_new_len) {
+ if (resize_buffer(&ssl->out_buf, out_buf_new_len, &ssl->out_buf_len) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("output buffer resizing failed - out of memory"));
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Reallocating out_buf to %" MBEDTLS_PRINTF_SIZET,
+ out_buf_new_len));
modified = 1;
}
}
}
- if( modified )
- {
+ if (modified) {
/* Update pointers here to avoid doing it twice. */
- mbedtls_ssl_reset_in_out_pointers( ssl );
+ mbedtls_ssl_reset_in_out_pointers(ssl);
/* Fields below might not be properly updated with record
* splitting or with CID, so they are manually updated here. */
ssl->out_msg = ssl->out_buf + written_out;
@@ -333,10 +316,10 @@
*/
#if defined(MBEDTLS_SSL_PROTO_SSL3)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl3_prf( const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen )
+static int ssl3_prf(const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen)
{
int ret = 0;
size_t i;
@@ -344,10 +327,10 @@
mbedtls_sha1_context sha1;
unsigned char padding[16];
unsigned char sha1sum[20];
- ((void)label);
+ ((void) label);
- mbedtls_md5_init( &md5 );
- mbedtls_sha1_init( &sha1 );
+ mbedtls_md5_init(&md5);
+ mbedtls_sha1_init(&sha1);
/*
* SSLv3:
@@ -357,48 +340,56 @@
* MD5( secret + SHA1( 'CCC' + secret + random ) ) +
* ...
*/
- for( i = 0; i < dlen / 16; i++ )
- {
- memset( padding, (unsigned char) ('A' + i), 1 + i );
+ for (i = 0; i < dlen / 16; i++) {
+ memset(padding, (unsigned char) ('A' + i), 1 + i);
- if( ( ret = mbedtls_sha1_starts_ret( &sha1 ) ) != 0 )
+ if ((ret = mbedtls_sha1_starts_ret(&sha1)) != 0) {
goto exit;
- if( ( ret = mbedtls_sha1_update_ret( &sha1, padding, 1 + i ) ) != 0 )
+ }
+ if ((ret = mbedtls_sha1_update_ret(&sha1, padding, 1 + i)) != 0) {
goto exit;
- if( ( ret = mbedtls_sha1_update_ret( &sha1, secret, slen ) ) != 0 )
+ }
+ if ((ret = mbedtls_sha1_update_ret(&sha1, secret, slen)) != 0) {
goto exit;
- if( ( ret = mbedtls_sha1_update_ret( &sha1, random, rlen ) ) != 0 )
+ }
+ if ((ret = mbedtls_sha1_update_ret(&sha1, random, rlen)) != 0) {
goto exit;
- if( ( ret = mbedtls_sha1_finish_ret( &sha1, sha1sum ) ) != 0 )
+ }
+ if ((ret = mbedtls_sha1_finish_ret(&sha1, sha1sum)) != 0) {
goto exit;
+ }
- if( ( ret = mbedtls_md5_starts_ret( &md5 ) ) != 0 )
+ if ((ret = mbedtls_md5_starts_ret(&md5)) != 0) {
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &md5, secret, slen ) ) != 0 )
+ }
+ if ((ret = mbedtls_md5_update_ret(&md5, secret, slen)) != 0) {
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &md5, sha1sum, 20 ) ) != 0 )
+ }
+ if ((ret = mbedtls_md5_update_ret(&md5, sha1sum, 20)) != 0) {
goto exit;
- if( ( ret = mbedtls_md5_finish_ret( &md5, dstbuf + i * 16 ) ) != 0 )
+ }
+ if ((ret = mbedtls_md5_finish_ret(&md5, dstbuf + i * 16)) != 0) {
goto exit;
+ }
}
exit:
- mbedtls_md5_free( &md5 );
- mbedtls_sha1_free( &sha1 );
+ mbedtls_md5_free(&md5);
+ mbedtls_sha1_free(&sha1);
- mbedtls_platform_zeroize( padding, sizeof( padding ) );
- mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
+ mbedtls_platform_zeroize(padding, sizeof(padding));
+ mbedtls_platform_zeroize(sha1sum, sizeof(sha1sum));
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int tls1_prf( const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen )
+static int tls1_prf(const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen)
{
size_t nb, hs;
size_t i, j, k;
@@ -410,204 +401,216 @@
mbedtls_md_context_t md_ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_md_init( &md_ctx );
+ mbedtls_md_init(&md_ctx);
- tmp_len = 20 + strlen( label ) + rlen;
- tmp = mbedtls_calloc( 1, tmp_len );
- if( tmp == NULL )
- {
+ tmp_len = 20 + strlen(label) + rlen;
+ tmp = mbedtls_calloc(1, tmp_len);
+ if (tmp == NULL) {
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto exit;
}
- hs = ( slen + 1 ) / 2;
+ hs = (slen + 1) / 2;
S1 = secret;
S2 = secret + slen - hs;
- nb = strlen( label );
- memcpy( tmp + 20, label, nb );
- memcpy( tmp + 20 + nb, random, rlen );
+ nb = strlen(label);
+ memcpy(tmp + 20, label, nb);
+ memcpy(tmp + 20 + nb, random, rlen);
nb += rlen;
/*
* First compute P_md5(secret,label+random)[0..dlen]
*/
- if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL )
- {
+ if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_MD5)) == NULL) {
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
goto exit;
}
- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
- {
+ if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) {
goto exit;
}
- ret = mbedtls_md_hmac_starts( &md_ctx, S1, hs );
- if( ret != 0 )
+ ret = mbedtls_md_hmac_starts(&md_ctx, S1, hs);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_update(&md_ctx, tmp + 20, nb);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_finish(&md_ctx, 4 + tmp);
+ if (ret != 0) {
goto exit;
+ }
- for( i = 0; i < dlen; i += 16 )
- {
- ret = mbedtls_md_hmac_reset ( &md_ctx );
- if( ret != 0 )
+ for (i = 0; i < dlen; i += 16) {
+ ret = mbedtls_md_hmac_reset(&md_ctx);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 + nb );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_update(&md_ctx, 4 + tmp, 16 + nb);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_finish( &md_ctx, h_i );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_finish(&md_ctx, h_i);
+ if (ret != 0) {
goto exit;
+ }
- ret = mbedtls_md_hmac_reset ( &md_ctx );
- if( ret != 0 )
+ ret = mbedtls_md_hmac_reset(&md_ctx);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_update(&md_ctx, 4 + tmp, 16);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_finish(&md_ctx, 4 + tmp);
+ if (ret != 0) {
goto exit;
+ }
- k = ( i + 16 > dlen ) ? dlen % 16 : 16;
+ k = (i + 16 > dlen) ? dlen % 16 : 16;
- for( j = 0; j < k; j++ )
+ for (j = 0; j < k; j++) {
dstbuf[i + j] = h_i[j];
+ }
}
- mbedtls_md_free( &md_ctx );
+ mbedtls_md_free(&md_ctx);
/*
* XOR out with P_sha1(secret,label+random)[0..dlen]
*/
- if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL )
- {
+ if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1)) == NULL) {
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
goto exit;
}
- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
- {
+ if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) {
goto exit;
}
- ret = mbedtls_md_hmac_starts( &md_ctx, S2, hs );
- if( ret != 0 )
+ ret = mbedtls_md_hmac_starts(&md_ctx, S2, hs);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_update(&md_ctx, tmp + 20, nb);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_finish( &md_ctx, tmp );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_finish(&md_ctx, tmp);
+ if (ret != 0) {
goto exit;
+ }
- for( i = 0; i < dlen; i += 20 )
- {
- ret = mbedtls_md_hmac_reset ( &md_ctx );
- if( ret != 0 )
+ for (i = 0; i < dlen; i += 20) {
+ ret = mbedtls_md_hmac_reset(&md_ctx);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_update( &md_ctx, tmp, 20 + nb );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_update(&md_ctx, tmp, 20 + nb);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_finish( &md_ctx, h_i );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_finish(&md_ctx, h_i);
+ if (ret != 0) {
goto exit;
+ }
- ret = mbedtls_md_hmac_reset ( &md_ctx );
- if( ret != 0 )
+ ret = mbedtls_md_hmac_reset(&md_ctx);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_update( &md_ctx, tmp, 20 );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_update(&md_ctx, tmp, 20);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_finish( &md_ctx, tmp );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_finish(&md_ctx, tmp);
+ if (ret != 0) {
goto exit;
+ }
- k = ( i + 20 > dlen ) ? dlen % 20 : 20;
+ k = (i + 20 > dlen) ? dlen % 20 : 20;
- for( j = 0; j < k; j++ )
- dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] );
+ for (j = 0; j < k; j++) {
+ dstbuf[i + j] = (unsigned char) (dstbuf[i + j] ^ h_i[j]);
+ }
}
exit:
- mbedtls_md_free( &md_ctx );
+ mbedtls_md_free(&md_ctx);
- mbedtls_platform_zeroize( tmp, tmp_len );
- mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
+ mbedtls_platform_zeroize(tmp, tmp_len);
+ mbedtls_platform_zeroize(h_i, sizeof(h_i));
- mbedtls_free( tmp );
- return( ret );
+ mbedtls_free(tmp);
+ return ret;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* derivation,
- psa_key_id_t key,
- psa_algorithm_t alg,
- const unsigned char* seed, size_t seed_length,
- const unsigned char* label, size_t label_length,
- size_t capacity )
+static psa_status_t setup_psa_key_derivation(psa_key_derivation_operation_t *derivation,
+ psa_key_id_t key,
+ psa_algorithm_t alg,
+ const unsigned char *seed, size_t seed_length,
+ const unsigned char *label, size_t label_length,
+ size_t capacity)
{
psa_status_t status;
- status = psa_key_derivation_setup( derivation, alg );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_key_derivation_setup(derivation, alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- if( PSA_ALG_IS_TLS12_PRF( alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
- {
- status = psa_key_derivation_input_bytes( derivation,
- PSA_KEY_DERIVATION_INPUT_SEED,
- seed, seed_length );
- if( status != PSA_SUCCESS )
- return( status );
+ if (PSA_ALG_IS_TLS12_PRF(alg) || PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) {
+ status = psa_key_derivation_input_bytes(derivation,
+ PSA_KEY_DERIVATION_INPUT_SEED,
+ seed, seed_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- if( mbedtls_svc_key_id_is_null( key ) )
- {
+ if (mbedtls_svc_key_id_is_null(key)) {
status = psa_key_derivation_input_bytes(
derivation, PSA_KEY_DERIVATION_INPUT_SECRET,
- NULL, 0 );
- }
- else
- {
+ NULL, 0);
+ } else {
status = psa_key_derivation_input_key(
- derivation, PSA_KEY_DERIVATION_INPUT_SECRET, key );
+ derivation, PSA_KEY_DERIVATION_INPUT_SECRET, key);
}
- if( status != PSA_SUCCESS )
- return( status );
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- status = psa_key_derivation_input_bytes( derivation,
- PSA_KEY_DERIVATION_INPUT_LABEL,
- label, label_length );
- if( status != PSA_SUCCESS )
- return( status );
- }
- else
- {
- return( PSA_ERROR_NOT_SUPPORTED );
+ status = psa_key_derivation_input_bytes(derivation,
+ PSA_KEY_DERIVATION_INPUT_LABEL,
+ label, label_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ } else {
+ return PSA_ERROR_NOT_SUPPORTED;
}
- status = psa_key_derivation_set_capacity( derivation, capacity );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_key_derivation_set_capacity(derivation, capacity);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int tls_prf_generic( mbedtls_md_type_t md_type,
- const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen )
+static int tls_prf_generic(mbedtls_md_type_t md_type,
+ const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen)
{
psa_status_t status;
psa_algorithm_t alg;
@@ -615,10 +618,11 @@
psa_key_derivation_operation_t derivation =
PSA_KEY_DERIVATION_OPERATION_INIT;
- if( md_type == MBEDTLS_MD_SHA384 )
+ if (md_type == MBEDTLS_MD_SHA384) {
alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384);
- else
+ } else {
alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256);
+ }
/* Normally a "secret" should be long enough to be impossible to
* find by brute force, and in particular should not be empty. But
@@ -627,62 +631,61 @@
* Since the key API doesn't allow importing a key of length 0,
* keep master_key=0, which setup_psa_key_derivation() understands
* to mean a 0-length "secret" input. */
- if( slen != 0 )
- {
+ if (slen != 0) {
psa_key_attributes_t key_attributes = psa_key_attributes_init();
- psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &key_attributes, alg );
- psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE );
+ psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&key_attributes, alg);
+ psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE);
- status = psa_import_key( &key_attributes, secret, slen, &master_key );
- if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ status = psa_import_key(&key_attributes, secret, slen, &master_key);
+ if (status != PSA_SUCCESS) {
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ }
}
- status = setup_psa_key_derivation( &derivation,
- master_key, alg,
- random, rlen,
- (unsigned char const *) label,
- (size_t) strlen( label ),
- dlen );
- if( status != PSA_SUCCESS )
- {
- psa_key_derivation_abort( &derivation );
- psa_destroy_key( master_key );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ status = setup_psa_key_derivation(&derivation,
+ master_key, alg,
+ random, rlen,
+ (unsigned char const *) label,
+ (size_t) strlen(label),
+ dlen);
+ if (status != PSA_SUCCESS) {
+ psa_key_derivation_abort(&derivation);
+ psa_destroy_key(master_key);
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
- status = psa_key_derivation_output_bytes( &derivation, dstbuf, dlen );
- if( status != PSA_SUCCESS )
- {
- psa_key_derivation_abort( &derivation );
- psa_destroy_key( master_key );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ status = psa_key_derivation_output_bytes(&derivation, dstbuf, dlen);
+ if (status != PSA_SUCCESS) {
+ psa_key_derivation_abort(&derivation);
+ psa_destroy_key(master_key);
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
- status = psa_key_derivation_abort( &derivation );
- if( status != PSA_SUCCESS )
- {
- psa_destroy_key( master_key );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ status = psa_key_derivation_abort(&derivation);
+ if (status != PSA_SUCCESS) {
+ psa_destroy_key(master_key);
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
- if( ! mbedtls_svc_key_id_is_null( master_key ) )
- status = psa_destroy_key( master_key );
- if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ if (!mbedtls_svc_key_id_is_null(master_key)) {
+ status = psa_destroy_key(master_key);
+ }
+ if (status != PSA_SUCCESS) {
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ }
- return( 0 );
+ return 0;
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int tls_prf_generic( mbedtls_md_type_t md_type,
- const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen )
+static int tls_prf_generic(mbedtls_md_type_t md_type,
+ const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen)
{
size_t nb;
size_t i, j, k, md_len;
@@ -693,237 +696,240 @@
mbedtls_md_context_t md_ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_md_init( &md_ctx );
+ mbedtls_md_init(&md_ctx);
- if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL )
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ if ((md_info = mbedtls_md_info_from_type(md_type)) == NULL) {
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ }
- md_len = mbedtls_md_get_size( md_info );
+ md_len = mbedtls_md_get_size(md_info);
- tmp_len = md_len + strlen( label ) + rlen;
- tmp = mbedtls_calloc( 1, tmp_len );
- if( tmp == NULL )
- {
+ tmp_len = md_len + strlen(label) + rlen;
+ tmp = mbedtls_calloc(1, tmp_len);
+ if (tmp == NULL) {
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto exit;
}
- nb = strlen( label );
- memcpy( tmp + md_len, label, nb );
- memcpy( tmp + md_len + nb, random, rlen );
+ nb = strlen(label);
+ memcpy(tmp + md_len, label, nb);
+ memcpy(tmp + md_len + nb, random, rlen);
nb += rlen;
/*
* Compute P_<hash>(secret, label + random)[0..dlen]
*/
- if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
+ if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) {
goto exit;
+ }
- ret = mbedtls_md_hmac_starts( &md_ctx, secret, slen );
- if( ret != 0 )
+ ret = mbedtls_md_hmac_starts(&md_ctx, secret, slen);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_update(&md_ctx, tmp + md_len, nb);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_finish( &md_ctx, tmp );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_finish(&md_ctx, tmp);
+ if (ret != 0) {
goto exit;
+ }
- for( i = 0; i < dlen; i += md_len )
- {
- ret = mbedtls_md_hmac_reset ( &md_ctx );
- if( ret != 0 )
+ for (i = 0; i < dlen; i += md_len) {
+ ret = mbedtls_md_hmac_reset(&md_ctx);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_update(&md_ctx, tmp, md_len + nb);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_finish( &md_ctx, h_i );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_finish(&md_ctx, h_i);
+ if (ret != 0) {
goto exit;
+ }
- ret = mbedtls_md_hmac_reset ( &md_ctx );
- if( ret != 0 )
+ ret = mbedtls_md_hmac_reset(&md_ctx);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_update(&md_ctx, tmp, md_len);
+ if (ret != 0) {
goto exit;
- ret = mbedtls_md_hmac_finish( &md_ctx, tmp );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_finish(&md_ctx, tmp);
+ if (ret != 0) {
goto exit;
+ }
- k = ( i + md_len > dlen ) ? dlen % md_len : md_len;
+ k = (i + md_len > dlen) ? dlen % md_len : md_len;
- for( j = 0; j < k; j++ )
+ for (j = 0; j < k; j++) {
dstbuf[i + j] = h_i[j];
+ }
}
exit:
- mbedtls_md_free( &md_ctx );
+ mbedtls_md_free(&md_ctx);
- if ( tmp != NULL )
- mbedtls_platform_zeroize( tmp, tmp_len );
+ if (tmp != NULL) {
+ mbedtls_platform_zeroize(tmp, tmp_len);
+ }
- mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
+ mbedtls_platform_zeroize(h_i, sizeof(h_i));
- mbedtls_free( tmp );
+ mbedtls_free(tmp);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SHA256_C)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int tls_prf_sha256( const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen )
+static int tls_prf_sha256(const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen)
{
- return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen,
- label, random, rlen, dstbuf, dlen ) );
+ return tls_prf_generic(MBEDTLS_MD_SHA256, secret, slen,
+ label, random, rlen, dstbuf, dlen);
}
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int tls_prf_sha384( const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen )
+static int tls_prf_sha384(const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen)
{
- return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen,
- label, random, rlen, dstbuf, dlen ) );
+ return tls_prf_generic(MBEDTLS_MD_SHA384, secret, slen,
+ label, random, rlen, dstbuf, dlen);
}
#endif /* MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
+static void ssl_update_checksum_start(mbedtls_ssl_context *, const unsigned char *, size_t);
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
-static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t );
+static void ssl_update_checksum_md5sha1(mbedtls_ssl_context *, const unsigned char *, size_t);
#endif
#if defined(MBEDTLS_SSL_PROTO_SSL3)
-static void ssl_calc_verify_ssl( const mbedtls_ssl_context *, unsigned char *, size_t * );
-static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int );
+static void ssl_calc_verify_ssl(const mbedtls_ssl_context *, unsigned char *, size_t *);
+static void ssl_calc_finished_ssl(mbedtls_ssl_context *, unsigned char *, int);
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char*, size_t * );
-static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int );
+static void ssl_calc_verify_tls(const mbedtls_ssl_context *, unsigned char *, size_t *);
+static void ssl_calc_finished_tls(mbedtls_ssl_context *, unsigned char *, int);
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
-static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
-static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * );
-static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
+static void ssl_update_checksum_sha256(mbedtls_ssl_context *, const unsigned char *, size_t);
+static void ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *, unsigned char *, size_t *);
+static void ssl_calc_finished_tls_sha256(mbedtls_ssl_context *, unsigned char *, int);
#endif
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
-static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t );
-static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * );
-static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
+static void ssl_update_checksum_sha384(mbedtls_ssl_context *, const unsigned char *, size_t);
+static void ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *, unsigned char *, size_t *);
+static void ssl_calc_finished_tls_sha384(mbedtls_ssl_context *, unsigned char *, int);
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \
defined(MBEDTLS_USE_PSA_CRYPTO)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
+static int ssl_use_opaque_psk(mbedtls_ssl_context const *ssl)
{
- if( ssl->conf->f_psk != NULL )
- {
+ if (ssl->conf->f_psk != NULL) {
/* If we've used a callback to select the PSK,
* the static configuration is irrelevant. */
- if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
- return( 1 );
+ if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
+ return 1;
+ }
- return( 0 );
+ return 0;
}
- if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
- return( 1 );
+ if (!mbedtls_svc_key_id_is_null(ssl->conf->psk_opaque)) {
+ return 1;
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
+static mbedtls_tls_prf_types tls_prf_get_type(mbedtls_ssl_tls_prf_cb *tls_prf)
{
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( tls_prf == ssl3_prf )
- {
- return( MBEDTLS_SSL_TLS_PRF_SSL3 );
- }
- else
+ if (tls_prf == ssl3_prf) {
+ return MBEDTLS_SSL_TLS_PRF_SSL3;
+ } else
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( tls_prf == tls1_prf )
- {
- return( MBEDTLS_SSL_TLS_PRF_TLS1 );
- }
- else
+ if (tls_prf == tls1_prf) {
+ return MBEDTLS_SSL_TLS_PRF_TLS1;
+ } else
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
- if( tls_prf == tls_prf_sha384 )
- {
- return( MBEDTLS_SSL_TLS_PRF_SHA384 );
- }
- else
+ if (tls_prf == tls_prf_sha384) {
+ return MBEDTLS_SSL_TLS_PRF_SHA384;
+ } else
#endif
#if defined(MBEDTLS_SHA256_C)
- if( tls_prf == tls_prf_sha256 )
- {
- return( MBEDTLS_SSL_TLS_PRF_SHA256 );
- }
- else
+ if (tls_prf == tls_prf_sha256) {
+ return MBEDTLS_SSL_TLS_PRF_SHA256;
+ } else
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- return( MBEDTLS_SSL_TLS_PRF_NONE );
+ return MBEDTLS_SSL_TLS_PRF_NONE;
}
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
-int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
- const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen )
+int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf,
+ const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen)
{
mbedtls_ssl_tls_prf_cb *tls_prf = NULL;
- switch( prf )
- {
+ switch (prf) {
#if defined(MBEDTLS_SSL_PROTO_SSL3)
case MBEDTLS_SSL_TLS_PRF_SSL3:
tls_prf = ssl3_prf;
- break;
+ break;
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
case MBEDTLS_SSL_TLS_PRF_TLS1:
tls_prf = tls1_prf;
- break;
+ break;
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_SSL_TLS_PRF_SHA384:
tls_prf = tls_prf_sha384;
- break;
+ break;
#endif /* MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384 */
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_SSL_TLS_PRF_SHA256:
tls_prf = tls_prf_sha256;
- break;
+ break;
#endif /* MBEDTLS_SHA256_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- default:
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ default:
+ return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
}
- return( tls_prf( secret, slen, label, random, rlen, dstbuf, dlen ) );
+ return tls_prf(secret, slen, label, random, rlen, dstbuf, dlen);
}
/* Type for the TLS PRF */
@@ -954,28 +960,28 @@
* - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_populate_transform( mbedtls_ssl_transform *transform,
- int ciphersuite,
- const unsigned char master[48],
+static int ssl_populate_transform(mbedtls_ssl_transform *transform,
+ int ciphersuite,
+ const unsigned char master[48],
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- int encrypt_then_mac,
+ int encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- int trunc_hmac,
+ int trunc_hmac,
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_ZLIB_SUPPORT)
- int compression,
+ int compression,
#endif
- ssl_tls_prf_t tls_prf,
- const unsigned char randbytes[64],
- int minor_ver,
- unsigned endpoint,
+ ssl_tls_prf_t tls_prf,
+ const unsigned char randbytes[64],
+ int minor_ver,
+ unsigned endpoint,
#if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
- const
+ const
#endif
- mbedtls_ssl_context *ssl )
+ mbedtls_ssl_context *ssl)
{
int ret = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1012,71 +1018,66 @@
transform->minor_ver = minor_ver;
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
- memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) );
+ memcpy(transform->randbytes, randbytes, sizeof(transform->randbytes));
#endif
/*
* Get various info structures
*/
- ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite );
- if( ciphersuite_info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %d not found",
- ciphersuite ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite);
+ if (ciphersuite_info == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("ciphersuite info for %d not found",
+ ciphersuite));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
- if( cipher_info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found",
- ciphersuite_info->cipher ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher);
+ if (cipher_info == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("cipher info for %u not found",
+ ciphersuite_info->cipher));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
- if( md_info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found",
- (unsigned) ciphersuite_info->mac ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ md_info = mbedtls_md_info_from_type(ciphersuite_info->mac);
+ if (md_info == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md info for %u not found",
+ (unsigned) ciphersuite_info->mac));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* Copy own and peer's CID if the use of the CID
* extension has been negotiated. */
- if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) );
+ if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Copy CIDs into SSL transform"));
transform->in_cid_len = ssl->own_cid_len;
- memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len );
- MBEDTLS_SSL_DEBUG_BUF( 3, "Incoming CID", transform->in_cid,
- transform->in_cid_len );
+ memcpy(transform->in_cid, ssl->own_cid, ssl->own_cid_len);
+ MBEDTLS_SSL_DEBUG_BUF(3, "Incoming CID", transform->in_cid,
+ transform->in_cid_len);
transform->out_cid_len = ssl->handshake->peer_cid_len;
- memcpy( transform->out_cid, ssl->handshake->peer_cid,
- ssl->handshake->peer_cid_len );
- MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid,
- transform->out_cid_len );
+ memcpy(transform->out_cid, ssl->handshake->peer_cid,
+ ssl->handshake->peer_cid_len);
+ MBEDTLS_SSL_DEBUG_BUF(3, "Outgoing CID", transform->out_cid,
+ transform->out_cid_len);
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/*
* Compute key block using the PRF
*/
- ret = tls_prf( master, 48, "key expansion", randbytes, 64, keyblk, 256 );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
- return( ret );
+ ret = tls_prf(master, 48, "key expansion", randbytes, 64, keyblk, 256);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "prf", ret);
+ return ret;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s",
- mbedtls_ssl_get_ciphersuite_name( ciphersuite ) ) );
- MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", master, 48 );
- MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", randbytes, 64 );
- MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite = %s",
+ mbedtls_ssl_get_ciphersuite_name(ciphersuite)));
+ MBEDTLS_SSL_DEBUG_BUF(3, "master secret", master, 48);
+ MBEDTLS_SSL_DEBUG_BUF(4, "random bytes", randbytes, 64);
+ MBEDTLS_SSL_DEBUG_BUF(4, "key block", keyblk, 256);
/*
* Determine the appropriate key, IV and MAC length.
@@ -1087,10 +1088,9 @@
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
- if( cipher_info->mode == MBEDTLS_MODE_GCM ||
+ if (cipher_info->mode == MBEDTLS_MODE_GCM ||
cipher_info->mode == MBEDTLS_MODE_CCM ||
- cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
- {
+ cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY) {
size_t explicit_ivlen;
transform->maclen = 0;
@@ -1108,39 +1108,35 @@
*/
transform->ivlen = 12;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
- {
+ if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) {
transform->fixed_ivlen = 12;
- }
- else
+ } else
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
{
- if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
+ if (cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY) {
transform->fixed_ivlen = 12;
- else
+ } else {
transform->fixed_ivlen = 4;
+ }
}
/* Minimum length of encrypted record */
explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
transform->minlen = explicit_ivlen + transform->taglen;
- }
- else
+ } else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
- if( cipher_info->mode == MBEDTLS_MODE_STREAM ||
- cipher_info->mode == MBEDTLS_MODE_CBC )
- {
+ if (cipher_info->mode == MBEDTLS_MODE_STREAM ||
+ cipher_info->mode == MBEDTLS_MODE_CBC) {
/* Initialize HMAC contexts */
- if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
- ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
+ if ((ret = mbedtls_md_setup(&transform->md_ctx_enc, md_info, 1)) != 0 ||
+ (ret = mbedtls_md_setup(&transform->md_ctx_dec, md_info, 1)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_setup", ret);
goto end;
}
/* Get MAC length */
- mac_key_len = mbedtls_md_get_size( md_info );
+ mac_key_len = mbedtls_md_get_size(md_info);
transform->maclen = mac_key_len;
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
@@ -1149,8 +1145,7 @@
* (rfc 6066 page 13 or rfc 2104 section 4),
* so we only need to adjust the length here.
*/
- if( trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
- {
+ if (trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED) {
transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN;
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
@@ -1166,10 +1161,9 @@
transform->ivlen = cipher_info->iv_size;
/* Minimum length */
- if( cipher_info->mode == MBEDTLS_MODE_STREAM )
+ if (cipher_info->mode == MBEDTLS_MODE_STREAM) {
transform->minlen = transform->maclen;
- else
- {
+ } else {
/*
* GenericBlockCipher:
* 1. if EtM is in use: one block plus MAC
@@ -1177,59 +1171,53 @@
* 2. IV except for SSL3 and TLS 1.0
*/
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
- {
+ if (encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED) {
transform->minlen = transform->maclen
- + cipher_info->block_size;
- }
- else
+ + cipher_info->block_size;
+ } else
#endif
{
transform->minlen = transform->maclen
- + cipher_info->block_size
- - transform->maclen % cipher_info->block_size;
+ + cipher_info->block_size
+ - transform->maclen % cipher_info->block_size;
}
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
- minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 )
+ if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
+ minor_ver == MBEDTLS_SSL_MINOR_VERSION_1) {
; /* No need to adjust minlen */
- else
+ } else
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 ||
- minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
+ if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 ||
+ minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) {
transform->minlen += transform->ivlen;
- }
- else
+ } else
#endif
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
goto end;
}
}
- }
- else
+ } else
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, minlen: %u, ivlen: %u, maclen: %u",
- (unsigned) keylen,
- (unsigned) transform->minlen,
- (unsigned) transform->ivlen,
- (unsigned) transform->maclen ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("keylen: %u, minlen: %u, ivlen: %u, maclen: %u",
+ (unsigned) keylen,
+ (unsigned) transform->minlen,
+ (unsigned) transform->ivlen,
+ (unsigned) transform->maclen));
/*
* Finally setup the cipher contexts, IVs and MAC secrets.
*/
#if defined(MBEDTLS_SSL_CLI_C)
- if( endpoint == MBEDTLS_SSL_IS_CLIENT )
- {
+ if (endpoint == MBEDTLS_SSL_IS_CLIENT) {
key1 = keyblk + mac_key_len * 2;
key2 = keyblk + mac_key_len * 2 + keylen;
@@ -1239,17 +1227,15 @@
/*
* This is not used in TLS v1.1.
*/
- iv_copy_len = ( transform->fixed_ivlen ) ?
- transform->fixed_ivlen : transform->ivlen;
- memcpy( transform->iv_enc, key2 + keylen, iv_copy_len );
- memcpy( transform->iv_dec, key2 + keylen + iv_copy_len,
- iv_copy_len );
- }
- else
+ iv_copy_len = (transform->fixed_ivlen) ?
+ transform->fixed_ivlen : transform->ivlen;
+ memcpy(transform->iv_enc, key2 + keylen, iv_copy_len);
+ memcpy(transform->iv_dec, key2 + keylen + iv_copy_len,
+ iv_copy_len);
+ } else
#endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SRV_C)
- if( endpoint == MBEDTLS_SSL_IS_SERVER )
- {
+ if (endpoint == MBEDTLS_SSL_IS_SERVER) {
key1 = keyblk + mac_key_len * 2 + keylen;
key2 = keyblk + mac_key_len * 2;
@@ -1259,77 +1245,70 @@
/*
* This is not used in TLS v1.1.
*/
- iv_copy_len = ( transform->fixed_ivlen ) ?
- transform->fixed_ivlen : transform->ivlen;
- memcpy( transform->iv_dec, key1 + keylen, iv_copy_len );
- memcpy( transform->iv_enc, key1 + keylen + iv_copy_len,
- iv_copy_len );
- }
- else
+ iv_copy_len = (transform->fixed_ivlen) ?
+ transform->fixed_ivlen : transform->ivlen;
+ memcpy(transform->iv_dec, key1 + keylen, iv_copy_len);
+ memcpy(transform->iv_enc, key1 + keylen + iv_copy_len,
+ iv_copy_len);
+ } else
#endif /* MBEDTLS_SSL_SRV_C */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
goto end;
}
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
- {
- if( mac_key_len > sizeof( transform->mac_enc ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) {
+ if (mac_key_len > sizeof(transform->mac_enc)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
goto end;
}
- memcpy( transform->mac_enc, mac_enc, mac_key_len );
- memcpy( transform->mac_dec, mac_dec, mac_key_len );
- }
- else
+ memcpy(transform->mac_enc, mac_enc, mac_key_len);
+ memcpy(transform->mac_dec, mac_dec, mac_key_len);
+ } else
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
- {
+ if (minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1) {
/* For HMAC-based ciphersuites, initialize the HMAC transforms.
For AEAD-based ciphersuites, there is nothing to do here. */
- if( mac_key_len != 0 )
- {
- ret = mbedtls_md_hmac_starts( &transform->md_ctx_enc,
- mac_enc, mac_key_len );
- if( ret != 0 )
+ if (mac_key_len != 0) {
+ ret = mbedtls_md_hmac_starts(&transform->md_ctx_enc,
+ mac_enc, mac_key_len);
+ if (ret != 0) {
goto end;
- ret = mbedtls_md_hmac_starts( &transform->md_ctx_dec,
- mac_dec, mac_key_len );
- if( ret != 0 )
+ }
+ ret = mbedtls_md_hmac_starts(&transform->md_ctx_dec,
+ mac_dec, mac_key_len);
+ if (ret != 0) {
goto end;
+ }
}
- }
- else
+ } else
#endif
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
goto end;
}
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
- if( mbedtls_ssl_hw_record_init != NULL )
- {
+ if (mbedtls_ssl_hw_record_init != NULL) {
ret = 0;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("going for mbedtls_ssl_hw_record_init()"));
- if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, keylen,
- transform->iv_enc, transform->iv_dec,
- iv_copy_len,
- mac_enc, mac_dec,
- mac_key_len ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret );
+ if ((ret = mbedtls_ssl_hw_record_init(ssl, key1, key2, keylen,
+ transform->iv_enc, transform->iv_dec,
+ iv_copy_len,
+ mac_enc, mac_dec,
+ mac_key_len)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_init", ret);
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto end;
}
@@ -1340,23 +1319,21 @@
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
- if( ssl->conf->f_export_keys != NULL )
- {
- ssl->conf->f_export_keys( ssl->conf->p_export_keys,
- master, keyblk,
- mac_key_len, keylen,
- iv_copy_len );
+ if (ssl->conf->f_export_keys != NULL) {
+ ssl->conf->f_export_keys(ssl->conf->p_export_keys,
+ master, keyblk,
+ mac_key_len, keylen,
+ iv_copy_len);
}
- if( ssl->conf->f_export_keys_ext != NULL )
- {
- ssl->conf->f_export_keys_ext( ssl->conf->p_export_keys,
- master, keyblk,
- mac_key_len, keylen,
- iv_copy_len,
- randbytes + 32,
- randbytes,
- tls_prf_get_type( tls_prf ) );
+ if (ssl->conf->f_export_keys_ext != NULL) {
+ ssl->conf->f_export_keys_ext(ssl->conf->p_export_keys,
+ master, keyblk,
+ mac_key_len, keylen,
+ iv_copy_len,
+ randbytes + 32,
+ randbytes,
+ tls_prf_get_type(tls_prf));
}
#endif
@@ -1369,41 +1346,38 @@
* the structure field for the IV, which the PSA-based
* implementation currently doesn't. */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_enc,
- cipher_info, transform->taglen );
- if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
+ if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) {
+ ret = mbedtls_cipher_setup_psa(&transform->cipher_ctx_enc,
+ cipher_info, transform->taglen);
+ if (ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup_psa", ret);
goto end;
}
- if( ret == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based encryption cipher context" ) );
+ if (ret == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Successfully setup PSA-based encryption cipher context"));
psa_fallthrough = 0;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record encryption - fall through to default setup." ) );
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ (
+ "Failed to setup PSA-based cipher context for record encryption - fall through to default setup."));
psa_fallthrough = 1;
}
- }
- else
+ } else {
psa_fallthrough = 1;
+ }
#else
psa_fallthrough = 1;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- if( psa_fallthrough == 0 )
+ if (psa_fallthrough == 0) {
do_mbedtls_cipher_setup = 0;
+ }
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( do_mbedtls_cipher_setup &&
- ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
- cipher_info ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
+ if (do_mbedtls_cipher_setup &&
+ (ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc,
+ cipher_info)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
goto end;
}
@@ -1415,74 +1389,66 @@
* the structure field for the IV, which the PSA-based
* implementation currently doesn't. */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_dec,
- cipher_info, transform->taglen );
- if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
+ if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) {
+ ret = mbedtls_cipher_setup_psa(&transform->cipher_ctx_dec,
+ cipher_info, transform->taglen);
+ if (ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup_psa", ret);
goto end;
}
- if( ret == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based decryption cipher context" ) );
+ if (ret == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Successfully setup PSA-based decryption cipher context"));
psa_fallthrough = 0;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record decryption - fall through to default setup." ) );
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ (
+ "Failed to setup PSA-based cipher context for record decryption - fall through to default setup."));
psa_fallthrough = 1;
}
- }
- else
+ } else {
psa_fallthrough = 1;
+ }
#else
psa_fallthrough = 1;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- if( psa_fallthrough == 0 )
+ if (psa_fallthrough == 0) {
do_mbedtls_cipher_setup = 0;
+ }
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( do_mbedtls_cipher_setup &&
- ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
- cipher_info ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
+ if (do_mbedtls_cipher_setup &&
+ (ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec,
+ cipher_info)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
goto end;
}
- if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1,
- cipher_info->key_bitlen,
- MBEDTLS_ENCRYPT ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
+ if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc, key1,
+ cipher_info->key_bitlen,
+ MBEDTLS_ENCRYPT)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
goto end;
}
- if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2,
- cipher_info->key_bitlen,
- MBEDTLS_DECRYPT ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
+ if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec, key2,
+ cipher_info->key_bitlen,
+ MBEDTLS_DECRYPT)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
goto end;
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- if( cipher_info->mode == MBEDTLS_MODE_CBC )
- {
- if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc,
- MBEDTLS_PADDING_NONE ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
+ if (cipher_info->mode == MBEDTLS_MODE_CBC) {
+ if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_enc,
+ MBEDTLS_PADDING_NONE)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_set_padding_mode", ret);
goto end;
}
- if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec,
- MBEDTLS_PADDING_NONE ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
+ if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_dec,
+ MBEDTLS_PADDING_NONE)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_set_padding_mode", ret);
goto end;
}
}
@@ -1491,18 +1457,16 @@
/* Initialize Zlib contexts */
#if defined(MBEDTLS_ZLIB_SUPPORT)
- if( compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) );
+ if (compression == MBEDTLS_SSL_COMPRESS_DEFLATE) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Initializing zlib states"));
- memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) );
- memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) );
+ memset(&transform->ctx_deflate, 0, sizeof(transform->ctx_deflate));
+ memset(&transform->ctx_inflate, 0, sizeof(transform->ctx_inflate));
- if( deflateInit( &transform->ctx_deflate,
- Z_DEFAULT_COMPRESSION ) != Z_OK ||
- inflateInit( &transform->ctx_inflate ) != Z_OK )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) );
+ if (deflateInit(&transform->ctx_deflate,
+ Z_DEFAULT_COMPRESSION) != Z_OK ||
+ inflateInit(&transform->ctx_inflate) != Z_OK) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Failed to initialize compression"));
ret = MBEDTLS_ERR_SSL_COMPRESSION_FAILED;
goto end;
}
@@ -1510,8 +1474,8 @@
#endif /* MBEDTLS_ZLIB_SUPPORT */
end:
- mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
- return( ret );
+ mbedtls_platform_zeroize(keyblk, sizeof(keyblk));
+ return ret;
}
/*
@@ -1525,59 +1489,51 @@
* - the tls_prf, calc_verify and calc_finished members of handshake structure
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
- int minor_ver,
- mbedtls_md_type_t hash )
+static int ssl_set_handshake_prfs(mbedtls_ssl_handshake_params *handshake,
+ int minor_ver,
+ mbedtls_md_type_t hash)
{
#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) || \
- !( defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) )
+ !(defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384))
(void) hash;
#endif
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
- {
+ if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) {
handshake->tls_prf = ssl3_prf;
handshake->calc_verify = ssl_calc_verify_ssl;
handshake->calc_finished = ssl_calc_finished_ssl;
- }
- else
+ } else
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
- {
+ if (minor_ver < MBEDTLS_SSL_MINOR_VERSION_3) {
handshake->tls_prf = tls1_prf;
handshake->calc_verify = ssl_calc_verify_tls;
handshake->calc_finished = ssl_calc_finished_tls;
- }
- else
+ } else
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
- hash == MBEDTLS_MD_SHA384 )
- {
+ if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
+ hash == MBEDTLS_MD_SHA384) {
handshake->tls_prf = tls_prf_sha384;
handshake->calc_verify = ssl_calc_verify_tls_sha384;
handshake->calc_finished = ssl_calc_finished_tls_sha384;
- }
- else
+ } else
#endif
#if defined(MBEDTLS_SHA256_C)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
+ if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) {
handshake->tls_prf = tls_prf_sha256;
handshake->calc_verify = ssl_calc_verify_tls_sha256;
handshake->calc_finished = ssl_calc_finished_tls_sha256;
- }
- else
+ } else
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- return( 0 );
+ return 0;
}
/*
@@ -1595,9 +1551,9 @@
* PSA-PSA: minor_ver, conf
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
- unsigned char *master,
- const mbedtls_ssl_context *ssl )
+static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake,
+ unsigned char *master,
+ const mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1628,35 +1584,32 @@
#if !defined(MBEDTLS_DEBUG_C) && \
!defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
!(defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED))
+ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED))
ssl = NULL; /* make sure we don't use it except for those cases */
(void) ssl;
#endif
- if( handshake->resume != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
- return( 0 );
+ if (handshake->resume != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("no premaster (session resumed)"));
+ return 0;
}
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- if( handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED )
- {
+ if (handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED) {
lbl = "extended master secret";
salt = session_hash;
- handshake->calc_verify( ssl, session_hash, &salt_len );
+ handshake->calc_verify(ssl, session_hash, &salt_len);
- MBEDTLS_SSL_DEBUG_BUF( 3, "session hash for extended master secret",
- session_hash, salt_len );
+ MBEDTLS_SSL_DEBUG_BUF(3, "session hash for extended master secret",
+ session_hash, salt_len);
}
#endif /* MBEDTLS_SSL_EXTENDED_MS_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
- if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
+ if (handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
- ssl_use_opaque_psk( ssl ) == 1 )
- {
+ ssl_use_opaque_psk(ssl) == 1) {
/* Perform PSK-to-MS expansion in a single step. */
psa_status_t status;
psa_algorithm_t alg;
@@ -1665,89 +1618,85 @@
PSA_KEY_DERIVATION_OPERATION_INIT;
mbedtls_md_type_t hash_alg = handshake->ciphersuite_info->mac;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("perform PSA-based PSK-to-MS expansion"));
- psk = mbedtls_ssl_get_opaque_psk( ssl );
+ psk = mbedtls_ssl_get_opaque_psk(ssl);
- if( hash_alg == MBEDTLS_MD_SHA384 )
+ if (hash_alg == MBEDTLS_MD_SHA384) {
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
- else
+ } else {
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
-
- status = setup_psa_key_derivation( &derivation, psk, alg,
- salt, salt_len,
- (unsigned char const *) lbl,
- (size_t) strlen( lbl ),
- master_secret_len );
- if( status != PSA_SUCCESS )
- {
- psa_key_derivation_abort( &derivation );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
- status = psa_key_derivation_output_bytes( &derivation,
- master,
- master_secret_len );
- if( status != PSA_SUCCESS )
- {
- psa_key_derivation_abort( &derivation );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ status = setup_psa_key_derivation(&derivation, psk, alg,
+ salt, salt_len,
+ (unsigned char const *) lbl,
+ (size_t) strlen(lbl),
+ master_secret_len);
+ if (status != PSA_SUCCESS) {
+ psa_key_derivation_abort(&derivation);
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
- status = psa_key_derivation_abort( &derivation );
- if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
- }
- else
+ status = psa_key_derivation_output_bytes(&derivation,
+ master,
+ master_secret_len);
+ if (status != PSA_SUCCESS) {
+ psa_key_derivation_abort(&derivation);
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ }
+
+ status = psa_key_derivation_abort(&derivation);
+ if (status != PSA_SUCCESS) {
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ }
+ } else
#endif
{
- ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
- lbl, salt, salt_len,
- master,
- master_secret_len );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
- return( ret );
+ ret = handshake->tls_prf(handshake->premaster, handshake->pmslen,
+ lbl, salt, salt_len,
+ master,
+ master_secret_len);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "prf", ret);
+ return ret;
}
- MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret",
- handshake->premaster,
- handshake->pmslen );
+ MBEDTLS_SSL_DEBUG_BUF(3, "premaster secret",
+ handshake->premaster,
+ handshake->pmslen);
- mbedtls_platform_zeroize( handshake->premaster,
- sizeof(handshake->premaster) );
+ mbedtls_platform_zeroize(handshake->premaster,
+ sizeof(handshake->premaster));
}
- return( 0 );
+ return 0;
}
-int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
ssl->handshake->ciphersuite_info;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> derive keys"));
/* Set PRF, calc_verify and calc_finished function pointers */
- ret = ssl_set_handshake_prfs( ssl->handshake,
- ssl->minor_ver,
- ciphersuite_info->mac );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_set_handshake_prfs", ret );
- return( ret );
+ ret = ssl_set_handshake_prfs(ssl->handshake,
+ ssl->minor_ver,
+ ciphersuite_info->mac);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_set_handshake_prfs", ret);
+ return ret;
}
/* Compute master secret if needed */
- ret = ssl_compute_master( ssl->handshake,
- ssl->session_negotiate->master,
- ssl );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compute_master", ret );
- return( ret );
+ ret = ssl_compute_master(ssl->handshake,
+ ssl->session_negotiate->master,
+ ssl);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_compute_master", ret);
+ return ret;
}
/* Swap the client and server random values:
@@ -1755,142 +1704,139 @@
* - key derivation wants server+client (RFC 5246 6.3) */
{
unsigned char tmp[64];
- memcpy( tmp, ssl->handshake->randbytes, 64 );
- memcpy( ssl->handshake->randbytes, tmp + 32, 32 );
- memcpy( ssl->handshake->randbytes + 32, tmp, 32 );
- mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+ memcpy(tmp, ssl->handshake->randbytes, 64);
+ memcpy(ssl->handshake->randbytes, tmp + 32, 32);
+ memcpy(ssl->handshake->randbytes + 32, tmp, 32);
+ mbedtls_platform_zeroize(tmp, sizeof(tmp));
}
/* Populate transform structure */
- ret = ssl_populate_transform( ssl->transform_negotiate,
- ssl->session_negotiate->ciphersuite,
- ssl->session_negotiate->master,
+ ret = ssl_populate_transform(ssl->transform_negotiate,
+ ssl->session_negotiate->ciphersuite,
+ ssl->session_negotiate->master,
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- ssl->session_negotiate->encrypt_then_mac,
+ ssl->session_negotiate->encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- ssl->session_negotiate->trunc_hmac,
+ ssl->session_negotiate->trunc_hmac,
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_ZLIB_SUPPORT)
- ssl->session_negotiate->compression,
+ ssl->session_negotiate->compression,
#endif
- ssl->handshake->tls_prf,
- ssl->handshake->randbytes,
- ssl->minor_ver,
- ssl->conf->endpoint,
- ssl );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_populate_transform", ret );
- return( ret );
+ ssl->handshake->tls_prf,
+ ssl->handshake->randbytes,
+ ssl->minor_ver,
+ ssl->conf->endpoint,
+ ssl);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "ssl_populate_transform", ret);
+ return ret;
}
/* We no longer need Server/ClientHello.random values */
- mbedtls_platform_zeroize( ssl->handshake->randbytes,
- sizeof( ssl->handshake->randbytes ) );
+ mbedtls_platform_zeroize(ssl->handshake->randbytes,
+ sizeof(ssl->handshake->randbytes));
/* Allocate compression buffer */
#if defined(MBEDTLS_ZLIB_SUPPORT)
- if( ssl->session_negotiate->compression == MBEDTLS_SSL_COMPRESS_DEFLATE &&
- ssl->compress_buf == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) );
- ssl->compress_buf = mbedtls_calloc( 1, MBEDTLS_SSL_COMPRESS_BUFFER_LEN );
- if( ssl->compress_buf == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
- MBEDTLS_SSL_COMPRESS_BUFFER_LEN ) );
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ if (ssl->session_negotiate->compression == MBEDTLS_SSL_COMPRESS_DEFLATE &&
+ ssl->compress_buf == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Allocating compression buffer"));
+ ssl->compress_buf = mbedtls_calloc(1, MBEDTLS_SSL_COMPRESS_BUFFER_LEN);
+ if (ssl->compress_buf == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%d bytes) failed",
+ MBEDTLS_SSL_COMPRESS_BUFFER_LEN));
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
}
#endif
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= derive keys"));
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SSL_PROTO_SSL3)
-void ssl_calc_verify_ssl( const mbedtls_ssl_context *ssl,
- unsigned char *hash,
- size_t *hlen )
+void ssl_calc_verify_ssl(const mbedtls_ssl_context *ssl,
+ unsigned char *hash,
+ size_t *hlen)
{
mbedtls_md5_context md5;
mbedtls_sha1_context sha1;
unsigned char pad_1[48];
unsigned char pad_2[48];
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify ssl"));
- mbedtls_md5_init( &md5 );
- mbedtls_sha1_init( &sha1 );
+ mbedtls_md5_init(&md5);
+ mbedtls_sha1_init(&sha1);
- mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
- mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
+ mbedtls_md5_clone(&md5, &ssl->handshake->fin_md5);
+ mbedtls_sha1_clone(&sha1, &ssl->handshake->fin_sha1);
- memset( pad_1, 0x36, 48 );
- memset( pad_2, 0x5C, 48 );
+ memset(pad_1, 0x36, 48);
+ memset(pad_2, 0x5C, 48);
- mbedtls_md5_update_ret( &md5, ssl->session_negotiate->master, 48 );
- mbedtls_md5_update_ret( &md5, pad_1, 48 );
- mbedtls_md5_finish_ret( &md5, hash );
+ mbedtls_md5_update_ret(&md5, ssl->session_negotiate->master, 48);
+ mbedtls_md5_update_ret(&md5, pad_1, 48);
+ mbedtls_md5_finish_ret(&md5, hash);
- mbedtls_md5_starts_ret( &md5 );
- mbedtls_md5_update_ret( &md5, ssl->session_negotiate->master, 48 );
- mbedtls_md5_update_ret( &md5, pad_2, 48 );
- mbedtls_md5_update_ret( &md5, hash, 16 );
- mbedtls_md5_finish_ret( &md5, hash );
+ mbedtls_md5_starts_ret(&md5);
+ mbedtls_md5_update_ret(&md5, ssl->session_negotiate->master, 48);
+ mbedtls_md5_update_ret(&md5, pad_2, 48);
+ mbedtls_md5_update_ret(&md5, hash, 16);
+ mbedtls_md5_finish_ret(&md5, hash);
- mbedtls_sha1_update_ret( &sha1, ssl->session_negotiate->master, 48 );
- mbedtls_sha1_update_ret( &sha1, pad_1, 40 );
- mbedtls_sha1_finish_ret( &sha1, hash + 16 );
+ mbedtls_sha1_update_ret(&sha1, ssl->session_negotiate->master, 48);
+ mbedtls_sha1_update_ret(&sha1, pad_1, 40);
+ mbedtls_sha1_finish_ret(&sha1, hash + 16);
- mbedtls_sha1_starts_ret( &sha1 );
- mbedtls_sha1_update_ret( &sha1, ssl->session_negotiate->master, 48 );
- mbedtls_sha1_update_ret( &sha1, pad_2, 40 );
- mbedtls_sha1_update_ret( &sha1, hash + 16, 20 );
- mbedtls_sha1_finish_ret( &sha1, hash + 16 );
+ mbedtls_sha1_starts_ret(&sha1);
+ mbedtls_sha1_update_ret(&sha1, ssl->session_negotiate->master, 48);
+ mbedtls_sha1_update_ret(&sha1, pad_2, 40);
+ mbedtls_sha1_update_ret(&sha1, hash + 16, 20);
+ mbedtls_sha1_finish_ret(&sha1, hash + 16);
*hlen = 36;
- MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+ MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen);
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify"));
- mbedtls_md5_free( &md5 );
- mbedtls_sha1_free( &sha1 );
+ mbedtls_md5_free(&md5);
+ mbedtls_sha1_free(&sha1);
return;
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl,
- unsigned char *hash,
- size_t *hlen )
+void ssl_calc_verify_tls(const mbedtls_ssl_context *ssl,
+ unsigned char *hash,
+ size_t *hlen)
{
mbedtls_md5_context md5;
mbedtls_sha1_context sha1;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify tls"));
- mbedtls_md5_init( &md5 );
- mbedtls_sha1_init( &sha1 );
+ mbedtls_md5_init(&md5);
+ mbedtls_sha1_init(&sha1);
- mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
- mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
+ mbedtls_md5_clone(&md5, &ssl->handshake->fin_md5);
+ mbedtls_sha1_clone(&sha1, &ssl->handshake->fin_sha1);
- mbedtls_md5_finish_ret( &md5, hash );
- mbedtls_sha1_finish_ret( &sha1, hash + 16 );
+ mbedtls_md5_finish_ret(&md5, hash);
+ mbedtls_sha1_finish_ret(&sha1, hash + 16);
*hlen = 36;
- MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+ MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen);
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify"));
- mbedtls_md5_free( &md5 );
- mbedtls_sha1_free( &sha1 );
+ mbedtls_md5_free(&md5);
+ mbedtls_sha1_free(&sha1);
return;
}
@@ -1898,98 +1844,94 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
-void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl,
- unsigned char *hash,
- size_t *hlen )
+void ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl,
+ unsigned char *hash,
+ size_t *hlen)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t hash_size;
psa_status_t status;
psa_hash_operation_t sha256_psa = psa_hash_operation_init();
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) );
- status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
- if( status != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify sha256"));
+ status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa);
+ if (status != PSA_SUCCESS) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed"));
return;
}
- status = psa_hash_finish( &sha256_psa, hash, 32, &hash_size );
- if( status != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+ status = psa_hash_finish(&sha256_psa, hash, 32, &hash_size);
+ if (status != PSA_SUCCESS) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed"));
return;
}
*hlen = 32;
- MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
+ MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen);
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify"));
#else
mbedtls_sha256_context sha256;
- mbedtls_sha256_init( &sha256 );
+ mbedtls_sha256_init(&sha256);
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha256"));
- mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
- mbedtls_sha256_finish_ret( &sha256, hash );
+ mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256);
+ mbedtls_sha256_finish_ret(&sha256, hash);
*hlen = 32;
- MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+ MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen);
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify"));
- mbedtls_sha256_free( &sha256 );
+ mbedtls_sha256_free(&sha256);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
return;
}
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
-void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl,
- unsigned char *hash,
- size_t *hlen )
+void ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl,
+ unsigned char *hash,
+ size_t *hlen)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t hash_size;
psa_status_t status;
psa_hash_operation_t sha384_psa = psa_hash_operation_init();
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha384" ) );
- status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa );
- if( status != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify sha384"));
+ status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa);
+ if (status != PSA_SUCCESS) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed"));
return;
}
- status = psa_hash_finish( &sha384_psa, hash, 48, &hash_size );
- if( status != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+ status = psa_hash_finish(&sha384_psa, hash, 48, &hash_size);
+ if (status != PSA_SUCCESS) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed"));
return;
}
*hlen = 48;
- MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
+ MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen);
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify"));
#else
mbedtls_sha512_context sha512;
- mbedtls_sha512_init( &sha512 );
+ mbedtls_sha512_init(&sha512);
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha384"));
- mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
- mbedtls_sha512_finish_ret( &sha512, hash );
+ mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha512);
+ mbedtls_sha512_finish_ret(&sha512, hash);
*hlen = 48;
- MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+ MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen);
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify"));
- mbedtls_sha512_free( &sha512 );
+ mbedtls_sha512_free(&sha512);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
return;
}
@@ -1997,22 +1939,21 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex )
+int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex)
{
unsigned char *p = ssl->handshake->premaster;
- unsigned char *end = p + sizeof( ssl->handshake->premaster );
+ unsigned char *end = p + sizeof(ssl->handshake->premaster);
const unsigned char *psk = NULL;
size_t psk_len = 0;
- if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len )
- == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
- {
+ if (mbedtls_ssl_get_psk(ssl, &psk, &psk_len)
+ == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED) {
/*
* This should never happen because the existence of a PSK is always
* checked before calling this function
*/
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
/*
@@ -2023,152 +1964,142 @@
* with "other_secret" depending on the particular key exchange
*/
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
- if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK )
- {
- if( end - p < 2 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (key_ex == MBEDTLS_KEY_EXCHANGE_PSK) {
+ if (end - p < 2) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(psk_len, p, 0);
p += 2;
- if( end < p || (size_t)( end - p ) < psk_len )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (end < p || (size_t) (end - p) < psk_len) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- memset( p, 0, psk_len );
+ memset(p, 0, psk_len);
p += psk_len;
- }
- else
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
- if( key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
- {
+ if (key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
/*
* other_secret already set by the ClientKeyExchange message,
* and is 48 bytes long
*/
- if( end - p < 2 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (end - p < 2) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
*p++ = 0;
*p++ = 48;
p += 48;
- }
- else
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
- if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
- {
+ if (key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
/* Write length only when we know the actual value */
- if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
- p + 2, end - ( p + 2 ), &len,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
- return( ret );
+ if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
+ p + 2, end - (p + 2), &len,
+ ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
+ return ret;
}
- MBEDTLS_PUT_UINT16_BE( len, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(len, p, 0);
p += 2 + len;
- MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
- }
- else
+ MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
- if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
- {
+ if (key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t zlen;
- if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen,
- p + 2, end - ( p + 2 ),
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
- return( ret );
+ if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, &zlen,
+ p + 2, end - (p + 2),
+ ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret);
+ return ret;
}
- MBEDTLS_PUT_UINT16_BE( zlen, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(zlen, p, 0);
p += 2 + zlen;
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Z );
- }
- else
+ MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_Z);
+ } else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
/* opaque psk<0..2^16-1>; */
- if( end - p < 2 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (end - p < 2) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 );
+ MBEDTLS_PUT_UINT16_BE(psk_len, p, 0);
p += 2;
- if( end < p || (size_t)( end - p ) < psk_len )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (end < p || (size_t) (end - p) < psk_len) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- memcpy( p, psk, psk_len );
+ memcpy(p, psk, psk_len);
p += psk_len;
ssl->handshake->pmslen = p - ssl->handshake->premaster;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_hello_request( mbedtls_ssl_context *ssl );
+static int ssl_write_hello_request(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_PROTO_DTLS)
-int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_resend_hello_request(mbedtls_ssl_context *ssl)
{
/* If renegotiation is not enforced, retransmit until we would reach max
* timeout if we were using the usual handshake doubling scheme */
- if( ssl->conf->renego_max_records < 0 )
- {
+ if (ssl->conf->renego_max_records < 0) {
uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1;
unsigned char doublings = 1;
- while( ratio != 0 )
- {
+ while (ratio != 0) {
++doublings;
ratio >>= 1;
}
- if( ++ssl->renego_records_seen > doublings )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "no longer retransmitting hello request" ) );
- return( 0 );
+ if (++ssl->renego_records_seen > doublings) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("no longer retransmitting hello request"));
+ return 0;
}
}
- return( ssl_write_hello_request( ssl ) );
+ return ssl_write_hello_request(ssl);
}
#endif
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-static void ssl_clear_peer_cert( mbedtls_ssl_session *session )
+static void ssl_clear_peer_cert(mbedtls_ssl_session *session)
{
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- if( session->peer_cert != NULL )
- {
- mbedtls_x509_crt_free( session->peer_cert );
- mbedtls_free( session->peer_cert );
+ if (session->peer_cert != NULL) {
+ mbedtls_x509_crt_free(session->peer_cert);
+ mbedtls_free(session->peer_cert);
session->peer_cert = NULL;
}
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- if( session->peer_cert_digest != NULL )
- {
+ if (session->peer_cert_digest != NULL) {
/* Zeroization is not necessary. */
- mbedtls_free( session->peer_cert_digest );
+ mbedtls_free(session->peer_cert_digest);
session->peer_cert_digest = NULL;
session->peer_cert_digest_type = MBEDTLS_MD_NONE;
session->peer_cert_digest_len = 0;
@@ -2182,46 +2113,44 @@
*/
#if !defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* No certificate support -> dummy functions */
-int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate"));
- if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
+ if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate"));
ssl->state++;
- return( 0 );
+ return 0;
}
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
-int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl)
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate"));
- if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
+ if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate"));
ssl->state++;
- return( 0 );
+ return 0;
}
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/* Some certificate support -> implement write and parse */
-int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
size_t i, n;
@@ -2229,23 +2158,20 @@
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate"));
- if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
+ if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate"));
ssl->state++;
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
- {
- if( ssl->client_auth == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
+ if (ssl->client_auth == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate"));
ssl->state++;
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SSL_PROTO_SSL3)
@@ -2253,32 +2179,29 @@
* If using SSLv3 and got no cert, send an Alert message
* (otherwise an empty Certificate message will be sent).
*/
- if( mbedtls_ssl_own_cert( ssl ) == NULL &&
- ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
- {
+ if (mbedtls_ssl_own_cert(ssl) == NULL &&
+ ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) {
ssl->out_msglen = 2;
ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
ssl->out_msg[0] = MBEDTLS_SSL_ALERT_LEVEL_WARNING;
ssl->out_msg[1] = MBEDTLS_SSL_ALERT_MSG_NO_CERT;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("got no certificate to send"));
goto write_msg;
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
}
#endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
- {
- if( mbedtls_ssl_own_cert( ssl ) == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
- return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED );
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
+ if (mbedtls_ssl_own_cert(ssl) == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("got no certificate to send"));
+ return MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED;
}
}
#endif
- MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) );
+ MBEDTLS_SSL_DEBUG_CRT(3, "own certificate", mbedtls_ssl_own_cert(ssl));
/*
* 0 . 0 handshake type
@@ -2290,30 +2213,28 @@
* n+3 . ... upper level cert, etc.
*/
i = 7;
- crt = mbedtls_ssl_own_cert( ssl );
+ crt = mbedtls_ssl_own_cert(ssl);
- while( crt != NULL )
- {
+ while (crt != NULL) {
n = crt->raw.len;
- if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET
- " > %" MBEDTLS_PRINTF_SIZET,
- i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
- return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
+ if (n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("certificate too large, %" MBEDTLS_PRINTF_SIZET
+ " > %" MBEDTLS_PRINTF_SIZET,
+ i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN));
+ return MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE;
}
- ssl->out_msg[i ] = MBEDTLS_BYTE_2( n );
- ssl->out_msg[i + 1] = MBEDTLS_BYTE_1( n );
- ssl->out_msg[i + 2] = MBEDTLS_BYTE_0( n );
+ ssl->out_msg[i] = MBEDTLS_BYTE_2(n);
+ ssl->out_msg[i + 1] = MBEDTLS_BYTE_1(n);
+ ssl->out_msg[i + 2] = MBEDTLS_BYTE_0(n);
- i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
+ i += 3; memcpy(ssl->out_msg + i, crt->raw.p, n);
i += n; crt = crt->next;
}
- ssl->out_msg[4] = MBEDTLS_BYTE_2( i - 7 );
- ssl->out_msg[5] = MBEDTLS_BYTE_1( i - 7 );
- ssl->out_msg[6] = MBEDTLS_BYTE_0( i - 7 );
+ ssl->out_msg[4] = MBEDTLS_BYTE_2(i - 7);
+ ssl->out_msg[5] = MBEDTLS_BYTE_1(i - 7);
+ ssl->out_msg[6] = MBEDTLS_BYTE_0(i - 7);
ssl->out_msglen = i;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
@@ -2325,40 +2246,41 @@
ssl->state++;
- if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+ return ret;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate"));
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
- unsigned char *crt_buf,
- size_t crt_buf_len )
+static int ssl_check_peer_crt_unchanged(mbedtls_ssl_context *ssl,
+ unsigned char *crt_buf,
+ size_t crt_buf_len)
{
mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert;
- if( peer_crt == NULL )
- return( -1 );
+ if (peer_crt == NULL) {
+ return -1;
+ }
- if( peer_crt->raw.len != crt_buf_len )
- return( -1 );
+ if (peer_crt->raw.len != crt_buf_len) {
+ return -1;
+ }
- return( memcmp( peer_crt->raw.p, crt_buf, peer_crt->raw.len ) );
+ return memcmp(peer_crt->raw.p, crt_buf, peer_crt->raw.len);
}
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
- unsigned char *crt_buf,
- size_t crt_buf_len )
+static int ssl_check_peer_crt_unchanged(mbedtls_ssl_context *ssl,
+ unsigned char *crt_buf,
+ size_t crt_buf_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char const * const peer_cert_digest =
@@ -2366,22 +2288,25 @@
mbedtls_md_type_t const peer_cert_digest_type =
ssl->session->peer_cert_digest_type;
mbedtls_md_info_t const * const digest_info =
- mbedtls_md_info_from_type( peer_cert_digest_type );
+ mbedtls_md_info_from_type(peer_cert_digest_type);
unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN];
size_t digest_len;
- if( peer_cert_digest == NULL || digest_info == NULL )
- return( -1 );
+ if (peer_cert_digest == NULL || digest_info == NULL) {
+ return -1;
+ }
- digest_len = mbedtls_md_get_size( digest_info );
- if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN )
- return( -1 );
+ digest_len = mbedtls_md_get_size(digest_info);
+ if (digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN) {
+ return -1;
+ }
- ret = mbedtls_md( digest_info, crt_buf, crt_buf_len, tmp_digest );
- if( ret != 0 )
- return( -1 );
+ ret = mbedtls_md(digest_info, crt_buf, crt_buf_len, tmp_digest);
+ if (ret != 0) {
+ return -1;
+ }
- return( memcmp( tmp_digest, peer_cert_digest, digest_len ) );
+ return memcmp(tmp_digest, peer_cert_digest, digest_len);
}
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
@@ -2391,125 +2316,116 @@
* perform basic checks, but leave actual verification to the caller
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *chain )
+static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *chain)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
- int crt_cnt=0;
+ int crt_cnt = 0;
#endif
size_t i, n;
uint8_t alert;
- if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
+ return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
- if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE ||
- ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+ if (ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE ||
+ ssl->in_hslen < mbedtls_ssl_hs_hdr_len(ssl) + 3 + 3) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
}
- i = mbedtls_ssl_hs_hdr_len( ssl );
+ i = mbedtls_ssl_hs_hdr_len(ssl);
/*
* Same message structure as in mbedtls_ssl_write_certificate()
*/
- n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2];
+ n = (ssl->in_msg[i+1] << 8) | ssl->in_msg[i+2];
- if( ssl->in_msg[i] != 0 ||
- ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+ if (ssl->in_msg[i] != 0 ||
+ ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len(ssl)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
}
/* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */
i += 3;
/* Iterate through and parse the CRTs in the provided chain. */
- while( i < ssl->in_hslen )
- {
+ while (i < ssl->in_hslen) {
/* Check that there's room for the next CRT's length fields. */
- if ( i + 3 > ssl->in_hslen ) {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+ if (i + 3 > ssl->in_hslen) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message"));
+ mbedtls_ssl_send_alert_message(ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
}
/* In theory, the CRT can be up to 2**24 Bytes, but we don't support
* anything beyond 2**16 ~ 64K. */
- if( ssl->in_msg[i] != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+ if (ssl->in_msg[i] != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message"));
+ mbedtls_ssl_send_alert_message(ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
}
/* Read length of the next CRT in the chain. */
- n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
+ n = ((unsigned int) ssl->in_msg[i + 1] << 8)
| (unsigned int) ssl->in_msg[i + 2];
i += 3;
- if( n < 128 || i + n > ssl->in_hslen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+ if (n < 128 || i + n > ssl->in_hslen) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message"));
+ mbedtls_ssl_send_alert_message(ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
}
/* Check if we're handling the first CRT in the chain. */
#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
- if( crt_cnt++ == 0 &&
+ if (crt_cnt++ == 0 &&
ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
- ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
- {
+ ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
/* During client-side renegotiation, check that the server's
* end-CRTs hasn't changed compared to the initial handshake,
* mitigating the triple handshake attack. On success, reuse
* the original end-CRT instead of parsing it again. */
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Check that peer CRT hasn't changed during renegotiation" ) );
- if( ssl_check_peer_crt_unchanged( ssl,
- &ssl->in_msg[i],
- n ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) );
- mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Check that peer CRT hasn't changed during renegotiation"));
+ if (ssl_check_peer_crt_unchanged(ssl,
+ &ssl->in_msg[i],
+ n) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("new server cert during renegotiation"));
+ mbedtls_ssl_send_alert_message(ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED);
+ return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
}
/* Now we can safely free the original chain. */
- ssl_clear_peer_cert( ssl->session );
+ ssl_clear_peer_cert(ssl->session);
}
#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
/* Parse the next certificate in the chain. */
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- ret = mbedtls_x509_crt_parse_der( chain, ssl->in_msg + i, n );
+ ret = mbedtls_x509_crt_parse_der(chain, ssl->in_msg + i, n);
#else
/* If we don't need to store the CRT chain permanently, parse
* it in-place from the input buffer instead of making a copy. */
- ret = mbedtls_x509_crt_parse_der_nocopy( chain, ssl->in_msg + i, n );
+ ret = mbedtls_x509_crt_parse_der_nocopy(chain, ssl->in_msg + i, n);
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- switch( ret )
- {
+ switch (ret) {
case 0: /*ok*/
case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
/* Ignore certificate with an unknown algorithm: maybe a
@@ -2526,57 +2442,55 @@
default:
alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
- crt_parse_der_failed:
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert );
- MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
- return( ret );
+crt_parse_der_failed:
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert);
+ MBEDTLS_SSL_DEBUG_RET(1, " mbedtls_x509_crt_parse_der", ret);
+ return ret;
}
i += n;
}
- MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", chain );
- return( 0 );
+ MBEDTLS_SSL_DEBUG_CRT(3, "peer certificate", chain);
+ return 0;
}
#if defined(MBEDTLS_SSL_SRV_C)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
+static int ssl_srv_check_client_no_crt_notification(mbedtls_ssl_context *ssl)
{
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
- return( -1 );
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
+ return -1;
+ }
#if defined(MBEDTLS_SSL_PROTO_SSL3)
/*
* Check if the client sent an empty certificate
*/
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
- {
- if( ssl->in_msglen == 2 &&
+ if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) {
+ if (ssl->in_msglen == 2 &&
ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT &&
ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
- ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
- return( 0 );
+ ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("SSLv3 client has no certificate"));
+ return 0;
}
- return( -1 );
+ return -1;
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
+ if (ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len(ssl) &&
ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE &&
- memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
- return( 0 );
+ memcmp(ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl), "\0\0\0", 3) == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("TLSv1 client has no certificate"));
+ return 0;
}
- return( -1 );
+ return -1;
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
MBEDTLS_SSL_PROTO_TLS1_2 */
}
@@ -2591,40 +2505,40 @@
#define SSL_CERTIFICATE_EXPECTED 0
#define SSL_CERTIFICATE_SKIP 1
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl,
- int authmode )
+static int ssl_parse_certificate_coordinate(mbedtls_ssl_context *ssl,
+ int authmode)
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
- if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
- return( SSL_CERTIFICATE_SKIP );
+ if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) {
+ return SSL_CERTIFICATE_SKIP;
+ }
#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
- {
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
- return( SSL_CERTIFICATE_SKIP );
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
+ return SSL_CERTIFICATE_SKIP;
+ }
- if( authmode == MBEDTLS_SSL_VERIFY_NONE )
- {
+ if (authmode == MBEDTLS_SSL_VERIFY_NONE) {
ssl->session_negotiate->verify_result =
MBEDTLS_X509_BADCERT_SKIP_VERIFY;
- return( SSL_CERTIFICATE_SKIP );
+ return SSL_CERTIFICATE_SKIP;
}
}
#else
((void) authmode);
#endif /* MBEDTLS_SSL_SRV_C */
- return( SSL_CERTIFICATE_EXPECTED );
+ return SSL_CERTIFICATE_EXPECTED;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
- int authmode,
- mbedtls_x509_crt *chain,
- void *rs_ctx )
+static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
+ int authmode,
+ mbedtls_x509_crt *chain,
+ void *rs_ctx)
{
int ret = 0;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
@@ -2634,18 +2548,16 @@
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
void *p_vrfy;
- if( authmode == MBEDTLS_SSL_VERIFY_NONE )
- return( 0 );
+ if (authmode == MBEDTLS_SSL_VERIFY_NONE) {
+ return 0;
+ }
- if( ssl->f_vrfy != NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use context-specific verification callback" ) );
+ if (ssl->f_vrfy != NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Use context-specific verification callback"));
f_vrfy = ssl->f_vrfy;
p_vrfy = ssl->p_vrfy;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use configuration-specific verification callback" ) );
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Use configuration-specific verification callback"));
f_vrfy = ssl->conf->f_vrfy;
p_vrfy = ssl->conf->p_vrfy;
}
@@ -2654,12 +2566,11 @@
* Main check: verify certificate
*/
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
- if( ssl->conf->f_ca_cb != NULL )
- {
+ if (ssl->conf->f_ca_cb != NULL) {
((void) rs_ctx);
have_ca_chain = 1;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "use CA callback for X.509 CRT verification" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("use CA callback for X.509 CRT verification"));
ret = mbedtls_x509_crt_verify_with_ca_cb(
chain,
ssl->conf->f_ca_cb,
@@ -2667,29 +2578,27 @@
ssl->conf->cert_profile,
ssl->hostname,
&ssl->session_negotiate->verify_result,
- f_vrfy, p_vrfy );
- }
- else
+ f_vrfy, p_vrfy);
+ } else
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
{
mbedtls_x509_crt *ca_chain;
mbedtls_x509_crl *ca_crl;
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- if( ssl->handshake->sni_ca_chain != NULL )
- {
+ if (ssl->handshake->sni_ca_chain != NULL) {
ca_chain = ssl->handshake->sni_ca_chain;
ca_crl = ssl->handshake->sni_ca_crl;
- }
- else
+ } else
#endif
{
ca_chain = ssl->conf->ca_chain;
ca_crl = ssl->conf->ca_crl;
}
- if( ca_chain != NULL )
+ if (ca_chain != NULL) {
have_ca_chain = 1;
+ }
ret = mbedtls_x509_crt_verify_restartable(
chain,
@@ -2697,17 +2606,17 @@
ssl->conf->cert_profile,
ssl->hostname,
&ssl->session_negotiate->verify_result,
- f_vrfy, p_vrfy, rs_ctx );
+ f_vrfy, p_vrfy, rs_ctx);
}
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "x509_verify_cert", ret);
}
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
- return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
+ if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
+ return MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+ }
#endif
/*
@@ -2721,26 +2630,26 @@
/* If certificate uses an EC key, make sure the curve is OK.
* This is a public key, so it can't be opaque, so can_do() is a good
* enough check to ensure pk_ec() is safe to use here. */
- if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
- mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
- {
+ if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY) &&
+ mbedtls_ssl_check_curve(ssl, mbedtls_pk_ec(*pk)->grp.id) != 0) {
ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY;
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) );
- if( ret == 0 )
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (EC key curve)"));
+ if (ret == 0) {
ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
+ }
}
}
#endif /* MBEDTLS_ECP_C */
- if( mbedtls_ssl_check_cert_usage( chain,
- ciphersuite_info,
- ! ssl->conf->endpoint,
- &ssl->session_negotiate->verify_result ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
- if( ret == 0 )
+ if (mbedtls_ssl_check_cert_usage(chain,
+ ciphersuite_info,
+ !ssl->conf->endpoint,
+ &ssl->session_negotiate->verify_result) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)"));
+ if (ret == 0) {
ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
+ }
}
/* mbedtls_x509_crt_verify_with_profile is supposed to report a
@@ -2749,122 +2658,115 @@
* of error codes, including those from the user provided f_vrfy
* functions, are treated as fatal and lead to a failure of
* ssl_parse_certificate even if verification was optional. */
- if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
- ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
- ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) )
- {
+ if (authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
+ (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
+ ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE)) {
ret = 0;
}
- if( have_ca_chain == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
+ if (have_ca_chain == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("got no CA chain"));
ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED;
}
- if( ret != 0 )
- {
+ if (ret != 0) {
uint8_t alert;
/* The certificate may have been rejected for several reasons.
Pick one and send the corresponding alert. Which alert to send
may be a subject of debate in some cases. */
- if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER )
+ if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER) {
alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH )
+ } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH) {
alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE )
+ } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE) {
alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE )
+ } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE) {
alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE )
+ } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE) {
alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK )
+ } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK) {
alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY )
+ } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY) {
alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED )
+ } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED) {
alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED )
+ } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED) {
alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED )
+ } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED) {
alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA;
- else
+ } else {
alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN;
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- alert );
+ }
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ alert);
}
#if defined(MBEDTLS_DEBUG_C)
- if( ssl->session_negotiate->verify_result != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x",
- (unsigned int) ssl->session_negotiate->verify_result ) );
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) );
+ if (ssl->session_negotiate->verify_result != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("! Certificate verification flags %08x",
+ (unsigned int) ssl->session_negotiate->verify_result));
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Certificate verification flags clear"));
}
#endif /* MBEDTLS_DEBUG_C */
- return( ret );
+ return ret;
}
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl,
- unsigned char *start, size_t len )
+static int ssl_remember_peer_crt_digest(mbedtls_ssl_context *ssl,
+ unsigned char *start, size_t len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Remember digest of the peer's end-CRT. */
ssl->session_negotiate->peer_cert_digest =
- mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
- if( ssl->session_negotiate->peer_cert_digest == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
- MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ) );
- mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+ mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN);
+ if (ssl->session_negotiate->peer_cert_digest == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%d bytes) failed",
+ MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN));
+ mbedtls_ssl_send_alert_message(ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
- ret = mbedtls_md( mbedtls_md_info_from_type(
- MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
- start, len,
- ssl->session_negotiate->peer_cert_digest );
+ ret = mbedtls_md(mbedtls_md_info_from_type(
+ MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE),
+ start, len,
+ ssl->session_negotiate->peer_cert_digest);
ssl->session_negotiate->peer_cert_digest_type =
MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
ssl->session_negotiate->peer_cert_digest_len =
MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
- return( ret );
+ return ret;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_remember_peer_pubkey( mbedtls_ssl_context *ssl,
- unsigned char *start, size_t len )
+static int ssl_remember_peer_pubkey(mbedtls_ssl_context *ssl,
+ unsigned char *start, size_t len)
{
unsigned char *end = start + len;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Make a copy of the peer's raw public key. */
- mbedtls_pk_init( &ssl->handshake->peer_pubkey );
- ret = mbedtls_pk_parse_subpubkey( &start, end,
- &ssl->handshake->peer_pubkey );
- if( ret != 0 )
- {
+ mbedtls_pk_init(&ssl->handshake->peer_pubkey);
+ ret = mbedtls_pk_parse_subpubkey(&start, end,
+ &ssl->handshake->peer_pubkey);
+ if (ret != 0) {
/* We should have parsed the public key before. */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- return( 0 );
+ return 0;
}
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl)
{
int ret = 0;
int crt_expected;
@@ -2878,40 +2780,37 @@
void *rs_ctx = NULL;
mbedtls_x509_crt *chain = NULL;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate"));
- crt_expected = ssl_parse_certificate_coordinate( ssl, authmode );
- if( crt_expected == SSL_CERTIFICATE_SKIP )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
+ crt_expected = ssl_parse_certificate_coordinate(ssl, authmode);
+ if (crt_expected == SSL_CERTIFICATE_SKIP) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate"));
goto exit;
}
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ssl->handshake->ecrs_enabled &&
- ssl->handshake->ecrs_state == ssl_ecrs_crt_verify )
- {
+ if (ssl->handshake->ecrs_enabled &&
+ ssl->handshake->ecrs_state == ssl_ecrs_crt_verify) {
chain = ssl->handshake->ecrs_peer_cert;
ssl->handshake->ecrs_peer_cert = NULL;
goto crt_verify;
}
#endif
- if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
- {
+ if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
/* mbedtls_ssl_read_record may have sent an alert already. We
let it decide whether to alert. */
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
goto exit;
}
#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl_srv_check_client_no_crt_notification( ssl ) == 0 )
- {
+ if (ssl_srv_check_client_no_crt_notification(ssl) == 0) {
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
- if( authmode != MBEDTLS_SSL_VERIFY_OPTIONAL )
+ if (authmode != MBEDTLS_SSL_VERIFY_OPTIONAL) {
ret = MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE;
+ }
goto exit;
}
@@ -2919,39 +2818,42 @@
/* Clear existing peer CRT structure in case we tried to
* reuse a session but it failed, and allocate a new one. */
- ssl_clear_peer_cert( ssl->session_negotiate );
+ ssl_clear_peer_cert(ssl->session_negotiate);
- chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
- if( chain == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed",
- sizeof( mbedtls_x509_crt ) ) );
- mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+ chain = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
+ if (chain == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed",
+ sizeof(mbedtls_x509_crt)));
+ mbedtls_ssl_send_alert_message(ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto exit;
}
- mbedtls_x509_crt_init( chain );
+ mbedtls_x509_crt_init(chain);
- ret = ssl_parse_certificate_chain( ssl, chain );
- if( ret != 0 )
+ ret = ssl_parse_certificate_chain(ssl, chain);
+ if (ret != 0) {
goto exit;
+ }
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ssl->handshake->ecrs_enabled)
+ if (ssl->handshake->ecrs_enabled) {
ssl->handshake->ecrs_state = ssl_ecrs_crt_verify;
+ }
crt_verify:
- if( ssl->handshake->ecrs_enabled)
+ if (ssl->handshake->ecrs_enabled) {
rs_ctx = &ssl->handshake->ecrs_ctx;
+ }
#endif
- ret = ssl_parse_certificate_verify( ssl, authmode,
- chain, rs_ctx );
- if( ret != 0 )
+ ret = ssl_parse_certificate_verify(ssl, authmode,
+ chain, rs_ctx);
+ if (ret != 0) {
goto exit;
+ }
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
{
@@ -2971,17 +2873,19 @@
/* Free the CRT structures before computing
* digest and copying the peer's public key. */
- mbedtls_x509_crt_free( chain );
- mbedtls_free( chain );
+ mbedtls_x509_crt_free(chain);
+ mbedtls_free(chain);
chain = NULL;
- ret = ssl_remember_peer_crt_digest( ssl, crt_start, crt_len );
- if( ret != 0 )
+ ret = ssl_remember_peer_crt_digest(ssl, crt_start, crt_len);
+ if (ret != 0) {
goto exit;
+ }
- ret = ssl_remember_peer_pubkey( ssl, pk_start, pk_len );
- if( ret != 0 )
+ ret = ssl_remember_peer_pubkey(ssl, pk_start, pk_len);
+ if (ret != 0) {
goto exit;
+ }
}
#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/* Pass ownership to session structure. */
@@ -2989,108 +2893,107 @@
chain = NULL;
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate"));
exit:
- if( ret == 0 )
+ if (ret == 0) {
ssl->state++;
+ }
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
- {
+ if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
ssl->handshake->ecrs_peer_cert = chain;
chain = NULL;
}
#endif
- if( chain != NULL )
- {
- mbedtls_x509_crt_free( chain );
- mbedtls_free( chain );
+ if (chain != NULL) {
+ mbedtls_x509_crt_free(chain);
+ mbedtls_free(chain);
}
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info )
+void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl,
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
{
((void) ciphersuite_info);
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
+ if (ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3) {
ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
- else
+ } else
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
- if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+ if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
ssl->handshake->update_checksum = ssl_update_checksum_sha384;
- else
+ } else
#endif
#if defined(MBEDTLS_SHA256_C)
- if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 )
+ if (ciphersuite_info->mac != MBEDTLS_MD_SHA384) {
ssl->handshake->update_checksum = ssl_update_checksum_sha256;
- else
+ } else
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
return;
}
}
-void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
- mbedtls_md5_starts_ret( &ssl->handshake->fin_md5 );
- mbedtls_sha1_starts_ret( &ssl->handshake->fin_sha1 );
+ mbedtls_md5_starts_ret(&ssl->handshake->fin_md5);
+ mbedtls_sha1_starts_ret(&ssl->handshake->fin_sha1);
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_abort( &ssl->handshake->fin_sha256_psa );
- psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
+ psa_hash_abort(&ssl->handshake->fin_sha256_psa);
+ psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256);
#else
- mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 );
+ mbedtls_sha256_starts_ret(&ssl->handshake->fin_sha256, 0);
#endif
#endif
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_abort( &ssl->handshake->fin_sha384_psa );
- psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
+ psa_hash_abort(&ssl->handshake->fin_sha384_psa);
+ psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384);
#else
- mbedtls_sha512_starts_ret( &ssl->handshake->fin_sha512, 1 );
+ mbedtls_sha512_starts_ret(&ssl->handshake->fin_sha512, 1);
#endif
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
-static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len )
+static void ssl_update_checksum_start(mbedtls_ssl_context *ssl,
+ const unsigned char *buf, size_t len)
{
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
- mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len );
- mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len );
+ mbedtls_md5_update_ret(&ssl->handshake->fin_md5, buf, len);
+ mbedtls_sha1_update_ret(&ssl->handshake->fin_sha1, buf, len);
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
+ psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len);
#else
- mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
+ mbedtls_sha256_update_ret(&ssl->handshake->fin_sha256, buf, len);
#endif
#endif
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
+ psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
#else
- mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
+ mbedtls_sha512_update_ret(&ssl->handshake->fin_sha512, buf, len);
#endif
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -3098,35 +3001,35 @@
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
-static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len )
+static void ssl_update_checksum_md5sha1(mbedtls_ssl_context *ssl,
+ const unsigned char *buf, size_t len)
{
- mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len );
- mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len );
+ mbedtls_md5_update_ret(&ssl->handshake->fin_md5, buf, len);
+ mbedtls_sha1_update_ret(&ssl->handshake->fin_sha1, buf, len);
}
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
-static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len )
+static void ssl_update_checksum_sha256(mbedtls_ssl_context *ssl,
+ const unsigned char *buf, size_t len)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
+ psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len);
#else
- mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
+ mbedtls_sha256_update_ret(&ssl->handshake->fin_sha256, buf, len);
#endif
}
#endif
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
-static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len )
+static void ssl_update_checksum_sha384(mbedtls_ssl_context *ssl,
+ const unsigned char *buf, size_t len)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
+ psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
#else
- mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
+ mbedtls_sha512_update_ret(&ssl->handshake->fin_sha512, buf, len);
#endif
}
#endif
@@ -3134,7 +3037,7 @@
#if defined(MBEDTLS_SSL_PROTO_SSL3)
static void ssl_calc_finished_ssl(
- mbedtls_ssl_context *ssl, unsigned char *buf, int from )
+ mbedtls_ssl_context *ssl, unsigned char *buf, int from)
{
const char *sender;
mbedtls_md5_context md5;
@@ -3145,16 +3048,17 @@
unsigned char sha1sum[20];
mbedtls_ssl_session *session = ssl->session_negotiate;
- if( !session )
+ if (!session) {
session = ssl->session;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished ssl" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished ssl"));
- mbedtls_md5_init( &md5 );
- mbedtls_sha1_init( &sha1 );
+ mbedtls_md5_init(&md5);
+ mbedtls_sha1_init(&sha1);
- mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
- mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
+ mbedtls_md5_clone(&md5, &ssl->handshake->fin_md5);
+ mbedtls_sha1_clone(&sha1, &ssl->handshake->fin_sha1);
/*
* SSLv3:
@@ -3166,60 +3070,60 @@
*/
#if !defined(MBEDTLS_MD5_ALT)
- MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
- md5.state, sizeof( md5.state ) );
+ MBEDTLS_SSL_DEBUG_BUF(4, "finished md5 state", (unsigned char *)
+ md5.state, sizeof(md5.state));
#endif
#if !defined(MBEDTLS_SHA1_ALT)
- MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
- sha1.state, sizeof( sha1.state ) );
+ MBEDTLS_SSL_DEBUG_BUF(4, "finished sha1 state", (unsigned char *)
+ sha1.state, sizeof(sha1.state));
#endif
- sender = ( from == MBEDTLS_SSL_IS_CLIENT ) ? "CLNT"
+ sender = (from == MBEDTLS_SSL_IS_CLIENT) ? "CLNT"
: "SRVR";
- memset( padbuf, 0x36, 48 );
+ memset(padbuf, 0x36, 48);
- mbedtls_md5_update_ret( &md5, (const unsigned char *) sender, 4 );
- mbedtls_md5_update_ret( &md5, session->master, 48 );
- mbedtls_md5_update_ret( &md5, padbuf, 48 );
- mbedtls_md5_finish_ret( &md5, md5sum );
+ mbedtls_md5_update_ret(&md5, (const unsigned char *) sender, 4);
+ mbedtls_md5_update_ret(&md5, session->master, 48);
+ mbedtls_md5_update_ret(&md5, padbuf, 48);
+ mbedtls_md5_finish_ret(&md5, md5sum);
- mbedtls_sha1_update_ret( &sha1, (const unsigned char *) sender, 4 );
- mbedtls_sha1_update_ret( &sha1, session->master, 48 );
- mbedtls_sha1_update_ret( &sha1, padbuf, 40 );
- mbedtls_sha1_finish_ret( &sha1, sha1sum );
+ mbedtls_sha1_update_ret(&sha1, (const unsigned char *) sender, 4);
+ mbedtls_sha1_update_ret(&sha1, session->master, 48);
+ mbedtls_sha1_update_ret(&sha1, padbuf, 40);
+ mbedtls_sha1_finish_ret(&sha1, sha1sum);
- memset( padbuf, 0x5C, 48 );
+ memset(padbuf, 0x5C, 48);
- mbedtls_md5_starts_ret( &md5 );
- mbedtls_md5_update_ret( &md5, session->master, 48 );
- mbedtls_md5_update_ret( &md5, padbuf, 48 );
- mbedtls_md5_update_ret( &md5, md5sum, 16 );
- mbedtls_md5_finish_ret( &md5, buf );
+ mbedtls_md5_starts_ret(&md5);
+ mbedtls_md5_update_ret(&md5, session->master, 48);
+ mbedtls_md5_update_ret(&md5, padbuf, 48);
+ mbedtls_md5_update_ret(&md5, md5sum, 16);
+ mbedtls_md5_finish_ret(&md5, buf);
- mbedtls_sha1_starts_ret( &sha1 );
- mbedtls_sha1_update_ret( &sha1, session->master, 48 );
- mbedtls_sha1_update_ret( &sha1, padbuf , 40 );
- mbedtls_sha1_update_ret( &sha1, sha1sum, 20 );
- mbedtls_sha1_finish_ret( &sha1, buf + 16 );
+ mbedtls_sha1_starts_ret(&sha1);
+ mbedtls_sha1_update_ret(&sha1, session->master, 48);
+ mbedtls_sha1_update_ret(&sha1, padbuf, 40);
+ mbedtls_sha1_update_ret(&sha1, sha1sum, 20);
+ mbedtls_sha1_finish_ret(&sha1, buf + 16);
- MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 );
+ MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, 36);
- mbedtls_md5_free( &md5 );
- mbedtls_sha1_free( &sha1 );
+ mbedtls_md5_free(&md5);
+ mbedtls_sha1_free(&sha1);
- mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
- mbedtls_platform_zeroize( md5sum, sizeof( md5sum ) );
- mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
+ mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
+ mbedtls_platform_zeroize(md5sum, sizeof(md5sum));
+ mbedtls_platform_zeroize(sha1sum, sizeof(sha1sum));
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
static void ssl_calc_finished_tls(
- mbedtls_ssl_context *ssl, unsigned char *buf, int from )
+ mbedtls_ssl_context *ssl, unsigned char *buf, int from)
{
int len = 12;
const char *sender;
@@ -3228,16 +3132,17 @@
unsigned char padbuf[36];
mbedtls_ssl_session *session = ssl->session_negotiate;
- if( !session )
+ if (!session) {
session = ssl->session;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls"));
- mbedtls_md5_init( &md5 );
- mbedtls_sha1_init( &sha1 );
+ mbedtls_md5_init(&md5);
+ mbedtls_sha1_init(&sha1);
- mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
- mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
+ mbedtls_md5_clone(&md5, &ssl->handshake->fin_md5);
+ mbedtls_sha1_clone(&sha1, &ssl->handshake->fin_sha1);
/*
* TLSv1:
@@ -3246,40 +3151,40 @@
*/
#if !defined(MBEDTLS_MD5_ALT)
- MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
- md5.state, sizeof( md5.state ) );
+ MBEDTLS_SSL_DEBUG_BUF(4, "finished md5 state", (unsigned char *)
+ md5.state, sizeof(md5.state));
#endif
#if !defined(MBEDTLS_SHA1_ALT)
- MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
- sha1.state, sizeof( sha1.state ) );
+ MBEDTLS_SSL_DEBUG_BUF(4, "finished sha1 state", (unsigned char *)
+ sha1.state, sizeof(sha1.state));
#endif
- sender = ( from == MBEDTLS_SSL_IS_CLIENT )
+ sender = (from == MBEDTLS_SSL_IS_CLIENT)
? "client finished"
: "server finished";
- mbedtls_md5_finish_ret( &md5, padbuf );
- mbedtls_sha1_finish_ret( &sha1, padbuf + 16 );
+ mbedtls_md5_finish_ret(&md5, padbuf);
+ mbedtls_sha1_finish_ret(&sha1, padbuf + 16);
- ssl->handshake->tls_prf( session->master, 48, sender,
- padbuf, 36, buf, len );
+ ssl->handshake->tls_prf(session->master, 48, sender,
+ padbuf, 36, buf, len);
- MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
+ MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len);
- mbedtls_md5_free( &md5 );
- mbedtls_sha1_free( &sha1 );
+ mbedtls_md5_free(&md5);
+ mbedtls_sha1_free(&sha1);
- mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
+ mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
}
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
static void ssl_calc_finished_tls_sha256(
- mbedtls_ssl_context *ssl, unsigned char *buf, int from )
+ mbedtls_ssl_context *ssl, unsigned char *buf, int from)
{
int len = 12;
const char *sender;
@@ -3293,39 +3198,38 @@
#endif
mbedtls_ssl_session *session = ssl->session_negotiate;
- if( !session )
+ if (!session) {
session = ssl->session;
+ }
- sender = ( from == MBEDTLS_SSL_IS_CLIENT )
+ sender = (from == MBEDTLS_SSL_IS_CLIENT)
? "client finished"
: "server finished";
#if defined(MBEDTLS_USE_PSA_CRYPTO)
sha256_psa = psa_hash_operation_init();
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha256" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls sha256"));
- status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
- if( status != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+ status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa);
+ if (status != PSA_SUCCESS) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed"));
return;
}
- status = psa_hash_finish( &sha256_psa, padbuf, sizeof( padbuf ), &hash_size );
- if( status != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+ status = psa_hash_finish(&sha256_psa, padbuf, sizeof(padbuf), &hash_size);
+ if (status != PSA_SUCCESS) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed"));
return;
}
- MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 32 );
+ MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 32);
#else
- mbedtls_sha256_init( &sha256 );
+ mbedtls_sha256_init(&sha256);
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha256"));
- mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
+ mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256);
/*
* TLSv1.2:
@@ -3334,29 +3238,29 @@
*/
#if !defined(MBEDTLS_SHA256_ALT)
- MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
- sha256.state, sizeof( sha256.state ) );
+ MBEDTLS_SSL_DEBUG_BUF(4, "finished sha2 state", (unsigned char *)
+ sha256.state, sizeof(sha256.state));
#endif
- mbedtls_sha256_finish_ret( &sha256, padbuf );
- mbedtls_sha256_free( &sha256 );
+ mbedtls_sha256_finish_ret(&sha256, padbuf);
+ mbedtls_sha256_free(&sha256);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- ssl->handshake->tls_prf( session->master, 48, sender,
- padbuf, 32, buf, len );
+ ssl->handshake->tls_prf(session->master, 48, sender,
+ padbuf, 32, buf, len);
- MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
+ MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len);
- mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
+ mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
}
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
static void ssl_calc_finished_tls_sha384(
- mbedtls_ssl_context *ssl, unsigned char *buf, int from )
+ mbedtls_ssl_context *ssl, unsigned char *buf, int from)
{
int len = 12;
const char *sender;
@@ -3370,38 +3274,37 @@
#endif
mbedtls_ssl_session *session = ssl->session_negotiate;
- if( !session )
+ if (!session) {
session = ssl->session;
+ }
- sender = ( from == MBEDTLS_SSL_IS_CLIENT )
+ sender = (from == MBEDTLS_SSL_IS_CLIENT)
? "client finished"
: "server finished";
#if defined(MBEDTLS_USE_PSA_CRYPTO)
sha384_psa = psa_hash_operation_init();
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha384" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls sha384"));
- status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa );
- if( status != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+ status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa);
+ if (status != PSA_SUCCESS) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed"));
return;
}
- status = psa_hash_finish( &sha384_psa, padbuf, sizeof( padbuf ), &hash_size );
- if( status != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+ status = psa_hash_finish(&sha384_psa, padbuf, sizeof(padbuf), &hash_size);
+ if (status != PSA_SUCCESS) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed"));
return;
}
- MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 48 );
+ MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 48);
#else
- mbedtls_sha512_init( &sha512 );
+ mbedtls_sha512_init(&sha512);
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha384"));
- mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
+ mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha512);
/*
* TLSv1.2:
@@ -3410,8 +3313,8 @@
*/
#if !defined(MBEDTLS_SHA512_ALT)
- MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *)
- sha512.state, sizeof( sha512.state ) );
+ MBEDTLS_SSL_DEBUG_BUF(4, "finished sha512 state", (unsigned char *)
+ sha512.state, sizeof(sha512.state));
#endif
/* mbedtls_sha512_finish_ret's output parameter is declared as a
* 64-byte buffer, but since we're using SHA-384, we know that the
@@ -3422,60 +3325,58 @@
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wstringop-overflow"
#endif
- mbedtls_sha512_finish_ret( &sha512, padbuf );
+ mbedtls_sha512_finish_ret(&sha512, padbuf);
#if defined(__GNUC__) && __GNUC__ >= 11
#pragma GCC diagnostic pop
#endif
- mbedtls_sha512_free( &sha512 );
+ mbedtls_sha512_free(&sha512);
#endif
- ssl->handshake->tls_prf( session->master, 48, sender,
- padbuf, 48, buf, len );
+ ssl->handshake->tls_prf(session->master, 48, sender,
+ padbuf, 48, buf, len);
- MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
+ MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len);
- mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
+ mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
}
#endif /* MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl)
{
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("=> handshake wrapup: final free"));
/*
* Free our handshake params
*/
- mbedtls_ssl_handshake_free( ssl );
- mbedtls_free( ssl->handshake );
+ mbedtls_ssl_handshake_free(ssl);
+ mbedtls_free(ssl->handshake);
ssl->handshake = NULL;
/*
* Free the previous transform and switch in the current one
*/
- if( ssl->transform )
- {
- mbedtls_ssl_transform_free( ssl->transform );
- mbedtls_free( ssl->transform );
+ if (ssl->transform) {
+ mbedtls_ssl_transform_free(ssl->transform);
+ mbedtls_free(ssl->transform);
}
ssl->transform = ssl->transform_negotiate;
ssl->transform_negotiate = NULL;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup: final free"));
}
-void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl)
{
int resume = ssl->handshake->resume;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("=> handshake wrapup"));
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
- {
+ if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE;
ssl->renego_records_seen = 0;
}
@@ -3484,16 +3385,15 @@
/*
* Free the previous session and switch in the current one
*/
- if( ssl->session )
- {
+ if (ssl->session) {
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
/* RFC 7366 3.1: keep the EtM state */
ssl->session_negotiate->encrypt_then_mac =
- ssl->session->encrypt_then_mac;
+ ssl->session->encrypt_then_mac;
#endif
- mbedtls_ssl_session_free( ssl->session );
- mbedtls_free( ssl->session );
+ mbedtls_ssl_session_free(ssl->session);
+ mbedtls_free(ssl->session);
}
ssl->session = ssl->session_negotiate;
ssl->session_negotiate = NULL;
@@ -3501,43 +3401,41 @@
/*
* Add cache entry
*/
- if( ssl->conf->f_set_cache != NULL &&
+ if (ssl->conf->f_set_cache != NULL &&
ssl->session->id_len != 0 &&
- resume == 0 )
- {
- if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 )
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
+ resume == 0) {
+ if (ssl->conf->f_set_cache(ssl->conf->p_cache, ssl->session) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("cache did not store session"));
+ }
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->handshake->flight != NULL )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl->handshake->flight != NULL) {
/* Cancel handshake timer */
- mbedtls_ssl_set_timer( ssl, 0 );
+ mbedtls_ssl_set_timer(ssl, 0);
/* Keep last flight around in case we need to resend it:
* we need the handshake and transform structures for that */
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) );
- }
- else
+ MBEDTLS_SSL_DEBUG_MSG(3, ("skip freeing handshake and transform"));
+ } else
#endif
- mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl );
+ mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl);
ssl->state++;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup"));
}
-int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
{
int ret, hash_len;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write finished"));
- mbedtls_ssl_update_out_pointers( ssl, ssl->transform_negotiate );
+ mbedtls_ssl_update_out_pointers(ssl, ssl->transform_negotiate);
- ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
+ ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint);
/*
* RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites
@@ -3545,11 +3443,11 @@
* ciphersuite does this (and this is unlikely to change as activity has
* moved to TLS 1.3 now) so we can keep the hardcoded 12 here.
*/
- hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12;
+ hash_len = (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) ? 36 : 12;
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->verify_data_len = hash_len;
- memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len );
+ memcpy(ssl->own_verify_data, ssl->out_msg + 4, hash_len);
#endif
ssl->out_msglen = 4 + hash_len;
@@ -3560,91 +3458,88 @@
* In case of session resuming, invert the client and server
* ChangeCipherSpec messages order.
*/
- if( ssl->handshake->resume != 0 )
- {
+ if (ssl->handshake->resume != 0) {
#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
+ }
#endif
#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
+ }
#endif
- }
- else
+ } else {
ssl->state++;
+ }
/*
* Switch to our negotiated transform and session parameters for outbound
* data.
*/
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("switching to new transform spec for outbound data"));
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
unsigned char i;
/* Remember current epoch settings for resending */
ssl->handshake->alt_transform_out = ssl->transform_out;
- memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, 8 );
+ memcpy(ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, 8);
/* Set sequence_number to zero */
- memset( ssl->cur_out_ctr + 2, 0, 6 );
+ memset(ssl->cur_out_ctr + 2, 0, 6);
/* Increment epoch */
- for( i = 2; i > 0; i-- )
- if( ++ssl->cur_out_ctr[i - 1] != 0 )
+ for (i = 2; i > 0; i--) {
+ if (++ssl->cur_out_ctr[i - 1] != 0) {
break;
+ }
+ }
/* The loop goes to its end iff the counter is wrapping */
- if( i == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) );
- return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+ if (i == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS epoch would wrap"));
+ return MBEDTLS_ERR_SSL_COUNTER_WRAPPING;
}
- }
- else
+ } else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- memset( ssl->cur_out_ctr, 0, 8 );
+ memset(ssl->cur_out_ctr, 0, 8);
ssl->transform_out = ssl->transform_negotiate;
ssl->session_out = ssl->session_negotiate;
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
- if( mbedtls_ssl_hw_record_activate != NULL )
- {
- if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ if (mbedtls_ssl_hw_record_activate != NULL) {
+ if ((ret = mbedtls_ssl_hw_record_activate(ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_activate", ret);
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
}
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- mbedtls_ssl_send_flight_completed( ssl );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ mbedtls_ssl_send_flight_completed(ssl);
+ }
#endif
- if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+ return ret;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
- return( ret );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret);
+ return ret;
}
#endif
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write finished"));
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SSL_PROTO_SSL3)
@@ -3653,118 +3548,116 @@
#define SSL_MAX_HASH_LEN 12
#endif
-int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned int hash_len;
unsigned char buf[SSL_MAX_HASH_LEN];
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse finished"));
/* There is currently no ciphersuite using another length with TLS 1.2 */
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+ if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) {
hash_len = 36;
- else
+ } else
#endif
- hash_len = 12;
+ hash_len = 12;
- ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 );
+ ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1);
- if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+ if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
goto exit;
}
- if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+ if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
goto exit;
}
- if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED ||
- ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ if (ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED ||
+ ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + hash_len) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
ret = MBEDTLS_ERR_SSL_BAD_HS_FINISHED;
goto exit;
}
- if( mbedtls_ct_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ),
- buf, hash_len ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
+ if (mbedtls_ct_memcmp(ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl),
+ buf, hash_len) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message"));
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR);
ret = MBEDTLS_ERR_SSL_BAD_HS_FINISHED;
goto exit;
}
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->verify_data_len = hash_len;
- memcpy( ssl->peer_verify_data, buf, hash_len );
+ memcpy(ssl->peer_verify_data, buf, hash_len);
#endif
- if( ssl->handshake->resume != 0 )
- {
+ if (ssl->handshake->resume != 0) {
#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
+ }
#endif
#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
+ }
#endif
- }
- else
+ } else {
ssl->state++;
+ }
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- mbedtls_ssl_recv_flight_completed( ssl );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ mbedtls_ssl_recv_flight_completed(ssl);
+ }
#endif
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse finished"));
exit:
- mbedtls_platform_zeroize( buf, hash_len );
- return( ret );
+ mbedtls_platform_zeroize(buf, hash_len);
+ return ret;
}
-static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
+static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake)
{
- memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
+ memset(handshake, 0, sizeof(mbedtls_ssl_handshake_params));
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
- mbedtls_md5_init( &handshake->fin_md5 );
- mbedtls_sha1_init( &handshake->fin_sha1 );
- mbedtls_md5_starts_ret( &handshake->fin_md5 );
- mbedtls_sha1_starts_ret( &handshake->fin_sha1 );
+ mbedtls_md5_init(&handshake->fin_md5);
+ mbedtls_sha1_init(&handshake->fin_sha1);
+ mbedtls_md5_starts_ret(&handshake->fin_md5);
+ mbedtls_sha1_starts_ret(&handshake->fin_sha1);
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
handshake->fin_sha256_psa = psa_hash_operation_init();
- psa_hash_setup( &handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
+ psa_hash_setup(&handshake->fin_sha256_psa, PSA_ALG_SHA_256);
#else
- mbedtls_sha256_init( &handshake->fin_sha256 );
- mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 );
+ mbedtls_sha256_init(&handshake->fin_sha256);
+ mbedtls_sha256_starts_ret(&handshake->fin_sha256, 0);
#endif
#endif
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
handshake->fin_sha384_psa = psa_hash_operation_init();
- psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
+ psa_hash_setup(&handshake->fin_sha384_psa, PSA_ALG_SHA_384);
#else
- mbedtls_sha512_init( &handshake->fin_sha512 );
- mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 );
+ mbedtls_sha512_init(&handshake->fin_sha512);
+ mbedtls_sha512_starts_ret(&handshake->fin_sha512, 1);
#endif
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -3773,17 +3666,17 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- mbedtls_ssl_sig_hash_set_init( &handshake->hash_algs );
+ mbedtls_ssl_sig_hash_set_init(&handshake->hash_algs);
#endif
#if defined(MBEDTLS_DHM_C)
- mbedtls_dhm_init( &handshake->dhm_ctx );
+ mbedtls_dhm_init(&handshake->dhm_ctx);
#endif
#if defined(MBEDTLS_ECDH_C)
- mbedtls_ecdh_init( &handshake->ecdh_ctx );
+ mbedtls_ecdh_init(&handshake->ecdh_ctx);
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- mbedtls_ecjpake_init( &handshake->ecjpake_ctx );
+ mbedtls_ecjpake_init(&handshake->ecjpake_ctx);
#if defined(MBEDTLS_SSL_CLI_C)
handshake->ecjpake_cache = NULL;
handshake->ecjpake_cache_len = 0;
@@ -3791,7 +3684,7 @@
#endif
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- mbedtls_x509_crt_restart_init( &handshake->ecrs_ctx );
+ mbedtls_x509_crt_restart_init(&handshake->ecrs_ctx);
#endif
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@@ -3800,110 +3693,109 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- mbedtls_pk_init( &handshake->peer_pubkey );
+ mbedtls_pk_init(&handshake->peer_pubkey);
#endif
}
-void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform )
+void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform)
{
- memset( transform, 0, sizeof(mbedtls_ssl_transform) );
+ memset(transform, 0, sizeof(mbedtls_ssl_transform));
- mbedtls_cipher_init( &transform->cipher_ctx_enc );
- mbedtls_cipher_init( &transform->cipher_ctx_dec );
+ mbedtls_cipher_init(&transform->cipher_ctx_enc);
+ mbedtls_cipher_init(&transform->cipher_ctx_dec);
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
- mbedtls_md_init( &transform->md_ctx_enc );
- mbedtls_md_init( &transform->md_ctx_dec );
+ mbedtls_md_init(&transform->md_ctx_enc);
+ mbedtls_md_init(&transform->md_ctx_dec);
#endif
}
-void mbedtls_ssl_session_init( mbedtls_ssl_session *session )
+void mbedtls_ssl_session_init(mbedtls_ssl_session *session)
{
- memset( session, 0, sizeof(mbedtls_ssl_session) );
+ memset(session, 0, sizeof(mbedtls_ssl_session));
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_handshake_init( mbedtls_ssl_context *ssl )
+static int ssl_handshake_init(mbedtls_ssl_context *ssl)
{
/* Clear old handshake information if present */
- if( ssl->transform_negotiate )
- mbedtls_ssl_transform_free( ssl->transform_negotiate );
- if( ssl->session_negotiate )
- mbedtls_ssl_session_free( ssl->session_negotiate );
- if( ssl->handshake )
- mbedtls_ssl_handshake_free( ssl );
+ if (ssl->transform_negotiate) {
+ mbedtls_ssl_transform_free(ssl->transform_negotiate);
+ }
+ if (ssl->session_negotiate) {
+ mbedtls_ssl_session_free(ssl->session_negotiate);
+ }
+ if (ssl->handshake) {
+ mbedtls_ssl_handshake_free(ssl);
+ }
/*
* Either the pointers are now NULL or cleared properly and can be freed.
* Now allocate missing structures.
*/
- if( ssl->transform_negotiate == NULL )
- {
- ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) );
+ if (ssl->transform_negotiate == NULL) {
+ ssl->transform_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_transform));
}
- if( ssl->session_negotiate == NULL )
- {
- ssl->session_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_session) );
+ if (ssl->session_negotiate == NULL) {
+ ssl->session_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_session));
}
- if( ssl->handshake == NULL )
- {
- ssl->handshake = mbedtls_calloc( 1, sizeof(mbedtls_ssl_handshake_params) );
+ if (ssl->handshake == NULL) {
+ ssl->handshake = mbedtls_calloc(1, sizeof(mbedtls_ssl_handshake_params));
}
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
/* If the buffers are too small - reallocate */
- handle_buffer_resizing( ssl, 0, MBEDTLS_SSL_IN_BUFFER_LEN,
- MBEDTLS_SSL_OUT_BUFFER_LEN );
+ handle_buffer_resizing(ssl, 0, MBEDTLS_SSL_IN_BUFFER_LEN,
+ MBEDTLS_SSL_OUT_BUFFER_LEN);
#endif
/* All pointers should exist and can be directly freed without issue */
- if( ssl->handshake == NULL ||
+ if (ssl->handshake == NULL ||
ssl->transform_negotiate == NULL ||
- ssl->session_negotiate == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) );
+ ssl->session_negotiate == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("alloc() of ssl sub-contexts failed"));
- mbedtls_free( ssl->handshake );
- mbedtls_free( ssl->transform_negotiate );
- mbedtls_free( ssl->session_negotiate );
+ mbedtls_free(ssl->handshake);
+ mbedtls_free(ssl->transform_negotiate);
+ mbedtls_free(ssl->session_negotiate);
ssl->handshake = NULL;
ssl->transform_negotiate = NULL;
ssl->session_negotiate = NULL;
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
/* Initialize structures */
- mbedtls_ssl_session_init( ssl->session_negotiate );
- mbedtls_ssl_transform_init( ssl->transform_negotiate );
- ssl_handshake_params_init( ssl->handshake );
+ mbedtls_ssl_session_init(ssl->session_negotiate);
+ mbedtls_ssl_transform_init(ssl->transform_negotiate);
+ ssl_handshake_params_init(ssl->handshake);
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
ssl->handshake->alt_transform_out = ssl->transform_out;
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
- else
+ } else {
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
+ }
- mbedtls_ssl_set_timer( ssl, 0 );
+ mbedtls_ssl_set_timer(ssl, 0);
}
#endif
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/* Dummy cookie callbacks for defaults */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_cookie_write_dummy( void *ctx,
- unsigned char **p, unsigned char *end,
- const unsigned char *cli_id, size_t cli_id_len )
+static int ssl_cookie_write_dummy(void *ctx,
+ unsigned char **p, unsigned char *end,
+ const unsigned char *cli_id, size_t cli_id_len)
{
((void) ctx);
((void) p);
@@ -3911,13 +3803,13 @@
((void) cli_id);
((void) cli_id_len);
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_cookie_check_dummy( void *ctx,
- const unsigned char *cookie, size_t cookie_len,
- const unsigned char *cli_id, size_t cli_id_len )
+static int ssl_cookie_check_dummy(void *ctx,
+ const unsigned char *cookie, size_t cookie_len,
+ const unsigned char *cli_id, size_t cli_id_len)
{
((void) ctx);
((void) cookie);
@@ -3925,24 +3817,24 @@
((void) cli_id);
((void) cli_id_len);
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
}
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
/*
* Initialize an SSL context
*/
-void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_init(mbedtls_ssl_context *ssl)
{
- memset( ssl, 0, sizeof( mbedtls_ssl_context ) );
+ memset(ssl, 0, sizeof(mbedtls_ssl_context));
}
/*
* Setup an SSL context
*/
-int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
- const mbedtls_ssl_config *conf )
+int mbedtls_ssl_setup(mbedtls_ssl_context *ssl,
+ const mbedtls_ssl_config *conf)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
@@ -3960,10 +3852,9 @@
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
ssl->in_buf_len = in_buf_len;
#endif
- ssl->in_buf = mbedtls_calloc( 1, in_buf_len );
- if( ssl->in_buf == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len ) );
+ ssl->in_buf = mbedtls_calloc(1, in_buf_len);
+ if (ssl->in_buf == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len));
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto error;
}
@@ -3971,28 +3862,28 @@
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
ssl->out_buf_len = out_buf_len;
#endif
- ssl->out_buf = mbedtls_calloc( 1, out_buf_len );
- if( ssl->out_buf == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len ) );
+ ssl->out_buf = mbedtls_calloc(1, out_buf_len);
+ if (ssl->out_buf == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len));
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto error;
}
- mbedtls_ssl_reset_in_out_pointers( ssl );
+ mbedtls_ssl_reset_in_out_pointers(ssl);
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- memset( &ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info) );
+ memset(&ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info));
#endif
- if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
+ if ((ret = ssl_handshake_init(ssl)) != 0) {
goto error;
+ }
- return( 0 );
+ return 0;
error:
- mbedtls_free( ssl->in_buf );
- mbedtls_free( ssl->out_buf );
+ mbedtls_free(ssl->in_buf);
+ mbedtls_free(ssl->out_buf);
ssl->conf = NULL;
@@ -4015,7 +3906,7 @@
ssl->out_iv = NULL;
ssl->out_msg = NULL;
- return( ret );
+ return ret;
}
/*
@@ -4025,7 +3916,7 @@
* If partial is non-zero, keep data in the input buffer and client ID.
* (Use when a DTLS client reconnects from the same port.)
*/
-int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
+int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
@@ -4044,20 +3935,20 @@
ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
/* Cancel any possibly running timer */
- mbedtls_ssl_set_timer( ssl, 0 );
+ mbedtls_ssl_set_timer(ssl, 0);
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE;
ssl->renego_records_seen = 0;
ssl->verify_data_len = 0;
- memset( ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN );
- memset( ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN );
+ memset(ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN);
+ memset(ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN);
#endif
ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION;
ssl->in_offt = NULL;
- mbedtls_ssl_reset_in_out_pointers( ssl );
+ mbedtls_ssl_reset_in_out_pointers(ssl);
ssl->in_msgtype = 0;
ssl->in_msglen = 0;
@@ -4066,7 +3957,7 @@
ssl->in_epoch = 0;
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- mbedtls_ssl_dtls_replay_reset( ssl );
+ mbedtls_ssl_dtls_replay_reset(ssl);
#endif
ssl->in_hslen = 0;
@@ -4078,11 +3969,12 @@
ssl->out_msglen = 0;
ssl->out_left = 0;
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
- if( ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED )
+ if (ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED) {
ssl->split_done = 0;
+ }
#endif
- memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
+ memset(ssl->cur_out_ctr, 0, sizeof(ssl->cur_out_ctr));
ssl->transform_in = NULL;
ssl->transform_out = NULL;
@@ -4090,42 +3982,38 @@
ssl->session_in = NULL;
ssl->session_out = NULL;
- memset( ssl->out_buf, 0, out_buf_len );
+ memset(ssl->out_buf, 0, out_buf_len);
int clear_in_buf = 1;
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
- if( partial != 0 )
+ if (partial != 0) {
clear_in_buf = 0;
+ }
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
- if( clear_in_buf )
- {
+ if (clear_in_buf) {
ssl->in_left = 0;
- memset( ssl->in_buf, 0, in_buf_len );
+ memset(ssl->in_buf, 0, in_buf_len);
}
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
- if( mbedtls_ssl_hw_record_reset != NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_reset()" ) );
- if( ( ret = mbedtls_ssl_hw_record_reset( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_reset", ret );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ if (mbedtls_ssl_hw_record_reset != NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("going for mbedtls_ssl_hw_record_reset()"));
+ if ((ret = mbedtls_ssl_hw_record_reset(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_reset", ret);
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
}
#endif
- if( ssl->transform )
- {
- mbedtls_ssl_transform_free( ssl->transform );
- mbedtls_free( ssl->transform );
+ if (ssl->transform) {
+ mbedtls_ssl_transform_free(ssl->transform);
+ mbedtls_free(ssl->transform);
ssl->transform = NULL;
}
- if( ssl->session )
- {
- mbedtls_ssl_session_free( ssl->session );
- mbedtls_free( ssl->session );
+ if (ssl->session) {
+ mbedtls_ssl_session_free(ssl->session);
+ mbedtls_free(ssl->session);
ssl->session = NULL;
}
@@ -4136,54 +4024,55 @@
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
int free_cli_id = 1;
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
- if( partial != 0 )
+ if (partial != 0) {
free_cli_id = 0;
+ }
#endif
- if( free_cli_id )
- {
- mbedtls_free( ssl->cli_id );
+ if (free_cli_id) {
+ mbedtls_free(ssl->cli_id);
ssl->cli_id = NULL;
ssl->cli_id_len = 0;
}
#endif
- if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
- return( ret );
+ if ((ret = ssl_handshake_init(ssl)) != 0) {
+ return ret;
+ }
- return( 0 );
+ return 0;
}
/*
* Reset an initialized and used SSL context for re-use while retaining
* all application-set variables, function pointers and data.
*/
-int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl)
{
- return( mbedtls_ssl_session_reset_int( ssl, 0 ) );
+ return mbedtls_ssl_session_reset_int(ssl, 0);
}
/*
* SSL set accessors
*/
-void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint )
+void mbedtls_ssl_conf_endpoint(mbedtls_ssl_config *conf, int endpoint)
{
conf->endpoint = endpoint;
}
-void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport )
+void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport)
{
conf->transport = transport;
}
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode )
+void mbedtls_ssl_conf_dtls_anti_replay(mbedtls_ssl_config *conf, char mode)
{
conf->anti_replay = mode;
}
#endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
-void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit )
+void mbedtls_ssl_conf_dtls_badmac_limit(mbedtls_ssl_config *conf, unsigned limit)
{
conf->badmac_limit = limit;
}
@@ -4191,56 +4080,56 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
-void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
- unsigned allow_packing )
+void mbedtls_ssl_set_datagram_packing(mbedtls_ssl_context *ssl,
+ unsigned allow_packing)
{
ssl->disable_datagram_packing = !allow_packing;
}
-void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf,
- uint32_t min, uint32_t max )
+void mbedtls_ssl_conf_handshake_timeout(mbedtls_ssl_config *conf,
+ uint32_t min, uint32_t max)
{
conf->hs_timeout_min = min;
conf->hs_timeout_max = max;
}
#endif
-void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode )
+void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode)
{
conf->authmode = authmode;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy )
+void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy)
{
conf->f_vrfy = f_vrfy;
conf->p_vrfy = p_vrfy;
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
conf->f_rng = f_rng;
conf->p_rng = p_rng;
}
-void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
- void (*f_dbg)(void *, int, const char *, int, const char *),
- void *p_dbg )
+void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf,
+ void (*f_dbg)(void *, int, const char *, int, const char *),
+ void *p_dbg)
{
conf->f_dbg = f_dbg;
conf->p_dbg = p_dbg;
}
-void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
- void *p_bio,
- mbedtls_ssl_send_t *f_send,
- mbedtls_ssl_recv_t *f_recv,
- mbedtls_ssl_recv_timeout_t *f_recv_timeout )
+void mbedtls_ssl_set_bio(mbedtls_ssl_context *ssl,
+ void *p_bio,
+ mbedtls_ssl_send_t *f_send,
+ mbedtls_ssl_recv_t *f_recv,
+ mbedtls_ssl_recv_timeout_t *f_recv_timeout)
{
ssl->p_bio = p_bio;
ssl->f_send = f_send;
@@ -4249,35 +4138,35 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
-void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu )
+void mbedtls_ssl_set_mtu(mbedtls_ssl_context *ssl, uint16_t mtu)
{
ssl->mtu = mtu;
}
#endif
-void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
+void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout)
{
conf->read_timeout = timeout;
}
-void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
- void *p_timer,
- mbedtls_ssl_set_timer_t *f_set_timer,
- mbedtls_ssl_get_timer_t *f_get_timer )
+void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl,
+ void *p_timer,
+ mbedtls_ssl_set_timer_t *f_set_timer,
+ mbedtls_ssl_get_timer_t *f_get_timer)
{
ssl->p_timer = p_timer;
ssl->f_set_timer = f_set_timer;
ssl->f_get_timer = f_get_timer;
/* Make sure we start with no timer running */
- mbedtls_ssl_set_timer( ssl, 0 );
+ mbedtls_ssl_set_timer(ssl, 0);
}
#if defined(MBEDTLS_SSL_SRV_C)
-void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
- void *p_cache,
- int (*f_get_cache)(void *, mbedtls_ssl_session *),
- int (*f_set_cache)(void *, const mbedtls_ssl_session *) )
+void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf,
+ void *p_cache,
+ int (*f_get_cache)(void *, mbedtls_ssl_session *),
+ int (*f_set_cache)(void *, const mbedtls_ssl_session *))
{
conf->p_cache = p_cache;
conf->f_get_cache = f_get_cache;
@@ -4286,30 +4175,30 @@
#endif /* MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_CLI_C)
-int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session )
+int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ssl == NULL ||
+ if (ssl == NULL ||
session == NULL ||
ssl->session_negotiate == NULL ||
- ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate,
- session ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_ssl_session_copy(ssl->session_negotiate,
+ session)) != 0) {
+ return ret;
+ }
ssl->handshake->resume = 1;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_CLI_C */
-void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
- const int *ciphersuites )
+void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf,
+ const int *ciphersuites)
{
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites;
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites;
@@ -4317,68 +4206,69 @@
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites;
}
-void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
- const int *ciphersuites,
- int major, int minor )
+void mbedtls_ssl_conf_ciphersuites_for_version(mbedtls_ssl_config *conf,
+ const int *ciphersuites,
+ int major, int minor)
{
- if( major != MBEDTLS_SSL_MAJOR_VERSION_3 )
+ if (major != MBEDTLS_SSL_MAJOR_VERSION_3) {
return;
+ }
- if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 )
+ if (minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3) {
return;
+ }
conf->ciphersuite_list[minor] = ciphersuites;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
- const mbedtls_x509_crt_profile *profile )
+void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf,
+ const mbedtls_x509_crt_profile *profile)
{
conf->cert_profile = profile;
}
/* Append a new keycert entry to a (possibly empty) list */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_append_key_cert( mbedtls_ssl_key_cert **head,
- mbedtls_x509_crt *cert,
- mbedtls_pk_context *key )
+static int ssl_append_key_cert(mbedtls_ssl_key_cert **head,
+ mbedtls_x509_crt *cert,
+ mbedtls_pk_context *key)
{
mbedtls_ssl_key_cert *new_cert;
- new_cert = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) );
- if( new_cert == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ new_cert = mbedtls_calloc(1, sizeof(mbedtls_ssl_key_cert));
+ if (new_cert == NULL) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
new_cert->cert = cert;
new_cert->key = key;
new_cert->next = NULL;
/* Update head is the list was null, else add to the end */
- if( *head == NULL )
- {
+ if (*head == NULL) {
*head = new_cert;
- }
- else
- {
+ } else {
mbedtls_ssl_key_cert *cur = *head;
- while( cur->next != NULL )
+ while (cur->next != NULL) {
cur = cur->next;
+ }
cur->next = new_cert;
}
- return( 0 );
+ return 0;
}
-int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
+int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf,
mbedtls_x509_crt *own_cert,
- mbedtls_pk_context *pk_key )
+ mbedtls_pk_context *pk_key)
{
- return( ssl_append_key_cert( &conf->key_cert, own_cert, pk_key ) );
+ return ssl_append_key_cert(&conf->key_cert, own_cert, pk_key);
}
-void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
+void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf,
mbedtls_x509_crt *ca_chain,
- mbedtls_x509_crl *ca_crl )
+ mbedtls_x509_crl *ca_crl)
{
conf->ca_chain = ca_chain;
conf->ca_crl = ca_crl;
@@ -4392,9 +4282,9 @@
}
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
-void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
- mbedtls_x509_crt_ca_cb_t f_ca_cb,
- void *p_ca_cb )
+void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf,
+ mbedtls_x509_crt_ca_cb_t f_ca_cb,
+ void *p_ca_cb)
{
conf->f_ca_cb = f_ca_cb;
conf->p_ca_cb = p_ca_cb;
@@ -4408,33 +4298,33 @@
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *own_cert,
- mbedtls_pk_context *pk_key )
+int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *own_cert,
+ mbedtls_pk_context *pk_key)
{
- return( ssl_append_key_cert( &ssl->handshake->sni_key_cert,
- own_cert, pk_key ) );
+ return ssl_append_key_cert(&ssl->handshake->sni_key_cert,
+ own_cert, pk_key);
}
-void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *ca_chain,
- mbedtls_x509_crl *ca_crl )
+void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *ca_chain,
+ mbedtls_x509_crl *ca_crl)
{
ssl->handshake->sni_ca_chain = ca_chain;
ssl->handshake->sni_ca_crl = ca_crl;
}
-void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
- int authmode )
+void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl,
+ int authmode)
{
ssl->handshake->sni_authmode = authmode;
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy )
+void mbedtls_ssl_set_verify(mbedtls_ssl_context *ssl,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy)
{
ssl->f_vrfy = f_vrfy;
ssl->p_vrfy = p_vrfy;
@@ -4445,36 +4335,37 @@
/*
* Set EC J-PAKE password for current handshake
*/
-int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
- const unsigned char *pw,
- size_t pw_len )
+int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl,
+ const unsigned char *pw,
+ size_t pw_len)
{
mbedtls_ecjpake_role role;
- if( ssl->handshake == NULL || ssl->conf == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->handshake == NULL || ssl->conf == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
role = MBEDTLS_ECJPAKE_SERVER;
- else
+ } else {
role = MBEDTLS_ECJPAKE_CLIENT;
+ }
- return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx,
- role,
- MBEDTLS_MD_SHA256,
- MBEDTLS_ECP_DP_SECP256R1,
- pw, pw_len ) );
+ return mbedtls_ecjpake_setup(&ssl->handshake->ecjpake_ctx,
+ role,
+ MBEDTLS_MD_SHA256,
+ MBEDTLS_ECP_DP_SECP256R1,
+ pw, pw_len);
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-static void ssl_conf_remove_psk( mbedtls_ssl_config *conf )
+static void ssl_conf_remove_psk(mbedtls_ssl_config *conf)
{
/* Remove reference to existing PSK, if any. */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
- {
+ if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
/* The maintenance of the PSK key slot is the
* user's responsibility. */
conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
@@ -4485,19 +4376,17 @@
* configured simultaneously. As a safeguard,
* though, `else` is omitted here. */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( conf->psk != NULL )
- {
- mbedtls_platform_zeroize( conf->psk, conf->psk_len );
+ if (conf->psk != NULL) {
+ mbedtls_platform_zeroize(conf->psk, conf->psk_len);
- mbedtls_free( conf->psk );
+ mbedtls_free(conf->psk);
conf->psk = NULL;
conf->psk_len = 0;
}
/* Remove reference to PSK identity, if any. */
- if( conf->psk_identity != NULL )
- {
- mbedtls_free( conf->psk_identity );
+ if (conf->psk_identity != NULL) {
+ mbedtls_free(conf->psk_identity);
conf->psk_identity = NULL;
conf->psk_identity_len = 0;
}
@@ -4508,136 +4397,144 @@
* to make a copy of it in the SSL config.
* On failure, the PSK identity in the config remains unset. */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_conf_set_psk_identity( mbedtls_ssl_config *conf,
- unsigned char const *psk_identity,
- size_t psk_identity_len )
+static int ssl_conf_set_psk_identity(mbedtls_ssl_config *conf,
+ unsigned char const *psk_identity,
+ size_t psk_identity_len)
{
/* Identity len will be encoded on two bytes */
- if( psk_identity == NULL ||
- ( psk_identity_len >> 16 ) != 0 ||
- psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (psk_identity == NULL ||
+ (psk_identity_len >> 16) != 0 ||
+ psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- conf->psk_identity = mbedtls_calloc( 1, psk_identity_len );
- if( conf->psk_identity == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ conf->psk_identity = mbedtls_calloc(1, psk_identity_len);
+ if (conf->psk_identity == NULL) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
conf->psk_identity_len = psk_identity_len;
- memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len );
+ memcpy(conf->psk_identity, psk_identity, conf->psk_identity_len);
- return( 0 );
+ return 0;
}
-int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
- const unsigned char *psk, size_t psk_len,
- const unsigned char *psk_identity, size_t psk_identity_len )
+int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf,
+ const unsigned char *psk, size_t psk_len,
+ const unsigned char *psk_identity, size_t psk_identity_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Remove opaque/raw PSK + PSK Identity */
- ssl_conf_remove_psk( conf );
+ ssl_conf_remove_psk(conf);
/* Check and set raw PSK */
- if( psk == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- if( psk_len == 0 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- if( psk_len > MBEDTLS_PSK_MAX_LEN )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (psk == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
+ if (psk_len == 0) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
+ if (psk_len > MBEDTLS_PSK_MAX_LEN) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ if ((conf->psk = mbedtls_calloc(1, psk_len)) == NULL) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
conf->psk_len = psk_len;
- memcpy( conf->psk, psk, conf->psk_len );
+ memcpy(conf->psk, psk, conf->psk_len);
/* Check and set PSK Identity */
- ret = ssl_conf_set_psk_identity( conf, psk_identity, psk_identity_len );
- if( ret != 0 )
- ssl_conf_remove_psk( conf );
+ ret = ssl_conf_set_psk_identity(conf, psk_identity, psk_identity_len);
+ if (ret != 0) {
+ ssl_conf_remove_psk(conf);
+ }
- return( ret );
+ return ret;
}
-static void ssl_remove_psk( mbedtls_ssl_context *ssl )
+static void ssl_remove_psk(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
- {
+ if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
- }
- else
+ } else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( ssl->handshake->psk != NULL )
- {
- mbedtls_platform_zeroize( ssl->handshake->psk,
- ssl->handshake->psk_len );
- mbedtls_free( ssl->handshake->psk );
+ if (ssl->handshake->psk != NULL) {
+ mbedtls_platform_zeroize(ssl->handshake->psk,
+ ssl->handshake->psk_len);
+ mbedtls_free(ssl->handshake->psk);
ssl->handshake->psk_len = 0;
}
}
-int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
- const unsigned char *psk, size_t psk_len )
+int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl,
+ const unsigned char *psk, size_t psk_len)
{
- if( psk == NULL || ssl->handshake == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (psk == NULL || ssl->handshake == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- if( psk_len > MBEDTLS_PSK_MAX_LEN )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (psk_len > MBEDTLS_PSK_MAX_LEN) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- ssl_remove_psk( ssl );
+ ssl_remove_psk(ssl);
- if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ if ((ssl->handshake->psk = mbedtls_calloc(1, psk_len)) == NULL) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
ssl->handshake->psk_len = psk_len;
- memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len );
+ memcpy(ssl->handshake->psk, psk, ssl->handshake->psk_len);
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
- psa_key_id_t psk,
- const unsigned char *psk_identity,
- size_t psk_identity_len )
+int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf,
+ psa_key_id_t psk,
+ const unsigned char *psk_identity,
+ size_t psk_identity_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Clear opaque/raw PSK + PSK Identity, if present. */
- ssl_conf_remove_psk( conf );
+ ssl_conf_remove_psk(conf);
/* Check and set opaque PSK */
- if( mbedtls_svc_key_id_is_null( psk ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (mbedtls_svc_key_id_is_null(psk)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
conf->psk_opaque = psk;
/* Check and set PSK Identity */
- ret = ssl_conf_set_psk_identity( conf, psk_identity,
- psk_identity_len );
- if( ret != 0 )
- ssl_conf_remove_psk( conf );
+ ret = ssl_conf_set_psk_identity(conf, psk_identity,
+ psk_identity_len);
+ if (ret != 0) {
+ ssl_conf_remove_psk(conf);
+ }
- return( ret );
+ return ret;
}
-int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
- psa_key_id_t psk )
+int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl,
+ psa_key_id_t psk)
{
- if( ( mbedtls_svc_key_id_is_null( psk ) ) ||
- ( ssl->handshake == NULL ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if ((mbedtls_svc_key_id_is_null(psk)) ||
+ (ssl->handshake == NULL)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- ssl_remove_psk( ssl );
+ ssl_remove_psk(ssl);
ssl->handshake->psk_opaque = psk;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
- int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
- size_t),
- void *p_psk )
+void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf,
+ int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
+ size_t),
+ void *p_psk)
{
conf->f_psk = f_psk;
conf->p_psk = p_psk;
@@ -4647,58 +4544,55 @@
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G )
+int mbedtls_ssl_conf_dh_param(mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 ||
- ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 )
- {
- mbedtls_mpi_free( &conf->dhm_P );
- mbedtls_mpi_free( &conf->dhm_G );
- return( ret );
+ if ((ret = mbedtls_mpi_read_string(&conf->dhm_P, 16, dhm_P)) != 0 ||
+ (ret = mbedtls_mpi_read_string(&conf->dhm_G, 16, dhm_G)) != 0) {
+ mbedtls_mpi_free(&conf->dhm_P);
+ mbedtls_mpi_free(&conf->dhm_G);
+ return ret;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
-int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
- const unsigned char *dhm_P, size_t P_len,
- const unsigned char *dhm_G, size_t G_len )
+int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf,
+ const unsigned char *dhm_P, size_t P_len,
+ const unsigned char *dhm_G, size_t G_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_mpi_free( &conf->dhm_P );
- mbedtls_mpi_free( &conf->dhm_G );
+ mbedtls_mpi_free(&conf->dhm_P);
+ mbedtls_mpi_free(&conf->dhm_G);
- if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 ||
- ( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 )
- {
- mbedtls_mpi_free( &conf->dhm_P );
- mbedtls_mpi_free( &conf->dhm_G );
- return( ret );
+ if ((ret = mbedtls_mpi_read_binary(&conf->dhm_P, dhm_P, P_len)) != 0 ||
+ (ret = mbedtls_mpi_read_binary(&conf->dhm_G, dhm_G, G_len)) != 0) {
+ mbedtls_mpi_free(&conf->dhm_P);
+ mbedtls_mpi_free(&conf->dhm_G);
+ return ret;
}
- return( 0 );
+ return 0;
}
-int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx )
+int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_mpi_free( &conf->dhm_P );
- mbedtls_mpi_free( &conf->dhm_G );
+ mbedtls_mpi_free(&conf->dhm_P);
+ mbedtls_mpi_free(&conf->dhm_G);
- if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 ||
- ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 )
- {
- mbedtls_mpi_free( &conf->dhm_P );
- mbedtls_mpi_free( &conf->dhm_G );
- return( ret );
+ if ((ret = mbedtls_mpi_copy(&conf->dhm_P, &dhm_ctx->P)) != 0 ||
+ (ret = mbedtls_mpi_copy(&conf->dhm_G, &dhm_ctx->G)) != 0) {
+ mbedtls_mpi_free(&conf->dhm_P);
+ mbedtls_mpi_free(&conf->dhm_G);
+ return ret;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */
@@ -4706,8 +4600,8 @@
/*
* Set the minimum length for Diffie-Hellman parameters
*/
-void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
- unsigned int bitlen )
+void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf,
+ unsigned int bitlen)
{
conf->dhm_min_bitlen = bitlen;
}
@@ -4717,8 +4611,8 @@
/*
* Set allowed/preferred hashes for handshake signatures
*/
-void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
- const int *hashes )
+void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf,
+ const int *hashes)
{
conf->sig_hashes = hashes;
}
@@ -4728,64 +4622,61 @@
/*
* Set the allowed elliptic curves
*/
-void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
- const mbedtls_ecp_group_id *curve_list )
+void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
+ const mbedtls_ecp_group_id *curve_list)
{
conf->curve_list = curve_list;
}
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
+int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname)
{
/* Initialize to suppress unnecessary compiler warning */
size_t hostname_len = 0;
/* Check if new hostname is valid before
* making any change to current one */
- if( hostname != NULL )
- {
- hostname_len = strlen( hostname );
+ if (hostname != NULL) {
+ hostname_len = strlen(hostname);
- if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
}
/* Now it's clear that we will overwrite the old hostname,
* so we can free it safely */
- if( ssl->hostname != NULL )
- {
- mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
- mbedtls_free( ssl->hostname );
+ if (ssl->hostname != NULL) {
+ mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname));
+ mbedtls_free(ssl->hostname);
}
/* Passing NULL as hostname shall clear the old one */
- if( hostname == NULL )
- {
+ if (hostname == NULL) {
ssl->hostname = NULL;
- }
- else
- {
- ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 );
- if( ssl->hostname == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ } else {
+ ssl->hostname = mbedtls_calloc(1, hostname_len + 1);
+ if (ssl->hostname == NULL) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
- memcpy( ssl->hostname, hostname, hostname_len );
+ memcpy(ssl->hostname, hostname, hostname_len);
ssl->hostname[hostname_len] = '\0';
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
- int (*f_sni)(void *, mbedtls_ssl_context *,
- const unsigned char *, size_t),
- void *p_sni )
+void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf,
+ int (*f_sni)(void *, mbedtls_ssl_context *,
+ const unsigned char *, size_t),
+ void *p_sni)
{
conf->f_sni = f_sni;
conf->p_sni = p_sni;
@@ -4793,7 +4684,7 @@
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_ALPN)
-int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos )
+int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos)
{
size_t cur_len, tot_len;
const char **p;
@@ -4804,221 +4695,210 @@
* We check lengths now rather than later.
*/
tot_len = 0;
- for( p = protos; *p != NULL; p++ )
- {
- cur_len = strlen( *p );
+ for (p = protos; *p != NULL; p++) {
+ cur_len = strlen(*p);
tot_len += cur_len;
- if( ( cur_len == 0 ) ||
- ( cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN ) ||
- ( tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if ((cur_len == 0) ||
+ (cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN) ||
+ (tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
}
conf->alpn_list = protos;
- return( 0 );
+ return 0;
}
-const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl )
+const char *mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl)
{
- return( ssl->alpn_chosen );
+ return ssl->alpn_chosen;
}
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
-void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf,
- int support_mki_value )
+void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf,
+ int support_mki_value)
{
conf->dtls_srtp_mki_support = support_mki_value;
}
-int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
- unsigned char *mki_value,
- uint16_t mki_len )
+int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl,
+ unsigned char *mki_value,
+ uint16_t mki_len)
{
- if( mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED )
- {
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED) {
+ return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
}
- memcpy( ssl->dtls_srtp_info.mki_value, mki_value, mki_len );
+ memcpy(ssl->dtls_srtp_info.mki_value, mki_value, mki_len);
ssl->dtls_srtp_info.mki_len = mki_len;
- return( 0 );
+ return 0;
}
-int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf,
- const mbedtls_ssl_srtp_profile *profiles )
+int mbedtls_ssl_conf_dtls_srtp_protection_profiles(mbedtls_ssl_config *conf,
+ const mbedtls_ssl_srtp_profile *profiles)
{
const mbedtls_ssl_srtp_profile *p;
size_t list_size = 0;
/* check the profiles list: all entry must be valid,
* its size cannot be more than the total number of supported profiles, currently 4 */
- for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET &&
- list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH;
- p++ )
- {
- if( mbedtls_ssl_check_srtp_profile_value( *p ) != MBEDTLS_TLS_SRTP_UNSET )
- {
+ for (p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET &&
+ list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH;
+ p++) {
+ if (mbedtls_ssl_check_srtp_profile_value(*p) != MBEDTLS_TLS_SRTP_UNSET) {
list_size++;
- }
- else
- {
+ } else {
/* unsupported value, stop parsing and set the size to an error value */
list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH + 1;
}
}
- if( list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH )
- {
- conf->dtls_srtp_profile_list = NULL;
- conf->dtls_srtp_profile_list_len = 0;
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH) {
+ conf->dtls_srtp_profile_list = NULL;
+ conf->dtls_srtp_profile_list_len = 0;
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
conf->dtls_srtp_profile_list = profiles;
conf->dtls_srtp_profile_list_len = list_size;
- return( 0 );
+ return 0;
}
-void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl,
- mbedtls_dtls_srtp_info *dtls_srtp_info )
+void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl,
+ mbedtls_dtls_srtp_info *dtls_srtp_info)
{
dtls_srtp_info->chosen_dtls_srtp_profile = ssl->dtls_srtp_info.chosen_dtls_srtp_profile;
/* do not copy the mki value if there is no chosen profile */
- if( dtls_srtp_info->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET )
- {
+ if (dtls_srtp_info->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET) {
dtls_srtp_info->mki_len = 0;
- }
- else
- {
+ } else {
dtls_srtp_info->mki_len = ssl->dtls_srtp_info.mki_len;
- memcpy( dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value,
- ssl->dtls_srtp_info.mki_len );
+ memcpy(dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value,
+ ssl->dtls_srtp_info.mki_len);
}
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
-void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor )
+void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, int minor)
{
conf->max_major_ver = major;
conf->max_minor_ver = minor;
}
-void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor )
+void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, int minor)
{
conf->min_major_ver = major;
conf->min_minor_ver = minor;
}
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
-void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback )
+void mbedtls_ssl_conf_fallback(mbedtls_ssl_config *conf, char fallback)
{
conf->fallback = fallback;
}
#endif
#if defined(MBEDTLS_SSL_SRV_C)
-void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
- char cert_req_ca_list )
+void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf,
+ char cert_req_ca_list)
{
conf->cert_req_ca_list = cert_req_ca_list;
}
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm )
+void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm)
{
conf->encrypt_then_mac = etm;
}
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems )
+void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf, char ems)
{
conf->extended_ms = ems;
}
#endif
#if defined(MBEDTLS_ARC4_C)
-void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 )
+void mbedtls_ssl_conf_arc4_support(mbedtls_ssl_config *conf, char arc4)
{
conf->arc4_disabled = arc4;
}
#endif
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code )
+int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code)
{
- if( mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID ||
- ssl_mfl_code_to_length( mfl_code ) > MBEDTLS_TLS_EXT_ADV_CONTENT_LEN )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID ||
+ ssl_mfl_code_to_length(mfl_code) > MBEDTLS_TLS_EXT_ADV_CONTENT_LEN) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
conf->mfl_code = mfl_code;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate )
+void mbedtls_ssl_conf_truncated_hmac(mbedtls_ssl_config *conf, int truncate)
{
conf->trunc_hmac = truncate;
}
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split )
+void mbedtls_ssl_conf_cbc_record_splitting(mbedtls_ssl_config *conf, char split)
{
conf->cbc_record_splitting = split;
}
#endif
-void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy )
+void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf, int allow_legacy)
{
conf->allow_legacy_renegotiation = allow_legacy;
}
#if defined(MBEDTLS_SSL_RENEGOTIATION)
-void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation )
+void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf, int renegotiation)
{
conf->disable_renegotiation = renegotiation;
}
-void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records )
+void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf, int max_records)
{
conf->renego_max_records = max_records;
}
-void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
- const unsigned char period[8] )
+void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf,
+ const unsigned char period[8])
{
- memcpy( conf->renego_period, period, 8 );
+ memcpy(conf->renego_period, period, 8);
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
#if defined(MBEDTLS_SSL_CLI_C)
-void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets )
+void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets)
{
conf->session_tickets = use_tickets;
}
#endif
#if defined(MBEDTLS_SSL_SRV_C)
-void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_ticket_write_t *f_ticket_write,
- mbedtls_ssl_ticket_parse_t *f_ticket_parse,
- void *p_ticket )
+void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf,
+ mbedtls_ssl_ticket_write_t *f_ticket_write,
+ mbedtls_ssl_ticket_parse_t *f_ticket_parse,
+ void *p_ticket)
{
conf->f_ticket_write = f_ticket_write;
conf->f_ticket_parse = f_ticket_parse;
@@ -5028,17 +4908,17 @@
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_export_keys_t *f_export_keys,
- void *p_export_keys )
+void mbedtls_ssl_conf_export_keys_cb(mbedtls_ssl_config *conf,
+ mbedtls_ssl_export_keys_t *f_export_keys,
+ void *p_export_keys)
{
conf->f_export_keys = f_export_keys;
conf->p_export_keys = p_export_keys;
}
-void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_export_keys_ext_t *f_export_keys_ext,
- void *p_export_keys )
+void mbedtls_ssl_conf_export_keys_ext_cb(mbedtls_ssl_config *conf,
+ mbedtls_ssl_export_keys_ext_t *f_export_keys_ext,
+ void *p_export_keys)
{
conf->f_export_keys_ext = f_export_keys_ext;
conf->p_export_keys = p_export_keys;
@@ -5052,7 +4932,7 @@
mbedtls_ssl_async_decrypt_t *f_async_decrypt,
mbedtls_ssl_async_resume_t *f_async_resume,
mbedtls_ssl_async_cancel_t *f_async_cancel,
- void *async_config_data )
+ void *async_config_data)
{
conf->f_async_sign_start = f_async_sign;
conf->f_async_decrypt_start = f_async_decrypt;
@@ -5061,178 +4941,176 @@
conf->p_async_config_data = async_config_data;
}
-void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf )
+void *mbedtls_ssl_conf_get_async_config_data(const mbedtls_ssl_config *conf)
{
- return( conf->p_async_config_data );
+ return conf->p_async_config_data;
}
-void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl )
+void *mbedtls_ssl_get_async_operation_data(const mbedtls_ssl_context *ssl)
{
- if( ssl->handshake == NULL )
- return( NULL );
- else
- return( ssl->handshake->user_async_ctx );
+ if (ssl->handshake == NULL) {
+ return NULL;
+ } else {
+ return ssl->handshake->user_async_ctx;
+ }
}
-void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl,
- void *ctx )
+void mbedtls_ssl_set_async_operation_data(mbedtls_ssl_context *ssl,
+ void *ctx)
{
- if( ssl->handshake != NULL )
+ if (ssl->handshake != NULL) {
ssl->handshake->user_async_ctx = ctx;
+ }
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
/*
* SSL get accessors
*/
-uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl )
+uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl)
{
- if( ssl->session != NULL )
- return( ssl->session->verify_result );
+ if (ssl->session != NULL) {
+ return ssl->session->verify_result;
+ }
- if( ssl->session_negotiate != NULL )
- return( ssl->session_negotiate->verify_result );
+ if (ssl->session_negotiate != NULL) {
+ return ssl->session_negotiate->verify_result;
+ }
- return( 0xFFFFFFFF );
+ return 0xFFFFFFFF;
}
-const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl )
+const char *mbedtls_ssl_get_ciphersuite(const mbedtls_ssl_context *ssl)
{
- if( ssl == NULL || ssl->session == NULL )
- return( NULL );
+ if (ssl == NULL || ssl->session == NULL) {
+ return NULL;
+ }
- return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite );
+ return mbedtls_ssl_get_ciphersuite_name(ssl->session->ciphersuite);
}
-const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
+const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- switch( ssl->minor_ver )
- {
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ switch (ssl->minor_ver) {
case MBEDTLS_SSL_MINOR_VERSION_2:
- return( "DTLSv1.0" );
+ return "DTLSv1.0";
case MBEDTLS_SSL_MINOR_VERSION_3:
- return( "DTLSv1.2" );
+ return "DTLSv1.2";
default:
- return( "unknown (DTLS)" );
+ return "unknown (DTLS)";
}
}
#endif
- switch( ssl->minor_ver )
- {
+ switch (ssl->minor_ver) {
case MBEDTLS_SSL_MINOR_VERSION_0:
- return( "SSLv3.0" );
+ return "SSLv3.0";
case MBEDTLS_SSL_MINOR_VERSION_1:
- return( "TLSv1.0" );
+ return "TLSv1.0";
case MBEDTLS_SSL_MINOR_VERSION_2:
- return( "TLSv1.1" );
+ return "TLSv1.1";
case MBEDTLS_SSL_MINOR_VERSION_3:
- return( "TLSv1.2" );
+ return "TLSv1.2";
default:
- return( "unknown" );
+ return "unknown";
}
}
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl )
+size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl)
{
size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN;
size_t read_mfl;
/* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
- ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE )
- {
- return ssl_mfl_code_to_length( ssl->conf->mfl_code );
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+ ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE) {
+ return ssl_mfl_code_to_length(ssl->conf->mfl_code);
}
/* Check if a smaller max length was negotiated */
- if( ssl->session_out != NULL )
- {
- read_mfl = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
- if( read_mfl < max_len )
- {
+ if (ssl->session_out != NULL) {
+ read_mfl = ssl_mfl_code_to_length(ssl->session_out->mfl_code);
+ if (read_mfl < max_len) {
max_len = read_mfl;
}
}
// During a handshake, use the value being negotiated
- if( ssl->session_negotiate != NULL )
- {
- read_mfl = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
- if( read_mfl < max_len )
- {
+ if (ssl->session_negotiate != NULL) {
+ read_mfl = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code);
+ if (read_mfl < max_len) {
max_len = read_mfl;
}
}
- return( max_len );
+ return max_len;
}
-size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl )
+size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl)
{
size_t max_len;
/*
* Assume mfl_code is correct since it was checked when set
*/
- max_len = ssl_mfl_code_to_length( ssl->conf->mfl_code );
+ max_len = ssl_mfl_code_to_length(ssl->conf->mfl_code);
/* Check if a smaller max length was negotiated */
- if( ssl->session_out != NULL &&
- ssl_mfl_code_to_length( ssl->session_out->mfl_code ) < max_len )
- {
- max_len = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
+ if (ssl->session_out != NULL &&
+ ssl_mfl_code_to_length(ssl->session_out->mfl_code) < max_len) {
+ max_len = ssl_mfl_code_to_length(ssl->session_out->mfl_code);
}
/* During a handshake, use the value being negotiated */
- if( ssl->session_negotiate != NULL &&
- ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ) < max_len )
- {
- max_len = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
+ if (ssl->session_negotiate != NULL &&
+ ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code) < max_len) {
+ max_len = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code);
}
- return( max_len );
+ return max_len;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
+size_t mbedtls_ssl_get_max_frag_len(const mbedtls_ssl_context *ssl)
{
- return mbedtls_ssl_get_output_max_frag_len( ssl );
+ return mbedtls_ssl_get_output_max_frag_len(ssl);
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
-size_t mbedtls_ssl_get_current_mtu( const mbedtls_ssl_context *ssl )
+size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl)
{
/* Return unlimited mtu for client hello messages to avoid fragmentation. */
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
- ( ssl->state == MBEDTLS_SSL_CLIENT_HELLO ||
- ssl->state == MBEDTLS_SSL_SERVER_HELLO ) )
- return ( 0 );
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+ (ssl->state == MBEDTLS_SSL_CLIENT_HELLO ||
+ ssl->state == MBEDTLS_SSL_SERVER_HELLO)) {
+ return 0;
+ }
- if( ssl->handshake == NULL || ssl->handshake->mtu == 0 )
- return( ssl->mtu );
+ if (ssl->handshake == NULL || ssl->handshake->mtu == 0) {
+ return ssl->mtu;
+ }
- if( ssl->mtu == 0 )
- return( ssl->handshake->mtu );
+ if (ssl->mtu == 0) {
+ return ssl->handshake->mtu;
+ }
- return( ssl->mtu < ssl->handshake->mtu ?
- ssl->mtu : ssl->handshake->mtu );
+ return ssl->mtu < ssl->handshake->mtu ?
+ ssl->mtu : ssl->handshake->mtu;
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
-int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
+int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl)
{
size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
@@ -5242,30 +5120,31 @@
#endif
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl );
+ const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl);
- if( max_len > mfl )
+ if (max_len > mfl) {
max_len = mfl;
+ }
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( mbedtls_ssl_get_current_mtu( ssl ) != 0 )
- {
- const size_t mtu = mbedtls_ssl_get_current_mtu( ssl );
- const int ret = mbedtls_ssl_get_record_expansion( ssl );
+ if (mbedtls_ssl_get_current_mtu(ssl) != 0) {
+ const size_t mtu = mbedtls_ssl_get_current_mtu(ssl);
+ const int ret = mbedtls_ssl_get_record_expansion(ssl);
const size_t overhead = (size_t) ret;
- if( ret < 0 )
- return( ret );
-
- if( mtu <= overhead )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "MTU too low for record expansion" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ if (ret < 0) {
+ return ret;
}
- if( max_len > mtu - overhead )
+ if (mtu <= overhead) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("MTU too low for record expansion"));
+ return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ }
+
+ if (max_len > mtu - overhead) {
max_len = mtu - overhead;
+ }
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
@@ -5274,45 +5153,46 @@
((void) ssl);
#endif
- return( (int) max_len );
+ return (int) max_len;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
+const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl)
{
- if( ssl == NULL || ssl->session == NULL )
- return( NULL );
+ if (ssl == NULL || ssl->session == NULL) {
+ return NULL;
+ }
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- return( ssl->session->peer_cert );
+ return ssl->session->peer_cert;
#else
- return( NULL );
+ return NULL;
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_CLI_C)
-int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl,
- mbedtls_ssl_session *dst )
+int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
+ mbedtls_ssl_session *dst)
{
- if( ssl == NULL ||
+ if (ssl == NULL ||
dst == NULL ||
ssl->session == NULL ||
- ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- return( mbedtls_ssl_session_copy( dst, ssl->session ) );
+ return mbedtls_ssl_session_copy(dst, ssl->session);
}
#endif /* MBEDTLS_SSL_CLI_C */
-const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl )
+const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer(const mbedtls_ssl_context *ssl)
{
- if( ssl == NULL )
- return( NULL );
+ if (ssl == NULL) {
+ return NULL;
+ }
- return( ssl->session );
+ return ssl->session;
}
/*
@@ -5376,21 +5256,23 @@
#define SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT 6
#define SSL_SERIALIZED_SESSION_CONFIG_BITFLAG \
- ( (uint16_t) ( \
- ( SSL_SERIALIZED_SESSION_CONFIG_TIME << SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT ) | \
- ( SSL_SERIALIZED_SESSION_CONFIG_CRT << SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT ) | \
- ( SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET << SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT ) | \
- ( SSL_SERIALIZED_SESSION_CONFIG_MFL << SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT ) | \
- ( SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC << SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC_BIT ) | \
- ( SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT ) | \
- ( SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT ) ) )
+ ((uint16_t) ( \
+ (SSL_SERIALIZED_SESSION_CONFIG_TIME << SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT) | \
+ (SSL_SERIALIZED_SESSION_CONFIG_CRT << SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT) | \
+ (SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET << \
+ SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT) | \
+ (SSL_SERIALIZED_SESSION_CONFIG_MFL << SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT) | \
+ (SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC << \
+ SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC_BIT) | \
+ (SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT) | \
+ (SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT)))
static unsigned char ssl_serialized_session_header[] = {
MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR,
MBEDTLS_VERSION_PATCH,
- MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
- MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
+ MBEDTLS_BYTE_1(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG),
+ MBEDTLS_BYTE_0(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG),
};
/*
@@ -5428,11 +5310,11 @@
* together in one block.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_session_save( const mbedtls_ssl_session *session,
- unsigned char omit_header,
- unsigned char *buf,
- size_t buf_len,
- size_t *olen )
+static int ssl_session_save(const mbedtls_ssl_session *session,
+ unsigned char omit_header,
+ unsigned char *buf,
+ size_t buf_len,
+ size_t *olen)
{
unsigned char *p = buf;
size_t used = 0;
@@ -5446,19 +5328,17 @@
#endif /* MBEDTLS_X509_CRT_PARSE_C */
- if( !omit_header )
- {
+ if (!omit_header) {
/*
* Add version identifier
*/
- used += sizeof( ssl_serialized_session_header );
+ used += sizeof(ssl_serialized_session_header);
- if( used <= buf_len )
- {
- memcpy( p, ssl_serialized_session_header,
- sizeof( ssl_serialized_session_header ) );
- p += sizeof( ssl_serialized_session_header );
+ if (used <= buf_len) {
+ memcpy(p, ssl_serialized_session_header,
+ sizeof(ssl_serialized_session_header));
+ p += sizeof(ssl_serialized_session_header);
}
}
@@ -5468,11 +5348,10 @@
#if defined(MBEDTLS_HAVE_TIME)
used += 8;
- if( used <= buf_len )
- {
+ if (used <= buf_len) {
start = (uint64_t) session->start;
- MBEDTLS_PUT_UINT64_BE( start, p, 0 );
+ MBEDTLS_PUT_UINT64_BE(start, p, 0);
p += 8;
}
#endif /* MBEDTLS_HAVE_TIME */
@@ -5481,27 +5360,26 @@
* Basic mandatory fields
*/
used += 2 /* ciphersuite */
- + 1 /* compression */
- + 1 /* id_len */
- + sizeof( session->id )
- + sizeof( session->master )
- + 4; /* verify_result */
+ + 1 /* compression */
+ + 1 /* id_len */
+ + sizeof(session->id)
+ + sizeof(session->master)
+ + 4; /* verify_result */
- if( used <= buf_len )
- {
- MBEDTLS_PUT_UINT16_BE( session->ciphersuite, p, 0 );
+ if (used <= buf_len) {
+ MBEDTLS_PUT_UINT16_BE(session->ciphersuite, p, 0);
p += 2;
- *p++ = MBEDTLS_BYTE_0( session->compression );
+ *p++ = MBEDTLS_BYTE_0(session->compression);
- *p++ = MBEDTLS_BYTE_0( session->id_len );
- memcpy( p, session->id, 32 );
+ *p++ = MBEDTLS_BYTE_0(session->id_len);
+ memcpy(p, session->id, 32);
p += 32;
- memcpy( p, session->master, 48 );
+ memcpy(p, session->master, 48);
p += 48;
- MBEDTLS_PUT_UINT32_BE( session->verify_result, p, 0 );
+ MBEDTLS_PUT_UINT32_BE(session->verify_result, p, 0);
p += 4;
}
@@ -5510,43 +5388,37 @@
*/
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- if( session->peer_cert == NULL )
+ if (session->peer_cert == NULL) {
cert_len = 0;
- else
+ } else {
cert_len = session->peer_cert->raw.len;
+ }
used += 3 + cert_len;
- if( used <= buf_len )
- {
- *p++ = MBEDTLS_BYTE_2( cert_len );
- *p++ = MBEDTLS_BYTE_1( cert_len );
- *p++ = MBEDTLS_BYTE_0( cert_len );
+ if (used <= buf_len) {
+ *p++ = MBEDTLS_BYTE_2(cert_len);
+ *p++ = MBEDTLS_BYTE_1(cert_len);
+ *p++ = MBEDTLS_BYTE_0(cert_len);
- if( session->peer_cert != NULL )
- {
- memcpy( p, session->peer_cert->raw.p, cert_len );
+ if (session->peer_cert != NULL) {
+ memcpy(p, session->peer_cert->raw.p, cert_len);
p += cert_len;
}
}
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- if( session->peer_cert_digest != NULL )
- {
+ if (session->peer_cert_digest != NULL) {
used += 1 /* type */ + 1 /* length */ + session->peer_cert_digest_len;
- if( used <= buf_len )
- {
+ if (used <= buf_len) {
*p++ = (unsigned char) session->peer_cert_digest_type;
*p++ = (unsigned char) session->peer_cert_digest_len;
- memcpy( p, session->peer_cert_digest,
- session->peer_cert_digest_len );
+ memcpy(p, session->peer_cert_digest,
+ session->peer_cert_digest_len);
p += session->peer_cert_digest_len;
}
- }
- else
- {
+ } else {
used += 2;
- if( used <= buf_len )
- {
+ if (used <= buf_len) {
*p++ = (unsigned char) MBEDTLS_MD_NONE;
*p++ = 0;
}
@@ -5560,19 +5432,17 @@
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */
- if( used <= buf_len )
- {
- *p++ = MBEDTLS_BYTE_2( session->ticket_len );
- *p++ = MBEDTLS_BYTE_1( session->ticket_len );
- *p++ = MBEDTLS_BYTE_0( session->ticket_len );
+ if (used <= buf_len) {
+ *p++ = MBEDTLS_BYTE_2(session->ticket_len);
+ *p++ = MBEDTLS_BYTE_1(session->ticket_len);
+ *p++ = MBEDTLS_BYTE_0(session->ticket_len);
- if( session->ticket != NULL )
- {
- memcpy( p, session->ticket, session->ticket_len );
+ if (session->ticket != NULL) {
+ memcpy(p, session->ticket, session->ticket_len);
p += session->ticket_len;
}
- MBEDTLS_PUT_UINT32_BE( session->ticket_lifetime, p, 0 );
+ MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0);
p += 4;
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
@@ -5583,42 +5453,46 @@
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
used += 1;
- if( used <= buf_len )
+ if (used <= buf_len) {
*p++ = session->mfl_code;
+ }
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
used += 1;
- if( used <= buf_len )
- *p++ = (unsigned char)( ( session->trunc_hmac ) & 0xFF );
+ if (used <= buf_len) {
+ *p++ = (unsigned char) ((session->trunc_hmac) & 0xFF);
+ }
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
used += 1;
- if( used <= buf_len )
- *p++ = MBEDTLS_BYTE_0( session->encrypt_then_mac );
+ if (used <= buf_len) {
+ *p++ = MBEDTLS_BYTE_0(session->encrypt_then_mac);
+ }
#endif
/* Done */
*olen = used;
- if( used > buf_len )
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ if (used > buf_len) {
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
+ }
- return( 0 );
+ return 0;
}
/*
* Public wrapper for ssl_session_save()
*/
-int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
- unsigned char *buf,
- size_t buf_len,
- size_t *olen )
+int mbedtls_ssl_session_save(const mbedtls_ssl_session *session,
+ unsigned char *buf,
+ size_t buf_len,
+ size_t *olen)
{
- return( ssl_session_save( session, 0, buf, buf_len, olen ) );
+ return ssl_session_save(session, 0, buf, buf_len, olen);
}
/*
@@ -5628,10 +5502,10 @@
* case of error, and has an extra option omit_header.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_session_load( mbedtls_ssl_session *session,
- unsigned char omit_header,
- const unsigned char *buf,
- size_t len )
+static int ssl_session_load(mbedtls_ssl_session *session,
+ unsigned char omit_header,
+ const unsigned char *buf,
+ size_t len)
{
const unsigned char *p = buf;
const unsigned char * const end = buf + len;
@@ -5644,38 +5518,38 @@
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
- if( !omit_header )
- {
+ if (!omit_header) {
/*
* Check version identifier
*/
- if( (size_t)( end - p ) < sizeof( ssl_serialized_session_header ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- if( memcmp( p, ssl_serialized_session_header,
- sizeof( ssl_serialized_session_header ) ) != 0 )
- {
- return( MBEDTLS_ERR_SSL_VERSION_MISMATCH );
+ if ((size_t) (end - p) < sizeof(ssl_serialized_session_header)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- p += sizeof( ssl_serialized_session_header );
+
+ if (memcmp(p, ssl_serialized_session_header,
+ sizeof(ssl_serialized_session_header)) != 0) {
+ return MBEDTLS_ERR_SSL_VERSION_MISMATCH;
+ }
+ p += sizeof(ssl_serialized_session_header);
}
/*
* Time
*/
#if defined(MBEDTLS_HAVE_TIME)
- if( 8 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (8 > (size_t) (end - p)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- start = ( (uint64_t) p[0] << 56 ) |
- ( (uint64_t) p[1] << 48 ) |
- ( (uint64_t) p[2] << 40 ) |
- ( (uint64_t) p[3] << 32 ) |
- ( (uint64_t) p[4] << 24 ) |
- ( (uint64_t) p[5] << 16 ) |
- ( (uint64_t) p[6] << 8 ) |
- ( (uint64_t) p[7] );
+ start = ((uint64_t) p[0] << 56) |
+ ((uint64_t) p[1] << 48) |
+ ((uint64_t) p[2] << 40) |
+ ((uint64_t) p[3] << 32) |
+ ((uint64_t) p[4] << 24) |
+ ((uint64_t) p[5] << 16) |
+ ((uint64_t) p[6] << 8) |
+ ((uint64_t) p[7]);
p += 8;
session->start = (time_t) start;
@@ -5684,25 +5558,26 @@
/*
* Basic mandatory fields
*/
- if( 2 + 1 + 1 + 32 + 48 + 4 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (2 + 1 + 1 + 32 + 48 + 4 > (size_t) (end - p)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- session->ciphersuite = ( p[0] << 8 ) | p[1];
+ session->ciphersuite = (p[0] << 8) | p[1];
p += 2;
session->compression = *p++;
session->id_len = *p++;
- memcpy( session->id, p, 32 );
+ memcpy(session->id, p, 32);
p += 32;
- memcpy( session->master, p, 48 );
+ memcpy(session->master, p, 48);
p += 48;
- session->verify_result = ( (uint32_t) p[0] << 24 ) |
- ( (uint32_t) p[1] << 16 ) |
- ( (uint32_t) p[2] << 8 ) |
- ( (uint32_t) p[3] );
+ session->verify_result = ((uint32_t) p[0] << 24) |
+ ((uint32_t) p[1] << 16) |
+ ((uint32_t) p[2] << 8) |
+ ((uint32_t) p[3]);
p += 4;
/* Immediately clear invalid pointer values that have been read, in case
@@ -5724,64 +5599,69 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* Deserialize CRT from the end of the ticket. */
- if( 3 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (3 > (size_t) (end - p)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
+ cert_len = (p[0] << 16) | (p[1] << 8) | p[2];
p += 3;
- if( cert_len != 0 )
- {
+ if (cert_len != 0) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( cert_len > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (cert_len > (size_t) (end - p)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
+ session->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
- if( session->peer_cert == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ if (session->peer_cert == NULL) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
- mbedtls_x509_crt_init( session->peer_cert );
+ mbedtls_x509_crt_init(session->peer_cert);
- if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert,
- p, cert_len ) ) != 0 )
- {
- mbedtls_x509_crt_free( session->peer_cert );
- mbedtls_free( session->peer_cert );
+ if ((ret = mbedtls_x509_crt_parse_der(session->peer_cert,
+ p, cert_len)) != 0) {
+ mbedtls_x509_crt_free(session->peer_cert);
+ mbedtls_free(session->peer_cert);
session->peer_cert = NULL;
- return( ret );
+ return ret;
}
p += cert_len;
}
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/* Deserialize CRT digest from the end of the ticket. */
- if( 2 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (2 > (size_t) (end - p)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
session->peer_cert_digest_type = (mbedtls_md_type_t) *p++;
session->peer_cert_digest_len = (size_t) *p++;
- if( session->peer_cert_digest_len != 0 )
- {
+ if (session->peer_cert_digest_len != 0) {
const mbedtls_md_info_t *md_info =
- mbedtls_md_info_from_type( session->peer_cert_digest_type );
- if( md_info == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- if( session->peer_cert_digest_len != mbedtls_md_get_size( md_info ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ mbedtls_md_info_from_type(session->peer_cert_digest_type);
+ if (md_info == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
+ if (session->peer_cert_digest_len != mbedtls_md_get_size(md_info)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- if( session->peer_cert_digest_len > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (session->peer_cert_digest_len > (size_t) (end - p)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
session->peer_cert_digest =
- mbedtls_calloc( 1, session->peer_cert_digest_len );
- if( session->peer_cert_digest == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ mbedtls_calloc(1, session->peer_cert_digest_len);
+ if (session->peer_cert_digest == NULL) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
- memcpy( session->peer_cert_digest, p,
- session->peer_cert_digest_len );
+ memcpy(session->peer_cert_digest, p,
+ session->peer_cert_digest_len);
p += session->peer_cert_digest_len;
}
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -5791,32 +5671,35 @@
* Session ticket and associated data
*/
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- if( 3 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (3 > (size_t) (end - p)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- session->ticket_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
+ session->ticket_len = (p[0] << 16) | (p[1] << 8) | p[2];
p += 3;
- if( session->ticket_len != 0 )
- {
- if( session->ticket_len > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (session->ticket_len != 0) {
+ if (session->ticket_len > (size_t) (end - p)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- session->ticket = mbedtls_calloc( 1, session->ticket_len );
- if( session->ticket == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ session->ticket = mbedtls_calloc(1, session->ticket_len);
+ if (session->ticket == NULL) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
- memcpy( session->ticket, p, session->ticket_len );
+ memcpy(session->ticket, p, session->ticket_len);
p += session->ticket_len;
}
- if( 4 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (4 > (size_t) (end - p)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- session->ticket_lifetime = ( (uint32_t) p[0] << 24 ) |
- ( (uint32_t) p[1] << 16 ) |
- ( (uint32_t) p[2] << 8 ) |
- ( (uint32_t) p[3] );
+ session->ticket_lifetime = ((uint32_t) p[0] << 24) |
+ ((uint32_t) p[1] << 16) |
+ ((uint32_t) p[2] << 8) |
+ ((uint32_t) p[3]);
p += 4;
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
@@ -5824,106 +5707,114 @@
* Misc extension-related info
*/
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- if( 1 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (1 > (size_t) (end - p)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
session->mfl_code = *p++;
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- if( 1 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (1 > (size_t) (end - p)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
session->trunc_hmac = *p++;
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( 1 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (1 > (size_t) (end - p)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
session->encrypt_then_mac = *p++;
#endif
/* Done, should have consumed entire buffer */
- if( p != end )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (p != end) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- return( 0 );
+ return 0;
}
/*
* Deserialize session: public wrapper for error cleaning
*/
-int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
- const unsigned char *buf,
- size_t len )
+int mbedtls_ssl_session_load(mbedtls_ssl_session *session,
+ const unsigned char *buf,
+ size_t len)
{
- int ret = ssl_session_load( session, 0, buf, len );
+ int ret = ssl_session_load(session, 0, buf, len);
- if( ret != 0 )
- mbedtls_ssl_session_free( session );
+ if (ret != 0) {
+ mbedtls_ssl_session_free(session);
+ }
- return( ret );
+ return ret;
}
/*
* Perform a single step of the SSL handshake
*/
-int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
- if( ssl == NULL || ssl->conf == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl == NULL || ssl->conf == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
- ret = mbedtls_ssl_handshake_client_step( ssl );
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
+ ret = mbedtls_ssl_handshake_client_step(ssl);
+ }
#endif
#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
- ret = mbedtls_ssl_handshake_server_step( ssl );
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
+ ret = mbedtls_ssl_handshake_server_step(ssl);
+ }
#endif
- return( ret );
+ return ret;
}
/*
* Perform the SSL handshake
*/
-int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl)
{
int ret = 0;
/* Sanity checks */
- if( ssl == NULL || ssl->conf == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl == NULL || ssl->conf == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use "
- "mbedtls_ssl_set_timer_cb() for DTLS" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ (ssl->f_set_timer == NULL || ssl->f_get_timer == NULL)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("You must use "
+ "mbedtls_ssl_set_timer_cb() for DTLS"));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> handshake"));
/* Main handshake loop */
- while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
- {
- ret = mbedtls_ssl_handshake_step( ssl );
+ while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
+ ret = mbedtls_ssl_handshake_step(ssl);
- if( ret != 0 )
+ if (ret != 0) {
break;
+ }
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= handshake" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= handshake"));
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -5932,25 +5823,24 @@
* Write HelloRequest to request renegotiation on server
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_hello_request( mbedtls_ssl_context *ssl )
+static int ssl_write_hello_request(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello request" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write hello request"));
ssl->out_msglen = 4;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST;
- if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+ return ret;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= write hello request"));
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_SRV_C */
@@ -5963,67 +5853,69 @@
* If the handshake doesn't complete due to waiting for I/O, it will continue
* during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively.
*/
-int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> renegotiate"));
- if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
- return( ret );
+ if ((ret = ssl_handshake_init(ssl)) != 0) {
+ return ret;
+ }
/* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and
* the ServerHello will have message_seq = 1" */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
- {
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) {
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
ssl->handshake->out_msg_seq = 1;
- else
+ } else {
ssl->handshake->in_msg_seq = 1;
+ }
}
#endif
ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS;
- if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
- return( ret );
+ if ((ret = mbedtls_ssl_handshake(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret);
+ return ret;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= renegotiate"));
- return( 0 );
+ return 0;
}
/*
* Renegotiate current connection on client,
* or request renegotiation on server
*/
-int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
- if( ssl == NULL || ssl->conf == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl == NULL || ssl->conf == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_SSL_SRV_C)
/* On server, just send the request */
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
- {
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
+ if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
/* Did we already try/start sending HelloRequest? */
- if( ssl->out_left != 0 )
- return( mbedtls_ssl_flush_output( ssl ) );
+ if (ssl->out_left != 0) {
+ return mbedtls_ssl_flush_output(ssl);
+ }
- return( ssl_write_hello_request( ssl ) );
+ return ssl_write_hello_request(ssl);
}
#endif /* MBEDTLS_SSL_SRV_C */
@@ -6032,92 +5924,87 @@
* On client, either start the renegotiation process or,
* if already in progress, continue the handshake
*/
- if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
- {
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- if( ( ret = mbedtls_ssl_start_renegotiation( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_start_renegotiation", ret );
- return( ret );
+ if (ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
+ if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- }
- else
- {
- if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
- return( ret );
+
+ if ((ret = mbedtls_ssl_start_renegotiation(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_start_renegotiation", ret);
+ return ret;
+ }
+ } else {
+ if ((ret = mbedtls_ssl_handshake(ssl)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret);
+ return ret;
}
}
#endif /* MBEDTLS_SSL_CLI_C */
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert )
+static void ssl_key_cert_free(mbedtls_ssl_key_cert *key_cert)
{
mbedtls_ssl_key_cert *cur = key_cert, *next;
- while( cur != NULL )
- {
+ while (cur != NULL) {
next = cur->next;
- mbedtls_free( cur );
+ mbedtls_free(cur);
cur = next;
}
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
- if( handshake == NULL )
+ if (handshake == NULL) {
return;
+ }
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 )
- {
- ssl->conf->f_async_cancel( ssl );
+ if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) {
+ ssl->conf->f_async_cancel(ssl);
handshake->async_in_progress = 0;
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
- mbedtls_md5_free( &handshake->fin_md5 );
- mbedtls_sha1_free( &handshake->fin_sha1 );
+ mbedtls_md5_free(&handshake->fin_md5);
+ mbedtls_sha1_free(&handshake->fin_sha1);
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_abort( &handshake->fin_sha256_psa );
+ psa_hash_abort(&handshake->fin_sha256_psa);
#else
- mbedtls_sha256_free( &handshake->fin_sha256 );
+ mbedtls_sha256_free(&handshake->fin_sha256);
#endif
#endif
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_abort( &handshake->fin_sha384_psa );
+ psa_hash_abort(&handshake->fin_sha384_psa);
#else
- mbedtls_sha512_free( &handshake->fin_sha512 );
+ mbedtls_sha512_free(&handshake->fin_sha512);
#endif
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_DHM_C)
- mbedtls_dhm_free( &handshake->dhm_ctx );
+ mbedtls_dhm_free(&handshake->dhm_ctx);
#endif
#if defined(MBEDTLS_ECDH_C)
- mbedtls_ecdh_free( &handshake->ecdh_ctx );
+ mbedtls_ecdh_free(&handshake->ecdh_ctx);
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- mbedtls_ecjpake_free( &handshake->ecjpake_ctx );
+ mbedtls_ecjpake_free(&handshake->ecjpake_ctx);
#if defined(MBEDTLS_SSL_CLI_C)
- mbedtls_free( handshake->ecjpake_cache );
+ mbedtls_free(handshake->ecjpake_cache);
handshake->ecjpake_cache = NULL;
handshake->ecjpake_cache_len = 0;
#endif
@@ -6126,14 +6013,13 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/* explicit void pointer cast for buggy MS compiler */
- mbedtls_free( (void *) handshake->curves );
+ mbedtls_free((void *) handshake->curves);
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( handshake->psk != NULL )
- {
- mbedtls_platform_zeroize( handshake->psk, handshake->psk_len );
- mbedtls_free( handshake->psk );
+ if (handshake->psk != NULL) {
+ mbedtls_platform_zeroize(handshake->psk, handshake->psk_len);
+ mbedtls_free(handshake->psk);
}
#endif
@@ -6143,71 +6029,69 @@
* Free only the linked list wrapper, not the keys themselves
* since the belong to the SNI callback
*/
- if( handshake->sni_key_cert != NULL )
- {
+ if (handshake->sni_key_cert != NULL) {
mbedtls_ssl_key_cert *cur = handshake->sni_key_cert, *next;
- while( cur != NULL )
- {
+ while (cur != NULL) {
next = cur->next;
- mbedtls_free( cur );
+ mbedtls_free(cur);
cur = next;
}
}
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- mbedtls_x509_crt_restart_free( &handshake->ecrs_ctx );
- if( handshake->ecrs_peer_cert != NULL )
- {
- mbedtls_x509_crt_free( handshake->ecrs_peer_cert );
- mbedtls_free( handshake->ecrs_peer_cert );
+ mbedtls_x509_crt_restart_free(&handshake->ecrs_ctx);
+ if (handshake->ecrs_peer_cert != NULL) {
+ mbedtls_x509_crt_free(handshake->ecrs_peer_cert);
+ mbedtls_free(handshake->ecrs_peer_cert);
}
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- mbedtls_pk_free( &handshake->peer_pubkey );
+ mbedtls_pk_free(&handshake->peer_pubkey);
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- mbedtls_free( handshake->verify_cookie );
- mbedtls_ssl_flight_free( handshake->flight );
- mbedtls_ssl_buffering_free( ssl );
+ mbedtls_free(handshake->verify_cookie);
+ mbedtls_ssl_flight_free(handshake->flight);
+ mbedtls_ssl_buffering_free(ssl);
#endif
#if defined(MBEDTLS_ECDH_C) && \
defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_destroy_key( handshake->ecdh_psa_privkey );
+ psa_destroy_key(handshake->ecdh_psa_privkey);
#endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */
- mbedtls_platform_zeroize( handshake,
- sizeof( mbedtls_ssl_handshake_params ) );
+ mbedtls_platform_zeroize(handshake,
+ sizeof(mbedtls_ssl_handshake_params));
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
/* If the buffers are too big - reallocate. Because of the way Mbed TLS
* processes datagrams and the fact that a datagram is allowed to have
* several records in it, it is possible that the I/O buffers are not
* empty at this stage */
- handle_buffer_resizing( ssl, 1, mbedtls_ssl_get_input_buflen( ssl ),
- mbedtls_ssl_get_output_buflen( ssl ) );
+ handle_buffer_resizing(ssl, 1, mbedtls_ssl_get_input_buflen(ssl),
+ mbedtls_ssl_get_output_buflen(ssl));
#endif
}
-void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
+void mbedtls_ssl_session_free(mbedtls_ssl_session *session)
{
- if( session == NULL )
+ if (session == NULL) {
return;
+ }
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- ssl_clear_peer_cert( session );
+ ssl_clear_peer_cert(session);
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- mbedtls_free( session->ticket );
+ mbedtls_free(session->ticket);
#endif
- mbedtls_platform_zeroize( session, sizeof( mbedtls_ssl_session ) );
+ mbedtls_platform_zeroize(session, sizeof(mbedtls_ssl_session));
}
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
@@ -6242,22 +6126,25 @@
#define SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT 3
#define SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG \
- ( (uint32_t) ( \
- ( SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID << SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT ) | \
- ( SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT << SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT ) | \
- ( SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY << SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT ) | \
- ( SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT ) | \
- 0u ) )
+ ((uint32_t) ( \
+ (SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID << \
+ SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT) | \
+ (SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT << \
+ SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT) | \
+ (SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY << \
+ SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT) | \
+ (SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT) | \
+ 0u))
static unsigned char ssl_serialized_context_header[] = {
MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR,
MBEDTLS_VERSION_PATCH,
- MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
- MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
- MBEDTLS_BYTE_2( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
- MBEDTLS_BYTE_1( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
- MBEDTLS_BYTE_0( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
+ MBEDTLS_BYTE_1(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG),
+ MBEDTLS_BYTE_0(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG),
+ MBEDTLS_BYTE_2(SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG),
+ MBEDTLS_BYTE_1(SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG),
+ MBEDTLS_BYTE_0(SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG),
};
/*
@@ -6298,10 +6185,10 @@
* 4. value was temporary (eg content of input buffer)
* 5. value will be provided by the user again (eg I/O callbacks and context)
*/
-int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t buf_len,
- size_t *olen )
+int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t buf_len,
+ size_t *olen)
{
unsigned char *p = buf;
size_t used = 0;
@@ -6317,94 +6204,84 @@
* (only DTLS) but are currently used to simplify the implementation.
*/
/* The initial handshake must be over */
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Initial handshake isn't over" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Initial handshake isn't over"));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- if( ssl->handshake != NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Handshake isn't completed" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->handshake != NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Handshake isn't completed"));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
/* Double-check that sub-structures are indeed ready */
- if( ssl->transform == NULL || ssl->session == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Serialised structures aren't ready" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->transform == NULL || ssl->session == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Serialised structures aren't ready"));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
/* There must be no pending incoming or outgoing data */
- if( mbedtls_ssl_check_pending( ssl ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending incoming data" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (mbedtls_ssl_check_pending(ssl) != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("There is pending incoming data"));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- if( ssl->out_left != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending outgoing data" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->out_left != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("There is pending outgoing data"));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
/* Protocol must be DTLS, not TLS */
- if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only DTLS is supported" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Only DTLS is supported"));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
/* Version must be 1.2 */
- if( ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Only version 1.2 supported"));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Only version 1.2 supported"));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
/* We must be using an AEAD ciphersuite */
- if( mbedtls_ssl_transform_uses_aead( ssl->transform ) != 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only AEAD ciphersuites supported" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (mbedtls_ssl_transform_uses_aead(ssl->transform) != 1) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Only AEAD ciphersuites supported"));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
/* Renegotiation must not be enabled */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Renegotiation must not be enabled" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Renegotiation must not be enabled"));
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
#endif
/*
* Version and format identifier
*/
- used += sizeof( ssl_serialized_context_header );
+ used += sizeof(ssl_serialized_context_header);
- if( used <= buf_len )
- {
- memcpy( p, ssl_serialized_context_header,
- sizeof( ssl_serialized_context_header ) );
- p += sizeof( ssl_serialized_context_header );
+ if (used <= buf_len) {
+ memcpy(p, ssl_serialized_context_header,
+ sizeof(ssl_serialized_context_header));
+ p += sizeof(ssl_serialized_context_header);
}
/*
* Session (length + data)
*/
- ret = ssl_session_save( ssl->session, 1, NULL, 0, &session_len );
- if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
- return( ret );
+ ret = ssl_session_save(ssl->session, 1, NULL, 0, &session_len);
+ if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
+ return ret;
+ }
used += 4 + session_len;
- if( used <= buf_len )
- {
- MBEDTLS_PUT_UINT32_BE( session_len, p, 0 );
+ if (used <= buf_len) {
+ MBEDTLS_PUT_UINT32_BE(session_len, p, 0);
p += 4;
- ret = ssl_session_save( ssl->session, 1,
- p, session_len, &session_len );
- if( ret != 0 )
- return( ret );
+ ret = ssl_session_save(ssl->session, 1,
+ p, session_len, &session_len);
+ if (ret != 0) {
+ return ret;
+ }
p += session_len;
}
@@ -6412,24 +6289,22 @@
/*
* Transform
*/
- used += sizeof( ssl->transform->randbytes );
- if( used <= buf_len )
- {
- memcpy( p, ssl->transform->randbytes,
- sizeof( ssl->transform->randbytes ) );
- p += sizeof( ssl->transform->randbytes );
+ used += sizeof(ssl->transform->randbytes);
+ if (used <= buf_len) {
+ memcpy(p, ssl->transform->randbytes,
+ sizeof(ssl->transform->randbytes));
+ p += sizeof(ssl->transform->randbytes);
}
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
used += 2 + ssl->transform->in_cid_len + ssl->transform->out_cid_len;
- if( used <= buf_len )
- {
+ if (used <= buf_len) {
*p++ = ssl->transform->in_cid_len;
- memcpy( p, ssl->transform->in_cid, ssl->transform->in_cid_len );
+ memcpy(p, ssl->transform->in_cid, ssl->transform->in_cid_len);
p += ssl->transform->in_cid_len;
*p++ = ssl->transform->out_cid_len;
- memcpy( p, ssl->transform->out_cid, ssl->transform->out_cid_len );
+ memcpy(p, ssl->transform->out_cid, ssl->transform->out_cid_len);
p += ssl->transform->out_cid_len;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -6439,45 +6314,40 @@
*/
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
used += 4;
- if( used <= buf_len )
- {
- MBEDTLS_PUT_UINT32_BE( ssl->badmac_seen, p, 0 );
+ if (used <= buf_len) {
+ MBEDTLS_PUT_UINT32_BE(ssl->badmac_seen, p, 0);
p += 4;
}
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
used += 16;
- if( used <= buf_len )
- {
- MBEDTLS_PUT_UINT64_BE( ssl->in_window_top, p, 0 );
+ if (used <= buf_len) {
+ MBEDTLS_PUT_UINT64_BE(ssl->in_window_top, p, 0);
p += 8;
- MBEDTLS_PUT_UINT64_BE( ssl->in_window, p, 0 );
+ MBEDTLS_PUT_UINT64_BE(ssl->in_window, p, 0);
p += 8;
}
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
used += 1;
- if( used <= buf_len )
- {
+ if (used <= buf_len) {
*p++ = ssl->disable_datagram_packing;
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
used += 8;
- if( used <= buf_len )
- {
- memcpy( p, ssl->cur_out_ctr, 8 );
+ if (used <= buf_len) {
+ memcpy(p, ssl->cur_out_ctr, 8);
p += 8;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
used += 2;
- if( used <= buf_len )
- {
- MBEDTLS_PUT_UINT16_BE( ssl->mtu, p, 0 );
+ if (used <= buf_len) {
+ MBEDTLS_PUT_UINT16_BE(ssl->mtu, p, 0);
p += 2;
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
@@ -6485,17 +6355,15 @@
#if defined(MBEDTLS_SSL_ALPN)
{
const uint8_t alpn_len = ssl->alpn_chosen
- ? (uint8_t) strlen( ssl->alpn_chosen )
+ ? (uint8_t) strlen(ssl->alpn_chosen)
: 0;
used += 1 + alpn_len;
- if( used <= buf_len )
- {
+ if (used <= buf_len) {
*p++ = alpn_len;
- if( ssl->alpn_chosen != NULL )
- {
- memcpy( p, ssl->alpn_chosen, alpn_len );
+ if (ssl->alpn_chosen != NULL) {
+ memcpy(p, ssl->alpn_chosen, alpn_len);
p += alpn_len;
}
}
@@ -6507,12 +6375,13 @@
*/
*olen = used;
- if( used > buf_len )
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ if (used > buf_len) {
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
+ }
- MBEDTLS_SSL_DEBUG_BUF( 4, "saved context", buf, used );
+ MBEDTLS_SSL_DEBUG_BUF(4, "saved context", buf, used);
- return( mbedtls_ssl_session_reset_int( ssl, 0 ) );
+ return mbedtls_ssl_session_reset_int(ssl, 0);
}
/*
@@ -6521,34 +6390,36 @@
*/
#if defined(MBEDTLS_SHA256_C) || \
(defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384))
-typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen );
-static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
+typedef int (*tls_prf_fn)(const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen);
+static tls_prf_fn ssl_tls12prf_from_cs(int ciphersuite_id)
{
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
- mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
+ mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
- if( ciphersuite_info == NULL )
- return( NULL );
+ if (ciphersuite_info == NULL) {
+ return NULL;
+ }
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
- if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
- return( tls_prf_sha384 );
- else
+ if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
+ return tls_prf_sha384;
+ } else
#endif
#if defined(MBEDTLS_SHA256_C)
{
- if( ciphersuite_info->mac == MBEDTLS_MD_SHA256 )
- return( tls_prf_sha256 );
+ if (ciphersuite_info->mac == MBEDTLS_MD_SHA256) {
+ return tls_prf_sha256;
+ }
}
#endif
#if !defined(MBEDTLS_SHA256_C) && \
(!defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA512_NO_SHA384))
(void) ciphersuite_info;
#endif
- return( NULL );
+ return NULL;
}
#endif /* MBEDTLS_SHA256_C ||
@@ -6561,9 +6432,9 @@
* case of error.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_context_load( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_context_load(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len)
{
const unsigned char *p = buf;
const unsigned char * const end = buf + len;
@@ -6577,17 +6448,16 @@
* (Checking session is useful because it won't be NULL if we're
* renegotiating, or if the user mistakenly loaded a session first.)
*/
- if( ssl->state != MBEDTLS_SSL_HELLO_REQUEST ||
- ssl->session != NULL )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (ssl->state != MBEDTLS_SSL_HELLO_REQUEST ||
+ ssl->session != NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
/*
* We can't check that the config matches the initial one, but we can at
* least check it matches the requirements for serializing.
*/
- if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
+ if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
ssl->conf->max_major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
ssl->conf->min_major_ver > MBEDTLS_SSL_MAJOR_VERSION_3 ||
ssl->conf->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ||
@@ -6595,36 +6465,36 @@
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
#endif
- 0 )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ 0) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- MBEDTLS_SSL_DEBUG_BUF( 4, "context to load", buf, len );
+ MBEDTLS_SSL_DEBUG_BUF(4, "context to load", buf, len);
/*
* Check version identifier
*/
- if( (size_t)( end - p ) < sizeof( ssl_serialized_context_header ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- if( memcmp( p, ssl_serialized_context_header,
- sizeof( ssl_serialized_context_header ) ) != 0 )
- {
- return( MBEDTLS_ERR_SSL_VERSION_MISMATCH );
+ if ((size_t) (end - p) < sizeof(ssl_serialized_context_header)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- p += sizeof( ssl_serialized_context_header );
+
+ if (memcmp(p, ssl_serialized_context_header,
+ sizeof(ssl_serialized_context_header)) != 0) {
+ return MBEDTLS_ERR_SSL_VERSION_MISMATCH;
+ }
+ p += sizeof(ssl_serialized_context_header);
/*
* Session
*/
- if( (size_t)( end - p ) < 4 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if ((size_t) (end - p) < 4) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- session_len = ( (size_t) p[0] << 24 ) |
- ( (size_t) p[1] << 16 ) |
- ( (size_t) p[2] << 8 ) |
- ( (size_t) p[3] );
+ session_len = ((size_t) p[0] << 24) |
+ ((size_t) p[1] << 16) |
+ ((size_t) p[2] << 8) |
+ ((size_t) p[3]);
p += 4;
/* This has been allocated by ssl_handshake_init(), called by
@@ -6634,14 +6504,14 @@
ssl->session_out = ssl->session;
ssl->session_negotiate = NULL;
- if( (size_t)( end - p ) < session_len )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if ((size_t) (end - p) < session_len) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- ret = ssl_session_load( ssl->session, 1, p, session_len );
- if( ret != 0 )
- {
- mbedtls_ssl_session_free( ssl->session );
- return( ret );
+ ret = ssl_session_load(ssl->session, 1, p, session_len);
+ if (ret != 0) {
+ mbedtls_ssl_session_free(ssl->session);
+ return ret;
}
p += session_len;
@@ -6657,57 +6527,63 @@
ssl->transform_out = ssl->transform;
ssl->transform_negotiate = NULL;
- prf_func = ssl_tls12prf_from_cs( ssl->session->ciphersuite );
- if( prf_func == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ prf_func = ssl_tls12prf_from_cs(ssl->session->ciphersuite);
+ if (prf_func == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
/* Read random bytes and populate structure */
- if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if ((size_t) (end - p) < sizeof(ssl->transform->randbytes)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- ret = ssl_populate_transform( ssl->transform,
- ssl->session->ciphersuite,
- ssl->session->master,
+ ret = ssl_populate_transform(ssl->transform,
+ ssl->session->ciphersuite,
+ ssl->session->master,
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- ssl->session->encrypt_then_mac,
+ ssl->session->encrypt_then_mac,
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- ssl->session->trunc_hmac,
+ ssl->session->trunc_hmac,
#endif
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_ZLIB_SUPPORT)
- ssl->session->compression,
+ ssl->session->compression,
#endif
- prf_func,
- p, /* currently pointing to randbytes */
- MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */
- ssl->conf->endpoint,
- ssl );
- if( ret != 0 )
- return( ret );
+ prf_func,
+ p, /* currently pointing to randbytes */
+ MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */
+ ssl->conf->endpoint,
+ ssl);
+ if (ret != 0) {
+ return ret;
+ }
- p += sizeof( ssl->transform->randbytes );
+ p += sizeof(ssl->transform->randbytes);
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* Read connection IDs and store them */
- if( (size_t)( end - p ) < 1 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if ((size_t) (end - p) < 1) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
ssl->transform->in_cid_len = *p++;
- if( (size_t)( end - p ) < ssl->transform->in_cid_len + 1u )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if ((size_t) (end - p) < ssl->transform->in_cid_len + 1u) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- memcpy( ssl->transform->in_cid, p, ssl->transform->in_cid_len );
+ memcpy(ssl->transform->in_cid, p, ssl->transform->in_cid_len);
p += ssl->transform->in_cid_len;
ssl->transform->out_cid_len = *p++;
- if( (size_t)( end - p ) < ssl->transform->out_cid_len )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if ((size_t) (end - p) < ssl->transform->out_cid_len) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- memcpy( ssl->transform->out_cid, p, ssl->transform->out_cid_len );
+ memcpy(ssl->transform->out_cid, p, ssl->transform->out_cid_len);
p += ssl->transform->out_cid_len;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -6715,59 +6591,64 @@
* Saved fields from top-level ssl_context structure
*/
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
- if( (size_t)( end - p ) < 4 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if ((size_t) (end - p) < 4) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- ssl->badmac_seen = ( (uint32_t) p[0] << 24 ) |
- ( (uint32_t) p[1] << 16 ) |
- ( (uint32_t) p[2] << 8 ) |
- ( (uint32_t) p[3] );
+ ssl->badmac_seen = ((uint32_t) p[0] << 24) |
+ ((uint32_t) p[1] << 16) |
+ ((uint32_t) p[2] << 8) |
+ ((uint32_t) p[3]);
p += 4;
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- if( (size_t)( end - p ) < 16 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if ((size_t) (end - p) < 16) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- ssl->in_window_top = ( (uint64_t) p[0] << 56 ) |
- ( (uint64_t) p[1] << 48 ) |
- ( (uint64_t) p[2] << 40 ) |
- ( (uint64_t) p[3] << 32 ) |
- ( (uint64_t) p[4] << 24 ) |
- ( (uint64_t) p[5] << 16 ) |
- ( (uint64_t) p[6] << 8 ) |
- ( (uint64_t) p[7] );
+ ssl->in_window_top = ((uint64_t) p[0] << 56) |
+ ((uint64_t) p[1] << 48) |
+ ((uint64_t) p[2] << 40) |
+ ((uint64_t) p[3] << 32) |
+ ((uint64_t) p[4] << 24) |
+ ((uint64_t) p[5] << 16) |
+ ((uint64_t) p[6] << 8) |
+ ((uint64_t) p[7]);
p += 8;
- ssl->in_window = ( (uint64_t) p[0] << 56 ) |
- ( (uint64_t) p[1] << 48 ) |
- ( (uint64_t) p[2] << 40 ) |
- ( (uint64_t) p[3] << 32 ) |
- ( (uint64_t) p[4] << 24 ) |
- ( (uint64_t) p[5] << 16 ) |
- ( (uint64_t) p[6] << 8 ) |
- ( (uint64_t) p[7] );
+ ssl->in_window = ((uint64_t) p[0] << 56) |
+ ((uint64_t) p[1] << 48) |
+ ((uint64_t) p[2] << 40) |
+ ((uint64_t) p[3] << 32) |
+ ((uint64_t) p[4] << 24) |
+ ((uint64_t) p[5] << 16) |
+ ((uint64_t) p[6] << 8) |
+ ((uint64_t) p[7]);
p += 8;
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( (size_t)( end - p ) < 1 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if ((size_t) (end - p) < 1) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
ssl->disable_datagram_packing = *p++;
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- if( (size_t)( end - p ) < 8 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if ((size_t) (end - p) < 8) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- memcpy( ssl->cur_out_ctr, p, 8 );
+ memcpy(ssl->cur_out_ctr, p, 8);
p += 8;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( (size_t)( end - p ) < 2 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if ((size_t) (end - p) < 2) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- ssl->mtu = ( p[0] << 8 ) | p[1];
+ ssl->mtu = (p[0] << 8) | p[1];
p += 2;
#endif /* MBEDTLS_SSL_PROTO_DTLS */
@@ -6776,19 +6657,17 @@
uint8_t alpn_len;
const char **cur;
- if( (size_t)( end - p ) < 1 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if ((size_t) (end - p) < 1) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
alpn_len = *p++;
- if( alpn_len != 0 && ssl->conf->alpn_list != NULL )
- {
+ if (alpn_len != 0 && ssl->conf->alpn_list != NULL) {
/* alpn_chosen should point to an item in the configured list */
- for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
- {
- if( strlen( *cur ) == alpn_len &&
- memcmp( p, cur, alpn_len ) == 0 )
- {
+ for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
+ if (strlen(*cur) == alpn_len &&
+ memcmp(p, cur, alpn_len) == 0) {
ssl->alpn_chosen = *cur;
break;
}
@@ -6796,8 +6675,9 @@
}
/* can only happen on conf mismatch */
- if( alpn_len != 0 && ssl->alpn_chosen == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (alpn_len != 0 && ssl->alpn_chosen == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
p += alpn_len;
}
@@ -6816,7 +6696,7 @@
/* Adjust pointers for header fields of outgoing records to
* the given transform, accounting for explicit IV and CID. */
- mbedtls_ssl_update_out_pointers( ssl, ssl->transform );
+ mbedtls_ssl_update_out_pointers(ssl, ssl->transform);
#if defined(MBEDTLS_SSL_PROTO_DTLS)
ssl->in_epoch = 1;
@@ -6826,137 +6706,131 @@
* which we don't want - otherwise we'd end up freeing the wrong transform
* by calling mbedtls_ssl_handshake_wrapup_free_hs_transform()
* inappropriately. */
- if( ssl->handshake != NULL )
- {
- mbedtls_ssl_handshake_free( ssl );
- mbedtls_free( ssl->handshake );
+ if (ssl->handshake != NULL) {
+ mbedtls_ssl_handshake_free(ssl);
+ mbedtls_free(ssl->handshake);
ssl->handshake = NULL;
}
/*
* Done - should have consumed entire buffer
*/
- if( p != end )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (p != end) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- return( 0 );
+ return 0;
}
/*
* Deserialize context: public wrapper for error cleaning
*/
-int mbedtls_ssl_context_load( mbedtls_ssl_context *context,
- const unsigned char *buf,
- size_t len )
+int mbedtls_ssl_context_load(mbedtls_ssl_context *context,
+ const unsigned char *buf,
+ size_t len)
{
- int ret = ssl_context_load( context, buf, len );
+ int ret = ssl_context_load(context, buf, len);
- if( ret != 0 )
- mbedtls_ssl_free( context );
+ if (ret != 0) {
+ mbedtls_ssl_free(context);
+ }
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
/*
* Free an SSL context
*/
-void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_free(mbedtls_ssl_context *ssl)
{
- if( ssl == NULL )
+ if (ssl == NULL) {
return;
+ }
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> free" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> free"));
- if( ssl->out_buf != NULL )
- {
+ if (ssl->out_buf != NULL) {
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
size_t out_buf_len = ssl->out_buf_len;
#else
size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
#endif
- mbedtls_platform_zeroize( ssl->out_buf, out_buf_len );
- mbedtls_free( ssl->out_buf );
+ mbedtls_platform_zeroize(ssl->out_buf, out_buf_len);
+ mbedtls_free(ssl->out_buf);
ssl->out_buf = NULL;
}
- if( ssl->in_buf != NULL )
- {
+ if (ssl->in_buf != NULL) {
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
size_t in_buf_len = ssl->in_buf_len;
#else
size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
#endif
- mbedtls_platform_zeroize( ssl->in_buf, in_buf_len );
- mbedtls_free( ssl->in_buf );
+ mbedtls_platform_zeroize(ssl->in_buf, in_buf_len);
+ mbedtls_free(ssl->in_buf);
ssl->in_buf = NULL;
}
#if defined(MBEDTLS_ZLIB_SUPPORT)
- if( ssl->compress_buf != NULL )
- {
- mbedtls_platform_zeroize( ssl->compress_buf, MBEDTLS_SSL_COMPRESS_BUFFER_LEN );
- mbedtls_free( ssl->compress_buf );
+ if (ssl->compress_buf != NULL) {
+ mbedtls_platform_zeroize(ssl->compress_buf, MBEDTLS_SSL_COMPRESS_BUFFER_LEN);
+ mbedtls_free(ssl->compress_buf);
}
#endif
- if( ssl->transform )
- {
- mbedtls_ssl_transform_free( ssl->transform );
- mbedtls_free( ssl->transform );
+ if (ssl->transform) {
+ mbedtls_ssl_transform_free(ssl->transform);
+ mbedtls_free(ssl->transform);
}
- if( ssl->handshake )
- {
- mbedtls_ssl_handshake_free( ssl );
- mbedtls_ssl_transform_free( ssl->transform_negotiate );
- mbedtls_ssl_session_free( ssl->session_negotiate );
+ if (ssl->handshake) {
+ mbedtls_ssl_handshake_free(ssl);
+ mbedtls_ssl_transform_free(ssl->transform_negotiate);
+ mbedtls_ssl_session_free(ssl->session_negotiate);
- mbedtls_free( ssl->handshake );
- mbedtls_free( ssl->transform_negotiate );
- mbedtls_free( ssl->session_negotiate );
+ mbedtls_free(ssl->handshake);
+ mbedtls_free(ssl->transform_negotiate);
+ mbedtls_free(ssl->session_negotiate);
}
- if( ssl->session )
- {
- mbedtls_ssl_session_free( ssl->session );
- mbedtls_free( ssl->session );
+ if (ssl->session) {
+ mbedtls_ssl_session_free(ssl->session);
+ mbedtls_free(ssl->session);
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- if( ssl->hostname != NULL )
- {
- mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
- mbedtls_free( ssl->hostname );
+ if (ssl->hostname != NULL) {
+ mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname));
+ mbedtls_free(ssl->hostname);
}
#endif
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
- if( mbedtls_ssl_hw_record_finish != NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_finish()" ) );
- mbedtls_ssl_hw_record_finish( ssl );
+ if (mbedtls_ssl_hw_record_finish != NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("going for mbedtls_ssl_hw_record_finish()"));
+ mbedtls_ssl_hw_record_finish(ssl);
}
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
- mbedtls_free( ssl->cli_id );
+ mbedtls_free(ssl->cli_id);
#endif
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) );
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= free"));
/* Actually clear after last debug message */
- mbedtls_platform_zeroize( ssl, sizeof( mbedtls_ssl_context ) );
+ mbedtls_platform_zeroize(ssl, sizeof(mbedtls_ssl_context));
}
/*
* Initialize mbedtls_ssl_config
*/
-void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
+void mbedtls_ssl_config_init(mbedtls_ssl_config *conf)
{
- memset( conf, 0, sizeof( mbedtls_ssl_config ) );
+ memset(conf, 0, sizeof(mbedtls_ssl_config));
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@@ -7007,8 +6881,8 @@
/*
* Load default in mbedtls_ssl_config
*/
-int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
- int endpoint, int transport, int preset )
+int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
+ int endpoint, int transport, int preset)
{
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -7016,15 +6890,14 @@
/* Use the functions here so that they are covered in tests,
* but otherwise access member directly for efficiency */
- mbedtls_ssl_conf_endpoint( conf, endpoint );
- mbedtls_ssl_conf_transport( conf, transport );
+ mbedtls_ssl_conf_endpoint(conf, endpoint);
+ mbedtls_ssl_conf_transport(conf, transport);
/*
* Things that are common to all presets
*/
#if defined(MBEDTLS_SSL_CLI_C)
- if( endpoint == MBEDTLS_SSL_IS_CLIENT )
- {
+ if (endpoint == MBEDTLS_SSL_IS_CLIENT) {
conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED;
@@ -7068,32 +6941,29 @@
#if defined(MBEDTLS_SSL_RENEGOTIATION)
conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT;
- memset( conf->renego_period, 0x00, 2 );
- memset( conf->renego_period + 2, 0xFF, 6 );
+ memset(conf->renego_period, 0x00, 2);
+ memset(conf->renego_period + 2, 0xFF, 6);
#endif
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
- if( endpoint == MBEDTLS_SSL_IS_SERVER )
- {
- const unsigned char dhm_p[] =
- MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
- const unsigned char dhm_g[] =
- MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN;
+ if (endpoint == MBEDTLS_SSL_IS_SERVER) {
+ const unsigned char dhm_p[] =
+ MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
+ const unsigned char dhm_g[] =
+ MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN;
- if ( ( ret = mbedtls_ssl_conf_dh_param_bin( conf,
- dhm_p, sizeof( dhm_p ),
- dhm_g, sizeof( dhm_g ) ) ) != 0 )
- {
- return( ret );
- }
- }
+ if ((ret = mbedtls_ssl_conf_dh_param_bin(conf,
+ dhm_p, sizeof(dhm_p),
+ dhm_g, sizeof(dhm_g))) != 0) {
+ return ret;
+ }
+ }
#endif
/*
* Preset-specific defaults
*/
- switch( preset )
- {
+ switch (preset) {
/*
* NSA Suite B
*/
@@ -7104,10 +6974,10 @@
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =
- conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
- conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =
- conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] =
- ssl_preset_suiteb_ciphersuites;
+ conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
+ conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =
+ conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] =
+ ssl_preset_suiteb_ciphersuites;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
@@ -7126,27 +6996,28 @@
* Default
*/
default:
- conf->min_major_ver = ( MBEDTLS_SSL_MIN_MAJOR_VERSION >
- MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION ) ?
- MBEDTLS_SSL_MIN_MAJOR_VERSION :
- MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION;
- conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION >
- MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ?
- MBEDTLS_SSL_MIN_MINOR_VERSION :
- MBEDTLS_SSL_MIN_VALID_MINOR_VERSION;
+ conf->min_major_ver = (MBEDTLS_SSL_MIN_MAJOR_VERSION >
+ MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION) ?
+ MBEDTLS_SSL_MIN_MAJOR_VERSION :
+ MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION;
+ conf->min_minor_ver = (MBEDTLS_SSL_MIN_MINOR_VERSION >
+ MBEDTLS_SSL_MIN_VALID_MINOR_VERSION) ?
+ MBEDTLS_SSL_MIN_MINOR_VERSION :
+ MBEDTLS_SSL_MIN_VALID_MINOR_VERSION;
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
+ }
#endif
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =
- conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
- conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =
- conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] =
- mbedtls_ssl_list_ciphersuites();
+ conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
+ conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =
+ conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] =
+ mbedtls_ssl_list_ciphersuites();
#if defined(MBEDTLS_X509_CRT_PARSE_C)
conf->cert_profile = &mbedtls_x509_crt_profile_default;
@@ -7165,89 +7036,88 @@
#endif
}
- return( 0 );
+ return 0;
}
/*
* Free mbedtls_ssl_config
*/
-void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
+void mbedtls_ssl_config_free(mbedtls_ssl_config *conf)
{
#if defined(MBEDTLS_DHM_C)
- mbedtls_mpi_free( &conf->dhm_P );
- mbedtls_mpi_free( &conf->dhm_G );
+ mbedtls_mpi_free(&conf->dhm_P);
+ mbedtls_mpi_free(&conf->dhm_G);
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( conf->psk != NULL )
- {
- mbedtls_platform_zeroize( conf->psk, conf->psk_len );
- mbedtls_free( conf->psk );
+ if (conf->psk != NULL) {
+ mbedtls_platform_zeroize(conf->psk, conf->psk_len);
+ mbedtls_free(conf->psk);
conf->psk = NULL;
conf->psk_len = 0;
}
- if( conf->psk_identity != NULL )
- {
- mbedtls_platform_zeroize( conf->psk_identity, conf->psk_identity_len );
- mbedtls_free( conf->psk_identity );
+ if (conf->psk_identity != NULL) {
+ mbedtls_platform_zeroize(conf->psk_identity, conf->psk_identity_len);
+ mbedtls_free(conf->psk_identity);
conf->psk_identity = NULL;
conf->psk_identity_len = 0;
}
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- ssl_key_cert_free( conf->key_cert );
+ ssl_key_cert_free(conf->key_cert);
#endif
- mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) );
+ mbedtls_platform_zeroize(conf, sizeof(mbedtls_ssl_config));
}
#if defined(MBEDTLS_PK_C) && \
- ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) )
+ (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C))
/*
* Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
*/
-unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk )
+unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
{
#if defined(MBEDTLS_RSA_C)
- if( mbedtls_pk_can_do( pk, MBEDTLS_PK_RSA ) )
- return( MBEDTLS_SSL_SIG_RSA );
+ if (mbedtls_pk_can_do(pk, MBEDTLS_PK_RSA)) {
+ return MBEDTLS_SSL_SIG_RSA;
+ }
#endif
#if defined(MBEDTLS_ECDSA_C)
- if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECDSA ) )
- return( MBEDTLS_SSL_SIG_ECDSA );
+ if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) {
+ return MBEDTLS_SSL_SIG_ECDSA;
+ }
#endif
- return( MBEDTLS_SSL_SIG_ANON );
+ return MBEDTLS_SSL_SIG_ANON;
}
-unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type )
+unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type)
{
- switch( type ) {
+ switch (type) {
case MBEDTLS_PK_RSA:
- return( MBEDTLS_SSL_SIG_RSA );
+ return MBEDTLS_SSL_SIG_RSA;
case MBEDTLS_PK_ECDSA:
case MBEDTLS_PK_ECKEY:
- return( MBEDTLS_SSL_SIG_ECDSA );
+ return MBEDTLS_SSL_SIG_ECDSA;
default:
- return( MBEDTLS_SSL_SIG_ANON );
+ return MBEDTLS_SSL_SIG_ANON;
}
}
-mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig )
+mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig)
{
- switch( sig )
- {
+ switch (sig) {
#if defined(MBEDTLS_RSA_C)
case MBEDTLS_SSL_SIG_RSA:
- return( MBEDTLS_PK_RSA );
+ return MBEDTLS_PK_RSA;
#endif
#if defined(MBEDTLS_ECDSA_C)
case MBEDTLS_SSL_SIG_ECDSA:
- return( MBEDTLS_PK_ECDSA );
+ return MBEDTLS_PK_ECDSA;
#endif
default:
- return( MBEDTLS_PK_NONE );
+ return MBEDTLS_PK_NONE;
}
}
#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */
@@ -7256,35 +7126,35 @@
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* Find an entry in a signature-hash set matching a given hash algorithm. */
-mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
- mbedtls_pk_type_t sig_alg )
+mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find(mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_pk_type_t sig_alg)
{
- switch( sig_alg )
- {
+ switch (sig_alg) {
case MBEDTLS_PK_RSA:
- return( set->rsa );
+ return set->rsa;
case MBEDTLS_PK_ECDSA:
- return( set->ecdsa );
+ return set->ecdsa;
default:
- return( MBEDTLS_MD_NONE );
+ return MBEDTLS_MD_NONE;
}
}
/* Add a signature-hash-pair to a signature-hash set */
-void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
- mbedtls_pk_type_t sig_alg,
- mbedtls_md_type_t md_alg )
+void mbedtls_ssl_sig_hash_set_add(mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_pk_type_t sig_alg,
+ mbedtls_md_type_t md_alg)
{
- switch( sig_alg )
- {
+ switch (sig_alg) {
case MBEDTLS_PK_RSA:
- if( set->rsa == MBEDTLS_MD_NONE )
+ if (set->rsa == MBEDTLS_MD_NONE) {
set->rsa = md_alg;
+ }
break;
case MBEDTLS_PK_ECDSA:
- if( set->ecdsa == MBEDTLS_MD_NONE )
+ if (set->ecdsa == MBEDTLS_MD_NONE) {
set->ecdsa = md_alg;
+ }
break;
default:
@@ -7293,8 +7163,8 @@
}
/* Allow exactly one hash algorithm for each signature. */
-void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
- mbedtls_md_type_t md_alg )
+void mbedtls_ssl_sig_hash_set_const_hash(mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_md_type_t md_alg)
{
set->rsa = md_alg;
set->ecdsa = md_alg;
@@ -7306,68 +7176,66 @@
/*
* Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
*/
-mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash )
+mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash)
{
- switch( hash )
- {
+ switch (hash) {
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_SSL_HASH_MD5:
- return( MBEDTLS_MD_MD5 );
+ return MBEDTLS_MD_MD5;
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_SSL_HASH_SHA1:
- return( MBEDTLS_MD_SHA1 );
+ return MBEDTLS_MD_SHA1;
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_SSL_HASH_SHA224:
- return( MBEDTLS_MD_SHA224 );
+ return MBEDTLS_MD_SHA224;
case MBEDTLS_SSL_HASH_SHA256:
- return( MBEDTLS_MD_SHA256 );
+ return MBEDTLS_MD_SHA256;
#endif
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_SSL_HASH_SHA384:
- return( MBEDTLS_MD_SHA384 );
+ return MBEDTLS_MD_SHA384;
#endif
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_SSL_HASH_SHA512:
- return( MBEDTLS_MD_SHA512 );
+ return MBEDTLS_MD_SHA512;
#endif
default:
- return( MBEDTLS_MD_NONE );
+ return MBEDTLS_MD_NONE;
}
}
/*
* Convert from MBEDTLS_MD_XXX to MBEDTLS_SSL_HASH_XXX
*/
-unsigned char mbedtls_ssl_hash_from_md_alg( int md )
+unsigned char mbedtls_ssl_hash_from_md_alg(int md)
{
- switch( md )
- {
+ switch (md) {
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- return( MBEDTLS_SSL_HASH_MD5 );
+ return MBEDTLS_SSL_HASH_MD5;
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- return( MBEDTLS_SSL_HASH_SHA1 );
+ return MBEDTLS_SSL_HASH_SHA1;
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA224:
- return( MBEDTLS_SSL_HASH_SHA224 );
+ return MBEDTLS_SSL_HASH_SHA224;
case MBEDTLS_MD_SHA256:
- return( MBEDTLS_SSL_HASH_SHA256 );
+ return MBEDTLS_SSL_HASH_SHA256;
#endif
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
- return( MBEDTLS_SSL_HASH_SHA384 );
+ return MBEDTLS_SSL_HASH_SHA384;
#endif
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA512:
- return( MBEDTLS_SSL_HASH_SHA512 );
+ return MBEDTLS_SSL_HASH_SHA512;
#endif
default:
- return( MBEDTLS_SSL_HASH_NONE );
+ return MBEDTLS_SSL_HASH_NONE;
}
}
@@ -7376,30 +7244,34 @@
* Check if a curve proposed by the peer is in our list.
* Return 0 if we're willing to use it, -1 otherwise.
*/
-int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
+int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id)
{
const mbedtls_ecp_group_id *gid;
- if( ssl->conf->curve_list == NULL )
- return( -1 );
+ if (ssl->conf->curve_list == NULL) {
+ return -1;
+ }
- for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
- if( *gid == grp_id )
- return( 0 );
+ for (gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++) {
+ if (*gid == grp_id) {
+ return 0;
+ }
+ }
- return( -1 );
+ return -1;
}
/*
* Same as mbedtls_ssl_check_curve() but takes a TLS ID for the curve.
*/
-int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id )
+int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id)
{
const mbedtls_ecp_curve_info *curve_info =
- mbedtls_ecp_curve_info_from_tls_id( tls_id );
- if( curve_info == NULL )
- return( -1 );
- return( mbedtls_ssl_check_curve( ssl, curve_info->grp_id ) );
+ mbedtls_ecp_curve_info_from_tls_id(tls_id);
+ if (curve_info == NULL) {
+ return -1;
+ }
+ return mbedtls_ssl_check_curve(ssl, curve_info->grp_id);
}
#endif /* MBEDTLS_ECP_C */
@@ -7408,27 +7280,30 @@
* Check if a hash proposed by the peer is in our list.
* Return 0 if we're willing to use it, -1 otherwise.
*/
-int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
- mbedtls_md_type_t md )
+int mbedtls_ssl_check_sig_hash(const mbedtls_ssl_context *ssl,
+ mbedtls_md_type_t md)
{
const int *cur;
- if( ssl->conf->sig_hashes == NULL )
- return( -1 );
+ if (ssl->conf->sig_hashes == NULL) {
+ return -1;
+ }
- for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
- if( *cur == (int) md )
- return( 0 );
+ for (cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++) {
+ if (*cur == (int) md) {
+ return 0;
+ }
+ }
- return( -1 );
+ return -1;
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
- const mbedtls_ssl_ciphersuite_t *ciphersuite,
- int cert_endpoint,
- uint32_t *flags )
+int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
+ const mbedtls_ssl_ciphersuite_t *ciphersuite,
+ int cert_endpoint,
+ uint32_t *flags)
{
int ret = 0;
#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
@@ -7447,11 +7322,9 @@
#endif
#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
- if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
- {
+ if (cert_endpoint == MBEDTLS_SSL_IS_SERVER) {
/* Server part of the key exchange */
- switch( ciphersuite->key_exchange )
- {
+ switch (ciphersuite->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
@@ -7476,15 +7349,12 @@
case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
usage = 0;
}
- }
- else
- {
+ } else {
/* Client auth: we only implement rsa_sign and mbedtls_ecdsa_sign for now */
usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
}
- if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 )
- {
+ if (mbedtls_x509_crt_check_key_usage(cert, usage) != 0) {
*flags |= MBEDTLS_X509_BADCERT_KEY_USAGE;
ret = -1;
}
@@ -7493,36 +7363,32 @@
#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */
#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
- if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
- {
+ if (cert_endpoint == MBEDTLS_SSL_IS_SERVER) {
ext_oid = MBEDTLS_OID_SERVER_AUTH;
- ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH );
- }
- else
- {
+ ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH);
+ } else {
ext_oid = MBEDTLS_OID_CLIENT_AUTH;
- ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH );
+ ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_CLIENT_AUTH);
}
- if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 )
- {
+ if (mbedtls_x509_crt_check_extended_key_usage(cert, ext_oid, ext_len) != 0) {
*flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
ret = -1;
}
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
+int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md)
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
+ if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) {
return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
+ }
- switch( md )
- {
+ switch (md) {
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_SSL_HASH_MD5:
@@ -7559,16 +7425,16 @@
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
-int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
- unsigned char *output,
- unsigned char *data, size_t data_len )
+int mbedtls_ssl_get_key_exchange_md_ssl_tls(mbedtls_ssl_context *ssl,
+ unsigned char *output,
+ unsigned char *data, size_t data_len)
{
int ret = 0;
mbedtls_md5_context mbedtls_md5;
mbedtls_sha1_context mbedtls_sha1;
- mbedtls_md5_init( &mbedtls_md5 );
- mbedtls_sha1_init( &mbedtls_sha1 );
+ mbedtls_md5_init(&mbedtls_md5);
+ mbedtls_sha1_init(&mbedtls_sha1);
/*
* digitally-signed struct {
@@ -7583,61 +7449,54 @@
* SHA(ClientHello.random + ServerHello.random
* + ServerParams);
*/
- if( ( ret = mbedtls_md5_starts_ret( &mbedtls_md5 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_starts_ret", ret );
+ if ((ret = mbedtls_md5_starts_ret(&mbedtls_md5)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md5_starts_ret", ret);
goto exit;
}
- if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5,
- ssl->handshake->randbytes, 64 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret );
+ if ((ret = mbedtls_md5_update_ret(&mbedtls_md5,
+ ssl->handshake->randbytes, 64)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md5_update_ret", ret);
goto exit;
}
- if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5, data, data_len ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret );
+ if ((ret = mbedtls_md5_update_ret(&mbedtls_md5, data, data_len)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md5_update_ret", ret);
goto exit;
}
- if( ( ret = mbedtls_md5_finish_ret( &mbedtls_md5, output ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_finish_ret", ret );
+ if ((ret = mbedtls_md5_finish_ret(&mbedtls_md5, output)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md5_finish_ret", ret);
goto exit;
}
- if( ( ret = mbedtls_sha1_starts_ret( &mbedtls_sha1 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_starts_ret", ret );
+ if ((ret = mbedtls_sha1_starts_ret(&mbedtls_sha1)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha1_starts_ret", ret);
goto exit;
}
- if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1,
- ssl->handshake->randbytes, 64 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret );
+ if ((ret = mbedtls_sha1_update_ret(&mbedtls_sha1,
+ ssl->handshake->randbytes, 64)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha1_update_ret", ret);
goto exit;
}
- if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1, data,
- data_len ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret );
+ if ((ret = mbedtls_sha1_update_ret(&mbedtls_sha1, data,
+ data_len)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha1_update_ret", ret);
goto exit;
}
- if( ( ret = mbedtls_sha1_finish_ret( &mbedtls_sha1,
- output + 16 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_finish_ret", ret );
+ if ((ret = mbedtls_sha1_finish_ret(&mbedtls_sha1,
+ output + 16)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha1_finish_ret", ret);
goto exit;
}
exit:
- mbedtls_md5_free( &mbedtls_md5 );
- mbedtls_sha1_free( &mbedtls_sha1 );
+ mbedtls_md5_free(&mbedtls_md5);
+ mbedtls_sha1_free(&mbedtls_sha1);
- if( ret != 0 )
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+ if (ret != 0) {
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
+ }
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
@@ -7647,81 +7506,75 @@
defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
- unsigned char *hash, size_t *hashlen,
- unsigned char *data, size_t data_len,
- mbedtls_md_type_t md_alg )
+int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl,
+ unsigned char *hash, size_t *hashlen,
+ unsigned char *data, size_t data_len,
+ mbedtls_md_type_t md_alg)
{
psa_status_t status;
psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
- psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg );
+ psa_algorithm_t hash_alg = mbedtls_psa_translate_md(md_alg);
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based computation of digest of ServerKeyExchange"));
- if( ( status = psa_hash_setup( &hash_operation,
- hash_alg ) ) != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_setup", status );
+ if ((status = psa_hash_setup(&hash_operation,
+ hash_alg)) != PSA_SUCCESS) {
+ MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_setup", status);
goto exit;
}
- if( ( status = psa_hash_update( &hash_operation, ssl->handshake->randbytes,
- 64 ) ) != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
+ if ((status = psa_hash_update(&hash_operation, ssl->handshake->randbytes,
+ 64)) != PSA_SUCCESS) {
+ MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_update", status);
goto exit;
}
- if( ( status = psa_hash_update( &hash_operation,
- data, data_len ) ) != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
+ if ((status = psa_hash_update(&hash_operation,
+ data, data_len)) != PSA_SUCCESS) {
+ MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_update", status);
goto exit;
}
- if( ( status = psa_hash_finish( &hash_operation, hash, PSA_HASH_MAX_SIZE,
- hashlen ) ) != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status );
- goto exit;
+ if ((status = psa_hash_finish(&hash_operation, hash, PSA_HASH_MAX_SIZE,
+ hashlen)) != PSA_SUCCESS) {
+ MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_finish", status);
+ goto exit;
}
exit:
- if( status != PSA_SUCCESS )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
- switch( status )
- {
+ if (status != PSA_SUCCESS) {
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
+ switch (status) {
case PSA_ERROR_NOT_SUPPORTED:
- return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */
case PSA_ERROR_BUFFER_TOO_SMALL:
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
case PSA_ERROR_INSUFFICIENT_MEMORY:
- return( MBEDTLS_ERR_MD_ALLOC_FAILED );
+ return MBEDTLS_ERR_MD_ALLOC_FAILED;
default:
- return( MBEDTLS_ERR_MD_HW_ACCEL_FAILED );
+ return MBEDTLS_ERR_MD_HW_ACCEL_FAILED;
}
}
- return( 0 );
+ return 0;
}
#else
-int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
- unsigned char *hash, size_t *hashlen,
- unsigned char *data, size_t data_len,
- mbedtls_md_type_t md_alg )
+int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl,
+ unsigned char *hash, size_t *hashlen,
+ unsigned char *data, size_t data_len,
+ mbedtls_md_type_t md_alg)
{
int ret = 0;
mbedtls_md_context_t ctx;
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
- *hashlen = mbedtls_md_get_size( md_info );
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg);
+ *hashlen = mbedtls_md_get_size(md_info);
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform mbedtls-based computation of digest of ServerKeyExchange" ) );
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Perform mbedtls-based computation of digest of ServerKeyExchange"));
- mbedtls_md_init( &ctx );
+ mbedtls_md_init(&ctx);
/*
* digitally-signed struct {
@@ -7730,40 +7583,36 @@
* ServerDHParams params;
* };
*/
- if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
+ if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_setup", ret);
goto exit;
}
- if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_starts", ret );
+ if ((ret = mbedtls_md_starts(&ctx)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_starts", ret);
goto exit;
}
- if( ( ret = mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret );
+ if ((ret = mbedtls_md_update(&ctx, ssl->handshake->randbytes, 64)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_update", ret);
goto exit;
}
- if( ( ret = mbedtls_md_update( &ctx, data, data_len ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret );
+ if ((ret = mbedtls_md_update(&ctx, data, data_len)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_update", ret);
goto exit;
}
- if( ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_finish", ret );
+ if ((ret = mbedtls_md_finish(&ctx, hash)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret);
goto exit;
}
exit:
- mbedtls_md_free( &ctx );
+ mbedtls_md_free(&ctx);
- if( ret != 0 )
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+ if (ret != 0) {
+ mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
+ }
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index cc68773..6754148 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -29,11 +29,11 @@
#include <stdint.h>
#include <string.h>
-#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
+#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
.name = string,
-#define TLS1_3_EVOLVE_INPUT_SIZE ( PSA_HASH_MAX_SIZE > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE ) ? \
- PSA_HASH_MAX_SIZE : PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
+#define TLS1_3_EVOLVE_INPUT_SIZE (PSA_HASH_MAX_SIZE > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) ? \
+ PSA_HASH_MAX_SIZE : PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels =
{
@@ -81,29 +81,29 @@
static const char tls1_3_label_prefix[6] = "tls13 ";
-#define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( label_len, context_len ) \
- ( 2 /* expansion length */ \
- + 1 /* label length */ \
- + label_len \
- + 1 /* context length */ \
- + context_len )
+#define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \
+ (2 /* expansion length */ \
+ + 1 /* label length */ \
+ + label_len \
+ + 1 /* context length */ \
+ + context_len)
#define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN \
SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( \
- sizeof(tls1_3_label_prefix) + \
- MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN, \
- MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN )
+ sizeof(tls1_3_label_prefix) + \
+ MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN, \
+ MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN)
static void ssl_tls1_3_hkdf_encode_label(
- size_t desired_length,
- const unsigned char *label, size_t llen,
- const unsigned char *ctx, size_t clen,
- unsigned char *dst, size_t *dlen )
+ size_t desired_length,
+ const unsigned char *label, size_t llen,
+ const unsigned char *ctx, size_t clen,
+ unsigned char *dst, size_t *dlen)
{
size_t total_label_len =
sizeof(tls1_3_label_prefix) + llen;
size_t total_hkdf_lbl_len =
- SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( total_label_len, clen );
+ SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(total_label_len, clen);
unsigned char *p = dst;
@@ -112,73 +112,72 @@
* TLS 1.3 HKDF key expansion to more than 255 Bytes. */
#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > 255
#error "The implementation of ssl_tls1_3_hkdf_encode_label() is not fit for the \
- value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN"
+ value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN"
#endif
*p++ = 0;
- *p++ = MBEDTLS_BYTE_0( desired_length );
+ *p++ = MBEDTLS_BYTE_0(desired_length);
/* Add label incl. prefix */
- *p++ = MBEDTLS_BYTE_0( total_label_len );
- memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) );
+ *p++ = MBEDTLS_BYTE_0(total_label_len);
+ memcpy(p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix));
p += sizeof(tls1_3_label_prefix);
- memcpy( p, label, llen );
+ memcpy(p, label, llen);
p += llen;
/* Add context value */
- *p++ = MBEDTLS_BYTE_0( clen );
- if( clen != 0 )
- memcpy( p, ctx, clen );
+ *p++ = MBEDTLS_BYTE_0(clen);
+ if (clen != 0) {
+ memcpy(p, ctx, clen);
+ }
/* Return total length to the caller. */
*dlen = total_hkdf_lbl_len;
}
int mbedtls_ssl_tls1_3_hkdf_expand_label(
- mbedtls_md_type_t hash_alg,
- const unsigned char *secret, size_t slen,
- const unsigned char *label, size_t llen,
- const unsigned char *ctx, size_t clen,
- unsigned char *buf, size_t blen )
+ mbedtls_md_type_t hash_alg,
+ const unsigned char *secret, size_t slen,
+ const unsigned char *label, size_t llen,
+ const unsigned char *ctx, size_t clen,
+ unsigned char *buf, size_t blen)
{
const mbedtls_md_info_t *md;
- unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ];
+ unsigned char hkdf_label[SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN];
size_t hkdf_label_len;
- if( llen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN )
- {
+ if (llen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN) {
/* Should never happen since this is an internal
* function, and we know statically which labels
* are allowed. */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- if( clen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN )
- {
+ if (clen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN) {
/* Should not happen, as above. */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- if( blen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN )
- {
+ if (blen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN) {
/* Should not happen, as above. */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- md = mbedtls_md_info_from_type( hash_alg );
- if( md == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ md = mbedtls_md_info_from_type(hash_alg);
+ if (md == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- ssl_tls1_3_hkdf_encode_label( blen,
- label, llen,
- ctx, clen,
- hkdf_label,
- &hkdf_label_len );
+ ssl_tls1_3_hkdf_encode_label(blen,
+ label, llen,
+ ctx, clen,
+ hkdf_label,
+ &hkdf_label_len);
- return( mbedtls_hkdf_expand( md,
- secret, slen,
- hkdf_label, hkdf_label_len,
- buf, blen ) );
+ return mbedtls_hkdf_expand(md,
+ secret, slen,
+ hkdf_label, hkdf_label_len,
+ buf, blen);
}
/*
@@ -198,156 +197,157 @@
* keys in a single function call.
*/
int mbedtls_ssl_tls1_3_make_traffic_keys(
- mbedtls_md_type_t hash_alg,
- const unsigned char *client_secret,
- const unsigned char *server_secret,
- size_t slen, size_t key_len, size_t iv_len,
- mbedtls_ssl_key_set *keys )
+ mbedtls_md_type_t hash_alg,
+ const unsigned char *client_secret,
+ const unsigned char *server_secret,
+ size_t slen, size_t key_len, size_t iv_len,
+ mbedtls_ssl_key_set *keys)
{
int ret = 0;
- ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
- client_secret, slen,
- MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ),
- NULL, 0,
- keys->client_write_key, key_len );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg,
+ client_secret, slen,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(key),
+ NULL, 0,
+ keys->client_write_key, key_len);
+ if (ret != 0) {
+ return ret;
+ }
- ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
- server_secret, slen,
- MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ),
- NULL, 0,
- keys->server_write_key, key_len );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg,
+ server_secret, slen,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(key),
+ NULL, 0,
+ keys->server_write_key, key_len);
+ if (ret != 0) {
+ return ret;
+ }
- ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
- client_secret, slen,
- MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ),
- NULL, 0,
- keys->client_write_iv, iv_len );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg,
+ client_secret, slen,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(iv),
+ NULL, 0,
+ keys->client_write_iv, iv_len);
+ if (ret != 0) {
+ return ret;
+ }
- ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
- server_secret, slen,
- MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ),
- NULL, 0,
- keys->server_write_iv, iv_len );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg,
+ server_secret, slen,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(iv),
+ NULL, 0,
+ keys->server_write_iv, iv_len);
+ if (ret != 0) {
+ return ret;
+ }
keys->key_len = key_len;
keys->iv_len = iv_len;
- return( 0 );
+ return 0;
}
int mbedtls_ssl_tls1_3_derive_secret(
- mbedtls_md_type_t hash_alg,
- const unsigned char *secret, size_t slen,
- const unsigned char *label, size_t llen,
- const unsigned char *ctx, size_t clen,
- int ctx_hashed,
- unsigned char *dstbuf, size_t buflen )
+ mbedtls_md_type_t hash_alg,
+ const unsigned char *secret, size_t slen,
+ const unsigned char *label, size_t llen,
+ const unsigned char *ctx, size_t clen,
+ int ctx_hashed,
+ unsigned char *dstbuf, size_t buflen)
{
int ret;
- unsigned char hashed_context[ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char hashed_context[MBEDTLS_MD_MAX_SIZE];
const mbedtls_md_info_t *md;
- md = mbedtls_md_info_from_type( hash_alg );
- if( md == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- if( ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED )
- {
- ret = mbedtls_md( md, ctx, clen, hashed_context );
- if( ret != 0 )
- return( ret );
- clen = mbedtls_md_get_size( md );
+ md = mbedtls_md_info_from_type(hash_alg);
+ if (md == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- else
- {
- if( clen > sizeof(hashed_context) )
- {
+
+ if (ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED) {
+ ret = mbedtls_md(md, ctx, clen, hashed_context);
+ if (ret != 0) {
+ return ret;
+ }
+ clen = mbedtls_md_get_size(md);
+ } else {
+ if (clen > sizeof(hashed_context)) {
/* This should never happen since this function is internal
* and the code sets `ctx_hashed` correctly.
* Let's double-check nonetheless to not run at the risk
* of getting a stack overflow. */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- memcpy( hashed_context, ctx, clen );
+ memcpy(hashed_context, ctx, clen);
}
- return( mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
- secret, slen,
- label, llen,
- hashed_context, clen,
- dstbuf, buflen ) );
+ return mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg,
+ secret, slen,
+ label, llen,
+ hashed_context, clen,
+ dstbuf, buflen);
}
int mbedtls_ssl_tls1_3_evolve_secret(
- mbedtls_md_type_t hash_alg,
- const unsigned char *secret_old,
- const unsigned char *input, size_t input_len,
- unsigned char *secret_new )
+ mbedtls_md_type_t hash_alg,
+ const unsigned char *secret_old,
+ const unsigned char *input, size_t input_len,
+ unsigned char *secret_new)
{
int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
size_t hlen, ilen;
- unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 };
- unsigned char tmp_input [ TLS1_3_EVOLVE_INPUT_SIZE ] = { 0 };
+ unsigned char tmp_secret[PSA_MAC_MAX_SIZE] = { 0 };
+ unsigned char tmp_input[TLS1_3_EVOLVE_INPUT_SIZE] = { 0 };
const mbedtls_md_info_t *md;
- md = mbedtls_md_info_from_type( hash_alg );
- if( md == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ md = mbedtls_md_info_from_type(hash_alg);
+ if (md == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- hlen = mbedtls_md_get_size( md );
+ hlen = mbedtls_md_get_size(md);
/* For non-initial runs, call Derive-Secret( ., "derived", "")
* on the old secret. */
- if( secret_old != NULL )
- {
+ if (secret_old != NULL) {
ret = mbedtls_ssl_tls1_3_derive_secret(
- hash_alg,
- secret_old, hlen,
- MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( derived ),
- NULL, 0, /* context */
- MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
- tmp_secret, hlen );
- if( ret != 0 )
+ hash_alg,
+ secret_old, hlen,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(derived),
+ NULL, 0, /* context */
+ MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
+ tmp_secret, hlen);
+ if (ret != 0) {
goto cleanup;
+ }
}
- if( input != NULL )
- {
- memcpy( tmp_input, input, input_len );
+ if (input != NULL) {
+ memcpy(tmp_input, input, input_len);
ilen = input_len;
- }
- else
- {
+ } else {
ilen = hlen;
}
/* HKDF-Extract takes a salt and input key material.
* The salt is the old secret, and the input key material
* is the input secret (PSK / ECDHE). */
- ret = mbedtls_hkdf_extract( md,
- tmp_secret, hlen,
- tmp_input, ilen,
- secret_new );
- if( ret != 0 )
+ ret = mbedtls_hkdf_extract(md,
+ tmp_secret, hlen,
+ tmp_input, ilen,
+ secret_new);
+ if (ret != 0) {
goto cleanup;
+ }
ret = 0;
- cleanup:
+cleanup:
- mbedtls_platform_zeroize( tmp_secret, sizeof(tmp_secret) );
- mbedtls_platform_zeroize( tmp_input, sizeof(tmp_input) );
- return( ret );
+ mbedtls_platform_zeroize(tmp_secret, sizeof(tmp_secret));
+ mbedtls_platform_zeroize(tmp_input, sizeof(tmp_input));
+ return ret;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 7089049..4c3b252 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -23,46 +23,44 @@
* the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union
* below. */
#define MBEDTLS_SSL_TLS1_3_LABEL_LIST \
- MBEDTLS_SSL_TLS1_3_LABEL( finished , "finished" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( resumption , "resumption" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( traffic_upd , "traffic upd" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( exporter , "exporter" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( key , "key" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( iv , "iv" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( c_hs_traffic, "c hs traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( c_ap_traffic, "c ap traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( c_e_traffic , "c e traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( s_hs_traffic, "s hs traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( s_ap_traffic, "s ap traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( s_e_traffic , "s e traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( e_exp_master, "e exp master" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( res_master , "res master" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( exp_master , "exp master" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( ext_binder , "ext binder" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( res_binder , "res binder" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( derived , "derived" )
+ MBEDTLS_SSL_TLS1_3_LABEL(finished, "finished") \
+ MBEDTLS_SSL_TLS1_3_LABEL(resumption, "resumption") \
+ MBEDTLS_SSL_TLS1_3_LABEL(traffic_upd, "traffic upd") \
+ MBEDTLS_SSL_TLS1_3_LABEL(exporter, "exporter") \
+ MBEDTLS_SSL_TLS1_3_LABEL(key, "key") \
+ MBEDTLS_SSL_TLS1_3_LABEL(iv, "iv") \
+ MBEDTLS_SSL_TLS1_3_LABEL(c_hs_traffic, "c hs traffic") \
+ MBEDTLS_SSL_TLS1_3_LABEL(c_ap_traffic, "c ap traffic") \
+ MBEDTLS_SSL_TLS1_3_LABEL(c_e_traffic, "c e traffic") \
+ MBEDTLS_SSL_TLS1_3_LABEL(s_hs_traffic, "s hs traffic") \
+ MBEDTLS_SSL_TLS1_3_LABEL(s_ap_traffic, "s ap traffic") \
+ MBEDTLS_SSL_TLS1_3_LABEL(s_e_traffic, "s e traffic") \
+ MBEDTLS_SSL_TLS1_3_LABEL(e_exp_master, "e exp master") \
+ MBEDTLS_SSL_TLS1_3_LABEL(res_master, "res master") \
+ MBEDTLS_SSL_TLS1_3_LABEL(exp_master, "exp master") \
+ MBEDTLS_SSL_TLS1_3_LABEL(ext_binder, "ext binder") \
+ MBEDTLS_SSL_TLS1_3_LABEL(res_binder, "res binder") \
+ MBEDTLS_SSL_TLS1_3_LABEL(derived, "derived")
-#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
- const unsigned char name [ sizeof(string) - 1 ];
+#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
+ const unsigned char name [sizeof(string) - 1];
-union mbedtls_ssl_tls1_3_labels_union
-{
+union mbedtls_ssl_tls1_3_labels_union {
MBEDTLS_SSL_TLS1_3_LABEL_LIST
};
-struct mbedtls_ssl_tls1_3_labels_struct
-{
+struct mbedtls_ssl_tls1_3_labels_struct {
MBEDTLS_SSL_TLS1_3_LABEL_LIST
};
#undef MBEDTLS_SSL_TLS1_3_LABEL
extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels;
-#define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( LABEL ) \
+#define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(LABEL) \
mbedtls_ssl_tls1_3_labels.LABEL, \
sizeof(mbedtls_ssl_tls1_3_labels.LABEL)
#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \
- sizeof( union mbedtls_ssl_tls1_3_labels_union )
+ sizeof(union mbedtls_ssl_tls1_3_labels_union)
/* The maximum length of HKDF contexts used in the TLS 1.3 standard.
* Since contexts are always hashes of message transcripts, this can
@@ -107,11 +105,11 @@
*/
int mbedtls_ssl_tls1_3_hkdf_expand_label(
- mbedtls_md_type_t hash_alg,
- const unsigned char *secret, size_t slen,
- const unsigned char *label, size_t llen,
- const unsigned char *ctx, size_t clen,
- unsigned char *buf, size_t blen );
+ mbedtls_md_type_t hash_alg,
+ const unsigned char *secret, size_t slen,
+ const unsigned char *label, size_t llen,
+ const unsigned char *ctx, size_t clen,
+ unsigned char *buf, size_t blen);
/**
* \brief This function is part of the TLS 1.3 key schedule.
@@ -143,11 +141,11 @@
*/
int mbedtls_ssl_tls1_3_make_traffic_keys(
- mbedtls_md_type_t hash_alg,
- const unsigned char *client_secret,
- const unsigned char *server_secret,
- size_t slen, size_t key_len, size_t iv_len,
- mbedtls_ssl_key_set *keys );
+ mbedtls_md_type_t hash_alg,
+ const unsigned char *client_secret,
+ const unsigned char *server_secret,
+ size_t slen, size_t key_len, size_t iv_len,
+ mbedtls_ssl_key_set *keys);
#define MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED 0
@@ -191,12 +189,12 @@
* \returns A negative error code on failure.
*/
int mbedtls_ssl_tls1_3_derive_secret(
- mbedtls_md_type_t hash_alg,
- const unsigned char *secret, size_t slen,
- const unsigned char *label, size_t llen,
- const unsigned char *ctx, size_t clen,
- int ctx_hashed,
- unsigned char *dstbuf, size_t buflen );
+ mbedtls_md_type_t hash_alg,
+ const unsigned char *secret, size_t slen,
+ const unsigned char *label, size_t llen,
+ const unsigned char *ctx, size_t clen,
+ int ctx_hashed,
+ unsigned char *dstbuf, size_t buflen);
/**
* \brief Compute the next secret in the TLS 1.3 key schedule
@@ -266,9 +264,9 @@
*/
int mbedtls_ssl_tls1_3_evolve_secret(
- mbedtls_md_type_t hash_alg,
- const unsigned char *secret_old,
- const unsigned char *input, size_t input_len,
- unsigned char *secret_new );
+ mbedtls_md_type_t hash_alg,
+ const unsigned char *secret_old,
+ const unsigned char *input, size_t input_len,
+ unsigned char *secret_new);
#endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */
diff --git a/library/threading.c b/library/threading.c
index 5e0aaa4..0542f33 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -40,9 +40,9 @@
#endif /* !_WIN32 && (unix || __unix || __unix__ ||
* (__APPLE__ && __MACH__)) */
-#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \
- ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \
- _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) )
+#if !((defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L) || \
+ (defined(_POSIX_THREAD_SAFE_FUNCTIONS) && \
+ _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L))
/*
* This is a convenience shorthand macro to avoid checking the long
* preprocessor conditions above. Ideally, we could expose this macro in
@@ -51,21 +51,22 @@
* we keep it private by only defining it in this file
*/
-#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) )
+#if !(defined(_WIN32) && !defined(EFIX64) && !defined(EFI32))
#define THREADING_USE_GMTIME
#endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */
-#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \
- ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \
+#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \
+ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \
_POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) */
#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
#if defined(MBEDTLS_THREADING_PTHREAD)
-static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex )
+static void threading_mutex_init_pthread(mbedtls_threading_mutex_t *mutex)
{
- if( mutex == NULL )
+ if (mutex == NULL) {
return;
+ }
/* A nonzero value of is_valid indicates a successfully initialized
* mutex. This is a workaround for not being able to return an error
@@ -73,44 +74,49 @@
* if is_valid is nonzero. The Mbed TLS unit test code uses this field
* to distinguish more states of the mutex; see
* tests/src/threading_helpers for details. */
- mutex->is_valid = pthread_mutex_init( &mutex->mutex, NULL ) == 0;
+ mutex->is_valid = pthread_mutex_init(&mutex->mutex, NULL) == 0;
}
-static void threading_mutex_free_pthread( mbedtls_threading_mutex_t *mutex )
+static void threading_mutex_free_pthread(mbedtls_threading_mutex_t *mutex)
{
- if( mutex == NULL || !mutex->is_valid )
+ if (mutex == NULL || !mutex->is_valid) {
return;
+ }
- (void) pthread_mutex_destroy( &mutex->mutex );
+ (void) pthread_mutex_destroy(&mutex->mutex);
mutex->is_valid = 0;
}
-static int threading_mutex_lock_pthread( mbedtls_threading_mutex_t *mutex )
+static int threading_mutex_lock_pthread(mbedtls_threading_mutex_t *mutex)
{
- if( mutex == NULL || ! mutex->is_valid )
- return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA );
+ if (mutex == NULL || !mutex->is_valid) {
+ return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
+ }
- if( pthread_mutex_lock( &mutex->mutex ) != 0 )
- return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+ if (pthread_mutex_lock(&mutex->mutex) != 0) {
+ return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+ }
- return( 0 );
+ return 0;
}
-static int threading_mutex_unlock_pthread( mbedtls_threading_mutex_t *mutex )
+static int threading_mutex_unlock_pthread(mbedtls_threading_mutex_t *mutex)
{
- if( mutex == NULL || ! mutex->is_valid )
- return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA );
+ if (mutex == NULL || !mutex->is_valid) {
+ return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
+ }
- if( pthread_mutex_unlock( &mutex->mutex ) != 0 )
- return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+ if (pthread_mutex_unlock(&mutex->mutex) != 0) {
+ return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+ }
- return( 0 );
+ return 0;
}
-void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t * ) = threading_mutex_init_pthread;
-void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t * ) = threading_mutex_free_pthread;
-int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_lock_pthread;
-int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_unlock_pthread;
+void (*mbedtls_mutex_init)(mbedtls_threading_mutex_t *) = threading_mutex_init_pthread;
+void (*mbedtls_mutex_free)(mbedtls_threading_mutex_t *) = threading_mutex_free_pthread;
+int (*mbedtls_mutex_lock)(mbedtls_threading_mutex_t *) = threading_mutex_lock_pthread;
+int (*mbedtls_mutex_unlock)(mbedtls_threading_mutex_t *) = threading_mutex_unlock_pthread;
/*
* With pthreads we can statically initialize mutexes
@@ -120,29 +126,29 @@
#endif /* MBEDTLS_THREADING_PTHREAD */
#if defined(MBEDTLS_THREADING_ALT)
-static int threading_mutex_fail( mbedtls_threading_mutex_t *mutex )
+static int threading_mutex_fail(mbedtls_threading_mutex_t *mutex)
{
- ((void) mutex );
- return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA );
+ ((void) mutex);
+ return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
}
-static void threading_mutex_dummy( mbedtls_threading_mutex_t *mutex )
+static void threading_mutex_dummy(mbedtls_threading_mutex_t *mutex)
{
- ((void) mutex );
+ ((void) mutex);
return;
}
-void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t * ) = threading_mutex_dummy;
-void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t * ) = threading_mutex_dummy;
-int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_fail;
-int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_fail;
+void (*mbedtls_mutex_init)(mbedtls_threading_mutex_t *) = threading_mutex_dummy;
+void (*mbedtls_mutex_free)(mbedtls_threading_mutex_t *) = threading_mutex_dummy;
+int (*mbedtls_mutex_lock)(mbedtls_threading_mutex_t *) = threading_mutex_fail;
+int (*mbedtls_mutex_unlock)(mbedtls_threading_mutex_t *) = threading_mutex_fail;
/*
* Set functions pointers and initialize global mutexes
*/
-void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
- void (*mutex_free)( mbedtls_threading_mutex_t * ),
- int (*mutex_lock)( mbedtls_threading_mutex_t * ),
- int (*mutex_unlock)( mbedtls_threading_mutex_t * ) )
+void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *),
+ void (*mutex_free)(mbedtls_threading_mutex_t *),
+ int (*mutex_lock)(mbedtls_threading_mutex_t *),
+ int (*mutex_unlock)(mbedtls_threading_mutex_t *))
{
mbedtls_mutex_init = mutex_init;
mbedtls_mutex_free = mutex_free;
@@ -150,23 +156,23 @@
mbedtls_mutex_unlock = mutex_unlock;
#if defined(MBEDTLS_FS_IO)
- mbedtls_mutex_init( &mbedtls_threading_readdir_mutex );
+ mbedtls_mutex_init(&mbedtls_threading_readdir_mutex);
#endif
#if defined(THREADING_USE_GMTIME)
- mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex );
+ mbedtls_mutex_init(&mbedtls_threading_gmtime_mutex);
#endif
}
/*
* Free global mutexes
*/
-void mbedtls_threading_free_alt( void )
+void mbedtls_threading_free_alt(void)
{
#if defined(MBEDTLS_FS_IO)
- mbedtls_mutex_free( &mbedtls_threading_readdir_mutex );
+ mbedtls_mutex_free(&mbedtls_threading_readdir_mutex);
#endif
#if defined(THREADING_USE_GMTIME)
- mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex );
+ mbedtls_mutex_free(&mbedtls_threading_gmtime_mutex);
#endif
}
#endif /* MBEDTLS_THREADING_ALT */
diff --git a/library/timing.c b/library/timing.c
index 7f559be..d4f9554 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -44,8 +44,7 @@
#include <windows.h>
#include <process.h>
-struct _hr_time
-{
+struct _hr_time {
LARGE_INTEGER start;
};
@@ -58,75 +57,72 @@
* platform matches the ifdefs above, it will be used. */
#include <time.h>
#include <sys/time.h>
-struct _hr_time
-{
+struct _hr_time {
struct timeval start;
};
#endif /* _WIN32 && !EFIX64 && !EFI32 */
#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- ( defined(_MSC_VER) && defined(_M_IX86) ) || defined(__WATCOMC__)
+ (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
#define HAVE_HARDCLOCK
-unsigned long mbedtls_timing_hardclock( void )
+unsigned long mbedtls_timing_hardclock(void)
{
unsigned long tsc;
__asm rdtsc
- __asm mov [tsc], eax
- return( tsc );
+ __asm mov[tsc], eax
+ return tsc;
}
#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
( _MSC_VER && _M_IX86 ) || __WATCOMC__ */
/* some versions of mingw-64 have 32-bit longs even on x84_64 */
#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && ( defined(__i386__) || ( \
- ( defined(__amd64__) || defined( __x86_64__) ) && __SIZEOF_LONG__ == 4 ) )
+ defined(__GNUC__) && (defined(__i386__) || ( \
+ (defined(__amd64__) || defined(__x86_64__)) && __SIZEOF_LONG__ == 4))
#define HAVE_HARDCLOCK
-unsigned long mbedtls_timing_hardclock( void )
+unsigned long mbedtls_timing_hardclock(void)
{
unsigned long lo, hi;
- asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) );
- return( lo );
+ asm volatile ("rdtsc" : "=a" (lo), "=d" (hi));
+ return lo;
}
#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
__GNUC__ && __i386__ */
#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && ( defined(__amd64__) || defined(__x86_64__) )
+ defined(__GNUC__) && (defined(__amd64__) || defined(__x86_64__))
#define HAVE_HARDCLOCK
-unsigned long mbedtls_timing_hardclock( void )
+unsigned long mbedtls_timing_hardclock(void)
{
unsigned long lo, hi;
- asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) );
- return( lo | ( hi << 32 ) );
+ asm volatile ("rdtsc" : "=a" (lo), "=d" (hi));
+ return lo | (hi << 32);
}
#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
__GNUC__ && ( __amd64__ || __x86_64__ ) */
#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && ( defined(__powerpc__) || defined(__ppc__) )
+ defined(__GNUC__) && (defined(__powerpc__) || defined(__ppc__))
#define HAVE_HARDCLOCK
-unsigned long mbedtls_timing_hardclock( void )
+unsigned long mbedtls_timing_hardclock(void)
{
unsigned long tbl, tbu0, tbu1;
- do
- {
- asm volatile( "mftbu %0" : "=r" (tbu0) );
- asm volatile( "mftb %0" : "=r" (tbl ) );
- asm volatile( "mftbu %0" : "=r" (tbu1) );
- }
- while( tbu0 != tbu1 );
+ do {
+ asm volatile ("mftbu %0" : "=r" (tbu0));
+ asm volatile ("mftb %0" : "=r" (tbl));
+ asm volatile ("mftbu %0" : "=r" (tbu1));
+ } while (tbu0 != tbu1);
- return( tbl );
+ return tbl;
}
#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
__GNUC__ && ( __powerpc__ || __ppc__ ) */
@@ -139,11 +135,11 @@
#else
#define HAVE_HARDCLOCK
-unsigned long mbedtls_timing_hardclock( void )
+unsigned long mbedtls_timing_hardclock(void)
{
unsigned long tick;
- asm volatile( "rdpr %%tick, %0;" : "=&r" (tick) );
- return( tick );
+ asm volatile ("rdpr %%tick, %0;" : "=&r" (tick));
+ return tick;
}
#endif /* __OpenBSD__ */
#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
@@ -154,12 +150,12 @@
#define HAVE_HARDCLOCK
-unsigned long mbedtls_timing_hardclock( void )
+unsigned long mbedtls_timing_hardclock(void)
{
unsigned long tick;
- asm volatile( ".byte 0x83, 0x41, 0x00, 0x00" );
- asm volatile( "mov %%g1, %0" : "=r" (tick) );
- return( tick );
+ asm volatile (".byte 0x83, 0x41, 0x00, 0x00");
+ asm volatile ("mov %%g1, %0" : "=r" (tick));
+ return tick;
}
#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
__GNUC__ && __sparc__ && !__sparc64__ */
@@ -169,11 +165,11 @@
#define HAVE_HARDCLOCK
-unsigned long mbedtls_timing_hardclock( void )
+unsigned long mbedtls_timing_hardclock(void)
{
unsigned long cc;
- asm volatile( "rpcc %0" : "=r" (cc) );
- return( cc & 0xFFFFFFFF );
+ asm volatile ("rpcc %0" : "=r" (cc));
+ return cc & 0xFFFFFFFF;
}
#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
__GNUC__ && __alpha__ */
@@ -183,11 +179,11 @@
#define HAVE_HARDCLOCK
-unsigned long mbedtls_timing_hardclock( void )
+unsigned long mbedtls_timing_hardclock(void)
{
unsigned long itc;
- asm volatile( "mov %0 = ar.itc" : "=r" (itc) );
- return( itc );
+ asm volatile ("mov %0 = ar.itc" : "=r" (itc));
+ return itc;
}
#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
__GNUC__ && __ia64__ */
@@ -197,13 +193,13 @@
#define HAVE_HARDCLOCK
-unsigned long mbedtls_timing_hardclock( void )
+unsigned long mbedtls_timing_hardclock(void)
{
LARGE_INTEGER offset;
- QueryPerformanceCounter( &offset );
+ QueryPerformanceCounter(&offset);
- return( (unsigned long)( offset.QuadPart ) );
+ return (unsigned long) (offset.QuadPart);
}
#endif /* !HAVE_HARDCLOCK && _MSC_VER && !EFIX64 && !EFI32 */
@@ -214,19 +210,18 @@
static int hardclock_init = 0;
static struct timeval tv_init;
-unsigned long mbedtls_timing_hardclock( void )
+unsigned long mbedtls_timing_hardclock(void)
{
struct timeval tv_cur;
- if( hardclock_init == 0 )
- {
- gettimeofday( &tv_init, NULL );
+ if (hardclock_init == 0) {
+ gettimeofday(&tv_init, NULL);
hardclock_init = 1;
}
- gettimeofday( &tv_cur, NULL );
- return( ( tv_cur.tv_sec - tv_init.tv_sec ) * 1000000U
- + ( tv_cur.tv_usec - tv_init.tv_usec ) );
+ gettimeofday(&tv_cur, NULL);
+ return (tv_cur.tv_sec - tv_init.tv_sec) * 1000000U
+ + (tv_cur.tv_usec - tv_init.tv_usec);
}
#endif /* !HAVE_HARDCLOCK */
@@ -234,43 +229,39 @@
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset )
+unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset)
{
struct _hr_time *t = (struct _hr_time *) val;
- if( reset )
- {
- QueryPerformanceCounter( &t->start );
- return( 0 );
- }
- else
- {
+ if (reset) {
+ QueryPerformanceCounter(&t->start);
+ return 0;
+ } else {
unsigned long delta;
LARGE_INTEGER now, hfreq;
- QueryPerformanceCounter( &now );
- QueryPerformanceFrequency( &hfreq );
- delta = (unsigned long)( ( now.QuadPart - t->start.QuadPart ) * 1000ul
- / hfreq.QuadPart );
- return( delta );
+ QueryPerformanceCounter(&now);
+ QueryPerformanceFrequency(&hfreq);
+ delta = (unsigned long) ((now.QuadPart - t->start.QuadPart) * 1000ul
+ / hfreq.QuadPart);
+ return delta;
}
}
/* It's OK to use a global because alarm() is supposed to be global anyway */
static DWORD alarmMs;
-static void TimerProc( void *TimerContext )
+static void TimerProc(void *TimerContext)
{
(void) TimerContext;
- Sleep( alarmMs );
+ Sleep(alarmMs);
mbedtls_timing_alarmed = 1;
/* _endthread will be called implicitly on return
* That ensures execution of thread function's epilogue */
}
-void mbedtls_set_alarm( int seconds )
+void mbedtls_set_alarm(int seconds)
{
- if( seconds == 0 )
- {
+ if (seconds == 0) {
/* No need to create a thread for this simple case.
* Also, this shorcut is more reliable at least on MinGW32 */
mbedtls_timing_alarmed = 1;
@@ -279,44 +270,40 @@
mbedtls_timing_alarmed = 0;
alarmMs = seconds * 1000;
- (void) _beginthread( TimerProc, 0, NULL );
+ (void) _beginthread(TimerProc, 0, NULL);
}
#else /* _WIN32 && !EFIX64 && !EFI32 */
-unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset )
+unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset)
{
struct _hr_time *t = (struct _hr_time *) val;
- if( reset )
- {
- gettimeofday( &t->start, NULL );
- return( 0 );
- }
- else
- {
+ if (reset) {
+ gettimeofday(&t->start, NULL);
+ return 0;
+ } else {
unsigned long delta;
struct timeval now;
- gettimeofday( &now, NULL );
- delta = ( now.tv_sec - t->start.tv_sec ) * 1000ul
- + ( now.tv_usec - t->start.tv_usec ) / 1000;
- return( delta );
+ gettimeofday(&now, NULL);
+ delta = (now.tv_sec - t->start.tv_sec) * 1000ul
+ + (now.tv_usec - t->start.tv_usec) / 1000;
+ return delta;
}
}
-static void sighandler( int signum )
+static void sighandler(int signum)
{
mbedtls_timing_alarmed = 1;
- signal( signum, sighandler );
+ signal(signum, sighandler);
}
-void mbedtls_set_alarm( int seconds )
+void mbedtls_set_alarm(int seconds)
{
mbedtls_timing_alarmed = 0;
- signal( SIGALRM, sighandler );
- alarm( seconds );
- if( seconds == 0 )
- {
+ signal(SIGALRM, sighandler);
+ alarm(seconds);
+ if (seconds == 0) {
/* alarm(0) cancelled any previous pending alarm, but the
handler won't fire, so raise the flag straight away. */
mbedtls_timing_alarmed = 1;
@@ -328,37 +315,41 @@
/*
* Set delays to watch
*/
-void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms )
+void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms)
{
mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data;
ctx->int_ms = int_ms;
ctx->fin_ms = fin_ms;
- if( fin_ms != 0 )
- (void) mbedtls_timing_get_timer( &ctx->timer, 1 );
+ if (fin_ms != 0) {
+ (void) mbedtls_timing_get_timer(&ctx->timer, 1);
+ }
}
/*
* Get number of delays expired
*/
-int mbedtls_timing_get_delay( void *data )
+int mbedtls_timing_get_delay(void *data)
{
mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data;
unsigned long elapsed_ms;
- if( ctx->fin_ms == 0 )
- return( -1 );
+ if (ctx->fin_ms == 0) {
+ return -1;
+ }
- elapsed_ms = mbedtls_timing_get_timer( &ctx->timer, 0 );
+ elapsed_ms = mbedtls_timing_get_timer(&ctx->timer, 0);
- if( elapsed_ms >= ctx->fin_ms )
- return( 2 );
+ if (elapsed_ms >= ctx->fin_ms) {
+ return 2;
+ }
- if( elapsed_ms >= ctx->int_ms )
- return( 1 );
+ if (elapsed_ms >= ctx->int_ms) {
+ return 1;
+ }
- return( 0 );
+ return 0;
}
@@ -368,16 +359,17 @@
* Busy-waits for the given number of milliseconds.
* Used for testing mbedtls_timing_hardclock.
*/
-static void busy_msleep( unsigned long msec )
+static void busy_msleep(unsigned long msec)
{
struct mbedtls_timing_hr_time hires;
unsigned long i = 0; /* for busy-waiting */
volatile unsigned long j; /* to prevent optimisation */
- (void) mbedtls_timing_get_timer( &hires, 1 );
+ (void) mbedtls_timing_get_timer(&hires, 1);
- while( mbedtls_timing_get_timer( &hires, 0 ) < msec )
+ while (mbedtls_timing_get_timer(&hires, 0) < msec) {
i++;
+ }
j = i;
(void) j;
@@ -385,19 +377,19 @@
#define FAIL do \
{ \
- if( verbose != 0 ) \
+ if (verbose != 0) \
{ \
- mbedtls_printf( "failed at line %d\n", __LINE__ ); \
- mbedtls_printf( " cycles=%lu ratio=%lu millisecs=%lu secs=%lu hardfail=%d a=%lu b=%lu\n", \
- cycles, ratio, millisecs, secs, hardfail, \
- (unsigned long) a, (unsigned long) b ); \
- mbedtls_printf( " elapsed(hires)=%lu elapsed(ctx)=%lu status(ctx)=%d\n", \
- mbedtls_timing_get_timer( &hires, 0 ), \
- mbedtls_timing_get_timer( &ctx.timer, 0 ), \
- mbedtls_timing_get_delay( &ctx ) ); \
+ mbedtls_printf("failed at line %d\n", __LINE__); \
+ mbedtls_printf(" cycles=%lu ratio=%lu millisecs=%lu secs=%lu hardfail=%d a=%lu b=%lu\n", \
+ cycles, ratio, millisecs, secs, hardfail, \
+ (unsigned long) a, (unsigned long) b); \
+ mbedtls_printf(" elapsed(hires)=%lu elapsed(ctx)=%lu status(ctx)=%d\n", \
+ mbedtls_timing_get_timer(&hires, 0), \
+ mbedtls_timing_get_timer(&ctx.timer, 0), \
+ mbedtls_timing_get_delay(&ctx)); \
} \
- return( 1 ); \
- } while( 0 )
+ return 1; \
+ } while (0)
/*
* Checkup routine
@@ -405,7 +397,7 @@
* Warning: this is work in progress, some tests may not be reliable enough
* yet! False positives may happen.
*/
-int mbedtls_timing_self_test( int verbose )
+int mbedtls_timing_self_test(int verbose)
{
unsigned long cycles = 0, ratio = 0;
unsigned long millisecs = 0, secs = 0;
@@ -414,63 +406,75 @@
uint32_t a = 0, b = 0;
mbedtls_timing_delay_context ctx;
- if( verbose != 0 )
- mbedtls_printf( " TIMING tests note: will take some time!\n" );
+ if (verbose != 0) {
+ mbedtls_printf(" TIMING tests note: will take some time!\n");
+ }
- if( verbose != 0 )
- mbedtls_printf( " TIMING test #1 (set_alarm / get_timer): " );
+ if (verbose != 0) {
+ mbedtls_printf(" TIMING test #1 (set_alarm / get_timer): ");
+ }
{
secs = 1;
- (void) mbedtls_timing_get_timer( &hires, 1 );
+ (void) mbedtls_timing_get_timer(&hires, 1);
- mbedtls_set_alarm( (int) secs );
- while( !mbedtls_timing_alarmed )
+ mbedtls_set_alarm((int) secs);
+ while (!mbedtls_timing_alarmed) {
;
+ }
- millisecs = mbedtls_timing_get_timer( &hires, 0 );
+ millisecs = mbedtls_timing_get_timer(&hires, 0);
/* For some reason on Windows it looks like alarm has an extra delay
* (maybe related to creating a new thread). Allow some room here. */
- if( millisecs < 800 * secs || millisecs > 1200 * secs + 300 )
+ if (millisecs < 800 * secs || millisecs > 1200 * secs + 300) {
FAIL;
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
- if( verbose != 0 )
- mbedtls_printf( " TIMING test #2 (set/get_delay ): " );
+ if (verbose != 0) {
+ mbedtls_printf(" TIMING test #2 (set/get_delay ): ");
+ }
{
a = 800;
b = 400;
- mbedtls_timing_set_delay( &ctx, a, a + b ); /* T = 0 */
+ mbedtls_timing_set_delay(&ctx, a, a + b); /* T = 0 */
- busy_msleep( a - a / 4 ); /* T = a - a/4 */
- if( mbedtls_timing_get_delay( &ctx ) != 0 )
+ busy_msleep(a - a / 4); /* T = a - a/4 */
+ if (mbedtls_timing_get_delay(&ctx) != 0) {
FAIL;
+ }
- busy_msleep( a / 4 + b / 4 ); /* T = a + b/4 */
- if( mbedtls_timing_get_delay( &ctx ) != 1 )
+ busy_msleep(a / 4 + b / 4); /* T = a + b/4 */
+ if (mbedtls_timing_get_delay(&ctx) != 1) {
FAIL;
+ }
- busy_msleep( b ); /* T = a + b + b/4 */
- if( mbedtls_timing_get_delay( &ctx ) != 2 )
+ busy_msleep(b); /* T = a + b + b/4 */
+ if (mbedtls_timing_get_delay(&ctx) != 2) {
FAIL;
+ }
}
- mbedtls_timing_set_delay( &ctx, 0, 0 );
- busy_msleep( 200 );
- if( mbedtls_timing_get_delay( &ctx ) != -1 )
+ mbedtls_timing_set_delay(&ctx, 0, 0);
+ busy_msleep(200);
+ if (mbedtls_timing_get_delay(&ctx) != -1) {
FAIL;
+ }
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
- if( verbose != 0 )
- mbedtls_printf( " TIMING test #3 (hardclock / get_timer): " );
+ if (verbose != 0) {
+ mbedtls_printf(" TIMING test #3 (hardclock / get_timer): ");
+ }
/*
* Allow one failure for possible counter wrapping.
@@ -479,10 +483,10 @@
*/
hard_test:
- if( hardfail > 1 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed (ignored)\n" );
+ if (hardfail > 1) {
+ if (verbose != 0) {
+ mbedtls_printf("failed (ignored)\n");
+ }
goto hard_test_done;
}
@@ -490,35 +494,35 @@
/* Get a reference ratio cycles/ms */
millisecs = 1;
cycles = mbedtls_timing_hardclock();
- busy_msleep( millisecs );
+ busy_msleep(millisecs);
cycles = mbedtls_timing_hardclock() - cycles;
ratio = cycles / millisecs;
/* Check that the ratio is mostly constant */
- for( millisecs = 2; millisecs <= 4; millisecs++ )
- {
+ for (millisecs = 2; millisecs <= 4; millisecs++) {
cycles = mbedtls_timing_hardclock();
- busy_msleep( millisecs );
+ busy_msleep(millisecs);
cycles = mbedtls_timing_hardclock() - cycles;
/* Allow variation up to 20% */
- if( cycles / millisecs < ratio - ratio / 5 ||
- cycles / millisecs > ratio + ratio / 5 )
- {
+ if (cycles / millisecs < ratio - ratio / 5 ||
+ cycles / millisecs > ratio + ratio / 5) {
hardfail++;
goto hard_test;
}
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
hard_test_done:
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/version.c b/library/version.c
index 32a0d7d..4f78c9c 100644
--- a/library/version.c
+++ b/library/version.c
@@ -24,21 +24,21 @@
#include "mbedtls/version.h"
#include <string.h>
-unsigned int mbedtls_version_get_number( void )
+unsigned int mbedtls_version_get_number(void)
{
- return( MBEDTLS_VERSION_NUMBER );
+ return MBEDTLS_VERSION_NUMBER;
}
-void mbedtls_version_get_string( char *string )
+void mbedtls_version_get_string(char *string)
{
- memcpy( string, MBEDTLS_VERSION_STRING,
- sizeof( MBEDTLS_VERSION_STRING ) );
+ memcpy(string, MBEDTLS_VERSION_STRING,
+ sizeof(MBEDTLS_VERSION_STRING));
}
-void mbedtls_version_get_string_full( char *string )
+void mbedtls_version_get_string_full(char *string)
{
- memcpy( string, MBEDTLS_VERSION_STRING_FULL,
- sizeof( MBEDTLS_VERSION_STRING_FULL ) );
+ memcpy(string, MBEDTLS_VERSION_STRING_FULL,
+ sizeof(MBEDTLS_VERSION_STRING_FULL));
}
#endif /* MBEDTLS_VERSION_C */
diff --git a/library/x509.c b/library/x509.c
index 54c8666..38eb2e6 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -53,42 +53,45 @@
#include <time.h>
#endif
-#define CHECK(code) if( ( ret = ( code ) ) != 0 ){ return( ret ); }
+#define CHECK(code) if ((ret = (code)) != 0) { return ret; }
#define CHECK_RANGE(min, max, val) \
do \
{ \
- if( ( val ) < ( min ) || ( val ) > ( max ) ) \
+ if ((val) < (min) || (val) > (max)) \
{ \
- return( ret ); \
+ return ret; \
} \
- } while( 0 )
+ } while (0)
/*
* CertificateSerialNumber ::= INTEGER
*/
-int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *serial )
+int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_buf *serial)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ( end - *p ) < 1 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL,
- MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
+ if ((end - *p) < 1) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL,
+ MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+ }
- if( **p != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2 ) &&
- **p != MBEDTLS_ASN1_INTEGER )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL,
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+ if (**p != (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2) &&
+ **p != MBEDTLS_ASN1_INTEGER) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+ }
serial->tag = *(*p)++;
- if( ( ret = mbedtls_asn1_get_len( p, end, &serial->len ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL, ret ) );
+ if ((ret = mbedtls_asn1_get_len(p, end, &serial->len)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, ret);
+ }
serial->p = *p;
*p += serial->len;
- return( 0 );
+ return 0;
}
/* Get an algorithm identifier without parameters (eg for signatures)
@@ -97,29 +100,31 @@
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL }
*/
-int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *alg )
+int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_buf *alg)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
+ if ((ret = mbedtls_asn1_get_alg_null(p, end, alg)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
+ }
- return( 0 );
+ return 0;
}
/*
* Parse an algorithm identifier with (optional) parameters
*/
-int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *alg, mbedtls_x509_buf *params )
+int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_buf *alg, mbedtls_x509_buf *params)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
+ if ((ret = mbedtls_asn1_get_alg(p, end, alg, params)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
+ }
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
@@ -132,7 +137,7 @@
*
* For HashAlgorithm, parameters MUST be NULL or absent.
*/
-static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg )
+static int x509_get_hash_alg(const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p;
@@ -141,42 +146,49 @@
size_t len;
/* Make sure we got a SEQUENCE and setup bounds */
- if( alg->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+ if (alg->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+ }
p = alg->p;
end = p + alg->len;
- if( p >= end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
- MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
+ if (p >= end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+ MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+ }
/* Parse md_oid */
md_oid.tag = *p;
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &md_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &md_oid.len, MBEDTLS_ASN1_OID)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
+ }
md_oid.p = p;
p += md_oid.len;
/* Get md_alg from md_oid */
- if( ( ret = mbedtls_oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
+ if ((ret = mbedtls_oid_get_md_alg(&md_oid, md_alg)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
+ }
/* Make sure params is absent of NULL */
- if( p == end )
- return( 0 );
+ if (p == end) {
+ return 0;
+ }
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_NULL ) ) != 0 || len != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_NULL)) != 0 || len != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
+ }
- if( p != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- return( 0 );
+ return 0;
}
/*
@@ -191,9 +203,9 @@
* of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
* option. Enforce this at parsing time.
*/
-int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
- mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
- int *salt_len )
+int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params,
+ mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
+ int *salt_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p;
@@ -207,121 +219,139 @@
*salt_len = 20;
/* Make sure params is a SEQUENCE and setup bounds */
- if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+ if (params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+ }
p = (unsigned char *) params->p;
end = p + params->len;
- if( p == end )
- return( 0 );
+ if (p == end) {
+ return 0;
+ }
/*
* HashAlgorithm
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
- {
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
+ 0)) == 0) {
end2 = p + len;
/* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
- if( ( ret = mbedtls_x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_x509_get_alg_null(&p, end2, &alg_id)) != 0) {
+ return ret;
+ }
- if( ( ret = mbedtls_oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
+ if ((ret = mbedtls_oid_get_md_alg(&alg_id, md_alg)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
+ }
- if( p != end2 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (p != end2) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
+ } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
}
- else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
- if( p == end )
- return( 0 );
+ if (p == end) {
+ return 0;
+ }
/*
* MaskGenAlgorithm
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
- {
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
+ 1)) == 0) {
end2 = p + len;
/* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
- if( ( ret = mbedtls_x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_x509_get_alg(&p, end2, &alg_id, &alg_params)) != 0) {
+ return ret;
+ }
/* Only MFG1 is recognised for now */
- if( MBEDTLS_OID_CMP( MBEDTLS_OID_MGF1, &alg_id ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE,
- MBEDTLS_ERR_OID_NOT_FOUND ) );
+ if (MBEDTLS_OID_CMP(MBEDTLS_OID_MGF1, &alg_id) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE,
+ MBEDTLS_ERR_OID_NOT_FOUND);
+ }
/* Parse HashAlgorithm */
- if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
- return( ret );
+ if ((ret = x509_get_hash_alg(&alg_params, mgf_md)) != 0) {
+ return ret;
+ }
- if( p != end2 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (p != end2) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
+ } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
}
- else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
- if( p == end )
- return( 0 );
+ if (p == end) {
+ return 0;
+ }
/*
* salt_len
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2 ) ) == 0 )
- {
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
+ 2)) == 0) {
end2 = p + len;
- if( ( ret = mbedtls_asn1_get_int( &p, end2, salt_len ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
+ if ((ret = mbedtls_asn1_get_int(&p, end2, salt_len)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
+ }
- if( p != end2 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (p != end2) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
+ } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
}
- else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
- if( p == end )
- return( 0 );
+ if (p == end) {
+ return 0;
+ }
/*
* trailer_field (if present, must be 1)
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 3 ) ) == 0 )
- {
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
+ 3)) == 0) {
int trailer_field;
end2 = p + len;
- if( ( ret = mbedtls_asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
+ if ((ret = mbedtls_asn1_get_int(&p, end2, &trailer_field)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
+ }
- if( p != end2 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (p != end2) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- if( trailer_field != 1 )
- return( MBEDTLS_ERR_X509_INVALID_ALG );
+ if (trailer_field != 1) {
+ return MBEDTLS_ERR_X509_INVALID_ALG;
+ }
+ } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
}
- else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
- if( p != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
@@ -334,63 +364,68 @@
*
* AttributeValue ::= ANY DEFINED BY AttributeType
*/
-static int x509_get_attr_type_value( unsigned char **p,
- const unsigned char *end,
- mbedtls_x509_name *cur )
+static int x509_get_attr_type_value(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_name *cur)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
mbedtls_x509_buf *oid;
mbedtls_x509_buf *val;
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret);
+ }
end = *p + len;
- if( ( end - *p ) < 1 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
- MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
+ if ((end - *p) < 1) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME,
+ MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+ }
oid = &cur->oid;
oid->tag = **p;
- if( ( ret = mbedtls_asn1_get_tag( p, end, &oid->len, MBEDTLS_ASN1_OID ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &oid->len, MBEDTLS_ASN1_OID)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret);
+ }
oid->p = *p;
*p += oid->len;
- if( ( end - *p ) < 1 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
- MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
+ if ((end - *p) < 1) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME,
+ MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+ }
- if( **p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING &&
+ if (**p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING &&
**p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING &&
**p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING &&
- **p != MBEDTLS_ASN1_BIT_STRING )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+ **p != MBEDTLS_ASN1_BIT_STRING) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+ }
val = &cur->val;
val->tag = *(*p)++;
- if( ( ret = mbedtls_asn1_get_len( p, end, &val->len ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
+ if ((ret = mbedtls_asn1_get_len(p, end, &val->len)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret);
+ }
val->p = *p;
*p += val->len;
- if( *p != end )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
cur->next = NULL;
- return( 0 );
+ return 0;
}
/*
@@ -421,8 +456,8 @@
* cases, this function frees all allocated memory internally and the caller
* has no freeing responsibilities.
*/
-int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
- mbedtls_x509_name *cur )
+int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_name *cur)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t set_len;
@@ -431,35 +466,33 @@
mbedtls_x509_name *prev, *allocated;
/* don't use recursion, we'd risk stack overflow if not optimized */
- while( 1 )
- {
+ while (1) {
/*
* parse SET
*/
- if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 )
- {
- ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &set_len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) {
+ ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret);
goto error;
}
end_set = *p + set_len;
- while( 1 )
- {
- if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
+ while (1) {
+ if ((ret = x509_get_attr_type_value(p, end_set, cur)) != 0) {
goto error;
+ }
- if( *p == end_set )
+ if (*p == end_set) {
break;
+ }
/* Mark this item as being no the only one in a set */
cur->next_merged = 1;
- cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
+ cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name));
- if( cur->next == NULL )
- {
+ if (cur->next == NULL) {
ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
goto error;
}
@@ -470,13 +503,13 @@
/*
* continue until end of SEQUENCE is reached
*/
- if( *p == end )
- return( 0 );
+ if (*p == end) {
+ return 0;
+ }
- cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
+ cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name));
- if( cur->next == NULL )
- {
+ if (cur->next == NULL) {
ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
goto error;
}
@@ -488,48 +521,46 @@
/* Skip the first element as we did not allocate it */
allocated = head->next;
- while( allocated != NULL )
- {
+ while (allocated != NULL) {
prev = allocated;
allocated = allocated->next;
- mbedtls_platform_zeroize( prev, sizeof( *prev ) );
- mbedtls_free( prev );
+ mbedtls_platform_zeroize(prev, sizeof(*prev));
+ mbedtls_free(prev);
}
- mbedtls_platform_zeroize( head, sizeof( *head ) );
+ mbedtls_platform_zeroize(head, sizeof(*head));
- return( ret );
+ return ret;
}
-static int x509_parse_int( unsigned char **p, size_t n, int *res )
+static int x509_parse_int(unsigned char **p, size_t n, int *res)
{
*res = 0;
- for( ; n > 0; --n )
- {
- if( ( **p < '0') || ( **p > '9' ) )
- return ( MBEDTLS_ERR_X509_INVALID_DATE );
+ for (; n > 0; --n) {
+ if ((**p < '0') || (**p > '9')) {
+ return MBEDTLS_ERR_X509_INVALID_DATE;
+ }
*res *= 10;
- *res += ( *(*p)++ - '0' );
+ *res += (*(*p)++ - '0');
}
- return( 0 );
+ return 0;
}
-static int x509_date_is_valid(const mbedtls_x509_time *t )
+static int x509_date_is_valid(const mbedtls_x509_time *t)
{
int ret = MBEDTLS_ERR_X509_INVALID_DATE;
int month_len;
- CHECK_RANGE( 0, 9999, t->year );
- CHECK_RANGE( 0, 23, t->hour );
- CHECK_RANGE( 0, 59, t->min );
- CHECK_RANGE( 0, 59, t->sec );
+ CHECK_RANGE(0, 9999, t->year);
+ CHECK_RANGE(0, 23, t->hour);
+ CHECK_RANGE(0, 59, t->min);
+ CHECK_RANGE(0, 59, t->sec);
- switch( t->mon )
- {
+ switch (t->mon) {
case 1: case 3: case 5: case 7: case 8: case 10: case 12:
month_len = 31;
break;
@@ -537,69 +568,69 @@
month_len = 30;
break;
case 2:
- if( ( !( t->year % 4 ) && t->year % 100 ) ||
- !( t->year % 400 ) )
+ if ((!(t->year % 4) && t->year % 100) ||
+ !(t->year % 400)) {
month_len = 29;
- else
+ } else {
month_len = 28;
+ }
break;
default:
- return( ret );
+ return ret;
}
- CHECK_RANGE( 1, month_len, t->day );
+ CHECK_RANGE(1, month_len, t->day);
- return( 0 );
+ return 0;
}
/*
* Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4)
* field.
*/
-static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
- mbedtls_x509_time *tm )
+static int x509_parse_time(unsigned char **p, size_t len, size_t yearlen,
+ mbedtls_x509_time *tm)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/*
* Minimum length is 10 or 12 depending on yearlen
*/
- if ( len < yearlen + 8 )
- return ( MBEDTLS_ERR_X509_INVALID_DATE );
+ if (len < yearlen + 8) {
+ return MBEDTLS_ERR_X509_INVALID_DATE;
+ }
len -= yearlen + 8;
/*
* Parse year, month, day, hour, minute
*/
- CHECK( x509_parse_int( p, yearlen, &tm->year ) );
- if ( 2 == yearlen )
- {
- if ( tm->year < 50 )
+ CHECK(x509_parse_int(p, yearlen, &tm->year));
+ if (2 == yearlen) {
+ if (tm->year < 50) {
tm->year += 100;
+ }
tm->year += 1900;
}
- CHECK( x509_parse_int( p, 2, &tm->mon ) );
- CHECK( x509_parse_int( p, 2, &tm->day ) );
- CHECK( x509_parse_int( p, 2, &tm->hour ) );
- CHECK( x509_parse_int( p, 2, &tm->min ) );
+ CHECK(x509_parse_int(p, 2, &tm->mon));
+ CHECK(x509_parse_int(p, 2, &tm->day));
+ CHECK(x509_parse_int(p, 2, &tm->hour));
+ CHECK(x509_parse_int(p, 2, &tm->min));
/*
* Parse seconds if present
*/
- if ( len >= 2 )
- {
- CHECK( x509_parse_int( p, 2, &tm->sec ) );
+ if (len >= 2) {
+ CHECK(x509_parse_int(p, 2, &tm->sec));
len -= 2;
+ } else {
+ return MBEDTLS_ERR_X509_INVALID_DATE;
}
- else
- return ( MBEDTLS_ERR_X509_INVALID_DATE );
/*
* Parse trailing 'Z' if present
*/
- if ( 1 == len && 'Z' == **p )
- {
+ if (1 == len && 'Z' == **p) {
(*p)++;
len--;
}
@@ -607,12 +638,13 @@
/*
* We should have parsed all characters at this point
*/
- if ( 0 != len )
- return ( MBEDTLS_ERR_X509_INVALID_DATE );
+ if (0 != len) {
+ return MBEDTLS_ERR_X509_INVALID_DATE;
+ }
- CHECK( x509_date_is_valid( tm ) );
+ CHECK(x509_date_is_valid(tm));
- return ( 0 );
+ return 0;
}
/*
@@ -620,50 +652,55 @@
* utcTime UTCTime,
* generalTime GeneralizedTime }
*/
-int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
- mbedtls_x509_time *tm )
+int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_time *tm)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len, year_len;
unsigned char tag;
- if( ( end - *p ) < 1 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
- MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
+ if ((end - *p) < 1) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
+ MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+ }
tag = **p;
- if( tag == MBEDTLS_ASN1_UTC_TIME )
+ if (tag == MBEDTLS_ASN1_UTC_TIME) {
year_len = 2;
- else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME )
+ } else if (tag == MBEDTLS_ASN1_GENERALIZED_TIME) {
year_len = 4;
- else
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+ } else {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+ }
(*p)++;
- ret = mbedtls_asn1_get_len( p, end, &len );
+ ret = mbedtls_asn1_get_len(p, end, &len);
- if( ret != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, ret ) );
+ if (ret != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret);
+ }
- return x509_parse_time( p, len, year_len, tm );
+ return x509_parse_time(p, len, year_len, tm);
}
-int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig )
+int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
int tag_type;
- if( ( end - *p ) < 1 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SIGNATURE,
- MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
+ if ((end - *p) < 1) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE,
+ MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+ }
tag_type = **p;
- if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SIGNATURE, ret ) );
+ if ((ret = mbedtls_asn1_get_bitstring_null(p, end, &len)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, ret);
+ }
sig->tag = tag_type;
sig->len = len;
@@ -671,63 +708,64 @@
*p += len;
- return( 0 );
+ return 0;
}
/*
* Get signature algorithm from alg OID and optional parameters
*/
-int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
- mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
- void **sig_opts )
+int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
+ mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
+ void **sig_opts)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( *sig_opts != NULL )
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ if (*sig_opts != NULL) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
- if( ( ret = mbedtls_oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret ) );
+ if ((ret = mbedtls_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret);
+ }
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
- if( *pk_alg == MBEDTLS_PK_RSASSA_PSS )
- {
+ if (*pk_alg == MBEDTLS_PK_RSASSA_PSS) {
mbedtls_pk_rsassa_pss_options *pss_opts;
- pss_opts = mbedtls_calloc( 1, sizeof( mbedtls_pk_rsassa_pss_options ) );
- if( pss_opts == NULL )
- return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+ pss_opts = mbedtls_calloc(1, sizeof(mbedtls_pk_rsassa_pss_options));
+ if (pss_opts == NULL) {
+ return MBEDTLS_ERR_X509_ALLOC_FAILED;
+ }
- ret = mbedtls_x509_get_rsassa_pss_params( sig_params,
- md_alg,
- &pss_opts->mgf1_hash_id,
- &pss_opts->expected_salt_len );
- if( ret != 0 )
- {
- mbedtls_free( pss_opts );
- return( ret );
+ ret = mbedtls_x509_get_rsassa_pss_params(sig_params,
+ md_alg,
+ &pss_opts->mgf1_hash_id,
+ &pss_opts->expected_salt_len);
+ if (ret != 0) {
+ mbedtls_free(pss_opts);
+ return ret;
}
*sig_opts = (void *) pss_opts;
- }
- else
+ } else
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
{
/* Make sure parameters are absent or NULL */
- if( ( sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0 ) ||
- sig_params->len != 0 )
- return( MBEDTLS_ERR_X509_INVALID_ALG );
+ if ((sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0) ||
+ sig_params->len != 0) {
+ return MBEDTLS_ERR_X509_INVALID_ALG;
+ }
}
- return( 0 );
+ return 0;
}
/*
* X.509 Extensions (No parsing of extensions, pointer should
* be either manually updated or extensions should be parsed!)
*/
-int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *ext, int tag )
+int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_buf *ext, int tag)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
@@ -735,10 +773,11 @@
/* Extension structure use EXPLICIT tagging. That is, the actual
* `Extensions` structure is wrapped by a tag-length pair using
* the respective context-specific tag. */
- ret = mbedtls_asn1_get_tag( p, end, &ext->len,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag );
- if( ret != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ ret = mbedtls_asn1_get_tag(p, end, &ext->len,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag);
+ if (ret != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag;
ext->p = *p;
@@ -747,22 +786,24 @@
/*
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
*/
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
- if( end != *p + len )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (end != *p + len) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- return( 0 );
+ return 0;
}
/*
* Store the name in printable form into buf; no more
* than size characters will be written
*/
-int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn )
+int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, j, n;
@@ -771,67 +812,67 @@
const char *short_name = NULL;
char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
- memset( s, 0, sizeof( s ) );
+ memset(s, 0, sizeof(s));
name = dn;
p = buf;
n = size;
- while( name != NULL )
- {
- if( !name->oid.p )
- {
+ while (name != NULL) {
+ if (!name->oid.p) {
name = name->next;
continue;
}
- if( name != dn )
- {
- ret = mbedtls_snprintf( p, n, merge ? " + " : ", " );
+ if (name != dn) {
+ ret = mbedtls_snprintf(p, n, merge ? " + " : ", ");
MBEDTLS_X509_SAFE_SNPRINTF;
}
- ret = mbedtls_oid_get_attr_short_name( &name->oid, &short_name );
+ ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name);
- if( ret == 0 )
- ret = mbedtls_snprintf( p, n, "%s=", short_name );
- else
- ret = mbedtls_snprintf( p, n, "\?\?=" );
+ if (ret == 0) {
+ ret = mbedtls_snprintf(p, n, "%s=", short_name);
+ } else {
+ ret = mbedtls_snprintf(p, n, "\?\?=");
+ }
MBEDTLS_X509_SAFE_SNPRINTF;
- for( i = 0, j = 0; i < name->val.len; i++, j++ )
- {
- if( j >= sizeof( s ) - 1 )
- return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+ for (i = 0, j = 0; i < name->val.len; i++, j++) {
+ if (j >= sizeof(s) - 1) {
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+ }
c = name->val.p[i];
// Special characters requiring escaping, RFC 1779
- if( c && strchr( ",=+<>#;\"\\", c ) )
- {
- if( j + 1 >= sizeof( s ) - 1 )
- return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+ if (c && strchr(",=+<>#;\"\\", c)) {
+ if (j + 1 >= sizeof(s) - 1) {
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+ }
s[j++] = '\\';
}
- if( c < 32 || c >= 127 )
- s[j] = '?';
- else s[j] = c;
+ if (c < 32 || c >= 127) {
+ s[j] = '?';
+ } else {
+ s[j] = c;
+ }
}
s[j] = '\0';
- ret = mbedtls_snprintf( p, n, "%s", s );
+ ret = mbedtls_snprintf(p, n, "%s", s);
MBEDTLS_X509_SAFE_SNPRINTF;
merge = name->next_merged;
name = name->next;
}
- return( (int) ( size - n ) );
+ return (int) (size - n);
}
/*
* Store the serial in printable form into buf; no more
* than size characters will be written
*/
-int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial )
+int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, n, nr;
@@ -840,62 +881,61 @@
p = buf;
n = size;
- nr = ( serial->len <= 32 )
+ nr = (serial->len <= 32)
? serial->len : 28;
- for( i = 0; i < nr; i++ )
- {
- if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
+ for (i = 0; i < nr; i++) {
+ if (i == 0 && nr > 1 && serial->p[i] == 0x0) {
continue;
+ }
- ret = mbedtls_snprintf( p, n, "%02X%s",
- serial->p[i], ( i < nr - 1 ) ? ":" : "" );
+ ret = mbedtls_snprintf(p, n, "%02X%s",
+ serial->p[i], (i < nr - 1) ? ":" : "");
MBEDTLS_X509_SAFE_SNPRINTF;
}
- if( nr != serial->len )
- {
- ret = mbedtls_snprintf( p, n, "...." );
+ if (nr != serial->len) {
+ ret = mbedtls_snprintf(p, n, "....");
MBEDTLS_X509_SAFE_SNPRINTF;
}
- return( (int) ( size - n ) );
+ return (int) (size - n);
}
/*
* Helper for writing signature algorithms
*/
-int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
- mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
- const void *sig_opts )
+int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
+ mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
+ const void *sig_opts)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
char *p = buf;
size_t n = size;
const char *desc = NULL;
- ret = mbedtls_oid_get_sig_alg_desc( sig_oid, &desc );
- if( ret != 0 )
- ret = mbedtls_snprintf( p, n, "???" );
- else
- ret = mbedtls_snprintf( p, n, "%s", desc );
+ ret = mbedtls_oid_get_sig_alg_desc(sig_oid, &desc);
+ if (ret != 0) {
+ ret = mbedtls_snprintf(p, n, "???");
+ } else {
+ ret = mbedtls_snprintf(p, n, "%s", desc);
+ }
MBEDTLS_X509_SAFE_SNPRINTF;
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
- if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
- {
+ if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
const mbedtls_pk_rsassa_pss_options *pss_opts;
const mbedtls_md_info_t *md_info, *mgf_md_info;
pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts;
- md_info = mbedtls_md_info_from_type( md_alg );
- mgf_md_info = mbedtls_md_info_from_type( pss_opts->mgf1_hash_id );
+ md_info = mbedtls_md_info_from_type(md_alg);
+ mgf_md_info = mbedtls_md_info_from_type(pss_opts->mgf1_hash_id);
- ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
- md_info ? mbedtls_md_get_name( md_info ) : "???",
- mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???",
- (unsigned int) pss_opts->expected_salt_len );
+ ret = mbedtls_snprintf(p, n, " (%s, MGF1-%s, 0x%02X)",
+ md_info ? mbedtls_md_get_name(md_info) : "???",
+ mgf_md_info ? mbedtls_md_get_name(mgf_md_info) : "???",
+ (unsigned int) pss_opts->expected_salt_len);
MBEDTLS_X509_SAFE_SNPRINTF;
}
#else
@@ -904,22 +944,22 @@
((void) sig_opts);
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
- return( (int)( size - n ) );
+ return (int) (size - n);
}
/*
* Helper for writing "RSA key size", "EC key size", etc
*/
-int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name )
+int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name)
{
char *p = buf;
size_t n = buf_size;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ret = mbedtls_snprintf( p, n, "%s key size", name );
+ ret = mbedtls_snprintf(p, n, "%s key size", name);
MBEDTLS_X509_SAFE_SNPRINTF;
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_HAVE_TIME_DATE)
@@ -927,19 +967,18 @@
* Set the time structure to the current time.
* Return 0 on success, non-zero on failure.
*/
-static int x509_get_current_time( mbedtls_x509_time *now )
+static int x509_get_current_time(mbedtls_x509_time *now)
{
struct tm *lt, tm_buf;
mbedtls_time_t tt;
int ret = 0;
- tt = mbedtls_time( NULL );
- lt = mbedtls_platform_gmtime_r( &tt, &tm_buf );
+ tt = mbedtls_time(NULL);
+ lt = mbedtls_platform_gmtime_r(&tt, &tm_buf);
- if( lt == NULL )
+ if (lt == NULL) {
ret = -1;
- else
- {
+ } else {
now->year = lt->tm_year + 1900;
now->mon = lt->tm_mon + 1;
now->day = lt->tm_mday;
@@ -948,82 +987,90 @@
now->sec = lt->tm_sec;
}
- return( ret );
+ return ret;
}
/*
* Return 0 if before <= after, 1 otherwise
*/
-static int x509_check_time( const mbedtls_x509_time *before, const mbedtls_x509_time *after )
+static int x509_check_time(const mbedtls_x509_time *before, const mbedtls_x509_time *after)
{
- if( before->year > after->year )
- return( 1 );
+ if (before->year > after->year) {
+ return 1;
+ }
- if( before->year == after->year &&
- before->mon > after->mon )
- return( 1 );
+ if (before->year == after->year &&
+ before->mon > after->mon) {
+ return 1;
+ }
- if( before->year == after->year &&
+ if (before->year == after->year &&
before->mon == after->mon &&
- before->day > after->day )
- return( 1 );
+ before->day > after->day) {
+ return 1;
+ }
- if( before->year == after->year &&
+ if (before->year == after->year &&
before->mon == after->mon &&
before->day == after->day &&
- before->hour > after->hour )
- return( 1 );
+ before->hour > after->hour) {
+ return 1;
+ }
- if( before->year == after->year &&
+ if (before->year == after->year &&
before->mon == after->mon &&
before->day == after->day &&
before->hour == after->hour &&
- before->min > after->min )
- return( 1 );
+ before->min > after->min) {
+ return 1;
+ }
- if( before->year == after->year &&
+ if (before->year == after->year &&
before->mon == after->mon &&
before->day == after->day &&
before->hour == after->hour &&
before->min == after->min &&
- before->sec > after->sec )
- return( 1 );
+ before->sec > after->sec) {
+ return 1;
+ }
- return( 0 );
+ return 0;
}
-int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
+int mbedtls_x509_time_is_past(const mbedtls_x509_time *to)
{
mbedtls_x509_time now;
- if( x509_get_current_time( &now ) != 0 )
- return( 1 );
+ if (x509_get_current_time(&now) != 0) {
+ return 1;
+ }
- return( x509_check_time( &now, to ) );
+ return x509_check_time(&now, to);
}
-int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
+int mbedtls_x509_time_is_future(const mbedtls_x509_time *from)
{
mbedtls_x509_time now;
- if( x509_get_current_time( &now ) != 0 )
- return( 1 );
+ if (x509_get_current_time(&now) != 0) {
+ return 1;
+ }
- return( x509_check_time( from, &now ) );
+ return x509_check_time(from, &now);
}
#else /* MBEDTLS_HAVE_TIME_DATE */
-int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
+int mbedtls_x509_time_is_past(const mbedtls_x509_time *to)
{
((void) to);
- return( 0 );
+ return 0;
}
-int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
+int mbedtls_x509_time_is_future(const mbedtls_x509_time *from)
{
((void) from);
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_HAVE_TIME_DATE */
@@ -1035,7 +1082,7 @@
/*
* Checkup routine
*/
-int mbedtls_x509_self_test( int verbose )
+int mbedtls_x509_self_test(int verbose)
{
int ret = 0;
#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C)
@@ -1043,54 +1090,57 @@
mbedtls_x509_crt cacert;
mbedtls_x509_crt clicert;
- if( verbose != 0 )
- mbedtls_printf( " X.509 certificate load: " );
+ if (verbose != 0) {
+ mbedtls_printf(" X.509 certificate load: ");
+ }
- mbedtls_x509_crt_init( &cacert );
- mbedtls_x509_crt_init( &clicert );
+ mbedtls_x509_crt_init(&cacert);
+ mbedtls_x509_crt_init(&clicert);
- ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
- mbedtls_test_cli_crt_len );
- if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ ret = mbedtls_x509_crt_parse(&clicert, (const unsigned char *) mbedtls_test_cli_crt,
+ mbedtls_test_cli_crt_len);
+ if (ret != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
goto cleanup;
}
- ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt,
- mbedtls_test_ca_crt_len );
- if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_ca_crt,
+ mbedtls_test_ca_crt_len);
+ if (ret != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
goto cleanup;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n X.509 signature verify: ");
+ if (verbose != 0) {
+ mbedtls_printf("passed\n X.509 signature verify: ");
+ }
- ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
- if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ ret = mbedtls_x509_crt_verify(&clicert, &cacert, NULL, NULL, &flags, NULL, NULL);
+ if (ret != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
goto cleanup;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n\n");
+ if (verbose != 0) {
+ mbedtls_printf("passed\n\n");
+ }
cleanup:
- mbedtls_x509_crt_free( &cacert );
- mbedtls_x509_crt_free( &clicert );
+ mbedtls_x509_crt_free(&cacert);
+ mbedtls_x509_crt_free(&clicert);
#else
((void) verbose);
#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA256_C */
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/x509_create.c b/library/x509_create.c
index 056bbaa..50db956 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -31,115 +31,115 @@
/* Structure linking OIDs for X.509 DN AttributeTypes to their
* string representations and default string encodings used by Mbed TLS. */
typedef struct {
- const char *name; /* String representation of AttributeType, e.g.
- * "CN" or "emailAddress". */
- size_t name_len; /* Length of 'name', without trailing 0 byte. */
- const char *oid; /* String representation of OID of AttributeType,
+ const char *name; /* String representation of AttributeType, e.g.
+ * "CN" or "emailAddress". */
+ size_t name_len; /* Length of 'name', without trailing 0 byte. */
+ const char *oid; /* String representation of OID of AttributeType,
* as per RFC 5280, Appendix A.1. */
- int default_tag; /* The default character encoding used for the
+ int default_tag; /* The default character encoding used for the
* given attribute type, e.g.
* MBEDTLS_ASN1_UTF8_STRING for UTF-8. */
} x509_attr_descriptor_t;
-#define ADD_STRLEN( s ) s, sizeof( s ) - 1
+#define ADD_STRLEN(s) s, sizeof(s) - 1
/* X.509 DN attributes from RFC 5280, Appendix A.1. */
static const x509_attr_descriptor_t x509_attrs[] =
{
- { ADD_STRLEN( "CN" ),
+ { ADD_STRLEN("CN"),
MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "commonName" ),
+ { ADD_STRLEN("commonName"),
MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "C" ),
+ { ADD_STRLEN("C"),
MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING },
- { ADD_STRLEN( "countryName" ),
+ { ADD_STRLEN("countryName"),
MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING },
- { ADD_STRLEN( "O" ),
+ { ADD_STRLEN("O"),
MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "organizationName" ),
+ { ADD_STRLEN("organizationName"),
MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "L" ),
+ { ADD_STRLEN("L"),
MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "locality" ),
+ { ADD_STRLEN("locality"),
MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "R" ),
+ { ADD_STRLEN("R"),
MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING },
- { ADD_STRLEN( "OU" ),
+ { ADD_STRLEN("OU"),
MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "organizationalUnitName" ),
+ { ADD_STRLEN("organizationalUnitName"),
MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "ST" ),
+ { ADD_STRLEN("ST"),
MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "stateOrProvinceName" ),
+ { ADD_STRLEN("stateOrProvinceName"),
MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "emailAddress" ),
+ { ADD_STRLEN("emailAddress"),
MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING },
- { ADD_STRLEN( "serialNumber" ),
+ { ADD_STRLEN("serialNumber"),
MBEDTLS_OID_AT_SERIAL_NUMBER, MBEDTLS_ASN1_PRINTABLE_STRING },
- { ADD_STRLEN( "postalAddress" ),
+ { ADD_STRLEN("postalAddress"),
MBEDTLS_OID_AT_POSTAL_ADDRESS, MBEDTLS_ASN1_PRINTABLE_STRING },
- { ADD_STRLEN( "postalCode" ),
+ { ADD_STRLEN("postalCode"),
MBEDTLS_OID_AT_POSTAL_CODE, MBEDTLS_ASN1_PRINTABLE_STRING },
- { ADD_STRLEN( "dnQualifier" ),
+ { ADD_STRLEN("dnQualifier"),
MBEDTLS_OID_AT_DN_QUALIFIER, MBEDTLS_ASN1_PRINTABLE_STRING },
- { ADD_STRLEN( "title" ),
+ { ADD_STRLEN("title"),
MBEDTLS_OID_AT_TITLE, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "surName" ),
+ { ADD_STRLEN("surName"),
MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "SN" ),
+ { ADD_STRLEN("SN"),
MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "givenName" ),
+ { ADD_STRLEN("givenName"),
MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "GN" ),
+ { ADD_STRLEN("GN"),
MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "initials" ),
+ { ADD_STRLEN("initials"),
MBEDTLS_OID_AT_INITIALS, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "pseudonym" ),
+ { ADD_STRLEN("pseudonym"),
MBEDTLS_OID_AT_PSEUDONYM, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "generationQualifier" ),
+ { ADD_STRLEN("generationQualifier"),
MBEDTLS_OID_AT_GENERATION_QUALIFIER, MBEDTLS_ASN1_UTF8_STRING },
- { ADD_STRLEN( "domainComponent" ),
+ { ADD_STRLEN("domainComponent"),
MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING },
- { ADD_STRLEN( "DC" ),
+ { ADD_STRLEN("DC"),
MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING },
{ NULL, 0, NULL, MBEDTLS_ASN1_NULL }
};
-static const x509_attr_descriptor_t *x509_attr_descr_from_name( const char *name, size_t name_len )
+static const x509_attr_descriptor_t *x509_attr_descr_from_name(const char *name, size_t name_len)
{
const x509_attr_descriptor_t *cur;
- for( cur = x509_attrs; cur->name != NULL; cur++ )
- if( cur->name_len == name_len &&
- strncmp( cur->name, name, name_len ) == 0 )
+ for (cur = x509_attrs; cur->name != NULL; cur++) {
+ if (cur->name_len == name_len &&
+ strncmp(cur->name, name, name_len) == 0) {
break;
+ }
+ }
- if ( cur->name == NULL )
- return( NULL );
+ if (cur->name == NULL) {
+ return NULL;
+ }
- return( cur );
+ return cur;
}
-int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name )
+int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name)
{
int ret = 0;
const char *s = name, *c = s;
- const char *end = s + strlen( s );
+ const char *end = s + strlen(s);
const char *oid = NULL;
- const x509_attr_descriptor_t* attr_descr = NULL;
+ const x509_attr_descriptor_t *attr_descr = NULL;
int in_tag = 1;
char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
char *d = data;
/* Clear existing chain if present */
- mbedtls_asn1_free_named_data_list( head );
+ mbedtls_asn1_free_named_data_list(head);
- while( c <= end )
- {
- if( in_tag && *c == '=' )
- {
- if( ( attr_descr = x509_attr_descr_from_name( s, c - s ) ) == NULL )
- {
+ while (c <= end) {
+ if (in_tag && *c == '=') {
+ if ((attr_descr = x509_attr_descr_from_name(s, c - s)) == NULL) {
ret = MBEDTLS_ERR_X509_UNKNOWN_OID;
goto exit;
}
@@ -150,45 +150,39 @@
d = data;
}
- if( !in_tag && *c == '\\' && c != end )
- {
+ if (!in_tag && *c == '\\' && c != end) {
c++;
/* Check for valid escaped characters */
- if( c == end || *c != ',' )
- {
+ if (c == end || *c != ',') {
ret = MBEDTLS_ERR_X509_INVALID_NAME;
goto exit;
}
- }
- else if( !in_tag && ( *c == ',' || c == end ) )
- {
- mbedtls_asn1_named_data* cur =
- mbedtls_asn1_store_named_data( head, oid, strlen( oid ),
- (unsigned char *) data,
- d - data );
+ } else if (!in_tag && (*c == ',' || c == end)) {
+ mbedtls_asn1_named_data *cur =
+ mbedtls_asn1_store_named_data(head, oid, strlen(oid),
+ (unsigned char *) data,
+ d - data);
- if(cur == NULL )
- {
- return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+ if (cur == NULL) {
+ return MBEDTLS_ERR_X509_ALLOC_FAILED;
}
// set tagType
cur->val.tag = attr_descr->default_tag;
- while( c < end && *(c + 1) == ' ' )
+ while (c < end && *(c + 1) == ' ') {
c++;
+ }
s = c + 1;
in_tag = 1;
}
- if( !in_tag && s != c + 1 )
- {
+ if (!in_tag && s != c + 1) {
*(d++) = *c;
- if( d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE )
- {
+ if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) {
ret = MBEDTLS_ERR_X509_INVALID_NAME;
goto exit;
}
@@ -199,27 +193,26 @@
exit:
- return( ret );
+ return ret;
}
/* The first byte of the value in the mbedtls_asn1_named_data structure is reserved
* to store the critical boolean for us
*/
-int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
- int critical, const unsigned char *val, size_t val_len )
+int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
+ int critical, const unsigned char *val, size_t val_len)
{
mbedtls_asn1_named_data *cur;
- if( ( cur = mbedtls_asn1_store_named_data( head, oid, oid_len,
- NULL, val_len + 1 ) ) == NULL )
- {
- return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+ if ((cur = mbedtls_asn1_store_named_data(head, oid, oid_len,
+ NULL, val_len + 1)) == NULL) {
+ return MBEDTLS_ERR_X509_ALLOC_FAILED;
}
cur->val.p[0] = critical;
- memcpy( cur->val.p + 1, val, val_len );
+ memcpy(cur->val.p + 1, val, val_len);
- return( 0 );
+ return 0;
}
/*
@@ -234,115 +227,117 @@
*
* AttributeValue ::= ANY DEFINED BY AttributeType
*/
-static int x509_write_name( unsigned char **p, unsigned char *start, mbedtls_asn1_named_data* cur_name)
+static int x509_write_name(unsigned char **p,
+ unsigned char *start,
+ mbedtls_asn1_named_data *cur_name)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- const char *oid = (const char*)cur_name->oid.p;
+ const char *oid = (const char *) cur_name->oid.p;
size_t oid_len = cur_name->oid.len;
const unsigned char *name = cur_name->val.p;
size_t name_len = cur_name->val.len;
// Write correct string tag and value
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tagged_string( p, start,
- cur_name->val.tag,
- (const char *) name,
- name_len ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tagged_string(p, start,
+ cur_name->val.tag,
+ (const char *) name,
+ name_len));
// Write OID
//
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid,
- oid_len ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid,
+ oid_len));
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
- MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
- MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SET ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SET));
- return( (int) len );
+ return (int) len;
}
-int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
- mbedtls_asn1_named_data *first )
+int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
+ mbedtls_asn1_named_data *first)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
mbedtls_asn1_named_data *cur = first;
- while( cur != NULL )
- {
- MBEDTLS_ASN1_CHK_ADD( len, x509_write_name( p, start, cur ) );
+ while (cur != NULL) {
+ MBEDTLS_ASN1_CHK_ADD(len, x509_write_name(p, start, cur));
cur = cur->next;
}
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
- return( (int) len );
+ return (int) len;
}
-int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
- const char *oid, size_t oid_len,
- unsigned char *sig, size_t size )
+int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
+ const char *oid, size_t oid_len,
+ unsigned char *sig, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- if( *p < start || (size_t)( *p - start ) < size )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (*p < start || (size_t) (*p - start) < size) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
len = size;
(*p) -= len;
- memcpy( *p, sig, len );
+ memcpy(*p, sig, len);
- if( *p - start < 1 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (*p - start < 1) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
*--(*p) = 0;
len += 1;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING));
// Write OID
//
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( p, start, oid,
- oid_len, 0 ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier(p, start, oid,
+ oid_len, 0));
- return( (int) len );
+ return (int) len;
}
-static int x509_write_extension( unsigned char **p, unsigned char *start,
- mbedtls_asn1_named_data *ext )
+static int x509_write_extension(unsigned char **p, unsigned char *start,
+ mbedtls_asn1_named_data *ext)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, ext->val.p + 1,
- ext->val.len - 1 ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, ext->val.len - 1 ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OCTET_STRING ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, ext->val.p + 1,
+ ext->val.len - 1));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, ext->val.len - 1));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING));
- if( ext->val.p[0] != 0 )
- {
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( p, start, 1 ) );
+ if (ext->val.p[0] != 0) {
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_bool(p, start, 1));
}
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, ext->oid.p,
- ext->oid.len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, ext->oid.len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OID ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, ext->oid.p,
+ ext->oid.len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, ext->oid.len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID));
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
- return( (int) len );
+ return (int) len;
}
/*
@@ -355,20 +350,19 @@
* -- by extnID
* }
*/
-int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
- mbedtls_asn1_named_data *first )
+int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start,
+ mbedtls_asn1_named_data *first)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
mbedtls_asn1_named_data *cur_ext = first;
- while( cur_ext != NULL )
- {
- MBEDTLS_ASN1_CHK_ADD( len, x509_write_extension( p, start, cur_ext ) );
+ while (cur_ext != NULL) {
+ MBEDTLS_ASN1_CHK_ADD(len, x509_write_extension(p, start, cur_ext));
cur_ext = cur_ext->next;
}
- return( (int) len );
+ return (int) len;
}
#endif /* MBEDTLS_X509_CREATE_C */
diff --git a/library/x509_crl.c b/library/x509_crl.c
index b943a8d..d5357ea 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -59,24 +59,22 @@
/*
* Version ::= INTEGER { v1(0), v2(1) }
*/
-static int x509_crl_get_version( unsigned char **p,
- const unsigned char *end,
- int *ver )
+static int x509_crl_get_version(unsigned char **p,
+ const unsigned char *end,
+ int *ver)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
- {
- if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
- {
+ if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) {
+ if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
*ver = 0;
- return( 0 );
+ return 0;
}
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, ret ) );
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret);
}
- return( 0 );
+ return 0;
}
/*
@@ -86,26 +84,27 @@
* list of extensions is well-formed and abort on critical extensions (that
* are unsupported as we don't support any extension so far)
*/
-static int x509_get_crl_ext( unsigned char **p,
- const unsigned char *end,
- mbedtls_x509_buf *ext )
+static int x509_get_crl_ext(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_buf *ext)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( *p == end )
- return( 0 );
+ if (*p == end) {
+ return 0;
+ }
/*
* crlExtensions [0] EXPLICIT Extensions OPTIONAL
* -- if present, version MUST be v2
*/
- if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0 ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_x509_get_ext(p, end, ext, 0)) != 0) {
+ return ret;
+ }
end = ext->p + ext->len;
- while( *p < end )
- {
+ while (*p < end) {
/*
* Extension ::= SEQUENCE {
* extnID OBJECT IDENTIFIER,
@@ -117,65 +116,69 @@
size_t len;
/* Get enclosing sequence tag */
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
end_ext_data = *p + len;
/* Get OID (currently ignored) */
- if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
- MBEDTLS_ASN1_OID ) ) != 0 )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
+ MBEDTLS_ASN1_OID)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
}
*p += len;
/* Get optional critical */
- if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data,
- &is_critical ) ) != 0 &&
- ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_bool(p, end_ext_data,
+ &is_critical)) != 0 &&
+ (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
}
/* Data should be octet string type */
- if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
- MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
+ MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
/* Ignore data so far and just check its length */
*p += len;
- if( *p != end_ext_data )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p != end_ext_data) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
/* Abort on (unsupported) critical extensions */
- if( is_critical )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+ if (is_critical) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+ }
}
- if( *p != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- return( 0 );
+ return 0;
}
/*
* X.509 CRL v2 entry extensions (no extensions parsed yet.)
*/
-static int x509_get_crl_entry_ext( unsigned char **p,
- const unsigned char *end,
- mbedtls_x509_buf *ext )
+static int x509_get_crl_entry_ext(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_buf *ext)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
/* OPTIONAL */
- if( end <= *p )
- return( 0 );
+ if (end <= *p) {
+ return 0;
+ }
ext->tag = **p;
ext->p = *p;
@@ -184,110 +187,112 @@
* Get CRL-entry extension sequence header
* crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
*/
- if( ( ret = mbedtls_asn1_get_tag( p, end, &ext->len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
- {
+ if ((ret = mbedtls_asn1_get_tag(p, end, &ext->len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
ext->p = NULL;
- return( 0 );
+ return 0;
}
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
}
end = *p + ext->len;
- if( end != *p + ext->len )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (end != *p + ext->len) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- while( *p < end )
- {
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ while (*p < end) {
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
*p += len;
}
- if( *p != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- return( 0 );
+ return 0;
}
/*
* X.509 CRL Entries
*/
-static int x509_get_entries( unsigned char **p,
- const unsigned char *end,
- mbedtls_x509_crl_entry *entry )
+static int x509_get_entries(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_crl_entry *entry)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t entry_len;
mbedtls_x509_crl_entry *cur_entry = entry;
- if( *p == end )
- return( 0 );
+ if (*p == end) {
+ return 0;
+ }
- if( ( ret = mbedtls_asn1_get_tag( p, end, &entry_len,
- MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 )
- {
- if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
- return( 0 );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &entry_len,
+ MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) {
+ if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+ return 0;
+ }
- return( ret );
+ return ret;
}
end = *p + entry_len;
- while( *p < end )
- {
+ while (*p < end) {
size_t len2;
const unsigned char *end2;
cur_entry->raw.tag = **p;
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len2,
- MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len2,
+ MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) {
+ return ret;
}
cur_entry->raw.p = *p;
cur_entry->raw.len = len2;
end2 = *p + len2;
- if( ( ret = mbedtls_x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_x509_get_serial(p, end2, &cur_entry->serial)) != 0) {
+ return ret;
+ }
- if( ( ret = mbedtls_x509_get_time( p, end2,
- &cur_entry->revocation_date ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_x509_get_time(p, end2,
+ &cur_entry->revocation_date)) != 0) {
+ return ret;
+ }
- if( ( ret = x509_get_crl_entry_ext( p, end2,
- &cur_entry->entry_ext ) ) != 0 )
- return( ret );
+ if ((ret = x509_get_crl_entry_ext(p, end2,
+ &cur_entry->entry_ext)) != 0) {
+ return ret;
+ }
- if( *p < end )
- {
- cur_entry->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl_entry ) );
+ if (*p < end) {
+ cur_entry->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl_entry));
- if( cur_entry->next == NULL )
- return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+ if (cur_entry->next == NULL) {
+ return MBEDTLS_ERR_X509_ALLOC_FAILED;
+ }
cur_entry = cur_entry->next;
}
}
- return( 0 );
+ return 0;
}
/*
* Parse one CRLs in DER format and append it to the chained list
*/
-int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
- const unsigned char *buf, size_t buflen )
+int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain,
+ const unsigned char *buf, size_t buflen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
@@ -298,44 +303,46 @@
/*
* Check for valid input
*/
- if( crl == NULL || buf == NULL )
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ if (crl == NULL || buf == NULL) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
- memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) );
- memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) );
- memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) );
+ memset(&sig_params1, 0, sizeof(mbedtls_x509_buf));
+ memset(&sig_params2, 0, sizeof(mbedtls_x509_buf));
+ memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf));
/*
* Add new CRL on the end of the chain if needed.
*/
- while( crl->version != 0 && crl->next != NULL )
+ while (crl->version != 0 && crl->next != NULL) {
crl = crl->next;
+ }
- if( crl->version != 0 && crl->next == NULL )
- {
- crl->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) );
+ if (crl->version != 0 && crl->next == NULL) {
+ crl->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl));
- if( crl->next == NULL )
- {
- mbedtls_x509_crl_free( crl );
- return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+ if (crl->next == NULL) {
+ mbedtls_x509_crl_free(crl);
+ return MBEDTLS_ERR_X509_ALLOC_FAILED;
}
- mbedtls_x509_crl_init( crl->next );
+ mbedtls_x509_crl_init(crl->next);
crl = crl->next;
}
/*
* Copy raw DER-encoded CRL
*/
- if( buflen == 0 )
- return( MBEDTLS_ERR_X509_INVALID_FORMAT );
+ if (buflen == 0) {
+ return MBEDTLS_ERR_X509_INVALID_FORMAT;
+ }
- p = mbedtls_calloc( 1, buflen );
- if( p == NULL )
- return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+ p = mbedtls_calloc(1, buflen);
+ if (p == NULL) {
+ return MBEDTLS_ERR_X509_ALLOC_FAILED;
+ }
- memcpy( p, buf, buflen );
+ memcpy(p, buf, buflen);
crl->raw.p = p;
crl->raw.len = buflen;
@@ -348,18 +355,16 @@
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING }
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- mbedtls_x509_crl_free( crl );
- return( MBEDTLS_ERR_X509_INVALID_FORMAT );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ mbedtls_x509_crl_free(crl);
+ return MBEDTLS_ERR_X509_INVALID_FORMAT;
}
- if( len != (size_t) ( end - p ) )
- {
- mbedtls_x509_crl_free( crl );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (len != (size_t) (end - p)) {
+ mbedtls_x509_crl_free(crl);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
/*
@@ -367,11 +372,10 @@
*/
crl->tbs.p = p;
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- mbedtls_x509_crl_free( crl );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ mbedtls_x509_crl_free(crl);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
}
end = p + len;
@@ -383,27 +387,24 @@
*
* signature AlgorithmIdentifier
*/
- if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
- ( ret = mbedtls_x509_get_alg( &p, end, &crl->sig_oid, &sig_params1 ) ) != 0 )
- {
- mbedtls_x509_crl_free( crl );
- return( ret );
+ if ((ret = x509_crl_get_version(&p, end, &crl->version)) != 0 ||
+ (ret = mbedtls_x509_get_alg(&p, end, &crl->sig_oid, &sig_params1)) != 0) {
+ mbedtls_x509_crl_free(crl);
+ return ret;
}
- if( crl->version < 0 || crl->version > 1 )
- {
- mbedtls_x509_crl_free( crl );
- return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
+ if (crl->version < 0 || crl->version > 1) {
+ mbedtls_x509_crl_free(crl);
+ return MBEDTLS_ERR_X509_UNKNOWN_VERSION;
}
crl->version++;
- if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1,
- &crl->sig_md, &crl->sig_pk,
- &crl->sig_opts ) ) != 0 )
- {
- mbedtls_x509_crl_free( crl );
- return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG );
+ if ((ret = mbedtls_x509_get_sig_alg(&crl->sig_oid, &sig_params1,
+ &crl->sig_md, &crl->sig_pk,
+ &crl->sig_opts)) != 0) {
+ mbedtls_x509_crl_free(crl);
+ return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG;
}
/*
@@ -411,17 +412,15 @@
*/
crl->issuer_raw.p = p;
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- mbedtls_x509_crl_free( crl );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ mbedtls_x509_crl_free(crl);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
}
- if( ( ret = mbedtls_x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
- {
- mbedtls_x509_crl_free( crl );
- return( ret );
+ if ((ret = mbedtls_x509_get_name(&p, p + len, &crl->issuer)) != 0) {
+ mbedtls_x509_crl_free(crl);
+ return ret;
}
crl->issuer_raw.len = p - crl->issuer_raw.p;
@@ -430,21 +429,18 @@
* thisUpdate Time
* nextUpdate Time OPTIONAL
*/
- if( ( ret = mbedtls_x509_get_time( &p, end, &crl->this_update ) ) != 0 )
- {
- mbedtls_x509_crl_free( crl );
- return( ret );
+ if ((ret = mbedtls_x509_get_time(&p, end, &crl->this_update)) != 0) {
+ mbedtls_x509_crl_free(crl);
+ return ret;
}
- if( ( ret = mbedtls_x509_get_time( &p, end, &crl->next_update ) ) != 0 )
- {
- if( ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) &&
- ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
- MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ) )
- {
- mbedtls_x509_crl_free( crl );
- return( ret );
+ if ((ret = mbedtls_x509_get_time(&p, end, &crl->next_update)) != 0) {
+ if (ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) &&
+ ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
+ MBEDTLS_ERR_ASN1_OUT_OF_DATA))) {
+ mbedtls_x509_crl_free(crl);
+ return ret;
}
}
@@ -456,32 +452,28 @@
* -- if present, MUST be v2
* } OPTIONAL
*/
- if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
- {
- mbedtls_x509_crl_free( crl );
- return( ret );
+ if ((ret = x509_get_entries(&p, end, &crl->entry)) != 0) {
+ mbedtls_x509_crl_free(crl);
+ return ret;
}
/*
* crlExtensions EXPLICIT Extensions OPTIONAL
* -- if present, MUST be v2
*/
- if( crl->version == 2 )
- {
- ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
+ if (crl->version == 2) {
+ ret = x509_get_crl_ext(&p, end, &crl->crl_ext);
- if( ret != 0 )
- {
- mbedtls_x509_crl_free( crl );
- return( ret );
+ if (ret != 0) {
+ mbedtls_x509_crl_free(crl);
+ return ret;
}
}
- if( p != end )
- {
- mbedtls_x509_crl_free( crl );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (p != end) {
+ mbedtls_x509_crl_free(crl);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
end = crl->raw.p + crl->raw.len;
@@ -490,42 +482,38 @@
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING
*/
- if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
- {
- mbedtls_x509_crl_free( crl );
- return( ret );
+ if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) {
+ mbedtls_x509_crl_free(crl);
+ return ret;
}
- if( crl->sig_oid.len != sig_oid2.len ||
- memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 ||
+ if (crl->sig_oid.len != sig_oid2.len ||
+ memcmp(crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len) != 0 ||
sig_params1.len != sig_params2.len ||
- ( sig_params1.len != 0 &&
- memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
- {
- mbedtls_x509_crl_free( crl );
- return( MBEDTLS_ERR_X509_SIG_MISMATCH );
+ (sig_params1.len != 0 &&
+ memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) {
+ mbedtls_x509_crl_free(crl);
+ return MBEDTLS_ERR_X509_SIG_MISMATCH;
}
- if( ( ret = mbedtls_x509_get_sig( &p, end, &crl->sig ) ) != 0 )
- {
- mbedtls_x509_crl_free( crl );
- return( ret );
+ if ((ret = mbedtls_x509_get_sig(&p, end, &crl->sig)) != 0) {
+ mbedtls_x509_crl_free(crl);
+ return ret;
}
- if( p != end )
- {
- mbedtls_x509_crl_free( crl );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (p != end) {
+ mbedtls_x509_crl_free(crl);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
- return( 0 );
+ return 0;
}
/*
* Parse one or more CRLs and add them to the chained list
*/
-int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen )
+int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen)
{
#if defined(MBEDTLS_PEM_PARSE_C)
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -533,25 +521,25 @@
mbedtls_pem_context pem;
int is_pem = 0;
- if( chain == NULL || buf == NULL )
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ if (chain == NULL || buf == NULL) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
- do
- {
- mbedtls_pem_init( &pem );
+ do {
+ mbedtls_pem_init(&pem);
// Avoid calling mbedtls_pem_read_buffer() on non-null-terminated
// string
- if( buflen == 0 || buf[buflen - 1] != '\0' )
+ if (buflen == 0 || buf[buflen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
- else
- ret = mbedtls_pem_read_buffer( &pem,
- "-----BEGIN X509 CRL-----",
- "-----END X509 CRL-----",
- buf, NULL, 0, &use_len );
+ } else {
+ ret = mbedtls_pem_read_buffer(&pem,
+ "-----BEGIN X509 CRL-----",
+ "-----END X509 CRL-----",
+ buf, NULL, 0, &use_len);
+ }
- if( ret == 0 )
- {
+ if (ret == 0) {
/*
* Was PEM encoded
*/
@@ -560,51 +548,49 @@
buflen -= use_len;
buf += use_len;
- if( ( ret = mbedtls_x509_crl_parse_der( chain,
- pem.buf, pem.buflen ) ) != 0 )
- {
- mbedtls_pem_free( &pem );
- return( ret );
+ if ((ret = mbedtls_x509_crl_parse_der(chain,
+ pem.buf, pem.buflen)) != 0) {
+ mbedtls_pem_free(&pem);
+ return ret;
}
- }
- else if( is_pem )
- {
- mbedtls_pem_free( &pem );
- return( ret );
+ } else if (is_pem) {
+ mbedtls_pem_free(&pem);
+ return ret;
}
- mbedtls_pem_free( &pem );
+ mbedtls_pem_free(&pem);
}
/* In the PEM case, buflen is 1 at the end, for the terminated NULL byte.
* And a valid CRL cannot be less than 1 byte anyway. */
- while( is_pem && buflen > 1 );
+ while (is_pem && buflen > 1);
- if( is_pem )
- return( 0 );
- else
+ if (is_pem) {
+ return 0;
+ } else
#endif /* MBEDTLS_PEM_PARSE_C */
- return( mbedtls_x509_crl_parse_der( chain, buf, buflen ) );
+ return mbedtls_x509_crl_parse_der(chain, buf, buflen);
}
#if defined(MBEDTLS_FS_IO)
/*
* Load one or more CRLs and add them to the chained list
*/
-int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path )
+int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
unsigned char *buf;
- if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
+ return ret;
+ }
- ret = mbedtls_x509_crl_parse( chain, buf, n );
+ ret = mbedtls_x509_crl_parse(chain, buf, n);
- mbedtls_platform_zeroize( buf, n );
- mbedtls_free( buf );
+ mbedtls_platform_zeroize(buf, n);
+ mbedtls_free(buf);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_FS_IO */
@@ -616,8 +602,8 @@
/*
* Return an informational string about the CRL.
*/
-int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
- const mbedtls_x509_crl *crl )
+int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix,
+ const mbedtls_x509_crl *crl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
@@ -627,79 +613,78 @@
p = buf;
n = size;
- ret = mbedtls_snprintf( p, n, "%sCRL version : %d",
- prefix, crl->version );
+ ret = mbedtls_snprintf(p, n, "%sCRL version : %d",
+ prefix, crl->version);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix );
+ ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_x509_dn_gets( p, n, &crl->issuer );
+ ret = mbedtls_x509_dn_gets(p, n, &crl->issuer);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, "\n%sthis update : " \
- "%04d-%02d-%02d %02d:%02d:%02d", prefix,
- crl->this_update.year, crl->this_update.mon,
- crl->this_update.day, crl->this_update.hour,
- crl->this_update.min, crl->this_update.sec );
+ ret = mbedtls_snprintf(p, n, "\n%sthis update : " \
+ "%04d-%02d-%02d %02d:%02d:%02d", prefix,
+ crl->this_update.year, crl->this_update.mon,
+ crl->this_update.day, crl->this_update.hour,
+ crl->this_update.min, crl->this_update.sec);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, "\n%snext update : " \
- "%04d-%02d-%02d %02d:%02d:%02d", prefix,
- crl->next_update.year, crl->next_update.mon,
- crl->next_update.day, crl->next_update.hour,
- crl->next_update.min, crl->next_update.sec );
+ ret = mbedtls_snprintf(p, n, "\n%snext update : " \
+ "%04d-%02d-%02d %02d:%02d:%02d", prefix,
+ crl->next_update.year, crl->next_update.mon,
+ crl->next_update.day, crl->next_update.hour,
+ crl->next_update.min, crl->next_update.sec);
MBEDTLS_X509_SAFE_SNPRINTF;
entry = &crl->entry;
- ret = mbedtls_snprintf( p, n, "\n%sRevoked certificates:",
- prefix );
+ ret = mbedtls_snprintf(p, n, "\n%sRevoked certificates:",
+ prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- while( entry != NULL && entry->raw.len != 0 )
- {
- ret = mbedtls_snprintf( p, n, "\n%sserial number: ",
- prefix );
+ while (entry != NULL && entry->raw.len != 0) {
+ ret = mbedtls_snprintf(p, n, "\n%sserial number: ",
+ prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_x509_serial_gets( p, n, &entry->serial );
+ ret = mbedtls_x509_serial_gets(p, n, &entry->serial);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, " revocation date: " \
- "%04d-%02d-%02d %02d:%02d:%02d",
- entry->revocation_date.year, entry->revocation_date.mon,
- entry->revocation_date.day, entry->revocation_date.hour,
- entry->revocation_date.min, entry->revocation_date.sec );
+ ret = mbedtls_snprintf(p, n, " revocation date: " \
+ "%04d-%02d-%02d %02d:%02d:%02d",
+ entry->revocation_date.year, entry->revocation_date.mon,
+ entry->revocation_date.day, entry->revocation_date.hour,
+ entry->revocation_date.min, entry->revocation_date.sec);
MBEDTLS_X509_SAFE_SNPRINTF;
entry = entry->next;
}
- ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
+ ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
- crl->sig_opts );
+ ret = mbedtls_x509_sig_alg_gets(p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
+ crl->sig_opts);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, "\n" );
+ ret = mbedtls_snprintf(p, n, "\n");
MBEDTLS_X509_SAFE_SNPRINTF;
- return( (int) ( size - n ) );
+ return (int) (size - n);
}
/*
* Initialize a CRL chain
*/
-void mbedtls_x509_crl_init( mbedtls_x509_crl *crl )
+void mbedtls_x509_crl_init(mbedtls_x509_crl *crl)
{
- memset( crl, 0, sizeof(mbedtls_x509_crl) );
+ memset(crl, 0, sizeof(mbedtls_x509_crl));
}
/*
* Unallocate all CRL data
*/
-void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
+void mbedtls_x509_crl_free(mbedtls_x509_crl *crl)
{
mbedtls_x509_crl *crl_cur = crl;
mbedtls_x509_crl *crl_prv;
@@ -708,55 +693,50 @@
mbedtls_x509_crl_entry *entry_cur;
mbedtls_x509_crl_entry *entry_prv;
- if( crl == NULL )
+ if (crl == NULL) {
return;
+ }
- do
- {
+ do {
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
- mbedtls_free( crl_cur->sig_opts );
+ mbedtls_free(crl_cur->sig_opts);
#endif
name_cur = crl_cur->issuer.next;
- while( name_cur != NULL )
- {
+ while (name_cur != NULL) {
name_prv = name_cur;
name_cur = name_cur->next;
- mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
- mbedtls_free( name_prv );
+ mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name));
+ mbedtls_free(name_prv);
}
entry_cur = crl_cur->entry.next;
- while( entry_cur != NULL )
- {
+ while (entry_cur != NULL) {
entry_prv = entry_cur;
entry_cur = entry_cur->next;
- mbedtls_platform_zeroize( entry_prv,
- sizeof( mbedtls_x509_crl_entry ) );
- mbedtls_free( entry_prv );
+ mbedtls_platform_zeroize(entry_prv,
+ sizeof(mbedtls_x509_crl_entry));
+ mbedtls_free(entry_prv);
}
- if( crl_cur->raw.p != NULL )
- {
- mbedtls_platform_zeroize( crl_cur->raw.p, crl_cur->raw.len );
- mbedtls_free( crl_cur->raw.p );
+ if (crl_cur->raw.p != NULL) {
+ mbedtls_platform_zeroize(crl_cur->raw.p, crl_cur->raw.len);
+ mbedtls_free(crl_cur->raw.p);
}
crl_cur = crl_cur->next;
- }
- while( crl_cur != NULL );
+ } while (crl_cur != NULL);
crl_cur = crl;
- do
- {
+ do {
crl_prv = crl_cur;
crl_cur = crl_cur->next;
- mbedtls_platform_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) );
- if( crl_prv != crl )
- mbedtls_free( crl_prv );
- }
- while( crl_cur != NULL );
+ mbedtls_platform_zeroize(crl_prv, sizeof(mbedtls_x509_crl));
+ if (crl_prv != crl) {
+ mbedtls_free(crl_prv);
+ }
+ } while (crl_cur != NULL);
}
#endif /* MBEDTLS_X509_CRL_PARSE_C */
diff --git a/library/x509_crt.c b/library/x509_crt.c
index def1414..9ea96b0 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -84,17 +84,17 @@
/*
* Max size of verification chain: end-entity + intermediates + trusted root
*/
-#define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
+#define X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2)
/* Default profile. Do not remove items unless there are serious security
* concerns. */
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
{
/* Only SHA-2 hashes */
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA224) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
0xFFFFFFF, /* Any PK alg */
0xFFFFFFF, /* Any curve */
2048,
@@ -106,19 +106,19 @@
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
{
/* Hashes from SHA-256 and above */
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
0xFFFFFFF, /* Any PK alg */
#if defined(MBEDTLS_ECP_C)
/* Curves at or above 128-bit security level */
- MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1 ),
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256K1),
#else
0,
#endif
@@ -131,15 +131,15 @@
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
{
/* Only SHA-256 and 384 */
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ),
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384),
/* Only ECDSA */
- MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ),
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY),
#if defined(MBEDTLS_ECP_C)
/* Only NIST P-256 and P-384 */
- MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ),
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1),
#else
0,
#endif
@@ -150,133 +150,136 @@
* Check md_alg against profile
* Return 0 if md_alg is acceptable for this profile, -1 otherwise
*/
-static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile,
- mbedtls_md_type_t md_alg )
+static int x509_profile_check_md_alg(const mbedtls_x509_crt_profile *profile,
+ mbedtls_md_type_t md_alg)
{
- if( md_alg == MBEDTLS_MD_NONE )
- return( -1 );
+ if (md_alg == MBEDTLS_MD_NONE) {
+ return -1;
+ }
- if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 )
- return( 0 );
+ if ((profile->allowed_mds & MBEDTLS_X509_ID_FLAG(md_alg)) != 0) {
+ return 0;
+ }
- return( -1 );
+ return -1;
}
/*
* Check pk_alg against profile
* Return 0 if pk_alg is acceptable for this profile, -1 otherwise
*/
-static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile,
- mbedtls_pk_type_t pk_alg )
+static int x509_profile_check_pk_alg(const mbedtls_x509_crt_profile *profile,
+ mbedtls_pk_type_t pk_alg)
{
- if( pk_alg == MBEDTLS_PK_NONE )
- return( -1 );
+ if (pk_alg == MBEDTLS_PK_NONE) {
+ return -1;
+ }
- if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 )
- return( 0 );
+ if ((profile->allowed_pks & MBEDTLS_X509_ID_FLAG(pk_alg)) != 0) {
+ return 0;
+ }
- return( -1 );
+ return -1;
}
/*
* Check key against profile
* Return 0 if pk is acceptable for this profile, -1 otherwise
*/
-static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
- const mbedtls_pk_context *pk )
+static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile,
+ const mbedtls_pk_context *pk)
{
- const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type( pk );
+ const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type(pk);
#if defined(MBEDTLS_RSA_C)
- if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS )
- {
- if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen )
- return( 0 );
+ if (pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS) {
+ if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) {
+ return 0;
+ }
- return( -1 );
+ return -1;
}
#endif
#if defined(MBEDTLS_ECP_C)
- if( pk_alg == MBEDTLS_PK_ECDSA ||
+ if (pk_alg == MBEDTLS_PK_ECDSA ||
pk_alg == MBEDTLS_PK_ECKEY ||
- pk_alg == MBEDTLS_PK_ECKEY_DH )
- {
- const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
+ pk_alg == MBEDTLS_PK_ECKEY_DH) {
+ const mbedtls_ecp_group_id gid = mbedtls_pk_ec(*pk)->grp.id;
- if( gid == MBEDTLS_ECP_DP_NONE )
- return( -1 );
+ if (gid == MBEDTLS_ECP_DP_NONE) {
+ return -1;
+ }
- if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 )
- return( 0 );
+ if ((profile->allowed_curves & MBEDTLS_X509_ID_FLAG(gid)) != 0) {
+ return 0;
+ }
- return( -1 );
+ return -1;
}
#endif
- return( -1 );
+ return -1;
}
/*
* Like memcmp, but case-insensitive and always returns -1 if different
*/
-static int x509_memcasecmp( const void *s1, const void *s2, size_t len )
+static int x509_memcasecmp(const void *s1, const void *s2, size_t len)
{
size_t i;
unsigned char diff;
const unsigned char *n1 = s1, *n2 = s2;
- for( i = 0; i < len; i++ )
- {
+ for (i = 0; i < len; i++) {
diff = n1[i] ^ n2[i];
- if( diff == 0 )
- continue;
-
- if( diff == 32 &&
- ( ( n1[i] >= 'a' && n1[i] <= 'z' ) ||
- ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
- {
+ if (diff == 0) {
continue;
}
- return( -1 );
+ if (diff == 32 &&
+ ((n1[i] >= 'a' && n1[i] <= 'z') ||
+ (n1[i] >= 'A' && n1[i] <= 'Z'))) {
+ continue;
+ }
+
+ return -1;
}
- return( 0 );
+ return 0;
}
/*
* Return 0 if name matches wildcard, -1 otherwise
*/
-static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name )
+static int x509_check_wildcard(const char *cn, const mbedtls_x509_buf *name)
{
size_t i;
- size_t cn_idx = 0, cn_len = strlen( cn );
+ size_t cn_idx = 0, cn_len = strlen(cn);
/* We can't have a match if there is no wildcard to match */
- if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
- return( -1 );
+ if (name->len < 3 || name->p[0] != '*' || name->p[1] != '.') {
+ return -1;
+ }
- for( i = 0; i < cn_len; ++i )
- {
- if( cn[i] == '.' )
- {
+ for (i = 0; i < cn_len; ++i) {
+ if (cn[i] == '.') {
cn_idx = i;
break;
}
}
- if( cn_idx == 0 )
- return( -1 );
-
- if( cn_len - cn_idx == name->len - 1 &&
- x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
- {
- return( 0 );
+ if (cn_idx == 0) {
+ return -1;
}
- return( -1 );
+ if (cn_len - cn_idx == name->len - 1 &&
+ x509_memcasecmp(name->p + 1, cn + cn_idx, name->len - 1) == 0) {
+ return 0;
+ }
+
+ return -1;
}
/*
@@ -285,24 +288,22 @@
*
* Return 0 if equal, -1 otherwise.
*/
-static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b )
+static int x509_string_cmp(const mbedtls_x509_buf *a, const mbedtls_x509_buf *b)
{
- if( a->tag == b->tag &&
+ if (a->tag == b->tag &&
a->len == b->len &&
- memcmp( a->p, b->p, b->len ) == 0 )
- {
- return( 0 );
+ memcmp(a->p, b->p, b->len) == 0) {
+ return 0;
}
- if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
- ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
+ if ((a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING) &&
+ (b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING) &&
a->len == b->len &&
- x509_memcasecmp( a->p, b->p, b->len ) == 0 )
- {
- return( 0 );
+ x509_memcasecmp(a->p, b->p, b->len) == 0) {
+ return 0;
}
- return( -1 );
+ return -1;
}
/*
@@ -315,48 +316,48 @@
*
* Return 0 if equal, -1 otherwise.
*/
-static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b )
+static int x509_name_cmp(const mbedtls_x509_name *a, const mbedtls_x509_name *b)
{
/* Avoid recursion, it might not be optimised by the compiler */
- while( a != NULL || b != NULL )
- {
- if( a == NULL || b == NULL )
- return( -1 );
+ while (a != NULL || b != NULL) {
+ if (a == NULL || b == NULL) {
+ return -1;
+ }
/* type */
- if( a->oid.tag != b->oid.tag ||
+ if (a->oid.tag != b->oid.tag ||
a->oid.len != b->oid.len ||
- memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 )
- {
- return( -1 );
+ memcmp(a->oid.p, b->oid.p, b->oid.len) != 0) {
+ return -1;
}
/* value */
- if( x509_string_cmp( &a->val, &b->val ) != 0 )
- return( -1 );
+ if (x509_string_cmp(&a->val, &b->val) != 0) {
+ return -1;
+ }
/* structure of the list of sets */
- if( a->next_merged != b->next_merged )
- return( -1 );
+ if (a->next_merged != b->next_merged) {
+ return -1;
+ }
a = a->next;
b = b->next;
}
/* a == NULL == b */
- return( 0 );
+ return 0;
}
/*
* Reset (init or clear) a verify_chain
*/
static void x509_crt_verify_chain_reset(
- mbedtls_x509_crt_verify_chain *ver_chain )
+ mbedtls_x509_crt_verify_chain *ver_chain)
{
size_t i;
- for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ )
- {
+ for (i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++) {
ver_chain->items[i].crt = NULL;
ver_chain->items[i].flags = (uint32_t) -1;
}
@@ -371,35 +372,36 @@
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*/
-static int x509_get_version( unsigned char **p,
- const unsigned char *end,
- int *ver )
+static int x509_get_version(unsigned char **p,
+ const unsigned char *end,
+ int *ver)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) != 0 )
- {
- if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
- {
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
+ 0)) != 0) {
+ if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
*ver = 0;
- return( 0 );
+ return 0;
}
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
}
end = *p + len;
- if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, ret ) );
+ if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret);
+ }
- if( *p != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- return( 0 );
+ return 0;
}
/*
@@ -407,66 +409,72 @@
* notBefore Time,
* notAfter Time }
*/
-static int x509_get_dates( unsigned char **p,
- const unsigned char *end,
- mbedtls_x509_time *from,
- mbedtls_x509_time *to )
+static int x509_get_dates(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_time *from,
+ mbedtls_x509_time *to)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret);
+ }
end = *p + len;
- if( ( ret = mbedtls_x509_get_time( p, end, from ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_x509_get_time(p, end, from)) != 0) {
+ return ret;
+ }
- if( ( ret = mbedtls_x509_get_time( p, end, to ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_x509_get_time(p, end, to)) != 0) {
+ return ret;
+ }
- if( *p != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- return( 0 );
+ return 0;
}
/*
* X.509 v2/v3 unique identifier (not parsed)
*/
-static int x509_get_uid( unsigned char **p,
- const unsigned char *end,
- mbedtls_x509_buf *uid, int n )
+static int x509_get_uid(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_buf *uid, int n)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( *p == end )
- return( 0 );
+ if (*p == end) {
+ return 0;
+ }
uid->tag = **p;
- if( ( ret = mbedtls_asn1_get_tag( p, end, &uid->len,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | n ) ) != 0 )
- {
- if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
- return( 0 );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &uid->len,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
+ n)) != 0) {
+ if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+ return 0;
+ }
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
}
uid->p = *p;
*p += uid->len;
- return( 0 );
+ return 0;
}
-static int x509_get_basic_constraints( unsigned char **p,
- const unsigned char *end,
- int *ca_istrue,
- int *max_pathlen )
+static int x509_get_basic_constraints(unsigned char **p,
+ const unsigned char *end,
+ int *ca_istrue,
+ int *max_pathlen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
@@ -479,88 +487,99 @@
*ca_istrue = 0; /* DEFAULT FALSE */
*max_pathlen = 0; /* endless */
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
-
- if( *p == end )
- return( 0 );
-
- if( ( ret = mbedtls_asn1_get_bool( p, end, ca_istrue ) ) != 0 )
- {
- if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
- ret = mbedtls_asn1_get_int( p, end, ca_istrue );
-
- if( ret != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
-
- if( *ca_istrue != 0 )
- *ca_istrue = 1;
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
}
- if( *p == end )
- return( 0 );
+ if (*p == end) {
+ return 0;
+ }
- if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_bool(p, end, ca_istrue)) != 0) {
+ if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+ ret = mbedtls_asn1_get_int(p, end, ca_istrue);
+ }
- if( *p != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (ret != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
+
+ if (*ca_istrue != 0) {
+ *ca_istrue = 1;
+ }
+ }
+
+ if (*p == end) {
+ return 0;
+ }
+
+ if ((ret = mbedtls_asn1_get_int(p, end, max_pathlen)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
+
+ if (*p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
/* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer
* overflow, which is an undefined behavior. */
- if( *max_pathlen == INT_MAX )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_INVALID_LENGTH ) );
+ if (*max_pathlen == INT_MAX) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_INVALID_LENGTH);
+ }
(*max_pathlen)++;
- return( 0 );
+ return 0;
}
-static int x509_get_ns_cert_type( unsigned char **p,
- const unsigned char *end,
- unsigned char *ns_cert_type)
+static int x509_get_ns_cert_type(unsigned char **p,
+ const unsigned char *end,
+ unsigned char *ns_cert_type)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_x509_bitstring bs = { 0, 0, NULL };
- if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_bitstring(p, end, &bs)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
- if( bs.len != 1 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_INVALID_LENGTH ) );
+ if (bs.len != 1) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_INVALID_LENGTH);
+ }
/* Get actual bitstring */
*ns_cert_type = *bs.p;
- return( 0 );
+ return 0;
}
-static int x509_get_key_usage( unsigned char **p,
- const unsigned char *end,
- unsigned int *key_usage)
+static int x509_get_key_usage(unsigned char **p,
+ const unsigned char *end,
+ unsigned int *key_usage)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
mbedtls_x509_bitstring bs = { 0, 0, NULL };
- if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_bitstring(p, end, &bs)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
- if( bs.len < 1 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_INVALID_LENGTH ) );
+ if (bs.len < 1) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_INVALID_LENGTH);
+ }
/* Get actual bitstring */
*key_usage = 0;
- for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ )
- {
+ for (i = 0; i < bs.len && i < sizeof(unsigned int); i++) {
*key_usage |= (unsigned int) bs.p[i] << (8*i);
}
- return( 0 );
+ return 0;
}
/*
@@ -568,21 +587,23 @@
*
* KeyPurposeId ::= OBJECT IDENTIFIER
*/
-static int x509_get_ext_key_usage( unsigned char **p,
- const unsigned char *end,
- mbedtls_x509_sequence *ext_key_usage)
+static int x509_get_ext_key_usage(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_sequence *ext_key_usage)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_sequence_of(p, end, ext_key_usage, MBEDTLS_ASN1_OID)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
/* Sequence length must be >= 1 */
- if( ext_key_usage->buf.p == NULL )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_INVALID_LENGTH ) );
+ if (ext_key_usage->buf.p == NULL) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_INVALID_LENGTH);
+ }
- return( 0 );
+ return 0;
}
/*
@@ -612,9 +633,9 @@
* NOTE: we list all types, but only use dNSName and otherName
* of type HwModuleName, as defined in RFC 4108, at this point.
*/
-static int x509_get_subject_alt_name( unsigned char **p,
- const unsigned char *end,
- mbedtls_x509_sequence *subject_alt_name )
+static int x509_get_subject_alt_name(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_sequence *subject_alt_name)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len, tag_len;
@@ -623,66 +644,66 @@
mbedtls_asn1_sequence *cur = subject_alt_name;
/* Get main sequence tag */
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
- if( *p + len != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p + len != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- while( *p < end )
- {
+ while (*p < end) {
mbedtls_x509_subject_alternative_name dummy_san_buf;
- memset( &dummy_san_buf, 0, sizeof( dummy_san_buf ) );
+ memset(&dummy_san_buf, 0, sizeof(dummy_san_buf));
tag = **p;
(*p)++;
- if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_len(p, end, &tag_len)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
- if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) !=
- MBEDTLS_ASN1_CONTEXT_SPECIFIC )
- {
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+ if ((tag & MBEDTLS_ASN1_TAG_CLASS_MASK) !=
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
}
/*
* Check that the SAN is structured correctly.
*/
- ret = mbedtls_x509_parse_subject_alt_name( &(cur->buf), &dummy_san_buf );
+ ret = mbedtls_x509_parse_subject_alt_name(&(cur->buf), &dummy_san_buf);
/*
* In case the extension is malformed, return an error,
* and clear the allocated sequences.
*/
- if( ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
- {
+ if (ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) {
mbedtls_x509_sequence *seq_cur = subject_alt_name->next;
mbedtls_x509_sequence *seq_prv;
- while( seq_cur != NULL )
- {
+ while (seq_cur != NULL) {
seq_prv = seq_cur;
seq_cur = seq_cur->next;
- mbedtls_platform_zeroize( seq_prv,
- sizeof( mbedtls_x509_sequence ) );
- mbedtls_free( seq_prv );
+ mbedtls_platform_zeroize(seq_prv,
+ sizeof(mbedtls_x509_sequence));
+ mbedtls_free(seq_prv);
}
subject_alt_name->next = NULL;
- return( ret );
+ return ret;
}
/* Allocate and assign next pointer */
- if( cur->buf.p != NULL )
- {
- if( cur->next != NULL )
- return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
+ if (cur->buf.p != NULL) {
+ if (cur->next != NULL) {
+ return MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
+ }
- cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
+ cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence));
- if( cur->next == NULL )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_ALLOC_FAILED ) );
+ if (cur->next == NULL) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_ALLOC_FAILED);
+ }
cur = cur->next;
}
@@ -697,11 +718,12 @@
/* Set final sequence entry's next pointer to NULL */
cur->next = NULL;
- if( *p != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- return( 0 );
+ return 0;
}
/*
@@ -753,9 +775,9 @@
* NOTE: we only parse and use anyPolicy without qualifiers at this point
* as defined in RFC 5280.
*/
-static int x509_get_certificate_policies( unsigned char **p,
- const unsigned char *end,
- mbedtls_x509_sequence *certificate_policies )
+static int x509_get_certificate_policies(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_sequence *certificate_policies)
{
int ret, parse_ret = 0;
size_t len;
@@ -763,39 +785,43 @@
mbedtls_asn1_sequence *cur = certificate_policies;
/* Get main sequence tag */
- ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE );
- if( ret != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+ if (ret != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
- if( *p + len != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p + len != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
/*
* Cannot be an empty sequence.
*/
- if( len == 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (len == 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- while( *p < end )
- {
+ while (*p < end) {
mbedtls_x509_buf policy_oid;
const unsigned char *policy_end;
/*
* Get the policy sequence
*/
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
policy_end = *p + len;
- if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len,
- MBEDTLS_ASN1_OID ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len,
+ MBEDTLS_ASN1_OID)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
policy_oid.tag = MBEDTLS_ASN1_OID;
policy_oid.len = len;
@@ -804,8 +830,7 @@
/*
* Only AnyPolicy is currently supported when enforcing policy.
*/
- if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_POLICY, &policy_oid ) != 0 )
- {
+ if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_POLICY, &policy_oid) != 0) {
/*
* Set the parsing return code but continue parsing, in case this
* extension is critical and MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
@@ -815,135 +840,144 @@
}
/* Allocate and assign next pointer */
- if( cur->buf.p != NULL )
- {
- if( cur->next != NULL )
- return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
+ if (cur->buf.p != NULL) {
+ if (cur->next != NULL) {
+ return MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
+ }
- cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
+ cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence));
- if( cur->next == NULL )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_ALLOC_FAILED ) );
+ if (cur->next == NULL) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_ALLOC_FAILED);
+ }
cur = cur->next;
}
- buf = &( cur->buf );
+ buf = &(cur->buf);
buf->tag = policy_oid.tag;
buf->p = policy_oid.p;
buf->len = policy_oid.len;
*p += len;
- /*
- * If there is an optional qualifier, then *p < policy_end
- * Check the Qualifier len to verify it doesn't exceed policy_end.
- */
- if( *p < policy_end )
- {
- if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ /*
+ * If there is an optional qualifier, then *p < policy_end
+ * Check the Qualifier len to verify it doesn't exceed policy_end.
+ */
+ if (*p < policy_end) {
+ if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) !=
+ 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
/*
* Skip the optional policy qualifiers.
*/
*p += len;
}
- if( *p != policy_end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p != policy_end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
}
/* Set final sequence entry's next pointer to NULL */
cur->next = NULL;
- if( *p != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- return( parse_ret );
+ return parse_ret;
}
/*
* X.509 v3 extensions
*
*/
-static int x509_get_crt_ext( unsigned char **p,
- const unsigned char *end,
- mbedtls_x509_crt *crt,
- mbedtls_x509_crt_ext_cb_t cb,
- void *p_ctx )
+static int x509_get_crt_ext(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_crt *crt,
+ mbedtls_x509_crt_ext_cb_t cb,
+ void *p_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet;
- if( *p == end )
- return( 0 );
+ if (*p == end) {
+ return 0;
+ }
- if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_x509_get_ext(p, end, &crt->v3_ext, 3)) != 0) {
+ return ret;
+ }
end = crt->v3_ext.p + crt->v3_ext.len;
- while( *p < end )
- {
+ while (*p < end) {
/*
* Extension ::= SEQUENCE {
* extnID OBJECT IDENTIFIER,
* critical BOOLEAN DEFAULT FALSE,
* extnValue OCTET STRING }
*/
- mbedtls_x509_buf extn_oid = {0, 0, NULL};
+ mbedtls_x509_buf extn_oid = { 0, 0, NULL };
int is_critical = 0; /* DEFAULT FALSE */
int ext_type = 0;
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
end_ext_data = *p + len;
/* Get extension ID */
- if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len,
- MBEDTLS_ASN1_OID ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len,
+ MBEDTLS_ASN1_OID)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
extn_oid.tag = MBEDTLS_ASN1_OID;
extn_oid.p = *p;
*p += extn_oid.len;
/* Get optional critical */
- if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
- ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 &&
+ (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
/* Data should be octet string type */
- if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
- MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
+ MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
start_ext_octet = *p;
end_ext_octet = *p + len;
- if( end_ext_octet != end_ext_data )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (end_ext_octet != end_ext_data) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
/*
* Detect supported extensions
*/
- ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type );
+ ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type);
- if( ret != 0 )
- {
+ if (ret != 0) {
/* Give the callback (if any) a chance to handle the extension */
- if( cb != NULL )
- {
- ret = cb( p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet );
- if( ret != 0 && is_critical )
- return( ret );
+ if (cb != NULL) {
+ ret = cb(p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet);
+ if (ret != 0 && is_critical) {
+ return ret;
+ }
*p = end_ext_octet;
continue;
}
@@ -952,136 +986,143 @@
*p = end_ext_octet;
#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
- if( is_critical )
- {
+ if (is_critical) {
/* Data is marked as critical: fail */
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
}
#endif
continue;
}
/* Forbid repeated extensions */
- if( ( crt->ext_types & ext_type ) != 0 )
- return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
+ if ((crt->ext_types & ext_type) != 0) {
+ return MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
+ }
crt->ext_types |= ext_type;
- switch( ext_type )
- {
- case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS:
- /* Parse basic constraints */
- if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
- &crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
- return( ret );
- break;
+ switch (ext_type) {
+ case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS:
+ /* Parse basic constraints */
+ if ((ret = x509_get_basic_constraints(p, end_ext_octet,
+ &crt->ca_istrue, &crt->max_pathlen)) != 0) {
+ return ret;
+ }
+ break;
- case MBEDTLS_X509_EXT_KEY_USAGE:
- /* Parse key usage */
- if( ( ret = x509_get_key_usage( p, end_ext_octet,
- &crt->key_usage ) ) != 0 )
- return( ret );
- break;
+ case MBEDTLS_X509_EXT_KEY_USAGE:
+ /* Parse key usage */
+ if ((ret = x509_get_key_usage(p, end_ext_octet,
+ &crt->key_usage)) != 0) {
+ return ret;
+ }
+ break;
- case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE:
- /* Parse extended key usage */
- if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
- &crt->ext_key_usage ) ) != 0 )
- return( ret );
- break;
+ case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE:
+ /* Parse extended key usage */
+ if ((ret = x509_get_ext_key_usage(p, end_ext_octet,
+ &crt->ext_key_usage)) != 0) {
+ return ret;
+ }
+ break;
- case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
- /* Parse subject alt name */
- if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
- &crt->subject_alt_names ) ) != 0 )
- return( ret );
- break;
+ case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
+ /* Parse subject alt name */
+ if ((ret = x509_get_subject_alt_name(p, end_ext_octet,
+ &crt->subject_alt_names)) != 0) {
+ return ret;
+ }
+ break;
- case MBEDTLS_X509_EXT_NS_CERT_TYPE:
- /* Parse netscape certificate type */
- if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
- &crt->ns_cert_type ) ) != 0 )
- return( ret );
- break;
+ case MBEDTLS_X509_EXT_NS_CERT_TYPE:
+ /* Parse netscape certificate type */
+ if ((ret = x509_get_ns_cert_type(p, end_ext_octet,
+ &crt->ns_cert_type)) != 0) {
+ return ret;
+ }
+ break;
- case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES:
- /* Parse certificate policies type */
- if( ( ret = x509_get_certificate_policies( p, end_ext_octet,
- &crt->certificate_policies ) ) != 0 )
- {
- /* Give the callback (if any) a chance to handle the extension
- * if it contains unsupported policies */
- if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL &&
- cb( p_ctx, crt, &extn_oid, is_critical,
- start_ext_octet, end_ext_octet ) == 0 )
- break;
+ case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES:
+ /* Parse certificate policies type */
+ if ((ret = x509_get_certificate_policies(p, end_ext_octet,
+ &crt->certificate_policies)) != 0) {
+ /* Give the callback (if any) a chance to handle the extension
+ * if it contains unsupported policies */
+ if (ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL &&
+ cb(p_ctx, crt, &extn_oid, is_critical,
+ start_ext_octet, end_ext_octet) == 0) {
+ break;
+ }
#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
- if( is_critical )
- return( ret );
- else
+ if (is_critical) {
+ return ret;
+ } else
#endif
- /*
- * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we
- * cannot interpret or enforce the policy. However, it is up to
- * the user to choose how to enforce the policies,
- * unless the extension is critical.
- */
- if( ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
- return( ret );
- }
- break;
+ /*
+ * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we
+ * cannot interpret or enforce the policy. However, it is up to
+ * the user to choose how to enforce the policies,
+ * unless the extension is critical.
+ */
+ if (ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) {
+ return ret;
+ }
+ }
+ break;
- default:
- /*
- * If this is a non-critical extension, which the oid layer
- * supports, but there isn't an x509 parser for it,
- * skip the extension.
- */
+ default:
+ /*
+ * If this is a non-critical extension, which the oid layer
+ * supports, but there isn't an x509 parser for it,
+ * skip the extension.
+ */
#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
- if( is_critical )
- return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
- else
+ if (is_critical) {
+ return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
+ } else
#endif
*p = end_ext_octet;
}
}
- if( *p != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- return( 0 );
+ return 0;
}
/*
* Parse and fill a single X.509 certificate in DER format
*/
-static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
- const unsigned char *buf,
- size_t buflen,
- int make_copy,
- mbedtls_x509_crt_ext_cb_t cb,
- void *p_ctx )
+static int x509_crt_parse_der_core(mbedtls_x509_crt *crt,
+ const unsigned char *buf,
+ size_t buflen,
+ int make_copy,
+ mbedtls_x509_crt_ext_cb_t cb,
+ void *p_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
unsigned char *p, *end, *crt_end;
mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
- memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) );
- memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) );
- memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) );
+ memset(&sig_params1, 0, sizeof(mbedtls_x509_buf));
+ memset(&sig_params2, 0, sizeof(mbedtls_x509_buf));
+ memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf));
/*
* Check for valid input
*/
- if( crt == NULL || buf == NULL )
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ if (crt == NULL || buf == NULL) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
/* Use the original buffer until we figure out actual length. */
- p = (unsigned char*) buf;
+ p = (unsigned char *) buf;
len = buflen;
end = p + len;
@@ -1091,31 +1132,28 @@
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING }
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- mbedtls_x509_crt_free( crt );
- return( MBEDTLS_ERR_X509_INVALID_FORMAT );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ mbedtls_x509_crt_free(crt);
+ return MBEDTLS_ERR_X509_INVALID_FORMAT;
}
end = crt_end = p + len;
crt->raw.len = crt_end - buf;
- if( make_copy != 0 )
- {
+ if (make_copy != 0) {
/* Create and populate a new buffer for the raw field. */
- crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
- if( crt->raw.p == NULL )
- return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+ crt->raw.p = p = mbedtls_calloc(1, crt->raw.len);
+ if (crt->raw.p == NULL) {
+ return MBEDTLS_ERR_X509_ALLOC_FAILED;
+ }
- memcpy( crt->raw.p, buf, crt->raw.len );
+ memcpy(crt->raw.p, buf, crt->raw.len);
crt->own_buffer = 1;
p += crt->raw.len - len;
end = crt_end = p + len;
- }
- else
- {
- crt->raw.p = (unsigned char*) buf;
+ } else {
+ crt->raw.p = (unsigned char *) buf;
crt->own_buffer = 0;
}
@@ -1124,11 +1162,10 @@
*/
crt->tbs.p = p;
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- mbedtls_x509_crt_free( crt );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ mbedtls_x509_crt_free(crt);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
}
end = p + len;
@@ -1141,29 +1178,26 @@
*
* signature AlgorithmIdentifier
*/
- if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
- ( ret = mbedtls_x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
- ( ret = mbedtls_x509_get_alg( &p, end, &crt->sig_oid,
- &sig_params1 ) ) != 0 )
- {
- mbedtls_x509_crt_free( crt );
- return( ret );
+ if ((ret = x509_get_version(&p, end, &crt->version)) != 0 ||
+ (ret = mbedtls_x509_get_serial(&p, end, &crt->serial)) != 0 ||
+ (ret = mbedtls_x509_get_alg(&p, end, &crt->sig_oid,
+ &sig_params1)) != 0) {
+ mbedtls_x509_crt_free(crt);
+ return ret;
}
- if( crt->version < 0 || crt->version > 2 )
- {
- mbedtls_x509_crt_free( crt );
- return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
+ if (crt->version < 0 || crt->version > 2) {
+ mbedtls_x509_crt_free(crt);
+ return MBEDTLS_ERR_X509_UNKNOWN_VERSION;
}
crt->version++;
- if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1,
- &crt->sig_md, &crt->sig_pk,
- &crt->sig_opts ) ) != 0 )
- {
- mbedtls_x509_crt_free( crt );
- return( ret );
+ if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1,
+ &crt->sig_md, &crt->sig_pk,
+ &crt->sig_opts)) != 0) {
+ mbedtls_x509_crt_free(crt);
+ return ret;
}
/*
@@ -1171,17 +1205,15 @@
*/
crt->issuer_raw.p = p;
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- mbedtls_x509_crt_free( crt );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ mbedtls_x509_crt_free(crt);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
}
- if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
- {
- mbedtls_x509_crt_free( crt );
- return( ret );
+ if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) {
+ mbedtls_x509_crt_free(crt);
+ return ret;
}
crt->issuer_raw.len = p - crt->issuer_raw.p;
@@ -1192,11 +1224,10 @@
* notAfter Time }
*
*/
- if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
- &crt->valid_to ) ) != 0 )
- {
- mbedtls_x509_crt_free( crt );
- return( ret );
+ if ((ret = x509_get_dates(&p, end, &crt->valid_from,
+ &crt->valid_to)) != 0) {
+ mbedtls_x509_crt_free(crt);
+ return ret;
}
/*
@@ -1204,17 +1235,15 @@
*/
crt->subject_raw.p = p;
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- mbedtls_x509_crt_free( crt );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ mbedtls_x509_crt_free(crt);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
}
- if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
- {
- mbedtls_x509_crt_free( crt );
- return( ret );
+ if (len && (ret = mbedtls_x509_get_name(&p, p + len, &crt->subject)) != 0) {
+ mbedtls_x509_crt_free(crt);
+ return ret;
}
crt->subject_raw.len = p - crt->subject_raw.p;
@@ -1223,10 +1252,9 @@
* SubjectPublicKeyInfo
*/
crt->pk_raw.p = p;
- if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 )
- {
- mbedtls_x509_crt_free( crt );
- return( ret );
+ if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &crt->pk)) != 0) {
+ mbedtls_x509_crt_free(crt);
+ return ret;
}
crt->pk_raw.len = p - crt->pk_raw.p;
@@ -1238,46 +1266,40 @@
* extensions [3] EXPLICIT Extensions OPTIONAL
* -- If present, version shall be v3
*/
- if( crt->version == 2 || crt->version == 3 )
- {
- ret = x509_get_uid( &p, end, &crt->issuer_id, 1 );
- if( ret != 0 )
- {
- mbedtls_x509_crt_free( crt );
- return( ret );
+ if (crt->version == 2 || crt->version == 3) {
+ ret = x509_get_uid(&p, end, &crt->issuer_id, 1);
+ if (ret != 0) {
+ mbedtls_x509_crt_free(crt);
+ return ret;
}
}
- if( crt->version == 2 || crt->version == 3 )
- {
- ret = x509_get_uid( &p, end, &crt->subject_id, 2 );
- if( ret != 0 )
- {
- mbedtls_x509_crt_free( crt );
- return( ret );
+ if (crt->version == 2 || crt->version == 3) {
+ ret = x509_get_uid(&p, end, &crt->subject_id, 2);
+ if (ret != 0) {
+ mbedtls_x509_crt_free(crt);
+ return ret;
}
}
int extensions_allowed = 1;
#if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
- if( crt->version != 3 )
+ if (crt->version != 3) {
extensions_allowed = 0;
+ }
#endif
- if( extensions_allowed )
- {
- ret = x509_get_crt_ext( &p, end, crt, cb, p_ctx );
- if( ret != 0 )
- {
- mbedtls_x509_crt_free( crt );
- return( ret );
+ if (extensions_allowed) {
+ ret = x509_get_crt_ext(&p, end, crt, cb, p_ctx);
+ if (ret != 0) {
+ mbedtls_x509_crt_free(crt);
+ return ret;
}
}
- if( p != end )
- {
- mbedtls_x509_crt_free( crt );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (p != end) {
+ mbedtls_x509_crt_free(crt);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
end = crt_end;
@@ -1289,49 +1311,45 @@
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING
*/
- if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
- {
- mbedtls_x509_crt_free( crt );
- return( ret );
+ if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) {
+ mbedtls_x509_crt_free(crt);
+ return ret;
}
- if( crt->sig_oid.len != sig_oid2.len ||
- memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
+ if (crt->sig_oid.len != sig_oid2.len ||
+ memcmp(crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len) != 0 ||
sig_params1.tag != sig_params2.tag ||
sig_params1.len != sig_params2.len ||
- ( sig_params1.len != 0 &&
- memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
- {
- mbedtls_x509_crt_free( crt );
- return( MBEDTLS_ERR_X509_SIG_MISMATCH );
+ (sig_params1.len != 0 &&
+ memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) {
+ mbedtls_x509_crt_free(crt);
+ return MBEDTLS_ERR_X509_SIG_MISMATCH;
}
- if( ( ret = mbedtls_x509_get_sig( &p, end, &crt->sig ) ) != 0 )
- {
- mbedtls_x509_crt_free( crt );
- return( ret );
+ if ((ret = mbedtls_x509_get_sig(&p, end, &crt->sig)) != 0) {
+ mbedtls_x509_crt_free(crt);
+ return ret;
}
- if( p != end )
- {
- mbedtls_x509_crt_free( crt );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (p != end) {
+ mbedtls_x509_crt_free(crt);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
- return( 0 );
+ return 0;
}
/*
* Parse one X.509 certificate in DER format from a buffer and add them to a
* chained list
*/
-static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain,
- const unsigned char *buf,
- size_t buflen,
- int make_copy,
- mbedtls_x509_crt_ext_cb_t cb,
- void *p_ctx )
+static int mbedtls_x509_crt_parse_der_internal(mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen,
+ int make_copy,
+ mbedtls_x509_crt_ext_cb_t cb,
+ void *p_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_x509_crt *crt = chain, *prev = NULL;
@@ -1339,11 +1357,11 @@
/*
* Check for valid input
*/
- if( crt == NULL || buf == NULL )
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ if (crt == NULL || buf == NULL) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
- while( crt->version != 0 && crt->next != NULL )
- {
+ while (crt->version != 0 && crt->next != NULL) {
prev = crt;
crt = crt->next;
}
@@ -1351,64 +1369,65 @@
/*
* Add new certificate on the end of the chain if needed.
*/
- if( crt->version != 0 && crt->next == NULL )
- {
- crt->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
+ if (crt->version != 0 && crt->next == NULL) {
+ crt->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
- if( crt->next == NULL )
- return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+ if (crt->next == NULL) {
+ return MBEDTLS_ERR_X509_ALLOC_FAILED;
+ }
prev = crt;
- mbedtls_x509_crt_init( crt->next );
+ mbedtls_x509_crt_init(crt->next);
crt = crt->next;
}
- ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy, cb, p_ctx );
- if( ret != 0 )
- {
- if( prev )
+ ret = x509_crt_parse_der_core(crt, buf, buflen, make_copy, cb, p_ctx);
+ if (ret != 0) {
+ if (prev) {
prev->next = NULL;
+ }
- if( crt != chain )
- mbedtls_free( crt );
+ if (crt != chain) {
+ mbedtls_free(crt);
+ }
- return( ret );
+ return ret;
}
- return( 0 );
+ return 0;
}
-int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
- const unsigned char *buf,
- size_t buflen )
+int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen)
{
- return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0, NULL, NULL ) );
+ return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 0, NULL, NULL);
}
-int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
- const unsigned char *buf,
- size_t buflen,
- int make_copy,
- mbedtls_x509_crt_ext_cb_t cb,
- void *p_ctx )
+int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen,
+ int make_copy,
+ mbedtls_x509_crt_ext_cb_t cb,
+ void *p_ctx)
{
- return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, make_copy, cb, p_ctx ) );
+ return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, make_copy, cb, p_ctx);
}
-int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
- const unsigned char *buf,
- size_t buflen )
+int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen)
{
- return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, NULL, NULL ) );
+ return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 1, NULL, NULL);
}
/*
* Parse one or more PEM certificates from a buffer and add them to the chained
* list
*/
-int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain,
- const unsigned char *buf,
- size_t buflen )
+int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen)
{
#if defined(MBEDTLS_PEM_PARSE_C)
int success = 0, first_error = 0, total_failed = 0;
@@ -1418,59 +1437,53 @@
/*
* Check for valid input
*/
- if( chain == NULL || buf == NULL )
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ if (chain == NULL || buf == NULL) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
/*
* Determine buffer content. Buffer contains either one DER certificate or
* one or more PEM certificates.
*/
#if defined(MBEDTLS_PEM_PARSE_C)
- if( buflen != 0 && buf[buflen - 1] == '\0' &&
- strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
- {
+ if (buflen != 0 && buf[buflen - 1] == '\0' &&
+ strstr((const char *) buf, "-----BEGIN CERTIFICATE-----") != NULL) {
buf_format = MBEDTLS_X509_FORMAT_PEM;
}
- if( buf_format == MBEDTLS_X509_FORMAT_DER )
- return mbedtls_x509_crt_parse_der( chain, buf, buflen );
+ if (buf_format == MBEDTLS_X509_FORMAT_DER) {
+ return mbedtls_x509_crt_parse_der(chain, buf, buflen);
+ }
#else
- return mbedtls_x509_crt_parse_der( chain, buf, buflen );
+ return mbedtls_x509_crt_parse_der(chain, buf, buflen);
#endif
#if defined(MBEDTLS_PEM_PARSE_C)
- if( buf_format == MBEDTLS_X509_FORMAT_PEM )
- {
+ if (buf_format == MBEDTLS_X509_FORMAT_PEM) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_pem_context pem;
/* 1 rather than 0 since the terminating NULL byte is counted in */
- while( buflen > 1 )
- {
+ while (buflen > 1) {
size_t use_len;
- mbedtls_pem_init( &pem );
+ mbedtls_pem_init(&pem);
/* If we get there, we know the string is null-terminated */
- ret = mbedtls_pem_read_buffer( &pem,
- "-----BEGIN CERTIFICATE-----",
- "-----END CERTIFICATE-----",
- buf, NULL, 0, &use_len );
+ ret = mbedtls_pem_read_buffer(&pem,
+ "-----BEGIN CERTIFICATE-----",
+ "-----END CERTIFICATE-----",
+ buf, NULL, 0, &use_len);
- if( ret == 0 )
- {
+ if (ret == 0) {
/*
* Was PEM encoded
*/
buflen -= use_len;
buf += use_len;
- }
- else if( ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA )
- {
- return( ret );
- }
- else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
- {
- mbedtls_pem_free( &pem );
+ } else if (ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA) {
+ return ret;
+ } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+ mbedtls_pem_free(&pem);
/*
* PEM header and footer were found
@@ -1478,29 +1491,31 @@
buflen -= use_len;
buf += use_len;
- if( first_error == 0 )
+ if (first_error == 0) {
first_error = ret;
+ }
total_failed++;
continue;
- }
- else
+ } else {
break;
+ }
- ret = mbedtls_x509_crt_parse_der( chain, pem.buf, pem.buflen );
+ ret = mbedtls_x509_crt_parse_der(chain, pem.buf, pem.buflen);
- mbedtls_pem_free( &pem );
+ mbedtls_pem_free(&pem);
- if( ret != 0 )
- {
+ if (ret != 0) {
/*
* Quit parsing on a memory error
*/
- if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED )
- return( ret );
+ if (ret == MBEDTLS_ERR_X509_ALLOC_FAILED) {
+ return ret;
+ }
- if( first_error == 0 )
+ if (first_error == 0) {
first_error = ret;
+ }
total_failed++;
continue;
@@ -1510,12 +1525,13 @@
}
}
- if( success )
- return( total_failed );
- else if( first_error )
- return( first_error );
- else
- return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT );
+ if (success) {
+ return total_failed;
+ } else if (first_error) {
+ return first_error;
+ } else {
+ return MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
+ }
#endif /* MBEDTLS_PEM_PARSE_C */
}
@@ -1523,24 +1539,25 @@
/*
* Load one or more certificates and add them to the chained list
*/
-int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path )
+int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
unsigned char *buf;
- if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
+ return ret;
+ }
- ret = mbedtls_x509_crt_parse( chain, buf, n );
+ ret = mbedtls_x509_crt_parse(chain, buf, n);
- mbedtls_platform_zeroize( buf, n );
- mbedtls_free( buf );
+ mbedtls_platform_zeroize(buf, n);
+ mbedtls_free(buf);
- return( ret );
+ return ret;
}
-int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
+int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)
{
int ret = 0;
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
@@ -1548,96 +1565,94 @@
WCHAR szDir[MAX_PATH];
char filename[MAX_PATH];
char *p;
- size_t len = strlen( path );
+ size_t len = strlen(path);
WIN32_FIND_DATAW file_data;
HANDLE hFind;
- if( len > MAX_PATH - 3 )
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ if (len > MAX_PATH - 3) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
- memset( szDir, 0, sizeof(szDir) );
- memset( filename, 0, MAX_PATH );
- memcpy( filename, path, len );
+ memset(szDir, 0, sizeof(szDir));
+ memset(filename, 0, MAX_PATH);
+ memcpy(filename, path, len);
filename[len++] = '\\';
p = filename + len;
filename[len++] = '*';
- w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir,
- MAX_PATH - 3 );
- if( w_ret == 0 )
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ w_ret = MultiByteToWideChar(CP_ACP, 0, filename, (int) len, szDir,
+ MAX_PATH - 3);
+ if (w_ret == 0) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
- hFind = FindFirstFileW( szDir, &file_data );
- if( hFind == INVALID_HANDLE_VALUE )
- return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
+ hFind = FindFirstFileW(szDir, &file_data);
+ if (hFind == INVALID_HANDLE_VALUE) {
+ return MBEDTLS_ERR_X509_FILE_IO_ERROR;
+ }
len = MAX_PATH - len;
- do
- {
- memset( p, 0, len );
+ do {
+ memset(p, 0, len);
- if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
+ if (file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
continue;
+ }
- w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
- lstrlenW( file_data.cFileName ),
- p, (int) len - 1,
- NULL, NULL );
- if( w_ret == 0 )
- {
+ w_ret = WideCharToMultiByte(CP_ACP, 0, file_data.cFileName,
+ lstrlenW(file_data.cFileName),
+ p, (int) len - 1,
+ NULL, NULL);
+ if (w_ret == 0) {
ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
goto cleanup;
}
- w_ret = mbedtls_x509_crt_parse_file( chain, filename );
- if( w_ret < 0 )
+ w_ret = mbedtls_x509_crt_parse_file(chain, filename);
+ if (w_ret < 0) {
ret++;
- else
+ } else {
ret += w_ret;
- }
- while( FindNextFileW( hFind, &file_data ) != 0 );
+ }
+ } while (FindNextFileW(hFind, &file_data) != 0);
- if( GetLastError() != ERROR_NO_MORE_FILES )
+ if (GetLastError() != ERROR_NO_MORE_FILES) {
ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
+ }
cleanup:
- FindClose( hFind );
+ FindClose(hFind);
#else /* _WIN32 */
int t_ret;
int snp_ret;
struct stat sb;
struct dirent *entry;
char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN];
- DIR *dir = opendir( path );
+ DIR *dir = opendir(path);
- if( dir == NULL )
- return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
+ if (dir == NULL) {
+ return MBEDTLS_ERR_X509_FILE_IO_ERROR;
+ }
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 )
- {
- closedir( dir );
- return( ret );
+ if ((ret = mbedtls_mutex_lock(&mbedtls_threading_readdir_mutex)) != 0) {
+ closedir(dir);
+ return ret;
}
#endif /* MBEDTLS_THREADING_C */
- memset( &sb, 0, sizeof( sb ) );
+ memset(&sb, 0, sizeof(sb));
- while( ( entry = readdir( dir ) ) != NULL )
- {
- snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name,
- "%s/%s", path, entry->d_name );
+ while ((entry = readdir(dir)) != NULL) {
+ snp_ret = mbedtls_snprintf(entry_name, sizeof entry_name,
+ "%s/%s", path, entry->d_name);
- if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name )
- {
+ if (snp_ret < 0 || (size_t) snp_ret >= sizeof entry_name) {
ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
goto cleanup;
- }
- else if( stat( entry_name, &sb ) == -1 )
- {
- if( errno == ENOENT )
- {
+ } else if (stat(entry_name, &sb) == -1) {
+ if (errno == ENOENT) {
/* Broken symbolic link - ignore this entry.
stat(2) will return this error for either (a) a dangling
symlink or (b) a missing file.
@@ -1645,38 +1660,39 @@
assume that it does exist and therefore treat this as a
dangling symlink. */
continue;
- }
- else
- {
+ } else {
/* Some other file error; report the error. */
ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
goto cleanup;
}
}
- if( !S_ISREG( sb.st_mode ) )
+ if (!S_ISREG(sb.st_mode)) {
continue;
+ }
// Ignore parse errors
//
- t_ret = mbedtls_x509_crt_parse_file( chain, entry_name );
- if( t_ret < 0 )
+ t_ret = mbedtls_x509_crt_parse_file(chain, entry_name);
+ if (t_ret < 0) {
ret++;
- else
+ } else {
ret += t_ret;
+ }
}
cleanup:
- closedir( dir );
+ closedir(dir);
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 )
+ if (mbedtls_mutex_unlock(&mbedtls_threading_readdir_mutex) != 0) {
ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+ }
#endif /* MBEDTLS_THREADING_C */
#endif /* _WIN32 */
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_FS_IO */
@@ -1692,8 +1708,8 @@
* NOTE: we currently only parse and use otherName of type HwModuleName,
* as defined in RFC 4108.
*/
-static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
- mbedtls_x509_san_other_name *other_name )
+static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name,
+ mbedtls_x509_san_other_name *other_name)
{
int ret = 0;
size_t len;
@@ -1701,19 +1717,19 @@
const unsigned char *end = p + subject_alt_name->len;
mbedtls_x509_buf cur_oid;
- if( ( subject_alt_name->tag &
- ( MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK ) ) !=
- ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ) )
- {
+ if ((subject_alt_name->tag &
+ (MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK)) !=
+ (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME)) {
/*
* The given subject alternative name is not of type "othername".
*/
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
}
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_OID ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_OID)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
cur_oid.tag = MBEDTLS_ASN1_OID;
cur_oid.p = p;
@@ -1722,62 +1738,63 @@
/*
* Only HwModuleName is currently supported.
*/
- if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid ) != 0 )
- {
- return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
+ if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) {
+ return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
}
- if( p + len >= end )
- {
- mbedtls_platform_zeroize( other_name, sizeof( *other_name ) );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (p + len >= end) {
+ mbedtls_platform_zeroize(other_name, sizeof(*other_name));
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
p += len;
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) !=
+ 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OID ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID;
other_name->value.hardware_module_name.oid.p = p;
other_name->value.hardware_module_name.oid.len = len;
- if( p + len >= end )
- {
- mbedtls_platform_zeroize( other_name, sizeof( *other_name ) );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (p + len >= end) {
+ mbedtls_platform_zeroize(other_name, sizeof(*other_name));
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
p += len;
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING;
other_name->value.hardware_module_name.val.p = p;
other_name->value.hardware_module_name.val.len = len;
p += len;
- if( p != end )
- {
- mbedtls_platform_zeroize( other_name,
- sizeof( *other_name ) );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (p != end) {
+ mbedtls_platform_zeroize(other_name,
+ sizeof(*other_name));
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
- return( 0 );
+ return 0;
}
-static int x509_info_subject_alt_name( char **buf, size_t *size,
- const mbedtls_x509_sequence
- *subject_alt_name,
- const char *prefix )
+static int x509_info_subject_alt_name(char **buf, size_t *size,
+ const mbedtls_x509_sequence
+ *subject_alt_name,
+ const char *prefix)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
@@ -1787,28 +1804,22 @@
mbedtls_x509_subject_alternative_name san;
int parse_ret;
- while( cur != NULL )
- {
- memset( &san, 0, sizeof( san ) );
- parse_ret = mbedtls_x509_parse_subject_alt_name( &cur->buf, &san );
- if( parse_ret != 0 )
- {
- if( parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
- {
- ret = mbedtls_snprintf( p, n, "\n%s <unsupported>", prefix );
+ while (cur != NULL) {
+ memset(&san, 0, sizeof(san));
+ parse_ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san);
+ if (parse_ret != 0) {
+ if (parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) {
+ ret = mbedtls_snprintf(p, n, "\n%s <unsupported>", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- }
- else
- {
- ret = mbedtls_snprintf( p, n, "\n%s <malformed>", prefix );
+ } else {
+ ret = mbedtls_snprintf(p, n, "\n%s <malformed>", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
}
cur = cur->next;
continue;
}
- switch( san.type )
- {
+ switch (san.type) {
/*
* otherName
*/
@@ -1816,26 +1827,31 @@
{
mbedtls_x509_san_other_name *other_name = &san.san.other_name;
- ret = mbedtls_snprintf( p, n, "\n%s otherName :", prefix );
+ ret = mbedtls_snprintf(p, n, "\n%s otherName :", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
- &other_name->value.hardware_module_name.oid ) != 0 )
- {
- ret = mbedtls_snprintf( p, n, "\n%s hardware module name :", prefix );
+ if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME,
+ &other_name->value.hardware_module_name.oid) != 0) {
+ ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, "\n%s hardware type : ", prefix );
+ ret =
+ mbedtls_snprintf(p, n, "\n%s hardware type : ", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_oid_get_numeric_string( p, n, &other_name->value.hardware_module_name.oid );
+ ret = mbedtls_oid_get_numeric_string(p,
+ n,
+ &other_name->value.hardware_module_name.oid);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix );
+ ret =
+ mbedtls_snprintf(p, n, "\n%s hardware serial number : ", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- for( i = 0; i < other_name->value.hardware_module_name.val.len; i++ )
- {
- ret = mbedtls_snprintf( p, n, "%02X", other_name->value.hardware_module_name.val.p[i] );
+ for (i = 0; i < other_name->value.hardware_module_name.val.len; i++) {
+ ret = mbedtls_snprintf(p,
+ n,
+ "%02X",
+ other_name->value.hardware_module_name.val.p[i]);
MBEDTLS_X509_SAFE_SNPRINTF;
}
}/* MBEDTLS_OID_ON_HW_MODULE_NAME */
@@ -1847,15 +1863,14 @@
*/
case MBEDTLS_X509_SAN_DNS_NAME:
{
- ret = mbedtls_snprintf( p, n, "\n%s dNSName : ", prefix );
+ ret = mbedtls_snprintf(p, n, "\n%s dNSName : ", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- if( san.san.unstructured_name.len >= n )
- {
+ if (san.san.unstructured_name.len >= n) {
*p = '\0';
- return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
}
- memcpy( p, san.san.unstructured_name.p, san.san.unstructured_name.len );
+ memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len);
p += san.san.unstructured_name.len;
n -= san.san.unstructured_name.len;
}
@@ -1865,7 +1880,7 @@
* Type not supported, skip item.
*/
default:
- ret = mbedtls_snprintf( p, n, "\n%s <unsupported>", prefix );
+ ret = mbedtls_snprintf(p, n, "\n%s <unsupported>", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
break;
}
@@ -1878,32 +1893,32 @@
*size = n;
*buf = p;
- return( 0 );
+ return 0;
}
-int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
- mbedtls_x509_subject_alternative_name *san )
+int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf,
+ mbedtls_x509_subject_alternative_name *san)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- switch( san_buf->tag &
- ( MBEDTLS_ASN1_TAG_CLASS_MASK |
- MBEDTLS_ASN1_TAG_VALUE_MASK ) )
- {
+ switch (san_buf->tag &
+ (MBEDTLS_ASN1_TAG_CLASS_MASK |
+ MBEDTLS_ASN1_TAG_VALUE_MASK)) {
/*
* otherName
*/
- case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ):
+ case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME):
{
mbedtls_x509_san_other_name other_name;
- ret = x509_get_other_name( san_buf, &other_name );
- if( ret != 0 )
- return( ret );
+ ret = x509_get_other_name(san_buf, &other_name);
+ if (ret != 0) {
+ return ret;
+ }
- memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) );
+ memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name));
san->type = MBEDTLS_X509_SAN_OTHER_NAME;
- memcpy( &san->san.other_name,
- &other_name, sizeof( other_name ) );
+ memcpy(&san->san.other_name,
+ &other_name, sizeof(other_name));
}
break;
@@ -1911,13 +1926,13 @@
/*
* dNSName
*/
- case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ):
+ case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME):
{
- memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) );
+ memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name));
san->type = MBEDTLS_X509_SAN_DNS_NAME;
- memcpy( &san->san.unstructured_name,
- san_buf, sizeof( *san_buf ) );
+ memcpy(&san->san.unstructured_name,
+ san_buf, sizeof(*san_buf));
}
break;
@@ -1926,75 +1941,75 @@
* Type not supported
*/
default:
- return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
}
- return( 0 );
+ return 0;
}
#define PRINT_ITEM(i) \
{ \
- ret = mbedtls_snprintf( p, n, "%s" i, sep ); \
+ ret = mbedtls_snprintf(p, n, "%s" i, sep); \
MBEDTLS_X509_SAFE_SNPRINTF; \
sep = ", "; \
}
-#define CERT_TYPE(type,name) \
- if( ns_cert_type & (type) ) \
- PRINT_ITEM( name );
+#define CERT_TYPE(type, name) \
+ if (ns_cert_type & (type)) \
+ PRINT_ITEM(name);
-static int x509_info_cert_type( char **buf, size_t *size,
- unsigned char ns_cert_type )
+static int x509_info_cert_type(char **buf, size_t *size,
+ unsigned char ns_cert_type)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n = *size;
char *p = *buf;
const char *sep = "";
- CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" );
- CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server" );
- CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" );
- CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" );
- CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" );
- CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA" );
- CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA" );
- CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" );
+ CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client");
+ CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server");
+ CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email");
+ CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing");
+ CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved");
+ CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA");
+ CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA");
+ CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA");
*size = n;
*buf = p;
- return( 0 );
+ return 0;
}
-#define KEY_USAGE(code,name) \
- if( key_usage & (code) ) \
- PRINT_ITEM( name );
+#define KEY_USAGE(code, name) \
+ if (key_usage & (code)) \
+ PRINT_ITEM(name);
-static int x509_info_key_usage( char **buf, size_t *size,
- unsigned int key_usage )
+static int x509_info_key_usage(char **buf, size_t *size,
+ unsigned int key_usage)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n = *size;
char *p = *buf;
const char *sep = "";
- KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" );
- KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" );
- KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment" );
- KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment" );
- KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" );
- KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" );
- KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" );
- KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only" );
- KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only" );
+ KEY_USAGE(MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature");
+ KEY_USAGE(MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation");
+ KEY_USAGE(MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment");
+ KEY_USAGE(MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment");
+ KEY_USAGE(MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement");
+ KEY_USAGE(MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign");
+ KEY_USAGE(MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign");
+ KEY_USAGE(MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only");
+ KEY_USAGE(MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only");
*size = n;
*buf = p;
- return( 0 );
+ return 0;
}
-static int x509_info_ext_key_usage( char **buf, size_t *size,
- const mbedtls_x509_sequence *extended_key_usage )
+static int x509_info_ext_key_usage(char **buf, size_t *size,
+ const mbedtls_x509_sequence *extended_key_usage)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const char *desc;
@@ -2003,12 +2018,12 @@
const mbedtls_x509_sequence *cur = extended_key_usage;
const char *sep = "";
- while( cur != NULL )
- {
- if( mbedtls_oid_get_extended_key_usage( &cur->buf, &desc ) != 0 )
+ while (cur != NULL) {
+ if (mbedtls_oid_get_extended_key_usage(&cur->buf, &desc) != 0) {
desc = "???";
+ }
- ret = mbedtls_snprintf( p, n, "%s%s", sep, desc );
+ ret = mbedtls_snprintf(p, n, "%s%s", sep, desc);
MBEDTLS_X509_SAFE_SNPRINTF;
sep = ", ";
@@ -2019,11 +2034,11 @@
*size = n;
*buf = p;
- return( 0 );
+ return 0;
}
-static int x509_info_cert_policies( char **buf, size_t *size,
- const mbedtls_x509_sequence *certificate_policies )
+static int x509_info_cert_policies(char **buf, size_t *size,
+ const mbedtls_x509_sequence *certificate_policies)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const char *desc;
@@ -2032,12 +2047,12 @@
const mbedtls_x509_sequence *cur = certificate_policies;
const char *sep = "";
- while( cur != NULL )
- {
- if( mbedtls_oid_get_certificate_policies( &cur->buf, &desc ) != 0 )
+ while (cur != NULL) {
+ if (mbedtls_oid_get_certificate_policies(&cur->buf, &desc) != 0) {
desc = "???";
+ }
- ret = mbedtls_snprintf( p, n, "%s%s", sep, desc );
+ ret = mbedtls_snprintf(p, n, "%s%s", sep, desc);
MBEDTLS_X509_SAFE_SNPRINTF;
sep = ", ";
@@ -2048,7 +2063,7 @@
*size = n;
*buf = p;
- return( 0 );
+ return 0;
}
/*
@@ -2056,8 +2071,8 @@
*/
#define BEFORE_COLON 18
#define BC "18"
-int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
- const mbedtls_x509_crt *crt )
+int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix,
+ const mbedtls_x509_crt *crt)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
@@ -2067,136 +2082,132 @@
p = buf;
n = size;
- if( NULL == crt )
- {
- ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" );
+ if (NULL == crt) {
+ ret = mbedtls_snprintf(p, n, "\nCertificate is uninitialised!\n");
MBEDTLS_X509_SAFE_SNPRINTF;
- return( (int) ( size - n ) );
+ return (int) (size - n);
}
- ret = mbedtls_snprintf( p, n, "%scert. version : %d\n",
- prefix, crt->version );
+ ret = mbedtls_snprintf(p, n, "%scert. version : %d\n",
+ prefix, crt->version);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, "%sserial number : ",
- prefix );
+ ret = mbedtls_snprintf(p, n, "%sserial number : ",
+ prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
+ ret = mbedtls_x509_serial_gets(p, n, &crt->serial);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix );
+ ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_x509_dn_gets( p, n, &crt->issuer );
+ ret = mbedtls_x509_dn_gets(p, n, &crt->issuer);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix );
+ ret = mbedtls_snprintf(p, n, "\n%ssubject name : ", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
+ ret = mbedtls_x509_dn_gets(p, n, &crt->subject);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, "\n%sissued on : " \
- "%04d-%02d-%02d %02d:%02d:%02d", prefix,
- crt->valid_from.year, crt->valid_from.mon,
- crt->valid_from.day, crt->valid_from.hour,
- crt->valid_from.min, crt->valid_from.sec );
+ ret = mbedtls_snprintf(p, n, "\n%sissued on : " \
+ "%04d-%02d-%02d %02d:%02d:%02d", prefix,
+ crt->valid_from.year, crt->valid_from.mon,
+ crt->valid_from.day, crt->valid_from.hour,
+ crt->valid_from.min, crt->valid_from.sec);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, "\n%sexpires on : " \
- "%04d-%02d-%02d %02d:%02d:%02d", prefix,
- crt->valid_to.year, crt->valid_to.mon,
- crt->valid_to.day, crt->valid_to.hour,
- crt->valid_to.min, crt->valid_to.sec );
+ ret = mbedtls_snprintf(p, n, "\n%sexpires on : " \
+ "%04d-%02d-%02d %02d:%02d:%02d", prefix,
+ crt->valid_to.year, crt->valid_to.mon,
+ crt->valid_to.day, crt->valid_to.hour,
+ crt->valid_to.min, crt->valid_to.sec);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
+ ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk,
- crt->sig_md, crt->sig_opts );
+ ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk,
+ crt->sig_md, crt->sig_opts);
MBEDTLS_X509_SAFE_SNPRINTF;
/* Key size */
- if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
- mbedtls_pk_get_name( &crt->pk ) ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON,
+ mbedtls_pk_get_name(&crt->pk))) != 0) {
+ return ret;
}
- ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
- (int) mbedtls_pk_get_bitlen( &crt->pk ) );
+ ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
+ (int) mbedtls_pk_get_bitlen(&crt->pk));
MBEDTLS_X509_SAFE_SNPRINTF;
/*
* Optional extensions
*/
- if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS )
- {
- ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix,
- crt->ca_istrue ? "true" : "false" );
+ if (crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) {
+ ret = mbedtls_snprintf(p, n, "\n%sbasic constraints : CA=%s", prefix,
+ crt->ca_istrue ? "true" : "false");
MBEDTLS_X509_SAFE_SNPRINTF;
- if( crt->max_pathlen > 0 )
- {
- ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 );
+ if (crt->max_pathlen > 0) {
+ ret = mbedtls_snprintf(p, n, ", max_pathlen=%d", crt->max_pathlen - 1);
MBEDTLS_X509_SAFE_SNPRINTF;
}
}
- if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
- {
- ret = mbedtls_snprintf( p, n, "\n%ssubject alt name :", prefix );
+ if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
+ ret = mbedtls_snprintf(p, n, "\n%ssubject alt name :", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- if( ( ret = x509_info_subject_alt_name( &p, &n,
- &crt->subject_alt_names,
- prefix ) ) != 0 )
- return( ret );
+ if ((ret = x509_info_subject_alt_name(&p, &n,
+ &crt->subject_alt_names,
+ prefix)) != 0) {
+ return ret;
+ }
}
- if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE )
- {
- ret = mbedtls_snprintf( p, n, "\n%scert. type : ", prefix );
+ if (crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) {
+ ret = mbedtls_snprintf(p, n, "\n%scert. type : ", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 )
- return( ret );
+ if ((ret = x509_info_cert_type(&p, &n, crt->ns_cert_type)) != 0) {
+ return ret;
+ }
}
- if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE )
- {
- ret = mbedtls_snprintf( p, n, "\n%skey usage : ", prefix );
+ if (crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) {
+ ret = mbedtls_snprintf(p, n, "\n%skey usage : ", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 )
- return( ret );
+ if ((ret = x509_info_key_usage(&p, &n, crt->key_usage)) != 0) {
+ return ret;
+ }
}
- if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE )
- {
- ret = mbedtls_snprintf( p, n, "\n%sext key usage : ", prefix );
+ if (crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) {
+ ret = mbedtls_snprintf(p, n, "\n%sext key usage : ", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- if( ( ret = x509_info_ext_key_usage( &p, &n,
- &crt->ext_key_usage ) ) != 0 )
- return( ret );
+ if ((ret = x509_info_ext_key_usage(&p, &n,
+ &crt->ext_key_usage)) != 0) {
+ return ret;
+ }
}
- if( crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES )
- {
- ret = mbedtls_snprintf( p, n, "\n%scertificate policies : ", prefix );
+ if (crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES) {
+ ret = mbedtls_snprintf(p, n, "\n%scertificate policies : ", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- if( ( ret = x509_info_cert_policies( &p, &n,
- &crt->certificate_policies ) ) != 0 )
- return( ret );
+ if ((ret = x509_info_cert_policies(&p, &n,
+ &crt->certificate_policies)) != 0) {
+ return ret;
+ }
}
- ret = mbedtls_snprintf( p, n, "\n" );
+ ret = mbedtls_snprintf(p, n, "\n");
MBEDTLS_X509_SAFE_SNPRINTF;
- return( (int) ( size - n ) );
+ return (int) (size - n);
}
struct x509_crt_verify_string {
@@ -2207,8 +2218,10 @@
static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
{ MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" },
{ MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" },
- { MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" },
- { MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" },
+ { MBEDTLS_X509_BADCERT_CN_MISMATCH,
+ "The certificate Common Name (CN) does not match with the expected CN" },
+ { MBEDTLS_X509_BADCERT_NOT_TRUSTED,
+ "The certificate is not correctly signed by the trusted CA" },
{ MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" },
{ MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" },
{ MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" },
@@ -2220,96 +2233,102 @@
{ MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
{ MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" },
{ MBEDTLS_X509_BADCERT_BAD_MD, "The certificate is signed with an unacceptable hash." },
- { MBEDTLS_X509_BADCERT_BAD_PK, "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
- { MBEDTLS_X509_BADCERT_BAD_KEY, "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." },
+ { MBEDTLS_X509_BADCERT_BAD_PK,
+ "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
+ { MBEDTLS_X509_BADCERT_BAD_KEY,
+ "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." },
{ MBEDTLS_X509_BADCRL_BAD_MD, "The CRL is signed with an unacceptable hash." },
- { MBEDTLS_X509_BADCRL_BAD_PK, "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
- { MBEDTLS_X509_BADCRL_BAD_KEY, "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." },
+ { MBEDTLS_X509_BADCRL_BAD_PK,
+ "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
+ { MBEDTLS_X509_BADCRL_BAD_KEY,
+ "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." },
{ 0, NULL }
};
-int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
- uint32_t flags )
+int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix,
+ uint32_t flags)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const struct x509_crt_verify_string *cur;
char *p = buf;
size_t n = size;
- for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ )
- {
- if( ( flags & cur->code ) == 0 )
+ for (cur = x509_crt_verify_strings; cur->string != NULL; cur++) {
+ if ((flags & cur->code) == 0) {
continue;
+ }
- ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string );
+ ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, cur->string);
MBEDTLS_X509_SAFE_SNPRINTF;
flags ^= cur->code;
}
- if( flags != 0 )
- {
- ret = mbedtls_snprintf( p, n, "%sUnknown reason "
- "(this should not happen)\n", prefix );
+ if (flags != 0) {
+ ret = mbedtls_snprintf(p, n, "%sUnknown reason "
+ "(this should not happen)\n", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
}
- return( (int) ( size - n ) );
+ return (int) (size - n);
}
#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
-int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
- unsigned int usage )
+int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt,
+ unsigned int usage)
{
unsigned int usage_must, usage_may;
unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY
- | MBEDTLS_X509_KU_DECIPHER_ONLY;
+ | MBEDTLS_X509_KU_DECIPHER_ONLY;
- if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 )
- return( 0 );
+ if ((crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) == 0) {
+ return 0;
+ }
usage_must = usage & ~may_mask;
- if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must )
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ if (((crt->key_usage & ~may_mask) & usage_must) != usage_must) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
usage_may = usage & may_mask;
- if( ( ( crt->key_usage & may_mask ) | usage_may ) != usage_may )
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ if (((crt->key_usage & may_mask) | usage_may) != usage_may) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
- return( 0 );
+ return 0;
}
#endif
#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
-int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
- const char *usage_oid,
- size_t usage_len )
+int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt,
+ const char *usage_oid,
+ size_t usage_len)
{
const mbedtls_x509_sequence *cur;
/* Extension is not mandatory, absent means no restriction */
- if( ( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) == 0 )
- return( 0 );
+ if ((crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) == 0) {
+ return 0;
+ }
/*
* Look for the requested usage (or wildcard ANY) in our list
*/
- for( cur = &crt->ext_key_usage; cur != NULL; cur = cur->next )
- {
+ for (cur = &crt->ext_key_usage; cur != NULL; cur = cur->next) {
const mbedtls_x509_buf *cur_oid = &cur->buf;
- if( cur_oid->len == usage_len &&
- memcmp( cur_oid->p, usage_oid, usage_len ) == 0 )
- {
- return( 0 );
+ if (cur_oid->len == usage_len &&
+ memcmp(cur_oid->p, usage_oid, usage_len) == 0) {
+ return 0;
}
- if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid ) == 0 )
- return( 0 );
+ if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid) == 0) {
+ return 0;
+ }
}
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
}
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
@@ -2317,44 +2336,41 @@
/*
* Return 1 if the certificate is revoked, or 0 otherwise.
*/
-int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl )
+int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl)
{
const mbedtls_x509_crl_entry *cur = &crl->entry;
- while( cur != NULL && cur->serial.len != 0 )
- {
- if( crt->serial.len == cur->serial.len &&
- memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
- {
- return( 1 );
+ while (cur != NULL && cur->serial.len != 0) {
+ if (crt->serial.len == cur->serial.len &&
+ memcmp(crt->serial.p, cur->serial.p, crt->serial.len) == 0) {
+ return 1;
}
cur = cur->next;
}
- return( 0 );
+ return 0;
}
/*
* Check that the given certificate is not revoked according to the CRL.
* Skip validation if no CRL for the given CA is present.
*/
-static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
- mbedtls_x509_crl *crl_list,
- const mbedtls_x509_crt_profile *profile )
+static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
+ mbedtls_x509_crl *crl_list,
+ const mbedtls_x509_crt_profile *profile)
{
int flags = 0;
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
const mbedtls_md_info_t *md_info;
- if( ca == NULL )
- return( flags );
+ if (ca == NULL) {
+ return flags;
+ }
- while( crl_list != NULL )
- {
- if( crl_list->version == 0 ||
- x509_name_cmp( &crl_list->issuer, &ca->subject ) != 0 )
- {
+ while (crl_list != NULL) {
+ if (crl_list->version == 0 ||
+ x509_name_cmp(&crl_list->issuer, &ca->subject) != 0) {
crl_list = crl_list->next;
continue;
}
@@ -2363,9 +2379,8 @@
* Check if the CA is configured to sign CRLs
*/
#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
- if( mbedtls_x509_crt_check_key_usage( ca,
- MBEDTLS_X509_KU_CRL_SIGN ) != 0 )
- {
+ if (mbedtls_x509_crt_check_key_usage(ca,
+ MBEDTLS_X509_KU_CRL_SIGN) != 0) {
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
break;
}
@@ -2374,27 +2389,28 @@
/*
* Check if CRL is correctly signed by the trusted CA
*/
- if( x509_profile_check_md_alg( profile, crl_list->sig_md ) != 0 )
+ if (x509_profile_check_md_alg(profile, crl_list->sig_md) != 0) {
flags |= MBEDTLS_X509_BADCRL_BAD_MD;
+ }
- if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 )
+ if (x509_profile_check_pk_alg(profile, crl_list->sig_pk) != 0) {
flags |= MBEDTLS_X509_BADCRL_BAD_PK;
+ }
- md_info = mbedtls_md_info_from_type( crl_list->sig_md );
- if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 )
- {
+ md_info = mbedtls_md_info_from_type(crl_list->sig_md);
+ if (mbedtls_md(md_info, crl_list->tbs.p, crl_list->tbs.len, hash) != 0) {
/* Note: this can't happen except after an internal error */
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
break;
}
- if( x509_profile_check_key( profile, &ca->pk ) != 0 )
+ if (x509_profile_check_key(profile, &ca->pk) != 0) {
flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
+ }
- if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
- crl_list->sig_md, hash, mbedtls_md_get_size( md_info ),
- crl_list->sig.p, crl_list->sig.len ) != 0 )
- {
+ if (mbedtls_pk_verify_ext(crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
+ crl_list->sig_md, hash, mbedtls_md_get_size(md_info),
+ crl_list->sig.p, crl_list->sig.len) != 0) {
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
break;
}
@@ -2402,17 +2418,18 @@
/*
* Check for validity of CRL (Do not drop out)
*/
- if( mbedtls_x509_time_is_past( &crl_list->next_update ) )
+ if (mbedtls_x509_time_is_past(&crl_list->next_update)) {
flags |= MBEDTLS_X509_BADCRL_EXPIRED;
+ }
- if( mbedtls_x509_time_is_future( &crl_list->this_update ) )
+ if (mbedtls_x509_time_is_future(&crl_list->this_update)) {
flags |= MBEDTLS_X509_BADCRL_FUTURE;
+ }
/*
* Check if certificate is revoked
*/
- if( mbedtls_x509_crt_is_revoked( crt, crl_list ) )
- {
+ if (mbedtls_x509_crt_is_revoked(crt, crl_list)) {
flags |= MBEDTLS_X509_BADCERT_REVOKED;
break;
}
@@ -2420,64 +2437,64 @@
crl_list = crl_list->next;
}
- return( flags );
+ return flags;
}
#endif /* MBEDTLS_X509_CRL_PARSE_C */
/*
* Check the signature of a certificate by its parent
*/
-static int x509_crt_check_signature( const mbedtls_x509_crt *child,
- mbedtls_x509_crt *parent,
- mbedtls_x509_crt_restart_ctx *rs_ctx )
+static int x509_crt_check_signature(const mbedtls_x509_crt *child,
+ mbedtls_x509_crt *parent,
+ mbedtls_x509_crt_restart_ctx *rs_ctx)
{
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
size_t hash_len;
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
const mbedtls_md_info_t *md_info;
- md_info = mbedtls_md_info_from_type( child->sig_md );
- hash_len = mbedtls_md_get_size( md_info );
+ md_info = mbedtls_md_info_from_type(child->sig_md);
+ hash_len = mbedtls_md_get_size(md_info);
/* Note: hash errors can happen only after an internal error */
- if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
- return( -1 );
+ if (mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash) != 0) {
+ return -1;
+ }
#else
psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
- psa_algorithm_t hash_alg = mbedtls_psa_translate_md( child->sig_md );
+ psa_algorithm_t hash_alg = mbedtls_psa_translate_md(child->sig_md);
- if( psa_hash_setup( &hash_operation, hash_alg ) != PSA_SUCCESS )
- return( -1 );
-
- if( psa_hash_update( &hash_operation, child->tbs.p, child->tbs.len )
- != PSA_SUCCESS )
- {
- return( -1 );
+ if (psa_hash_setup(&hash_operation, hash_alg) != PSA_SUCCESS) {
+ return -1;
}
- if( psa_hash_finish( &hash_operation, hash, sizeof( hash ), &hash_len )
- != PSA_SUCCESS )
- {
- return( -1 );
+ if (psa_hash_update(&hash_operation, child->tbs.p, child->tbs.len)
+ != PSA_SUCCESS) {
+ return -1;
+ }
+
+ if (psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_len)
+ != PSA_SUCCESS) {
+ return -1;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Skip expensive computation on obvious mismatch */
- if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) )
- return( -1 );
+ if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) {
+ return -1;
+ }
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA )
- {
- return( mbedtls_pk_verify_restartable( &parent->pk,
- child->sig_md, hash, hash_len,
- child->sig.p, child->sig.len, &rs_ctx->pk ) );
+ if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) {
+ return mbedtls_pk_verify_restartable(&parent->pk,
+ child->sig_md, hash, hash_len,
+ child->sig.p, child->sig.len, &rs_ctx->pk);
}
#else
(void) rs_ctx;
#endif
- return( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk,
- child->sig_md, hash, hash_len,
- child->sig.p, child->sig.len ) );
+ return mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk,
+ child->sig_md, hash, hash_len,
+ child->sig.p, child->sig.len);
}
/*
@@ -2486,35 +2503,37 @@
*
* top means parent is a locally-trusted certificate
*/
-static int x509_crt_check_parent( const mbedtls_x509_crt *child,
- const mbedtls_x509_crt *parent,
- int top )
+static int x509_crt_check_parent(const mbedtls_x509_crt *child,
+ const mbedtls_x509_crt *parent,
+ int top)
{
int need_ca_bit;
/* Parent must be the issuer */
- if( x509_name_cmp( &child->issuer, &parent->subject ) != 0 )
- return( -1 );
+ if (x509_name_cmp(&child->issuer, &parent->subject) != 0) {
+ return -1;
+ }
/* Parent must have the basicConstraints CA bit set as a general rule */
need_ca_bit = 1;
/* Exception: v1/v2 certificates that are locally trusted. */
- if( top && parent->version < 3 )
+ if (top && parent->version < 3) {
need_ca_bit = 0;
+ }
- if( need_ca_bit && ! parent->ca_istrue )
- return( -1 );
+ if (need_ca_bit && !parent->ca_istrue) {
+ return -1;
+ }
#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
- if( need_ca_bit &&
- mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 )
- {
- return( -1 );
+ if (need_ca_bit &&
+ mbedtls_x509_crt_check_key_usage(parent, MBEDTLS_X509_KU_KEY_CERT_SIGN) != 0) {
+ return -1;
}
#endif
- return( 0 );
+ return 0;
}
/*
@@ -2561,14 +2580,14 @@
* - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
*/
static int x509_crt_find_parent_in(
- mbedtls_x509_crt *child,
- mbedtls_x509_crt *candidates,
- mbedtls_x509_crt **r_parent,
- int *r_signature_is_good,
- int top,
- unsigned path_cnt,
- unsigned self_cnt,
- mbedtls_x509_crt_restart_ctx *rs_ctx )
+ mbedtls_x509_crt *child,
+ mbedtls_x509_crt *candidates,
+ mbedtls_x509_crt **r_parent,
+ int *r_signature_is_good,
+ int top,
+ unsigned path_cnt,
+ unsigned self_cnt,
+ mbedtls_x509_crt_restart_ctx *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_x509_crt *parent, *fallback_parent;
@@ -2576,8 +2595,7 @@
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/* did we have something in progress? */
- if( rs_ctx != NULL && rs_ctx->parent != NULL )
- {
+ if (rs_ctx != NULL && rs_ctx->parent != NULL) {
/* restore saved state */
parent = rs_ctx->parent;
fallback_parent = rs_ctx->fallback_parent;
@@ -2596,16 +2614,15 @@
fallback_parent = NULL;
fallback_signature_is_good = 0;
- for( parent = candidates; parent != NULL; parent = parent->next )
- {
+ for (parent = candidates; parent != NULL; parent = parent->next) {
/* basic parenting skills (name, CA bit, key usage) */
- if( x509_crt_check_parent( child, parent, top ) != 0 )
+ if (x509_crt_check_parent(child, parent, top) != 0) {
continue;
+ }
/* +1 because stored max_pathlen is 1 higher that the actual value */
- if( parent->max_pathlen > 0 &&
- (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt )
- {
+ if (parent->max_pathlen > 0 &&
+ (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt) {
continue;
}
@@ -2613,32 +2630,30 @@
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
check_signature:
#endif
- ret = x509_crt_check_signature( child, parent, rs_ctx );
+ ret = x509_crt_check_signature(child, parent, rs_ctx);
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
- {
+ if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
/* save state */
rs_ctx->parent = parent;
rs_ctx->fallback_parent = fallback_parent;
rs_ctx->fallback_signature_is_good = fallback_signature_is_good;
- return( ret );
+ return ret;
}
#else
(void) ret;
#endif
signature_is_good = ret == 0;
- if( top && ! signature_is_good )
+ if (top && !signature_is_good) {
continue;
+ }
/* optional time check */
- if( mbedtls_x509_time_is_past( &parent->valid_to ) ||
- mbedtls_x509_time_is_future( &parent->valid_from ) )
- {
- if( fallback_parent == NULL )
- {
+ if (mbedtls_x509_time_is_past(&parent->valid_to) ||
+ mbedtls_x509_time_is_future(&parent->valid_from)) {
+ if (fallback_parent == NULL) {
fallback_parent = parent;
fallback_signature_is_good = signature_is_good;
}
@@ -2652,13 +2667,12 @@
break;
}
- if( parent == NULL )
- {
+ if (parent == NULL) {
*r_parent = fallback_parent;
*r_signature_is_good = fallback_signature_is_good;
}
- return( 0 );
+ return 0;
}
/*
@@ -2684,14 +2698,14 @@
* - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
*/
static int x509_crt_find_parent(
- mbedtls_x509_crt *child,
- mbedtls_x509_crt *trust_ca,
- mbedtls_x509_crt **parent,
- int *parent_is_trusted,
- int *signature_is_good,
- unsigned path_cnt,
- unsigned self_cnt,
- mbedtls_x509_crt_restart_ctx *rs_ctx )
+ mbedtls_x509_crt *child,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crt **parent,
+ int *parent_is_trusted,
+ int *signature_is_good,
+ unsigned path_cnt,
+ unsigned self_cnt,
+ mbedtls_x509_crt_restart_ctx *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_x509_crt *search_list;
@@ -2700,48 +2714,46 @@
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/* restore then clear saved state if we have some stored */
- if( rs_ctx != NULL && rs_ctx->parent_is_trusted != -1 )
- {
+ if (rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) {
*parent_is_trusted = rs_ctx->parent_is_trusted;
rs_ctx->parent_is_trusted = -1;
}
#endif
- while( 1 ) {
+ while (1) {
search_list = *parent_is_trusted ? trust_ca : child->next;
- ret = x509_crt_find_parent_in( child, search_list,
- parent, signature_is_good,
- *parent_is_trusted,
- path_cnt, self_cnt, rs_ctx );
+ ret = x509_crt_find_parent_in(child, search_list,
+ parent, signature_is_good,
+ *parent_is_trusted,
+ path_cnt, self_cnt, rs_ctx);
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
- {
+ if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
/* save state */
rs_ctx->parent_is_trusted = *parent_is_trusted;
- return( ret );
+ return ret;
}
#else
(void) ret;
#endif
/* stop here if found or already in second iteration */
- if( *parent != NULL || *parent_is_trusted == 0 )
+ if (*parent != NULL || *parent_is_trusted == 0) {
break;
+ }
/* prepare second iteration */
*parent_is_trusted = 0;
}
/* extra precaution against mistakes in the caller */
- if( *parent == NULL )
- {
+ if (*parent == NULL) {
*parent_is_trusted = 0;
*signature_is_good = 0;
}
- return( 0 );
+ return 0;
}
/*
@@ -2751,27 +2763,26 @@
* check for self-issued as self-signatures are not checked)
*/
static int x509_crt_check_ee_locally_trusted(
- mbedtls_x509_crt *crt,
- mbedtls_x509_crt *trust_ca )
+ mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca)
{
mbedtls_x509_crt *cur;
/* must be self-issued */
- if( x509_name_cmp( &crt->issuer, &crt->subject ) != 0 )
- return( -1 );
+ if (x509_name_cmp(&crt->issuer, &crt->subject) != 0) {
+ return -1;
+ }
/* look for an exact match with trusted cert */
- for( cur = trust_ca; cur != NULL; cur = cur->next )
- {
- if( crt->raw.len == cur->raw.len &&
- memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 )
- {
- return( 0 );
+ for (cur = trust_ca; cur != NULL; cur = cur->next) {
+ if (crt->raw.len == cur->raw.len &&
+ memcmp(crt->raw.p, cur->raw.p, crt->raw.len) == 0) {
+ return 0;
}
}
/* too bad */
- return( -1 );
+ return -1;
}
/*
@@ -2815,14 +2826,14 @@
* even if it was found to be invalid
*/
static int x509_crt_verify_chain(
- mbedtls_x509_crt *crt,
- mbedtls_x509_crt *trust_ca,
- mbedtls_x509_crl *ca_crl,
- mbedtls_x509_crt_ca_cb_t f_ca_cb,
- void *p_ca_cb,
- const mbedtls_x509_crt_profile *profile,
- mbedtls_x509_crt_verify_chain *ver_chain,
- mbedtls_x509_crt_restart_ctx *rs_ctx )
+ mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crl *ca_crl,
+ mbedtls_x509_crt_ca_cb_t f_ca_cb,
+ void *p_ca_cb,
+ const mbedtls_x509_crt_profile *profile,
+ mbedtls_x509_crt_verify_chain *ver_chain,
+ mbedtls_x509_crt_restart_ctx *rs_ctx)
{
/* Don't initialize any of those variables here, so that the compiler can
* catch potential issues with jumping ahead when restarting */
@@ -2839,8 +2850,7 @@
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/* resume if we had an operation in progress */
- if( rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent )
- {
+ if (rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent) {
/* restore saved state */
*ver_chain = rs_ctx->ver_chain; /* struct copy */
self_cnt = rs_ctx->self_cnt;
@@ -2859,7 +2869,7 @@
parent_is_trusted = 0;
child_is_trusted = 0;
- while( 1 ) {
+ while (1) {
/* Add certificate to the verification chain */
cur = &ver_chain->items[ver_chain->len];
cur->crt = child;
@@ -2868,28 +2878,32 @@
flags = &cur->flags;
/* Check time-validity (all certificates) */
- if( mbedtls_x509_time_is_past( &child->valid_to ) )
+ if (mbedtls_x509_time_is_past(&child->valid_to)) {
*flags |= MBEDTLS_X509_BADCERT_EXPIRED;
+ }
- if( mbedtls_x509_time_is_future( &child->valid_from ) )
+ if (mbedtls_x509_time_is_future(&child->valid_from)) {
*flags |= MBEDTLS_X509_BADCERT_FUTURE;
+ }
/* Stop here for trusted roots (but not for trusted EE certs) */
- if( child_is_trusted )
- return( 0 );
+ if (child_is_trusted) {
+ return 0;
+ }
/* Check signature algorithm: MD & PK algs */
- if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
+ if (x509_profile_check_md_alg(profile, child->sig_md) != 0) {
*flags |= MBEDTLS_X509_BADCERT_BAD_MD;
+ }
- if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
+ if (x509_profile_check_pk_alg(profile, child->sig_pk) != 0) {
*flags |= MBEDTLS_X509_BADCERT_BAD_PK;
+ }
/* Special case: EE certs that are locally trusted */
- if( ver_chain->len == 1 &&
- x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 )
- {
- return( 0 );
+ if (ver_chain->len == 1 &&
+ x509_crt_check_ee_locally_trusted(child, trust_ca) == 0) {
+ return 0;
}
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
@@ -2899,19 +2913,18 @@
/* Obtain list of potential trusted signers from CA callback,
* or use statically provided list. */
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
- if( f_ca_cb != NULL )
- {
- mbedtls_x509_crt_free( ver_chain->trust_ca_cb_result );
- mbedtls_free( ver_chain->trust_ca_cb_result );
+ if (f_ca_cb != NULL) {
+ mbedtls_x509_crt_free(ver_chain->trust_ca_cb_result);
+ mbedtls_free(ver_chain->trust_ca_cb_result);
ver_chain->trust_ca_cb_result = NULL;
- ret = f_ca_cb( p_ca_cb, child, &ver_chain->trust_ca_cb_result );
- if( ret != 0 )
- return( MBEDTLS_ERR_X509_FATAL_ERROR );
+ ret = f_ca_cb(p_ca_cb, child, &ver_chain->trust_ca_cb_result);
+ if (ret != 0) {
+ return MBEDTLS_ERR_X509_FATAL_ERROR;
+ }
cur_trust_ca = ver_chain->trust_ca_cb_result;
- }
- else
+ } else
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
{
((void) f_ca_cb);
@@ -2920,60 +2933,58 @@
}
/* Look for a parent in trusted CAs or up the chain */
- ret = x509_crt_find_parent( child, cur_trust_ca, &parent,
- &parent_is_trusted, &signature_is_good,
- ver_chain->len - 1, self_cnt, rs_ctx );
+ ret = x509_crt_find_parent(child, cur_trust_ca, &parent,
+ &parent_is_trusted, &signature_is_good,
+ ver_chain->len - 1, self_cnt, rs_ctx);
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
- {
+ if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
/* save state */
rs_ctx->in_progress = x509_crt_rs_find_parent;
rs_ctx->self_cnt = self_cnt;
rs_ctx->ver_chain = *ver_chain; /* struct copy */
- return( ret );
+ return ret;
}
#else
(void) ret;
#endif
/* No parent? We're done here */
- if( parent == NULL )
- {
+ if (parent == NULL) {
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
- return( 0 );
+ return 0;
}
/* Count intermediate self-issued (not necessarily self-signed) certs.
* These can occur with some strategies for key rollover, see [SIRO],
* and should be excluded from max_pathlen checks. */
- if( ver_chain->len != 1 &&
- x509_name_cmp( &child->issuer, &child->subject ) == 0 )
- {
+ if (ver_chain->len != 1 &&
+ x509_name_cmp(&child->issuer, &child->subject) == 0) {
self_cnt++;
}
/* path_cnt is 0 for the first intermediate CA,
* and if parent is trusted it's not an intermediate CA */
- if( ! parent_is_trusted &&
- ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
- {
+ if (!parent_is_trusted &&
+ ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA) {
/* return immediately to avoid overflow the chain array */
- return( MBEDTLS_ERR_X509_FATAL_ERROR );
+ return MBEDTLS_ERR_X509_FATAL_ERROR;
}
/* signature was checked while searching parent */
- if( ! signature_is_good )
+ if (!signature_is_good) {
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
+ }
/* check size of signing key */
- if( x509_profile_check_key( profile, &parent->pk ) != 0 )
+ if (x509_profile_check_key(profile, &parent->pk) != 0) {
*flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
+ }
#if defined(MBEDTLS_X509_CRL_PARSE_C)
/* Check trusted CA's CRL for the given crt */
- *flags |= x509_crt_verifycrl( child, parent, ca_crl, profile );
+ *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile);
#else
(void) ca_crl;
#endif
@@ -2989,79 +3000,75 @@
/*
* Check for CN match
*/
-static int x509_crt_check_cn( const mbedtls_x509_buf *name,
- const char *cn, size_t cn_len )
+static int x509_crt_check_cn(const mbedtls_x509_buf *name,
+ const char *cn, size_t cn_len)
{
/* try exact match */
- if( name->len == cn_len &&
- x509_memcasecmp( cn, name->p, cn_len ) == 0 )
- {
- return( 0 );
+ if (name->len == cn_len &&
+ x509_memcasecmp(cn, name->p, cn_len) == 0) {
+ return 0;
}
/* try wildcard match */
- if( x509_check_wildcard( cn, name ) == 0 )
- {
- return( 0 );
+ if (x509_check_wildcard(cn, name) == 0) {
+ return 0;
}
- return( -1 );
+ return -1;
}
/*
* Check for SAN match, see RFC 5280 Section 4.2.1.6
*/
-static int x509_crt_check_san( const mbedtls_x509_buf *name,
- const char *cn, size_t cn_len )
+static int x509_crt_check_san(const mbedtls_x509_buf *name,
+ const char *cn, size_t cn_len)
{
const unsigned char san_type = (unsigned char) name->tag &
MBEDTLS_ASN1_TAG_VALUE_MASK;
/* dNSName */
- if( san_type == MBEDTLS_X509_SAN_DNS_NAME )
- return( x509_crt_check_cn( name, cn, cn_len ) );
+ if (san_type == MBEDTLS_X509_SAN_DNS_NAME) {
+ return x509_crt_check_cn(name, cn, cn_len);
+ }
/* (We may handle other types here later.) */
/* Unrecognized type */
- return( -1 );
+ return -1;
}
/*
* Verify the requested CN - only call this if cn is not NULL!
*/
-static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
- const char *cn,
- uint32_t *flags )
+static void x509_crt_verify_name(const mbedtls_x509_crt *crt,
+ const char *cn,
+ uint32_t *flags)
{
const mbedtls_x509_name *name;
const mbedtls_x509_sequence *cur;
- size_t cn_len = strlen( cn );
+ size_t cn_len = strlen(cn);
- if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
- {
- for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next )
- {
- if( x509_crt_check_san( &cur->buf, cn, cn_len ) == 0 )
- break;
- }
-
- if( cur == NULL )
- *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
- }
- else
- {
- for( name = &crt->subject; name != NULL; name = name->next )
- {
- if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 &&
- x509_crt_check_cn( &name->val, cn, cn_len ) == 0 )
- {
+ if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
+ for (cur = &crt->subject_alt_names; cur != NULL; cur = cur->next) {
+ if (x509_crt_check_san(&cur->buf, cn, cn_len) == 0) {
break;
}
}
- if( name == NULL )
+ if (cur == NULL) {
*flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
+ }
+ } else {
+ for (name = &crt->subject; name != NULL; name = name->next) {
+ if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 &&
+ x509_crt_check_cn(&name->val, cn, cn_len) == 0) {
+ break;
+ }
+ }
+
+ if (name == NULL) {
+ *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
+ }
}
}
@@ -3069,29 +3076,30 @@
* Merge the flags for all certs in the chain, after calling callback
*/
static int x509_crt_merge_flags_with_cb(
- uint32_t *flags,
- const mbedtls_x509_crt_verify_chain *ver_chain,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy )
+ uint32_t *flags,
+ const mbedtls_x509_crt_verify_chain *ver_chain,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned i;
uint32_t cur_flags;
const mbedtls_x509_crt_verify_chain_item *cur;
- for( i = ver_chain->len; i != 0; --i )
- {
+ for (i = ver_chain->len; i != 0; --i) {
cur = &ver_chain->items[i-1];
cur_flags = cur->flags;
- if( NULL != f_vrfy )
- if( ( ret = f_vrfy( p_vrfy, cur->crt, (int) i-1, &cur_flags ) ) != 0 )
- return( ret );
+ if (NULL != f_vrfy) {
+ if ((ret = f_vrfy(p_vrfy, cur->crt, (int) i-1, &cur_flags)) != 0) {
+ return ret;
+ }
+ }
*flags |= cur_flags;
}
- return( 0 );
+ return 0;
}
/*
@@ -3111,16 +3119,19 @@
* of trusted signers, and `ca_crl` will be use as the static list
* of CRLs.
*/
-static int x509_crt_verify_restartable_ca_cb( mbedtls_x509_crt *crt,
- mbedtls_x509_crt *trust_ca,
- mbedtls_x509_crl *ca_crl,
- mbedtls_x509_crt_ca_cb_t f_ca_cb,
- void *p_ca_cb,
- const mbedtls_x509_crt_profile *profile,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy,
- mbedtls_x509_crt_restart_ctx *rs_ctx )
+static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crl *ca_crl,
+ mbedtls_x509_crt_ca_cb_t f_ca_cb,
+ void *p_ca_cb,
+ const mbedtls_x509_crt_profile *profile,
+ const char *cn, uint32_t *flags,
+ int (*f_vrfy)(void *,
+ mbedtls_x509_crt *,
+ int,
+ uint32_t *),
+ void *p_vrfy,
+ mbedtls_x509_crt_restart_ctx *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_pk_type_t pk_type;
@@ -3129,105 +3140,110 @@
*flags = 0;
ee_flags = 0;
- x509_crt_verify_chain_reset( &ver_chain );
+ x509_crt_verify_chain_reset(&ver_chain);
- if( profile == NULL )
- {
+ if (profile == NULL) {
ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
goto exit;
}
/* check name if requested */
- if( cn != NULL )
- x509_crt_verify_name( crt, cn, &ee_flags );
+ if (cn != NULL) {
+ x509_crt_verify_name(crt, cn, &ee_flags);
+ }
/* Check the type and size of the key */
- pk_type = mbedtls_pk_get_type( &crt->pk );
+ pk_type = mbedtls_pk_get_type(&crt->pk);
- if( x509_profile_check_pk_alg( profile, pk_type ) != 0 )
+ if (x509_profile_check_pk_alg(profile, pk_type) != 0) {
ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
+ }
- if( x509_profile_check_key( profile, &crt->pk ) != 0 )
+ if (x509_profile_check_key(profile, &crt->pk) != 0) {
ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
+ }
/* Check the chain */
- ret = x509_crt_verify_chain( crt, trust_ca, ca_crl,
- f_ca_cb, p_ca_cb, profile,
- &ver_chain, rs_ctx );
+ ret = x509_crt_verify_chain(crt, trust_ca, ca_crl,
+ f_ca_cb, p_ca_cb, profile,
+ &ver_chain, rs_ctx);
- if( ret != 0 )
+ if (ret != 0) {
goto exit;
+ }
/* Merge end-entity flags */
ver_chain.items[0].flags |= ee_flags;
/* Build final flags, calling callback on the way if any */
- ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy );
+ ret = x509_crt_merge_flags_with_cb(flags, &ver_chain, f_vrfy, p_vrfy);
exit:
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
- mbedtls_x509_crt_free( ver_chain.trust_ca_cb_result );
- mbedtls_free( ver_chain.trust_ca_cb_result );
+ mbedtls_x509_crt_free(ver_chain.trust_ca_cb_result);
+ mbedtls_free(ver_chain.trust_ca_cb_result);
ver_chain.trust_ca_cb_result = NULL;
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
- mbedtls_x509_crt_restart_free( rs_ctx );
+ if (rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS) {
+ mbedtls_x509_crt_restart_free(rs_ctx);
+ }
#endif
/* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
* the SSL module for authmode optional, but non-zero return from the
* callback means a fatal error so it shouldn't be ignored */
- if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
+ if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
ret = MBEDTLS_ERR_X509_FATAL_ERROR;
-
- if( ret != 0 )
- {
- *flags = (uint32_t) -1;
- return( ret );
}
- if( *flags != 0 )
- return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
+ if (ret != 0) {
+ *flags = (uint32_t) -1;
+ return ret;
+ }
- return( 0 );
+ if (*flags != 0) {
+ return MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;
+ }
+
+ return 0;
}
/*
* Verify the certificate validity (default profile, not restartable)
*/
-int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
- mbedtls_x509_crt *trust_ca,
- mbedtls_x509_crl *ca_crl,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy )
+int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crl *ca_crl,
+ const char *cn, uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy)
{
- return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl,
- NULL, NULL,
- &mbedtls_x509_crt_profile_default,
- cn, flags,
- f_vrfy, p_vrfy, NULL ) );
+ return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl,
+ NULL, NULL,
+ &mbedtls_x509_crt_profile_default,
+ cn, flags,
+ f_vrfy, p_vrfy, NULL);
}
/*
* Verify the certificate validity (user-chosen profile, not restartable)
*/
-int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
- mbedtls_x509_crt *trust_ca,
- mbedtls_x509_crl *ca_crl,
- const mbedtls_x509_crt_profile *profile,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy )
+int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crl *ca_crl,
+ const mbedtls_x509_crt_profile *profile,
+ const char *cn, uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy)
{
- return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl,
- NULL, NULL,
- profile, cn, flags,
- f_vrfy, p_vrfy, NULL ) );
+ return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl,
+ NULL, NULL,
+ profile, cn, flags,
+ f_vrfy, p_vrfy, NULL);
}
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
@@ -3235,49 +3251,49 @@
* Verify the certificate validity (user-chosen profile, CA callback,
* not restartable).
*/
-int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt,
- mbedtls_x509_crt_ca_cb_t f_ca_cb,
- void *p_ca_cb,
- const mbedtls_x509_crt_profile *profile,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy )
+int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt,
+ mbedtls_x509_crt_ca_cb_t f_ca_cb,
+ void *p_ca_cb,
+ const mbedtls_x509_crt_profile *profile,
+ const char *cn, uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy)
{
- return( x509_crt_verify_restartable_ca_cb( crt, NULL, NULL,
- f_ca_cb, p_ca_cb,
- profile, cn, flags,
- f_vrfy, p_vrfy, NULL ) );
+ return x509_crt_verify_restartable_ca_cb(crt, NULL, NULL,
+ f_ca_cb, p_ca_cb,
+ profile, cn, flags,
+ f_vrfy, p_vrfy, NULL);
}
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
- mbedtls_x509_crt *trust_ca,
- mbedtls_x509_crl *ca_crl,
- const mbedtls_x509_crt_profile *profile,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy,
- mbedtls_x509_crt_restart_ctx *rs_ctx )
+int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crl *ca_crl,
+ const mbedtls_x509_crt_profile *profile,
+ const char *cn, uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy,
+ mbedtls_x509_crt_restart_ctx *rs_ctx)
{
- return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl,
- NULL, NULL,
- profile, cn, flags,
- f_vrfy, p_vrfy, rs_ctx ) );
+ return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl,
+ NULL, NULL,
+ profile, cn, flags,
+ f_vrfy, p_vrfy, rs_ctx);
}
/*
* Initialize a certificate chain
*/
-void mbedtls_x509_crt_init( mbedtls_x509_crt *crt )
+void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
{
- memset( crt, 0, sizeof(mbedtls_x509_crt) );
+ memset(crt, 0, sizeof(mbedtls_x509_crt));
}
/*
* Unallocate all certificate data
*/
-void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
+void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
{
mbedtls_x509_crt *cert_cur = crt;
mbedtls_x509_crt *cert_prv;
@@ -3286,95 +3302,87 @@
mbedtls_x509_sequence *seq_cur;
mbedtls_x509_sequence *seq_prv;
- if( crt == NULL )
+ if (crt == NULL) {
return;
+ }
- do
- {
- mbedtls_pk_free( &cert_cur->pk );
+ do {
+ mbedtls_pk_free(&cert_cur->pk);
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
- mbedtls_free( cert_cur->sig_opts );
+ mbedtls_free(cert_cur->sig_opts);
#endif
name_cur = cert_cur->issuer.next;
- while( name_cur != NULL )
- {
+ while (name_cur != NULL) {
name_prv = name_cur;
name_cur = name_cur->next;
- mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
- mbedtls_free( name_prv );
+ mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name));
+ mbedtls_free(name_prv);
}
name_cur = cert_cur->subject.next;
- while( name_cur != NULL )
- {
+ while (name_cur != NULL) {
name_prv = name_cur;
name_cur = name_cur->next;
- mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
- mbedtls_free( name_prv );
+ mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name));
+ mbedtls_free(name_prv);
}
seq_cur = cert_cur->ext_key_usage.next;
- while( seq_cur != NULL )
- {
+ while (seq_cur != NULL) {
seq_prv = seq_cur;
seq_cur = seq_cur->next;
- mbedtls_platform_zeroize( seq_prv,
- sizeof( mbedtls_x509_sequence ) );
- mbedtls_free( seq_prv );
+ mbedtls_platform_zeroize(seq_prv,
+ sizeof(mbedtls_x509_sequence));
+ mbedtls_free(seq_prv);
}
seq_cur = cert_cur->subject_alt_names.next;
- while( seq_cur != NULL )
- {
+ while (seq_cur != NULL) {
seq_prv = seq_cur;
seq_cur = seq_cur->next;
- mbedtls_platform_zeroize( seq_prv,
- sizeof( mbedtls_x509_sequence ) );
- mbedtls_free( seq_prv );
+ mbedtls_platform_zeroize(seq_prv,
+ sizeof(mbedtls_x509_sequence));
+ mbedtls_free(seq_prv);
}
seq_cur = cert_cur->certificate_policies.next;
- while( seq_cur != NULL )
- {
+ while (seq_cur != NULL) {
seq_prv = seq_cur;
seq_cur = seq_cur->next;
- mbedtls_platform_zeroize( seq_prv,
- sizeof( mbedtls_x509_sequence ) );
- mbedtls_free( seq_prv );
+ mbedtls_platform_zeroize(seq_prv,
+ sizeof(mbedtls_x509_sequence));
+ mbedtls_free(seq_prv);
}
- if( cert_cur->raw.p != NULL && cert_cur->own_buffer )
- {
- mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len );
- mbedtls_free( cert_cur->raw.p );
+ if (cert_cur->raw.p != NULL && cert_cur->own_buffer) {
+ mbedtls_platform_zeroize(cert_cur->raw.p, cert_cur->raw.len);
+ mbedtls_free(cert_cur->raw.p);
}
cert_cur = cert_cur->next;
- }
- while( cert_cur != NULL );
+ } while (cert_cur != NULL);
cert_cur = crt;
- do
- {
+ do {
cert_prv = cert_cur;
cert_cur = cert_cur->next;
- mbedtls_platform_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) );
- if( cert_prv != crt )
- mbedtls_free( cert_prv );
- }
- while( cert_cur != NULL );
+ mbedtls_platform_zeroize(cert_prv, sizeof(mbedtls_x509_crt));
+ if (cert_prv != crt) {
+ mbedtls_free(cert_prv);
+ }
+ } while (cert_cur != NULL);
}
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/*
* Initialize a restart context
*/
-void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx )
+void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx)
{
- mbedtls_pk_restart_init( &ctx->pk );
+ mbedtls_pk_restart_init(&ctx->pk);
ctx->parent = NULL;
ctx->fallback_parent = NULL;
@@ -3384,19 +3392,20 @@
ctx->in_progress = x509_crt_rs_none;
ctx->self_cnt = 0;
- x509_crt_verify_chain_reset( &ctx->ver_chain );
+ x509_crt_verify_chain_reset(&ctx->ver_chain);
}
/*
* Free the components of a restart context
*/
-void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx )
+void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_pk_restart_free( &ctx->pk );
- mbedtls_x509_crt_restart_init( ctx );
+ mbedtls_pk_restart_free(&ctx->pk);
+ mbedtls_x509_crt_restart_init(ctx);
}
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 1a22b77..89344d1 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -51,56 +51,56 @@
/*
* Version ::= INTEGER { v1(0) }
*/
-static int x509_csr_get_version( unsigned char **p,
- const unsigned char *end,
- int *ver )
+static int x509_csr_get_version(unsigned char **p,
+ const unsigned char *end,
+ int *ver)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
- {
- if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
- {
+ if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) {
+ if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
*ver = 0;
- return( 0 );
+ return 0;
}
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, ret ) );
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret);
}
- return( 0 );
+ return 0;
}
/*
* Parse a CSR in DER format
*/
-int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
- const unsigned char *buf, size_t buflen )
+int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr,
+ const unsigned char *buf, size_t buflen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
unsigned char *p, *end;
mbedtls_x509_buf sig_params;
- memset( &sig_params, 0, sizeof( mbedtls_x509_buf ) );
+ memset(&sig_params, 0, sizeof(mbedtls_x509_buf));
/*
* Check for valid input
*/
- if( csr == NULL || buf == NULL || buflen == 0 )
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ if (csr == NULL || buf == NULL || buflen == 0) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
- mbedtls_x509_csr_init( csr );
+ mbedtls_x509_csr_init(csr);
/*
* first copy the raw DER data
*/
- p = mbedtls_calloc( 1, len = buflen );
+ p = mbedtls_calloc(1, len = buflen);
- if( p == NULL )
- return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+ if (p == NULL) {
+ return MBEDTLS_ERR_X509_ALLOC_FAILED;
+ }
- memcpy( p, buf, buflen );
+ memcpy(p, buf, buflen);
csr->raw.p = p;
csr->raw.len = len;
@@ -113,18 +113,16 @@
* signature BIT STRING
* }
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- mbedtls_x509_csr_free( csr );
- return( MBEDTLS_ERR_X509_INVALID_FORMAT );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ mbedtls_x509_csr_free(csr);
+ return MBEDTLS_ERR_X509_INVALID_FORMAT;
}
- if( len != (size_t) ( end - p ) )
- {
- mbedtls_x509_csr_free( csr );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (len != (size_t) (end - p)) {
+ mbedtls_x509_csr_free(csr);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
/*
@@ -132,11 +130,10 @@
*/
csr->cri.p = p;
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- mbedtls_x509_csr_free( csr );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ mbedtls_x509_csr_free(csr);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
}
end = p + len;
@@ -145,16 +142,14 @@
/*
* Version ::= INTEGER { v1(0) }
*/
- if( ( ret = x509_csr_get_version( &p, end, &csr->version ) ) != 0 )
- {
- mbedtls_x509_csr_free( csr );
- return( ret );
+ if ((ret = x509_csr_get_version(&p, end, &csr->version)) != 0) {
+ mbedtls_x509_csr_free(csr);
+ return ret;
}
- if( csr->version != 0 )
- {
- mbedtls_x509_csr_free( csr );
- return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
+ if (csr->version != 0) {
+ mbedtls_x509_csr_free(csr);
+ return MBEDTLS_ERR_X509_UNKNOWN_VERSION;
}
csr->version++;
@@ -164,17 +159,15 @@
*/
csr->subject_raw.p = p;
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- mbedtls_x509_csr_free( csr );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ mbedtls_x509_csr_free(csr);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
}
- if( ( ret = mbedtls_x509_get_name( &p, p + len, &csr->subject ) ) != 0 )
- {
- mbedtls_x509_csr_free( csr );
- return( ret );
+ if ((ret = mbedtls_x509_get_name(&p, p + len, &csr->subject)) != 0) {
+ mbedtls_x509_csr_free(csr);
+ return ret;
}
csr->subject_raw.len = p - csr->subject_raw.p;
@@ -182,10 +175,9 @@
/*
* subjectPKInfo SubjectPublicKeyInfo
*/
- if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &csr->pk ) ) != 0 )
- {
- mbedtls_x509_csr_free( csr );
- return( ret );
+ if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &csr->pk)) != 0) {
+ mbedtls_x509_csr_free(csr);
+ return ret;
}
/*
@@ -198,11 +190,11 @@
* the requester's expectations - this cannot cause a violation of our
* signature policies.
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
- {
- mbedtls_x509_csr_free( csr );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) !=
+ 0) {
+ mbedtls_x509_csr_free(csr);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
}
p += len;
@@ -213,40 +205,36 @@
* signatureAlgorithm AlgorithmIdentifier,
* signature BIT STRING
*/
- if( ( ret = mbedtls_x509_get_alg( &p, end, &csr->sig_oid, &sig_params ) ) != 0 )
- {
- mbedtls_x509_csr_free( csr );
- return( ret );
+ if ((ret = mbedtls_x509_get_alg(&p, end, &csr->sig_oid, &sig_params)) != 0) {
+ mbedtls_x509_csr_free(csr);
+ return ret;
}
- if( ( ret = mbedtls_x509_get_sig_alg( &csr->sig_oid, &sig_params,
- &csr->sig_md, &csr->sig_pk,
- &csr->sig_opts ) ) != 0 )
- {
- mbedtls_x509_csr_free( csr );
- return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG );
+ if ((ret = mbedtls_x509_get_sig_alg(&csr->sig_oid, &sig_params,
+ &csr->sig_md, &csr->sig_pk,
+ &csr->sig_opts)) != 0) {
+ mbedtls_x509_csr_free(csr);
+ return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG;
}
- if( ( ret = mbedtls_x509_get_sig( &p, end, &csr->sig ) ) != 0 )
- {
- mbedtls_x509_csr_free( csr );
- return( ret );
+ if ((ret = mbedtls_x509_get_sig(&p, end, &csr->sig)) != 0) {
+ mbedtls_x509_csr_free(csr);
+ return ret;
}
- if( p != end )
- {
- mbedtls_x509_csr_free( csr );
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (p != end) {
+ mbedtls_x509_csr_free(csr);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
- return( 0 );
+ return 0;
}
/*
* Parse a CSR, allowing for PEM or raw DER encoding
*/
-int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen )
+int mbedtls_x509_csr_parse(mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen)
{
#if defined(MBEDTLS_PEM_PARSE_C)
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -257,61 +245,61 @@
/*
* Check for valid input
*/
- if( csr == NULL || buf == NULL || buflen == 0 )
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ if (csr == NULL || buf == NULL || buflen == 0) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
#if defined(MBEDTLS_PEM_PARSE_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( buf[buflen - 1] == '\0' )
- {
- mbedtls_pem_init( &pem );
- ret = mbedtls_pem_read_buffer( &pem,
- "-----BEGIN CERTIFICATE REQUEST-----",
- "-----END CERTIFICATE REQUEST-----",
- buf, NULL, 0, &use_len );
- if( ret == MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
- {
- ret = mbedtls_pem_read_buffer( &pem,
- "-----BEGIN NEW CERTIFICATE REQUEST-----",
- "-----END NEW CERTIFICATE REQUEST-----",
- buf, NULL, 0, &use_len );
+ if (buf[buflen - 1] == '\0') {
+ mbedtls_pem_init(&pem);
+ ret = mbedtls_pem_read_buffer(&pem,
+ "-----BEGIN CERTIFICATE REQUEST-----",
+ "-----END CERTIFICATE REQUEST-----",
+ buf, NULL, 0, &use_len);
+ if (ret == MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+ ret = mbedtls_pem_read_buffer(&pem,
+ "-----BEGIN NEW CERTIFICATE REQUEST-----",
+ "-----END NEW CERTIFICATE REQUEST-----",
+ buf, NULL, 0, &use_len);
}
- if( ret == 0 )
- {
+ if (ret == 0) {
/*
* Was PEM encoded, parse the result
*/
- ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen );
+ ret = mbedtls_x509_csr_parse_der(csr, pem.buf, pem.buflen);
}
- mbedtls_pem_free( &pem );
- if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
- return( ret );
+ mbedtls_pem_free(&pem);
+ if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+ return ret;
+ }
}
#endif /* MBEDTLS_PEM_PARSE_C */
- return( mbedtls_x509_csr_parse_der( csr, buf, buflen ) );
+ return mbedtls_x509_csr_parse_der(csr, buf, buflen);
}
#if defined(MBEDTLS_FS_IO)
/*
* Load a CSR into the structure
*/
-int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path )
+int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
unsigned char *buf;
- if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
+ return ret;
+ }
- ret = mbedtls_x509_csr_parse( csr, buf, n );
+ ret = mbedtls_x509_csr_parse(csr, buf, n);
- mbedtls_platform_zeroize( buf, n );
- mbedtls_free( buf );
+ mbedtls_platform_zeroize(buf, n);
+ mbedtls_free(buf);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_FS_IO */
@@ -320,8 +308,8 @@
/*
* Return an informational string about the CSR.
*/
-int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
- const mbedtls_x509_csr *csr )
+int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix,
+ const mbedtls_x509_csr *csr)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
@@ -331,76 +319,74 @@
p = buf;
n = size;
- ret = mbedtls_snprintf( p, n, "%sCSR version : %d",
- prefix, csr->version );
+ ret = mbedtls_snprintf(p, n, "%sCSR version : %d",
+ prefix, csr->version);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix );
+ ret = mbedtls_snprintf(p, n, "\n%ssubject name : ", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_x509_dn_gets( p, n, &csr->subject );
+ ret = mbedtls_x509_dn_gets(p, n, &csr->subject);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
+ ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md,
- csr->sig_opts );
+ ret = mbedtls_x509_sig_alg_gets(p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md,
+ csr->sig_opts);
MBEDTLS_X509_SAFE_SNPRINTF;
- if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
- mbedtls_pk_get_name( &csr->pk ) ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON,
+ mbedtls_pk_get_name(&csr->pk))) != 0) {
+ return ret;
}
- ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
- (int) mbedtls_pk_get_bitlen( &csr->pk ) );
+ ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
+ (int) mbedtls_pk_get_bitlen(&csr->pk));
MBEDTLS_X509_SAFE_SNPRINTF;
- return( (int) ( size - n ) );
+ return (int) (size - n);
}
/*
* Initialize a CSR
*/
-void mbedtls_x509_csr_init( mbedtls_x509_csr *csr )
+void mbedtls_x509_csr_init(mbedtls_x509_csr *csr)
{
- memset( csr, 0, sizeof(mbedtls_x509_csr) );
+ memset(csr, 0, sizeof(mbedtls_x509_csr));
}
/*
* Unallocate all CSR data
*/
-void mbedtls_x509_csr_free( mbedtls_x509_csr *csr )
+void mbedtls_x509_csr_free(mbedtls_x509_csr *csr)
{
mbedtls_x509_name *name_cur;
mbedtls_x509_name *name_prv;
- if( csr == NULL )
+ if (csr == NULL) {
return;
+ }
- mbedtls_pk_free( &csr->pk );
+ mbedtls_pk_free(&csr->pk);
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
- mbedtls_free( csr->sig_opts );
+ mbedtls_free(csr->sig_opts);
#endif
name_cur = csr->subject.next;
- while( name_cur != NULL )
- {
+ while (name_cur != NULL) {
name_prv = name_cur;
name_cur = name_cur->next;
- mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
- mbedtls_free( name_prv );
+ mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name));
+ mbedtls_free(name_prv);
}
- if( csr->raw.p != NULL )
- {
- mbedtls_platform_zeroize( csr->raw.p, csr->raw.len );
- mbedtls_free( csr->raw.p );
+ if (csr->raw.p != NULL) {
+ mbedtls_platform_zeroize(csr->raw.p, csr->raw.len);
+ mbedtls_free(csr->raw.p);
}
- mbedtls_platform_zeroize( csr, sizeof( mbedtls_x509_csr ) );
+ mbedtls_platform_zeroize(csr, sizeof(mbedtls_x509_csr));
}
#endif /* MBEDTLS_X509_CSR_PARSE_C */
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 0c5e991..4a65939 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -40,258 +40,264 @@
#include "mbedtls/pem.h"
#endif /* MBEDTLS_PEM_WRITE_C */
-void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
+void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
{
- memset( ctx, 0, sizeof( mbedtls_x509write_cert ) );
+ memset(ctx, 0, sizeof(mbedtls_x509write_cert));
- mbedtls_mpi_init( &ctx->serial );
+ mbedtls_mpi_init(&ctx->serial);
ctx->version = MBEDTLS_X509_CRT_VERSION_3;
}
-void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx )
+void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx)
{
- mbedtls_mpi_free( &ctx->serial );
+ mbedtls_mpi_free(&ctx->serial);
- mbedtls_asn1_free_named_data_list( &ctx->subject );
- mbedtls_asn1_free_named_data_list( &ctx->issuer );
- mbedtls_asn1_free_named_data_list( &ctx->extensions );
+ mbedtls_asn1_free_named_data_list(&ctx->subject);
+ mbedtls_asn1_free_named_data_list(&ctx->issuer);
+ mbedtls_asn1_free_named_data_list(&ctx->extensions);
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_cert ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_x509write_cert));
}
-void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx,
- int version )
+void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx,
+ int version)
{
ctx->version = version;
}
-void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx,
- mbedtls_md_type_t md_alg )
+void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx,
+ mbedtls_md_type_t md_alg)
{
ctx->md_alg = md_alg;
}
-void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx,
- mbedtls_pk_context *key )
+void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx,
+ mbedtls_pk_context *key)
{
ctx->subject_key = key;
}
-void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx,
- mbedtls_pk_context *key )
+void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx,
+ mbedtls_pk_context *key)
{
ctx->issuer_key = key;
}
-int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
- const char *subject_name )
+int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx,
+ const char *subject_name)
{
- return mbedtls_x509_string_to_names( &ctx->subject, subject_name );
+ return mbedtls_x509_string_to_names(&ctx->subject, subject_name);
}
-int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
- const char *issuer_name )
+int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx,
+ const char *issuer_name)
{
- return mbedtls_x509_string_to_names( &ctx->issuer, issuer_name );
+ return mbedtls_x509_string_to_names(&ctx->issuer, issuer_name);
}
-int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx,
- const mbedtls_mpi *serial )
+int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx,
+ const mbedtls_mpi *serial)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ( ret = mbedtls_mpi_copy( &ctx->serial, serial ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_mpi_copy(&ctx->serial, serial)) != 0) {
+ return ret;
+ }
- return( 0 );
+ return 0;
}
-int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx,
- const char *not_before,
- const char *not_after )
+int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx,
+ const char *not_before,
+ const char *not_after)
{
- if( strlen( not_before ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 ||
- strlen( not_after ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 )
- {
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ if (strlen(not_before) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 ||
+ strlen(not_after) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
}
- strncpy( ctx->not_before, not_before, MBEDTLS_X509_RFC5280_UTC_TIME_LEN );
- strncpy( ctx->not_after , not_after , MBEDTLS_X509_RFC5280_UTC_TIME_LEN );
+ strncpy(ctx->not_before, not_before, MBEDTLS_X509_RFC5280_UTC_TIME_LEN);
+ strncpy(ctx->not_after, not_after, MBEDTLS_X509_RFC5280_UTC_TIME_LEN);
ctx->not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z';
ctx->not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z';
- return( 0 );
+ return 0;
}
-int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
- const char *oid, size_t oid_len,
- int critical,
- const unsigned char *val, size_t val_len )
+int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx,
+ const char *oid, size_t oid_len,
+ int critical,
+ const unsigned char *val, size_t val_len)
{
- return( mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len,
- critical, val, val_len ) );
+ return mbedtls_x509_set_extension(&ctx->extensions, oid, oid_len,
+ critical, val, val_len);
}
-int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
- int is_ca, int max_pathlen )
+int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx,
+ int is_ca, int max_pathlen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char buf[9];
unsigned char *c = buf + sizeof(buf);
size_t len = 0;
- memset( buf, 0, sizeof(buf) );
+ memset(buf, 0, sizeof(buf));
- if( is_ca && max_pathlen > 127 )
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-
- if( is_ca )
- {
- if( max_pathlen >= 0 )
- {
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf,
- max_pathlen ) );
- }
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( &c, buf, 1 ) );
+ if (is_ca && max_pathlen > 127) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
}
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf,
- MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ if (is_ca) {
+ if (max_pathlen >= 0) {
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf,
+ max_pathlen));
+ }
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_bool(&c, buf, 1));
+ }
- return(
- mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ),
- is_ca, buf + sizeof(buf) - len, len ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
+
+ return
+ mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_BASIC_CONSTRAINTS,
+ MBEDTLS_OID_SIZE(MBEDTLS_OID_BASIC_CONSTRAINTS),
+ is_ca, buf + sizeof(buf) - len, len);
}
#if defined(MBEDTLS_SHA1_C)
-int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx )
+int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
unsigned char *c = buf + sizeof(buf);
size_t len = 0;
- memset( buf, 0, sizeof(buf) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) );
+ memset(buf, 0, sizeof(buf));
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_pk_write_pubkey(&c, buf, ctx->subject_key));
- ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len,
- buf + sizeof( buf ) - 20 );
- if( ret != 0 )
- return( ret );
- c = buf + sizeof( buf ) - 20;
+ ret = mbedtls_sha1_ret(buf + sizeof(buf) - len, len,
+ buf + sizeof(buf) - 20);
+ if (ret != 0) {
+ return ret;
+ }
+ c = buf + sizeof(buf) - 20;
len = 20;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_OCTET_STRING ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_OCTET_STRING));
- return mbedtls_x509write_crt_set_extension( ctx,
- MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ),
- 0, buf + sizeof(buf) - len, len );
+ return mbedtls_x509write_crt_set_extension(ctx,
+ MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
+ MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER),
+ 0, buf + sizeof(buf) - len, len);
}
-int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx )
+int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
- unsigned char *c = buf + sizeof( buf );
+ unsigned char *c = buf + sizeof(buf);
size_t len = 0;
- memset( buf, 0, sizeof(buf) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) );
+ memset(buf, 0, sizeof(buf));
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_pk_write_pubkey(&c, buf, ctx->issuer_key));
- ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len,
- buf + sizeof( buf ) - 20 );
- if( ret != 0 )
- return( ret );
- c = buf + sizeof( buf ) - 20;
+ ret = mbedtls_sha1_ret(buf + sizeof(buf) - len, len,
+ buf + sizeof(buf) - 20);
+ if (ret != 0) {
+ return ret;
+ }
+ c = buf + sizeof(buf) - 20;
len = 20;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0 ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0));
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_tag( &c, buf,
- MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_tag(&c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
return mbedtls_x509write_crt_set_extension(
ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
- 0, buf + sizeof( buf ) - len, len );
+ MBEDTLS_OID_SIZE(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER),
+ 0, buf + sizeof(buf) - len, len);
}
#endif /* MBEDTLS_SHA1_C */
-int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
- unsigned int key_usage )
+int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx,
+ unsigned int key_usage)
{
- unsigned char buf[5] = {0}, ku[2] = {0};
+ unsigned char buf[5] = { 0 }, ku[2] = { 0 };
unsigned char *c;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned int allowed_bits = MBEDTLS_X509_KU_DIGITAL_SIGNATURE |
- MBEDTLS_X509_KU_NON_REPUDIATION |
- MBEDTLS_X509_KU_KEY_ENCIPHERMENT |
- MBEDTLS_X509_KU_DATA_ENCIPHERMENT |
- MBEDTLS_X509_KU_KEY_AGREEMENT |
- MBEDTLS_X509_KU_KEY_CERT_SIGN |
- MBEDTLS_X509_KU_CRL_SIGN |
- MBEDTLS_X509_KU_ENCIPHER_ONLY |
- MBEDTLS_X509_KU_DECIPHER_ONLY;
+ MBEDTLS_X509_KU_NON_REPUDIATION |
+ MBEDTLS_X509_KU_KEY_ENCIPHERMENT |
+ MBEDTLS_X509_KU_DATA_ENCIPHERMENT |
+ MBEDTLS_X509_KU_KEY_AGREEMENT |
+ MBEDTLS_X509_KU_KEY_CERT_SIGN |
+ MBEDTLS_X509_KU_CRL_SIGN |
+ MBEDTLS_X509_KU_ENCIPHER_ONLY |
+ MBEDTLS_X509_KU_DECIPHER_ONLY;
/* Check that nothing other than the allowed flags is set */
- if( ( key_usage & ~allowed_bits ) != 0 )
- return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
+ if ((key_usage & ~allowed_bits) != 0) {
+ return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
+ }
c = buf + 5;
- MBEDTLS_PUT_UINT16_LE( key_usage, ku, 0 );
- ret = mbedtls_asn1_write_named_bitstring( &c, buf, ku, 9 );
+ MBEDTLS_PUT_UINT16_LE(key_usage, ku, 0);
+ ret = mbedtls_asn1_write_named_bitstring(&c, buf, ku, 9);
- if( ret < 0 )
- return( ret );
- else if( ret < 3 || ret > 5 )
- return( MBEDTLS_ERR_X509_INVALID_FORMAT );
+ if (ret < 0) {
+ return ret;
+ } else if (ret < 3 || ret > 5) {
+ return MBEDTLS_ERR_X509_INVALID_FORMAT;
+ }
- ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
- 1, c, (size_t)ret );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_KEY_USAGE,
+ MBEDTLS_OID_SIZE(MBEDTLS_OID_KEY_USAGE),
+ 1, c, (size_t) ret);
+ if (ret != 0) {
+ return ret;
+ }
- return( 0 );
+ return 0;
}
-int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
- unsigned char ns_cert_type )
+int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx,
+ unsigned char ns_cert_type)
{
- unsigned char buf[4] = {0};
+ unsigned char buf[4] = { 0 };
unsigned char *c;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
c = buf + 4;
- ret = mbedtls_asn1_write_named_bitstring( &c, buf, &ns_cert_type, 8 );
- if( ret < 3 || ret > 4 )
- return( ret );
+ ret = mbedtls_asn1_write_named_bitstring(&c, buf, &ns_cert_type, 8);
+ if (ret < 3 || ret > 4) {
+ return ret;
+ }
- ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
- 0, c, (size_t)ret );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_NS_CERT_TYPE,
+ MBEDTLS_OID_SIZE(MBEDTLS_OID_NS_CERT_TYPE),
+ 0, c, (size_t) ret);
+ if (ret != 0) {
+ return ret;
+ }
- return( 0 );
+ return 0;
}
-static int x509_write_time( unsigned char **p, unsigned char *start,
- const char *t, size_t size )
+static int x509_write_time(unsigned char **p, unsigned char *start,
+ const char *t, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
@@ -299,32 +305,29 @@
/*
* write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter)
*/
- if( t[0] < '2' || ( t[0] == '2' && t[1] == '0' && t[2] < '5' ) )
- {
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
- (const unsigned char *) t + 2,
- size - 2 ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
- MBEDTLS_ASN1_UTC_TIME ) );
- }
- else
- {
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
- (const unsigned char *) t,
- size ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
- MBEDTLS_ASN1_GENERALIZED_TIME ) );
+ if (t[0] < '2' || (t[0] == '2' && t[1] == '0' && t[2] < '5')) {
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
+ (const unsigned char *) t + 2,
+ size - 2));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
+ MBEDTLS_ASN1_UTC_TIME));
+ } else {
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
+ (const unsigned char *) t,
+ size));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
+ MBEDTLS_ASN1_GENERALIZED_TIME));
}
- return( (int) len );
+ return (int) len;
}
-int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx,
- unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
+ unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const char *sig_oid;
@@ -345,17 +348,17 @@
/* There's no direct way of extracting a signature algorithm
* (represented as an element of mbedtls_pk_type_t) from a PK instance. */
- if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_RSA ) )
+ if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_RSA)) {
pk_alg = MBEDTLS_PK_RSA;
- else if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_ECDSA ) )
+ } else if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_ECDSA)) {
pk_alg = MBEDTLS_PK_ECDSA;
- else
- return( MBEDTLS_ERR_X509_INVALID_ALG );
+ } else {
+ return MBEDTLS_ERR_X509_INVALID_ALG;
+ }
- if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
- &sig_oid, &sig_oid_len ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg,
+ &sig_oid, &sig_oid_len)) != 0) {
+ return ret;
}
/*
@@ -363,38 +366,37 @@
*/
/* Only for v3 */
- if( ctx->version == MBEDTLS_X509_CRT_VERSION_3 )
- {
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_x509_write_extensions( &c,
- buf, ctx->extensions ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_tag( &c, buf,
- MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_tag( &c, buf,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED | 3 ) );
+ if (ctx->version == MBEDTLS_X509_CRT_VERSION_3) {
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_x509_write_extensions(&c,
+ buf, ctx->extensions));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_tag(&c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_tag(&c, buf,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED | 3));
}
/*
* SubjectPublicKeyInfo
*/
- MBEDTLS_ASN1_CHK_ADD( pub_len,
- mbedtls_pk_write_pubkey_der( ctx->subject_key,
- buf, c - buf ) );
+ MBEDTLS_ASN1_CHK_ADD(pub_len,
+ mbedtls_pk_write_pubkey_der(ctx->subject_key,
+ buf, c - buf));
c -= pub_len;
len += pub_len;
/*
* Subject ::= Name
*/
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_x509_write_names( &c, buf,
- ctx->subject ) );
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_x509_write_names(&c, buf,
+ ctx->subject));
/*
* Validity ::= SEQUENCE {
@@ -403,93 +405,91 @@
*/
sub_len = 0;
- MBEDTLS_ASN1_CHK_ADD( sub_len,
- x509_write_time( &c, buf, ctx->not_after,
- MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
+ MBEDTLS_ASN1_CHK_ADD(sub_len,
+ x509_write_time(&c, buf, ctx->not_after,
+ MBEDTLS_X509_RFC5280_UTC_TIME_LEN));
- MBEDTLS_ASN1_CHK_ADD( sub_len,
- x509_write_time( &c, buf, ctx->not_before,
- MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
+ MBEDTLS_ASN1_CHK_ADD(sub_len,
+ x509_write_time(&c, buf, ctx->not_before,
+ MBEDTLS_X509_RFC5280_UTC_TIME_LEN));
len += sub_len;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, sub_len ) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_tag( &c, buf,
- MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, sub_len));
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_tag(&c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
/*
* Issuer ::= Name
*/
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, buf,
- ctx->issuer ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_names(&c, buf,
+ ctx->issuer));
/*
* Signature ::= AlgorithmIdentifier
*/
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_algorithm_identifier( &c, buf,
- sig_oid, strlen( sig_oid ), 0 ) );
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_algorithm_identifier(&c, buf,
+ sig_oid, strlen(sig_oid), 0));
/*
* Serial ::= INTEGER
*/
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf,
- &ctx->serial ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&c, buf,
+ &ctx->serial));
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*/
/* Can be omitted for v1 */
- if( ctx->version != MBEDTLS_X509_CRT_VERSION_1 )
- {
+ if (ctx->version != MBEDTLS_X509_CRT_VERSION_1) {
sub_len = 0;
- MBEDTLS_ASN1_CHK_ADD( sub_len,
- mbedtls_asn1_write_int( &c, buf, ctx->version ) );
+ MBEDTLS_ASN1_CHK_ADD(sub_len,
+ mbedtls_asn1_write_int(&c, buf, ctx->version));
len += sub_len;
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_len( &c, buf, sub_len ) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_tag( &c, buf,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_len(&c, buf, sub_len));
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_tag(&c, buf,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED | 0));
}
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
/*
* Make signature
*/
/* Compute hash of CRT. */
- if( ( ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c,
- len, hash ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c,
+ len, hash)) != 0) {
+ return ret;
}
- if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg,
- hash, 0, sig, &sig_len,
- f_rng, p_rng ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg,
+ hash, 0, sig, &sig_len,
+ f_rng, p_rng)) != 0) {
+ return ret;
}
/* Move CRT to the front of the buffer to have space
* for the signature. */
- memmove( buf, c, len );
+ memmove(buf, c, len);
c = buf + len;
/* Add signature at the end of the buffer,
* making sure that it doesn't underflow
* into the CRT buffer. */
c2 = buf + size;
- MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, c,
- sig_oid, sig_oid_len, sig, sig_len ) );
+ MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c,
+ sig_oid, sig_oid_len, sig,
+ sig_len));
/*
* Memory layout after this step:
@@ -500,43 +500,41 @@
/* Move raw CRT to just before the signature. */
c = c2 - len;
- memmove( c, buf, len );
+ memmove(c, buf, len);
len += sig_and_oid_len;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf,
- MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
- return( (int) len );
+ return (int) len;
}
#define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----\n"
#define PEM_END_CRT "-----END CERTIFICATE-----\n"
#if defined(MBEDTLS_PEM_WRITE_C)
-int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt,
- unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt,
+ unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen;
- if( ( ret = mbedtls_x509write_crt_der( crt, buf, size,
- f_rng, p_rng ) ) < 0 )
- {
- return( ret );
+ if ((ret = mbedtls_x509write_crt_der(crt, buf, size,
+ f_rng, p_rng)) < 0) {
+ return ret;
}
- if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CRT, PEM_END_CRT,
- buf + size - ret, ret,
- buf, size, &olen ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT,
+ buf + size - ret, ret,
+ buf, size, &olen)) != 0) {
+ return ret;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PEM_WRITE_C */
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 707dd00..a421fde 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -46,92 +46,96 @@
#include "mbedtls/platform.h"
-void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
+void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx)
{
- memset( ctx, 0, sizeof( mbedtls_x509write_csr ) );
+ memset(ctx, 0, sizeof(mbedtls_x509write_csr));
}
-void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx )
+void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx)
{
- mbedtls_asn1_free_named_data_list( &ctx->subject );
- mbedtls_asn1_free_named_data_list( &ctx->extensions );
+ mbedtls_asn1_free_named_data_list(&ctx->subject);
+ mbedtls_asn1_free_named_data_list(&ctx->extensions);
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_csr ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_x509write_csr));
}
-void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg )
+void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg)
{
ctx->md_alg = md_alg;
}
-void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key )
+void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx, mbedtls_pk_context *key)
{
ctx->key = key;
}
-int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
- const char *subject_name )
+int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx,
+ const char *subject_name)
{
- return mbedtls_x509_string_to_names( &ctx->subject, subject_name );
+ return mbedtls_x509_string_to_names(&ctx->subject, subject_name);
}
-int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
- const char *oid, size_t oid_len,
- const unsigned char *val, size_t val_len )
+int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx,
+ const char *oid, size_t oid_len,
+ const unsigned char *val, size_t val_len)
{
- return mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len,
- 0, val, val_len );
+ return mbedtls_x509_set_extension(&ctx->extensions, oid, oid_len,
+ 0, val, val_len);
}
-int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage )
+int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned char key_usage)
{
- unsigned char buf[4] = {0};
+ unsigned char buf[4] = { 0 };
unsigned char *c;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
c = buf + 4;
- ret = mbedtls_asn1_write_named_bitstring( &c, buf, &key_usage, 8 );
- if( ret < 3 || ret > 4 )
- return( ret );
+ ret = mbedtls_asn1_write_named_bitstring(&c, buf, &key_usage, 8);
+ if (ret < 3 || ret > 4) {
+ return ret;
+ }
- ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
- c, (size_t)ret );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_KEY_USAGE,
+ MBEDTLS_OID_SIZE(MBEDTLS_OID_KEY_USAGE),
+ c, (size_t) ret);
+ if (ret != 0) {
+ return ret;
+ }
- return( 0 );
+ return 0;
}
-int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
- unsigned char ns_cert_type )
+int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx,
+ unsigned char ns_cert_type)
{
- unsigned char buf[4] = {0};
+ unsigned char buf[4] = { 0 };
unsigned char *c;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
c = buf + 4;
- ret = mbedtls_asn1_write_named_bitstring( &c, buf, &ns_cert_type, 8 );
- if( ret < 3 || ret > 4 )
- return( ret );
+ ret = mbedtls_asn1_write_named_bitstring(&c, buf, &ns_cert_type, 8);
+ if (ret < 3 || ret > 4) {
+ return ret;
+ }
- ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
- c, (size_t)ret );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_NS_CERT_TYPE,
+ MBEDTLS_OID_SIZE(MBEDTLS_OID_NS_CERT_TYPE),
+ c, (size_t) ret);
+ if (ret != 0) {
+ return ret;
+ }
- return( 0 );
+ return 0;
}
-static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx,
- unsigned char *buf,
- size_t size,
- unsigned char *sig,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
+ unsigned char *buf,
+ size_t size,
+ unsigned char *sig,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const char *sig_oid;
@@ -144,114 +148,114 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
size_t hash_len;
- psa_algorithm_t hash_alg = mbedtls_psa_translate_md( ctx->md_alg );
+ psa_algorithm_t hash_alg = mbedtls_psa_translate_md(ctx->md_alg);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Write the CSR backwards starting from the end of buf */
c = buf + size;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, buf,
- ctx->extensions ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_extensions(&c, buf,
+ ctx->extensions));
- if( len )
- {
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_tag(
- &c, buf,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+ if (len) {
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_tag(
+ &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_tag(
- &c, buf,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_tag(
+ &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET));
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_oid(
- &c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) );
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_oid(
+ &c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ,
+ MBEDTLS_OID_SIZE(MBEDTLS_OID_PKCS9_CSR_EXT_REQ)));
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_tag(
- &c, buf,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_tag(
+ &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
}
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_tag(
- &c, buf,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_tag(
+ &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC));
- MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->key,
- buf, c - buf ) );
+ MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_pk_write_pubkey_der(ctx->key,
+ buf, c - buf));
c -= pub_len;
len += pub_len;
/*
* Subject ::= Name
*/
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, buf,
- ctx->subject ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_names(&c, buf,
+ ctx->subject));
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*/
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 0));
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_tag(
- &c, buf,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_tag(
+ &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
/*
* Sign the written CSR data into the sig buffer
* Note: hash errors can happen only after an internal error
*/
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( psa_hash_setup( &hash_operation, hash_alg ) != PSA_SUCCESS )
- return( MBEDTLS_ERR_X509_FATAL_ERROR );
+ if (psa_hash_setup(&hash_operation, hash_alg) != PSA_SUCCESS) {
+ return MBEDTLS_ERR_X509_FATAL_ERROR;
+ }
- if( psa_hash_update( &hash_operation, c, len ) != PSA_SUCCESS )
- return( MBEDTLS_ERR_X509_FATAL_ERROR );
+ if (psa_hash_update(&hash_operation, c, len) != PSA_SUCCESS) {
+ return MBEDTLS_ERR_X509_FATAL_ERROR;
+ }
- if( psa_hash_finish( &hash_operation, hash, sizeof( hash ), &hash_len )
- != PSA_SUCCESS )
- {
- return( MBEDTLS_ERR_X509_FATAL_ERROR );
+ if (psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_len)
+ != PSA_SUCCESS) {
+ return MBEDTLS_ERR_X509_FATAL_ERROR;
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
- ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c, len, hash);
+ if (ret != 0) {
+ return ret;
+ }
#endif
- if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
- f_rng, p_rng ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
+ f_rng, p_rng)) != 0) {
+ return ret;
}
- if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_RSA ) )
+ if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_RSA)) {
pk_alg = MBEDTLS_PK_RSA;
- else if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_ECDSA ) )
+ } else if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_ECDSA)) {
pk_alg = MBEDTLS_PK_ECDSA;
- else
- return( MBEDTLS_ERR_X509_INVALID_ALG );
+ } else {
+ return MBEDTLS_ERR_X509_INVALID_ALG;
+ }
- if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
- &sig_oid, &sig_oid_len ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg,
+ &sig_oid, &sig_oid_len)) != 0) {
+ return ret;
}
/*
* Move the written CSR data to the start of buf to create space for
* writing the signature into buf.
*/
- memmove( buf, c, len );
+ memmove(buf, c, len);
/*
* Write sig and its OID into buf backwards from the end of buf.
@@ -259,76 +263,73 @@
* and return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if needed.
*/
c2 = buf + size;
- MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len,
- mbedtls_x509_write_sig( &c2, buf + len, sig_oid, sig_oid_len,
- sig, sig_len ) );
+ MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len,
+ mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len,
+ sig, sig_len));
/*
* Compact the space between the CSR data and signature by moving the
* CSR data to the start of the signature.
*/
c2 -= len;
- memmove( c2, buf, len );
+ memmove(c2, buf, len);
/* ASN encode the total size and tag the CSR data with it. */
len += sig_and_oid_len;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_tag(
- &c2, buf,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c2, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_tag(
+ &c2, buf,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
/* Zero the unused bytes at the start of buf */
- memset( buf, 0, c2 - buf);
+ memset(buf, 0, c2 - buf);
- return( (int) len );
+ return (int) len;
}
-int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf,
- size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
+ size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret;
unsigned char *sig;
- if( ( sig = mbedtls_calloc( 1, MBEDTLS_PK_SIGNATURE_MAX_SIZE ) ) == NULL )
- {
- return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+ if ((sig = mbedtls_calloc(1, MBEDTLS_PK_SIGNATURE_MAX_SIZE)) == NULL) {
+ return MBEDTLS_ERR_X509_ALLOC_FAILED;
}
- ret = x509write_csr_der_internal( ctx, buf, size, sig, f_rng, p_rng );
+ ret = x509write_csr_der_internal(ctx, buf, size, sig, f_rng, p_rng);
- mbedtls_free( sig );
+ mbedtls_free(sig);
- return( ret );
+ return ret;
}
#define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----\n"
#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n"
#if defined(MBEDTLS_PEM_WRITE_C)
-int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen = 0;
- if( ( ret = mbedtls_x509write_csr_der( ctx, buf, size,
- f_rng, p_rng ) ) < 0 )
- {
- return( ret );
+ if ((ret = mbedtls_x509write_csr_der(ctx, buf, size,
+ f_rng, p_rng)) < 0) {
+ return ret;
}
- if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CSR, PEM_END_CSR,
- buf + size - ret,
- ret, buf, size, &olen ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CSR, PEM_END_CSR,
+ buf + size - ret,
+ ret, buf, size, &olen)) != 0) {
+ return ret;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PEM_WRITE_C */
diff --git a/library/xtea.c b/library/xtea.c
index 28e6972..27651cc 100644
--- a/library/xtea.c
+++ b/library/xtea.c
@@ -30,116 +30,109 @@
#if !defined(MBEDTLS_XTEA_ALT)
-void mbedtls_xtea_init( mbedtls_xtea_context *ctx )
+void mbedtls_xtea_init(mbedtls_xtea_context *ctx)
{
- memset( ctx, 0, sizeof( mbedtls_xtea_context ) );
+ memset(ctx, 0, sizeof(mbedtls_xtea_context));
}
-void mbedtls_xtea_free( mbedtls_xtea_context *ctx )
+void mbedtls_xtea_free(mbedtls_xtea_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_xtea_context ) );
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_xtea_context));
}
/*
* XTEA key schedule
*/
-void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] )
+void mbedtls_xtea_setup(mbedtls_xtea_context *ctx, const unsigned char key[16])
{
int i;
- memset( ctx, 0, sizeof(mbedtls_xtea_context) );
+ memset(ctx, 0, sizeof(mbedtls_xtea_context));
- for( i = 0; i < 4; i++ )
- {
- ctx->k[i] = MBEDTLS_GET_UINT32_BE( key, i << 2 );
+ for (i = 0; i < 4; i++) {
+ ctx->k[i] = MBEDTLS_GET_UINT32_BE(key, i << 2);
}
}
/*
* XTEA encrypt function
*/
-int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, int mode,
- const unsigned char input[8], unsigned char output[8])
+int mbedtls_xtea_crypt_ecb(mbedtls_xtea_context *ctx, int mode,
+ const unsigned char input[8], unsigned char output[8])
{
uint32_t *k, v0, v1, i;
k = ctx->k;
- v0 = MBEDTLS_GET_UINT32_BE( input, 0 );
- v1 = MBEDTLS_GET_UINT32_BE( input, 4 );
+ v0 = MBEDTLS_GET_UINT32_BE(input, 0);
+ v1 = MBEDTLS_GET_UINT32_BE(input, 4);
- if( mode == MBEDTLS_XTEA_ENCRYPT )
- {
+ if (mode == MBEDTLS_XTEA_ENCRYPT) {
uint32_t sum = 0, delta = 0x9E3779B9;
- for( i = 0; i < 32; i++ )
- {
+ for (i = 0; i < 32; i++) {
v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
sum += delta;
v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
}
- }
- else /* MBEDTLS_XTEA_DECRYPT */
- {
+ } else { /* MBEDTLS_XTEA_DECRYPT */
uint32_t delta = 0x9E3779B9, sum = delta * 32;
- for( i = 0; i < 32; i++ )
- {
+ for (i = 0; i < 32; i++) {
v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
sum -= delta;
v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
}
}
- MBEDTLS_PUT_UINT32_BE( v0, output, 0 );
- MBEDTLS_PUT_UINT32_BE( v1, output, 4 );
+ MBEDTLS_PUT_UINT32_BE(v0, output, 0);
+ MBEDTLS_PUT_UINT32_BE(v1, output, 4);
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/*
* XTEA-CBC buffer encryption/decryption
*/
-int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, int mode, size_t length,
- unsigned char iv[8], const unsigned char *input,
- unsigned char *output)
+int mbedtls_xtea_crypt_cbc(mbedtls_xtea_context *ctx, int mode, size_t length,
+ unsigned char iv[8], const unsigned char *input,
+ unsigned char *output)
{
int i;
unsigned char temp[8];
- if( length % 8 )
- return( MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH );
+ if (length % 8) {
+ return MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH;
+ }
- if( mode == MBEDTLS_XTEA_DECRYPT )
- {
- while( length > 0 )
- {
- memcpy( temp, input, 8 );
- mbedtls_xtea_crypt_ecb( ctx, mode, input, output );
+ if (mode == MBEDTLS_XTEA_DECRYPT) {
+ while (length > 0) {
+ memcpy(temp, input, 8);
+ mbedtls_xtea_crypt_ecb(ctx, mode, input, output);
- for( i = 0; i < 8; i++ )
- output[i] = (unsigned char)( output[i] ^ iv[i] );
+ for (i = 0; i < 8; i++) {
+ output[i] = (unsigned char) (output[i] ^ iv[i]);
+ }
- memcpy( iv, temp, 8 );
+ memcpy(iv, temp, 8);
input += 8;
output += 8;
length -= 8;
}
- }
- else
- {
- while( length > 0 )
- {
- for( i = 0; i < 8; i++ )
- output[i] = (unsigned char)( input[i] ^ iv[i] );
+ } else {
+ while (length > 0) {
+ for (i = 0; i < 8; i++) {
+ output[i] = (unsigned char) (input[i] ^ iv[i]);
+ }
- mbedtls_xtea_crypt_ecb( ctx, mode, output, output );
- memcpy( iv, output, 8 );
+ mbedtls_xtea_crypt_ecb(ctx, mode, output, output);
+ memcpy(iv, output, 8);
input += 8;
output += 8;
@@ -147,7 +140,7 @@
}
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* !MBEDTLS_XTEA_ALT */
@@ -160,18 +153,18 @@
static const unsigned char xtea_test_key[6][16] =
{
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
- 0x0c, 0x0d, 0x0e, 0x0f },
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
- 0x0c, 0x0d, 0x0e, 0x0f },
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
- 0x0c, 0x0d, 0x0e, 0x0f },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00 },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00 },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00 }
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f },
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f },
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00 },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00 },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00 }
};
static const unsigned char xtea_test_pt[6][8] =
@@ -197,43 +190,45 @@
/*
* Checkup routine
*/
-int mbedtls_xtea_self_test( int verbose )
+int mbedtls_xtea_self_test(int verbose)
{
int i, ret = 0;
unsigned char buf[8];
mbedtls_xtea_context ctx;
- mbedtls_xtea_init( &ctx );
- for( i = 0; i < 6; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " XTEA test #%d: ", i + 1 );
+ mbedtls_xtea_init(&ctx);
+ for (i = 0; i < 6; i++) {
+ if (verbose != 0) {
+ mbedtls_printf(" XTEA test #%d: ", i + 1);
+ }
- memcpy( buf, xtea_test_pt[i], 8 );
+ memcpy(buf, xtea_test_pt[i], 8);
- mbedtls_xtea_setup( &ctx, xtea_test_key[i] );
- mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, buf, buf );
+ mbedtls_xtea_setup(&ctx, xtea_test_key[i]);
+ mbedtls_xtea_crypt_ecb(&ctx, MBEDTLS_XTEA_ENCRYPT, buf, buf);
- if( memcmp( buf, xtea_test_ct[i], 8 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if (memcmp(buf, xtea_test_ct[i], 8) != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
ret = 1;
goto exit;
}
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
}
- if( verbose != 0 )
- mbedtls_printf( "\n" );
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
exit:
- mbedtls_xtea_free( &ctx );
+ mbedtls_xtea_free(&ctx);
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index c92ca13..434c609 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -32,7 +32,7 @@
#include "mbedtls/platform.h"
#if defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_MD_C) && \
- defined(MBEDTLS_FS_IO)
+ defined(MBEDTLS_FS_IO)
#include "mbedtls/cipher.h"
#include "mbedtls/md.h"
#include "mbedtls/platform_util.h"
@@ -63,15 +63,15 @@
#if !defined(MBEDTLS_CIPHER_C) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_FS_IO)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
- mbedtls_exit( 0 );
+ mbedtls_exit(0);
}
#else
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret = 1, i;
unsigned n;
@@ -95,139 +95,122 @@
#if defined(_WIN32_WCE)
long filesize, offset;
#elif defined(_WIN32)
- LARGE_INTEGER li_size;
+ LARGE_INTEGER li_size;
__int64 filesize, offset;
#else
- off_t filesize, offset;
+ off_t filesize, offset;
#endif
- mbedtls_cipher_init( &cipher_ctx );
- mbedtls_md_init( &md_ctx );
+ mbedtls_cipher_init(&cipher_ctx);
+ mbedtls_md_init(&md_ctx);
/*
* Parse the command-line arguments.
*/
- if( argc != 7 )
- {
+ if (argc != 7) {
const int *list;
- mbedtls_printf( USAGE );
+ mbedtls_printf(USAGE);
- mbedtls_printf( "Available ciphers:\n" );
+ mbedtls_printf("Available ciphers:\n");
list = mbedtls_cipher_list();
- while( *list )
- {
- cipher_info = mbedtls_cipher_info_from_type( *list );
- mbedtls_printf( " %s\n", cipher_info->name );
+ while (*list) {
+ cipher_info = mbedtls_cipher_info_from_type(*list);
+ mbedtls_printf(" %s\n", cipher_info->name);
list++;
}
- mbedtls_printf( "\nAvailable message digests:\n" );
+ mbedtls_printf("\nAvailable message digests:\n");
list = mbedtls_md_list();
- while( *list )
- {
- md_info = mbedtls_md_info_from_type( *list );
- mbedtls_printf( " %s\n", mbedtls_md_get_name( md_info ) );
+ while (*list) {
+ md_info = mbedtls_md_info_from_type(*list);
+ mbedtls_printf(" %s\n", mbedtls_md_get_name(md_info));
list++;
}
#if defined(_WIN32)
- mbedtls_printf( "\n Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf("\n Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
goto exit;
}
- mode = atoi( argv[1] );
+ mode = atoi(argv[1]);
- if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
- {
- mbedtls_fprintf( stderr, "invalid operation mode\n" );
+ if (mode != MODE_ENCRYPT && mode != MODE_DECRYPT) {
+ mbedtls_fprintf(stderr, "invalid operation mode\n");
goto exit;
}
- if( strcmp( argv[2], argv[3] ) == 0 )
- {
- mbedtls_fprintf( stderr, "input and output filenames must differ\n" );
+ if (strcmp(argv[2], argv[3]) == 0) {
+ mbedtls_fprintf(stderr, "input and output filenames must differ\n");
goto exit;
}
- if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
- {
- mbedtls_fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
+ if ((fin = fopen(argv[2], "rb")) == NULL) {
+ mbedtls_fprintf(stderr, "fopen(%s,rb) failed\n", argv[2]);
goto exit;
}
- if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
- {
- mbedtls_fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
+ if ((fout = fopen(argv[3], "wb+")) == NULL) {
+ mbedtls_fprintf(stderr, "fopen(%s,wb+) failed\n", argv[3]);
goto exit;
}
/*
* Read the Cipher and MD from the command line
*/
- cipher_info = mbedtls_cipher_info_from_string( argv[4] );
- if( cipher_info == NULL )
- {
- mbedtls_fprintf( stderr, "Cipher '%s' not found\n", argv[4] );
+ cipher_info = mbedtls_cipher_info_from_string(argv[4]);
+ if (cipher_info == NULL) {
+ mbedtls_fprintf(stderr, "Cipher '%s' not found\n", argv[4]);
goto exit;
}
- if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info) ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_cipher_setup failed\n" );
+ if ((ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_setup failed\n");
goto exit;
}
- md_info = mbedtls_md_info_from_string( argv[5] );
- if( md_info == NULL )
- {
- mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[5] );
+ md_info = mbedtls_md_info_from_string(argv[5]);
+ if (md_info == NULL) {
+ mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[5]);
goto exit;
}
- if( mbedtls_md_setup( &md_ctx, md_info, 1 ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_md_setup failed\n" );
+ if (mbedtls_md_setup(&md_ctx, md_info, 1) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_setup failed\n");
goto exit;
}
/*
* Read the secret key from file or command line
*/
- if( ( fkey = fopen( argv[6], "rb" ) ) != NULL )
- {
- keylen = fread( key, 1, sizeof( key ), fkey );
- fclose( fkey );
- }
- else
- {
- if( memcmp( argv[6], "hex:", 4 ) == 0 )
- {
+ if ((fkey = fopen(argv[6], "rb")) != NULL) {
+ keylen = fread(key, 1, sizeof(key), fkey);
+ fclose(fkey);
+ } else {
+ if (memcmp(argv[6], "hex:", 4) == 0) {
p = &argv[6][4];
keylen = 0;
- while( sscanf( p, "%02X", (unsigned int*) &n ) > 0 &&
- keylen < (int) sizeof( key ) )
- {
+ while (sscanf(p, "%02X", (unsigned int *) &n) > 0 &&
+ keylen < (int) sizeof(key)) {
key[keylen++] = (unsigned char) n;
p += 2;
}
- }
- else
- {
- keylen = strlen( argv[6] );
+ } else {
+ keylen = strlen(argv[6]);
- if( keylen > (int) sizeof( key ) )
- keylen = (int) sizeof( key );
+ if (keylen > (int) sizeof(key)) {
+ keylen = (int) sizeof(key);
+ }
- memcpy( key, argv[6], keylen );
+ memcpy(key, argv[6], keylen);
}
}
#if defined(_WIN32_WCE)
- filesize = fseek( fin, 0L, SEEK_END );
+ filesize = fseek(fin, 0L, SEEK_END);
#else
#if defined(_WIN32)
/*
@@ -235,72 +218,64 @@
*/
li_size.QuadPart = 0;
li_size.LowPart =
- SetFilePointer( (HANDLE) _get_osfhandle( _fileno( fin ) ),
- li_size.LowPart, &li_size.HighPart, FILE_END );
+ SetFilePointer((HANDLE) _get_osfhandle(_fileno(fin)),
+ li_size.LowPart, &li_size.HighPart, FILE_END);
- if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR )
- {
- mbedtls_fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
+ if (li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR) {
+ mbedtls_fprintf(stderr, "SetFilePointer(0,FILE_END) failed\n");
goto exit;
}
filesize = li_size.QuadPart;
#else
- if( ( filesize = lseek( fileno( fin ), 0, SEEK_END ) ) < 0 )
- {
- perror( "lseek" );
+ if ((filesize = lseek(fileno(fin), 0, SEEK_END)) < 0) {
+ perror("lseek");
goto exit;
}
#endif
#endif
- if( fseek( fin, 0, SEEK_SET ) < 0 )
- {
- mbedtls_fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
+ if (fseek(fin, 0, SEEK_SET) < 0) {
+ mbedtls_fprintf(stderr, "fseek(0,SEEK_SET) failed\n");
goto exit;
}
- if( mode == MODE_ENCRYPT )
- {
+ if (mode == MODE_ENCRYPT) {
/*
* Generate the initialization vector as:
* IV = MD( filesize || filename )[0..15]
*/
- for( i = 0; i < 8; i++ )
- buffer[i] = (unsigned char)( filesize >> ( i << 3 ) );
+ for (i = 0; i < 8; i++) {
+ buffer[i] = (unsigned char) (filesize >> (i << 3));
+ }
p = argv[2];
- if( mbedtls_md_starts( &md_ctx ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_md_starts() returned error\n" );
+ if (mbedtls_md_starts(&md_ctx) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n");
goto exit;
}
- if( mbedtls_md_update( &md_ctx, buffer, 8 ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
+ if (mbedtls_md_update(&md_ctx, buffer, 8) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
goto exit;
}
- if( mbedtls_md_update( &md_ctx, ( unsigned char * ) p, strlen( p ) )
- != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
+ if (mbedtls_md_update(&md_ctx, (unsigned char *) p, strlen(p))
+ != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
goto exit;
}
- if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_md_finish() returned error\n" );
+ if (mbedtls_md_finish(&md_ctx, digest) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n");
goto exit;
}
- memcpy( IV, digest, 16 );
+ memcpy(IV, digest, 16);
/*
* Append the IV at the beginning of the output.
*/
- if( fwrite( IV, 1, 16, fout ) != 16 )
- {
- mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
+ if (fwrite(IV, 1, 16, fout) != 16) {
+ mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", 16);
goto exit;
}
@@ -308,129 +283,109 @@
* Hash the IV and the secret key together 8192 times
* using the result to setup the AES context and HMAC.
*/
- memset( digest, 0, 32 );
- memcpy( digest, IV, 16 );
+ memset(digest, 0, 32);
+ memcpy(digest, IV, 16);
- for( i = 0; i < 8192; i++ )
- {
- if( mbedtls_md_starts( &md_ctx ) != 0 )
- {
- mbedtls_fprintf( stderr,
- "mbedtls_md_starts() returned error\n" );
+ for (i = 0; i < 8192; i++) {
+ if (mbedtls_md_starts(&md_ctx) != 0) {
+ mbedtls_fprintf(stderr,
+ "mbedtls_md_starts() returned error\n");
goto exit;
}
- if( mbedtls_md_update( &md_ctx, digest, 32 ) != 0 )
- {
- mbedtls_fprintf( stderr,
- "mbedtls_md_update() returned error\n" );
+ if (mbedtls_md_update(&md_ctx, digest, 32) != 0) {
+ mbedtls_fprintf(stderr,
+ "mbedtls_md_update() returned error\n");
goto exit;
}
- if( mbedtls_md_update( &md_ctx, key, keylen ) != 0 )
- {
- mbedtls_fprintf( stderr,
- "mbedtls_md_update() returned error\n" );
+ if (mbedtls_md_update(&md_ctx, key, keylen) != 0) {
+ mbedtls_fprintf(stderr,
+ "mbedtls_md_update() returned error\n");
goto exit;
}
- if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
- {
- mbedtls_fprintf( stderr,
- "mbedtls_md_finish() returned error\n" );
+ if (mbedtls_md_finish(&md_ctx, digest) != 0) {
+ mbedtls_fprintf(stderr,
+ "mbedtls_md_finish() returned error\n");
goto exit;
}
}
- if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
- MBEDTLS_ENCRYPT ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n");
+ if (mbedtls_cipher_setkey(&cipher_ctx, digest, cipher_info->key_bitlen,
+ MBEDTLS_ENCRYPT) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n");
goto exit;
}
- if( mbedtls_cipher_set_iv( &cipher_ctx, IV, 16 ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_cipher_set_iv() returned error\n");
+ if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n");
goto exit;
}
- if( mbedtls_cipher_reset( &cipher_ctx ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_cipher_reset() returned error\n");
+ if (mbedtls_cipher_reset(&cipher_ctx) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n");
goto exit;
}
- if( mbedtls_md_hmac_starts( &md_ctx, digest, 32 ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_md_hmac_starts() returned error\n" );
+ if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n");
goto exit;
}
/*
* Encrypt and write the ciphertext.
*/
- for( offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size( &cipher_ctx ) )
- {
- ilen = ( (unsigned int) filesize - offset > mbedtls_cipher_get_block_size( &cipher_ctx ) ) ?
- mbedtls_cipher_get_block_size( &cipher_ctx ) : (unsigned int) ( filesize - offset );
+ for (offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size(&cipher_ctx)) {
+ ilen = ((unsigned int) filesize - offset > mbedtls_cipher_get_block_size(&cipher_ctx)) ?
+ mbedtls_cipher_get_block_size(&cipher_ctx) : (unsigned int) (filesize - offset);
- if( fread( buffer, 1, ilen, fin ) != ilen )
- {
- mbedtls_fprintf( stderr, "fread(%ld bytes) failed\n", (long) ilen );
+ if (fread(buffer, 1, ilen, fin) != ilen) {
+ mbedtls_fprintf(stderr, "fread(%ld bytes) failed\n", (long) ilen);
goto exit;
}
- if( mbedtls_cipher_update( &cipher_ctx, buffer, ilen, output, &olen ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_cipher_update() returned error\n");
+ if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output, &olen) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n");
goto exit;
}
- if( mbedtls_md_hmac_update( &md_ctx, output, olen ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
+ if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n");
goto exit;
}
- if( fwrite( output, 1, olen, fout ) != olen )
- {
- mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
+ if (fwrite(output, 1, olen, fout) != olen) {
+ mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
goto exit;
}
}
- if( mbedtls_cipher_finish( &cipher_ctx, output, &olen ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_cipher_finish() returned error\n" );
+ if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n");
goto exit;
}
- if( mbedtls_md_hmac_update( &md_ctx, output, olen ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
+ if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n");
goto exit;
}
- if( fwrite( output, 1, olen, fout ) != olen )
- {
- mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
+ if (fwrite(output, 1, olen, fout) != olen) {
+ mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
goto exit;
}
/*
* Finally write the HMAC.
*/
- if( mbedtls_md_hmac_finish( &md_ctx, digest ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_md_hmac_finish() returned error\n" );
+ if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n");
goto exit;
}
- if( fwrite( digest, 1, mbedtls_md_get_size( md_info ), fout ) != mbedtls_md_get_size( md_info ) )
- {
- mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", mbedtls_md_get_size( md_info ) );
+ if (fwrite(digest, 1, mbedtls_md_get_size(md_info), fout) != mbedtls_md_get_size(md_info)) {
+ mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", mbedtls_md_get_size(md_info));
goto exit;
}
}
- if( mode == MODE_DECRYPT )
- {
+ if (mode == MODE_DECRYPT) {
/*
* The encrypted file must be structured as follows:
*
@@ -440,132 +395,114 @@
* N*16 .. (N+1)*16 - 1 Encrypted Block #N
* (N+1)*16 .. (N+1)*16 + n Hash(ciphertext)
*/
- if( filesize < 16 + mbedtls_md_get_size( md_info ) )
- {
- mbedtls_fprintf( stderr, "File too short to be encrypted.\n" );
+ if (filesize < 16 + mbedtls_md_get_size(md_info)) {
+ mbedtls_fprintf(stderr, "File too short to be encrypted.\n");
goto exit;
}
- if( mbedtls_cipher_get_block_size( &cipher_ctx ) == 0 )
- {
- mbedtls_fprintf( stderr, "Invalid cipher block size: 0. \n" );
+ if (mbedtls_cipher_get_block_size(&cipher_ctx) == 0) {
+ mbedtls_fprintf(stderr, "Invalid cipher block size: 0. \n");
goto exit;
}
/*
* Check the file size.
*/
- if( cipher_info->mode != MBEDTLS_MODE_GCM &&
- ( ( filesize - mbedtls_md_get_size( md_info ) ) %
- mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 )
- {
- mbedtls_fprintf( stderr, "File content not a multiple of the block size (%u).\n",
- mbedtls_cipher_get_block_size( &cipher_ctx ));
+ if (cipher_info->mode != MBEDTLS_MODE_GCM &&
+ ((filesize - mbedtls_md_get_size(md_info)) %
+ mbedtls_cipher_get_block_size(&cipher_ctx)) != 0) {
+ mbedtls_fprintf(stderr, "File content not a multiple of the block size (%u).\n",
+ mbedtls_cipher_get_block_size(&cipher_ctx));
goto exit;
}
/*
* Subtract the IV + HMAC length.
*/
- filesize -= ( 16 + mbedtls_md_get_size( md_info ) );
+ filesize -= (16 + mbedtls_md_get_size(md_info));
/*
* Read the IV and original filesize modulo 16.
*/
- if( fread( buffer, 1, 16, fin ) != 16 )
- {
- mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
+ if (fread(buffer, 1, 16, fin) != 16) {
+ mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", 16);
goto exit;
}
- memcpy( IV, buffer, 16 );
+ memcpy(IV, buffer, 16);
/*
* Hash the IV and the secret key together 8192 times
* using the result to setup the AES context and HMAC.
*/
- memset( digest, 0, 32 );
- memcpy( digest, IV, 16 );
+ memset(digest, 0, 32);
+ memcpy(digest, IV, 16);
- for( i = 0; i < 8192; i++ )
- {
- if( mbedtls_md_starts( &md_ctx ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_md_starts() returned error\n" );
+ for (i = 0; i < 8192; i++) {
+ if (mbedtls_md_starts(&md_ctx) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n");
goto exit;
}
- if( mbedtls_md_update( &md_ctx, digest, 32 ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
+ if (mbedtls_md_update(&md_ctx, digest, 32) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
goto exit;
}
- if( mbedtls_md_update( &md_ctx, key, keylen ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
+ if (mbedtls_md_update(&md_ctx, key, keylen) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
goto exit;
}
- if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_md_finish() returned error\n" );
+ if (mbedtls_md_finish(&md_ctx, digest) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n");
goto exit;
}
}
- if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
- MBEDTLS_DECRYPT ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n" );
+ if (mbedtls_cipher_setkey(&cipher_ctx, digest, cipher_info->key_bitlen,
+ MBEDTLS_DECRYPT) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n");
goto exit;
}
- if( mbedtls_cipher_set_iv( &cipher_ctx, IV, 16 ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_cipher_set_iv() returned error\n" );
+ if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n");
goto exit;
}
- if( mbedtls_cipher_reset( &cipher_ctx ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_cipher_reset() returned error\n" );
+ if (mbedtls_cipher_reset(&cipher_ctx) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n");
goto exit;
}
- if( mbedtls_md_hmac_starts( &md_ctx, digest, 32 ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_md_hmac_starts() returned error\n" );
+ if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n");
goto exit;
}
/*
* Decrypt and write the plaintext.
*/
- for( offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size( &cipher_ctx ) )
- {
- ilen = ( (unsigned int) filesize - offset > mbedtls_cipher_get_block_size( &cipher_ctx ) ) ?
- mbedtls_cipher_get_block_size( &cipher_ctx ) : (unsigned int) ( filesize - offset );
+ for (offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size(&cipher_ctx)) {
+ ilen = ((unsigned int) filesize - offset > mbedtls_cipher_get_block_size(&cipher_ctx)) ?
+ mbedtls_cipher_get_block_size(&cipher_ctx) : (unsigned int) (filesize - offset);
- if( fread( buffer, 1, ilen, fin ) != ilen )
- {
- mbedtls_fprintf( stderr, "fread(%u bytes) failed\n",
- mbedtls_cipher_get_block_size( &cipher_ctx ) );
+ if (fread(buffer, 1, ilen, fin) != ilen) {
+ mbedtls_fprintf(stderr, "fread(%u bytes) failed\n",
+ mbedtls_cipher_get_block_size(&cipher_ctx));
goto exit;
}
- if( mbedtls_md_hmac_update( &md_ctx, buffer, ilen ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
+ if (mbedtls_md_hmac_update(&md_ctx, buffer, ilen) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n");
goto exit;
}
- if( mbedtls_cipher_update( &cipher_ctx, buffer, ilen, output,
- &olen ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_cipher_update() returned error\n" );
+ if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output,
+ &olen) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n");
goto exit;
}
- if( fwrite( output, 1, olen, fout ) != olen )
- {
- mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
+ if (fwrite(output, 1, olen, fout) != olen) {
+ mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
goto exit;
}
}
@@ -573,42 +510,38 @@
/*
* Verify the message authentication code.
*/
- if( mbedtls_md_hmac_finish( &md_ctx, digest ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_md_hmac_finish() returned error\n" );
+ if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n");
goto exit;
}
- if( fread( buffer, 1, mbedtls_md_get_size( md_info ), fin ) != mbedtls_md_get_size( md_info ) )
- {
- mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", mbedtls_md_get_size( md_info ) );
+ if (fread(buffer, 1, mbedtls_md_get_size(md_info), fin) != mbedtls_md_get_size(md_info)) {
+ mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", mbedtls_md_get_size(md_info));
goto exit;
}
/* Use constant-time buffer comparison */
diff = 0;
- for( i = 0; i < mbedtls_md_get_size( md_info ); i++ )
+ for (i = 0; i < mbedtls_md_get_size(md_info); i++) {
diff |= digest[i] ^ buffer[i];
+ }
- if( diff != 0 )
- {
- mbedtls_fprintf( stderr, "HMAC check failed: wrong key, "
- "or file corrupted.\n" );
+ if (diff != 0) {
+ mbedtls_fprintf(stderr, "HMAC check failed: wrong key, "
+ "or file corrupted.\n");
goto exit;
}
/*
* Write the final block of data
*/
- if( mbedtls_cipher_finish( &cipher_ctx, output, &olen ) != 0 )
- {
- mbedtls_fprintf( stderr, "mbedtls_cipher_finish() returned error\n" );
+ if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n");
goto exit;
}
- if( fwrite( output, 1, olen, fout ) != olen )
- {
- mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
+ if (fwrite(output, 1, olen, fout) != olen) {
+ mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
goto exit;
}
}
@@ -616,26 +549,29 @@
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- if( fin )
- fclose( fin );
- if( fout )
- fclose( fout );
+ if (fin) {
+ fclose(fin);
+ }
+ if (fout) {
+ fclose(fout);
+ }
/* Zeroize all command line arguments to also cover
the case when the user has missed or reordered some,
in which case the key might not be in argv[6]. */
- for( i = 0; i < argc; i++ )
- mbedtls_platform_zeroize( argv[i], strlen( argv[i] ) );
+ for (i = 0; i < argc; i++) {
+ mbedtls_platform_zeroize(argv[i], strlen(argv[i]));
+ }
- mbedtls_platform_zeroize( IV, sizeof( IV ) );
- mbedtls_platform_zeroize( key, sizeof( key ) );
- mbedtls_platform_zeroize( buffer, sizeof( buffer ) );
- mbedtls_platform_zeroize( output, sizeof( output ) );
- mbedtls_platform_zeroize( digest, sizeof( digest ) );
+ mbedtls_platform_zeroize(IV, sizeof(IV));
+ mbedtls_platform_zeroize(key, sizeof(key));
+ mbedtls_platform_zeroize(buffer, sizeof(buffer));
+ mbedtls_platform_zeroize(output, sizeof(output));
+ mbedtls_platform_zeroize(digest, sizeof(digest));
- mbedtls_cipher_free( &cipher_ctx );
- mbedtls_md_free( &md_ctx );
+ mbedtls_cipher_free(&cipher_ctx);
+ mbedtls_md_free(&md_ctx);
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */
diff --git a/programs/fuzz/common.c b/programs/fuzz/common.c
index bea9f9e..56b9a13 100644
--- a/programs/fuzz/common.c
+++ b/programs/fuzz/common.c
@@ -6,7 +6,7 @@
#include "mbedtls/ctr_drbg.h"
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
-mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
+mbedtls_time_t dummy_constant_time(mbedtls_time_t *time)
{
(void) time;
return 0x5af2a056;
@@ -16,47 +16,47 @@
void dummy_init()
{
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
- mbedtls_platform_set_time( dummy_constant_time );
+ mbedtls_platform_set_time(dummy_constant_time);
#else
fprintf(stderr, "Warning: fuzzing without constant time\n");
#endif
}
-int dummy_send( void *ctx, const unsigned char *buf, size_t len )
+int dummy_send(void *ctx, const unsigned char *buf, size_t len)
{
//silence warning about unused parameter
(void) ctx;
(void) buf;
//pretends we wrote everything ok
- if( len > INT_MAX ) {
- return( -1 );
+ if (len > INT_MAX) {
+ return -1;
}
- return( (int) len );
+ return (int) len;
}
-int fuzz_recv( void *ctx, unsigned char *buf, size_t len )
+int fuzz_recv(void *ctx, unsigned char *buf, size_t len)
{
//reads from the buffer from fuzzer
- fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx;
+ fuzzBufferOffset_t *biomemfuzz = (fuzzBufferOffset_t *) ctx;
- if(biomemfuzz->Offset == biomemfuzz->Size) {
+ if (biomemfuzz->Offset == biomemfuzz->Size) {
//EOF
- return( 0 );
+ return 0;
}
- if( len > INT_MAX ) {
- return( -1 );
+ if (len > INT_MAX) {
+ return -1;
}
- if( len + biomemfuzz->Offset > biomemfuzz->Size ) {
+ if (len + biomemfuzz->Offset > biomemfuzz->Size) {
//do not overflow
len = biomemfuzz->Size - biomemfuzz->Offset;
}
memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
biomemfuzz->Offset += len;
- return( (int) len );
+ return (int) len;
}
-int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
+int dummy_random(void *p_rng, unsigned char *output, size_t output_len)
{
int ret;
size_t i;
@@ -68,14 +68,14 @@
(void) p_rng;
ret = 0;
#endif
- for (i=0; i<output_len; i++) {
+ for (i = 0; i < output_len; i++) {
//replace result with pseudo random
output[i] = (unsigned char) rand();
}
- return( ret );
+ return ret;
}
-int dummy_entropy( void *data, unsigned char *output, size_t len )
+int dummy_entropy(void *data, unsigned char *output, size_t len)
{
size_t i;
(void) data;
@@ -83,15 +83,15 @@
//use mbedtls_entropy_func to find bugs in it
//test performance impact of entropy
//ret = mbedtls_entropy_func(data, output, len);
- for (i=0; i<len; i++) {
+ for (i = 0; i < len; i++) {
//replace result with pseudo random
output[i] = (unsigned char) rand();
}
- return( 0 );
+ return 0;
}
-int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len,
- uint32_t timeout )
+int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len,
+ uint32_t timeout)
{
(void) timeout;
diff --git a/programs/fuzz/common.h b/programs/fuzz/common.h
index 7757ee3..6b5b515 100644
--- a/programs/fuzz/common.h
+++ b/programs/fuzz/common.h
@@ -10,21 +10,20 @@
#include <stddef.h>
#include <stdint.h>
-typedef struct fuzzBufferOffset
-{
+typedef struct fuzzBufferOffset {
const uint8_t *Data;
size_t Size;
size_t Offset;
} fuzzBufferOffset_t;
#if defined(MBEDTLS_HAVE_TIME)
-mbedtls_time_t dummy_constant_time( mbedtls_time_t* time );
+mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
#endif
void dummy_init();
-int dummy_send( void *ctx, const unsigned char *buf, size_t len );
-int fuzz_recv( void *ctx, unsigned char *buf, size_t len );
-int dummy_random( void *p_rng, unsigned char *output, size_t output_len );
-int dummy_entropy( void *data, unsigned char *output, size_t len );
-int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len,
- uint32_t timeout );
+int dummy_send(void *ctx, const unsigned char *buf, size_t len);
+int fuzz_recv(void *ctx, unsigned char *buf, size_t len);
+int dummy_random(void *p_rng, unsigned char *output, size_t output_len);
+int dummy_entropy(void *data, unsigned char *output, size_t len);
+int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len,
+ uint32_t timeout);
diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
index 270ae8a..cc208b3 100644
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c
@@ -30,7 +30,8 @@
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
-int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
#if defined(MBEDTLS_SSL_CLI_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
@@ -46,10 +47,11 @@
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
- mbedtls_x509_crt_init( &cacert );
- if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
- mbedtls_test_cas_pem_len ) != 0)
+ mbedtls_x509_crt_init(&cacert);
+ if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len) != 0) {
return 1;
+ }
#endif
alpn_list[0] = "HTTP";
@@ -69,104 +71,118 @@
//Avoid warnings if compile options imply no options
(void) options;
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_entropy_init( &entropy );
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
- if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
- (const unsigned char *) pers, strlen( pers ) ) != 0 )
+ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen(pers)) != 0) {
goto exit;
+ }
- if( mbedtls_ssl_config_defaults( &conf,
+ if (mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
- MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
+ MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
goto exit;
+ }
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
if (options & 2) {
- mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
- (const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
+ mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
+ (const unsigned char *) psk_id, sizeof(psk_id) - 1);
}
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
if (options & 4) {
- mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
- mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
+ mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
} else
#endif
{
- mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
}
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- mbedtls_ssl_conf_truncated_hmac( &conf, (options & 8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED);
+ mbedtls_ssl_conf_truncated_hmac(&conf,
+ (options &
+ 8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED);
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
+ mbedtls_ssl_conf_extended_master_secret(&conf,
+ (options &
+ 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED);
+ mbedtls_ssl_conf_encrypt_then_mac(&conf,
+ (options &
+ 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED);
#endif
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
- mbedtls_ssl_conf_cbc_record_splitting( &conf, (options & 0x40) ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
+ mbedtls_ssl_conf_cbc_record_splitting(&conf,
+ (options &
+ 0x40) ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED);
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED );
+ mbedtls_ssl_conf_renegotiation(&conf,
+ (options &
+ 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED);
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- mbedtls_ssl_conf_session_tickets( &conf, (options & 0x100) ? MBEDTLS_SSL_SESSION_TICKETS_DISABLED : MBEDTLS_SSL_SESSION_TICKETS_ENABLED );
+ mbedtls_ssl_conf_session_tickets(&conf,
+ (options &
+ 0x100) ? MBEDTLS_SSL_SESSION_TICKETS_DISABLED : MBEDTLS_SSL_SESSION_TICKETS_ENABLED);
#endif
#if defined(MBEDTLS_SSL_ALPN)
if (options & 0x200) {
- mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list );
+ mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list);
}
#endif
//There may be other options to add :
// mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes
srand(1);
- mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
+ mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
- if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
+ if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
goto exit;
+ }
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
if ((options & 1) == 0) {
- if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 )
+ if (mbedtls_ssl_set_hostname(&ssl, "localhost") != 0) {
goto exit;
+ }
}
#endif
biomemfuzz.Data = Data;
biomemfuzz.Size = Size-2;
biomemfuzz.Offset = 0;
- mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL );
+ mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL);
- ret = mbedtls_ssl_handshake( &ssl );
- if( ret == 0 )
- {
+ ret = mbedtls_ssl_handshake(&ssl);
+ if (ret == 0) {
//keep reading data from server until the end
- do
- {
- len = sizeof( buf ) - 1;
- ret = mbedtls_ssl_read( &ssl, buf, len );
+ do {
+ len = sizeof(buf) - 1;
+ ret = mbedtls_ssl_read(&ssl, buf, len);
- if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
continue;
- else if( ret <= 0 )
+ } else if (ret <= 0) {
//EOF or error
break;
- }
- while( 1 );
+ }
+ } while (1);
}
exit:
- mbedtls_entropy_free( &entropy );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_ssl_config_free( &conf );
- mbedtls_ssl_free( &ssl );
+ mbedtls_entropy_free(&entropy);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ssl_free(&ssl);
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c
index ff258bc..6e8a5e6 100644
--- a/programs/fuzz/fuzz_dtlsclient.c
+++ b/programs/fuzz/fuzz_dtlsclient.c
@@ -25,7 +25,8 @@
-int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
defined(MBEDTLS_SSL_CLI_C) && \
defined(MBEDTLS_ENTROPY_C) && \
@@ -43,77 +44,80 @@
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
- mbedtls_x509_crt_init( &cacert );
- if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
- mbedtls_test_cas_pem_len ) != 0)
+ mbedtls_x509_crt_init(&cacert);
+ if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len) != 0) {
return 1;
+ }
#endif
dummy_init();
initialized = 1;
}
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_entropy_init( &entropy );
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
srand(1);
- if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
- (const unsigned char *) pers, strlen( pers ) ) != 0 )
+ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen(pers)) != 0) {
goto exit;
+ }
- if( mbedtls_ssl_config_defaults( &conf,
+ if (mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
- MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
+ MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
goto exit;
+ }
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
- mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+ mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
#endif
- mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
- mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
+ mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
- if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
+ if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
goto exit;
+ }
- mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
+ mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
- if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 )
+ if (mbedtls_ssl_set_hostname(&ssl, "localhost") != 0) {
goto exit;
+ }
#endif
biomemfuzz.Data = Data;
biomemfuzz.Size = Size;
biomemfuzz.Offset = 0;
- mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
+ mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout);
- ret = mbedtls_ssl_handshake( &ssl );
- if( ret == 0 )
- {
+ ret = mbedtls_ssl_handshake(&ssl);
+ if (ret == 0) {
//keep reading data from server until the end
- do
- {
- len = sizeof( buf ) - 1;
- ret = mbedtls_ssl_read( &ssl, buf, len );
+ do {
+ len = sizeof(buf) - 1;
+ ret = mbedtls_ssl_read(&ssl, buf, len);
- if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
continue;
- else if( ret <= 0 )
+ } else if (ret <= 0) {
//EOF or error
break;
- }
- while( 1 );
+ }
+ } while (1);
}
exit:
- mbedtls_entropy_free( &entropy );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_ssl_config_free( &conf );
- mbedtls_ssl_free( &ssl );
+ mbedtls_entropy_free(&entropy);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ssl_free(&ssl);
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index 48553c0..99366ae 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -14,10 +14,10 @@
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C) && \
defined(MBEDTLS_TIMING_C) && \
- ( defined(MBEDTLS_SHA256_C) || \
- ( defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) ) )
+ (defined(MBEDTLS_SHA256_C) || \
+ (defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)))
const char *pers = "fuzz_dtlsserver";
-const unsigned char client_ip[4] = {0x7F, 0, 0, 1};
+const unsigned char client_ip[4] = { 0x7F, 0, 0, 1 };
static int initialized = 0;
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
static mbedtls_x509_crt srvcert;
@@ -26,14 +26,15 @@
#endif
#endif // MBEDTLS_SSL_PROTO_DTLS
-int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
defined(MBEDTLS_SSL_SRV_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C) && \
defined(MBEDTLS_TIMING_C) && \
- ( defined(MBEDTLS_SHA256_C) || \
- ( defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) ) )
+ (defined(MBEDTLS_SHA256_C) || \
+ (defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)))
int ret;
size_t len;
mbedtls_ssl_context ssl;
@@ -47,101 +48,112 @@
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
- mbedtls_x509_crt_init( &srvcert );
- mbedtls_pk_init( &pkey );
- if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
- mbedtls_test_srv_crt_len ) != 0)
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_pk_init(&pkey);
+ if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len) != 0) {
return 1;
- if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
- mbedtls_test_cas_pem_len ) != 0)
+ }
+ if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len) != 0) {
return 1;
- if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0 ) != 0)
+ }
+ if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0) != 0) {
return 1;
+ }
#endif
dummy_init();
initialized = 1;
}
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_entropy_init( &entropy );
- mbedtls_ssl_cookie_init( &cookie_ctx );
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+ mbedtls_ssl_cookie_init(&cookie_ctx);
- if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
- (const unsigned char *) pers, strlen( pers ) ) != 0 )
+ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen(pers)) != 0) {
goto exit;
+ }
- if( mbedtls_ssl_config_defaults( &conf,
+ if (mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
- MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
+ MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
goto exit;
+ }
srand(1);
- mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
+ mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
- mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
- if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 )
+ mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
+ if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) {
goto exit;
+ }
#endif
- if( mbedtls_ssl_cookie_setup( &cookie_ctx, dummy_random, &ctr_drbg ) != 0 )
+ if (mbedtls_ssl_cookie_setup(&cookie_ctx, dummy_random, &ctr_drbg) != 0) {
goto exit;
+ }
- mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &cookie_ctx );
+ mbedtls_ssl_conf_dtls_cookies(&conf,
+ mbedtls_ssl_cookie_write,
+ mbedtls_ssl_cookie_check,
+ &cookie_ctx);
- if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
+ if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
goto exit;
+ }
- mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
+ mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
biomemfuzz.Data = Data;
biomemfuzz.Size = Size;
biomemfuzz.Offset = 0;
- mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
- if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 )
+ mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout);
+ if (mbedtls_ssl_set_client_transport_id(&ssl, client_ip, sizeof(client_ip)) != 0) {
goto exit;
+ }
- ret = mbedtls_ssl_handshake( &ssl );
+ ret = mbedtls_ssl_handshake(&ssl);
if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
biomemfuzz.Offset = ssl.next_record_offset;
- mbedtls_ssl_session_reset( &ssl );
- mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
- if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 )
+ mbedtls_ssl_session_reset(&ssl);
+ mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout);
+ if (mbedtls_ssl_set_client_transport_id(&ssl, client_ip, sizeof(client_ip)) != 0) {
goto exit;
+ }
- ret = mbedtls_ssl_handshake( &ssl );
+ ret = mbedtls_ssl_handshake(&ssl);
- if( ret == 0 )
- {
+ if (ret == 0) {
//keep reading data from server until the end
- do
- {
- len = sizeof( buf ) - 1;
- ret = mbedtls_ssl_read( &ssl, buf, len );
- if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+ do {
+ len = sizeof(buf) - 1;
+ ret = mbedtls_ssl_read(&ssl, buf, len);
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
continue;
- else if( ret <= 0 )
+ } else if (ret <= 0) {
//EOF or error
break;
- }
- while( 1 );
+ }
+ } while (1);
}
}
exit:
- mbedtls_ssl_cookie_free( &cookie_ctx );
- mbedtls_entropy_free( &entropy );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_ssl_config_free( &conf );
- mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_cookie_free(&cookie_ctx);
+ mbedtls_entropy_free(&entropy);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ssl_free(&ssl);
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c
index 6c968fd..c24f275 100644
--- a/programs/fuzz/fuzz_privkey.c
+++ b/programs/fuzz/fuzz_privkey.c
@@ -6,7 +6,8 @@
#define MAX_LEN 0x1000
-int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
#ifdef MBEDTLS_PK_PARSE_C
int ret;
mbedtls_pk_context pk;
@@ -16,56 +17,53 @@
Size = MAX_LEN;
}
- mbedtls_pk_init( &pk );
- ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0 );
+ mbedtls_pk_init(&pk);
+ ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0);
if (ret == 0) {
#if defined(MBEDTLS_RSA_C)
- if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
- {
+ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
mbedtls_rsa_context *rsa;
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
- mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+ mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
- rsa = mbedtls_pk_rsa( pk );
- if ( mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ) != 0 ) {
+ rsa = mbedtls_pk_rsa(pk);
+ if (mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) != 0) {
abort();
}
- if ( mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) != 0 ) {
+ if (mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) != 0) {
abort();
}
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
- mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
- }
- else
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+ mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+ } else
#endif
#if defined(MBEDTLS_ECP_C)
- if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY ||
- mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY_DH )
- {
- mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
+ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY ||
+ mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) {
+ mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
mbedtls_ecp_group_id grp_id = ecp->grp.id;
const mbedtls_ecp_curve_info *curve_info =
- mbedtls_ecp_curve_info_from_grp_id( grp_id );
+ mbedtls_ecp_curve_info_from_grp_id(grp_id);
/* If the curve is not supported, the key should not have been
* accepted. */
- if( curve_info == NULL )
- abort( );
- }
- else
+ if (curve_info == NULL) {
+ abort();
+ }
+ } else
#endif
{
/* The key is valid but is not of a supported type.
* This should not happen. */
- abort( );
+ abort();
}
}
- mbedtls_pk_free( &pk );
+ mbedtls_pk_free(&pk);
#else
(void) Data;
(void) Size;
diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c
index 9e80350..388b4c5 100644
--- a/programs/fuzz/fuzz_pubkey.c
+++ b/programs/fuzz/fuzz_pubkey.c
@@ -2,70 +2,69 @@
#include <stdlib.h>
#include "mbedtls/pk.h"
-int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
#ifdef MBEDTLS_PK_PARSE_C
int ret;
mbedtls_pk_context pk;
- mbedtls_pk_init( &pk );
- ret = mbedtls_pk_parse_public_key( &pk, Data, Size );
+ mbedtls_pk_init(&pk);
+ ret = mbedtls_pk_parse_public_key(&pk, Data, Size);
if (ret == 0) {
#if defined(MBEDTLS_RSA_C)
- if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
- {
+ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
mbedtls_rsa_context *rsa;
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
- mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+ mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
- rsa = mbedtls_pk_rsa( pk );
- if ( mbedtls_rsa_export( rsa, &N, NULL, NULL, NULL, &E ) != 0 ) {
+ rsa = mbedtls_pk_rsa(pk);
+ if (mbedtls_rsa_export(rsa, &N, NULL, NULL, NULL, &E) != 0) {
abort();
}
- if ( mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) {
+ if (mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) {
abort();
}
- if ( mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) {
+ if (mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) {
abort();
}
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
- mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+ mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
- }
- else
+ } else
#endif
#if defined(MBEDTLS_ECP_C)
- if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY ||
- mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY_DH )
- {
- mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
+ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY ||
+ mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) {
+ mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
mbedtls_ecp_group_id grp_id = ecp->grp.id;
const mbedtls_ecp_curve_info *curve_info =
- mbedtls_ecp_curve_info_from_grp_id( grp_id );
+ mbedtls_ecp_curve_info_from_grp_id(grp_id);
/* If the curve is not supported, the key should not have been
* accepted. */
- if( curve_info == NULL )
- abort( );
+ if (curve_info == NULL) {
+ abort();
+ }
/* It's a public key, so the private value should not have
* been changed from its initialization to 0. */
- if( mbedtls_mpi_cmp_int( &ecp->d, 0 ) != 0 )
- abort( );
- }
- else
+ if (mbedtls_mpi_cmp_int(&ecp->d, 0) != 0) {
+ abort();
+ }
+ } else
#endif
{
/* The key is valid but is not of a supported type.
* This should not happen. */
- abort( );
+ abort();
}
}
- mbedtls_pk_free( &pk );
+ mbedtls_pk_free(&pk);
#else
(void) Data;
(void) Size;
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 062df43..5f970e9 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -30,7 +30,8 @@
#endif // MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C
-int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
#if defined(MBEDTLS_SSL_SRV_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
@@ -55,17 +56,20 @@
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
- mbedtls_x509_crt_init( &srvcert );
- mbedtls_pk_init( &pkey );
- if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
- mbedtls_test_srv_crt_len ) != 0)
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_pk_init(&pkey);
+ if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len) != 0) {
return 1;
- if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
- mbedtls_test_cas_pem_len ) != 0)
+ }
+ if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len) != 0) {
return 1;
- if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0 ) != 0)
+ }
+ if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0) != 0) {
return 1;
+ }
#endif
alpn_list[0] = "HTTP";
@@ -76,109 +80,121 @@
initialized = 1;
}
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_entropy_init( &entropy );
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
- mbedtls_ssl_ticket_init( &ticket_ctx );
+ mbedtls_ssl_ticket_init(&ticket_ctx);
#endif
- if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
- (const unsigned char *) pers, strlen( pers ) ) != 0 )
+ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen(pers)) != 0) {
goto exit;
+ }
- if( mbedtls_ssl_config_defaults( &conf,
+ if (mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM,
- MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
+ MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
goto exit;
+ }
srand(1);
- mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
+ mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
- mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
- if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 )
+ mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
+ if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) {
goto exit;
+ }
#endif
- mbedtls_ssl_conf_cert_req_ca_list( &conf, (options & 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED );
+ mbedtls_ssl_conf_cert_req_ca_list(&conf,
+ (options &
+ 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED);
#if defined(MBEDTLS_SSL_ALPN)
if (options & 0x2) {
- mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list );
+ mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list);
}
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
- if( options & 0x4 )
- {
- if( mbedtls_ssl_ticket_setup( &ticket_ctx,
+ if (options & 0x4) {
+ if (mbedtls_ssl_ticket_setup(&ticket_ctx,
dummy_random, &ctr_drbg,
MBEDTLS_CIPHER_AES_256_GCM,
- 86400 ) != 0 )
+ 86400) != 0) {
goto exit;
+ }
- mbedtls_ssl_conf_session_tickets_cb( &conf,
+ mbedtls_ssl_conf_session_tickets_cb(&conf,
mbedtls_ssl_ticket_write,
mbedtls_ssl_ticket_parse,
- &ticket_ctx );
+ &ticket_ctx);
}
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- mbedtls_ssl_conf_truncated_hmac( &conf, (options & 0x8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED);
+ mbedtls_ssl_conf_truncated_hmac(&conf,
+ (options &
+ 0x8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED);
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
+ mbedtls_ssl_conf_extended_master_secret(&conf,
+ (options &
+ 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED);
+ mbedtls_ssl_conf_encrypt_then_mac(&conf,
+ (options &
+ 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED);
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
if (options & 0x40) {
- mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
- (const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
+ mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
+ (const unsigned char *) psk_id, sizeof(psk_id) - 1);
}
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED );
+ mbedtls_ssl_conf_renegotiation(&conf,
+ (options &
+ 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED);
#endif
- if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
+ if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
goto exit;
+ }
biomemfuzz.Data = Data;
biomemfuzz.Size = Size-1;
biomemfuzz.Offset = 0;
- mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL );
+ mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL);
- mbedtls_ssl_session_reset( &ssl );
- ret = mbedtls_ssl_handshake( &ssl );
- if( ret == 0 )
- {
+ mbedtls_ssl_session_reset(&ssl);
+ ret = mbedtls_ssl_handshake(&ssl);
+ if (ret == 0) {
//keep reading data from server until the end
- do
- {
- len = sizeof( buf ) - 1;
- ret = mbedtls_ssl_read( &ssl, buf, len );
+ do {
+ len = sizeof(buf) - 1;
+ ret = mbedtls_ssl_read(&ssl, buf, len);
- if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
continue;
- else if( ret <= 0 )
+ } else if (ret <= 0) {
//EOF or error
break;
- }
- while( 1 );
+ }
+ } while (1);
}
exit:
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
- mbedtls_ssl_ticket_free( &ticket_ctx );
+ mbedtls_ssl_ticket_free(&ticket_ctx);
#endif
- mbedtls_entropy_free( &entropy );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_ssl_config_free( &conf );
- mbedtls_ssl_free( &ssl );
+ mbedtls_entropy_free(&entropy);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ssl_free(&ssl);
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c
index 02f521c..3aaa8e5 100644
--- a/programs/fuzz/fuzz_x509crl.c
+++ b/programs/fuzz/fuzz_x509crl.c
@@ -1,18 +1,19 @@
#include <stdint.h>
#include "mbedtls/x509_crl.h"
-int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
#ifdef MBEDTLS_X509_CRL_PARSE_C
int ret;
mbedtls_x509_crl crl;
unsigned char buf[4096];
- mbedtls_x509_crl_init( &crl );
- ret = mbedtls_x509_crl_parse( &crl, Data, Size );
+ mbedtls_x509_crl_init(&crl);
+ ret = mbedtls_x509_crl_parse(&crl, Data, Size);
if (ret == 0) {
- ret = mbedtls_x509_crl_info( (char *) buf, sizeof( buf ) - 1, " ", &crl );
+ ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl);
}
- mbedtls_x509_crl_free( &crl );
+ mbedtls_x509_crl_free(&crl);
#else
(void) Data;
(void) Size;
diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c
index 8f593a1..a5cb7ec 100644
--- a/programs/fuzz/fuzz_x509crt.c
+++ b/programs/fuzz/fuzz_x509crt.c
@@ -1,18 +1,19 @@
#include <stdint.h>
#include "mbedtls/x509_crt.h"
-int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
#ifdef MBEDTLS_X509_CRT_PARSE_C
int ret;
mbedtls_x509_crt crt;
unsigned char buf[4096];
- mbedtls_x509_crt_init( &crt );
- ret = mbedtls_x509_crt_parse( &crt, Data, Size );
+ mbedtls_x509_crt_init(&crt);
+ ret = mbedtls_x509_crt_parse(&crt, Data, Size);
if (ret == 0) {
- ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ", &crt );
+ ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ", &crt);
}
- mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free(&crt);
#else
(void) Data;
(void) Size;
diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c
index 3cf28a6..afd2031 100644
--- a/programs/fuzz/fuzz_x509csr.c
+++ b/programs/fuzz/fuzz_x509csr.c
@@ -1,18 +1,19 @@
#include <stdint.h>
#include "mbedtls/x509_csr.h"
-int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
#ifdef MBEDTLS_X509_CSR_PARSE_C
int ret;
mbedtls_x509_csr csr;
unsigned char buf[4096];
- mbedtls_x509_csr_init( &csr );
- ret = mbedtls_x509_csr_parse( &csr, Data, Size );
+ mbedtls_x509_csr_init(&csr);
+ ret = mbedtls_x509_csr_parse(&csr, Data, Size);
if (ret == 0) {
- ret = mbedtls_x509_csr_info( (char *) buf, sizeof( buf ) - 1, " ", &csr );
+ ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr);
}
- mbedtls_x509_csr_free( &csr );
+ mbedtls_x509_csr_free(&csr);
#else
(void) Data;
(void) Size;
diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c
index 58b0f83..8399735 100644
--- a/programs/fuzz/onefile.c
+++ b/programs/fuzz/onefile.c
@@ -13,9 +13,9 @@
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
-int main(int argc, char** argv)
+int main(int argc, char **argv)
{
- FILE * fp;
+ FILE *fp;
uint8_t *Data;
size_t Size;
@@ -57,4 +57,3 @@
fclose(fp);
return 0;
}
-
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index f570e3e..edb40b6 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -33,43 +33,47 @@
#endif
#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_FS_IO)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
- mbedtls_exit( 0 );
+ mbedtls_exit(0);
}
#else
-static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum )
+static int generic_wrapper(const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum)
{
- int ret = mbedtls_md_file( md_info, filename, sum );
+ int ret = mbedtls_md_file(md_info, filename, sum);
- if( ret == 1 )
- mbedtls_fprintf( stderr, "failed to open: %s\n", filename );
+ if (ret == 1) {
+ mbedtls_fprintf(stderr, "failed to open: %s\n", filename);
+ }
- if( ret == 2 )
- mbedtls_fprintf( stderr, "failed to read: %s\n", filename );
+ if (ret == 2) {
+ mbedtls_fprintf(stderr, "failed to read: %s\n", filename);
+ }
- return( ret );
+ return ret;
}
-static int generic_print( const mbedtls_md_info_t *md_info, char *filename )
+static int generic_print(const mbedtls_md_info_t *md_info, char *filename)
{
int i;
unsigned char sum[MBEDTLS_MD_MAX_SIZE];
- if( generic_wrapper( md_info, filename, sum ) != 0 )
- return( 1 );
+ if (generic_wrapper(md_info, filename, sum) != 0) {
+ return 1;
+ }
- for( i = 0; i < mbedtls_md_get_size( md_info ); i++ )
- mbedtls_printf( "%02x", sum[i] );
+ for (i = 0; i < mbedtls_md_get_size(md_info); i++) {
+ mbedtls_printf("%02x", sum[i]);
+ }
- mbedtls_printf( " %s\n", filename );
- return( 0 );
+ mbedtls_printf(" %s\n", filename);
+ return 0;
}
-static int generic_check( const mbedtls_md_info_t *md_info, char *filename )
+static int generic_check(const mbedtls_md_info_t *md_info, char *filename)
{
int i;
size_t n;
@@ -85,146 +89,142 @@
char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1];
#endif
- if( ( f = fopen( filename, "rb" ) ) == NULL )
- {
- mbedtls_printf( "failed to open: %s\n", filename );
- return( 1 );
+ if ((f = fopen(filename, "rb")) == NULL) {
+ mbedtls_printf("failed to open: %s\n", filename);
+ return 1;
}
nb_err1 = nb_err2 = 0;
nb_tot1 = nb_tot2 = 0;
- memset( line, 0, sizeof( line ) );
+ memset(line, 0, sizeof(line));
- n = sizeof( line );
+ n = sizeof(line);
- while( fgets( line, (int) n - 1, f ) != NULL )
- {
- n = strlen( line );
+ while (fgets(line, (int) n - 1, f) != NULL) {
+ n = strlen(line);
- if( n < (size_t) 2 * mbedtls_md_get_size( md_info ) + 4 )
- {
- mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name( md_info ));
+ if (n < (size_t) 2 * mbedtls_md_get_size(md_info) + 4) {
+ mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info));
continue;
}
- if( line[2 * mbedtls_md_get_size( md_info )] != ' ' || line[2 * mbedtls_md_get_size( md_info ) + 1] != ' ' )
- {
- mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name( md_info ));
+ if (line[2 * mbedtls_md_get_size(md_info)] != ' ' ||
+ line[2 * mbedtls_md_get_size(md_info) + 1] != ' ') {
+ mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info));
continue;
}
- if( line[n - 1] == '\n' ) { n--; line[n] = '\0'; }
- if( line[n - 1] == '\r' ) { n--; line[n] = '\0'; }
+ if (line[n - 1] == '\n') {
+ n--; line[n] = '\0';
+ }
+ if (line[n - 1] == '\r') {
+ n--; line[n] = '\0';
+ }
nb_tot1++;
- if( generic_wrapper( md_info, line + 2 + 2 * mbedtls_md_get_size( md_info ), sum ) != 0 )
- {
+ if (generic_wrapper(md_info, line + 2 + 2 * mbedtls_md_get_size(md_info), sum) != 0) {
nb_err1++;
continue;
}
nb_tot2++;
- for( i = 0; i < mbedtls_md_get_size( md_info ); i++ )
- sprintf( buf + i * 2, "%02x", sum[i] );
+ for (i = 0; i < mbedtls_md_get_size(md_info); i++) {
+ sprintf(buf + i * 2, "%02x", sum[i]);
+ }
/* Use constant-time buffer comparison */
diff = 0;
- for( i = 0; i < 2 * mbedtls_md_get_size( md_info ); i++ )
+ for (i = 0; i < 2 * mbedtls_md_get_size(md_info); i++) {
diff |= line[i] ^ buf[i];
-
- if( diff != 0 )
- {
- nb_err2++;
- mbedtls_fprintf( stderr, "wrong checksum: %s\n", line + 66 );
}
- n = sizeof( line );
+ if (diff != 0) {
+ nb_err2++;
+ mbedtls_fprintf(stderr, "wrong checksum: %s\n", line + 66);
+ }
+
+ n = sizeof(line);
}
- if( nb_err1 != 0 )
- {
- mbedtls_printf( "WARNING: %d (out of %d) input files could "
- "not be read\n", nb_err1, nb_tot1 );
+ if (nb_err1 != 0) {
+ mbedtls_printf("WARNING: %d (out of %d) input files could "
+ "not be read\n", nb_err1, nb_tot1);
}
- if( nb_err2 != 0 )
- {
- mbedtls_printf( "WARNING: %d (out of %d) computed checksums did "
- "not match\n", nb_err2, nb_tot2 );
+ if (nb_err2 != 0) {
+ mbedtls_printf("WARNING: %d (out of %d) computed checksums did "
+ "not match\n", nb_err2, nb_tot2);
}
- fclose( f );
+ fclose(f);
- return( nb_err1 != 0 || nb_err2 != 0 );
+ return nb_err1 != 0 || nb_err2 != 0;
}
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret = 1, i;
int exit_code = MBEDTLS_EXIT_FAILURE;
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
- mbedtls_md_init( &md_ctx );
+ mbedtls_md_init(&md_ctx);
- if( argc == 1 )
- {
+ if (argc == 1) {
const int *list;
- mbedtls_printf( "print mode: generic_sum <mbedtls_md> <file> <file> ...\n" );
- mbedtls_printf( "check mode: generic_sum <mbedtls_md> -c <checksum file>\n" );
+ mbedtls_printf("print mode: generic_sum <mbedtls_md> <file> <file> ...\n");
+ mbedtls_printf("check mode: generic_sum <mbedtls_md> -c <checksum file>\n");
- mbedtls_printf( "\nAvailable message digests:\n" );
+ mbedtls_printf("\nAvailable message digests:\n");
list = mbedtls_md_list();
- while( *list )
- {
- md_info = mbedtls_md_info_from_type( *list );
- mbedtls_printf( " %s\n", mbedtls_md_get_name( md_info ) );
+ while (*list) {
+ md_info = mbedtls_md_info_from_type(*list);
+ mbedtls_printf(" %s\n", mbedtls_md_get_name(md_info));
list++;
}
#if defined(_WIN32)
- mbedtls_printf( "\n Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf("\n Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
/*
* Read the MD from the command line
*/
- md_info = mbedtls_md_info_from_string( argv[1] );
- if( md_info == NULL )
- {
- mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] );
- mbedtls_exit( exit_code );
+ md_info = mbedtls_md_info_from_string(argv[1]);
+ if (md_info == NULL) {
+ mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[1]);
+ mbedtls_exit(exit_code);
}
- if( mbedtls_md_setup( &md_ctx, md_info, 0 ) )
- {
- mbedtls_fprintf( stderr, "Failed to initialize context.\n" );
- mbedtls_exit( exit_code );
+ if (mbedtls_md_setup(&md_ctx, md_info, 0)) {
+ mbedtls_fprintf(stderr, "Failed to initialize context.\n");
+ mbedtls_exit(exit_code);
}
ret = 0;
- if( argc == 4 && strcmp( "-c", argv[2] ) == 0 )
- {
- ret |= generic_check( md_info, argv[3] );
+ if (argc == 4 && strcmp("-c", argv[2]) == 0) {
+ ret |= generic_check(md_info, argv[3]);
goto exit;
}
- for( i = 2; i < argc; i++ )
- ret |= generic_print( md_info, argv[i] );
+ for (i = 2; i < argc; i++) {
+ ret |= generic_print(md_info, argv[i]);
+ }
- if ( ret == 0 )
+ if (ret == 0) {
exit_code = MBEDTLS_EXIT_SUCCESS;
+ }
exit:
- mbedtls_md_free( &md_ctx );
+ mbedtls_md_free(&md_ctx);
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */
diff --git a/programs/hash/hello.c b/programs/hash/hello.c
index 1991bee..937efc7 100644
--- a/programs/hash/hello.c
+++ b/programs/hash/hello.c
@@ -30,35 +30,37 @@
#endif
#if !defined(MBEDTLS_MD5_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_MD5_C not defined.\n");
- mbedtls_exit( 0 );
+ mbedtls_exit(0);
}
#else
-int main( void )
+int main(void)
{
int i, ret;
unsigned char digest[16];
char str[] = "Hello, world!";
- mbedtls_printf( "\n MD5('%s') = ", str );
+ mbedtls_printf("\n MD5('%s') = ", str);
- if( ( ret = mbedtls_md5_ret( (unsigned char *) str, 13, digest ) ) != 0 )
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+ if ((ret = mbedtls_md5_ret((unsigned char *) str, 13, digest)) != 0) {
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+ }
- for( i = 0; i < 16; i++ )
- mbedtls_printf( "%02x", digest[i] );
+ for (i = 0; i < 16; i++) {
+ mbedtls_printf("%02x", digest[i]);
+ }
- mbedtls_printf( "\n\n" );
+ mbedtls_printf("\n\n");
#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( MBEDTLS_EXIT_SUCCESS );
+ mbedtls_exit(MBEDTLS_EXIT_SUCCESS);
}
#endif /* MBEDTLS_MD5_C */
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index e906c6b..e9629b0 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -50,18 +50,18 @@
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_SHA1_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
- "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_CTR_DRBG_C not defined.\n");
- mbedtls_exit( 0 );
+ "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
}
#else
-int main( void )
+int main(void)
{
FILE *f;
@@ -81,111 +81,102 @@
mbedtls_dhm_context dhm;
mbedtls_aes_context aes;
- mbedtls_net_init( &server_fd );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
- mbedtls_dhm_init( &dhm );
- mbedtls_aes_init( &aes );
- mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_net_init(&server_fd);
+ mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256);
+ mbedtls_dhm_init(&dhm);
+ mbedtls_aes_init(&aes);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
/*
* 1. Setup the RNG
*/
- mbedtls_printf( "\n . Seeding the random number generator" );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator");
+ fflush(stdout);
- mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ mbedtls_entropy_init(&entropy);
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
/*
* 2. Read the server's public RSA key
*/
- mbedtls_printf( "\n . Reading public key from rsa_pub.txt" );
- fflush( stdout );
+ mbedtls_printf("\n . Reading public key from rsa_pub.txt");
+ fflush(stdout);
- if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \
- " ! Please run rsa_genkey first\n\n" );
+ if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \
+ " ! Please run rsa_genkey first\n\n");
goto exit;
}
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0);
- if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
- fclose( f );
+ if ((ret = mbedtls_mpi_read_file(&rsa.N, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&rsa.E, 16, f)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret);
+ fclose(f);
goto exit;
}
- rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
+ rsa.len = (mbedtls_mpi_bitlen(&rsa.N) + 7) >> 3;
- fclose( f );
+ fclose(f);
/*
* 3. Initiate the connection
*/
- mbedtls_printf( "\n . Connecting to tcp/%s/%s", SERVER_NAME,
- SERVER_PORT );
- fflush( stdout );
+ mbedtls_printf("\n . Connecting to tcp/%s/%s", SERVER_NAME,
+ SERVER_PORT);
+ fflush(stdout);
- if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME,
- SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
+ if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME,
+ SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
goto exit;
}
/*
* 4a. First get the buffer length
*/
- mbedtls_printf( "\n . Receiving the server's DH parameters" );
- fflush( stdout );
+ mbedtls_printf("\n . Receiving the server's DH parameters");
+ fflush(stdout);
- memset( buf, 0, sizeof( buf ) );
+ memset(buf, 0, sizeof(buf));
- if( ( ret = mbedtls_net_recv( &server_fd, buf, 2 ) ) != 2 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
+ if ((ret = mbedtls_net_recv(&server_fd, buf, 2)) != 2) {
+ mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret);
goto exit;
}
- n = buflen = ( buf[0] << 8 ) | buf[1];
- if( buflen < 1 || buflen > sizeof( buf ) )
- {
- mbedtls_printf( " failed\n ! Got an invalid buffer length\n\n" );
+ n = buflen = (buf[0] << 8) | buf[1];
+ if (buflen < 1 || buflen > sizeof(buf)) {
+ mbedtls_printf(" failed\n ! Got an invalid buffer length\n\n");
goto exit;
}
/*
* 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P
*/
- memset( buf, 0, sizeof( buf ) );
+ memset(buf, 0, sizeof(buf));
- if( ( ret = mbedtls_net_recv( &server_fd, buf, n ) ) != (int) n )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
+ if ((ret = mbedtls_net_recv(&server_fd, buf, n)) != (int) n) {
+ mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret);
goto exit;
}
p = buf, end = buf + buflen;
- if( ( ret = mbedtls_dhm_read_params( &dhm, &p, end ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_dhm_read_params returned %d\n\n", ret );
+ if ((ret = mbedtls_dhm_read_params(&dhm, &p, end)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_dhm_read_params returned %d\n\n", ret);
goto exit;
}
- if( dhm.len < 64 || dhm.len > 512 )
- {
- mbedtls_printf( " failed\n ! Invalid DHM modulus size\n\n" );
+ if (dhm.len < 64 || dhm.len > 512) {
+ mbedtls_printf(" failed\n ! Invalid DHM modulus size\n\n");
goto exit;
}
@@ -193,65 +184,60 @@
* 5. Check that the server's RSA signature matches
* the SHA-256 hash of (P,G,Ys)
*/
- mbedtls_printf( "\n . Verifying the server's RSA signature" );
- fflush( stdout );
+ mbedtls_printf("\n . Verifying the server's RSA signature");
+ fflush(stdout);
p += 2;
- if( ( n = (size_t) ( end - p ) ) != rsa.len )
- {
- mbedtls_printf( " failed\n ! Invalid RSA signature size\n\n" );
+ if ((n = (size_t) (end - p)) != rsa.len) {
+ mbedtls_printf(" failed\n ! Invalid RSA signature size\n\n");
goto exit;
}
- if( ( ret = mbedtls_sha1_ret( buf, (int)( p - 2 - buf ), hash ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_sha1_ret returned %d\n\n", ret );
+ if ((ret = mbedtls_sha1_ret(buf, (int) (p - 2 - buf), hash)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_sha1_ret returned %d\n\n", ret);
goto exit;
}
- if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
- MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret );
+ if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
+ MBEDTLS_MD_SHA256, 0, hash, p)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret);
goto exit;
}
/*
* 6. Send our public value: Yc = G ^ Xc mod P
*/
- mbedtls_printf( "\n . Sending own public value to server" );
- fflush( stdout );
+ mbedtls_printf("\n . Sending own public value to server");
+ fflush(stdout);
n = dhm.len;
- if( ( ret = mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, n,
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret );
+ if ((ret = mbedtls_dhm_make_public(&dhm, (int) dhm.len, buf, n,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret);
goto exit;
}
- if( ( ret = mbedtls_net_send( &server_fd, buf, n ) ) != (int) n )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
+ if ((ret = mbedtls_net_send(&server_fd, buf, n)) != (int) n) {
+ mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret);
goto exit;
}
/*
* 7. Derive the shared secret: K = Ys ^ Xc mod P
*/
- mbedtls_printf( "\n . Shared secret: " );
- fflush( stdout );
+ mbedtls_printf("\n . Shared secret: ");
+ fflush(stdout);
- if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n,
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret );
+ if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret);
goto exit;
}
- for( n = 0; n < 16; n++ )
- mbedtls_printf( "%02x", buf[n] );
+ for (n = 0; n < 16; n++) {
+ mbedtls_printf("%02x", buf[n]);
+ }
/*
* 8. Setup the AES-256 decryption key
@@ -261,45 +247,46 @@
* the keying material for the encryption/decryption keys,
* IVs and MACs.
*/
- mbedtls_printf( "...\n . Receiving and decrypting the ciphertext" );
- fflush( stdout );
+ mbedtls_printf("...\n . Receiving and decrypting the ciphertext");
+ fflush(stdout);
- ret = mbedtls_aes_setkey_dec( &aes, buf, 256 );
- if( ret != 0 )
- goto exit;
-
- memset( buf, 0, sizeof( buf ) );
-
- if( ( ret = mbedtls_net_recv( &server_fd, buf, 16 ) ) != 16 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
+ ret = mbedtls_aes_setkey_dec(&aes, buf, 256);
+ if (ret != 0) {
goto exit;
}
- ret = mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_DECRYPT, buf, buf );
- if( ret != 0 )
+ memset(buf, 0, sizeof(buf));
+
+ if ((ret = mbedtls_net_recv(&server_fd, buf, 16)) != 16) {
+ mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret);
goto exit;
+ }
+
+ ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_DECRYPT, buf, buf);
+ if (ret != 0) {
+ goto exit;
+ }
buf[16] = '\0';
- mbedtls_printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf );
+ mbedtls_printf("\n . Plaintext is \"%s\"\n\n", (char *) buf);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_net_free( &server_fd );
+ mbedtls_net_free(&server_fd);
- mbedtls_aes_free( &aes );
- mbedtls_rsa_free( &rsa );
- mbedtls_dhm_free( &dhm );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_aes_free(&aes);
+ mbedtls_rsa_free(&rsa);
+ mbedtls_dhm_free(&dhm);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index 91fddf3..b09ef42 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -28,12 +28,12 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_GENPRIME)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
- "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or "
- "MBEDTLS_GENPRIME not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_GENPRIME not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -58,7 +58,7 @@
#define GENERATOR "4"
-int main( int argc, char **argv )
+int main(int argc, char **argv)
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@@ -71,121 +71,112 @@
int i;
char *p, *q;
- mbedtls_mpi_init( &G ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_entropy_init( &entropy );
+ mbedtls_mpi_init(&G); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
- if( argc == 0 )
- {
- usage:
- mbedtls_printf( USAGE );
+ if (argc == 0) {
+usage:
+ mbedtls_printf(USAGE);
goto exit;
}
- for( i = 1; i < argc; i++ )
- {
+ for (i = 1; i < argc; i++) {
p = argv[i];
- if( ( q = strchr( p, '=' ) ) == NULL )
+ if ((q = strchr(p, '=')) == NULL) {
goto usage;
+ }
*q++ = '\0';
- if( strcmp( p, "bits" ) == 0 )
- {
- nbits = atoi( q );
- if( nbits < 0 || nbits > MBEDTLS_MPI_MAX_BITS )
+ if (strcmp(p, "bits") == 0) {
+ nbits = atoi(q);
+ if (nbits < 0 || nbits > MBEDTLS_MPI_MAX_BITS) {
goto usage;
- }
- else
+ }
+ } else {
goto usage;
+ }
}
- if( ( ret = mbedtls_mpi_read_string( &G, 10, GENERATOR ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_read_string returned %d\n", ret );
+ if ((ret = mbedtls_mpi_read_string(&G, 10, GENERATOR)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_read_string returned %d\n", ret);
goto exit;
}
- mbedtls_printf( " ! Generating large primes may take minutes!\n" );
+ mbedtls_printf(" ! Generating large primes may take minutes!\n");
- mbedtls_printf( "\n . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n . Generating the modulus, please wait..." );
- fflush( stdout );
+ mbedtls_printf(" ok\n . Generating the modulus, please wait...");
+ fflush(stdout);
/*
* This can take a long time...
*/
- if( ( ret = mbedtls_mpi_gen_prime( &P, nbits, 1,
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_gen_prime returned %d\n\n", ret );
+ if ((ret = mbedtls_mpi_gen_prime(&P, nbits, 1,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_gen_prime returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n . Verifying that Q = (P-1)/2 is prime..." );
- fflush( stdout );
+ mbedtls_printf(" ok\n . Verifying that Q = (P-1)/2 is prime...");
+ fflush(stdout);
- if( ( ret = mbedtls_mpi_sub_int( &Q, &P, 1 ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_sub_int returned %d\n\n", ret );
+ if ((ret = mbedtls_mpi_sub_int(&Q, &P, 1)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_sub_int returned %d\n\n", ret);
goto exit;
}
- if( ( ret = mbedtls_mpi_div_int( &Q, NULL, &Q, 2 ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_div_int returned %d\n\n", ret );
+ if ((ret = mbedtls_mpi_div_int(&Q, NULL, &Q, 2)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_div_int returned %d\n\n", ret);
goto exit;
}
- if( ( ret = mbedtls_mpi_is_prime_ext( &Q, 50, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_is_prime returned %d\n\n", ret );
+ if ((ret = mbedtls_mpi_is_prime_ext(&Q, 50, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_is_prime returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n . Exporting the value in dh_prime.txt..." );
- fflush( stdout );
+ mbedtls_printf(" ok\n . Exporting the value in dh_prime.txt...");
+ fflush(stdout);
- if( ( fout = fopen( "dh_prime.txt", "wb+" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Could not create dh_prime.txt\n\n" );
+ if ((fout = fopen("dh_prime.txt", "wb+")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not create dh_prime.txt\n\n");
goto exit;
}
- if( ( ( ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) ) != 0 ) ||
- ( ( ret = mbedtls_mpi_write_file( "G = ", &G, 16, fout ) ) != 0 ) )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret );
- fclose( fout );
+ if (((ret = mbedtls_mpi_write_file("P = ", &P, 16, fout)) != 0) ||
+ ((ret = mbedtls_mpi_write_file("G = ", &G, 16, fout)) != 0)) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret);
+ fclose(fout);
goto exit;
}
- mbedtls_printf( " ok\n\n" );
- fclose( fout );
+ mbedtls_printf(" ok\n\n");
+ fclose(fout);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_mpi_free( &G ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_mpi_free(&G); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO &&
MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 6ad00d6..0200b2e 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -50,18 +50,18 @@
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_SHA1_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
- "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_CTR_DRBG_C not defined.\n");
- mbedtls_exit( 0 );
+ "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
}
#else
-int main( void )
+int main(void)
{
FILE *f;
@@ -83,196 +83,181 @@
mbedtls_mpi N, P, Q, D, E;
- mbedtls_net_init( &listen_fd );
- mbedtls_net_init( &client_fd );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
- mbedtls_dhm_init( &dhm );
- mbedtls_aes_init( &aes );
- mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_net_init(&listen_fd);
+ mbedtls_net_init(&client_fd);
+ mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256);
+ mbedtls_dhm_init(&dhm);
+ mbedtls_aes_init(&aes);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
/*
* 1. Setup the RNG
*/
- mbedtls_printf( "\n . Seeding the random number generator" );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator");
+ fflush(stdout);
- mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ mbedtls_entropy_init(&entropy);
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
/*
* 2a. Read the server's private RSA key
*/
- mbedtls_printf( "\n . Reading private key from rsa_priv.txt" );
- fflush( stdout );
+ mbedtls_printf("\n . Reading private key from rsa_priv.txt");
+ fflush(stdout);
- if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
- " ! Please run rsa_genkey first\n\n" );
+ if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \
+ " ! Please run rsa_genkey first\n\n");
goto exit;
}
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0);
- if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n",
- ret );
- fclose( f );
+ if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n",
+ ret);
+ fclose(f);
goto exit;
}
- fclose( f );
+ fclose(f);
- if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n",
- ret );
+ if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n",
+ ret);
goto exit;
}
- if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n",
- ret );
+ if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n",
+ ret);
goto exit;
}
/*
* 2b. Get the DHM modulus and generator
*/
- mbedtls_printf( "\n . Reading DH parameters from dh_prime.txt" );
- fflush( stdout );
+ mbedtls_printf("\n . Reading DH parameters from dh_prime.txt");
+ fflush(stdout);
- if( ( f = fopen( "dh_prime.txt", "rb" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Could not open dh_prime.txt\n" \
- " ! Please run dh_genprime first\n\n" );
+ if ((f = fopen("dh_prime.txt", "rb")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not open dh_prime.txt\n" \
+ " ! Please run dh_genprime first\n\n");
goto exit;
}
- if( mbedtls_mpi_read_file( &dhm.P, 16, f ) != 0 ||
- mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 )
- {
- mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" );
- fclose( f );
+ if (mbedtls_mpi_read_file(&dhm.P, 16, f) != 0 ||
+ mbedtls_mpi_read_file(&dhm.G, 16, f) != 0) {
+ mbedtls_printf(" failed\n ! Invalid DH parameter file\n\n");
+ fclose(f);
goto exit;
}
- fclose( f );
+ fclose(f);
/*
* 3. Wait for a client to connect
*/
- mbedtls_printf( "\n . Waiting for a remote connection" );
- fflush( stdout );
+ mbedtls_printf("\n . Waiting for a remote connection");
+ fflush(stdout);
- if( ( ret = mbedtls_net_bind( &listen_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
+ if ((ret = mbedtls_net_bind(&listen_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret);
goto exit;
}
- if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
- NULL, 0, NULL ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
+ if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
+ NULL, 0, NULL)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret);
goto exit;
}
/*
* 4. Setup the DH parameters (P,G,Ys)
*/
- mbedtls_printf( "\n . Sending the server's DH parameters" );
- fflush( stdout );
+ mbedtls_printf("\n . Sending the server's DH parameters");
+ fflush(stdout);
- memset( buf, 0, sizeof( buf ) );
+ memset(buf, 0, sizeof(buf));
- if( ( ret = mbedtls_dhm_make_params( &dhm, (int) mbedtls_mpi_size( &dhm.P ), buf, &n,
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret );
+ if ((ret = mbedtls_dhm_make_params(&dhm, (int) mbedtls_mpi_size(&dhm.P), buf, &n,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret);
goto exit;
}
/*
* 5. Sign the parameters and send them
*/
- if( ( ret = mbedtls_sha1_ret( buf, n, hash ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_sha1_ret returned %d\n\n", ret );
+ if ((ret = mbedtls_sha1_ret(buf, n, hash)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_sha1_ret returned %d\n\n", ret);
goto exit;
}
- buf[n ] = (unsigned char)( rsa.len >> 8 );
- buf[n + 1] = (unsigned char)( rsa.len );
+ buf[n] = (unsigned char) (rsa.len >> 8);
+ buf[n + 1] = (unsigned char) (rsa.len);
- if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
- 0, hash, buf + n + 2 ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret );
+ if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
+ 0, hash, buf + n + 2)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret);
goto exit;
}
buflen = n + 2 + rsa.len;
- buf2[0] = (unsigned char)( buflen >> 8 );
- buf2[1] = (unsigned char)( buflen );
+ buf2[0] = (unsigned char) (buflen >> 8);
+ buf2[1] = (unsigned char) (buflen);
- if( ( ret = mbedtls_net_send( &client_fd, buf2, 2 ) ) != 2 ||
- ( ret = mbedtls_net_send( &client_fd, buf, buflen ) ) != (int) buflen )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
+ if ((ret = mbedtls_net_send(&client_fd, buf2, 2)) != 2 ||
+ (ret = mbedtls_net_send(&client_fd, buf, buflen)) != (int) buflen) {
+ mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret);
goto exit;
}
/*
* 6. Get the client's public value: Yc = G ^ Xc mod P
*/
- mbedtls_printf( "\n . Receiving the client's public value" );
- fflush( stdout );
+ mbedtls_printf("\n . Receiving the client's public value");
+ fflush(stdout);
- memset( buf, 0, sizeof( buf ) );
+ memset(buf, 0, sizeof(buf));
n = dhm.len;
- if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
+ if ((ret = mbedtls_net_recv(&client_fd, buf, n)) != (int) n) {
+ mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret);
goto exit;
}
- if( ( ret = mbedtls_dhm_read_public( &dhm, buf, dhm.len ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret );
+ if ((ret = mbedtls_dhm_read_public(&dhm, buf, dhm.len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret);
goto exit;
}
/*
* 7. Derive the shared secret: K = Ys ^ Xc mod P
*/
- mbedtls_printf( "\n . Shared secret: " );
- fflush( stdout );
+ mbedtls_printf("\n . Shared secret: ");
+ fflush(stdout);
- if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n,
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret );
+ if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret);
goto exit;
}
- for( n = 0; n < 16; n++ )
- mbedtls_printf( "%02x", buf[n] );
+ for (n = 0; n < 16; n++) {
+ mbedtls_printf("%02x", buf[n]);
+ }
/*
* 8. Setup the AES-256 encryption key
@@ -282,47 +267,48 @@
* the keying material for the encryption/decryption keys
* and MACs.
*/
- mbedtls_printf( "...\n . Encrypting and sending the ciphertext" );
- fflush( stdout );
+ mbedtls_printf("...\n . Encrypting and sending the ciphertext");
+ fflush(stdout);
- ret = mbedtls_aes_setkey_enc( &aes, buf, 256 );
- if( ret != 0 )
+ ret = mbedtls_aes_setkey_enc(&aes, buf, 256);
+ if (ret != 0) {
goto exit;
- memcpy( buf, PLAINTEXT, 16 );
- ret = mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_ENCRYPT, buf, buf );
- if( ret != 0 )
- goto exit;
-
- if( ( ret = mbedtls_net_send( &client_fd, buf, 16 ) ) != 16 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
+ }
+ memcpy(buf, PLAINTEXT, 16);
+ ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_ENCRYPT, buf, buf);
+ if (ret != 0) {
goto exit;
}
- mbedtls_printf( "\n\n" );
+ if ((ret = mbedtls_net_send(&client_fd, buf, 16)) != 16) {
+ mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf("\n\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
- mbedtls_net_free( &client_fd );
- mbedtls_net_free( &listen_fd );
+ mbedtls_net_free(&client_fd);
+ mbedtls_net_free(&listen_fd);
- mbedtls_aes_free( &aes );
- mbedtls_rsa_free( &rsa );
- mbedtls_dhm_free( &dhm );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_aes_free(&aes);
+ mbedtls_rsa_free(&rsa);
+ mbedtls_dhm_free(&dhm);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index 69ff897..da28c7d 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -28,13 +28,13 @@
#if !defined(MBEDTLS_ECDH_C) || \
!defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
-int main( void )
+int main(void)
{
- mbedtls_printf( "MBEDTLS_ECDH_C and/or "
- "MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or "
- "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
- "not defined\n" );
- mbedtls_exit( 0 );
+ mbedtls_printf("MBEDTLS_ECDH_C and/or "
+ "MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
+ "not defined\n");
+ mbedtls_exit(0);
}
#else
@@ -45,7 +45,7 @@
#include <string.h>
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@@ -64,156 +64,147 @@
((void) argc);
((void) argv);
- mbedtls_ecdh_init( &ctx_cli );
- mbedtls_ecdh_init( &ctx_srv );
- mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_ecdh_init(&ctx_cli);
+ mbedtls_ecdh_init(&ctx_srv);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
/*
* Initialize random number generation
*/
- mbedtls_printf( " . Seed the random number generator..." );
- fflush( stdout );
+ mbedtls_printf(" . Seed the random number generator...");
+ fflush(stdout);
- mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
- &entropy,
- (const unsigned char *) pers,
- sizeof pers ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
- ret );
+ mbedtls_entropy_init(&entropy);
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+ &entropy,
+ (const unsigned char *) pers,
+ sizeof pers)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
+ ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* Client: initialize context and generate keypair
*/
- mbedtls_printf( " . Set up client context, generate EC key pair..." );
- fflush( stdout );
+ mbedtls_printf(" . Set up client context, generate EC key pair...");
+ fflush(stdout);
- ret = mbedtls_ecdh_setup( &ctx_cli, MBEDTLS_ECP_DP_CURVE25519 );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ecdh_setup returned %d\n", ret );
+ ret = mbedtls_ecdh_setup(&ctx_cli, MBEDTLS_ECP_DP_CURVE25519);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdh_setup returned %d\n", ret);
goto exit;
}
- ret = mbedtls_ecdh_make_params( &ctx_cli, &cli_olen, cli_to_srv,
- sizeof( cli_to_srv ),
- mbedtls_ctr_drbg_random, &ctr_drbg );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ecdh_make_params returned %d\n",
- ret );
+ ret = mbedtls_ecdh_make_params(&ctx_cli, &cli_olen, cli_to_srv,
+ sizeof(cli_to_srv),
+ mbedtls_ctr_drbg_random, &ctr_drbg);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdh_make_params returned %d\n",
+ ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* Server: initialize context and generate keypair
*/
- mbedtls_printf( " . Server: read params, generate public key..." );
- fflush( stdout );
+ mbedtls_printf(" . Server: read params, generate public key...");
+ fflush(stdout);
- ret = mbedtls_ecdh_read_params( &ctx_srv, &p_cli_to_srv,
- p_cli_to_srv + sizeof( cli_to_srv ) );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ecdh_read_params returned %d\n",
- ret );
+ ret = mbedtls_ecdh_read_params(&ctx_srv, &p_cli_to_srv,
+ p_cli_to_srv + sizeof(cli_to_srv));
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdh_read_params returned %d\n",
+ ret);
goto exit;
}
- ret = mbedtls_ecdh_make_public( &ctx_srv, &srv_olen, srv_to_cli,
- sizeof( srv_to_cli ),
- mbedtls_ctr_drbg_random, &ctr_drbg );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ecdh_make_public returned %d\n",
- ret );
+ ret = mbedtls_ecdh_make_public(&ctx_srv, &srv_olen, srv_to_cli,
+ sizeof(srv_to_cli),
+ mbedtls_ctr_drbg_random, &ctr_drbg);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdh_make_public returned %d\n",
+ ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* Client: read public key
*/
- mbedtls_printf( " . Client: read public key..." );
- fflush( stdout );
+ mbedtls_printf(" . Client: read public key...");
+ fflush(stdout);
- ret = mbedtls_ecdh_read_public( &ctx_cli, srv_to_cli,
- sizeof( srv_to_cli ) );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ecdh_read_public returned %d\n",
- ret );
+ ret = mbedtls_ecdh_read_public(&ctx_cli, srv_to_cli,
+ sizeof(srv_to_cli));
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdh_read_public returned %d\n",
+ ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* Calculate secrets
*/
- mbedtls_printf( " . Calculate secrets..." );
- fflush( stdout );
+ mbedtls_printf(" . Calculate secrets...");
+ fflush(stdout);
- ret = mbedtls_ecdh_calc_secret( &ctx_cli, &cli_olen, secret_cli,
- sizeof( secret_cli ),
- mbedtls_ctr_drbg_random, &ctr_drbg );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ecdh_calc_secret returned %d\n",
- ret );
+ ret = mbedtls_ecdh_calc_secret(&ctx_cli, &cli_olen, secret_cli,
+ sizeof(secret_cli),
+ mbedtls_ctr_drbg_random, &ctr_drbg);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdh_calc_secret returned %d\n",
+ ret);
goto exit;
}
- ret = mbedtls_ecdh_calc_secret( &ctx_srv, &srv_olen, secret_srv,
- sizeof( secret_srv ),
- mbedtls_ctr_drbg_random, &ctr_drbg );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ecdh_calc_secret returned %d\n",
- ret );
+ ret = mbedtls_ecdh_calc_secret(&ctx_srv, &srv_olen, secret_srv,
+ sizeof(secret_srv),
+ mbedtls_ctr_drbg_random, &ctr_drbg);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdh_calc_secret returned %d\n",
+ ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* Verification: are the computed secrets equal?
*/
- mbedtls_printf( " . Check if both calculated secrets are equal..." );
- fflush( stdout );
+ mbedtls_printf(" . Check if both calculated secrets are equal...");
+ fflush(stdout);
- ret = memcmp( secret_srv, secret_cli, srv_olen );
- if( ret != 0 || ( cli_olen != srv_olen ) )
- {
- mbedtls_printf( " failed\n ! Shared secrets not equal.\n" );
+ ret = memcmp(secret_srv, secret_cli, srv_olen);
+ if (ret != 0 || (cli_olen != srv_olen)) {
+ mbedtls_printf(" failed\n ! Shared secrets not equal.\n");
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_ecdh_free( &ctx_srv );
- mbedtls_ecdh_free( &ctx_cli );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_ecdh_free(&ctx_srv);
+ mbedtls_ecdh_free(&ctx_cli);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 3266bb8..8f9867a 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -51,46 +51,46 @@
#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or "
- "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n");
+ mbedtls_exit(0);
}
#else
#if defined(VERBOSE)
-static void dump_buf( const char *title, unsigned char *buf, size_t len )
+static void dump_buf(const char *title, unsigned char *buf, size_t len)
{
size_t i;
- mbedtls_printf( "%s", title );
- for( i = 0; i < len; i++ )
+ mbedtls_printf("%s", title);
+ for (i = 0; i < len; i++) {
mbedtls_printf("%c%c", "0123456789ABCDEF" [buf[i] / 16],
- "0123456789ABCDEF" [buf[i] % 16] );
- mbedtls_printf( "\n" );
+ "0123456789ABCDEF" [buf[i] % 16]);
+ }
+ mbedtls_printf("\n");
}
-static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key )
+static void dump_pubkey(const char *title, mbedtls_ecdsa_context *key)
{
unsigned char buf[300];
size_t len;
- if( mbedtls_ecp_point_write_binary( &key->grp, &key->Q,
- MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf ) != 0 )
- {
+ if (mbedtls_ecp_point_write_binary(&key->grp, &key->Q,
+ MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf) != 0) {
mbedtls_printf("internal error\n");
return;
}
- dump_buf( title, buf, len );
+ dump_buf(title, buf, len);
}
#else
-#define dump_buf( a, b, c )
-#define dump_pubkey( a, b )
+#define dump_buf(a, b, c)
+#define dump_pubkey(a, b)
#endif
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@@ -104,19 +104,18 @@
const char *pers = "ecdsa";
((void) argv);
- mbedtls_ecdsa_init( &ctx_sign );
- mbedtls_ecdsa_init( &ctx_verify );
- mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_ecdsa_init(&ctx_sign);
+ mbedtls_ecdsa_init(&ctx_verify);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
- memset( sig, 0, sizeof( sig ) );
- memset( message, 0x25, sizeof( message ) );
+ memset(sig, 0, sizeof(sig));
+ memset(message, 0x25, sizeof(message));
- if( argc != 1 )
- {
- mbedtls_printf( "usage: ecdsa\n" );
+ if (argc != 1) {
+ mbedtls_printf("usage: ecdsa\n");
#if defined(_WIN32)
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
#endif
goto exit;
@@ -125,65 +124,61 @@
/*
* Generate a key pair for signing
*/
- mbedtls_printf( "\n . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
- mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ mbedtls_entropy_init(&entropy);
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n . Generating key pair..." );
- fflush( stdout );
+ mbedtls_printf(" ok\n . Generating key pair...");
+ fflush(stdout);
- if( ( ret = mbedtls_ecdsa_genkey( &ctx_sign, ECPARAMS,
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret );
+ if ((ret = mbedtls_ecdsa_genkey(&ctx_sign, ECPARAMS,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret);
goto exit;
}
- mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.grp.pbits );
+ mbedtls_printf(" ok (key size: %d bits)\n", (int) ctx_sign.grp.pbits);
- dump_pubkey( " + Public key: ", &ctx_sign );
+ dump_pubkey(" + Public key: ", &ctx_sign);
/*
* Compute message hash
*/
- mbedtls_printf( " . Computing message hash..." );
- fflush( stdout );
+ mbedtls_printf(" . Computing message hash...");
+ fflush(stdout);
- if( ( ret = mbedtls_sha256_ret( message, sizeof( message ), hash, 0 ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_sha256_ret returned %d\n", ret );
+ if ((ret = mbedtls_sha256_ret(message, sizeof(message), hash, 0)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_sha256_ret returned %d\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
- dump_buf( " + Hash: ", hash, sizeof( hash ) );
+ dump_buf(" + Hash: ", hash, sizeof(hash));
/*
* Sign message hash
*/
- mbedtls_printf( " . Signing message hash..." );
- fflush( stdout );
+ mbedtls_printf(" . Signing message hash...");
+ fflush(stdout);
- if( ( ret = mbedtls_ecdsa_write_signature( &ctx_sign, MBEDTLS_MD_SHA256,
- hash, sizeof( hash ),
- sig, &sig_len,
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret );
+ if ((ret = mbedtls_ecdsa_write_signature(&ctx_sign, MBEDTLS_MD_SHA256,
+ hash, sizeof(hash),
+ sig, &sig_len,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret);
goto exit;
}
- mbedtls_printf( " ok (signature length = %u)\n", (unsigned int) sig_len );
+ mbedtls_printf(" ok (signature length = %u)\n", (unsigned int) sig_len);
- dump_buf( " + Signature: ", sig, sig_len );
+ dump_buf(" + Signature: ", sig, sig_len);
/*
* Transfer public information to verifying context
@@ -192,52 +187,49 @@
* chose to use a new one in order to make it clear that the verifying
* context only needs the public key (Q), and not the private key (d).
*/
- mbedtls_printf( " . Preparing verification context..." );
- fflush( stdout );
+ mbedtls_printf(" . Preparing verification context...");
+ fflush(stdout);
- if( ( ret = mbedtls_ecp_group_copy( &ctx_verify.grp, &ctx_sign.grp ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ecp_group_copy returned %d\n", ret );
+ if ((ret = mbedtls_ecp_group_copy(&ctx_verify.grp, &ctx_sign.grp)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecp_group_copy returned %d\n", ret);
goto exit;
}
- if( ( ret = mbedtls_ecp_copy( &ctx_verify.Q, &ctx_sign.Q ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ecp_copy returned %d\n", ret );
+ if ((ret = mbedtls_ecp_copy(&ctx_verify.Q, &ctx_sign.Q)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecp_copy returned %d\n", ret);
goto exit;
}
/*
* Verify signature
*/
- mbedtls_printf( " ok\n . Verifying signature..." );
- fflush( stdout );
+ mbedtls_printf(" ok\n . Verifying signature...");
+ fflush(stdout);
- if( ( ret = mbedtls_ecdsa_read_signature( &ctx_verify,
- hash, sizeof( hash ),
- sig, sig_len ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ecdsa_read_signature returned %d\n", ret );
+ if ((ret = mbedtls_ecdsa_read_signature(&ctx_verify,
+ hash, sizeof(hash),
+ sig, sig_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdsa_read_signature returned %d\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_ecdsa_free( &ctx_verify );
- mbedtls_ecdsa_free( &ctx_sign );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_ecdsa_free(&ctx_verify);
+ mbedtls_ecdsa_free(&ctx_sign);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
ECPARAMS */
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index c440932..ac6ed94 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -44,8 +44,8 @@
#define DEV_RANDOM_THRESHOLD 32
-int dev_random_entropy_poll( void *data, unsigned char *output,
- size_t len, size_t *olen )
+int dev_random_entropy_poll(void *data, unsigned char *output,
+ size_t len, size_t *olen)
{
FILE *file;
size_t ret, left = len;
@@ -54,28 +54,27 @@
*olen = 0;
- file = fopen( "/dev/random", "rb" );
- if( file == NULL )
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ file = fopen("/dev/random", "rb");
+ if (file == NULL) {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ }
- while( left > 0 )
- {
+ while (left > 0) {
/* /dev/random can return much less than requested. If so, try again */
- ret = fread( p, 1, left, file );
- if( ret == 0 && ferror( file ) )
- {
- fclose( file );
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ ret = fread(p, 1, left, file);
+ if (ret == 0 && ferror(file)) {
+ fclose(file);
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
p += ret;
left -= ret;
- sleep( 1 );
+ sleep(1);
}
- fclose( file );
+ fclose(file);
*olen = len;
- return( 0 );
+ return 0;
}
#endif /* !_WIN32 */
#endif
@@ -116,13 +115,13 @@
#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_CTR_DRBG_C)
-int main( void )
+int main(void)
{
- mbedtls_printf( "MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
- "MBEDTLS_PEM_WRITE_C"
- "not defined.\n" );
- mbedtls_exit( 0 );
+ mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_PEM_WRITE_C"
+ "not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -130,8 +129,7 @@
/*
* global options
*/
-struct options
-{
+struct options {
int type; /* the type of key to generate */
int rsa_keysize; /* length of key in bits */
int ec_curve; /* curve identifier for EC keys */
@@ -140,7 +138,7 @@
int use_dev_random; /* use /dev/random as entropy source */
} opt;
-static int write_private_key( mbedtls_pk_context *key, const char *output_file )
+static int write_private_key(mbedtls_pk_context *key, const char *output_file)
{
int ret;
FILE *f;
@@ -149,37 +147,36 @@
size_t len = 0;
memset(output_buf, 0, 16000);
- if( opt.format == FORMAT_PEM )
- {
- if( ( ret = mbedtls_pk_write_key_pem( key, output_buf, 16000 ) ) != 0 )
- return( ret );
+ if (opt.format == FORMAT_PEM) {
+ if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) {
+ return ret;
+ }
- len = strlen( (char *) output_buf );
- }
- else
- {
- if( ( ret = mbedtls_pk_write_key_der( key, output_buf, 16000 ) ) < 0 )
- return( ret );
+ len = strlen((char *) output_buf);
+ } else {
+ if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) {
+ return ret;
+ }
len = ret;
c = output_buf + sizeof(output_buf) - len;
}
- if( ( f = fopen( output_file, "wb" ) ) == NULL )
- return( -1 );
-
- if( fwrite( c, 1, len, f ) != len )
- {
- fclose( f );
- return( -1 );
+ if ((f = fopen(output_file, "wb")) == NULL) {
+ return -1;
}
- fclose( f );
+ if (fwrite(c, 1, len, f) != len) {
+ fclose(f);
+ return -1;
+ }
- return( 0 );
+ fclose(f);
+
+ return 0;
}
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@@ -199,24 +196,24 @@
* Set to sane values
*/
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
- mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+ mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
- mbedtls_pk_init( &key );
- mbedtls_ctr_drbg_init( &ctr_drbg );
- memset( buf, 0, sizeof( buf ) );
+ mbedtls_pk_init(&key);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ memset(buf, 0, sizeof(buf));
- if( argc == 0 )
- {
- usage:
- mbedtls_printf( USAGE );
+ if (argc == 0) {
+usage:
+ mbedtls_printf(USAGE);
#if defined(MBEDTLS_ECP_C)
- mbedtls_printf( " available ec_curve values:\n" );
+ mbedtls_printf(" available ec_curve values:\n");
curve_info = mbedtls_ecp_curve_list();
- mbedtls_printf( " %s (default)\n", curve_info->name );
- while( ( ++curve_info )->name != NULL )
- mbedtls_printf( " %s\n", curve_info->name );
+ mbedtls_printf(" %s (default)\n", curve_info->name);
+ while ((++curve_info)->name != NULL) {
+ mbedtls_printf(" %s\n", curve_info->name);
+ }
#endif /* MBEDTLS_ECP_C */
goto exit;
}
@@ -228,214 +225,199 @@
opt.format = DFL_FORMAT;
opt.use_dev_random = DFL_USE_DEV_RANDOM;
- for( i = 1; i < argc; i++ )
- {
+ for (i = 1; i < argc; i++) {
p = argv[i];
- if( ( q = strchr( p, '=' ) ) == NULL )
+ if ((q = strchr(p, '=')) == NULL) {
goto usage;
+ }
*q++ = '\0';
- if( strcmp( p, "type" ) == 0 )
- {
- if( strcmp( q, "rsa" ) == 0 )
+ if (strcmp(p, "type") == 0) {
+ if (strcmp(q, "rsa") == 0) {
opt.type = MBEDTLS_PK_RSA;
- else if( strcmp( q, "ec" ) == 0 )
+ } else if (strcmp(q, "ec") == 0) {
opt.type = MBEDTLS_PK_ECKEY;
- else
+ } else {
goto usage;
- }
- else if( strcmp( p, "format" ) == 0 )
- {
- if( strcmp( q, "pem" ) == 0 )
+ }
+ } else if (strcmp(p, "format") == 0) {
+ if (strcmp(q, "pem") == 0) {
opt.format = FORMAT_PEM;
- else if( strcmp( q, "der" ) == 0 )
+ } else if (strcmp(q, "der") == 0) {
opt.format = FORMAT_DER;
- else
+ } else {
goto usage;
- }
- else if( strcmp( p, "rsa_keysize" ) == 0 )
- {
- opt.rsa_keysize = atoi( q );
- if( opt.rsa_keysize < 1024 ||
- opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS )
+ }
+ } else if (strcmp(p, "rsa_keysize") == 0) {
+ opt.rsa_keysize = atoi(q);
+ if (opt.rsa_keysize < 1024 ||
+ opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS) {
goto usage;
+ }
}
#if defined(MBEDTLS_ECP_C)
- else if( strcmp( p, "ec_curve" ) == 0 )
- {
- if( ( curve_info = mbedtls_ecp_curve_info_from_name( q ) ) == NULL )
+ else if (strcmp(p, "ec_curve") == 0) {
+ if ((curve_info = mbedtls_ecp_curve_info_from_name(q)) == NULL) {
goto usage;
+ }
opt.ec_curve = curve_info->grp_id;
}
#endif
- else if( strcmp( p, "filename" ) == 0 )
+ else if (strcmp(p, "filename") == 0) {
opt.filename = q;
- else if( strcmp( p, "use_dev_random" ) == 0 )
- {
- opt.use_dev_random = atoi( q );
- if( opt.use_dev_random < 0 || opt.use_dev_random > 1 )
+ } else if (strcmp(p, "use_dev_random") == 0) {
+ opt.use_dev_random = atoi(q);
+ if (opt.use_dev_random < 0 || opt.use_dev_random > 1) {
goto usage;
- }
- else
+ }
+ } else {
goto usage;
+ }
}
- mbedtls_printf( "\n . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
- mbedtls_entropy_init( &entropy );
+ mbedtls_entropy_init(&entropy);
#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
- if( opt.use_dev_random )
- {
- if( ( ret = mbedtls_entropy_add_source( &entropy, dev_random_entropy_poll,
- NULL, DEV_RANDOM_THRESHOLD,
- MBEDTLS_ENTROPY_SOURCE_STRONG ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_entropy_add_source returned -0x%04x\n", (unsigned int) -ret );
+ if (opt.use_dev_random) {
+ if ((ret = mbedtls_entropy_add_source(&entropy, dev_random_entropy_poll,
+ NULL, DEV_RANDOM_THRESHOLD,
+ MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_entropy_add_source returned -0x%04x\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf("\n Using /dev/random, so can take a long time! " );
- fflush( stdout );
+ mbedtls_printf("\n Using /dev/random, so can take a long time! ");
+ fflush(stdout);
}
#endif /* !_WIN32 && MBEDTLS_FS_IO */
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret );
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+ (unsigned int) -ret);
goto exit;
}
/*
* 1.1. Generate the key
*/
- mbedtls_printf( "\n . Generating the private key ..." );
- fflush( stdout );
+ mbedtls_printf("\n . Generating the private key ...");
+ fflush(stdout);
- if( ( ret = mbedtls_pk_setup( &key,
- mbedtls_pk_info_from_type( (mbedtls_pk_type_t) opt.type ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret );
+ if ((ret = mbedtls_pk_setup(&key,
+ mbedtls_pk_info_from_type((mbedtls_pk_type_t) opt.type))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret);
goto exit;
}
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
- if( opt.type == MBEDTLS_PK_RSA )
- {
- ret = mbedtls_rsa_gen_key( mbedtls_pk_rsa( key ), mbedtls_ctr_drbg_random, &ctr_drbg,
- opt.rsa_keysize, 65537 );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", (unsigned int) -ret );
+ if (opt.type == MBEDTLS_PK_RSA) {
+ ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(key), mbedtls_ctr_drbg_random, &ctr_drbg,
+ opt.rsa_keysize, 65537);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned -0x%04x",
+ (unsigned int) -ret);
goto exit;
}
- }
- else
+ } else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
- if( opt.type == MBEDTLS_PK_ECKEY )
- {
- ret = mbedtls_ecp_gen_key( (mbedtls_ecp_group_id) opt.ec_curve,
- mbedtls_pk_ec( key ),
- mbedtls_ctr_drbg_random, &ctr_drbg );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ecp_gen_key returned -0x%04x", (unsigned int) -ret );
+ if (opt.type == MBEDTLS_PK_ECKEY) {
+ ret = mbedtls_ecp_gen_key((mbedtls_ecp_group_id) opt.ec_curve,
+ mbedtls_pk_ec(key),
+ mbedtls_ctr_drbg_random, &ctr_drbg);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x",
+ (unsigned int) -ret);
goto exit;
}
- }
- else
+ } else
#endif /* MBEDTLS_ECP_C */
{
- mbedtls_printf( " failed\n ! key type not supported\n" );
+ mbedtls_printf(" failed\n ! key type not supported\n");
goto exit;
}
/*
* 1.2 Print the key
*/
- mbedtls_printf( " ok\n . Key information:\n" );
+ mbedtls_printf(" ok\n . Key information:\n");
#if defined(MBEDTLS_RSA_C)
- if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA )
- {
- mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key );
+ if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
- if( ( ret = mbedtls_rsa_export ( rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
- ( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
+ if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
+ (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) {
+ mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto exit;
}
- mbedtls_mpi_write_file( "N: ", &N, 16, NULL );
- mbedtls_mpi_write_file( "E: ", &E, 16, NULL );
- mbedtls_mpi_write_file( "D: ", &D, 16, NULL );
- mbedtls_mpi_write_file( "P: ", &P, 16, NULL );
- mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL );
- mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL );
- mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL );
- mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL );
- }
- else
+ mbedtls_mpi_write_file("N: ", &N, 16, NULL);
+ mbedtls_mpi_write_file("E: ", &E, 16, NULL);
+ mbedtls_mpi_write_file("D: ", &D, 16, NULL);
+ mbedtls_mpi_write_file("P: ", &P, 16, NULL);
+ mbedtls_mpi_write_file("Q: ", &Q, 16, NULL);
+ mbedtls_mpi_write_file("DP: ", &DP, 16, NULL);
+ mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL);
+ mbedtls_mpi_write_file("QP: ", &QP, 16, NULL);
+ } else
#endif
#if defined(MBEDTLS_ECP_C)
- if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
- {
- mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
- mbedtls_printf( "curve: %s\n",
- mbedtls_ecp_curve_info_from_grp_id( ecp->grp.id )->name );
- mbedtls_mpi_write_file( "X_Q: ", &ecp->Q.X, 16, NULL );
- mbedtls_mpi_write_file( "Y_Q: ", &ecp->Q.Y, 16, NULL );
- mbedtls_mpi_write_file( "D: ", &ecp->d , 16, NULL );
- }
- else
+ if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
+ mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key);
+ mbedtls_printf("curve: %s\n",
+ mbedtls_ecp_curve_info_from_grp_id(ecp->grp.id)->name);
+ mbedtls_mpi_write_file("X_Q: ", &ecp->Q.X, 16, NULL);
+ mbedtls_mpi_write_file("Y_Q: ", &ecp->Q.Y, 16, NULL);
+ mbedtls_mpi_write_file("D: ", &ecp->d, 16, NULL);
+ } else
#endif
- mbedtls_printf(" ! key type not supported\n");
+ mbedtls_printf(" ! key type not supported\n");
/*
* 1.3 Export key
*/
- mbedtls_printf( " . Writing key to file..." );
+ mbedtls_printf(" . Writing key to file...");
- if( ( ret = write_private_key( &key, opt.filename ) ) != 0 )
- {
- mbedtls_printf( " failed\n" );
+ if ((ret = write_private_key(&key, opt.filename)) != 0) {
+ mbedtls_printf(" failed\n");
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- if( exit_code != MBEDTLS_EXIT_SUCCESS )
- {
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
#ifdef MBEDTLS_ERROR_C
- mbedtls_strerror( ret, buf, sizeof( buf ) );
- mbedtls_printf( " - %s\n", buf );
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" - %s\n", buf);
#else
mbedtls_printf("\n");
#endif
}
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
- mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+ mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
- mbedtls_pk_free( &key );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_pk_free(&key);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO &&
* MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 8dd22b6..4d60299 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -55,11 +55,11 @@
#if !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
- "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -67,15 +67,14 @@
/*
* global options
*/
-struct options
-{
+struct options {
int mode; /* the mode to run the application in */
const char *filename; /* filename of the key file */
const char *password; /* password for the private key */
const char *password_file; /* password_file for the private key */
} opt;
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@@ -89,17 +88,16 @@
/*
* Set to sane values
*/
- mbedtls_pk_init( &pk );
- memset( buf, 0, sizeof(buf) );
+ mbedtls_pk_init(&pk);
+ memset(buf, 0, sizeof(buf));
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
- mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+ mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
- if( argc == 0 )
- {
- usage:
- mbedtls_printf( USAGE );
+ if (argc == 0) {
+usage:
+ mbedtls_printf(USAGE);
goto cleanup;
}
@@ -108,198 +106,184 @@
opt.password = DFL_PASSWORD;
opt.password_file = DFL_PASSWORD_FILE;
- for( i = 1; i < argc; i++ )
- {
+ for (i = 1; i < argc; i++) {
p = argv[i];
- if( ( q = strchr( p, '=' ) ) == NULL )
+ if ((q = strchr(p, '=')) == NULL) {
goto usage;
+ }
*q++ = '\0';
- if( strcmp( p, "mode" ) == 0 )
- {
- if( strcmp( q, "private" ) == 0 )
+ if (strcmp(p, "mode") == 0) {
+ if (strcmp(q, "private") == 0) {
opt.mode = MODE_PRIVATE;
- else if( strcmp( q, "public" ) == 0 )
+ } else if (strcmp(q, "public") == 0) {
opt.mode = MODE_PUBLIC;
- else
+ } else {
goto usage;
- }
- else if( strcmp( p, "filename" ) == 0 )
+ }
+ } else if (strcmp(p, "filename") == 0) {
opt.filename = q;
- else if( strcmp( p, "password" ) == 0 )
+ } else if (strcmp(p, "password") == 0) {
opt.password = q;
- else if( strcmp( p, "password_file" ) == 0 )
+ } else if (strcmp(p, "password_file") == 0) {
opt.password_file = q;
- else
+ } else {
goto usage;
+ }
}
- if( opt.mode == MODE_PRIVATE )
- {
- if( strlen( opt.password ) && strlen( opt.password_file ) )
- {
- mbedtls_printf( "Error: cannot have both password and password_file\n" );
+ if (opt.mode == MODE_PRIVATE) {
+ if (strlen(opt.password) && strlen(opt.password_file)) {
+ mbedtls_printf("Error: cannot have both password and password_file\n");
goto usage;
}
- if( strlen( opt.password_file ) )
- {
+ if (strlen(opt.password_file)) {
FILE *f;
- mbedtls_printf( "\n . Loading the password file ..." );
- if( ( f = fopen( opt.password_file, "rb" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! fopen returned NULL\n" );
+ mbedtls_printf("\n . Loading the password file ...");
+ if ((f = fopen(opt.password_file, "rb")) == NULL) {
+ mbedtls_printf(" failed\n ! fopen returned NULL\n");
goto cleanup;
}
- if( fgets( buf, sizeof(buf), f ) == NULL )
- {
- fclose( f );
- mbedtls_printf( "Error: fgets() failed to retrieve password\n" );
+ if (fgets(buf, sizeof(buf), f) == NULL) {
+ fclose(f);
+ mbedtls_printf("Error: fgets() failed to retrieve password\n");
goto cleanup;
}
- fclose( f );
+ fclose(f);
- i = (int) strlen( buf );
- if( buf[i - 1] == '\n' ) buf[i - 1] = '\0';
- if( buf[i - 2] == '\r' ) buf[i - 2] = '\0';
+ i = (int) strlen(buf);
+ if (buf[i - 1] == '\n') {
+ buf[i - 1] = '\0';
+ }
+ if (buf[i - 2] == '\r') {
+ buf[i - 2] = '\0';
+ }
opt.password = buf;
}
/*
* 1.1. Load the key
*/
- mbedtls_printf( "\n . Loading the private key ..." );
- fflush( stdout );
+ mbedtls_printf("\n . Loading the private key ...");
+ fflush(stdout);
- ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password );
+ ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password);
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
+ (unsigned int) -ret);
goto cleanup;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 1.2 Print the key
*/
- mbedtls_printf( " . Key information ...\n" );
+ mbedtls_printf(" . Key information ...\n");
#if defined(MBEDTLS_RSA_C)
- if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
- {
- mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk );
+ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk);
- if( ( ret = mbedtls_rsa_export ( rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
- ( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
+ if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
+ (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) {
+ mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N: ", &N, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E: ", &E, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D: ", &D, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "P: ", &P, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL ) );
- }
- else
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D: ", &D, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("P: ", &P, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q: ", &Q, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DP: ", &DP, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("QP: ", &QP, 16, NULL));
+ } else
#endif
#if defined(MBEDTLS_ECP_C)
- if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
- {
- mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL ) );
- }
- else
+ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) {
+ mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(X): ", &ecp->Q.X, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Y): ", &ecp->Q.Y, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Z): ", &ecp->Q.Z, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D : ", &ecp->d, 16, NULL));
+ } else
#endif
{
- mbedtls_printf("Do not know how to print key information for this type\n" );
+ mbedtls_printf("Do not know how to print key information for this type\n");
goto cleanup;
}
- }
- else if( opt.mode == MODE_PUBLIC )
- {
+ } else if (opt.mode == MODE_PUBLIC) {
/*
* 1.1. Load the key
*/
- mbedtls_printf( "\n . Loading the public key ..." );
- fflush( stdout );
+ mbedtls_printf("\n . Loading the public key ...");
+ fflush(stdout);
- ret = mbedtls_pk_parse_public_keyfile( &pk, opt.filename );
+ ret = mbedtls_pk_parse_public_keyfile(&pk, opt.filename);
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
+ (unsigned int) -ret);
goto cleanup;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
- mbedtls_printf( " . Key information ...\n" );
+ mbedtls_printf(" . Key information ...\n");
#if defined(MBEDTLS_RSA_C)
- if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
- {
- mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk );
+ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk);
- if( ( ret = mbedtls_rsa_export( rsa, &N, NULL, NULL,
- NULL, &E ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
+ if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL,
+ NULL, &E)) != 0) {
+ mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N: ", &N, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E: ", &E, 16, NULL ) );
- }
- else
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL));
+ } else
#endif
#if defined(MBEDTLS_ECP_C)
- if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
- {
- mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) );
- }
- else
+ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) {
+ mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(X): ", &ecp->Q.X, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Y): ", &ecp->Q.Y, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Z): ", &ecp->Q.Z, 16, NULL));
+ } else
#endif
{
- mbedtls_printf("Do not know how to print key information for this type\n" );
+ mbedtls_printf("Do not know how to print key information for this type\n");
goto cleanup;
}
- }
- else
+ } else {
goto usage;
+ }
exit_code = MBEDTLS_EXIT_SUCCESS;
cleanup:
#if defined(MBEDTLS_ERROR_C)
- if( exit_code != MBEDTLS_EXIT_SUCCESS )
- {
- mbedtls_strerror( ret, buf, sizeof( buf ) );
- mbedtls_printf( " ! Last error was: %s\n", buf );
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" ! Last error was: %s\n", buf);
}
#endif
- mbedtls_pk_free( &pk );
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
- mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
+ mbedtls_pk_free(&pk);
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+ mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 93a94d9..ba926e3 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -80,10 +80,11 @@
#if !defined(MBEDTLS_PK_PARSE_C) || \
!defined(MBEDTLS_PK_WRITE_C) || \
!defined(MBEDTLS_FS_IO)
-int main( void )
+int main(void)
{
- mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
- mbedtls_exit( 0 );
+ mbedtls_printf(
+ "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -91,8 +92,7 @@
/*
* global options
*/
-struct options
-{
+struct options {
int mode; /* the mode to run the application in */
const char *filename; /* filename of the key file */
int output_mode; /* the output mode to use */
@@ -100,7 +100,7 @@
int output_format; /* the output format to use */
} opt;
-static int write_public_key( mbedtls_pk_context *key, const char *output_file )
+static int write_public_key(mbedtls_pk_context *key, const char *output_file)
{
int ret;
FILE *f;
@@ -111,38 +111,38 @@
memset(output_buf, 0, 16000);
#if defined(MBEDTLS_PEM_WRITE_C)
- if( opt.output_format == OUTPUT_FORMAT_PEM )
- {
- if( ( ret = mbedtls_pk_write_pubkey_pem( key, output_buf, 16000 ) ) != 0 )
- return( ret );
+ if (opt.output_format == OUTPUT_FORMAT_PEM) {
+ if ((ret = mbedtls_pk_write_pubkey_pem(key, output_buf, 16000)) != 0) {
+ return ret;
+ }
- len = strlen( (char *) output_buf );
- }
- else
+ len = strlen((char *) output_buf);
+ } else
#endif
{
- if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf, 16000 ) ) < 0 )
- return( ret );
+ if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf, 16000)) < 0) {
+ return ret;
+ }
len = ret;
c = output_buf + sizeof(output_buf) - len;
}
- if( ( f = fopen( output_file, "w" ) ) == NULL )
- return( -1 );
-
- if( fwrite( c, 1, len, f ) != len )
- {
- fclose( f );
- return( -1 );
+ if ((f = fopen(output_file, "w")) == NULL) {
+ return -1;
}
- fclose( f );
+ if (fwrite(c, 1, len, f) != len) {
+ fclose(f);
+ return -1;
+ }
- return( 0 );
+ fclose(f);
+
+ return 0;
}
-static int write_private_key( mbedtls_pk_context *key, const char *output_file )
+static int write_private_key(mbedtls_pk_context *key, const char *output_file)
{
int ret;
FILE *f;
@@ -153,38 +153,38 @@
memset(output_buf, 0, 16000);
#if defined(MBEDTLS_PEM_WRITE_C)
- if( opt.output_format == OUTPUT_FORMAT_PEM )
- {
- if( ( ret = mbedtls_pk_write_key_pem( key, output_buf, 16000 ) ) != 0 )
- return( ret );
+ if (opt.output_format == OUTPUT_FORMAT_PEM) {
+ if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) {
+ return ret;
+ }
- len = strlen( (char *) output_buf );
- }
- else
+ len = strlen((char *) output_buf);
+ } else
#endif
{
- if( ( ret = mbedtls_pk_write_key_der( key, output_buf, 16000 ) ) < 0 )
- return( ret );
+ if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) {
+ return ret;
+ }
len = ret;
c = output_buf + sizeof(output_buf) - len;
}
- if( ( f = fopen( output_file, "w" ) ) == NULL )
- return( -1 );
-
- if( fwrite( c, 1, len, f ) != len )
- {
- fclose( f );
- return( -1 );
+ if ((f = fopen(output_file, "w")) == NULL) {
+ return -1;
}
- fclose( f );
+ if (fwrite(c, 1, len, f) != len) {
+ fclose(f);
+ return -1;
+ }
- return( 0 );
+ fclose(f);
+
+ return 0;
}
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@@ -200,19 +200,18 @@
/*
* Set to sane values
*/
- mbedtls_pk_init( &key );
+ mbedtls_pk_init(&key);
#if defined(MBEDTLS_ERROR_C)
- memset( buf, 0, sizeof( buf ) );
+ memset(buf, 0, sizeof(buf));
#endif
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
- mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+ mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
- if( argc == 0 )
- {
- usage:
- mbedtls_printf( USAGE );
+ if (argc == 0) {
+usage:
+ mbedtls_printf(USAGE);
goto exit;
}
@@ -222,211 +221,191 @@
opt.output_file = DFL_OUTPUT_FILENAME;
opt.output_format = DFL_OUTPUT_FORMAT;
- for( i = 1; i < argc; i++ )
- {
+ for (i = 1; i < argc; i++) {
p = argv[i];
- if( ( q = strchr( p, '=' ) ) == NULL )
+ if ((q = strchr(p, '=')) == NULL) {
goto usage;
+ }
*q++ = '\0';
- if( strcmp( p, "mode" ) == 0 )
- {
- if( strcmp( q, "private" ) == 0 )
+ if (strcmp(p, "mode") == 0) {
+ if (strcmp(q, "private") == 0) {
opt.mode = MODE_PRIVATE;
- else if( strcmp( q, "public" ) == 0 )
+ } else if (strcmp(q, "public") == 0) {
opt.mode = MODE_PUBLIC;
- else
+ } else {
goto usage;
- }
- else if( strcmp( p, "output_mode" ) == 0 )
- {
- if( strcmp( q, "private" ) == 0 )
+ }
+ } else if (strcmp(p, "output_mode") == 0) {
+ if (strcmp(q, "private") == 0) {
opt.output_mode = OUTPUT_MODE_PRIVATE;
- else if( strcmp( q, "public" ) == 0 )
+ } else if (strcmp(q, "public") == 0) {
opt.output_mode = OUTPUT_MODE_PUBLIC;
- else
+ } else {
goto usage;
- }
- else if( strcmp( p, "output_format" ) == 0 )
- {
+ }
+ } else if (strcmp(p, "output_format") == 0) {
#if defined(MBEDTLS_PEM_WRITE_C)
- if( strcmp( q, "pem" ) == 0 )
+ if (strcmp(q, "pem") == 0) {
opt.output_format = OUTPUT_FORMAT_PEM;
- else
+ } else
#endif
- if( strcmp( q, "der" ) == 0 )
+ if (strcmp(q, "der") == 0) {
opt.output_format = OUTPUT_FORMAT_DER;
- else
+ } else {
goto usage;
- }
- else if( strcmp( p, "filename" ) == 0 )
+ }
+ } else if (strcmp(p, "filename") == 0) {
opt.filename = q;
- else if( strcmp( p, "output_file" ) == 0 )
+ } else if (strcmp(p, "output_file") == 0) {
opt.output_file = q;
- else
+ } else {
goto usage;
+ }
}
- if( opt.mode == MODE_NONE && opt.output_mode != OUTPUT_MODE_NONE )
- {
- mbedtls_printf( "\nCannot output a key without reading one.\n");
+ if (opt.mode == MODE_NONE && opt.output_mode != OUTPUT_MODE_NONE) {
+ mbedtls_printf("\nCannot output a key without reading one.\n");
goto exit;
}
- if( opt.mode == MODE_PUBLIC && opt.output_mode == OUTPUT_MODE_PRIVATE )
- {
- mbedtls_printf( "\nCannot output a private key from a public key.\n");
+ if (opt.mode == MODE_PUBLIC && opt.output_mode == OUTPUT_MODE_PRIVATE) {
+ mbedtls_printf("\nCannot output a private key from a public key.\n");
goto exit;
}
- if( opt.mode == MODE_PRIVATE )
- {
+ if (opt.mode == MODE_PRIVATE) {
/*
* 1.1. Load the key
*/
- mbedtls_printf( "\n . Loading the private key ..." );
- fflush( stdout );
+ mbedtls_printf("\n . Loading the private key ...");
+ fflush(stdout);
- ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL );
+ ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL);
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x", (unsigned int) -ret );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 1.2 Print the key
*/
- mbedtls_printf( " . Key information ...\n" );
+ mbedtls_printf(" . Key information ...\n");
#if defined(MBEDTLS_RSA_C)
- if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA )
- {
- mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key );
+ if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
- if( ( ret = mbedtls_rsa_export ( rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
- ( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
+ if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
+ (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) {
+ mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto exit;
}
- mbedtls_mpi_write_file( "N: ", &N, 16, NULL );
- mbedtls_mpi_write_file( "E: ", &E, 16, NULL );
- mbedtls_mpi_write_file( "D: ", &D, 16, NULL );
- mbedtls_mpi_write_file( "P: ", &P, 16, NULL );
- mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL );
- mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL );
- mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL );
- mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL );
- }
- else
+ mbedtls_mpi_write_file("N: ", &N, 16, NULL);
+ mbedtls_mpi_write_file("E: ", &E, 16, NULL);
+ mbedtls_mpi_write_file("D: ", &D, 16, NULL);
+ mbedtls_mpi_write_file("P: ", &P, 16, NULL);
+ mbedtls_mpi_write_file("Q: ", &Q, 16, NULL);
+ mbedtls_mpi_write_file("DP: ", &DP, 16, NULL);
+ mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL);
+ mbedtls_mpi_write_file("QP: ", &QP, 16, NULL);
+ } else
#endif
#if defined(MBEDTLS_ECP_C)
- if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
- {
- mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
- mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
- mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
- mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
- mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL );
- }
- else
+ if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
+ mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key);
+ mbedtls_mpi_write_file("Q(X): ", &ecp->Q.X, 16, NULL);
+ mbedtls_mpi_write_file("Q(Y): ", &ecp->Q.Y, 16, NULL);
+ mbedtls_mpi_write_file("Q(Z): ", &ecp->Q.Z, 16, NULL);
+ mbedtls_mpi_write_file("D : ", &ecp->d, 16, NULL);
+ } else
#endif
- mbedtls_printf("key type not supported yet\n");
+ mbedtls_printf("key type not supported yet\n");
- }
- else if( opt.mode == MODE_PUBLIC )
- {
+ } else if (opt.mode == MODE_PUBLIC) {
/*
* 1.1. Load the key
*/
- mbedtls_printf( "\n . Loading the public key ..." );
- fflush( stdout );
+ mbedtls_printf("\n . Loading the public key ...");
+ fflush(stdout);
- ret = mbedtls_pk_parse_public_keyfile( &key, opt.filename );
+ ret = mbedtls_pk_parse_public_keyfile(&key, opt.filename);
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_key returned -0x%04x", (unsigned int) -ret );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_key returned -0x%04x",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 1.2 Print the key
*/
- mbedtls_printf( " . Key information ...\n" );
+ mbedtls_printf(" . Key information ...\n");
#if defined(MBEDTLS_RSA_C)
- if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA )
- {
- mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key );
+ if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
- if( ( ret = mbedtls_rsa_export( rsa, &N, NULL, NULL,
- NULL, &E ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
+ if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL,
+ NULL, &E)) != 0) {
+ mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto exit;
}
- mbedtls_mpi_write_file( "N: ", &N, 16, NULL );
- mbedtls_mpi_write_file( "E: ", &E, 16, NULL );
- }
- else
+ mbedtls_mpi_write_file("N: ", &N, 16, NULL);
+ mbedtls_mpi_write_file("E: ", &E, 16, NULL);
+ } else
#endif
#if defined(MBEDTLS_ECP_C)
- if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
- {
- mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
- mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
- mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
- mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
- }
- else
+ if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
+ mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key);
+ mbedtls_mpi_write_file("Q(X): ", &ecp->Q.X, 16, NULL);
+ mbedtls_mpi_write_file("Q(Y): ", &ecp->Q.Y, 16, NULL);
+ mbedtls_mpi_write_file("Q(Z): ", &ecp->Q.Z, 16, NULL);
+ } else
#endif
- mbedtls_printf("key type not supported yet\n");
- }
- else
+ mbedtls_printf("key type not supported yet\n");
+ } else {
goto usage;
-
- if( opt.output_mode == OUTPUT_MODE_PUBLIC )
- {
- write_public_key( &key, opt.output_file );
}
- if( opt.output_mode == OUTPUT_MODE_PRIVATE )
- {
- write_private_key( &key, opt.output_file );
+
+ if (opt.output_mode == OUTPUT_MODE_PUBLIC) {
+ write_public_key(&key, opt.output_file);
+ }
+ if (opt.output_mode == OUTPUT_MODE_PRIVATE) {
+ write_private_key(&key, opt.output_file);
}
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- if( exit_code != MBEDTLS_EXIT_SUCCESS )
- {
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
#ifdef MBEDTLS_ERROR_C
- mbedtls_strerror( ret, buf, sizeof( buf ) );
- mbedtls_printf( " - %s\n", buf );
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" - %s\n", buf);
#else
mbedtls_printf("\n");
#endif
}
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
- mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+ mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
- mbedtls_pk_free( &key );
+ mbedtls_pk_free(&key);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
index 097ed10..a758b01 100644
--- a/programs/pkey/mpi_demo.c
+++ b/programs/pkey/mpi_demo.c
@@ -32,75 +32,74 @@
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_FS_IO)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n");
- mbedtls_exit( 0 );
+ mbedtls_exit(0);
}
#else
-int main( void )
+int main(void)
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_mpi E, P, Q, N, H, D, X, Y, Z;
- mbedtls_mpi_init( &E ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &N );
- mbedtls_mpi_init( &H ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
- mbedtls_mpi_init( &Z );
+ mbedtls_mpi_init(&E); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&N);
+ mbedtls_mpi_init(&H); mbedtls_mpi_init(&D); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
+ mbedtls_mpi_init(&Z);
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P, 10, "2789" ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &Q, 10, "3203" ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &E, 10, "257" ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &N, &P, &Q ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P, 10, "2789"));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&Q, 10, "3203"));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&E, 10, "257"));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&N, &P, &Q));
- mbedtls_printf( "\n Public key:\n\n" );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " N = ", &N, 10, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " E = ", &E, 10, NULL ) );
+ mbedtls_printf("\n Public key:\n\n");
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" N = ", &N, 10, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" E = ", &E, 10, NULL));
- mbedtls_printf( "\n Private key:\n\n" );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " P = ", &P, 10, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " Q = ", &Q, 10, NULL ) );
+ mbedtls_printf("\n Private key:\n\n");
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" P = ", &P, 10, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Q = ", &Q, 10, NULL));
#if defined(MBEDTLS_GENPRIME)
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P, &P, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q, &Q, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P, &Q ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &D, &E, &H ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&P, &P, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&Q, &Q, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&H, &P, &Q));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&D, &E, &H));
- mbedtls_mpi_write_file( " D = E^-1 mod (P-1)*(Q-1) = ",
- &D, 10, NULL );
+ mbedtls_mpi_write_file(" D = E^-1 mod (P-1)*(Q-1) = ",
+ &D, 10, NULL);
#else
mbedtls_printf("\nTest skipped (MBEDTLS_GENPRIME not defined).\n\n");
#endif
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &X, 10, "55555" ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &Y, &X, &E, &N, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &Z, &Y, &D, &N, NULL ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&X, 10, "55555"));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Y, &X, &E, &N, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Z, &Y, &D, &N, NULL));
- mbedtls_printf( "\n RSA operation:\n\n" );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " X (plaintext) = ", &X, 10, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " Y (ciphertext) = X^E mod N = ", &Y, 10, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " Z (decrypted) = Y^D mod N = ", &Z, 10, NULL ) );
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n RSA operation:\n\n");
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" X (plaintext) = ", &X, 10, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Y (ciphertext) = X^E mod N = ", &Y, 10, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Z (decrypted) = Y^D mod N = ", &Z, 10, NULL));
+ mbedtls_printf("\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
cleanup:
- mbedtls_mpi_free( &E ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &N );
- mbedtls_mpi_free( &H ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
- mbedtls_mpi_free( &Z );
+ mbedtls_mpi_free(&E); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&N);
+ mbedtls_mpi_free(&H); mbedtls_mpi_free(&D); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
+ mbedtls_mpi_free(&Z);
- if( exit_code != MBEDTLS_EXIT_SUCCESS )
- {
- mbedtls_printf( "\nAn error occurred.\n" );
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+ mbedtls_printf("\nAn error occurred.\n");
}
#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 0b1c417..1dff75c 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -40,17 +40,17 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_CTR_DRBG_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
- "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
- "MBEDTLS_CTR_DRBG_C not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
}
#else
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@@ -65,103 +65,97 @@
const char *pers = "mbedtls_pk_decrypt";
((void) argv);
- mbedtls_pk_init( &pk );
- mbedtls_entropy_init( &entropy );
- mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_pk_init(&pk);
+ mbedtls_entropy_init(&entropy);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
- memset(result, 0, sizeof( result ) );
+ memset(result, 0, sizeof(result));
- if( argc != 2 )
- {
- mbedtls_printf( "usage: mbedtls_pk_decrypt <key_file>\n" );
+ if (argc != 2) {
+ mbedtls_printf("usage: mbedtls_pk_decrypt <key_file>\n");
#if defined(_WIN32)
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
#endif
goto exit;
}
- mbedtls_printf( "\n . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
- &entropy, (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
- fflush( stdout );
+ mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
+ fflush(stdout);
- if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret );
+ if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
+ (unsigned int) -ret);
goto exit;
}
/*
* Extract the RSA encrypted value from the text file
*/
- if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
- {
- mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" );
+ if ((f = fopen("result-enc.txt", "rb")) == NULL) {
+ mbedtls_printf("\n ! Could not open %s\n\n", "result-enc.txt");
ret = 1;
goto exit;
}
i = 0;
- while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 &&
- i < (int) sizeof( buf ) )
- {
+ while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
+ i < (int) sizeof(buf)) {
buf[i++] = (unsigned char) c;
}
- fclose( f );
+ fclose(f);
/*
* Decrypt the encrypted RSA data and print the result.
*/
- mbedtls_printf( "\n . Decrypting the encrypted data" );
- fflush( stdout );
+ mbedtls_printf("\n . Decrypting the encrypted data");
+ fflush(stdout);
- if( ( ret = mbedtls_pk_decrypt( &pk, buf, i, result, &olen, sizeof(result),
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_decrypt returned -0x%04x\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result),
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_decrypt returned -0x%04x\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( "\n . OK\n\n" );
+ mbedtls_printf("\n . OK\n\n");
- mbedtls_printf( "The decrypted result is: '%s'\n\n", result );
+ mbedtls_printf("The decrypted result is: '%s'\n\n", result);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_pk_free( &pk );
- mbedtls_entropy_free( &entropy );
- mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_pk_free(&pk);
+ mbedtls_entropy_free(&entropy);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
#if defined(MBEDTLS_ERROR_C)
- if( exit_code != MBEDTLS_EXIT_SUCCESS )
- {
- mbedtls_strerror( ret, (char *) buf, sizeof( buf ) );
- mbedtls_printf( " ! Last error was: %s\n", buf );
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+ mbedtls_strerror(ret, (char *) buf, sizeof(buf));
+ mbedtls_printf(" ! Last error was: %s\n", buf);
}
#endif
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 3b67c46..9a2549a 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -40,17 +40,17 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_CTR_DRBG_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
- "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_CTR_DRBG_C not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
}
#else
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@@ -63,108 +63,101 @@
unsigned char buf[512];
const char *pers = "mbedtls_pk_encrypt";
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_entropy_init( &entropy );
- mbedtls_pk_init( &pk );
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+ mbedtls_pk_init(&pk);
- if( argc != 3 )
- {
- mbedtls_printf( "usage: mbedtls_pk_encrypt <key_file> <string of max 100 characters>\n" );
+ if (argc != 3) {
+ mbedtls_printf("usage: mbedtls_pk_encrypt <key_file> <string of max 100 characters>\n");
#if defined(_WIN32)
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
#endif
goto exit;
}
- mbedtls_printf( "\n . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
- &entropy, (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( "\n . Reading public key from '%s'", argv[1] );
- fflush( stdout );
+ mbedtls_printf("\n . Reading public key from '%s'", argv[1]);
+ fflush(stdout);
- if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret );
+ if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
+ (unsigned int) -ret);
goto exit;
}
- if( strlen( argv[2] ) > 100 )
- {
- mbedtls_printf( " Input data larger than 100 characters.\n\n" );
+ if (strlen(argv[2]) > 100) {
+ mbedtls_printf(" Input data larger than 100 characters.\n\n");
goto exit;
}
- memcpy( input, argv[2], strlen( argv[2] ) );
+ memcpy(input, argv[2], strlen(argv[2]));
/*
* Calculate the RSA encryption of the hash.
*/
- mbedtls_printf( "\n . Generating the encrypted value" );
- fflush( stdout );
+ mbedtls_printf("\n . Generating the encrypted value");
+ fflush(stdout);
- if( ( ret = mbedtls_pk_encrypt( &pk, input, strlen( argv[2] ),
- buf, &olen, sizeof(buf),
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_encrypt returned -0x%04x\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]),
+ buf, &olen, sizeof(buf),
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_encrypt returned -0x%04x\n",
+ (unsigned int) -ret);
goto exit;
}
/*
* Write the signature into result-enc.txt
*/
- if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Could not create %s\n\n",
- "result-enc.txt" );
+ if ((f = fopen("result-enc.txt", "wb+")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not create %s\n\n",
+ "result-enc.txt");
ret = 1;
goto exit;
}
- for( i = 0; i < olen; i++ )
- {
- mbedtls_fprintf( f, "%02X%s", buf[i],
- ( i + 1 ) % 16 == 0 ? "\r\n" : " " );
+ for (i = 0; i < olen; i++) {
+ mbedtls_fprintf(f, "%02X%s", buf[i],
+ (i + 1) % 16 == 0 ? "\r\n" : " ");
}
- fclose( f );
+ fclose(f);
- mbedtls_printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" );
+ mbedtls_printf("\n . Done (created \"%s\")\n\n", "result-enc.txt");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_pk_free( &pk );
- mbedtls_entropy_free( &entropy );
- mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_pk_free(&pk);
+ mbedtls_entropy_free(&entropy);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
#if defined(MBEDTLS_ERROR_C)
- if( exit_code != MBEDTLS_EXIT_SUCCESS )
- {
- mbedtls_strerror( ret, (char *) buf, sizeof( buf ) );
- mbedtls_printf( " ! Last error was: %s\n", buf );
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+ mbedtls_strerror(ret, (char *) buf, sizeof(buf));
+ mbedtls_printf(" ! Last error was: %s\n", buf);
}
#endif
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 9c0e264..19a855b 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -29,13 +29,13 @@
!defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_CTR_DRBG_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
- "MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
- "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_CTR_DRBG_C not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
+ "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -48,7 +48,7 @@
#include <stdio.h>
#include <string.h>
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@@ -62,38 +62,36 @@
const char *pers = "mbedtls_pk_sign";
size_t olen = 0;
- mbedtls_entropy_init( &entropy );
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_pk_init( &pk );
+ mbedtls_entropy_init(&entropy);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_pk_init(&pk);
- if( argc != 3 )
- {
- mbedtls_printf( "usage: mbedtls_pk_sign <key_file> <filename>\n" );
+ if (argc != 3) {
+ mbedtls_printf("usage: mbedtls_pk_sign <key_file> <filename>\n");
#if defined(_WIN32)
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
#endif
goto exit;
}
- mbedtls_printf( "\n . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret );
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
- fflush( stdout );
+ mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
+ fflush(stdout);
- if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! Could not parse '%s'\n", argv[1] );
+ if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
+ mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]);
goto exit;
}
@@ -101,67 +99,62 @@
* Compute the SHA-256 hash of the input file,
* then calculate the signature of the hash.
*/
- mbedtls_printf( "\n . Generating the SHA-256 signature" );
- fflush( stdout );
+ mbedtls_printf("\n . Generating the SHA-256 signature");
+ fflush(stdout);
- if( ( ret = mbedtls_md_file(
- mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
- argv[2], hash ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
+ if ((ret = mbedtls_md_file(
+ mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+ argv[2], hash)) != 0) {
+ mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
goto exit;
}
- if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen,
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret );
+ if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret);
goto exit;
}
/*
* Write the signature into <filename>.sig
*/
- mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
+ mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
- if( ( f = fopen( filename, "wb+" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Could not create %s\n\n", filename );
+ if ((f = fopen(filename, "wb+")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not create %s\n\n", filename);
goto exit;
}
- if( fwrite( buf, 1, olen, f ) != olen )
- {
- mbedtls_printf( "failed\n ! fwrite failed\n\n" );
- fclose( f );
+ if (fwrite(buf, 1, olen, f) != olen) {
+ mbedtls_printf("failed\n ! fwrite failed\n\n");
+ fclose(f);
goto exit;
}
- fclose( f );
+ fclose(f);
- mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
+ mbedtls_printf("\n . Done (created \"%s\")\n\n", filename);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_pk_free( &pk );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_pk_free(&pk);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
#if defined(MBEDTLS_ERROR_C)
- if( exit_code != MBEDTLS_EXIT_SUCCESS )
- {
- mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
- mbedtls_printf( " ! Last error was: %s\n", buf );
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+ mbedtls_strerror(ret, (char *) buf, sizeof(buf));
+ mbedtls_printf(" ! Last error was: %s\n", buf);
}
#endif
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index a460833..f816e92 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -28,12 +28,12 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_PK_PARSE_C) || \
!defined(MBEDTLS_FS_IO)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or "
- "MBEDTLS_SHA256_C and/or MBEDTLS_PK_PARSE_C and/or "
- "MBEDTLS_FS_IO not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_SHA256_C and/or MBEDTLS_PK_PARSE_C and/or "
+ "MBEDTLS_FS_IO not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -45,7 +45,7 @@
#include <string.h>
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@@ -56,86 +56,81 @@
unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
char filename[512];
- mbedtls_pk_init( &pk );
+ mbedtls_pk_init(&pk);
- if( argc != 3 )
- {
- mbedtls_printf( "usage: mbedtls_pk_verify <key_file> <filename>\n" );
+ if (argc != 3) {
+ mbedtls_printf("usage: mbedtls_pk_verify <key_file> <filename>\n");
#if defined(_WIN32)
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
#endif
goto exit;
}
- mbedtls_printf( "\n . Reading public key from '%s'", argv[1] );
- fflush( stdout );
+ mbedtls_printf("\n . Reading public key from '%s'", argv[1]);
+ fflush(stdout);
- if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret );
+ if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
+ (unsigned int) -ret);
goto exit;
}
/*
* Extract the signature from the file
*/
- mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
+ mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
- if( ( f = fopen( filename, "rb" ) ) == NULL )
- {
- mbedtls_printf( "\n ! Could not open %s\n\n", filename );
+ if ((f = fopen(filename, "rb")) == NULL) {
+ mbedtls_printf("\n ! Could not open %s\n\n", filename);
goto exit;
}
- i = fread( buf, 1, sizeof(buf), f );
+ i = fread(buf, 1, sizeof(buf), f);
- fclose( f );
+ fclose(f);
/*
* Compute the SHA-256 hash of the input file and
* verify the signature
*/
- mbedtls_printf( "\n . Verifying the SHA-256 signature" );
- fflush( stdout );
+ mbedtls_printf("\n . Verifying the SHA-256 signature");
+ fflush(stdout);
- if( ( ret = mbedtls_md_file(
- mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
- argv[2], hash ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
+ if ((ret = mbedtls_md_file(
+ mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+ argv[2], hash)) != 0) {
+ mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
goto exit;
}
- if( ( ret = mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, 0,
- buf, i ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret );
+ if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0,
+ buf, i)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
+ mbedtls_printf("\n . OK (the signature is valid)\n\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_pk_free( &pk );
+ mbedtls_pk_free(&pk);
#if defined(MBEDTLS_ERROR_C)
- if( exit_code != MBEDTLS_EXIT_SUCCESS )
- {
- mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
- mbedtls_printf( " ! Last error was: %s\n", buf );
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+ mbedtls_strerror(ret, (char *) buf, sizeof(buf));
+ mbedtls_printf(" ! Last error was: %s\n", buf);
}
#endif
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SHA256_C &&
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index 20b967d..418d5ea 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -39,17 +39,17 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_CTR_DRBG_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
- "MBEDTLS_CTR_DRBG_C not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
}
#else
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@@ -65,137 +65,129 @@
const char *pers = "rsa_decrypt";
((void) argv);
- memset(result, 0, sizeof( result ) );
+ memset(result, 0, sizeof(result));
- if( argc != 1 )
- {
- mbedtls_printf( "usage: rsa_decrypt\n" );
+ if (argc != 1) {
+ mbedtls_printf("usage: rsa_decrypt\n");
#if defined(_WIN32)
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
- mbedtls_printf( "\n . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_entropy_init( &entropy );
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
- mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
+ mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+ mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
- ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
- &entropy, (const unsigned char *) pers,
- strlen( pers ) );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
- ret );
+ ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen(pers));
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
+ ret);
goto exit;
}
- mbedtls_printf( "\n . Reading private key from rsa_priv.txt" );
- fflush( stdout );
+ mbedtls_printf("\n . Reading private key from rsa_priv.txt");
+ fflush(stdout);
- if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
- " ! Please run rsa_genkey first\n\n" );
+ if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \
+ " ! Please run rsa_genkey first\n\n");
goto exit;
}
- if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &DP , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &DQ , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &QP , 16, f ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n",
- ret );
- fclose( f );
+ if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n",
+ ret);
+ fclose(f);
goto exit;
}
- fclose( f );
+ fclose(f);
- if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n",
- ret );
+ if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n",
+ ret);
goto exit;
}
- if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n",
- ret );
+ if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n",
+ ret);
goto exit;
}
/*
* Extract the RSA encrypted value from the text file
*/
- if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
- {
- mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" );
+ if ((f = fopen("result-enc.txt", "rb")) == NULL) {
+ mbedtls_printf("\n ! Could not open %s\n\n", "result-enc.txt");
goto exit;
}
i = 0;
- while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 &&
- i < (int) sizeof( buf ) )
+ while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
+ i < (int) sizeof(buf)) {
buf[i++] = (unsigned char) c;
+ }
- fclose( f );
+ fclose(f);
- if( i != rsa.len )
- {
- mbedtls_printf( "\n ! Invalid RSA signature format\n\n" );
+ if (i != rsa.len) {
+ mbedtls_printf("\n ! Invalid RSA signature format\n\n");
goto exit;
}
/*
* Decrypt the encrypted RSA data and print the result.
*/
- mbedtls_printf( "\n . Decrypting the encrypted data" );
- fflush( stdout );
+ mbedtls_printf("\n . Decrypting the encrypted data");
+ fflush(stdout);
- ret = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random,
- &ctr_drbg, MBEDTLS_RSA_PRIVATE, &i,
- buf, result, 1024 );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n",
- ret );
+ ret = mbedtls_rsa_pkcs1_decrypt(&rsa, mbedtls_ctr_drbg_random,
+ &ctr_drbg, MBEDTLS_RSA_PRIVATE, &i,
+ buf, result, 1024);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n",
+ ret);
goto exit;
}
- mbedtls_printf( "\n . OK\n\n" );
+ mbedtls_printf("\n . OK\n\n");
- mbedtls_printf( "The decrypted result is: '%s'\n\n", result );
+ mbedtls_printf("The decrypted result is: '%s'\n\n", result);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
- mbedtls_rsa_free( &rsa );
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
- mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+ mbedtls_rsa_free(&rsa);
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+ mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index cda3d31..6ef2e2f 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -38,17 +38,17 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_CTR_DRBG_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_CTR_DRBG_C not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
}
#else
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@@ -62,117 +62,110 @@
const char *pers = "rsa_encrypt";
mbedtls_mpi N, E;
- if( argc != 2 )
- {
- mbedtls_printf( "usage: rsa_encrypt <string of max 100 characters>\n" );
+ if (argc != 2) {
+ mbedtls_printf("usage: rsa_encrypt <string of max 100 characters>\n");
#if defined(_WIN32)
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
- mbedtls_printf( "\n . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_entropy_init( &entropy );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
+ mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
- ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
- &entropy, (const unsigned char *) pers,
- strlen( pers ) );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
- ret );
+ ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen(pers));
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
+ ret);
goto exit;
}
- mbedtls_printf( "\n . Reading public key from rsa_pub.txt" );
- fflush( stdout );
+ mbedtls_printf("\n . Reading public key from rsa_pub.txt");
+ fflush(stdout);
- if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \
- " ! Please run rsa_genkey first\n\n" );
+ if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \
+ " ! Please run rsa_genkey first\n\n");
goto exit;
}
- if( ( ret = mbedtls_mpi_read_file( &N, 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &E, 16, f ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n",
- ret );
- fclose( f );
+ if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n",
+ ret);
+ fclose(f);
goto exit;
}
- fclose( f );
+ fclose(f);
- if( ( ret = mbedtls_rsa_import( &rsa, &N, NULL, NULL, NULL, &E ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n",
- ret );
+ if ((ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n",
+ ret);
goto exit;
}
- if( strlen( argv[1] ) > 100 )
- {
- mbedtls_printf( " Input data larger than 100 characters.\n\n" );
+ if (strlen(argv[1]) > 100) {
+ mbedtls_printf(" Input data larger than 100 characters.\n\n");
goto exit;
}
- memcpy( input, argv[1], strlen( argv[1] ) );
+ memcpy(input, argv[1], strlen(argv[1]));
/*
* Calculate the RSA encryption of the hash.
*/
- mbedtls_printf( "\n . Generating the RSA encrypted value" );
- fflush( stdout );
+ mbedtls_printf("\n . Generating the RSA encrypted value");
+ fflush(stdout);
- ret = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random,
- &ctr_drbg, MBEDTLS_RSA_PUBLIC,
- strlen( argv[1] ), input, buf );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n",
- ret );
+ ret = mbedtls_rsa_pkcs1_encrypt(&rsa, mbedtls_ctr_drbg_random,
+ &ctr_drbg, MBEDTLS_RSA_PUBLIC,
+ strlen(argv[1]), input, buf);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n",
+ ret);
goto exit;
}
/*
* Write the signature into result-enc.txt
*/
- if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" );
+ if ((f = fopen("result-enc.txt", "wb+")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not create %s\n\n", "result-enc.txt");
goto exit;
}
- for( i = 0; i < rsa.len; i++ )
- mbedtls_fprintf( f, "%02X%s", buf[i],
- ( i + 1 ) % 16 == 0 ? "\r\n" : " " );
+ for (i = 0; i < rsa.len; i++) {
+ mbedtls_fprintf(f, "%02X%s", buf[i],
+ (i + 1) % 16 == 0 ? "\r\n" : " ");
+ }
- fclose( f );
+ fclose(f);
- mbedtls_printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" );
+ mbedtls_printf("\n . Done (created \"%s\")\n\n", "result-enc.txt");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
- mbedtls_rsa_free( &rsa );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+ mbedtls_rsa_free(&rsa);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index 1507bd8..4bcb8a2 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -43,17 +43,17 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_GENPRIME) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
- "MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or "
- "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or "
+ "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
}
#else
-int main( void )
+int main(void)
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@@ -65,103 +65,98 @@
FILE *fpriv = NULL;
const char *pers = "rsa_genkey";
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
- mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0);
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+ mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
- mbedtls_printf( "\n . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
- mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ mbedtls_entropy_init(&entropy);
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE );
- fflush( stdout );
+ mbedtls_printf(" ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE);
+ fflush(stdout);
- if( ( ret = mbedtls_rsa_gen_key( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE,
- EXPONENT ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned %d\n\n", ret );
+ if ((ret = mbedtls_rsa_gen_key(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE,
+ EXPONENT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n . Exporting the public key in rsa_pub.txt...." );
- fflush( stdout );
+ mbedtls_printf(" ok\n . Exporting the public key in rsa_pub.txt....");
+ fflush(stdout);
- if( ( ret = mbedtls_rsa_export ( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
- ( ret = mbedtls_rsa_export_crt( &rsa, &DP, &DQ, &QP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
+ if ((ret = mbedtls_rsa_export(&rsa, &N, &P, &Q, &D, &E)) != 0 ||
+ (ret = mbedtls_rsa_export_crt(&rsa, &DP, &DQ, &QP)) != 0) {
+ mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto exit;
}
- if( ( fpub = fopen( "rsa_pub.txt", "wb+" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! could not open rsa_pub.txt for writing\n\n" );
+ if ((fpub = fopen("rsa_pub.txt", "wb+")) == NULL) {
+ mbedtls_printf(" failed\n ! could not open rsa_pub.txt for writing\n\n");
goto exit;
}
- if( ( ret = mbedtls_mpi_write_file( "N = ", &N, 16, fpub ) ) != 0 ||
- ( ret = mbedtls_mpi_write_file( "E = ", &E, 16, fpub ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret );
+ if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpub)) != 0 ||
+ (ret = mbedtls_mpi_write_file("E = ", &E, 16, fpub)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n . Exporting the private key in rsa_priv.txt..." );
- fflush( stdout );
+ mbedtls_printf(" ok\n . Exporting the private key in rsa_priv.txt...");
+ fflush(stdout);
- if( ( fpriv = fopen( "rsa_priv.txt", "wb+" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! could not open rsa_priv.txt for writing\n" );
+ if ((fpriv = fopen("rsa_priv.txt", "wb+")) == NULL) {
+ mbedtls_printf(" failed\n ! could not open rsa_priv.txt for writing\n");
goto exit;
}
- if( ( ret = mbedtls_mpi_write_file( "N = " , &N , 16, fpriv ) ) != 0 ||
- ( ret = mbedtls_mpi_write_file( "E = " , &E , 16, fpriv ) ) != 0 ||
- ( ret = mbedtls_mpi_write_file( "D = " , &D , 16, fpriv ) ) != 0 ||
- ( ret = mbedtls_mpi_write_file( "P = " , &P , 16, fpriv ) ) != 0 ||
- ( ret = mbedtls_mpi_write_file( "Q = " , &Q , 16, fpriv ) ) != 0 ||
- ( ret = mbedtls_mpi_write_file( "DP = ", &DP, 16, fpriv ) ) != 0 ||
- ( ret = mbedtls_mpi_write_file( "DQ = ", &DQ, 16, fpriv ) ) != 0 ||
- ( ret = mbedtls_mpi_write_file( "QP = ", &QP, 16, fpriv ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret );
+ if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpriv)) != 0 ||
+ (ret = mbedtls_mpi_write_file("E = ", &E, 16, fpriv)) != 0 ||
+ (ret = mbedtls_mpi_write_file("D = ", &D, 16, fpriv)) != 0 ||
+ (ret = mbedtls_mpi_write_file("P = ", &P, 16, fpriv)) != 0 ||
+ (ret = mbedtls_mpi_write_file("Q = ", &Q, 16, fpriv)) != 0 ||
+ (ret = mbedtls_mpi_write_file("DP = ", &DP, 16, fpriv)) != 0 ||
+ (ret = mbedtls_mpi_write_file("DQ = ", &DQ, 16, fpriv)) != 0 ||
+ (ret = mbedtls_mpi_write_file("QP = ", &QP, 16, fpriv)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n\n" );
+ mbedtls_printf(" ok\n\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- if( fpub != NULL )
- fclose( fpub );
+ if (fpub != NULL) {
+ fclose(fpub);
+ }
- if( fpriv != NULL )
- fclose( fpriv );
+ if (fpriv != NULL) {
+ fclose(fpriv);
+ }
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
- mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
- mbedtls_rsa_free( &rsa );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+ mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+ mbedtls_rsa_free(&rsa);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index debc168..a28a699 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -28,12 +28,12 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_FS_IO)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_MD_C and/or "
- "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_MD_C and/or "
+ "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -44,7 +44,7 @@
#include <string.h>
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@@ -56,67 +56,62 @@
char filename[512];
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0);
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
- mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+ mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
- if( argc != 2 )
- {
- mbedtls_printf( "usage: rsa_sign <filename>\n" );
+ if (argc != 2) {
+ mbedtls_printf("usage: rsa_sign <filename>\n");
#if defined(_WIN32)
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
#endif
goto exit;
}
- mbedtls_printf( "\n . Reading private key from rsa_priv.txt" );
- fflush( stdout );
+ mbedtls_printf("\n . Reading private key from rsa_priv.txt");
+ fflush(stdout);
- if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
- " ! Please run rsa_genkey first\n\n" );
+ if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \
+ " ! Please run rsa_genkey first\n\n");
goto exit;
}
- if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &DP , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &DQ , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &QP , 16, f ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
- fclose( f );
+ if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret);
+ fclose(f);
goto exit;
}
- fclose( f );
+ fclose(f);
- if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n",
- ret );
+ if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n",
+ ret);
goto exit;
}
- if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n",
- ret );
+ if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n",
+ ret);
goto exit;
}
- mbedtls_printf( "\n . Checking the private key" );
- fflush( stdout );
- if( ( ret = mbedtls_rsa_check_privkey( &rsa ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n", (unsigned int) -ret );
+ mbedtls_printf("\n . Checking the private key");
+ fflush(stdout);
+ if ((ret = mbedtls_rsa_check_privkey(&rsa)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n",
+ (unsigned int) -ret);
goto exit;
}
@@ -124,58 +119,57 @@
* Compute the SHA-256 hash of the input file,
* then calculate the RSA signature of the hash.
*/
- mbedtls_printf( "\n . Generating the RSA/SHA-256 signature" );
- fflush( stdout );
+ mbedtls_printf("\n . Generating the RSA/SHA-256 signature");
+ fflush(stdout);
- if( ( ret = mbedtls_md_file(
- mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
- argv[1], hash ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[1] );
+ if ((ret = mbedtls_md_file(
+ mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+ argv[1], hash)) != 0) {
+ mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[1]);
goto exit;
}
- if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
- 20, hash, buf ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", (unsigned int) -ret );
+ if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
+ 20, hash, buf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n",
+ (unsigned int) -ret);
goto exit;
}
/*
* Write the signature into <filename>.sig
*/
- mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
+ mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]);
- if( ( f = fopen( filename, "wb+" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Could not create %s\n\n", argv[1] );
+ if ((f = fopen(filename, "wb+")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not create %s\n\n", argv[1]);
goto exit;
}
- for( i = 0; i < rsa.len; i++ )
- mbedtls_fprintf( f, "%02X%s", buf[i],
- ( i + 1 ) % 16 == 0 ? "\r\n" : " " );
+ for (i = 0; i < rsa.len; i++) {
+ mbedtls_fprintf(f, "%02X%s", buf[i],
+ (i + 1) % 16 == 0 ? "\r\n" : " ");
+ }
- fclose( f );
+ fclose(f);
- mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
+ mbedtls_printf("\n . Done (created \"%s\")\n\n", filename);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_rsa_free( &rsa );
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
- mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
+ mbedtls_rsa_free(&rsa);
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+ mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index ad0598b..d1afdee 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -29,13 +29,13 @@
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_CTR_DRBG_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
- "MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
- "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_CTR_DRBG_C not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
+ "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -49,7 +49,7 @@
#include <string.h>
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@@ -63,107 +63,99 @@
const char *pers = "rsa_sign_pss";
size_t olen = 0;
- mbedtls_entropy_init( &entropy );
- mbedtls_pk_init( &pk );
- mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init(&entropy);
+ mbedtls_pk_init(&pk);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
- if( argc != 3 )
- {
- mbedtls_printf( "usage: rsa_sign_pss <key_file> <filename>\n" );
+ if (argc != 3) {
+ mbedtls_printf("usage: rsa_sign_pss <key_file> <filename>\n");
#if defined(_WIN32)
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
#endif
goto exit;
}
- mbedtls_printf( "\n . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
- mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
- fflush( stdout );
+ mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
+ fflush(stdout);
- if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
- mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );
+ if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
+ mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]);
+ mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
goto exit;
}
- if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) )
- {
- mbedtls_printf( " failed\n ! Key is not an RSA key\n" );
+ if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) {
+ mbedtls_printf(" failed\n ! Key is not an RSA key\n");
goto exit;
}
- mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
+ mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
/*
* Compute the SHA-256 hash of the input file,
* then calculate the RSA signature of the hash.
*/
- mbedtls_printf( "\n . Generating the RSA/SHA-256 signature" );
- fflush( stdout );
+ mbedtls_printf("\n . Generating the RSA/SHA-256 signature");
+ fflush(stdout);
- if( ( ret = mbedtls_md_file(
- mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
- argv[2], hash ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
+ if ((ret = mbedtls_md_file(
+ mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+ argv[2], hash)) != 0) {
+ mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
goto exit;
}
- if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen,
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_sign returned %d\n\n", ret );
+ if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret);
goto exit;
}
/*
* Write the signature into <filename>.sig
*/
- mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
+ mbedtls_snprintf(filename, 512, "%s.sig", argv[2]);
- if( ( f = fopen( filename, "wb+" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Could not create %s\n\n", filename );
+ if ((f = fopen(filename, "wb+")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not create %s\n\n", filename);
goto exit;
}
- if( fwrite( buf, 1, olen, f ) != olen )
- {
- mbedtls_printf( "failed\n ! fwrite failed\n\n" );
- fclose( f );
+ if (fwrite(buf, 1, olen, f) != olen) {
+ mbedtls_printf("failed\n ! fwrite failed\n\n");
+ fclose(f);
goto exit;
}
- fclose( f );
+ fclose(f);
- mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
+ mbedtls_printf("\n . Done (created \"%s\")\n\n", filename);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_pk_free( &pk );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_pk_free(&pk);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 81478c2..aeddd43 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -28,12 +28,12 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_FS_IO)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_MD_C and/or "
- "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_MD_C and/or "
+ "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -44,7 +44,7 @@
#include <string.h>
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@@ -56,62 +56,58 @@
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0);
- if( argc != 2 )
- {
- mbedtls_printf( "usage: rsa_verify <filename>\n" );
+ if (argc != 2) {
+ mbedtls_printf("usage: rsa_verify <filename>\n");
#if defined(_WIN32)
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
#endif
goto exit;
}
- mbedtls_printf( "\n . Reading public key from rsa_pub.txt" );
- fflush( stdout );
+ mbedtls_printf("\n . Reading public key from rsa_pub.txt");
+ fflush(stdout);
- if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \
- " ! Please run rsa_genkey first\n\n" );
+ if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \
+ " ! Please run rsa_genkey first\n\n");
goto exit;
}
- if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
- fclose( f );
+ if ((ret = mbedtls_mpi_read_file(&rsa.N, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&rsa.E, 16, f)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret);
+ fclose(f);
goto exit;
}
- rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
+ rsa.len = (mbedtls_mpi_bitlen(&rsa.N) + 7) >> 3;
- fclose( f );
+ fclose(f);
/*
* Extract the RSA signature from the text file
*/
- mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
+ mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]);
- if( ( f = fopen( filename, "rb" ) ) == NULL )
- {
- mbedtls_printf( "\n ! Could not open %s\n\n", filename );
+ if ((f = fopen(filename, "rb")) == NULL) {
+ mbedtls_printf("\n ! Could not open %s\n\n", filename);
goto exit;
}
i = 0;
- while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 &&
- i < (int) sizeof( buf ) )
+ while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
+ i < (int) sizeof(buf)) {
buf[i++] = (unsigned char) c;
+ }
- fclose( f );
+ fclose(f);
- if( i != rsa.len )
- {
- mbedtls_printf( "\n ! Invalid RSA signature format\n\n" );
+ if (i != rsa.len) {
+ mbedtls_printf("\n ! Invalid RSA signature format\n\n");
goto exit;
}
@@ -119,38 +115,37 @@
* Compute the SHA-256 hash of the input file and
* verify the signature
*/
- mbedtls_printf( "\n . Verifying the RSA/SHA-256 signature" );
- fflush( stdout );
+ mbedtls_printf("\n . Verifying the RSA/SHA-256 signature");
+ fflush(stdout);
- if( ( ret = mbedtls_md_file(
- mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
- argv[1], hash ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[1] );
+ if ((ret = mbedtls_md_file(
+ mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+ argv[1], hash)) != 0) {
+ mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[1]);
goto exit;
}
- if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
- MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret );
+ if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
+ MBEDTLS_MD_SHA256, 20, hash, buf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
+ mbedtls_printf("\n . OK (the signature is valid)\n\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_rsa_free( &rsa );
+ mbedtls_rsa_free(&rsa);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index fe3e2ec..1718872 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -29,13 +29,13 @@
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_CTR_DRBG_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
- "MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
- "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_CTR_DRBG_C not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
+ "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -48,7 +48,7 @@
#include <string.h>
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@@ -59,87 +59,81 @@
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
- mbedtls_pk_init( &pk );
+ mbedtls_pk_init(&pk);
- if( argc != 3 )
- {
- mbedtls_printf( "usage: rsa_verify_pss <key_file> <filename>\n" );
+ if (argc != 3) {
+ mbedtls_printf("usage: rsa_verify_pss <key_file> <filename>\n");
#if defined(_WIN32)
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
#endif
goto exit;
}
- mbedtls_printf( "\n . Reading public key from '%s'", argv[1] );
- fflush( stdout );
+ mbedtls_printf("\n . Reading public key from '%s'", argv[1]);
+ fflush(stdout);
- if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
- mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );
+ if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
+ mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]);
+ mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
goto exit;
}
- if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) )
- {
- mbedtls_printf( " failed\n ! Key is not an RSA key\n" );
+ if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) {
+ mbedtls_printf(" failed\n ! Key is not an RSA key\n");
goto exit;
}
- mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
+ mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
/*
* Extract the RSA signature from the file
*/
- mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
+ mbedtls_snprintf(filename, 512, "%s.sig", argv[2]);
- if( ( f = fopen( filename, "rb" ) ) == NULL )
- {
- mbedtls_printf( "\n ! Could not open %s\n\n", filename );
+ if ((f = fopen(filename, "rb")) == NULL) {
+ mbedtls_printf("\n ! Could not open %s\n\n", filename);
goto exit;
}
- i = fread( buf, 1, MBEDTLS_MPI_MAX_SIZE, f );
+ i = fread(buf, 1, MBEDTLS_MPI_MAX_SIZE, f);
- fclose( f );
+ fclose(f);
/*
* Compute the SHA-256 hash of the input file and
* verify the signature
*/
- mbedtls_printf( "\n . Verifying the RSA/SHA-256 signature" );
- fflush( stdout );
+ mbedtls_printf("\n . Verifying the RSA/SHA-256 signature");
+ fflush(stdout);
- if( ( ret = mbedtls_md_file(
- mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
- argv[2], hash ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
+ if ((ret = mbedtls_md_file(
+ mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+ argv[2], hash)) != 0) {
+ mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
goto exit;
}
- if( ( ret = mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, 0,
- buf, i ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_verify returned %d\n\n", ret );
+ if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0,
+ buf, i)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_verify returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
+ mbedtls_printf("\n . OK (the signature is valid)\n\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_pk_free( &pk );
+ mbedtls_pk_free(&pk);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c
index 935d657..3f109d8 100644
--- a/programs/psa/crypto_examples.c
+++ b/programs/psa/crypto_examples.c
@@ -20,146 +20,145 @@
#include <stdio.h>
#include <stdlib.h>
-#define ASSERT( predicate ) \
+#define ASSERT(predicate) \
do \
{ \
- if( ! ( predicate ) ) \
+ if (!(predicate)) \
{ \
- printf( "\tassertion failed at %s:%d - '%s'\r\n", \
- __FILE__, __LINE__, #predicate); \
+ printf("\tassertion failed at %s:%d - '%s'\r\n", \
+ __FILE__, __LINE__, #predicate); \
goto exit; \
} \
- } while ( 0 )
+ } while (0)
-#define ASSERT_STATUS( actual, expected ) \
+#define ASSERT_STATUS(actual, expected) \
do \
{ \
- if( ( actual ) != ( expected ) ) \
+ if ((actual) != (expected)) \
{ \
- printf( "\tassertion failed at %s:%d - " \
- "actual:%d expected:%d\r\n", __FILE__, __LINE__, \
- (psa_status_t) actual, (psa_status_t) expected ); \
+ printf("\tassertion failed at %s:%d - " \
+ "actual:%d expected:%d\r\n", __FILE__, __LINE__, \
+ (psa_status_t) actual, (psa_status_t) expected); \
goto exit; \
} \
- } while ( 0 )
+ } while (0)
#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_AES_C) || \
!defined(MBEDTLS_CIPHER_MODE_CBC) || !defined(MBEDTLS_CIPHER_MODE_CTR) || \
!defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) || \
defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
-int main( void )
+int main(void)
{
- printf( "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_AES_C and/or "
- "MBEDTLS_CIPHER_MODE_CBC and/or MBEDTLS_CIPHER_MODE_CTR "
- "and/or MBEDTLS_CIPHER_MODE_WITH_PADDING "
- "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER"
- " defined.\r\n" );
- return( 0 );
+ printf("MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_AES_C and/or "
+ "MBEDTLS_CIPHER_MODE_CBC and/or MBEDTLS_CIPHER_MODE_CTR "
+ "and/or MBEDTLS_CIPHER_MODE_WITH_PADDING "
+ "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER"
+ " defined.\r\n");
+ return 0;
}
#else
-static psa_status_t cipher_operation( psa_cipher_operation_t *operation,
- const uint8_t * input,
- size_t input_size,
- size_t part_size,
- uint8_t * output,
- size_t output_size,
- size_t *output_len )
+static psa_status_t cipher_operation(psa_cipher_operation_t *operation,
+ const uint8_t *input,
+ size_t input_size,
+ size_t part_size,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_len)
{
psa_status_t status;
size_t bytes_to_write = 0, bytes_written = 0, len = 0;
*output_len = 0;
- while( bytes_written != input_size )
- {
- bytes_to_write = ( input_size - bytes_written > part_size ?
- part_size :
- input_size - bytes_written );
+ while (bytes_written != input_size) {
+ bytes_to_write = (input_size - bytes_written > part_size ?
+ part_size :
+ input_size - bytes_written);
- status = psa_cipher_update( operation, input + bytes_written,
- bytes_to_write, output + *output_len,
- output_size - *output_len, &len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_cipher_update(operation, input + bytes_written,
+ bytes_to_write, output + *output_len,
+ output_size - *output_len, &len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
bytes_written += bytes_to_write;
*output_len += len;
}
- status = psa_cipher_finish( operation, output + *output_len,
- output_size - *output_len, &len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_cipher_finish(operation, output + *output_len,
+ output_size - *output_len, &len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
*output_len += len;
exit:
- return( status );
+ return status;
}
-static psa_status_t cipher_encrypt( psa_key_id_t key,
- psa_algorithm_t alg,
- uint8_t * iv,
- size_t iv_size,
- const uint8_t * input,
- size_t input_size,
- size_t part_size,
- uint8_t * output,
- size_t output_size,
- size_t *output_len )
+static psa_status_t cipher_encrypt(psa_key_id_t key,
+ psa_algorithm_t alg,
+ uint8_t *iv,
+ size_t iv_size,
+ const uint8_t *input,
+ size_t input_size,
+ size_t part_size,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_len)
{
psa_status_t status;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
size_t iv_len = 0;
- memset( &operation, 0, sizeof( operation ) );
- status = psa_cipher_encrypt_setup( &operation, key, alg );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ memset(&operation, 0, sizeof(operation));
+ status = psa_cipher_encrypt_setup(&operation, key, alg);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = psa_cipher_generate_iv( &operation, iv, iv_size, &iv_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_cipher_generate_iv(&operation, iv, iv_size, &iv_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = cipher_operation( &operation, input, input_size, part_size,
- output, output_size, output_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = cipher_operation(&operation, input, input_size, part_size,
+ output, output_size, output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
exit:
- psa_cipher_abort( &operation );
- return( status );
+ psa_cipher_abort(&operation);
+ return status;
}
-static psa_status_t cipher_decrypt( psa_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t * iv,
- size_t iv_size,
- const uint8_t * input,
- size_t input_size,
- size_t part_size,
- uint8_t * output,
- size_t output_size,
- size_t *output_len )
+static psa_status_t cipher_decrypt(psa_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *iv,
+ size_t iv_size,
+ const uint8_t *input,
+ size_t input_size,
+ size_t part_size,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_len)
{
psa_status_t status;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- memset( &operation, 0, sizeof( operation ) );
- status = psa_cipher_decrypt_setup( &operation, key, alg );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ memset(&operation, 0, sizeof(operation));
+ status = psa_cipher_decrypt_setup(&operation, key, alg);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = psa_cipher_set_iv( &operation, iv, iv_size );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_cipher_set_iv(&operation, iv, iv_size);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = cipher_operation( &operation, input, input_size, part_size,
- output, output_size, output_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = cipher_operation(&operation, input, input_size, part_size,
+ output, output_size, output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
exit:
- psa_cipher_abort( &operation );
- return( status );
+ psa_cipher_abort(&operation);
+ return status;
}
static psa_status_t
-cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void )
+cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block(void)
{
enum {
- block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( PSA_KEY_TYPE_AES ),
+ block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES),
key_bits = 256,
part_size = block_size,
};
@@ -174,40 +173,40 @@
uint8_t encrypt[block_size];
uint8_t decrypt[block_size];
- status = psa_generate_random( input, sizeof( input ) );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_generate_random(input, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
- psa_set_key_bits( &attributes, key_bits );
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, key_bits);
- status = psa_generate_key( &attributes, &key );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_generate_key(&attributes, &key);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = cipher_encrypt( key, alg, iv, sizeof( iv ),
- input, sizeof( input ), part_size,
- encrypt, sizeof( encrypt ), &output_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = cipher_encrypt(key, alg, iv, sizeof(iv),
+ input, sizeof(input), part_size,
+ encrypt, sizeof(encrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = cipher_decrypt( key, alg, iv, sizeof( iv ),
- encrypt, output_len, part_size,
- decrypt, sizeof( decrypt ), &output_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = cipher_decrypt(key, alg, iv, sizeof(iv),
+ encrypt, output_len, part_size,
+ decrypt, sizeof(decrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = memcmp( input, decrypt, sizeof( input ) );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = memcmp(input, decrypt, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
exit:
- psa_destroy_key( key );
- return( status );
+ psa_destroy_key(key);
+ return status;
}
-static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void )
+static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi(void)
{
enum {
- block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( PSA_KEY_TYPE_AES ),
+ block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES),
key_bits = 256,
input_size = 100,
part_size = 10,
@@ -222,40 +221,40 @@
uint8_t iv[block_size], input[input_size],
encrypt[input_size + block_size], decrypt[input_size + block_size];
- status = psa_generate_random( input, sizeof( input ) );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_generate_random(input, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
- psa_set_key_bits( &attributes, key_bits );
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, key_bits);
- status = psa_generate_key( &attributes, &key );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_generate_key(&attributes, &key);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = cipher_encrypt( key, alg, iv, sizeof( iv ),
- input, sizeof( input ), part_size,
- encrypt, sizeof( encrypt ), &output_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = cipher_encrypt(key, alg, iv, sizeof(iv),
+ input, sizeof(input), part_size,
+ encrypt, sizeof(encrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = cipher_decrypt( key, alg, iv, sizeof( iv ),
- encrypt, output_len, part_size,
- decrypt, sizeof( decrypt ), &output_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = cipher_decrypt(key, alg, iv, sizeof(iv),
+ encrypt, output_len, part_size,
+ decrypt, sizeof(decrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = memcmp( input, decrypt, sizeof( input ) );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = memcmp(input, decrypt, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
exit:
- psa_destroy_key( key );
- return( status );
+ psa_destroy_key(key);
+ return status;
}
-static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void )
+static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi(void)
{
enum {
- block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( PSA_KEY_TYPE_AES ),
+ block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES),
key_bits = 256,
input_size = 100,
part_size = 10,
@@ -269,63 +268,66 @@
uint8_t iv[block_size], input[input_size], encrypt[input_size],
decrypt[input_size];
- status = psa_generate_random( input, sizeof( input ) );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_generate_random(input, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
- psa_set_key_bits( &attributes, key_bits );
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, key_bits);
- status = psa_generate_key( &attributes, &key );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_generate_key(&attributes, &key);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = cipher_encrypt( key, alg, iv, sizeof( iv ),
- input, sizeof( input ), part_size,
- encrypt, sizeof( encrypt ), &output_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = cipher_encrypt(key, alg, iv, sizeof(iv),
+ input, sizeof(input), part_size,
+ encrypt, sizeof(encrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = cipher_decrypt( key, alg, iv, sizeof( iv ),
- encrypt, output_len, part_size,
- decrypt, sizeof( decrypt ), &output_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = cipher_decrypt(key, alg, iv, sizeof(iv),
+ encrypt, output_len, part_size,
+ decrypt, sizeof(decrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = memcmp( input, decrypt, sizeof( input ) );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = memcmp(input, decrypt, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
exit:
- psa_destroy_key( key );
- return( status );
+ psa_destroy_key(key);
+ return status;
}
-static void cipher_examples( void )
+static void cipher_examples(void)
{
psa_status_t status;
- printf( "cipher encrypt/decrypt AES CBC no padding:\r\n" );
- status = cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( );
- if( status == PSA_SUCCESS )
- printf( "\tsuccess!\r\n" );
+ printf("cipher encrypt/decrypt AES CBC no padding:\r\n");
+ status = cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block();
+ if (status == PSA_SUCCESS) {
+ printf("\tsuccess!\r\n");
+ }
- printf( "cipher encrypt/decrypt AES CBC PKCS7 multipart:\r\n" );
- status = cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( );
- if( status == PSA_SUCCESS )
- printf( "\tsuccess!\r\n" );
+ printf("cipher encrypt/decrypt AES CBC PKCS7 multipart:\r\n");
+ status = cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi();
+ if (status == PSA_SUCCESS) {
+ printf("\tsuccess!\r\n");
+ }
- printf( "cipher encrypt/decrypt AES CTR multipart:\r\n" );
- status = cipher_example_encrypt_decrypt_aes_ctr_multi( );
- if( status == PSA_SUCCESS )
- printf( "\tsuccess!\r\n" );
+ printf("cipher encrypt/decrypt AES CTR multipart:\r\n");
+ status = cipher_example_encrypt_decrypt_aes_ctr_multi();
+ if (status == PSA_SUCCESS) {
+ printf("\tsuccess!\r\n");
+ }
}
-int main( void )
+int main(void)
{
- ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
- cipher_examples( );
+ ASSERT(psa_crypto_init() == PSA_SUCCESS);
+ cipher_examples();
exit:
- mbedtls_psa_crypto_free( );
- return( 0 );
+ mbedtls_psa_crypto_free();
+ return 0;
}
#endif /* MBEDTLS_PSA_CRYPTO_C && MBEDTLS_AES_C && MBEDTLS_CIPHER_MODE_CBC &&
MBEDTLS_CIPHER_MODE_CTR && MBEDTLS_CIPHER_MODE_WITH_PADDING */
diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
index bc1cd12..aa0a54b 100644
--- a/programs/psa/key_ladder_demo.c
+++ b/programs/psa/key_ladder_demo.c
@@ -69,47 +69,47 @@
!defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \
!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) || \
defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
-int main( void )
+int main(void)
{
- printf( "MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
- "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
- "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO "
- "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER "
- "defined.\n" );
- return( 0 );
+ printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
+ "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
+ "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO "
+ "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER "
+ "defined.\n");
+ return 0;
}
#else
/* The real program starts here. */
/* Run a system function and bail out if it fails. */
-#define SYS_CHECK( expr ) \
+#define SYS_CHECK(expr) \
do \
{ \
- if( ! ( expr ) ) \
+ if (!(expr)) \
{ \
- perror( #expr ); \
+ perror( #expr); \
status = DEMO_ERROR; \
goto exit; \
} \
} \
- while( 0 )
+ while (0)
/* Run a PSA function and bail out if it fails. */
-#define PSA_CHECK( expr ) \
+#define PSA_CHECK(expr) \
do \
{ \
- status = ( expr ); \
- if( status != PSA_SUCCESS ) \
+ status = (expr); \
+ if (status != PSA_SUCCESS) \
{ \
- printf( "Error %d at line %d: %s\n", \
- (int) status, \
- __LINE__, \
- #expr ); \
+ printf("Error %d at line %d: %s\n", \
+ (int) status, \
+ __LINE__, \
+ #expr); \
goto exit; \
} \
} \
- while( 0 )
+ while (0)
/* To report operational errors in this program, use an error code that is
* different from every PSA error code. */
@@ -119,19 +119,19 @@
#define MAX_LADDER_DEPTH 10
/* Salt to use when deriving an intermediate key. */
-#define DERIVE_KEY_SALT ( (uint8_t *) "key_ladder_demo.derive" )
-#define DERIVE_KEY_SALT_LENGTH ( strlen( (const char*) DERIVE_KEY_SALT ) )
+#define DERIVE_KEY_SALT ((uint8_t *) "key_ladder_demo.derive")
+#define DERIVE_KEY_SALT_LENGTH (strlen((const char *) DERIVE_KEY_SALT))
/* Salt to use when deriving a wrapping key. */
-#define WRAPPING_KEY_SALT ( (uint8_t *) "key_ladder_demo.wrap" )
-#define WRAPPING_KEY_SALT_LENGTH ( strlen( (const char*) WRAPPING_KEY_SALT ) )
+#define WRAPPING_KEY_SALT ((uint8_t *) "key_ladder_demo.wrap")
+#define WRAPPING_KEY_SALT_LENGTH (strlen((const char *) WRAPPING_KEY_SALT))
/* Size of the key derivation keys (applies both to the master key and
* to intermediate keys). */
#define KEY_SIZE_BYTES 40
/* Algorithm for key derivation. */
-#define KDF_ALG PSA_ALG_HKDF( PSA_ALG_SHA_256 )
+#define KDF_ALG PSA_ALG_HKDF(PSA_ALG_SHA_256)
/* Type and size of the key used to wrap data. */
#define WRAPPING_KEY_TYPE PSA_KEY_TYPE_AES
@@ -148,9 +148,8 @@
* integer sizes and endianness, because the data is meant to be read
* back by the same program on the same machine. */
#define WRAPPED_DATA_MAGIC "key_ladder_demo" // including trailing null byte
-#define WRAPPED_DATA_MAGIC_LENGTH ( sizeof( WRAPPED_DATA_MAGIC ) )
-typedef struct
-{
+#define WRAPPED_DATA_MAGIC_LENGTH (sizeof(WRAPPED_DATA_MAGIC))
+typedef struct {
char magic[WRAPPED_DATA_MAGIC_LENGTH];
size_t ad_size; /* Size of the additional data, which is this header. */
size_t payload_size; /* Size of the encrypted data. */
@@ -159,8 +158,7 @@
} wrapped_data_header_t;
/* The modes that this program can operate in (see usage). */
-enum program_mode
-{
+enum program_mode {
MODE_GENERATE,
MODE_SAVE,
MODE_UNWRAP,
@@ -169,26 +167,27 @@
/* Save a key to a file. In the real world, you may want to export a derived
* key sometimes, to share it with another party. */
-static psa_status_t save_key( psa_key_id_t key,
- const char *output_file_name )
+static psa_status_t save_key(psa_key_id_t key,
+ const char *output_file_name)
{
psa_status_t status = PSA_SUCCESS;
uint8_t key_data[KEY_SIZE_BYTES];
size_t key_size;
FILE *key_file = NULL;
- PSA_CHECK( psa_export_key( key,
- key_data, sizeof( key_data ),
- &key_size ) );
- SYS_CHECK( ( key_file = fopen( output_file_name, "wb" ) ) != NULL );
- SYS_CHECK( fwrite( key_data, 1, key_size, key_file ) == key_size );
- SYS_CHECK( fclose( key_file ) == 0 );
+ PSA_CHECK(psa_export_key(key,
+ key_data, sizeof(key_data),
+ &key_size));
+ SYS_CHECK((key_file = fopen(output_file_name, "wb")) != NULL);
+ SYS_CHECK(fwrite(key_data, 1, key_size, key_file) == key_size);
+ SYS_CHECK(fclose(key_file) == 0);
key_file = NULL;
exit:
- if( key_file != NULL)
- fclose( key_file );
- return( status );
+ if (key_file != NULL) {
+ fclose(key_file);
+ }
+ return status;
}
/* Generate a master key for use in this demo.
@@ -196,25 +195,25 @@
* Normally a master key would be non-exportable. For the purpose of this
* demo, we want to save it to a file, to avoid relying on the keystore
* capability of the PSA crypto library. */
-static psa_status_t generate( const char *key_file_name )
+static psa_status_t generate(const char *key_file_name)
{
psa_status_t status = PSA_SUCCESS;
psa_key_id_t key = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
- psa_set_key_algorithm( &attributes, KDF_ALG );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
- psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) );
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT);
+ psa_set_key_algorithm(&attributes, KDF_ALG);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
+ psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(KEY_SIZE_BYTES));
- PSA_CHECK( psa_generate_key( &attributes, &key ) );
+ PSA_CHECK(psa_generate_key(&attributes, &key));
- PSA_CHECK( save_key( key, key_file_name ) );
+ PSA_CHECK(save_key(key, key_file_name));
exit:
- (void) psa_destroy_key( key );
- return( status );
+ (void) psa_destroy_key(key);
+ return status;
}
/* Load the master key from a file.
@@ -222,10 +221,10 @@
* In the real world, this master key would be stored in an internal memory
* and the storage would be managed by the keystore capability of the PSA
* crypto library. */
-static psa_status_t import_key_from_file( psa_key_usage_t usage,
- psa_algorithm_t alg,
- const char *key_file_name,
- psa_key_id_t *master_key )
+static psa_status_t import_key_from_file(psa_key_usage_t usage,
+ psa_algorithm_t alg,
+ const char *key_file_name,
+ psa_key_id_t *master_key)
{
psa_status_t status = PSA_SUCCESS;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -234,36 +233,35 @@
FILE *key_file = NULL;
unsigned char extra_byte;
- SYS_CHECK( ( key_file = fopen( key_file_name, "rb" ) ) != NULL );
- SYS_CHECK( ( key_size = fread( key_data, 1, sizeof( key_data ),
- key_file ) ) != 0 );
- if( fread( &extra_byte, 1, 1, key_file ) != 0 )
- {
- printf( "Key file too large (max: %u).\n",
- (unsigned) sizeof( key_data ) );
+ SYS_CHECK((key_file = fopen(key_file_name, "rb")) != NULL);
+ SYS_CHECK((key_size = fread(key_data, 1, sizeof(key_data),
+ key_file)) != 0);
+ if (fread(&extra_byte, 1, 1, key_file) != 0) {
+ printf("Key file too large (max: %u).\n",
+ (unsigned) sizeof(key_data));
status = DEMO_ERROR;
goto exit;
}
- SYS_CHECK( fclose( key_file ) == 0 );
+ SYS_CHECK(fclose(key_file) == 0);
key_file = NULL;
- psa_set_key_usage_flags( &attributes, usage );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
- PSA_CHECK( psa_import_key( &attributes, key_data, key_size, master_key ) );
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
+ PSA_CHECK(psa_import_key(&attributes, key_data, key_size, master_key));
exit:
- if( key_file != NULL )
- fclose( key_file );
- mbedtls_platform_zeroize( key_data, sizeof( key_data ) );
- if( status != PSA_SUCCESS )
- {
+ if (key_file != NULL) {
+ fclose(key_file);
+ }
+ mbedtls_platform_zeroize(key_data, sizeof(key_data));
+ if (status != PSA_SUCCESS) {
/* If the key creation hasn't happened yet or has failed,
* *master_key is null. psa_destroy_key( 0 ) is
* guaranteed to do nothing and return PSA_SUCCESS. */
- (void) psa_destroy_key( *master_key );
+ (void) psa_destroy_key(*master_key);
*master_key = 0;
}
- return( status );
+ return status;
}
/* Derive the intermediate keys, using the list of labels provided on
@@ -271,60 +269,58 @@
* This function destroys the master key. On successful output, *key
* is the identifier of the final derived key.
*/
-static psa_status_t derive_key_ladder( const char *ladder[],
- size_t ladder_depth,
- psa_key_id_t *key )
+static psa_status_t derive_key_ladder(const char *ladder[],
+ size_t ladder_depth,
+ psa_key_id_t *key)
{
psa_status_t status = PSA_SUCCESS;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
size_t i;
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
- psa_set_key_algorithm( &attributes, KDF_ALG );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
- psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) );
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT);
+ psa_set_key_algorithm(&attributes, KDF_ALG);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
+ psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(KEY_SIZE_BYTES));
/* For each label in turn, ... */
- for( i = 0; i < ladder_depth; i++ )
- {
+ for (i = 0; i < ladder_depth; i++) {
/* Start deriving material from the master key (if i=0) or from
* the current intermediate key (if i>0). */
- PSA_CHECK( psa_key_derivation_setup( &operation, KDF_ALG ) );
- PSA_CHECK( psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_SALT,
- DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH ) );
- PSA_CHECK( psa_key_derivation_input_key(
- &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
- *key ) );
- PSA_CHECK( psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_INFO,
- (uint8_t*) ladder[i], strlen( ladder[i] ) ) );
+ PSA_CHECK(psa_key_derivation_setup(&operation, KDF_ALG));
+ PSA_CHECK(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_SALT,
+ DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH));
+ PSA_CHECK(psa_key_derivation_input_key(
+ &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
+ *key));
+ PSA_CHECK(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_INFO,
+ (uint8_t *) ladder[i], strlen(ladder[i])));
/* When the parent key is not the master key, destroy it,
* since it is no longer needed. */
- PSA_CHECK( psa_destroy_key( *key ) );
+ PSA_CHECK(psa_destroy_key(*key));
*key = 0;
/* Derive the next intermediate key from the parent key. */
- PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation,
- key ) );
- PSA_CHECK( psa_key_derivation_abort( &operation ) );
+ PSA_CHECK(psa_key_derivation_output_key(&attributes, &operation,
+ key));
+ PSA_CHECK(psa_key_derivation_abort(&operation));
}
exit:
- psa_key_derivation_abort( &operation );
- if( status != PSA_SUCCESS )
- {
- psa_destroy_key( *key );
+ psa_key_derivation_abort(&operation);
+ if (status != PSA_SUCCESS) {
+ psa_destroy_key(*key);
*key = 0;
}
- return( status );
+ return status;
}
/* Derive a wrapping key from the last intermediate key. */
-static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
- psa_key_id_t derived_key,
- psa_key_id_t *wrapping_key )
+static psa_status_t derive_wrapping_key(psa_key_usage_t usage,
+ psa_key_id_t derived_key,
+ psa_key_id_t *wrapping_key)
{
psa_status_t status = PSA_SUCCESS;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -334,33 +330,33 @@
/* Set up a key derivation operation from the key derived from
* the master key. */
- PSA_CHECK( psa_key_derivation_setup( &operation, KDF_ALG ) );
- PSA_CHECK( psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_SALT,
- WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH ) );
- PSA_CHECK( psa_key_derivation_input_key(
- &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
- derived_key ) );
- PSA_CHECK( psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_INFO,
- NULL, 0 ) );
+ PSA_CHECK(psa_key_derivation_setup(&operation, KDF_ALG));
+ PSA_CHECK(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_SALT,
+ WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH));
+ PSA_CHECK(psa_key_derivation_input_key(
+ &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
+ derived_key));
+ PSA_CHECK(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_INFO,
+ NULL, 0));
/* Create the wrapping key. */
- psa_set_key_usage_flags( &attributes, usage );
- psa_set_key_algorithm( &attributes, WRAPPING_ALG );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
- psa_set_key_bits( &attributes, WRAPPING_KEY_BITS );
- PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation,
- wrapping_key ) );
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, WRAPPING_ALG);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, WRAPPING_KEY_BITS);
+ PSA_CHECK(psa_key_derivation_output_key(&attributes, &operation,
+ wrapping_key));
exit:
- psa_key_derivation_abort( &operation );
- return( status );
+ psa_key_derivation_abort(&operation);
+ return status;
}
-static psa_status_t wrap_data( const char *input_file_name,
- const char *output_file_name,
- psa_key_id_t wrapping_key )
+static psa_status_t wrap_data(const char *input_file_name,
+ const char *output_file_name,
+ psa_key_id_t wrapping_key)
{
psa_status_t status;
FILE *input_file = NULL;
@@ -375,74 +371,75 @@
wrapped_data_header_t header;
/* Find the size of the data to wrap. */
- SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL );
- SYS_CHECK( fseek( input_file, 0, SEEK_END ) == 0 );
- SYS_CHECK( ( input_position = ftell( input_file ) ) != -1 );
+ SYS_CHECK((input_file = fopen(input_file_name, "rb")) != NULL);
+ SYS_CHECK(fseek(input_file, 0, SEEK_END) == 0);
+ SYS_CHECK((input_position = ftell(input_file)) != -1);
#if LONG_MAX > SIZE_MAX
- if( input_position > SIZE_MAX )
- {
- printf( "Input file too large.\n" );
+ if (input_position > SIZE_MAX) {
+ printf("Input file too large.\n");
status = DEMO_ERROR;
goto exit;
}
#endif
input_size = input_position;
- PSA_CHECK( psa_get_key_attributes( wrapping_key, &attributes ) );
- key_type = psa_get_key_type( &attributes );
+ PSA_CHECK(psa_get_key_attributes(wrapping_key, &attributes));
+ key_type = psa_get_key_type(&attributes);
buffer_size =
- PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, WRAPPING_ALG, input_size );
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, WRAPPING_ALG, input_size);
/* Check for integer overflow. */
- if( buffer_size < input_size )
- {
- printf( "Input file too large.\n" );
+ if (buffer_size < input_size) {
+ printf("Input file too large.\n");
status = DEMO_ERROR;
goto exit;
}
/* Load the data to wrap. */
- SYS_CHECK( fseek( input_file, 0, SEEK_SET ) == 0 );
- SYS_CHECK( ( buffer = calloc( 1, buffer_size ) ) != NULL );
- SYS_CHECK( fread( buffer, 1, input_size, input_file ) == input_size );
- SYS_CHECK( fclose( input_file ) == 0 );
+ SYS_CHECK(fseek(input_file, 0, SEEK_SET) == 0);
+ SYS_CHECK((buffer = calloc(1, buffer_size)) != NULL);
+ SYS_CHECK(fread(buffer, 1, input_size, input_file) == input_size);
+ SYS_CHECK(fclose(input_file) == 0);
input_file = NULL;
/* Construct a header. */
- memcpy( &header.magic, WRAPPED_DATA_MAGIC, WRAPPED_DATA_MAGIC_LENGTH );
- header.ad_size = sizeof( header );
+ memcpy(&header.magic, WRAPPED_DATA_MAGIC, WRAPPED_DATA_MAGIC_LENGTH);
+ header.ad_size = sizeof(header);
header.payload_size = input_size;
/* Wrap the data. */
- PSA_CHECK( psa_generate_random( header.iv, WRAPPING_IV_SIZE ) );
- PSA_CHECK( psa_aead_encrypt( wrapping_key, WRAPPING_ALG,
- header.iv, WRAPPING_IV_SIZE,
- (uint8_t *) &header, sizeof( header ),
- buffer, input_size,
- buffer, buffer_size,
- &ciphertext_size ) );
+ PSA_CHECK(psa_generate_random(header.iv, WRAPPING_IV_SIZE));
+ PSA_CHECK(psa_aead_encrypt(wrapping_key, WRAPPING_ALG,
+ header.iv, WRAPPING_IV_SIZE,
+ (uint8_t *) &header, sizeof(header),
+ buffer, input_size,
+ buffer, buffer_size,
+ &ciphertext_size));
/* Write the output. */
- SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL );
- SYS_CHECK( fwrite( &header, 1, sizeof( header ),
- output_file ) == sizeof( header ) );
- SYS_CHECK( fwrite( buffer, 1, ciphertext_size,
- output_file ) == ciphertext_size );
- SYS_CHECK( fclose( output_file ) == 0 );
+ SYS_CHECK((output_file = fopen(output_file_name, "wb")) != NULL);
+ SYS_CHECK(fwrite(&header, 1, sizeof(header),
+ output_file) == sizeof(header));
+ SYS_CHECK(fwrite(buffer, 1, ciphertext_size,
+ output_file) == ciphertext_size);
+ SYS_CHECK(fclose(output_file) == 0);
output_file = NULL;
exit:
- if( input_file != NULL )
- fclose( input_file );
- if( output_file != NULL )
- fclose( output_file );
- if( buffer != NULL )
- mbedtls_platform_zeroize( buffer, buffer_size );
- free( buffer );
- return( status );
+ if (input_file != NULL) {
+ fclose(input_file);
+ }
+ if (output_file != NULL) {
+ fclose(output_file);
+ }
+ if (buffer != NULL) {
+ mbedtls_platform_zeroize(buffer, buffer_size);
+ }
+ free(buffer);
+ return status;
}
-static psa_status_t unwrap_data( const char *input_file_name,
- const char *output_file_name,
- psa_key_id_t wrapping_key )
+static psa_status_t unwrap_data(const char *input_file_name,
+ const char *output_file_name,
+ psa_key_id_t wrapping_key)
{
psa_status_t status;
FILE *input_file = NULL;
@@ -456,124 +453,122 @@
unsigned char extra_byte;
/* Load and validate the header. */
- SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL );
- SYS_CHECK( fread( &header, 1, sizeof( header ),
- input_file ) == sizeof( header ) );
- if( memcmp( &header.magic, WRAPPED_DATA_MAGIC,
- WRAPPED_DATA_MAGIC_LENGTH ) != 0 )
- {
- printf( "The input does not start with a valid magic header.\n" );
+ SYS_CHECK((input_file = fopen(input_file_name, "rb")) != NULL);
+ SYS_CHECK(fread(&header, 1, sizeof(header),
+ input_file) == sizeof(header));
+ if (memcmp(&header.magic, WRAPPED_DATA_MAGIC,
+ WRAPPED_DATA_MAGIC_LENGTH) != 0) {
+ printf("The input does not start with a valid magic header.\n");
status = DEMO_ERROR;
goto exit;
}
- if( header.ad_size != sizeof( header ) )
- {
- printf( "The header size is not correct.\n" );
+ if (header.ad_size != sizeof(header)) {
+ printf("The header size is not correct.\n");
status = DEMO_ERROR;
goto exit;
}
- PSA_CHECK( psa_get_key_attributes( wrapping_key, &attributes) );
- key_type = psa_get_key_type( &attributes);
+ PSA_CHECK(psa_get_key_attributes(wrapping_key, &attributes));
+ key_type = psa_get_key_type(&attributes);
ciphertext_size =
- PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, WRAPPING_ALG, header.payload_size );
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, WRAPPING_ALG, header.payload_size);
/* Check for integer overflow. */
- if( ciphertext_size < header.payload_size )
- {
- printf( "Input file too large.\n" );
+ if (ciphertext_size < header.payload_size) {
+ printf("Input file too large.\n");
status = DEMO_ERROR;
goto exit;
}
/* Load the payload data. */
- SYS_CHECK( ( buffer = calloc( 1, ciphertext_size ) ) != NULL );
- SYS_CHECK( fread( buffer, 1, ciphertext_size,
- input_file ) == ciphertext_size );
- if( fread( &extra_byte, 1, 1, input_file ) != 0 )
- {
- printf( "Extra garbage after ciphertext\n" );
+ SYS_CHECK((buffer = calloc(1, ciphertext_size)) != NULL);
+ SYS_CHECK(fread(buffer, 1, ciphertext_size,
+ input_file) == ciphertext_size);
+ if (fread(&extra_byte, 1, 1, input_file) != 0) {
+ printf("Extra garbage after ciphertext\n");
status = DEMO_ERROR;
goto exit;
}
- SYS_CHECK( fclose( input_file ) == 0 );
+ SYS_CHECK(fclose(input_file) == 0);
input_file = NULL;
/* Unwrap the data. */
- PSA_CHECK( psa_aead_decrypt( wrapping_key, WRAPPING_ALG,
- header.iv, WRAPPING_IV_SIZE,
- (uint8_t *) &header, sizeof( header ),
- buffer, ciphertext_size,
- buffer, ciphertext_size,
- &plaintext_size ) );
- if( plaintext_size != header.payload_size )
- {
- printf( "Incorrect payload size in the header.\n" );
+ PSA_CHECK(psa_aead_decrypt(wrapping_key, WRAPPING_ALG,
+ header.iv, WRAPPING_IV_SIZE,
+ (uint8_t *) &header, sizeof(header),
+ buffer, ciphertext_size,
+ buffer, ciphertext_size,
+ &plaintext_size));
+ if (plaintext_size != header.payload_size) {
+ printf("Incorrect payload size in the header.\n");
status = DEMO_ERROR;
goto exit;
}
/* Write the output. */
- SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL );
- SYS_CHECK( fwrite( buffer, 1, plaintext_size,
- output_file ) == plaintext_size );
- SYS_CHECK( fclose( output_file ) == 0 );
+ SYS_CHECK((output_file = fopen(output_file_name, "wb")) != NULL);
+ SYS_CHECK(fwrite(buffer, 1, plaintext_size,
+ output_file) == plaintext_size);
+ SYS_CHECK(fclose(output_file) == 0);
output_file = NULL;
exit:
- if( input_file != NULL )
- fclose( input_file );
- if( output_file != NULL )
- fclose( output_file );
- if( buffer != NULL )
- mbedtls_platform_zeroize( buffer, ciphertext_size );
- free( buffer );
- return( status );
+ if (input_file != NULL) {
+ fclose(input_file);
+ }
+ if (output_file != NULL) {
+ fclose(output_file);
+ }
+ if (buffer != NULL) {
+ mbedtls_platform_zeroize(buffer, ciphertext_size);
+ }
+ free(buffer);
+ return status;
}
-static psa_status_t run( enum program_mode mode,
- const char *key_file_name,
- const char *ladder[], size_t ladder_depth,
- const char *input_file_name,
- const char *output_file_name )
+static psa_status_t run(enum program_mode mode,
+ const char *key_file_name,
+ const char *ladder[], size_t ladder_depth,
+ const char *input_file_name,
+ const char *output_file_name)
{
psa_status_t status = PSA_SUCCESS;
psa_key_id_t derivation_key = 0;
psa_key_id_t wrapping_key = 0;
/* Initialize the PSA crypto library. */
- PSA_CHECK( psa_crypto_init( ) );
+ PSA_CHECK(psa_crypto_init());
/* Generate mode is unlike the others. Generate the master key and exit. */
- if( mode == MODE_GENERATE )
- return( generate( key_file_name ) );
+ if (mode == MODE_GENERATE) {
+ return generate(key_file_name);
+ }
/* Read the master key. */
- PSA_CHECK( import_key_from_file( PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
- KDF_ALG,
- key_file_name,
- &derivation_key ) );
+ PSA_CHECK(import_key_from_file(PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
+ KDF_ALG,
+ key_file_name,
+ &derivation_key));
/* Calculate the derived key for this session. */
- PSA_CHECK( derive_key_ladder( ladder, ladder_depth,
- &derivation_key ) );
+ PSA_CHECK(derive_key_ladder(ladder, ladder_depth,
+ &derivation_key));
- switch( mode )
- {
+ switch (mode) {
case MODE_SAVE:
- PSA_CHECK( save_key( derivation_key, output_file_name ) );
+ PSA_CHECK(save_key(derivation_key, output_file_name));
break;
case MODE_UNWRAP:
- PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_DECRYPT,
- derivation_key,
- &wrapping_key ) );
- PSA_CHECK( unwrap_data( input_file_name, output_file_name,
- wrapping_key ) );
+ PSA_CHECK(derive_wrapping_key(PSA_KEY_USAGE_DECRYPT,
+ derivation_key,
+ &wrapping_key));
+ PSA_CHECK(unwrap_data(input_file_name, output_file_name,
+ wrapping_key));
break;
case MODE_WRAP:
- PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_ENCRYPT,
- derivation_key,
- &wrapping_key ) );
- PSA_CHECK( wrap_data( input_file_name, output_file_name,
- wrapping_key ) );
+ PSA_CHECK(derive_wrapping_key(PSA_KEY_USAGE_ENCRYPT,
+ derivation_key,
+ &wrapping_key));
+ PSA_CHECK(wrap_data(input_file_name, output_file_name,
+ wrapping_key));
break;
default:
/* Unreachable but some compilers don't realize it. */
@@ -584,35 +579,35 @@
/* Destroy any remaining key. Deinitializing the crypto library would do
* this anyway since they are volatile keys, but explicitly destroying
* keys makes the code easier to reuse. */
- (void) psa_destroy_key( derivation_key );
- (void) psa_destroy_key( wrapping_key );
+ (void) psa_destroy_key(derivation_key);
+ (void) psa_destroy_key(wrapping_key);
/* Deinitialize the PSA crypto library. */
- mbedtls_psa_crypto_free( );
- return( status );
+ mbedtls_psa_crypto_free();
+ return status;
}
-static void usage( void )
+static void usage(void)
{
- printf( "Usage: key_ladder_demo MODE [OPTION=VALUE]...\n" );
- printf( "Demonstrate the usage of a key derivation ladder.\n" );
- printf( "\n" );
- printf( "Modes:\n" );
- printf( " generate Generate the master key\n" );
- printf( " save Save the derived key\n" );
- printf( " unwrap Unwrap (decrypt) input with the derived key\n" );
- printf( " wrap Wrap (encrypt) input with the derived key\n" );
- printf( "\n" );
- printf( "Options:\n" );
- printf( " input=FILENAME Input file (required for wrap/unwrap)\n" );
- printf( " master=FILENAME File containing the master key (default: master.key)\n" );
- printf( " output=FILENAME Output file (required for save/wrap/unwrap)\n" );
- printf( " label=TEXT Label for the key derivation.\n" );
- printf( " This may be repeated multiple times.\n" );
- printf( " To get the same key, you must use the same master key\n" );
- printf( " and the same sequence of labels.\n" );
+ printf("Usage: key_ladder_demo MODE [OPTION=VALUE]...\n");
+ printf("Demonstrate the usage of a key derivation ladder.\n");
+ printf("\n");
+ printf("Modes:\n");
+ printf(" generate Generate the master key\n");
+ printf(" save Save the derived key\n");
+ printf(" unwrap Unwrap (decrypt) input with the derived key\n");
+ printf(" wrap Wrap (encrypt) input with the derived key\n");
+ printf("\n");
+ printf("Options:\n");
+ printf(" input=FILENAME Input file (required for wrap/unwrap)\n");
+ printf(" master=FILENAME File containing the master key (default: master.key)\n");
+ printf(" output=FILENAME Output file (required for save/wrap/unwrap)\n");
+ printf(" label=TEXT Label for the key derivation.\n");
+ printf(" This may be repeated multiple times.\n");
+ printf(" To get the same key, you must use the same master key\n");
+ printf(" and the same sequence of labels.\n");
}
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
const char *key_file_name = "master.key";
const char *input_file_name = NULL;
@@ -623,86 +618,76 @@
enum program_mode mode;
psa_status_t status;
- if( argc <= 1 ||
- strcmp( argv[1], "help" ) == 0 ||
- strcmp( argv[1], "-help" ) == 0 ||
- strcmp( argv[1], "--help" ) == 0 )
- {
- usage( );
- return( EXIT_SUCCESS );
+ if (argc <= 1 ||
+ strcmp(argv[1], "help") == 0 ||
+ strcmp(argv[1], "-help") == 0 ||
+ strcmp(argv[1], "--help") == 0) {
+ usage();
+ return EXIT_SUCCESS;
}
- for( i = 2; i < argc; i++ )
- {
- char *q = strchr( argv[i], '=' );
- if( q == NULL )
- {
- printf( "Missing argument to option %s\n", argv[i] );
+ for (i = 2; i < argc; i++) {
+ char *q = strchr(argv[i], '=');
+ if (q == NULL) {
+ printf("Missing argument to option %s\n", argv[i]);
goto usage_failure;
}
*q = 0;
++q;
- if( strcmp( argv[i], "input" ) == 0 )
+ if (strcmp(argv[i], "input") == 0) {
input_file_name = q;
- else if( strcmp( argv[i], "label" ) == 0 )
- {
- if( ladder_depth == MAX_LADDER_DEPTH )
- {
- printf( "Maximum ladder depth %u exceeded.\n",
- (unsigned) MAX_LADDER_DEPTH );
- return( EXIT_FAILURE );
+ } else if (strcmp(argv[i], "label") == 0) {
+ if (ladder_depth == MAX_LADDER_DEPTH) {
+ printf("Maximum ladder depth %u exceeded.\n",
+ (unsigned) MAX_LADDER_DEPTH);
+ return EXIT_FAILURE;
}
ladder[ladder_depth] = q;
++ladder_depth;
- }
- else if( strcmp( argv[i], "master" ) == 0 )
+ } else if (strcmp(argv[i], "master") == 0) {
key_file_name = q;
- else if( strcmp( argv[i], "output" ) == 0 )
+ } else if (strcmp(argv[i], "output") == 0) {
output_file_name = q;
- else
- {
- printf( "Unknown option: %s\n", argv[i] );
+ } else {
+ printf("Unknown option: %s\n", argv[i]);
goto usage_failure;
}
}
- if( strcmp( argv[1], "generate" ) == 0 )
+ if (strcmp(argv[1], "generate") == 0) {
mode = MODE_GENERATE;
- else if( strcmp( argv[1], "save" ) == 0 )
+ } else if (strcmp(argv[1], "save") == 0) {
mode = MODE_SAVE;
- else if( strcmp( argv[1], "unwrap" ) == 0 )
+ } else if (strcmp(argv[1], "unwrap") == 0) {
mode = MODE_UNWRAP;
- else if( strcmp( argv[1], "wrap" ) == 0 )
+ } else if (strcmp(argv[1], "wrap") == 0) {
mode = MODE_WRAP;
- else
- {
- printf( "Unknown action: %s\n", argv[1] );
+ } else {
+ printf("Unknown action: %s\n", argv[1]);
goto usage_failure;
}
- if( input_file_name == NULL &&
- ( mode == MODE_WRAP || mode == MODE_UNWRAP ) )
- {
- printf( "Required argument missing: input\n" );
- return( DEMO_ERROR );
+ if (input_file_name == NULL &&
+ (mode == MODE_WRAP || mode == MODE_UNWRAP)) {
+ printf("Required argument missing: input\n");
+ return DEMO_ERROR;
}
- if( output_file_name == NULL &&
- ( mode == MODE_SAVE || mode == MODE_WRAP || mode == MODE_UNWRAP ) )
- {
- printf( "Required argument missing: output\n" );
- return( DEMO_ERROR );
+ if (output_file_name == NULL &&
+ (mode == MODE_SAVE || mode == MODE_WRAP || mode == MODE_UNWRAP)) {
+ printf("Required argument missing: output\n");
+ return DEMO_ERROR;
}
- status = run( mode, key_file_name,
- ladder, ladder_depth,
- input_file_name, output_file_name );
- return( status == PSA_SUCCESS ?
- EXIT_SUCCESS :
- EXIT_FAILURE );
+ status = run(mode, key_file_name,
+ ladder, ladder_depth,
+ input_file_name, output_file_name);
+ return status == PSA_SUCCESS ?
+ EXIT_SUCCESS :
+ EXIT_FAILURE;
usage_failure:
- usage( );
- return( EXIT_FAILURE );
+ usage();
+ return EXIT_FAILURE;
}
#endif /* MBEDTLS_SHA256_C && MBEDTLS_MD_C &&
MBEDTLS_AES_C && MBEDTLS_CCM_C &&
diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c
index 14d4494..8422155 100644
--- a/programs/psa/psa_constant_names.c
+++ b/programs/psa/psa_constant_names.c
@@ -26,29 +26,29 @@
/* This block is present to support Visual Studio builds prior to 2015 */
#if defined(_MSC_VER) && _MSC_VER < 1900
#include <stdarg.h>
-int snprintf( char *s, size_t n, const char *fmt, ... )
+int snprintf(char *s, size_t n, const char *fmt, ...)
{
int ret;
va_list argp;
/* Avoid calling the invalid parameter handler by checking ourselves */
- if( s == NULL || n == 0 || fmt == NULL )
- return( -1 );
+ if (s == NULL || n == 0 || fmt == NULL) {
+ return -1;
+ }
- va_start( argp, fmt );
+ va_start(argp, fmt);
#if defined(_TRUNCATE) && !defined(__MINGW32__)
- ret = _vsnprintf_s( s, n, _TRUNCATE, fmt, argp );
+ ret = _vsnprintf_s(s, n, _TRUNCATE, fmt, argp);
#else
- ret = _vsnprintf( s, n, fmt, argp );
- if( ret < 0 || (size_t) ret == n )
- {
+ ret = _vsnprintf(s, n, fmt, argp);
+ if (ret < 0 || (size_t) ret == n) {
s[n-1] = '\0';
ret = -1;
}
#endif
- va_end( argp );
+ va_end(argp);
- return( ret );
+ return ret;
}
#endif
@@ -75,7 +75,9 @@
unsigned long value)
{
size_t n = snprintf(*buffer, buffer_size - *required_size, format, value);
- if (n < buffer_size - *required_size) *buffer += n;
+ if (n < buffer_size - *required_size) {
+ *buffer += n;
+ }
*required_size += n;
}
@@ -294,8 +296,7 @@
{
if (argc <= 1 ||
!strcmp(argv[1], "help") ||
- !strcmp(argv[1], "--help"))
- {
+ !strcmp(argv[1], "--help")) {
usage(argv[0]);
return EXIT_FAILURE;
}
diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c
index 5d742b2..0fe6a5d 100644
--- a/programs/random/gen_entropy.c
+++ b/programs/random/gen_entropy.c
@@ -32,15 +32,15 @@
#endif
#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
- mbedtls_exit( 0 );
+ mbedtls_exit(0);
}
#else
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
FILE *f;
int i, k, ret = 1;
@@ -48,45 +48,44 @@
mbedtls_entropy_context entropy;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
- if( argc < 2 )
- {
- mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- mbedtls_exit( exit_code );
+ if (argc < 2) {
+ mbedtls_fprintf(stderr, "usage: %s <output filename>\n", argv[0]);
+ mbedtls_exit(exit_code);
}
- if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
- {
- mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- mbedtls_exit( exit_code );
+ if ((f = fopen(argv[1], "wb+")) == NULL) {
+ mbedtls_printf("failed to open '%s' for writing.\n", argv[1]);
+ mbedtls_exit(exit_code);
}
- mbedtls_entropy_init( &entropy );
+ mbedtls_entropy_init(&entropy);
- for( i = 0, k = 768; i < k; i++ )
- {
- ret = mbedtls_entropy_func( &entropy, buf, sizeof( buf ) );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_entropy_func returned -%04X\n",
- (unsigned int) ret );
+ for (i = 0, k = 768; i < k; i++) {
+ ret = mbedtls_entropy_func(&entropy, buf, sizeof(buf));
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_entropy_func returned -%04X\n",
+ (unsigned int) ret);
goto cleanup;
}
- fwrite( buf, 1, sizeof( buf ), f );
+ fwrite(buf, 1, sizeof(buf), f);
- mbedtls_printf( "Generating %ldkb of data in file '%s'... %04.1f" \
- "%% done\r", (long)(sizeof(buf) * k / 1024), argv[1], (100 * (float) (i + 1)) / k );
- fflush( stdout );
+ mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \
+ "%% done\r",
+ (long) (sizeof(buf) * k / 1024),
+ argv[1],
+ (100 * (float) (i + 1)) / k);
+ fflush(stdout);
}
exit_code = MBEDTLS_EXIT_SUCCESS;
cleanup:
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
- fclose( f );
- mbedtls_entropy_free( &entropy );
+ fclose(f);
+ mbedtls_entropy_free(&entropy);
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_ENTROPY_C */
diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
index 30a3cc1..6cf0512 100644
--- a/programs/random/gen_random_ctr_drbg.c
+++ b/programs/random/gen_random_ctr_drbg.c
@@ -26,7 +26,7 @@
#include "mbedtls/platform.h"
#if defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) && \
- defined(MBEDTLS_FS_IO)
+ defined(MBEDTLS_FS_IO)
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
@@ -34,16 +34,16 @@
#endif
#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \
- !defined(MBEDTLS_FS_IO)
-int main( void )
+ !defined(MBEDTLS_FS_IO)
+int main(void)
{
mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
- mbedtls_exit( 0 );
+ mbedtls_exit(0);
}
#else
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
FILE *f;
int i, k, ret = 1;
@@ -52,63 +52,61 @@
mbedtls_entropy_context entropy;
unsigned char buf[1024];
- mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_ctr_drbg_init(&ctr_drbg);
- if( argc < 2 )
- {
- mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- mbedtls_exit( exit_code );
+ if (argc < 2) {
+ mbedtls_fprintf(stderr, "usage: %s <output filename>\n", argv[0]);
+ mbedtls_exit(exit_code);
}
- if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
- {
- mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- mbedtls_exit( exit_code );
+ if ((f = fopen(argv[1], "wb+")) == NULL) {
+ mbedtls_printf("failed to open '%s' for writing.\n", argv[1]);
+ mbedtls_exit(exit_code);
}
- mbedtls_entropy_init( &entropy );
- ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) "RANDOM_GEN", 10 );
- if( ret != 0 )
- {
- mbedtls_printf( "failed in mbedtls_ctr_drbg_seed: %d\n", ret );
+ mbedtls_entropy_init(&entropy);
+ ret = mbedtls_ctr_drbg_seed(&ctr_drbg,
+ mbedtls_entropy_func,
+ &entropy,
+ (const unsigned char *) "RANDOM_GEN",
+ 10);
+ if (ret != 0) {
+ mbedtls_printf("failed in mbedtls_ctr_drbg_seed: %d\n", ret);
goto cleanup;
}
- mbedtls_ctr_drbg_set_prediction_resistance( &ctr_drbg, MBEDTLS_CTR_DRBG_PR_OFF );
+ mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_OFF);
#if defined(MBEDTLS_FS_IO)
- ret = mbedtls_ctr_drbg_update_seed_file( &ctr_drbg, "seedfile" );
+ ret = mbedtls_ctr_drbg_update_seed_file(&ctr_drbg, "seedfile");
- if( ret == MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR )
- {
- mbedtls_printf( "Failed to open seedfile. Generating one.\n" );
- ret = mbedtls_ctr_drbg_write_seed_file( &ctr_drbg, "seedfile" );
- if( ret != 0 )
- {
- mbedtls_printf( "failed in mbedtls_ctr_drbg_write_seed_file: %d\n", ret );
+ if (ret == MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR) {
+ mbedtls_printf("Failed to open seedfile. Generating one.\n");
+ ret = mbedtls_ctr_drbg_write_seed_file(&ctr_drbg, "seedfile");
+ if (ret != 0) {
+ mbedtls_printf("failed in mbedtls_ctr_drbg_write_seed_file: %d\n", ret);
goto cleanup;
}
- }
- else if( ret != 0 )
- {
- mbedtls_printf( "failed in mbedtls_ctr_drbg_update_seed_file: %d\n", ret );
+ } else if (ret != 0) {
+ mbedtls_printf("failed in mbedtls_ctr_drbg_update_seed_file: %d\n", ret);
goto cleanup;
}
#endif
- for( i = 0, k = 768; i < k; i++ )
- {
- ret = mbedtls_ctr_drbg_random( &ctr_drbg, buf, sizeof( buf ) );
- if( ret != 0 )
- {
+ for (i = 0, k = 768; i < k; i++) {
+ ret = mbedtls_ctr_drbg_random(&ctr_drbg, buf, sizeof(buf));
+ if (ret != 0) {
mbedtls_printf("failed!\n");
goto cleanup;
}
- fwrite( buf, 1, sizeof( buf ), f );
+ fwrite(buf, 1, sizeof(buf), f);
- mbedtls_printf( "Generating %ldkb of data in file '%s'... %04.1f" \
- "%% done\r", (long)(sizeof(buf) * k / 1024), argv[1], (100 * (float) (i + 1)) / k );
- fflush( stdout );
+ mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \
+ "%% done\r",
+ (long) (sizeof(buf) * k / 1024),
+ argv[1],
+ (100 * (float) (i + 1)) / k);
+ fflush(stdout);
}
exit_code = MBEDTLS_EXIT_SUCCESS;
@@ -116,10 +114,10 @@
cleanup:
mbedtls_printf("\n");
- fclose( f );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ fclose(f);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */
diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c
index 38eeaaf..ac32b55 100644
--- a/programs/random/gen_random_havege.c
+++ b/programs/random/gen_random_havege.c
@@ -33,15 +33,15 @@
#endif
#if !defined(MBEDTLS_HAVEGE_C) || !defined(MBEDTLS_FS_IO)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_HAVEGE_C not defined.\n");
- mbedtls_exit( 0 );
+ mbedtls_exit(0);
}
#else
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
FILE *f;
time_t t;
@@ -50,48 +50,48 @@
mbedtls_havege_state hs;
unsigned char buf[1024];
- if( argc < 2 )
- {
- mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- mbedtls_exit( exit_code );
+ if (argc < 2) {
+ mbedtls_fprintf(stderr, "usage: %s <output filename>\n", argv[0]);
+ mbedtls_exit(exit_code);
}
- if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
- {
- mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- mbedtls_exit( exit_code );
+ if ((f = fopen(argv[1], "wb+")) == NULL) {
+ mbedtls_printf("failed to open '%s' for writing.\n", argv[1]);
+ mbedtls_exit(exit_code);
}
- mbedtls_havege_init( &hs );
+ mbedtls_havege_init(&hs);
- t = time( NULL );
+ t = time(NULL);
- for( i = 0, k = 768; i < k; i++ )
- {
- if( ( ret = mbedtls_havege_random( &hs, buf, sizeof( buf ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_havege_random returned -0x%04X",
- ( unsigned int ) -ret );
+ for (i = 0, k = 768; i < k; i++) {
+ if ((ret = mbedtls_havege_random(&hs, buf, sizeof(buf))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_havege_random returned -0x%04X",
+ (unsigned int) -ret);
goto exit;
}
- fwrite( buf, sizeof( buf ), 1, f );
+ fwrite(buf, sizeof(buf), 1, f);
- mbedtls_printf( "Generating %ldkb of data in file '%s'... %04.1f" \
- "%% done\r", (long)(sizeof(buf) * k / 1024), argv[1], (100 * (float) (i + 1)) / k );
- fflush( stdout );
+ mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \
+ "%% done\r",
+ (long) (sizeof(buf) * k / 1024),
+ argv[1],
+ (100 * (float) (i + 1)) / k);
+ fflush(stdout);
}
- if( t == time( NULL ) )
+ if (t == time(NULL)) {
t--;
+ }
mbedtls_printf(" \n ");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_havege_free( &hs );
- fclose( f );
- mbedtls_exit( exit_code );
+ mbedtls_havege_free(&hs);
+ fclose(f);
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_HAVEGE_C */
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 6b314d8..ad51cbe 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -30,14 +30,14 @@
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C)
-int main( void )
+int main(void)
{
- mbedtls_printf( "MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_TIMING_C and/or "
- "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
- "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.\n" );
- mbedtls_exit( 0 );
+ mbedtls_printf("MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_TIMING_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -72,17 +72,17 @@
#define DEBUG_LEVEL 0
-static void my_debug( void *ctx, int level,
- const char *file, int line,
- const char *str )
+static void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
{
((void) level);
- mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
- fflush( (FILE *) ctx );
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
+ fflush((FILE *) ctx);
}
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret, len;
mbedtls_net_context server_fd;
@@ -102,217 +102,213 @@
((void) argv);
#if defined(MBEDTLS_DEBUG_C)
- mbedtls_debug_set_threshold( DEBUG_LEVEL );
+ mbedtls_debug_set_threshold(DEBUG_LEVEL);
#endif
/*
* 0. Initialize the RNG and the session data
*/
- mbedtls_net_init( &server_fd );
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- mbedtls_x509_crt_init( &cacert );
- mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_net_init(&server_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_x509_crt_init(&cacert);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
- mbedtls_printf( "\n . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
- mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ mbedtls_entropy_init(&entropy);
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 0. Load certificates
*/
- mbedtls_printf( " . Loading the CA root certificate ..." );
- fflush( stdout );
+ mbedtls_printf(" . Loading the CA root certificate ...");
+ fflush(stdout);
- ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
- mbedtls_test_cas_pem_len );
- if( ret < 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
+ ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len);
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( " ok (%d skipped)\n", ret );
+ mbedtls_printf(" ok (%d skipped)\n", ret);
/*
* 1. Start the connection
*/
- mbedtls_printf( " . Connecting to udp/%s/%s...", SERVER_NAME, SERVER_PORT );
- fflush( stdout );
+ mbedtls_printf(" . Connecting to udp/%s/%s...", SERVER_NAME, SERVER_PORT);
+ fflush(stdout);
- if( ( ret = mbedtls_net_connect( &server_fd, SERVER_ADDR,
- SERVER_PORT, MBEDTLS_NET_PROTO_UDP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
+ if ((ret = mbedtls_net_connect(&server_fd, SERVER_ADDR,
+ SERVER_PORT, MBEDTLS_NET_PROTO_UDP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 2. Setup stuff
*/
- mbedtls_printf( " . Setting up the DTLS structure..." );
- fflush( stdout );
+ mbedtls_printf(" . Setting up the DTLS structure...");
+ fflush(stdout);
- if( ( ret = mbedtls_ssl_config_defaults( &conf,
- MBEDTLS_SSL_IS_CLIENT,
- MBEDTLS_SSL_TRANSPORT_DATAGRAM,
- MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
goto exit;
}
/* OPTIONAL is usually a bad choice for security, but makes interop easier
* in this simplified example, in which the ca chain is hardcoded.
* Production code should set a proper ca chain and use REQUIRED. */
- mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
- mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
- mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
- mbedtls_ssl_conf_read_timeout( &conf, READ_TIMEOUT_MS );
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
+ mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
+ mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS);
- if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
goto exit;
}
- if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_set_hostname(&ssl, SERVER_NAME)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret);
goto exit;
}
- mbedtls_ssl_set_bio( &ssl, &server_fd,
- mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
+ mbedtls_ssl_set_bio(&ssl, &server_fd,
+ mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout);
- mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
+ mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 4. Handshake
*/
- mbedtls_printf( " . Performing the DTLS handshake..." );
- fflush( stdout );
+ mbedtls_printf(" . Performing the DTLS handshake...");
+ fflush(stdout);
- do ret = mbedtls_ssl_handshake( &ssl );
- while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ do {
+ ret = mbedtls_ssl_handshake(&ssl);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 5. Verify the server certificate
*/
- mbedtls_printf( " . Verifying peer X.509 certificate..." );
+ mbedtls_printf(" . Verifying peer X.509 certificate...");
/* In real life, we would have used MBEDTLS_SSL_VERIFY_REQUIRED so that the
* handshake would not succeed if the peer's cert is bad. Even if we used
* MBEDTLS_SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */
- if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
- {
+ if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
char vrfy_buf[512];
- mbedtls_printf( " failed\n" );
+ mbedtls_printf(" failed\n");
- mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
+ mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
- mbedtls_printf( "%s\n", vrfy_buf );
+ mbedtls_printf("%s\n", vrfy_buf);
+ } else {
+ mbedtls_printf(" ok\n");
}
- else
- mbedtls_printf( " ok\n" );
/*
* 6. Write the echo request
*/
send_request:
- mbedtls_printf( " > Write to server:" );
- fflush( stdout );
+ mbedtls_printf(" > Write to server:");
+ fflush(stdout);
- len = sizeof( MESSAGE ) - 1;
+ len = sizeof(MESSAGE) - 1;
- do ret = mbedtls_ssl_write( &ssl, (unsigned char *) MESSAGE, len );
- while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ do {
+ ret = mbedtls_ssl_write(&ssl, (unsigned char *) MESSAGE, len);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
- if( ret < 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
goto exit;
}
len = ret;
- mbedtls_printf( " %d bytes written\n\n%s\n\n", len, MESSAGE );
+ mbedtls_printf(" %d bytes written\n\n%s\n\n", len, MESSAGE);
/*
* 7. Read the echo response
*/
- mbedtls_printf( " < Read from server:" );
- fflush( stdout );
+ mbedtls_printf(" < Read from server:");
+ fflush(stdout);
- len = sizeof( buf ) - 1;
- memset( buf, 0, sizeof( buf ) );
+ len = sizeof(buf) - 1;
+ memset(buf, 0, sizeof(buf));
- do ret = mbedtls_ssl_read( &ssl, buf, len );
- while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ do {
+ ret = mbedtls_ssl_read(&ssl, buf, len);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
- if( ret <= 0 )
- {
- switch( ret )
- {
+ if (ret <= 0) {
+ switch (ret) {
case MBEDTLS_ERR_SSL_TIMEOUT:
- mbedtls_printf( " timeout\n\n" );
- if( retry_left-- > 0 )
+ mbedtls_printf(" timeout\n\n");
+ if (retry_left-- > 0) {
goto send_request;
+ }
goto exit;
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
- mbedtls_printf( " connection was closed gracefully\n" );
+ mbedtls_printf(" connection was closed gracefully\n");
ret = 0;
goto close_notify;
default:
- mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret );
+ mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret);
goto exit;
}
}
len = ret;
- mbedtls_printf( " %d bytes read\n\n%s\n\n", len, buf );
+ mbedtls_printf(" %d bytes read\n\n%s\n\n", len, buf);
/*
* 8. Done, cleanly close the connection
*/
close_notify:
- mbedtls_printf( " . Closing the connection..." );
+ mbedtls_printf(" . Closing the connection...");
/* No error checking, the connection might be closed already */
- do ret = mbedtls_ssl_close_notify( &ssl );
- while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ do {
+ ret = mbedtls_ssl_close_notify(&ssl);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
ret = 0;
- mbedtls_printf( " done\n" );
+ mbedtls_printf(" done\n");
/*
* 9. Final clean-ups and exit
@@ -320,32 +316,32 @@
exit:
#ifdef MBEDTLS_ERROR_C
- if( ret != 0 )
- {
+ if (ret != 0) {
char error_buf[100];
- mbedtls_strerror( ret, error_buf, 100 );
- mbedtls_printf( "Last error was: %d - %s\n\n", ret, error_buf );
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
}
#endif
- mbedtls_net_free( &server_fd );
+ mbedtls_net_free(&server_fd);
- mbedtls_x509_crt_free( &cacert );
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_x509_crt_free(&cacert);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
/* Shell can not handle large exit numbers -> 1 for errors */
- if( ret < 0 )
+ if (ret < 0) {
ret = 1;
+ }
- mbedtls_exit( ret );
+ mbedtls_exit(ret);
}
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
MBEDTLS_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index ab3fa02..4310f4e 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -41,15 +41,15 @@
!defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
!defined(MBEDTLS_TIMING_C)
-int main( void )
+int main(void)
{
- printf( "MBEDTLS_SSL_SRV_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
- "MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
- "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
- "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C and/or "
- "MBEDTLS_TIMING_C not defined.\n" );
- mbedtls_exit( 0 );
+ printf("MBEDTLS_SSL_SRV_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
+ "MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C and/or "
+ "MBEDTLS_TIMING_C not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -80,17 +80,17 @@
#define DEBUG_LEVEL 0
-static void my_debug( void *ctx, int level,
- const char *file, int line,
- const char *str )
+static void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
{
((void) level);
- mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
- fflush( (FILE *) ctx );
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
+ fflush((FILE *) ctx);
}
-int main( void )
+int main(void)
{
int ret, len;
mbedtls_net_context listen_fd, client_fd;
@@ -111,274 +111,260 @@
mbedtls_ssl_cache_context cache;
#endif
- mbedtls_net_init( &listen_fd );
- mbedtls_net_init( &client_fd );
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- mbedtls_ssl_cookie_init( &cookie_ctx );
+ mbedtls_net_init(&listen_fd);
+ mbedtls_net_init(&client_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_ssl_cookie_init(&cookie_ctx);
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_cache_init( &cache );
+ mbedtls_ssl_cache_init(&cache);
#endif
- mbedtls_x509_crt_init( &srvcert );
- mbedtls_pk_init( &pkey );
- mbedtls_entropy_init( &entropy );
- mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_pk_init(&pkey);
+ mbedtls_entropy_init(&entropy);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
#if defined(MBEDTLS_DEBUG_C)
- mbedtls_debug_set_threshold( DEBUG_LEVEL );
+ mbedtls_debug_set_threshold(DEBUG_LEVEL);
#endif
/*
* 1. Load the certificates and private RSA key
*/
- printf( "\n . Loading the server cert. and key..." );
- fflush( stdout );
+ printf("\n . Loading the server cert. and key...");
+ fflush(stdout);
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
* server and CA certificates, as well as mbedtls_pk_parse_keyfile().
*/
- ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
- mbedtls_test_srv_crt_len );
- if( ret != 0 )
- {
- printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len);
+ if (ret != 0) {
+ printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
- ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
- mbedtls_test_cas_pem_len );
- if( ret != 0 )
- {
- printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len);
+ if (ret != 0) {
+ printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
- ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0 );
- if( ret != 0 )
- {
- printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
+ ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0);
+ if (ret != 0) {
+ printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
}
- printf( " ok\n" );
+ printf(" ok\n");
/*
* 2. Setup the "listening" UDP socket
*/
- printf( " . Bind on udp/*/4433 ..." );
- fflush( stdout );
+ printf(" . Bind on udp/*/4433 ...");
+ fflush(stdout);
- if( ( ret = mbedtls_net_bind( &listen_fd, BIND_IP, "4433", MBEDTLS_NET_PROTO_UDP ) ) != 0 )
- {
- printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
+ if ((ret = mbedtls_net_bind(&listen_fd, BIND_IP, "4433", MBEDTLS_NET_PROTO_UDP)) != 0) {
+ printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret);
goto exit;
}
- printf( " ok\n" );
+ printf(" ok\n");
/*
* 3. Seed the RNG
*/
- printf( " . Seeding the random number generator..." );
- fflush( stdout );
+ printf(" . Seeding the random number generator...");
+ fflush(stdout);
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
- printf( " ok\n" );
+ printf(" ok\n");
/*
* 4. Setup stuff
*/
- printf( " . Setting up the DTLS data..." );
- fflush( stdout );
+ printf(" . Setting up the DTLS data...");
+ fflush(stdout);
- if( ( ret = mbedtls_ssl_config_defaults( &conf,
- MBEDTLS_SSL_IS_SERVER,
- MBEDTLS_SSL_TRANSPORT_DATAGRAM,
- MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
goto exit;
}
- mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
- mbedtls_ssl_conf_read_timeout( &conf, READ_TIMEOUT_MS );
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
+ mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS);
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_conf_session_cache( &conf, &cache,
+ mbedtls_ssl_conf_session_cache(&conf, &cache,
mbedtls_ssl_cache_get,
- mbedtls_ssl_cache_set );
+ mbedtls_ssl_cache_set);
#endif
- mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
- if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
- {
- printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
+ mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
+ if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) {
+ printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
goto exit;
}
- if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ printf(" failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret);
goto exit;
}
- mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
- &cookie_ctx );
+ mbedtls_ssl_conf_dtls_cookies(&conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
+ &cookie_ctx);
- if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
- {
- printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
goto exit;
}
- mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
+ mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
- printf( " ok\n" );
+ printf(" ok\n");
reset:
#ifdef MBEDTLS_ERROR_C
- if( ret != 0 )
- {
+ if (ret != 0) {
char error_buf[100];
- mbedtls_strerror( ret, error_buf, 100 );
- printf("Last error was: %d - %s\n\n", ret, error_buf );
+ mbedtls_strerror(ret, error_buf, 100);
+ printf("Last error was: %d - %s\n\n", ret, error_buf);
}
#endif
- mbedtls_net_free( &client_fd );
+ mbedtls_net_free(&client_fd);
- mbedtls_ssl_session_reset( &ssl );
+ mbedtls_ssl_session_reset(&ssl);
/*
* 3. Wait until a client connects
*/
- printf( " . Waiting for a remote connection ..." );
- fflush( stdout );
+ printf(" . Waiting for a remote connection ...");
+ fflush(stdout);
- if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
- client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 )
- {
- printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
+ if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
+ client_ip, sizeof(client_ip), &cliip_len)) != 0) {
+ printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret);
goto exit;
}
/* For HelloVerifyRequest cookies */
- if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl,
- client_ip, cliip_len ) ) != 0 )
- {
- printf( " failed\n ! "
- "mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", (unsigned int) -ret );
+ if ((ret = mbedtls_ssl_set_client_transport_id(&ssl,
+ client_ip, cliip_len)) != 0) {
+ printf(" failed\n ! "
+ "mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", (unsigned int) -ret);
goto exit;
}
- mbedtls_ssl_set_bio( &ssl, &client_fd,
- mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
+ mbedtls_ssl_set_bio(&ssl, &client_fd,
+ mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout);
- printf( " ok\n" );
+ printf(" ok\n");
/*
* 5. Handshake
*/
- printf( " . Performing the DTLS handshake..." );
- fflush( stdout );
+ printf(" . Performing the DTLS handshake...");
+ fflush(stdout);
- do ret = mbedtls_ssl_handshake( &ssl );
- while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ do {
+ ret = mbedtls_ssl_handshake(&ssl);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
- if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
- {
- printf( " hello verification requested\n" );
+ if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
+ printf(" hello verification requested\n");
ret = 0;
goto reset;
- }
- else if( ret != 0 )
- {
- printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
+ } else if (ret != 0) {
+ printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret);
goto reset;
}
- printf( " ok\n" );
+ printf(" ok\n");
/*
* 6. Read the echo Request
*/
- printf( " < Read from client:" );
- fflush( stdout );
+ printf(" < Read from client:");
+ fflush(stdout);
- len = sizeof( buf ) - 1;
- memset( buf, 0, sizeof( buf ) );
+ len = sizeof(buf) - 1;
+ memset(buf, 0, sizeof(buf));
- do ret = mbedtls_ssl_read( &ssl, buf, len );
- while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ do {
+ ret = mbedtls_ssl_read(&ssl, buf, len);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
- if( ret <= 0 )
- {
- switch( ret )
- {
+ if (ret <= 0) {
+ switch (ret) {
case MBEDTLS_ERR_SSL_TIMEOUT:
- printf( " timeout\n\n" );
+ printf(" timeout\n\n");
goto reset;
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
- printf( " connection was closed gracefully\n" );
+ printf(" connection was closed gracefully\n");
ret = 0;
goto close_notify;
default:
- printf( " mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret );
+ printf(" mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret);
goto reset;
}
}
len = ret;
- printf( " %d bytes read\n\n%s\n\n", len, buf );
+ printf(" %d bytes read\n\n%s\n\n", len, buf);
/*
* 7. Write the 200 Response
*/
- printf( " > Write to client:" );
- fflush( stdout );
+ printf(" > Write to client:");
+ fflush(stdout);
- do ret = mbedtls_ssl_write( &ssl, buf, len );
- while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ do {
+ ret = mbedtls_ssl_write(&ssl, buf, len);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
- if( ret < 0 )
- {
- printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ if (ret < 0) {
+ printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
goto exit;
}
len = ret;
- printf( " %d bytes written\n\n%s\n\n", len, buf );
+ printf(" %d bytes written\n\n%s\n\n", len, buf);
/*
* 8. Done, cleanly close the connection
*/
close_notify:
- printf( " . Closing the connection..." );
+ printf(" . Closing the connection...");
/* No error checking, the connection might be closed already */
- do ret = mbedtls_ssl_close_notify( &ssl );
- while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ do {
+ ret = mbedtls_ssl_close_notify(&ssl);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
ret = 0;
- printf( " done\n" );
+ printf(" done\n");
goto reset;
@@ -388,38 +374,38 @@
exit:
#ifdef MBEDTLS_ERROR_C
- if( ret != 0 )
- {
+ if (ret != 0) {
char error_buf[100];
- mbedtls_strerror( ret, error_buf, 100 );
- printf( "Last error was: %d - %s\n\n", ret, error_buf );
+ mbedtls_strerror(ret, error_buf, 100);
+ printf("Last error was: %d - %s\n\n", ret, error_buf);
}
#endif
- mbedtls_net_free( &client_fd );
- mbedtls_net_free( &listen_fd );
+ mbedtls_net_free(&client_fd);
+ mbedtls_net_free(&listen_fd);
- mbedtls_x509_crt_free( &srvcert );
- mbedtls_pk_free( &pkey );
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
- mbedtls_ssl_cookie_free( &cookie_ctx );
+ mbedtls_x509_crt_free(&srvcert);
+ mbedtls_pk_free(&pkey);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ssl_cookie_free(&cookie_ctx);
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_cache_free( &cache );
+ mbedtls_ssl_cache_free(&cache);
#endif
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
#if defined(_WIN32)
- printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ printf(" Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
/* Shell can not handle large exit numbers -> 1 for errors */
- if( ret < 0 )
+ if (ret < 0) {
ret = 1;
+ }
- mbedtls_exit( ret );
+ mbedtls_exit(ret);
}
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 1353d8b..688c9fc 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -44,12 +44,12 @@
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
!defined(UNIX)
-int main( void )
+int main(void)
{
- mbedtls_printf( "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX "
- "not defined.\n");
- mbedtls_exit( 0 );
+ mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX "
+ "not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -141,8 +141,7 @@
};
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-enum exit_codes
-{
+enum exit_codes {
exit_ok = 0,
ctr_drbg_seed_failed,
ssl_config_defaults_failed,
@@ -156,7 +155,7 @@
};
-int main( void )
+int main(void)
{
int ret = exit_ok;
mbedtls_net_context server_fd;
@@ -169,62 +168,57 @@
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
- mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_ctr_drbg_init(&ctr_drbg);
/*
* 0. Initialize and setup stuff
*/
- mbedtls_net_init( &server_fd );
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
+ mbedtls_net_init(&server_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- mbedtls_x509_crt_init( &ca );
+ mbedtls_x509_crt_init(&ca);
#endif
- mbedtls_entropy_init( &entropy );
- if( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers, strlen( pers ) ) != 0 )
- {
+ mbedtls_entropy_init(&entropy);
+ if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers, strlen(pers)) != 0) {
ret = ctr_drbg_seed_failed;
goto exit;
}
- if( mbedtls_ssl_config_defaults( &conf,
- MBEDTLS_SSL_IS_CLIENT,
- MBEDTLS_SSL_TRANSPORT_STREAM,
- MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
- {
+ if (mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
ret = ssl_config_defaults_failed;
goto exit;
}
- mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
- (const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
+ mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
+ (const unsigned char *) psk_id, sizeof(psk_id) - 1);
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- if( mbedtls_x509_crt_parse_der( &ca, ca_cert, sizeof( ca_cert ) ) != 0 )
- {
+ if (mbedtls_x509_crt_parse_der(&ca, ca_cert, sizeof(ca_cert)) != 0) {
ret = x509_crt_parse_failed;
goto exit;
}
- mbedtls_ssl_conf_ca_chain( &conf, &ca, NULL );
- mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
+ mbedtls_ssl_conf_ca_chain(&conf, &ca, NULL);
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
#endif
- if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
- {
+ if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
ret = ssl_setup_failed;
goto exit;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- if( mbedtls_ssl_set_hostname( &ssl, HOSTNAME ) != 0 )
- {
+ if (mbedtls_ssl_set_hostname(&ssl, HOSTNAME) != 0) {
ret = hostname_failed;
goto exit;
}
@@ -233,7 +227,7 @@
/*
* 1. Start the connection
*/
- memset( &addr, 0, sizeof( addr ) );
+ memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
ret = 1; /* for endianness detection */
@@ -241,23 +235,20 @@
addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE;
ret = 0;
- if( ( server_fd.fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
- {
+ if ((server_fd.fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
ret = socket_failed;
goto exit;
}
- if( connect( server_fd.fd,
- (const struct sockaddr *) &addr, sizeof( addr ) ) < 0 )
- {
+ if (connect(server_fd.fd,
+ (const struct sockaddr *) &addr, sizeof(addr)) < 0) {
ret = connect_failed;
goto exit;
}
- mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
+ mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
- if( mbedtls_ssl_handshake( &ssl ) != 0 )
- {
+ if (mbedtls_ssl_handshake(&ssl) != 0) {
ret = ssl_handshake_failed;
goto exit;
}
@@ -265,26 +256,25 @@
/*
* 2. Write the GET request and close the connection
*/
- if( mbedtls_ssl_write( &ssl, (const unsigned char *) GET_REQUEST,
- sizeof( GET_REQUEST ) - 1 ) <= 0 )
- {
+ if (mbedtls_ssl_write(&ssl, (const unsigned char *) GET_REQUEST,
+ sizeof(GET_REQUEST) - 1) <= 0) {
ret = ssl_write_failed;
goto exit;
}
- mbedtls_ssl_close_notify( &ssl );
+ mbedtls_ssl_close_notify(&ssl);
exit:
- mbedtls_net_free( &server_fd );
+ mbedtls_net_free(&server_fd);
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- mbedtls_x509_crt_free( &ca );
+ mbedtls_x509_crt_free(&ca);
#endif
- mbedtls_exit( ret );
+ mbedtls_exit(ret);
}
#endif
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index c9f8b3c..ffdef3b 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -30,14 +30,14 @@
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
- "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
- "not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -58,17 +58,17 @@
#define DEBUG_LEVEL 1
-static void my_debug( void *ctx, int level,
- const char *file, int line,
- const char *str )
+static void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
{
((void) level);
- mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
- fflush( (FILE *) ctx );
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
+ fflush((FILE *) ctx);
}
-int main( void )
+int main(void)
{
int ret = 1, len;
int exit_code = MBEDTLS_EXIT_FAILURE;
@@ -84,221 +84,209 @@
mbedtls_x509_crt cacert;
#if defined(MBEDTLS_DEBUG_C)
- mbedtls_debug_set_threshold( DEBUG_LEVEL );
+ mbedtls_debug_set_threshold(DEBUG_LEVEL);
#endif
/*
* 0. Initialize the RNG and the session data
*/
- mbedtls_net_init( &server_fd );
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- mbedtls_x509_crt_init( &cacert );
- mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_net_init(&server_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_x509_crt_init(&cacert);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
- mbedtls_printf( "\n . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
- mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ mbedtls_entropy_init(&entropy);
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 0. Initialize certificates
*/
- mbedtls_printf( " . Loading the CA root certificate ..." );
- fflush( stdout );
+ mbedtls_printf(" . Loading the CA root certificate ...");
+ fflush(stdout);
- ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
- mbedtls_test_cas_pem_len );
- if( ret < 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
+ ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len);
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( " ok (%d skipped)\n", ret );
+ mbedtls_printf(" ok (%d skipped)\n", ret);
/*
* 1. Start the connection
*/
- mbedtls_printf( " . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT );
- fflush( stdout );
+ mbedtls_printf(" . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT);
+ fflush(stdout);
- if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME,
- SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
+ if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME,
+ SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 2. Setup stuff
*/
- mbedtls_printf( " . Setting up the SSL/TLS structure..." );
- fflush( stdout );
+ mbedtls_printf(" . Setting up the SSL/TLS structure...");
+ fflush(stdout);
- if( ( ret = mbedtls_ssl_config_defaults( &conf,
- MBEDTLS_SSL_IS_CLIENT,
- MBEDTLS_SSL_TRANSPORT_STREAM,
- MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */
- mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
- mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
- mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
+ mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
- if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
goto exit;
}
- if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_set_hostname(&ssl, SERVER_NAME)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret);
goto exit;
}
- mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
+ mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
/*
* 4. Handshake
*/
- mbedtls_printf( " . Performing the SSL/TLS handshake..." );
- fflush( stdout );
+ mbedtls_printf(" . Performing the SSL/TLS handshake...");
+ fflush(stdout);
- while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
- {
- if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 5. Verify the server certificate
*/
- mbedtls_printf( " . Verifying peer X.509 certificate..." );
+ mbedtls_printf(" . Verifying peer X.509 certificate...");
/* In real life, we probably want to bail out when ret != 0 */
- if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
- {
+ if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
char vrfy_buf[512];
- mbedtls_printf( " failed\n" );
+ mbedtls_printf(" failed\n");
- mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
+ mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
- mbedtls_printf( "%s\n", vrfy_buf );
+ mbedtls_printf("%s\n", vrfy_buf);
+ } else {
+ mbedtls_printf(" ok\n");
}
- else
- mbedtls_printf( " ok\n" );
/*
* 3. Write the GET request
*/
- mbedtls_printf( " > Write to server:" );
- fflush( stdout );
+ mbedtls_printf(" > Write to server:");
+ fflush(stdout);
- len = sprintf( (char *) buf, GET_REQUEST );
+ len = sprintf((char *) buf, GET_REQUEST);
- while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
- {
- if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
goto exit;
}
}
len = ret;
- mbedtls_printf( " %d bytes written\n\n%s", len, (char *) buf );
+ mbedtls_printf(" %d bytes written\n\n%s", len, (char *) buf);
/*
* 7. Read the HTTP response
*/
- mbedtls_printf( " < Read from server:" );
- fflush( stdout );
+ mbedtls_printf(" < Read from server:");
+ fflush(stdout);
- do
- {
- len = sizeof( buf ) - 1;
- memset( buf, 0, sizeof( buf ) );
- ret = mbedtls_ssl_read( &ssl, buf, len );
+ do {
+ len = sizeof(buf) - 1;
+ memset(buf, 0, sizeof(buf));
+ ret = mbedtls_ssl_read(&ssl, buf, len);
- if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
continue;
+ }
- if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY )
- break;
-
- if( ret < 0 )
- {
- mbedtls_printf( "failed\n ! mbedtls_ssl_read returned %d\n\n", ret );
+ if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
break;
}
- if( ret == 0 )
- {
- mbedtls_printf( "\n\nEOF\n\n" );
+ if (ret < 0) {
+ mbedtls_printf("failed\n ! mbedtls_ssl_read returned %d\n\n", ret);
+ break;
+ }
+
+ if (ret == 0) {
+ mbedtls_printf("\n\nEOF\n\n");
break;
}
len = ret;
- mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
- }
- while( 1 );
+ mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf);
+ } while (1);
- mbedtls_ssl_close_notify( &ssl );
+ mbedtls_ssl_close_notify(&ssl);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
#ifdef MBEDTLS_ERROR_C
- if( exit_code != MBEDTLS_EXIT_SUCCESS )
- {
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
char error_buf[100];
- mbedtls_strerror( ret, error_buf, 100 );
- mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
}
#endif
- mbedtls_net_free( &server_fd );
+ mbedtls_net_free(&server_fd);
- mbedtls_x509_crt_free( &cacert );
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_x509_crt_free(&cacert);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 18a4773..d42a38e 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -24,16 +24,16 @@
#endif
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
-int main( void )
+int main(void)
{
- mbedtls_printf( MBEDTLS_SSL_TEST_IMPOSSIBLE );
- mbedtls_exit( 0 );
+ mbedtls_printf(MBEDTLS_SSL_TEST_IMPOSSIBLE);
+ mbedtls_exit(0);
}
#elif !defined(MBEDTLS_SSL_CLI_C)
-int main( void )
+int main(void)
{
- mbedtls_printf( "MBEDTLS_SSL_CLI_C not defined.\n" );
- mbedtls_exit( 0 );
+ mbedtls_printf("MBEDTLS_SSL_CLI_C not defined.\n");
+ mbedtls_exit(0);
}
#else /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */
@@ -120,7 +120,7 @@
#define USAGE_CONTEXT_CRT_CB \
" context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \
" to the SSL configuration of the SSL context.\n" \
- " Possible values:\n"\
+ " Possible values:\n" \
" - 0 (default): Use CRT callback bound to configuration\n" \
" - 1: Use CRT callback bound to SSL context\n"
#else
@@ -137,8 +137,8 @@
" use \"none\" to skip loading any top-level CAs.\n" \
" crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
" default: \"\" (pre-loaded)\n" \
- " key_file=%%s default: \"\" (pre-loaded)\n"\
- " key_pwd=%%s Password for key specified by key_file argument\n"\
+ " key_file=%%s default: \"\" (pre-loaded)\n" \
+ " key_pwd=%%s Password for key specified by key_file argument\n" \
" default: none\n"
#else
#define USAGE_IO \
@@ -219,7 +219,7 @@
#if defined(MBEDTLS_SSL_DTLS_SRTP)
#define USAGE_SRTP \
" use_srtp=%%d default: 0 (disabled)\n" \
- " This cannot be used with eap_tls=1 or "\
+ " This cannot be used with eap_tls=1 or " \
" nss_keylog=1\n" \
" srtp_force_profile=%%d default: 0 (all enabled)\n" \
" available profiles:\n" \
@@ -350,7 +350,7 @@
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
" options: 1 (serialize)\n" \
" 2 (serialize with re-initialization)\n" \
- " context_file=%%s The file path to write a serialized connection\n"\
+ " context_file=%%s The file path to write a serialized connection\n" \
" in the form of base64 code (serialize option\n" \
" must be set)\n" \
" default: \"\" (do nothing)\n" \
@@ -370,21 +370,21 @@
" request_page=%%s default: \".\"\n" \
" request_size=%%d default: about 34 (basic request)\n" \
" (minimum: 0, max: " MAX_REQUEST_SIZE_STR ")\n" \
- " If 0, in the first exchange only an empty\n" \
- " application data message is sent followed by\n" \
- " a second non-empty message before attempting\n" \
- " to read a response from the server\n" \
- " debug_level=%%d default: 0 (disabled)\n" \
- " build_version=%%d default: none (disabled)\n" \
- " option: 1 (print build version only and stop)\n" \
- " nbio=%%d default: 0 (blocking I/O)\n" \
- " options: 1 (non-blocking), 2 (added delays)\n" \
- " event=%%d default: 0 (loop)\n" \
- " options: 1 (level-triggered, implies nbio=1),\n" \
- " read_timeout=%%d default: 0 ms (no timeout)\n" \
- " max_resend=%%d default: 0 (no resend on timeout)\n" \
- " skip_close_notify=%%d default: 0 (send close_notify)\n" \
- "\n" \
+ " If 0, in the first exchange only an empty\n" \
+ " application data message is sent followed by\n" \
+ " a second non-empty message before attempting\n" \
+ " to read a response from the server\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " build_version=%%d default: none (disabled)\n" \
+ " option: 1 (print build version only and stop)\n" \
+ " nbio=%%d default: 0 (blocking I/O)\n" \
+ " options: 1 (non-blocking), 2 (added delays)\n" \
+ " event=%%d default: 0 (loop)\n" \
+ " options: 1 (level-triggered, implies nbio=1),\n" \
+ " read_timeout=%%d default: 0 ms (no timeout)\n" \
+ " max_resend=%%d default: 0 (no resend on timeout)\n" \
+ " skip_close_notify=%%d default: 0 (send close_notify)\n" \
+ "\n" \
USAGE_DTLS \
USAGE_CID \
USAGE_SRTP \
@@ -432,7 +432,7 @@
" force_version=%%s default: \"\" (none)\n" \
" options: ssl3, tls1, tls1_1, tls12, dtls1, dtls12\n" \
"\n" \
- " force_ciphersuite=<name> default: all enabled\n"\
+ " force_ciphersuite=<name> default: all enabled\n" \
" query_config=<name> return 0 if the specified\n" \
" configuration macro is defined and 1\n" \
" otherwise. The expansion of the macro\n" \
@@ -447,8 +447,7 @@
/*
* global options
*/
-struct options
-{
+struct options {
const char *server_name; /* hostname of the server (client only) */
const char *server_addr; /* address of the server (client only) */
const char *server_port; /* port on which the ssl service runs */
@@ -535,45 +534,47 @@
/*
* Enabled if debug_level > 1 in code below
*/
-static int my_verify( void *data, mbedtls_x509_crt *crt,
- int depth, uint32_t *flags )
+static int my_verify(void *data, mbedtls_x509_crt *crt,
+ int depth, uint32_t *flags)
{
char buf[1024];
((void) data);
- mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
- if( depth == 0 )
- memcpy( peer_crt_info, buf, sizeof( buf ) );
-
- if( opt.debug_level == 0 )
- return( 0 );
-
- mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
- mbedtls_printf( "%s", buf );
-
- if ( ( *flags ) == 0 )
- mbedtls_printf( " This certificate has no flags\n" );
- else
- {
- mbedtls_x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags );
- mbedtls_printf( "%s\n", buf );
+ mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
+ if (depth == 0) {
+ memcpy(peer_crt_info, buf, sizeof(buf));
}
- return( 0 );
+ if (opt.debug_level == 0) {
+ return 0;
+ }
+
+ mbedtls_printf("\nVerify requested for (Depth %d):\n", depth);
+ mbedtls_printf("%s", buf);
+
+ if ((*flags) == 0) {
+ mbedtls_printf(" This certificate has no flags\n");
+ } else {
+ mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", *flags);
+ mbedtls_printf("%s\n", buf);
+ }
+
+ return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-int report_cid_usage( mbedtls_ssl_context *ssl,
- const char *additional_description )
+int report_cid_usage(mbedtls_ssl_context *ssl,
+ const char *additional_description)
{
int ret;
- unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
+ unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];
size_t peer_cid_len;
int cid_negotiated;
- if( opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- return( 0 );
+ if (opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ return 0;
+ }
/* Check if the use of a CID has been negotiated,
* but don't ask for the CID value and length.
@@ -585,64 +586,56 @@
*
* An actual application, however, should use
* just one call to mbedtls_ssl_get_peer_cid(). */
- ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
- NULL, NULL );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
- (unsigned int) -ret );
- return( ret );
+ ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated,
+ NULL, NULL);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
+ (unsigned int) -ret);
+ return ret;
}
- if( cid_negotiated == MBEDTLS_SSL_CID_DISABLED )
- {
- if( opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED )
- {
- mbedtls_printf( "(%s) Use of Connection ID was rejected by the server.\n",
- additional_description );
+ if (cid_negotiated == MBEDTLS_SSL_CID_DISABLED) {
+ if (opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED) {
+ mbedtls_printf("(%s) Use of Connection ID was rejected by the server.\n",
+ additional_description);
}
- }
- else
- {
- size_t idx=0;
- mbedtls_printf( "(%s) Use of Connection ID has been negotiated.\n",
- additional_description );
+ } else {
+ size_t idx = 0;
+ mbedtls_printf("(%s) Use of Connection ID has been negotiated.\n",
+ additional_description);
/* Ask for just the length of the peer's CID. */
- ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
- NULL, &peer_cid_len );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
- (unsigned int) -ret );
- return( ret );
+ ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated,
+ NULL, &peer_cid_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
+ (unsigned int) -ret);
+ return ret;
}
/* Ask for just length + value of the peer's CID. */
- ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
- peer_cid, &peer_cid_len );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
- (unsigned int) -ret );
- return( ret );
+ ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated,
+ peer_cid, &peer_cid_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
+ (unsigned int) -ret);
+ return ret;
}
- mbedtls_printf( "(%s) Peer CID (length %u Bytes): ",
- additional_description,
- (unsigned) peer_cid_len );
- while( idx < peer_cid_len )
- {
- mbedtls_printf( "%02x ", peer_cid[ idx ] );
+ mbedtls_printf("(%s) Peer CID (length %u Bytes): ",
+ additional_description,
+ (unsigned) peer_cid_len);
+ while (idx < peer_cid_len) {
+ mbedtls_printf("%02x ", peer_cid[idx]);
idx++;
}
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret = 0, len, tail_len, i, written, frags, retry_left;
int query_config_ret = 0;
@@ -677,7 +670,7 @@
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
- size_t mki_len=0;
+ size_t mki_len = 0;
#endif
const char *pers = "ssl_client2";
@@ -719,12 +712,12 @@
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
unsigned char eap_tls_keymaterial[16];
unsigned char eap_tls_iv[8];
- const char* eap_tls_label = "client EAP encryption";
+ const char *eap_tls_label = "client EAP encryption";
eap_tls_keys eap_tls_keying;
-#if defined( MBEDTLS_SSL_DTLS_SRTP )
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*! master keys and master salt for SRTP generated during handshake */
unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
- const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp";
+ const char *dtls_srtp_label = "EXTRACTOR-dtls_srtp";
dtls_srtp_keys dtls_srtp_keying;
const mbedtls_ssl_srtp_profile default_profiles[] = {
MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80,
@@ -737,63 +730,62 @@
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
- mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
+ mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
#endif
#if defined(MBEDTLS_TEST_HOOKS)
- test_hooks_init( );
+ test_hooks_init();
#endif /* MBEDTLS_TEST_HOOKS */
/*
* Make sure memory references are valid.
*/
- mbedtls_net_init( &server_fd );
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
- rng_init( &rng );
+ mbedtls_net_init(&server_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ memset(&saved_session, 0, sizeof(mbedtls_ssl_session));
+ rng_init(&rng);
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- mbedtls_x509_crt_init( &cacert );
- mbedtls_x509_crt_init( &clicert );
- mbedtls_pk_init( &pkey );
+ mbedtls_x509_crt_init(&cacert);
+ mbedtls_x509_crt_init(&clicert);
+ mbedtls_pk_init(&pkey);
#endif
#if defined(MBEDTLS_SSL_ALPN)
- memset( (void * ) alpn_list, 0, sizeof( alpn_list ) );
+ memset((void *) alpn_list, 0, sizeof(alpn_list));
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_crypto_init();
- if( status != PSA_SUCCESS )
- {
- mbedtls_fprintf( stderr, "Failed to initialize PSA Crypto implementation: %d\n",
- (int) status );
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto exit;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
- mbedtls_test_enable_insecure_external_rng( );
+ mbedtls_test_enable_insecure_external_rng();
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
- if( argc == 0 )
- {
- usage:
- if( ret == 0 )
+ if (argc == 0) {
+usage:
+ if (ret == 0) {
ret = 1;
+ }
- mbedtls_printf( USAGE1 );
- mbedtls_printf( USAGE2 );
- mbedtls_printf( USAGE3 );
- mbedtls_printf( USAGE4 );
+ mbedtls_printf(USAGE1);
+ mbedtls_printf(USAGE2);
+ mbedtls_printf(USAGE3);
+ mbedtls_printf(USAGE4);
list = mbedtls_ssl_list_ciphersuites();
- while( *list )
- {
- mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name( *list ) );
+ while (*list) {
+ mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name(*list));
list++;
- if( !*list )
+ if (!*list) {
break;
- mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name( *list ) );
+ }
+ mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
list++;
}
mbedtls_printf("\n");
@@ -831,7 +823,7 @@
opt.psk_identity = DFL_PSK_IDENTITY;
opt.ecjpake_pw = DFL_ECJPAKE_PW;
opt.ec_max_ops = DFL_EC_MAX_OPS;
- opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
+ opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
opt.renegotiation = DFL_RENEGOTIATION;
opt.allow_legacy = DFL_ALLOW_LEGACY;
opt.renegotiate = DFL_RENEGOTIATE;
@@ -872,153 +864,136 @@
opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
opt.mki = DFL_SRTP_MKI;
- for( i = 1; i < argc; i++ )
- {
+ for (i = 1; i < argc; i++) {
p = argv[i];
- if( ( q = strchr( p, '=' ) ) == NULL )
+ if ((q = strchr(p, '=')) == NULL) {
goto usage;
+ }
*q++ = '\0';
- if( strcmp( p, "server_name" ) == 0 )
+ if (strcmp(p, "server_name") == 0) {
opt.server_name = q;
- else if( strcmp( p, "server_addr" ) == 0 )
+ } else if (strcmp(p, "server_addr") == 0) {
opt.server_addr = q;
- else if( strcmp( p, "server_port" ) == 0 )
+ } else if (strcmp(p, "server_port") == 0) {
opt.server_port = q;
- else if( strcmp( p, "dtls" ) == 0 )
- {
- int t = atoi( q );
- if( t == 0 )
+ } else if (strcmp(p, "dtls") == 0) {
+ int t = atoi(q);
+ if (t == 0) {
opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM;
- else if( t == 1 )
+ } else if (t == 1) {
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
- else
+ } else {
goto usage;
- }
- else if( strcmp( p, "debug_level" ) == 0 )
- {
- opt.debug_level = atoi( q );
- if( opt.debug_level < 0 || opt.debug_level > 65535 )
+ }
+ } else if (strcmp(p, "debug_level") == 0) {
+ opt.debug_level = atoi(q);
+ if (opt.debug_level < 0 || opt.debug_level > 65535) {
goto usage;
- }
- else if( strcmp( p, "build_version" ) == 0 )
- {
- if( strcmp( q, "1" ) == 0 )
- {
- mbedtls_printf( "build version: %s (build %d)\n",
- MBEDTLS_VERSION_STRING_FULL,
- MBEDTLS_VERSION_NUMBER );
+ }
+ } else if (strcmp(p, "build_version") == 0) {
+ if (strcmp(q, "1") == 0) {
+ mbedtls_printf("build version: %s (build %d)\n",
+ MBEDTLS_VERSION_STRING_FULL,
+ MBEDTLS_VERSION_NUMBER);
goto exit;
}
- }
- else if( strcmp( p, "context_crt_cb" ) == 0 )
- {
- opt.context_crt_cb = atoi( q );
- if( opt.context_crt_cb != 0 && opt.context_crt_cb != 1 )
+ } else if (strcmp(p, "context_crt_cb") == 0) {
+ opt.context_crt_cb = atoi(q);
+ if (opt.context_crt_cb != 0 && opt.context_crt_cb != 1) {
goto usage;
- }
- else if( strcmp( p, "nbio" ) == 0 )
- {
- opt.nbio = atoi( q );
- if( opt.nbio < 0 || opt.nbio > 2 )
+ }
+ } else if (strcmp(p, "nbio") == 0) {
+ opt.nbio = atoi(q);
+ if (opt.nbio < 0 || opt.nbio > 2) {
goto usage;
- }
- else if( strcmp( p, "event" ) == 0 )
- {
- opt.event = atoi( q );
- if( opt.event < 0 || opt.event > 2 )
+ }
+ } else if (strcmp(p, "event") == 0) {
+ opt.event = atoi(q);
+ if (opt.event < 0 || opt.event > 2) {
goto usage;
- }
- else if( strcmp( p, "read_timeout" ) == 0 )
- opt.read_timeout = atoi( q );
- else if( strcmp( p, "max_resend" ) == 0 )
- {
- opt.max_resend = atoi( q );
- if( opt.max_resend < 0 )
+ }
+ } else if (strcmp(p, "read_timeout") == 0) {
+ opt.read_timeout = atoi(q);
+ } else if (strcmp(p, "max_resend") == 0) {
+ opt.max_resend = atoi(q);
+ if (opt.max_resend < 0) {
goto usage;
- }
- else if( strcmp( p, "request_page" ) == 0 )
+ }
+ } else if (strcmp(p, "request_page") == 0) {
opt.request_page = q;
- else if( strcmp( p, "request_size" ) == 0 )
- {
- opt.request_size = atoi( q );
- if( opt.request_size < 0 ||
- opt.request_size > MAX_REQUEST_SIZE )
+ } else if (strcmp(p, "request_size") == 0) {
+ opt.request_size = atoi(q);
+ if (opt.request_size < 0 ||
+ opt.request_size > MAX_REQUEST_SIZE) {
goto usage;
- }
- else if( strcmp( p, "ca_file" ) == 0 )
+ }
+ } else if (strcmp(p, "ca_file") == 0) {
opt.ca_file = q;
- else if( strcmp( p, "ca_path" ) == 0 )
+ } else if (strcmp(p, "ca_path") == 0) {
opt.ca_path = q;
- else if( strcmp( p, "crt_file" ) == 0 )
+ } else if (strcmp(p, "crt_file") == 0) {
opt.crt_file = q;
- else if( strcmp( p, "key_file" ) == 0 )
+ } else if (strcmp(p, "key_file") == 0) {
opt.key_file = q;
- else if( strcmp( p, "key_pwd" ) == 0 )
+ } else if (strcmp(p, "key_pwd") == 0) {
opt.key_pwd = q;
+ }
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- else if( strcmp( p, "key_opaque" ) == 0 )
- opt.key_opaque = atoi( q );
+ else if (strcmp(p, "key_opaque") == 0) {
+ opt.key_opaque = atoi(q);
+ }
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- else if( strcmp( p, "cid" ) == 0 )
- {
- opt.cid_enabled = atoi( q );
- if( opt.cid_enabled != 0 && opt.cid_enabled != 1 )
+ else if (strcmp(p, "cid") == 0) {
+ opt.cid_enabled = atoi(q);
+ if (opt.cid_enabled != 0 && opt.cid_enabled != 1) {
goto usage;
- }
- else if( strcmp( p, "cid_renego" ) == 0 )
- {
- opt.cid_enabled_renego = atoi( q );
- if( opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1 )
+ }
+ } else if (strcmp(p, "cid_renego") == 0) {
+ opt.cid_enabled_renego = atoi(q);
+ if (opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1) {
goto usage;
- }
- else if( strcmp( p, "cid_val" ) == 0 )
- {
+ }
+ } else if (strcmp(p, "cid_val") == 0) {
opt.cid_val = q;
- }
- else if( strcmp( p, "cid_val_renego" ) == 0 )
- {
+ } else if (strcmp(p, "cid_val_renego") == 0) {
opt.cid_val_renego = q;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- else if( strcmp( p, "psk" ) == 0 )
+ else if (strcmp(p, "psk") == 0) {
opt.psk = q;
+ }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- else if( strcmp( p, "psk_opaque" ) == 0 )
- opt.psk_opaque = atoi( q );
+ else if (strcmp(p, "psk_opaque") == 0) {
+ opt.psk_opaque = atoi(q);
+ }
#endif
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
- else if( strcmp( p, "ca_callback" ) == 0)
- opt.ca_callback = atoi( q );
+ else if (strcmp(p, "ca_callback") == 0) {
+ opt.ca_callback = atoi(q);
+ }
#endif
- else if( strcmp( p, "psk_identity" ) == 0 )
+ else if (strcmp(p, "psk_identity") == 0) {
opt.psk_identity = q;
- else if( strcmp( p, "ecjpake_pw" ) == 0 )
+ } else if (strcmp(p, "ecjpake_pw") == 0) {
opt.ecjpake_pw = q;
- else if( strcmp( p, "ec_max_ops" ) == 0 )
- opt.ec_max_ops = atoi( q );
- else if( strcmp( p, "force_ciphersuite" ) == 0 )
- {
- opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
+ } else if (strcmp(p, "ec_max_ops") == 0) {
+ opt.ec_max_ops = atoi(q);
+ } else if (strcmp(p, "force_ciphersuite") == 0) {
+ opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
- if( opt.force_ciphersuite[0] == 0 )
- {
+ if (opt.force_ciphersuite[0] == 0) {
ret = 2;
goto usage;
}
opt.force_ciphersuite[1] = 0;
- }
- else if( strcmp( p, "renegotiation" ) == 0 )
- {
- opt.renegotiation = (atoi( q )) ?
- MBEDTLS_SSL_RENEGOTIATION_ENABLED :
- MBEDTLS_SSL_RENEGOTIATION_DISABLED;
- }
- else if( strcmp( p, "allow_legacy" ) == 0 )
- {
- switch( atoi( q ) )
- {
+ } else if (strcmp(p, "renegotiation") == 0) {
+ opt.renegotiation = (atoi(q)) ?
+ MBEDTLS_SSL_RENEGOTIATION_ENABLED :
+ MBEDTLS_SSL_RENEGOTIATION_DISABLED;
+ } else if (strcmp(p, "allow_legacy") == 0) {
+ switch (atoi(q)) {
case -1:
opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE;
break;
@@ -1030,66 +1005,51 @@
break;
default: goto usage;
}
- }
- else if( strcmp( p, "renegotiate" ) == 0 )
- {
- opt.renegotiate = atoi( q );
- if( opt.renegotiate < 0 || opt.renegotiate > 1 )
+ } else if (strcmp(p, "renegotiate") == 0) {
+ opt.renegotiate = atoi(q);
+ if (opt.renegotiate < 0 || opt.renegotiate > 1) {
goto usage;
- }
- else if( strcmp( p, "exchanges" ) == 0 )
- {
- opt.exchanges = atoi( q );
- if( opt.exchanges < 1 )
+ }
+ } else if (strcmp(p, "exchanges") == 0) {
+ opt.exchanges = atoi(q);
+ if (opt.exchanges < 1) {
goto usage;
- }
- else if( strcmp( p, "reconnect" ) == 0 )
- {
- opt.reconnect = atoi( q );
- if( opt.reconnect < 0 || opt.reconnect > 2 )
+ }
+ } else if (strcmp(p, "reconnect") == 0) {
+ opt.reconnect = atoi(q);
+ if (opt.reconnect < 0 || opt.reconnect > 2) {
goto usage;
- }
- else if( strcmp( p, "reco_delay" ) == 0 )
- {
- opt.reco_delay = atoi( q );
- if( opt.reco_delay < 0 )
+ }
+ } else if (strcmp(p, "reco_delay") == 0) {
+ opt.reco_delay = atoi(q);
+ if (opt.reco_delay < 0) {
goto usage;
- }
- else if( strcmp( p, "reco_mode" ) == 0 )
- {
- opt.reco_mode = atoi( q );
- if( opt.reco_mode < 0 )
+ }
+ } else if (strcmp(p, "reco_mode") == 0) {
+ opt.reco_mode = atoi(q);
+ if (opt.reco_mode < 0) {
goto usage;
- }
- else if( strcmp( p, "reconnect_hard" ) == 0 )
- {
- opt.reconnect_hard = atoi( q );
- if( opt.reconnect_hard < 0 || opt.reconnect_hard > 1 )
+ }
+ } else if (strcmp(p, "reconnect_hard") == 0) {
+ opt.reconnect_hard = atoi(q);
+ if (opt.reconnect_hard < 0 || opt.reconnect_hard > 1) {
goto usage;
- }
- else if( strcmp( p, "tickets" ) == 0 )
- {
- opt.tickets = atoi( q );
- if( opt.tickets < 0 || opt.tickets > 2 )
+ }
+ } else if (strcmp(p, "tickets") == 0) {
+ opt.tickets = atoi(q);
+ if (opt.tickets < 0 || opt.tickets > 2) {
goto usage;
- }
- else if( strcmp( p, "alpn" ) == 0 )
- {
+ }
+ } else if (strcmp(p, "alpn") == 0) {
opt.alpn_string = q;
- }
- else if( strcmp( p, "fallback" ) == 0 )
- {
- switch( atoi( q ) )
- {
+ } else if (strcmp(p, "fallback") == 0) {
+ switch (atoi(q)) {
case 0: opt.fallback = MBEDTLS_SSL_IS_NOT_FALLBACK; break;
case 1: opt.fallback = MBEDTLS_SSL_IS_FALLBACK; break;
default: goto usage;
}
- }
- else if( strcmp( p, "extended_ms" ) == 0 )
- {
- switch( atoi( q ) )
- {
+ } else if (strcmp(p, "extended_ms") == 0) {
+ switch (atoi(q)) {
case 0:
opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED;
break;
@@ -1098,327 +1058,262 @@
break;
default: goto usage;
}
- }
- else if( strcmp( p, "curves" ) == 0 )
+ } else if (strcmp(p, "curves") == 0) {
opt.curves = q;
- else if( strcmp( p, "etm" ) == 0 )
- {
- switch( atoi( q ) )
- {
+ } else if (strcmp(p, "etm") == 0) {
+ switch (atoi(q)) {
case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break;
case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break;
default: goto usage;
}
- }
- else if( strcmp( p, "min_version" ) == 0 )
- {
- if( strcmp( q, "ssl3" ) == 0 )
+ } else if (strcmp(p, "min_version") == 0) {
+ if (strcmp(q, "ssl3") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
- else if( strcmp( q, "tls1" ) == 0 )
+ } else if (strcmp(q, "tls1") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
- else if( strcmp( q, "tls1_1" ) == 0 ||
- strcmp( q, "dtls1" ) == 0 )
+ } else if (strcmp(q, "tls1_1") == 0 ||
+ strcmp(q, "dtls1") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
- else if( strcmp( q, "tls12" ) == 0 ||
- strcmp( q, "dtls12" ) == 0 )
+ } else if (strcmp(q, "tls12") == 0 ||
+ strcmp(q, "dtls12") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
- else
+ } else {
goto usage;
- }
- else if( strcmp( p, "max_version" ) == 0 )
- {
- if( strcmp( q, "ssl3" ) == 0 )
+ }
+ } else if (strcmp(p, "max_version") == 0) {
+ if (strcmp(q, "ssl3") == 0) {
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
- else if( strcmp( q, "tls1" ) == 0 )
+ } else if (strcmp(q, "tls1") == 0) {
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
- else if( strcmp( q, "tls1_1" ) == 0 ||
- strcmp( q, "dtls1" ) == 0 )
+ } else if (strcmp(q, "tls1_1") == 0 ||
+ strcmp(q, "dtls1") == 0) {
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
- else if( strcmp( q, "tls12" ) == 0 ||
- strcmp( q, "dtls12" ) == 0 )
+ } else if (strcmp(q, "tls12") == 0 ||
+ strcmp(q, "dtls12") == 0) {
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
- else
+ } else {
goto usage;
- }
- else if( strcmp( p, "arc4" ) == 0 )
- {
- switch( atoi( q ) )
- {
+ }
+ } else if (strcmp(p, "arc4") == 0) {
+ switch (atoi(q)) {
case 0: opt.arc4 = MBEDTLS_SSL_ARC4_DISABLED; break;
case 1: opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED; break;
default: goto usage;
}
- }
- else if( strcmp( p, "allow_sha1" ) == 0 )
- {
- switch( atoi( q ) )
- {
+ } else if (strcmp(p, "allow_sha1") == 0) {
+ switch (atoi(q)) {
case 0: opt.allow_sha1 = 0; break;
case 1: opt.allow_sha1 = 1; break;
default: goto usage;
}
- }
- else if( strcmp( p, "force_version" ) == 0 )
- {
- if( strcmp( q, "ssl3" ) == 0 )
- {
+ } else if (strcmp(p, "force_version") == 0) {
+ if (strcmp(q, "ssl3") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
- }
- else if( strcmp( q, "tls1" ) == 0 )
- {
+ } else if (strcmp(q, "tls1") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
- }
- else if( strcmp( q, "tls1_1" ) == 0 )
- {
+ } else if (strcmp(q, "tls1_1") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
- }
- else if( strcmp( q, "tls12" ) == 0 )
- {
+ } else if (strcmp(q, "tls12") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
- }
- else if( strcmp( q, "dtls1" ) == 0 )
- {
+ } else if (strcmp(q, "dtls1") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
- }
- else if( strcmp( q, "dtls12" ) == 0 )
- {
+ } else if (strcmp(q, "dtls12") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
- }
- else
+ } else {
goto usage;
- }
- else if( strcmp( p, "auth_mode" ) == 0 )
- {
- if( strcmp( q, "none" ) == 0 )
+ }
+ } else if (strcmp(p, "auth_mode") == 0) {
+ if (strcmp(q, "none") == 0) {
opt.auth_mode = MBEDTLS_SSL_VERIFY_NONE;
- else if( strcmp( q, "optional" ) == 0 )
+ } else if (strcmp(q, "optional") == 0) {
opt.auth_mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
- else if( strcmp( q, "required" ) == 0 )
+ } else if (strcmp(q, "required") == 0) {
opt.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
- else
+ } else {
goto usage;
- }
- else if( strcmp( p, "max_frag_len" ) == 0 )
- {
- if( strcmp( q, "512" ) == 0 )
+ }
+ } else if (strcmp(p, "max_frag_len") == 0) {
+ if (strcmp(q, "512") == 0) {
opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
- else if( strcmp( q, "1024" ) == 0 )
+ } else if (strcmp(q, "1024") == 0) {
opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024;
- else if( strcmp( q, "2048" ) == 0 )
+ } else if (strcmp(q, "2048") == 0) {
opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048;
- else if( strcmp( q, "4096" ) == 0 )
+ } else if (strcmp(q, "4096") == 0) {
opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096;
- else
+ } else {
goto usage;
- }
- else if( strcmp( p, "trunc_hmac" ) == 0 )
- {
- switch( atoi( q ) )
- {
+ }
+ } else if (strcmp(p, "trunc_hmac") == 0) {
+ switch (atoi(q)) {
case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break;
case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break;
default: goto usage;
}
- }
- else if( strcmp( p, "hs_timeout" ) == 0 )
- {
- if( ( p = strchr( q, '-' ) ) == NULL )
- goto usage;
- *p++ = '\0';
- opt.hs_to_min = atoi( q );
- opt.hs_to_max = atoi( p );
- if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
- goto usage;
- }
- else if( strcmp( p, "mtu" ) == 0 )
- {
- opt.dtls_mtu = atoi( q );
- if( opt.dtls_mtu < 0 )
- goto usage;
- }
- else if( strcmp( p, "dgram_packing" ) == 0 )
- {
- opt.dgram_packing = atoi( q );
- if( opt.dgram_packing != 0 &&
- opt.dgram_packing != 1 )
- {
+ } else if (strcmp(p, "hs_timeout") == 0) {
+ if ((p = strchr(q, '-')) == NULL) {
goto usage;
}
- }
- else if( strcmp( p, "recsplit" ) == 0 )
- {
- opt.recsplit = atoi( q );
- if( opt.recsplit < 0 || opt.recsplit > 1 )
+ *p++ = '\0';
+ opt.hs_to_min = atoi(q);
+ opt.hs_to_max = atoi(p);
+ if (opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min) {
goto usage;
- }
- else if( strcmp( p, "dhmlen" ) == 0 )
- {
- opt.dhmlen = atoi( q );
- if( opt.dhmlen < 0 )
+ }
+ } else if (strcmp(p, "mtu") == 0) {
+ opt.dtls_mtu = atoi(q);
+ if (opt.dtls_mtu < 0) {
goto usage;
- }
- else if( strcmp( p, "query_config" ) == 0 )
- {
+ }
+ } else if (strcmp(p, "dgram_packing") == 0) {
+ opt.dgram_packing = atoi(q);
+ if (opt.dgram_packing != 0 &&
+ opt.dgram_packing != 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "recsplit") == 0) {
+ opt.recsplit = atoi(q);
+ if (opt.recsplit < 0 || opt.recsplit > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "dhmlen") == 0) {
+ opt.dhmlen = atoi(q);
+ if (opt.dhmlen < 0) {
+ goto usage;
+ }
+ } else if (strcmp(p, "query_config") == 0) {
opt.query_config_mode = 1;
- query_config_ret = query_config( q );
+ query_config_ret = query_config(q);
goto exit;
- }
- else if( strcmp( p, "serialize") == 0 )
- {
- opt.serialize = atoi( q );
- if( opt.serialize < 0 || opt.serialize > 2)
+ } else if (strcmp(p, "serialize") == 0) {
+ opt.serialize = atoi(q);
+ if (opt.serialize < 0 || opt.serialize > 2) {
goto usage;
- }
- else if( strcmp( p, "context_file") == 0 )
- {
+ }
+ } else if (strcmp(p, "context_file") == 0) {
opt.context_file = q;
- }
- else if( strcmp( p, "eap_tls" ) == 0 )
- {
- opt.eap_tls = atoi( q );
- if( opt.eap_tls < 0 || opt.eap_tls > 1 )
+ } else if (strcmp(p, "eap_tls") == 0) {
+ opt.eap_tls = atoi(q);
+ if (opt.eap_tls < 0 || opt.eap_tls > 1) {
goto usage;
- }
- else if( strcmp( p, "reproducible" ) == 0 )
- {
+ }
+ } else if (strcmp(p, "reproducible") == 0) {
opt.reproducible = 1;
- }
- else if( strcmp( p, "nss_keylog" ) == 0 )
- {
- opt.nss_keylog = atoi( q );
- if( opt.nss_keylog < 0 || opt.nss_keylog > 1 )
+ } else if (strcmp(p, "nss_keylog") == 0) {
+ opt.nss_keylog = atoi(q);
+ if (opt.nss_keylog < 0 || opt.nss_keylog > 1) {
goto usage;
- }
- else if( strcmp( p, "nss_keylog_file" ) == 0 )
- {
+ }
+ } else if (strcmp(p, "nss_keylog_file") == 0) {
opt.nss_keylog_file = q;
- }
- else if( strcmp( p, "skip_close_notify" ) == 0 )
- {
- opt.skip_close_notify = atoi( q );
- if( opt.skip_close_notify < 0 || opt.skip_close_notify > 1 )
+ } else if (strcmp(p, "skip_close_notify") == 0) {
+ opt.skip_close_notify = atoi(q);
+ if (opt.skip_close_notify < 0 || opt.skip_close_notify > 1) {
goto usage;
- }
- else if( strcmp( p, "use_srtp" ) == 0 )
- {
- opt.use_srtp = atoi ( q );
- }
- else if( strcmp( p, "srtp_force_profile" ) == 0 )
- {
- opt.force_srtp_profile = atoi( q );
- }
- else if( strcmp( p, "mki" ) == 0 )
- {
+ }
+ } else if (strcmp(p, "use_srtp") == 0) {
+ opt.use_srtp = atoi(q);
+ } else if (strcmp(p, "srtp_force_profile") == 0) {
+ opt.force_srtp_profile = atoi(q);
+ } else if (strcmp(p, "mki") == 0) {
opt.mki = q;
- }
- else
+ } else {
goto usage;
+ }
}
- if( opt.nss_keylog != 0 && opt.eap_tls != 0 )
- {
- mbedtls_printf( "Error: eap_tls and nss_keylog options cannot be used together.\n" );
+ if (opt.nss_keylog != 0 && opt.eap_tls != 0) {
+ mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n");
goto usage;
}
/* Event-driven IO is incompatible with the above custom
* receive and send functions, as the polling builds on
* refers to the underlying net_context. */
- if( opt.event == 1 && opt.nbio != 1 )
- {
- mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" );
+ if (opt.event == 1 && opt.nbio != 1) {
+ mbedtls_printf("Warning: event-driven IO mandates nbio=1 - overwrite\n");
opt.nbio = 1;
}
#if defined(MBEDTLS_DEBUG_C)
- mbedtls_debug_set_threshold( opt.debug_level );
+ mbedtls_debug_set_threshold(opt.debug_level);
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/*
* Unhexify the pre-shared key if any is given
*/
- if( strlen( opt.psk ) )
- {
- if( mbedtls_test_unhexify( psk, sizeof( psk ),
- opt.psk, &psk_len ) != 0 )
- {
- mbedtls_printf( "pre-shared key not valid\n" );
+ if (strlen(opt.psk)) {
+ if (mbedtls_test_unhexify(psk, sizeof(psk),
+ opt.psk, &psk_len) != 0) {
+ mbedtls_printf("pre-shared key not valid\n");
goto exit;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( opt.psk_opaque != 0 )
- {
- if( opt.psk == NULL )
- {
- mbedtls_printf( "psk_opaque set but no psk to be imported specified.\n" );
+ if (opt.psk_opaque != 0) {
+ if (opt.psk == NULL) {
+ mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
ret = 2;
goto usage;
}
- if( opt.force_ciphersuite[0] <= 0 )
- {
- mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
+ if (opt.force_ciphersuite[0] <= 0) {
+ mbedtls_printf(
+ "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n");
ret = 2;
goto usage;
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( opt.force_ciphersuite[0] > 0 )
- {
+ if (opt.force_ciphersuite[0] > 0) {
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
ciphersuite_info =
- mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
+ mbedtls_ssl_ciphersuite_from_id(opt.force_ciphersuite[0]);
- if( opt.max_version != -1 &&
- ciphersuite_info->min_minor_ver > opt.max_version )
- {
- mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
+ if (opt.max_version != -1 &&
+ ciphersuite_info->min_minor_ver > opt.max_version) {
+ mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
ret = 2;
goto usage;
}
- if( opt.min_version != -1 &&
- ciphersuite_info->max_minor_ver < opt.min_version )
- {
- mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
+ if (opt.min_version != -1 &&
+ ciphersuite_info->max_minor_ver < opt.min_version) {
+ mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
ret = 2;
goto usage;
}
/* If the server selects a version that's not supported by
* this suite, then there will be no common ciphersuite... */
- if( opt.max_version == -1 ||
- opt.max_version > ciphersuite_info->max_minor_ver )
- {
+ if (opt.max_version == -1 ||
+ opt.max_version > ciphersuite_info->max_minor_ver) {
opt.max_version = ciphersuite_info->max_minor_ver;
}
- if( opt.min_version < ciphersuite_info->min_minor_ver )
- {
+ if (opt.min_version < ciphersuite_info->min_minor_ver) {
opt.min_version = ciphersuite_info->min_minor_ver;
/* DTLS starts with TLS 1.1 */
- if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 )
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
+ }
}
/* Enable RC4 if needed and not explicitly disabled */
- if( ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
- {
- if( opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED )
- {
- mbedtls_printf( "forced RC4 ciphersuite with RC4 disabled\n" );
+ if (ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128) {
+ if (opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED) {
+ mbedtls_printf("forced RC4 ciphersuite with RC4 disabled\n");
ret = 2;
goto usage;
}
@@ -1427,92 +1322,83 @@
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined (MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( opt.psk_opaque != 0 )
- {
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+ if (opt.psk_opaque != 0) {
/* Determine KDF algorithm the opaque PSK will be used in. */
#if defined(MBEDTLS_SHA512_C)
- if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+ if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
- else
+ } else
#endif /* MBEDTLS_SHA512_C */
- alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
+ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if( mbedtls_test_unhexify( cid, sizeof( cid ),
- opt.cid_val, &cid_len ) != 0 )
- {
- mbedtls_printf( "CID not valid\n" );
+ if (mbedtls_test_unhexify(cid, sizeof(cid),
+ opt.cid_val, &cid_len) != 0) {
+ mbedtls_printf("CID not valid\n");
goto exit;
}
/* Keep CID settings for renegotiation unless
* specified otherwise. */
- if( opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO )
+ if (opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO) {
opt.cid_enabled_renego = opt.cid_enabled;
- if( opt.cid_val_renego == DFL_CID_VALUE_RENEGO )
+ }
+ if (opt.cid_val_renego == DFL_CID_VALUE_RENEGO) {
opt.cid_val_renego = opt.cid_val;
+ }
- if( mbedtls_test_unhexify( cid_renego, sizeof( cid_renego ),
- opt.cid_val_renego, &cid_renego_len ) != 0 )
- {
- mbedtls_printf( "CID not valid\n" );
+ if (mbedtls_test_unhexify(cid_renego, sizeof(cid_renego),
+ opt.cid_val_renego, &cid_renego_len) != 0) {
+ mbedtls_printf("CID not valid\n");
goto exit;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_ECP_C)
- if( opt.curves != NULL )
- {
+ if (opt.curves != NULL) {
p = (char *) opt.curves;
i = 0;
- if( strcmp( p, "none" ) == 0 )
- {
+ if (strcmp(p, "none") == 0) {
curve_list[0] = MBEDTLS_ECP_DP_NONE;
- }
- else if( strcmp( p, "default" ) != 0 )
- {
+ } else if (strcmp(p, "default") != 0) {
/* Leave room for a final NULL in curve list */
- while( i < CURVE_LIST_SIZE - 1 && *p != '\0' )
- {
+ while (i < CURVE_LIST_SIZE - 1 && *p != '\0') {
q = p;
/* Terminate the current string */
- while( *p != ',' && *p != '\0' )
+ while (*p != ',' && *p != '\0') {
p++;
- if( *p == ',' )
- *p++ = '\0';
-
- if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL )
- {
- curve_list[i++] = curve_cur->grp_id;
}
- else
- {
- mbedtls_printf( "unknown curve %s\n", q );
- mbedtls_printf( "supported curves: " );
- for( curve_cur = mbedtls_ecp_curve_list();
+ if (*p == ',') {
+ *p++ = '\0';
+ }
+
+ if ((curve_cur = mbedtls_ecp_curve_info_from_name(q)) != NULL) {
+ curve_list[i++] = curve_cur->grp_id;
+ } else {
+ mbedtls_printf("unknown curve %s\n", q);
+ mbedtls_printf("supported curves: ");
+ for (curve_cur = mbedtls_ecp_curve_list();
curve_cur->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_cur++ )
- {
- mbedtls_printf( "%s ", curve_cur->name );
+ curve_cur++) {
+ mbedtls_printf("%s ", curve_cur->name);
}
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
goto exit;
}
}
- mbedtls_printf("Number of curves: %d\n", i );
+ mbedtls_printf("Number of curves: %d\n", i);
- if( i == CURVE_LIST_SIZE - 1 && *p != '\0' )
- {
- mbedtls_printf( "curves list too long, maximum %d",
- CURVE_LIST_SIZE - 1 );
+ if (i == CURVE_LIST_SIZE - 1 && *p != '\0') {
+ mbedtls_printf("curves list too long, maximum %d",
+ CURVE_LIST_SIZE - 1);
goto exit;
}
@@ -1522,821 +1408,774 @@
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_SSL_ALPN)
- if( opt.alpn_string != NULL )
- {
+ if (opt.alpn_string != NULL) {
p = (char *) opt.alpn_string;
i = 0;
/* Leave room for a final NULL in alpn_list */
- while( i < ALPN_LIST_SIZE - 1 && *p != '\0' )
- {
+ while (i < ALPN_LIST_SIZE - 1 && *p != '\0') {
alpn_list[i++] = p;
/* Terminate the current string and move on to next one */
- while( *p != ',' && *p != '\0' )
+ while (*p != ',' && *p != '\0') {
p++;
- if( *p == ',' )
+ }
+ if (*p == ',') {
*p++ = '\0';
+ }
}
}
#endif /* MBEDTLS_SSL_ALPN */
- mbedtls_printf( "build version: %s (build %d)\n",
- MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER );
+ mbedtls_printf("build version: %s (build %d)\n",
+ MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER);
/*
* 0. Initialize the RNG and the session data
*/
- mbedtls_printf( "\n . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
- ret = rng_seed( &rng, opt.reproducible, pers );
- if( ret != 0 )
+ ret = rng_seed(&rng, opt.reproducible, pers);
+ if (ret != 0) {
goto exit;
- mbedtls_printf( " ok\n" );
+ }
+ mbedtls_printf(" ok\n");
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
* 1.1. Load the trusted CA
*/
- mbedtls_printf( " . Loading the CA root certificate ..." );
- fflush( stdout );
+ mbedtls_printf(" . Loading the CA root certificate ...");
+ fflush(stdout);
- if( strcmp( opt.ca_path, "none" ) == 0 ||
- strcmp( opt.ca_file, "none" ) == 0 )
- {
+ if (strcmp(opt.ca_path, "none") == 0 ||
+ strcmp(opt.ca_file, "none") == 0) {
ret = 0;
- }
- else
+ } else
#if defined(MBEDTLS_FS_IO)
- if( strlen( opt.ca_path ) )
- ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
- else if( strlen( opt.ca_file ) )
- ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
- else
+ if (strlen(opt.ca_path)) {
+ ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path);
+ } else if (strlen(opt.ca_file)) {
+ ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file);
+ } else
#endif
#if defined(MBEDTLS_CERTS_C)
{
#if defined(MBEDTLS_PEM_PARSE_C)
- for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
- {
- ret = mbedtls_x509_crt_parse( &cacert,
- (const unsigned char *) mbedtls_test_cas[i],
- mbedtls_test_cas_len[i] );
- if( ret != 0 )
+ for (i = 0; mbedtls_test_cas[i] != NULL; i++) {
+ ret = mbedtls_x509_crt_parse(&cacert,
+ (const unsigned char *) mbedtls_test_cas[i],
+ mbedtls_test_cas_len[i]);
+ if (ret != 0) {
break;
+ }
}
#endif /* MBEDTLS_PEM_PARSE_C */
- if( ret == 0 )
- {
- for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
- {
- ret = mbedtls_x509_crt_parse_der( &cacert,
- (const unsigned char *) mbedtls_test_cas_der[i],
- mbedtls_test_cas_der_len[i] );
- if( ret != 0 )
+ if (ret == 0) {
+ for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) {
+ ret = mbedtls_x509_crt_parse_der(&cacert,
+ (const unsigned char *) mbedtls_test_cas_der[i],
+ mbedtls_test_cas_der_len[i]);
+ if (ret != 0) {
break;
+ }
}
}
}
#else
{
ret = 1;
- mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
+ mbedtls_printf("MBEDTLS_CERTS_C not defined.");
}
#endif /* MBEDTLS_CERTS_C */
- if( ret < 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
- (unsigned int) -ret );
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( " ok (%d skipped)\n", ret );
+ mbedtls_printf(" ok (%d skipped)\n", ret);
/*
* 1.2. Load own certificate and private key
*
* (can be skipped if client authentication is not required)
*/
- mbedtls_printf( " . Loading the client cert. and key..." );
- fflush( stdout );
+ mbedtls_printf(" . Loading the client cert. and key...");
+ fflush(stdout);
- if( strcmp( opt.crt_file, "none" ) == 0 )
+ if (strcmp(opt.crt_file, "none") == 0) {
ret = 0;
- else
+ } else
#if defined(MBEDTLS_FS_IO)
- if( strlen( opt.crt_file ) )
- ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
- else
+ if (strlen(opt.crt_file)) {
+ ret = mbedtls_x509_crt_parse_file(&clicert, opt.crt_file);
+ } else
#endif
#if defined(MBEDTLS_CERTS_C)
- ret = mbedtls_x509_crt_parse( &clicert,
- (const unsigned char *) mbedtls_test_cli_crt,
- mbedtls_test_cli_crt_len );
+ { ret = mbedtls_x509_crt_parse(&clicert,
+ (const unsigned char *) mbedtls_test_cli_crt,
+ mbedtls_test_cli_crt_len); }
#else
{
ret = 1;
- mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
+ mbedtls_printf("MBEDTLS_CERTS_C not defined.");
}
#endif
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
- (unsigned int) -ret );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- if( strcmp( opt.key_file, "none" ) == 0 )
+ if (strcmp(opt.key_file, "none") == 0) {
ret = 0;
- else
+ } else
#if defined(MBEDTLS_FS_IO)
- if( strlen( opt.key_file ) )
- ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd );
- else
+ if (strlen(opt.key_file)) {
+ ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd);
+ } else
#endif
#if defined(MBEDTLS_CERTS_C)
- ret = mbedtls_pk_parse_key( &pkey,
- (const unsigned char *) mbedtls_test_cli_key,
- mbedtls_test_cli_key_len, NULL, 0 );
+ { ret = mbedtls_pk_parse_key(&pkey,
+ (const unsigned char *) mbedtls_test_cli_key,
+ mbedtls_test_cli_key_len, NULL, 0); }
#else
{
ret = 1;
- mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
+ mbedtls_printf("MBEDTLS_CERTS_C not defined.");
}
#endif
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
- (unsigned int) -ret );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( opt.key_opaque != 0 )
- {
- if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
- PSA_ALG_ANY_HASH ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! "
- "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
+ if (opt.key_opaque != 0) {
+ if ((ret = mbedtls_pk_wrap_as_opaque(&pkey, &key_slot,
+ PSA_ALG_ANY_HASH)) != 0) {
+ mbedtls_printf(" failed\n ! "
+ "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret);
goto exit;
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- mbedtls_printf( " ok (key type: %s)\n", mbedtls_pk_get_name( &pkey ) );
+ mbedtls_printf(" ok (key type: %s)\n", mbedtls_pk_get_name(&pkey));
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/*
* 2. Start the connection
*/
- if( opt.server_addr == NULL)
+ if (opt.server_addr == NULL) {
opt.server_addr = opt.server_name;
+ }
- mbedtls_printf( " . Connecting to %s/%s/%s...",
- opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
- opt.server_addr, opt.server_port );
- fflush( stdout );
+ mbedtls_printf(" . Connecting to %s/%s/%s...",
+ opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
+ opt.server_addr, opt.server_port);
+ fflush(stdout);
- if( ( ret = mbedtls_net_connect( &server_fd,
- opt.server_addr, opt.server_port,
- opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
- MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_net_connect(&server_fd,
+ opt.server_addr, opt.server_port,
+ opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
+ MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_connect returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- if( opt.nbio > 0 )
- ret = mbedtls_net_set_nonblock( &server_fd );
- else
- ret = mbedtls_net_set_block( &server_fd );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
- (unsigned int) -ret );
+ if (opt.nbio > 0) {
+ ret = mbedtls_net_set_nonblock(&server_fd);
+ } else {
+ ret = mbedtls_net_set_block(&server_fd);
+ }
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 3. Setup stuff
*/
- mbedtls_printf( " . Setting up the SSL/TLS structure..." );
- fflush( stdout );
+ mbedtls_printf(" . Setting up the SSL/TLS structure...");
+ fflush(stdout);
- if( ( ret = mbedtls_ssl_config_defaults( &conf,
- MBEDTLS_SSL_IS_CLIENT,
- opt.transport,
- MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ opt.transport,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* The default algorithms profile disables SHA-1, but our tests still
rely on it heavily. */
- if( opt.allow_sha1 > 0 )
- {
- crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
- mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
- mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
+ if (opt.allow_sha1 > 0) {
+ crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1);
+ mbedtls_ssl_conf_cert_profile(&conf, &crt_profile_for_test);
+ mbedtls_ssl_conf_sig_hashes(&conf, ssl_sig_hashes_for_test);
}
- if( opt.context_crt_cb == 0 )
- mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
+ if (opt.context_crt_cb == 0) {
+ mbedtls_ssl_conf_verify(&conf, my_verify, NULL);
+ }
- memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
+ memset(peer_crt_info, 0, sizeof(peer_crt_info));
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
- {
- if( opt.cid_enabled == 1 &&
+ if (opt.cid_enabled == 1 || opt.cid_enabled_renego == 1) {
+ if (opt.cid_enabled == 1 &&
opt.cid_enabled_renego == 1 &&
- cid_len != cid_renego_len )
- {
- mbedtls_printf( "CID length must not change during renegotiation\n" );
+ cid_len != cid_renego_len) {
+ mbedtls_printf("CID length must not change during renegotiation\n");
goto usage;
}
- if( opt.cid_enabled == 1 )
- ret = mbedtls_ssl_conf_cid( &conf, cid_len,
- MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
- else
- ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
- MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
+ if (opt.cid_enabled == 1) {
+ ret = mbedtls_ssl_conf_cid(&conf, cid_len,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE);
+ } else {
+ ret = mbedtls_ssl_conf_cid(&conf, cid_renego_len,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE);
+ }
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
- (unsigned int) -ret );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
+ (unsigned int) -ret);
goto exit;
}
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- if( opt.auth_mode != DFL_AUTH_MODE )
- mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
+ if (opt.auth_mode != DFL_AUTH_MODE) {
+ mbedtls_ssl_conf_authmode(&conf, opt.auth_mode);
+ }
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
- mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min,
- opt.hs_to_max );
+ if (opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX) {
+ mbedtls_ssl_conf_handshake_timeout(&conf, opt.hs_to_min,
+ opt.hs_to_max);
+ }
- if( opt.dgram_packing != DFL_DGRAM_PACKING )
- mbedtls_ssl_set_datagram_packing( &ssl, opt.dgram_packing );
+ if (opt.dgram_packing != DFL_DGRAM_PACKING) {
+ mbedtls_ssl_set_datagram_packing(&ssl, opt.dgram_packing);
+ }
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n",
- ret );
+ if ((ret = mbedtls_ssl_conf_max_frag_len(&conf, opt.mfl_code)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n",
+ ret);
goto exit;
}
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
const mbedtls_ssl_srtp_profile forced_profile[] =
- { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
- if( opt.use_srtp == 1 )
- {
- if( opt.force_srtp_profile != 0 )
- {
- ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, forced_profile );
- }
- else
- {
- ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, default_profiles );
+ { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
+ if (opt.use_srtp == 1) {
+ if (opt.force_srtp_profile != 0) {
+ ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, forced_profile);
+ } else {
+ ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, default_profiles);
}
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! "
- "mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n",
- ret );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! "
+ "mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n",
+ ret);
goto exit;
}
- }
- else if( opt.force_srtp_profile != 0 )
- {
- mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" );
+ } else if (opt.force_srtp_profile != 0) {
+ mbedtls_printf(" failed\n ! must enable use_srtp to force srtp profile\n\n");
goto exit;
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- if( opt.trunc_hmac != DFL_TRUNC_HMAC )
- mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
+ if (opt.trunc_hmac != DFL_TRUNC_HMAC) {
+ mbedtls_ssl_conf_truncated_hmac(&conf, opt.trunc_hmac);
+ }
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- if( opt.extended_ms != DFL_EXTENDED_MS )
- mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
+ if (opt.extended_ms != DFL_EXTENDED_MS) {
+ mbedtls_ssl_conf_extended_master_secret(&conf, opt.extended_ms);
+ }
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( opt.etm != DFL_ETM )
- mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
+ if (opt.etm != DFL_ETM) {
+ mbedtls_ssl_conf_encrypt_then_mac(&conf, opt.etm);
+ }
#endif
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
- if( opt.eap_tls != 0 )
- {
- mbedtls_ssl_conf_export_keys_ext_cb( &conf, eap_tls_key_derivation,
- &eap_tls_keying );
+ if (opt.eap_tls != 0) {
+ mbedtls_ssl_conf_export_keys_ext_cb(&conf, eap_tls_key_derivation,
+ &eap_tls_keying);
+ } else if (opt.nss_keylog != 0) {
+ mbedtls_ssl_conf_export_keys_ext_cb(&conf,
+ nss_keylog_export,
+ NULL);
}
- else if( opt.nss_keylog != 0 )
- {
- mbedtls_ssl_conf_export_keys_ext_cb( &conf,
- nss_keylog_export,
- NULL );
- }
-#if defined( MBEDTLS_SSL_DTLS_SRTP )
- else if( opt.use_srtp != 0 )
- {
- mbedtls_ssl_conf_export_keys_ext_cb( &conf, dtls_srtp_key_derivation,
- &dtls_srtp_keying );
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ else if (opt.use_srtp != 0) {
+ mbedtls_ssl_conf_export_keys_ext_cb(&conf, dtls_srtp_key_derivation,
+ &dtls_srtp_keying);
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
- if( opt.recsplit != DFL_RECSPLIT )
- mbedtls_ssl_conf_cbc_record_splitting( &conf, opt.recsplit
+ if (opt.recsplit != DFL_RECSPLIT) {
+ mbedtls_ssl_conf_cbc_record_splitting(&conf, opt.recsplit
? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
- : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
+ : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED);
+ }
#endif
#if defined(MBEDTLS_DHM_C)
- if( opt.dhmlen != DFL_DHMLEN )
- mbedtls_ssl_conf_dhm_min_bitlen( &conf, opt.dhmlen );
+ if (opt.dhmlen != DFL_DHMLEN) {
+ mbedtls_ssl_conf_dhm_min_bitlen(&conf, opt.dhmlen);
+ }
#endif
#if defined(MBEDTLS_SSL_ALPN)
- if( opt.alpn_string != NULL )
- if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n",
- ret );
+ if (opt.alpn_string != NULL) {
+ if ((ret = mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n",
+ ret);
goto exit;
}
+ }
#endif
- if (opt.reproducible)
- {
+ if (opt.reproducible) {
#if defined(MBEDTLS_HAVE_TIME)
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
- mbedtls_platform_set_time( dummy_constant_time );
+ mbedtls_platform_set_time(dummy_constant_time);
#else
- fprintf( stderr, "Warning: reproducible option used without constant time\n" );
+ fprintf(stderr, "Warning: reproducible option used without constant time\n");
#endif
#endif /* MBEDTLS_HAVE_TIME */
}
- mbedtls_ssl_conf_rng( &conf, rng_get, &rng );
- mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+ mbedtls_ssl_conf_rng(&conf, rng_get, &rng);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
- mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
+ mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout);
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- mbedtls_ssl_conf_session_tickets( &conf, opt.tickets );
+ mbedtls_ssl_conf_session_tickets(&conf, opt.tickets);
#endif
- if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
- mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
+ if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) {
+ mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite);
+ }
#if defined(MBEDTLS_ARC4_C)
- if( opt.arc4 != DFL_ARC4 )
- mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 );
+ if (opt.arc4 != DFL_ARC4) {
+ mbedtls_ssl_conf_arc4_support(&conf, opt.arc4);
+ }
#endif
- if( opt.allow_legacy != DFL_ALLOW_LEGACY )
- mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
+ if (opt.allow_legacy != DFL_ALLOW_LEGACY) {
+ mbedtls_ssl_conf_legacy_renegotiation(&conf, opt.allow_legacy);
+ }
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
+ mbedtls_ssl_conf_renegotiation(&conf, opt.renegotiation);
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- if( strcmp( opt.ca_path, "none" ) != 0 &&
- strcmp( opt.ca_file, "none" ) != 0 )
- {
+ if (strcmp(opt.ca_path, "none") != 0 &&
+ strcmp(opt.ca_file, "none") != 0) {
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
- if( opt.ca_callback != 0 )
- mbedtls_ssl_conf_ca_cb( &conf, ca_callback, &cacert );
- else
+ if (opt.ca_callback != 0) {
+ mbedtls_ssl_conf_ca_cb(&conf, ca_callback, &cacert);
+ } else
#endif
- mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+ mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
}
- if( strcmp( opt.crt_file, "none" ) != 0 &&
- strcmp( opt.key_file, "none" ) != 0 )
- {
- if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n",
- ret );
+ if (strcmp(opt.crt_file, "none") != 0 &&
+ strcmp(opt.key_file, "none") != 0) {
+ if ((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n",
+ ret);
goto exit;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECP_C)
- if( opt.curves != NULL &&
- strcmp( opt.curves, "default" ) != 0 )
- {
- mbedtls_ssl_conf_curves( &conf, curve_list );
+ if (opt.curves != NULL &&
+ strcmp(opt.curves, "default") != 0) {
+ mbedtls_ssl_conf_curves(&conf, curve_list);
}
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( opt.psk_opaque != 0 )
- {
+ if (opt.psk_opaque != 0) {
key_attributes = psa_key_attributes_init();
- psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &key_attributes, alg );
- psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE );
+ psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&key_attributes, alg);
+ psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE);
- status = psa_import_key( &key_attributes, psk, psk_len, &slot );
- if( status != PSA_SUCCESS )
- {
+ status = psa_import_key(&key_attributes, psk, psk_len, &slot);
+ if (status != PSA_SUCCESS) {
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto exit;
}
- if( ( ret = mbedtls_ssl_conf_psk_opaque( &conf, slot,
- (const unsigned char *) opt.psk_identity,
- strlen( opt.psk_identity ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n",
- ret );
+ if ((ret = mbedtls_ssl_conf_psk_opaque(&conf, slot,
+ (const unsigned char *) opt.psk_identity,
+ strlen(opt.psk_identity))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n",
+ ret);
goto exit;
}
- }
- else
+ } else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( psk_len > 0 )
- {
- ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
- (const unsigned char *) opt.psk_identity,
- strlen( opt.psk_identity ) );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret );
+ if (psk_len > 0) {
+ ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
+ (const unsigned char *) opt.psk_identity,
+ strlen(opt.psk_identity));
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret);
goto exit;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
- if( opt.min_version != DFL_MIN_VERSION )
- mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
- opt.min_version );
+ if (opt.min_version != DFL_MIN_VERSION) {
+ mbedtls_ssl_conf_min_version(&conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ opt.min_version);
+ }
- if( opt.max_version != DFL_MAX_VERSION )
- mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
- opt.max_version );
+ if (opt.max_version != DFL_MAX_VERSION) {
+ mbedtls_ssl_conf_max_version(&conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ opt.max_version);
+ }
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
- if( opt.fallback != DFL_FALLBACK )
- mbedtls_ssl_conf_fallback( &conf, opt.fallback );
+ if (opt.fallback != DFL_FALLBACK) {
+ mbedtls_ssl_conf_fallback(&conf, opt.fallback);
+ }
#endif
- if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
- ret );
+ if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
+ ret);
goto exit;
}
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- if( opt.ecjpake_pw != DFL_ECJPAKE_PW )
- {
- if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( &ssl,
- (const unsigned char *) opt.ecjpake_pw,
- strlen( opt.ecjpake_pw ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n",
- ret );
+ if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
+ if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
+ (const unsigned char *) opt.ecjpake_pw,
+ strlen(opt.ecjpake_pw))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n",
+ ret);
goto exit;
}
}
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- if( opt.context_crt_cb == 1 )
- mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
+ if (opt.context_crt_cb == 1) {
+ mbedtls_ssl_set_verify(&ssl, my_verify, NULL);
+ }
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
io_ctx.ssl = &ssl;
io_ctx.net = &server_fd;
- mbedtls_ssl_set_bio( &ssl, &io_ctx, send_cb, recv_cb,
- opt.nbio == 0 ? recv_timeout_cb : NULL );
+ mbedtls_ssl_set_bio(&ssl, &io_ctx, send_cb, recv_cb,
+ opt.nbio == 0 ? recv_timeout_cb : NULL);
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled,
- cid, cid_len ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
- ret );
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled,
+ cid, cid_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
+ ret);
goto exit;
}
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( opt.dtls_mtu != DFL_DTLS_MTU )
- mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
+ if (opt.dtls_mtu != DFL_DTLS_MTU) {
+ mbedtls_ssl_set_mtu(&ssl, opt.dtls_mtu);
+ }
#endif
#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
+ mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
#endif
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( opt.ec_max_ops != DFL_EC_MAX_OPS )
- mbedtls_ecp_set_max_ops( opt.ec_max_ops );
+ if (opt.ec_max_ops != DFL_EC_MAX_OPS) {
+ mbedtls_ecp_set_max_ops(opt.ec_max_ops);
+ }
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- if( opt.use_srtp != 0 && strlen( opt.mki ) != 0 )
- {
- if( mbedtls_test_unhexify( mki, sizeof( mki ),
- opt.mki,&mki_len ) != 0 )
- {
- mbedtls_printf( "mki value not valid hex\n" );
+ if (opt.use_srtp != 0 && strlen(opt.mki) != 0) {
+ if (mbedtls_test_unhexify(mki, sizeof(mki),
+ opt.mki, &mki_len) != 0) {
+ mbedtls_printf("mki value not valid hex\n");
goto exit;
}
- mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED );
- if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki,
- (uint16_t) strlen( opt.mki ) / 2 ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret );
+ mbedtls_ssl_conf_srtp_mki_value_supported(&conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED);
+ if ((ret = mbedtls_ssl_dtls_srtp_set_mki_value(&ssl, mki,
+ (uint16_t) strlen(opt.mki) / 2)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret);
goto exit;
}
}
#endif
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 4. Handshake
*/
- mbedtls_printf( " . Performing the SSL/TLS handshake..." );
- fflush( stdout );
+ mbedtls_printf(" . Performing the SSL/TLS handshake...");
+ fflush(stdout);
- while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
- {
- if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
- ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
- (unsigned int) -ret );
- if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
+ ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
+ (unsigned int) -ret);
+ if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
mbedtls_printf(
" Unable to verify the server's certificate. "
- "Either it is invalid,\n"
+ "Either it is invalid,\n"
" or you didn't set ca_file or ca_path "
- "to an appropriate value.\n"
+ "to an appropriate value.\n"
" Alternatively, you may want to use "
- "auth_mode=optional for testing purposes.\n" );
- mbedtls_printf( "\n" );
+ "auth_mode=optional for testing purposes.\n");
+ }
+ mbedtls_printf("\n");
goto exit;
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
+ if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
continue;
+ }
#endif
/* For event-driven IO, wait for socket to become available */
- if( opt.event == 1 /* level triggered IO */ )
- {
+ if (opt.event == 1 /* level triggered IO */) {
#if defined(MBEDTLS_TIMING_C)
- ret = idle( &server_fd, &timer, ret );
+ ret = idle(&server_fd, &timer, ret);
#else
- ret = idle( &server_fd, ret );
+ ret = idle(&server_fd, ret);
#endif
- if( ret != 0 )
+ if (ret != 0) {
goto exit;
+ }
}
}
- mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
- mbedtls_ssl_get_version( &ssl ),
- mbedtls_ssl_get_ciphersuite( &ssl ) );
+ mbedtls_printf(" ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
+ mbedtls_ssl_get_version(&ssl),
+ mbedtls_ssl_get_ciphersuite(&ssl));
- if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
- mbedtls_printf( " [ Record expansion is %d ]\n", ret );
- else
- mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
+ if ((ret = mbedtls_ssl_get_record_expansion(&ssl)) >= 0) {
+ mbedtls_printf(" [ Record expansion is %d ]\n", ret);
+ } else {
+ mbedtls_printf(" [ Record expansion is unknown (compression) ]\n");
+ }
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
- (unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
- mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
- (unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
+ mbedtls_printf(" [ Maximum input fragment length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_input_max_frag_len(&ssl));
+ mbedtls_printf(" [ Maximum output fragment length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_output_max_frag_len(&ssl));
#endif
#if defined(MBEDTLS_SSL_ALPN)
- if( opt.alpn_string != NULL )
- {
- const char *alp = mbedtls_ssl_get_alpn_protocol( &ssl );
- mbedtls_printf( " [ Application Layer Protocol is %s ]\n",
- alp ? alp : "(none)" );
+ if (opt.alpn_string != NULL) {
+ const char *alp = mbedtls_ssl_get_alpn_protocol(&ssl);
+ mbedtls_printf(" [ Application Layer Protocol is %s ]\n",
+ alp ? alp : "(none)");
}
#endif
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
- if( opt.eap_tls != 0 )
- {
+ if (opt.eap_tls != 0) {
size_t j = 0;
- if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type,
- eap_tls_keying.master_secret,
- sizeof( eap_tls_keying.master_secret ),
- eap_tls_label,
- eap_tls_keying.randbytes,
- sizeof( eap_tls_keying.randbytes ),
- eap_tls_keymaterial,
- sizeof( eap_tls_keymaterial ) ) )
- != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type,
+ eap_tls_keying.master_secret,
+ sizeof(eap_tls_keying.master_secret),
+ eap_tls_label,
+ eap_tls_keying.randbytes,
+ sizeof(eap_tls_keying.randbytes),
+ eap_tls_keymaterial,
+ sizeof(eap_tls_keymaterial)))
+ != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( " EAP-TLS key material is:" );
- for( j = 0; j < sizeof( eap_tls_keymaterial ); j++ )
- {
- if( j % 8 == 0 )
+ mbedtls_printf(" EAP-TLS key material is:");
+ for (j = 0; j < sizeof(eap_tls_keymaterial); j++) {
+ if (j % 8 == 0) {
mbedtls_printf("\n ");
- mbedtls_printf("%02x ", eap_tls_keymaterial[j] );
+ }
+ mbedtls_printf("%02x ", eap_tls_keymaterial[j]);
}
mbedtls_printf("\n");
- if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type, NULL, 0,
- eap_tls_label,
- eap_tls_keying.randbytes,
- sizeof( eap_tls_keying.randbytes ),
- eap_tls_iv,
- sizeof( eap_tls_iv ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
- (unsigned int) -ret );
- goto exit;
- }
+ if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type, NULL, 0,
+ eap_tls_label,
+ eap_tls_keying.randbytes,
+ sizeof(eap_tls_keying.randbytes),
+ eap_tls_iv,
+ sizeof(eap_tls_iv))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
- mbedtls_printf( " EAP-TLS IV is:" );
- for( j = 0; j < sizeof( eap_tls_iv ); j++ )
- {
- if( j % 8 == 0 )
+ mbedtls_printf(" EAP-TLS IV is:");
+ for (j = 0; j < sizeof(eap_tls_iv); j++) {
+ if (j % 8 == 0) {
mbedtls_printf("\n ");
- mbedtls_printf("%02x ", eap_tls_iv[j] );
+ }
+ mbedtls_printf("%02x ", eap_tls_iv[j]);
}
mbedtls_printf("\n");
}
-#if defined( MBEDTLS_SSL_DTLS_SRTP )
- else if( opt.use_srtp != 0 )
- {
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ else if (opt.use_srtp != 0) {
size_t j = 0;
mbedtls_dtls_srtp_info dtls_srtp_negotiation_result;
- mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl, &dtls_srtp_negotiation_result );
+ mbedtls_ssl_get_dtls_srtp_negotiation_result(&ssl, &dtls_srtp_negotiation_result);
- if( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile
- == MBEDTLS_TLS_SRTP_UNSET )
- {
- mbedtls_printf( " Unable to negotiate "
- "the use of DTLS-SRTP\n" );
- }
- else
- {
- if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type,
- dtls_srtp_keying.master_secret,
- sizeof( dtls_srtp_keying.master_secret ),
- dtls_srtp_label,
- dtls_srtp_keying.randbytes,
- sizeof( dtls_srtp_keying.randbytes ),
- dtls_srtp_key_material,
- sizeof( dtls_srtp_key_material ) ) )
- != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
- (unsigned int) -ret );
+ if (dtls_srtp_negotiation_result.chosen_dtls_srtp_profile
+ == MBEDTLS_TLS_SRTP_UNSET) {
+ mbedtls_printf(" Unable to negotiate "
+ "the use of DTLS-SRTP\n");
+ } else {
+ if ((ret = mbedtls_ssl_tls_prf(dtls_srtp_keying.tls_prf_type,
+ dtls_srtp_keying.master_secret,
+ sizeof(dtls_srtp_keying.master_secret),
+ dtls_srtp_label,
+ dtls_srtp_keying.randbytes,
+ sizeof(dtls_srtp_keying.randbytes),
+ dtls_srtp_key_material,
+ sizeof(dtls_srtp_key_material)))
+ != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( " DTLS-SRTP key material is:" );
- for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
- {
- if( j % 8 == 0 )
- mbedtls_printf( "\n " );
- mbedtls_printf( "%02x ", dtls_srtp_key_material[j] );
+ mbedtls_printf(" DTLS-SRTP key material is:");
+ for (j = 0; j < sizeof(dtls_srtp_key_material); j++) {
+ if (j % 8 == 0) {
+ mbedtls_printf("\n ");
+ }
+ mbedtls_printf("%02x ", dtls_srtp_key_material[j]);
}
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
/* produce a less readable output used to perform automatic checks
* - compare client and server output
* - interop test with openssl which client produces this kind of output
*/
- mbedtls_printf( " Keying material: " );
- for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
- {
- mbedtls_printf( "%02X", dtls_srtp_key_material[j] );
+ mbedtls_printf(" Keying material: ");
+ for (j = 0; j < sizeof(dtls_srtp_key_material); j++) {
+ mbedtls_printf("%02X", dtls_srtp_key_material[j]);
}
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
- if ( dtls_srtp_negotiation_result.mki_len > 0 )
- {
- mbedtls_printf( " DTLS-SRTP mki value: " );
- for( j = 0; j < dtls_srtp_negotiation_result.mki_len; j++ )
- {
- mbedtls_printf( "%02X", dtls_srtp_negotiation_result.mki_value[j] );
+ if (dtls_srtp_negotiation_result.mki_len > 0) {
+ mbedtls_printf(" DTLS-SRTP mki value: ");
+ for (j = 0; j < dtls_srtp_negotiation_result.mki_len; j++) {
+ mbedtls_printf("%02X", dtls_srtp_negotiation_result.mki_value[j]);
}
+ } else {
+ mbedtls_printf(" DTLS-SRTP no mki value negotiated");
}
- else
- {
- mbedtls_printf( " DTLS-SRTP no mki value negotiated" );
- }
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
}
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
- if( opt.reconnect != 0 )
- {
- mbedtls_printf(" . Saving session for reuse..." );
- fflush( stdout );
+ if (opt.reconnect != 0) {
+ mbedtls_printf(" . Saving session for reuse...");
+ fflush(stdout);
- if( opt.reco_mode == 1 )
- {
+ if (opt.reco_mode == 1) {
/* free any previously saved data */
- if( session_data != NULL )
- {
- mbedtls_platform_zeroize( session_data, session_data_len );
- mbedtls_free( session_data );
+ if (session_data != NULL) {
+ mbedtls_platform_zeroize(session_data, session_data_len);
+ mbedtls_free(session_data);
session_data = NULL;
}
/* get size of the buffer needed */
- mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
- NULL, 0, &session_data_len );
- session_data = mbedtls_calloc( 1, session_data_len );
- if( session_data == NULL )
- {
- mbedtls_printf( " failed\n ! alloc %u bytes for session data\n",
- (unsigned) session_data_len );
+ mbedtls_ssl_session_save(mbedtls_ssl_get_session_pointer(&ssl),
+ NULL, 0, &session_data_len);
+ session_data = mbedtls_calloc(1, session_data_len);
+ if (session_data == NULL) {
+ mbedtls_printf(" failed\n ! alloc %u bytes for session data\n",
+ (unsigned) session_data_len);
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto exit;
}
/* actually save session data */
- if( ( ret = mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
- session_data, session_data_len,
- &session_data_len ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_ssl_session_save(mbedtls_ssl_get_session_pointer(&ssl),
+ session_data, session_data_len,
+ &session_data_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- }
- else
- {
- if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
- (unsigned int) -ret );
+ } else {
+ if ((ret = mbedtls_ssl_get_session(&ssl, &saved_session)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
- if( opt.reco_mode == 1 )
- {
- mbedtls_printf( " [ Saved %u bytes of session data]\n",
- (unsigned) session_data_len );
+ if (opt.reco_mode == 1) {
+ mbedtls_printf(" [ Saved %u bytes of session data]\n",
+ (unsigned) session_data_len);
}
}
@@ -2344,88 +2183,84 @@
/*
* 5. Verify the server certificate
*/
- mbedtls_printf( " . Verifying peer X.509 certificate..." );
+ mbedtls_printf(" . Verifying peer X.509 certificate...");
- if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
- {
+ if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
char vrfy_buf[512];
- mbedtls_printf( " failed\n" );
+ mbedtls_printf(" failed\n");
- mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ),
- " ! ", flags );
+ mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf),
+ " ! ", flags);
- mbedtls_printf( "%s\n", vrfy_buf );
+ mbedtls_printf("%s\n", vrfy_buf);
+ } else {
+ mbedtls_printf(" ok\n");
}
- else
- mbedtls_printf( " ok\n" );
- mbedtls_printf( " . Peer certificate information ...\n" );
- mbedtls_printf( "%s\n", peer_crt_info );
+ mbedtls_printf(" . Peer certificate information ...\n");
+ mbedtls_printf("%s\n", peer_crt_info);
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- ret = report_cid_usage( &ssl, "initial handshake" );
- if( ret != 0 )
+ ret = report_cid_usage(&ssl, "initial handshake");
+ if (ret != 0) {
goto exit;
+ }
- if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled_renego,
- cid_renego,
- cid_renego_len ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
- ret );
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled_renego,
+ cid_renego,
+ cid_renego_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
+ ret);
goto exit;
}
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( opt.renegotiate )
- {
+ if (opt.renegotiate) {
/*
* Perform renegotiation (this must be done when the server is waiting
* for input from our side).
*/
- mbedtls_printf( " . Performing renegotiation..." );
- fflush( stdout );
- while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 )
- {
- if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ mbedtls_printf(" . Performing renegotiation...");
+ fflush(stdout);
+ while ((ret = mbedtls_ssl_renegotiate(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
- ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n",
- ret );
+ ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_renegotiate returned %d\n\n",
+ ret);
goto exit;
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
+ if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
continue;
+ }
#endif
/* For event-driven IO, wait for socket to become available */
- if( opt.event == 1 /* level triggered IO */ )
- {
+ if (opt.event == 1 /* level triggered IO */) {
#if defined(MBEDTLS_TIMING_C)
- idle( &server_fd, &timer, ret );
+ idle(&server_fd, &timer, ret);
#else
- idle( &server_fd, ret );
+ idle(&server_fd, ret);
#endif
}
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- ret = report_cid_usage( &ssl, "after renegotiation" );
- if( ret != 0 )
+ ret = report_cid_usage(&ssl, "after renegotiation");
+ if (ret != 0) {
goto exit;
+ }
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/*
@@ -2433,120 +2268,111 @@
*/
retry_left = opt.max_resend;
send_request:
- mbedtls_printf( " > Write to server:" );
- fflush( stdout );
+ mbedtls_printf(" > Write to server:");
+ fflush(stdout);
- len = mbedtls_snprintf( (char *) buf, sizeof( buf ) - 1, GET_REQUEST,
- opt.request_page );
- tail_len = (int) strlen( GET_REQUEST_END );
+ len = mbedtls_snprintf((char *) buf, sizeof(buf) - 1, GET_REQUEST,
+ opt.request_page);
+ tail_len = (int) strlen(GET_REQUEST_END);
/* Add padding to GET request to reach opt.request_size in length */
- if( opt.request_size != DFL_REQUEST_SIZE &&
- len + tail_len < opt.request_size )
- {
- memset( buf + len, 'A', opt.request_size - len - tail_len );
+ if (opt.request_size != DFL_REQUEST_SIZE &&
+ len + tail_len < opt.request_size) {
+ memset(buf + len, 'A', opt.request_size - len - tail_len);
len += opt.request_size - len - tail_len;
}
- strncpy( (char *) buf + len, GET_REQUEST_END, sizeof( buf ) - len - 1 );
+ strncpy((char *) buf + len, GET_REQUEST_END, sizeof(buf) - len - 1);
len += tail_len;
/* Truncate if request size is smaller than the "natural" size */
- if( opt.request_size != DFL_REQUEST_SIZE &&
- len > opt.request_size )
- {
+ if (opt.request_size != DFL_REQUEST_SIZE &&
+ len > opt.request_size) {
len = opt.request_size;
/* Still end with \r\n unless that's really not possible */
- if( len >= 2 ) buf[len - 2] = '\r';
- if( len >= 1 ) buf[len - 1] = '\n';
+ if (len >= 2) {
+ buf[len - 2] = '\r';
+ }
+ if (len >= 1) {
+ buf[len - 1] = '\n';
+ }
}
- if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
- {
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) {
written = 0;
frags = 0;
- do
- {
- while( ( ret = mbedtls_ssl_write( &ssl, buf + written,
- len - written ) ) < 0 )
- {
- if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ do {
+ while ((ret = mbedtls_ssl_write(&ssl, buf + written,
+ len - written)) < 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
- ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
- (unsigned int) -ret );
+ ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
/* For event-driven IO, wait for socket to become available */
- if( opt.event == 1 /* level triggered IO */ )
- {
+ if (opt.event == 1 /* level triggered IO */) {
#if defined(MBEDTLS_TIMING_C)
- idle( &server_fd, &timer, ret );
+ idle(&server_fd, &timer, ret);
#else
- idle( &server_fd, ret );
+ idle(&server_fd, ret);
#endif
}
}
frags++;
written += ret;
- }
- while( written < len );
- }
- else /* Not stream, so datagram */
- {
- while( 1 )
- {
- ret = mbedtls_ssl_write( &ssl, buf, len );
+ } while (written < len);
+ } else { /* Not stream, so datagram */
+ while (1) {
+ ret = mbedtls_ssl_write(&ssl, buf, len);
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
+ if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
continue;
+ }
#endif
- if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
- ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
break;
+ }
/* For event-driven IO, wait for socket to become available */
- if( opt.event == 1 /* level triggered IO */ )
- {
+ if (opt.event == 1 /* level triggered IO */) {
#if defined(MBEDTLS_TIMING_C)
- idle( &server_fd, &timer, ret );
+ idle(&server_fd, &timer, ret);
#else
- idle( &server_fd, ret );
+ idle(&server_fd, ret);
#endif
}
}
- if( ret < 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n",
- ret );
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n",
+ ret);
goto exit;
}
frags = 1;
written = ret;
- if( written < len )
- {
- mbedtls_printf( " warning\n ! request didn't fit into single datagram and "
- "was truncated to size %u", (unsigned) written );
+ if (written < len) {
+ mbedtls_printf(" warning\n ! request didn't fit into single datagram and "
+ "was truncated to size %u", (unsigned) written);
}
}
buf[written] = '\0';
- mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n",
- written, frags, (char *) buf );
+ mbedtls_printf(" %d bytes written in %d fragments\n\n%s\n",
+ written, frags, (char *) buf);
/* Send a non-empty request if request_size == 0 */
- if ( len == 0 )
- {
+ if (len == 0) {
opt.request_size = DFL_REQUEST_SIZE;
goto send_request;
}
@@ -2554,176 +2380,161 @@
/*
* 7. Read the HTTP response
*/
- mbedtls_printf( " < Read from server:" );
- fflush( stdout );
+ mbedtls_printf(" < Read from server:");
+ fflush(stdout);
/*
* TLS and DTLS need different reading styles (stream vs datagram)
*/
- if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
- {
- do
- {
- len = sizeof( buf ) - 1;
- memset( buf, 0, sizeof( buf ) );
- ret = mbedtls_ssl_read( &ssl, buf, len );
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) {
+ do {
+ len = sizeof(buf) - 1;
+ memset(buf, 0, sizeof(buf));
+ ret = mbedtls_ssl_read(&ssl, buf, len);
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
+ if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
continue;
+ }
#endif
- if( ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE )
- {
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
/* For event-driven IO, wait for socket to become available */
- if( opt.event == 1 /* level triggered IO */ )
- {
+ if (opt.event == 1 /* level triggered IO */) {
#if defined(MBEDTLS_TIMING_C)
- idle( &server_fd, &timer, ret );
+ idle(&server_fd, &timer, ret);
#else
- idle( &server_fd, ret );
+ idle(&server_fd, ret);
#endif
}
continue;
}
- if( ret <= 0 )
- {
- switch( ret )
- {
+ if (ret <= 0) {
+ switch (ret) {
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
- mbedtls_printf( " connection was closed gracefully\n" );
+ mbedtls_printf(" connection was closed gracefully\n");
ret = 0;
goto close_notify;
case 0:
case MBEDTLS_ERR_NET_CONN_RESET:
- mbedtls_printf( " connection was reset by peer\n" );
+ mbedtls_printf(" connection was reset by peer\n");
ret = 0;
goto reconnect;
default:
- mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n",
- (unsigned int) -ret );
+ mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n",
+ (unsigned int) -ret);
goto exit;
}
}
len = ret;
buf[len] = '\0';
- mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
+ mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf);
/* End of message should be detected according to the syntax of the
* application protocol (eg HTTP), just use a dummy test here. */
- if( ret > 0 && buf[len-1] == '\n' )
- {
+ if (ret > 0 && buf[len-1] == '\n') {
ret = 0;
break;
}
- }
- while( 1 );
- }
- else /* Not stream, so datagram */
- {
- len = sizeof( buf ) - 1;
- memset( buf, 0, sizeof( buf ) );
+ } while (1);
+ } else { /* Not stream, so datagram */
+ len = sizeof(buf) - 1;
+ memset(buf, 0, sizeof(buf));
- while( 1 )
- {
- ret = mbedtls_ssl_read( &ssl, buf, len );
+ while (1) {
+ ret = mbedtls_ssl_read(&ssl, buf, len);
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
+ if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
continue;
+ }
#endif
- if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
- ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
break;
+ }
/* For event-driven IO, wait for socket to become available */
- if( opt.event == 1 /* level triggered IO */ )
- {
+ if (opt.event == 1 /* level triggered IO */) {
#if defined(MBEDTLS_TIMING_C)
- idle( &server_fd, &timer, ret );
+ idle(&server_fd, &timer, ret);
#else
- idle( &server_fd, ret );
+ idle(&server_fd, ret);
#endif
}
}
- if( ret <= 0 )
- {
- switch( ret )
- {
+ if (ret <= 0) {
+ switch (ret) {
case MBEDTLS_ERR_SSL_TIMEOUT:
- mbedtls_printf( " timeout\n" );
- if( retry_left-- > 0 )
+ mbedtls_printf(" timeout\n");
+ if (retry_left-- > 0) {
goto send_request;
+ }
goto exit;
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
- mbedtls_printf( " connection was closed gracefully\n" );
+ mbedtls_printf(" connection was closed gracefully\n");
ret = 0;
goto close_notify;
default:
- mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret );
+ mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret);
goto exit;
}
}
len = ret;
buf[len] = '\0';
- mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
+ mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf);
ret = 0;
}
/*
* 7b. Simulate hard reset and reconnect from same port?
*/
- if( opt.reconnect_hard != 0 )
- {
+ if (opt.reconnect_hard != 0) {
opt.reconnect_hard = 0;
- mbedtls_printf( " . Restarting connection from same port..." );
- fflush( stdout );
+ mbedtls_printf(" . Restarting connection from same port...");
+ fflush(stdout);
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
+ memset(peer_crt_info, 0, sizeof(peer_crt_info));
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
- if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_ssl_session_reset(&ssl)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
- {
- if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
- ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
- (unsigned int) -ret );
+ ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
/* For event-driven IO, wait for socket to become available */
- if( opt.event == 1 /* level triggered IO */ )
- {
+ if (opt.event == 1 /* level triggered IO */) {
#if defined(MBEDTLS_TIMING_C)
- idle( &server_fd, &timer, ret );
+ idle(&server_fd, &timer, ret);
#else
- idle( &server_fd, ret );
+ idle(&server_fd, ret);
#endif
}
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
goto send_request;
}
@@ -2732,160 +2543,149 @@
* 7c. Simulate serialize/deserialize and go back to data exchange
*/
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
- if( opt.serialize != 0 )
- {
+ if (opt.serialize != 0) {
size_t buf_len;
- mbedtls_printf( " . Serializing live connection..." );
+ mbedtls_printf(" . Serializing live connection...");
- ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &buf_len );
- if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
- "-0x%x\n\n", (unsigned int) -ret );
+ ret = mbedtls_ssl_context_save(&ssl, NULL, 0, &buf_len);
+ if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned "
+ "-0x%x\n\n", (unsigned int) -ret);
goto exit;
}
- if( ( context_buf = mbedtls_calloc( 1, buf_len ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Couldn't allocate buffer for "
- "serialized context" );
+ if ((context_buf = mbedtls_calloc(1, buf_len)) == NULL) {
+ mbedtls_printf(" failed\n ! Couldn't allocate buffer for "
+ "serialized context");
goto exit;
}
context_buf_len = buf_len;
- if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf,
- buf_len, &buf_len ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
- "-0x%x\n\n", (unsigned int) -ret );
+ if ((ret = mbedtls_ssl_context_save(&ssl, context_buf,
+ buf_len, &buf_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned "
+ "-0x%x\n\n", (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/* Save serialized context to the 'opt.context_file' as a base64 code */
- if( 0 < strlen( opt.context_file ) )
- {
+ if (0 < strlen(opt.context_file)) {
FILE *b64_file;
uint8_t *b64_buf;
size_t b64_len;
- mbedtls_printf( " . Save serialized context to a file... " );
+ mbedtls_printf(" . Save serialized context to a file... ");
- mbedtls_base64_encode( NULL, 0, &b64_len, context_buf, buf_len );
+ mbedtls_base64_encode(NULL, 0, &b64_len, context_buf, buf_len);
- if( ( b64_buf = mbedtls_calloc( 1, b64_len ) ) == NULL )
- {
- mbedtls_printf( "failed\n ! Couldn't allocate buffer for "
- "the base64 code\n" );
+ if ((b64_buf = mbedtls_calloc(1, b64_len)) == NULL) {
+ mbedtls_printf("failed\n ! Couldn't allocate buffer for "
+ "the base64 code\n");
goto exit;
}
- if( ( ret = mbedtls_base64_encode( b64_buf, b64_len, &b64_len,
- context_buf, buf_len ) ) != 0 )
- {
- mbedtls_printf( "failed\n ! mbedtls_base64_encode returned "
- "-0x%x\n", (unsigned int) -ret );
- mbedtls_free( b64_buf );
+ if ((ret = mbedtls_base64_encode(b64_buf, b64_len, &b64_len,
+ context_buf, buf_len)) != 0) {
+ mbedtls_printf("failed\n ! mbedtls_base64_encode returned "
+ "-0x%x\n", (unsigned int) -ret);
+ mbedtls_free(b64_buf);
goto exit;
}
- if( ( b64_file = fopen( opt.context_file, "w" ) ) == NULL )
- {
- mbedtls_printf( "failed\n ! Cannot open '%s' for writing.\n",
- opt.context_file );
- mbedtls_free( b64_buf );
+ if ((b64_file = fopen(opt.context_file, "w")) == NULL) {
+ mbedtls_printf("failed\n ! Cannot open '%s' for writing.\n",
+ opt.context_file);
+ mbedtls_free(b64_buf);
goto exit;
}
- if( b64_len != fwrite( b64_buf, 1, b64_len, b64_file ) )
- {
- mbedtls_printf( "failed\n ! fwrite(%ld bytes) failed\n",
- (long) b64_len );
- mbedtls_free( b64_buf );
- fclose( b64_file );
+ if (b64_len != fwrite(b64_buf, 1, b64_len, b64_file)) {
+ mbedtls_printf("failed\n ! fwrite(%ld bytes) failed\n",
+ (long) b64_len);
+ mbedtls_free(b64_buf);
+ fclose(b64_file);
goto exit;
}
- mbedtls_free( b64_buf );
- fclose( b64_file );
+ mbedtls_free(b64_buf);
+ fclose(b64_file);
- mbedtls_printf( "ok\n" );
+ mbedtls_printf("ok\n");
}
- if( opt.serialize == 1 )
- {
+ if (opt.serialize == 1) {
/* nothing to do here, done by context_save() already */
- mbedtls_printf( " . Context has been reset... ok\n" );
+ mbedtls_printf(" . Context has been reset... ok\n");
}
- if( opt.serialize == 2 )
- {
- mbedtls_printf( " . Freeing and reinitializing context..." );
+ if (opt.serialize == 2) {
+ mbedtls_printf(" . Freeing and reinitializing context...");
- mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_free(&ssl);
- mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_init(&ssl);
- if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned "
- "-0x%x\n\n", (unsigned int) -ret );
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned "
+ "-0x%x\n\n", (unsigned int) -ret);
goto exit;
}
- if( opt.nbio == 2 )
- mbedtls_ssl_set_bio( &ssl, &server_fd, delayed_send,
- delayed_recv, NULL );
- else
- mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send,
- mbedtls_net_recv,
- opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
+ if (opt.nbio == 2) {
+ mbedtls_ssl_set_bio(&ssl, &server_fd, delayed_send,
+ delayed_recv, NULL);
+ } else {
+ mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send,
+ mbedtls_net_recv,
+ opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL);
+ }
#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb( &ssl, &timer,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
+ mbedtls_ssl_set_timer_cb(&ssl, &timer,
+ mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
#endif /* MBEDTLS_TIMING_C */
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
}
- mbedtls_printf( " . Deserializing connection..." );
+ mbedtls_printf(" . Deserializing connection...");
- if( ( ret = mbedtls_ssl_context_load( &ssl, context_buf,
- buf_len ) ) != 0 )
- {
- mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned "
- "-0x%x\n\n", (unsigned int) -ret );
+ if ((ret = mbedtls_ssl_context_load(&ssl, context_buf,
+ buf_len)) != 0) {
+ mbedtls_printf("failed\n ! mbedtls_ssl_context_load returned "
+ "-0x%x\n\n", (unsigned int) -ret);
goto exit;
}
- mbedtls_free( context_buf );
+ mbedtls_free(context_buf);
context_buf = NULL;
context_buf_len = 0;
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
}
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
/*
* 7d. Continue doing data exchanges?
*/
- if( --opt.exchanges > 0 )
+ if (--opt.exchanges > 0) {
goto send_request;
+ }
/*
* 8. Done, cleanly close the connection
*/
close_notify:
- mbedtls_printf( " . Closing the connection..." );
- fflush( stdout );
+ mbedtls_printf(" . Closing the connection...");
+ fflush(stdout);
/*
* Most of the time sending a close_notify before closing is the right
@@ -2899,97 +2699,90 @@
* failures in tests that use DTLS and resumption with ssl_server2 in
* ssl-opt.sh, avoided by enabling skip_close_notify client-side.
*/
- if( opt.skip_close_notify == 0 )
- {
+ if (opt.skip_close_notify == 0) {
/* No error checking, the connection might be closed already */
- do ret = mbedtls_ssl_close_notify( &ssl );
- while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ do {
+ ret = mbedtls_ssl_close_notify(&ssl);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
ret = 0;
}
- mbedtls_printf( " done\n" );
+ mbedtls_printf(" done\n");
/*
* 9. Reconnect?
*/
reconnect:
- if( opt.reconnect != 0 )
- {
+ if (opt.reconnect != 0) {
--opt.reconnect;
- mbedtls_net_free( &server_fd );
+ mbedtls_net_free(&server_fd);
#if defined(MBEDTLS_TIMING_C)
- if( opt.reco_delay > 0 )
- mbedtls_net_usleep( 1000000 * opt.reco_delay );
+ if (opt.reco_delay > 0) {
+ mbedtls_net_usleep(1000000 * opt.reco_delay);
+ }
#endif
- mbedtls_printf( " . Reconnecting with saved session..." );
+ mbedtls_printf(" . Reconnecting with saved session...");
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
+ memset(peer_crt_info, 0, sizeof(peer_crt_info));
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
- if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_ssl_session_reset(&ssl)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- if( opt.reco_mode == 1 )
- {
- if( ( ret = mbedtls_ssl_session_load( &saved_session,
- session_data,
- session_data_len ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n",
- (unsigned int) -ret );
+ if (opt.reco_mode == 1) {
+ if ((ret = mbedtls_ssl_session_load(&saved_session,
+ session_data,
+ session_data_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
}
- if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_ssl_set_session(&ssl, &saved_session)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- if( ( ret = mbedtls_net_connect( &server_fd,
- opt.server_addr, opt.server_port,
- opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
- MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_net_connect(&server_fd,
+ opt.server_addr, opt.server_port,
+ opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
+ MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_connect returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- if( opt.nbio > 0 )
- ret = mbedtls_net_set_nonblock( &server_fd );
- else
- ret = mbedtls_net_set_block( &server_fd );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
- (unsigned int) -ret );
+ if (opt.nbio > 0) {
+ ret = mbedtls_net_set_nonblock(&server_fd);
+ } else {
+ ret = mbedtls_net_set_block(&server_fd);
+ }
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
- {
- if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
- ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
- (unsigned int) -ret );
+ ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
goto send_request;
}
@@ -2999,66 +2792,66 @@
*/
exit:
#ifdef MBEDTLS_ERROR_C
- if( ret != 0 )
- {
+ if (ret != 0) {
char error_buf[100];
- mbedtls_strerror( ret, error_buf, 100 );
- mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf );
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf);
}
#endif
- mbedtls_net_free( &server_fd );
+ mbedtls_net_free(&server_fd);
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
- mbedtls_ssl_session_free( &saved_session );
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ssl_session_free(&saved_session);
- if( session_data != NULL )
- mbedtls_platform_zeroize( session_data, session_data_len );
- mbedtls_free( session_data );
+ if (session_data != NULL) {
+ mbedtls_platform_zeroize(session_data, session_data_len);
+ }
+ mbedtls_free(session_data);
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
- if( context_buf != NULL )
- mbedtls_platform_zeroize( context_buf, context_buf_len );
- mbedtls_free( context_buf );
+ if (context_buf != NULL) {
+ mbedtls_platform_zeroize(context_buf, context_buf_len);
+ }
+ mbedtls_free(context_buf);
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- mbedtls_x509_crt_free( &clicert );
- mbedtls_x509_crt_free( &cacert );
- mbedtls_pk_free( &pkey );
+ mbedtls_x509_crt_free(&clicert);
+ mbedtls_x509_crt_free(&cacert);
+ mbedtls_pk_free(&pkey);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_destroy_key( key_slot );
+ psa_destroy_key(key_slot);
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
defined(MBEDTLS_USE_PSA_CRYPTO)
- if( opt.psk_opaque != 0 )
- {
+ if (opt.psk_opaque != 0) {
/* This is ok even if the slot hasn't been
* initialized (we might have jumed here
* immediately because of bad cmd line params,
* for example). */
- status = psa_destroy_key( slot );
- if( ( status != PSA_SUCCESS ) &&
- ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
- {
- mbedtls_printf( "Failed to destroy key slot %u - error was %d",
- (unsigned) slot, (int) status );
- if( ret == 0 )
+ status = psa_destroy_key(slot);
+ if ((status != PSA_SUCCESS) &&
+ (opt.query_config_mode == DFL_QUERY_CONFIG_MODE)) {
+ mbedtls_printf("Failed to destroy key slot %u - error was %d",
+ (unsigned) slot, (int) status);
+ if (ret == 0) {
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ }
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- const char* message = mbedtls_test_helper_is_psa_leaking();
- if( message )
- {
- if( ret == 0 )
+ const char *message = mbedtls_test_helper_is_psa_leaking();
+ if (message) {
+ if (ret == 0) {
ret = 1;
- mbedtls_printf( "PSA memory leak detected: %s\n", message);
+ }
+ mbedtls_printf("PSA memory leak detected: %s\n", message);
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -3066,19 +2859,19 @@
* resources are freed by rng_free(). */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
!defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
- mbedtls_psa_crypto_free( );
+ mbedtls_psa_crypto_free();
#endif
- rng_free( &rng );
+ rng_free(&rng);
#if defined(MBEDTLS_TEST_HOOKS)
- if( test_hooks_failure_detected( ) )
- {
- if( ret == 0 )
+ if (test_hooks_failure_detected()) {
+ if (ret == 0) {
ret = 1;
- mbedtls_printf( "Test hooks detected errors.\n" );
+ }
+ mbedtls_printf("Test hooks detected errors.\n");
}
- test_hooks_free( );
+ test_hooks_free();
#endif /* MBEDTLS_TEST_HOOKS */
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
@@ -3089,20 +2882,21 @@
#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
#if defined(_WIN32)
- if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
- {
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) {
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
}
#endif
// Shell can not handle large exit numbers -> 1 for errors
- if( ret < 0 )
+ if (ret < 0) {
ret = 1;
+ }
- if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
- mbedtls_exit( ret );
- else
- mbedtls_exit( query_config_ret );
+ if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) {
+ mbedtls_exit(ret);
+ } else {
+ mbedtls_exit(query_config_ret);
+ }
}
#endif /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index bb84f52..a8b2b47 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -29,11 +29,11 @@
#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_ERROR_C) || \
!defined(MBEDTLS_SSL_TLS_C)
-int main( void )
+int main(void)
{
printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_ERROR_C and/or "
"MBEDTLS_SSL_TLS_C not defined.\n");
- return( 0 );
+ return 0;
}
#else
@@ -65,18 +65,18 @@
/*
* Flags copied from the Mbed TLS library.
*/
-#define SESSION_CONFIG_TIME_BIT ( 1 << 0 )
-#define SESSION_CONFIG_CRT_BIT ( 1 << 1 )
-#define SESSION_CONFIG_CLIENT_TICKET_BIT ( 1 << 2 )
-#define SESSION_CONFIG_MFL_BIT ( 1 << 3 )
-#define SESSION_CONFIG_TRUNC_HMAC_BIT ( 1 << 4 )
-#define SESSION_CONFIG_ETM_BIT ( 1 << 5 )
-#define SESSION_CONFIG_TICKET_BIT ( 1 << 6 )
+#define SESSION_CONFIG_TIME_BIT (1 << 0)
+#define SESSION_CONFIG_CRT_BIT (1 << 1)
+#define SESSION_CONFIG_CLIENT_TICKET_BIT (1 << 2)
+#define SESSION_CONFIG_MFL_BIT (1 << 3)
+#define SESSION_CONFIG_TRUNC_HMAC_BIT (1 << 4)
+#define SESSION_CONFIG_ETM_BIT (1 << 5)
+#define SESSION_CONFIG_TICKET_BIT (1 << 6)
-#define CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT ( 1 << 0 )
-#define CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT ( 1 << 1 )
-#define CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT ( 1 << 2 )
-#define CONTEXT_CONFIG_ALPN_BIT ( 1 << 3 )
+#define CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT (1 << 0)
+#define CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT (1 << 1)
+#define CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT (1 << 2)
+#define CONTEXT_CONFIG_ALPN_BIT (1 << 3)
#define TRANSFORM_RANDBYTE_LEN 64
@@ -91,28 +91,28 @@
#define MAX_CONTEXT_LEN 875 /* without session data */
#define MAX_SESSION_LEN 109 /* without certificate and ticket data */
-#define MAX_CERTIFICATE_LEN ( ( 1 << 24 ) - 1 )
-#define MAX_TICKET_LEN ( ( 1 << 24 ) - 1 )
+#define MAX_CERTIFICATE_LEN ((1 << 24) - 1)
+#define MAX_TICKET_LEN ((1 << 24) - 1)
-#define MIN_SERIALIZED_DATA ( MIN_CONTEXT_LEN + MIN_SESSION_LEN )
-#define MAX_SERIALIZED_DATA ( MAX_CONTEXT_LEN + MAX_SESSION_LEN + \
- MAX_CERTIFICATE_LEN + MAX_TICKET_LEN )
+#define MIN_SERIALIZED_DATA (MIN_CONTEXT_LEN + MIN_SESSION_LEN)
+#define MAX_SERIALIZED_DATA (MAX_CONTEXT_LEN + MAX_SESSION_LEN + \
+ MAX_CERTIFICATE_LEN + MAX_TICKET_LEN)
-#define MIN_BASE64_LEN ( MIN_SERIALIZED_DATA * 4 / 3 )
-#define MAX_BASE64_LEN ( MAX_SERIALIZED_DATA * 4 / 3 + 3 )
+#define MIN_BASE64_LEN (MIN_SERIALIZED_DATA * 4 / 3)
+#define MAX_BASE64_LEN (MAX_SERIALIZED_DATA * 4 / 3 + 3)
/*
* A macro that prevents from reading out of the ssl buffer range.
*/
-#define CHECK_SSL_END( LEN ) \
-do \
-{ \
- if( end - ssl < (int)( LEN ) ) \
- { \
- printf_err( "%s", buf_ln_err ); \
- return; \
- } \
-} while( 0 )
+#define CHECK_SSL_END(LEN) \
+ do \
+ { \
+ if (end - ssl < (int) (LEN)) \
+ { \
+ printf_err("%s", buf_ln_err); \
+ return; \
+ } \
+ } while (0)
/*
* Global values
@@ -127,17 +127,17 @@
/*
* Basic printing functions
*/
-void print_version( )
+void print_version()
{
- printf( "%s v%d.%d\n", PROG_NAME, VER_MAJOR, VER_MINOR );
+ printf("%s v%d.%d\n", PROG_NAME, VER_MAJOR, VER_MINOR);
}
-void print_usage( )
+void print_usage()
{
print_version();
- printf( "\nThis program is used to deserialize an Mbed TLS SSL session from the base64 code provided\n"
- "in the text file. The program can deserialize many codes from one file, but they must be\n"
- "separated, e.g. by a newline.\n\n" );
+ printf("\nThis program is used to deserialize an Mbed TLS SSL session from the base64 code provided\n"
+ "in the text file. The program can deserialize many codes from one file, but they must be\n"
+ "separated, e.g. by a newline.\n\n");
printf(
"Usage:\n"
"\t-f path - Path to the file with base64 code\n"
@@ -151,32 +151,31 @@
"\t--dtls-protocol=0 - Use this option if you know that the Mbed TLS library\n"
"\t has been compiled without the MBEDTLS_SSL_PROTO_DTLS flag\n"
"\n"
- );
+ );
}
-void printf_dbg( const char *str, ... )
+void printf_dbg(const char *str, ...)
{
- if( debug )
- {
+ if (debug) {
va_list args;
- va_start( args, str );
- printf( "debug: " );
- vprintf( str, args );
- fflush( stdout );
- va_end( args );
+ va_start(args, str);
+ printf("debug: ");
+ vprintf(str, args);
+ fflush(stdout);
+ va_end(args);
}
}
-MBEDTLS_PRINTF_ATTRIBUTE( 1, 2 )
-void printf_err( const char *str, ... )
+MBEDTLS_PRINTF_ATTRIBUTE(1, 2)
+void printf_err(const char *str, ...)
{
va_list args;
- va_start( args, str );
- fflush( stdout );
- fprintf( stderr, "ERROR: " );
- vfprintf( stderr, str, args );
- fflush( stderr );
- va_end( args );
+ va_start(args, str);
+ fflush(stdout);
+ fprintf(stderr, "ERROR: ");
+ vfprintf(stderr, str, args);
+ fflush(stderr);
+ va_end(args);
}
/*
@@ -184,70 +183,51 @@
*/
void error_exit()
{
- if( NULL != b64_file )
- {
- fclose( b64_file );
+ if (NULL != b64_file) {
+ fclose(b64_file);
}
- exit( -1 );
+ exit(-1);
}
/*
* This function takes the input arguments of this program
*/
-void parse_arguments( int argc, char *argv[] )
+void parse_arguments(int argc, char *argv[])
{
int i = 1;
- if( argc < 2 )
- {
+ if (argc < 2) {
print_usage();
error_exit();
}
- while( i < argc )
- {
- if( strcmp( argv[i], "-d" ) == 0 )
- {
+ while (i < argc) {
+ if (strcmp(argv[i], "-d") == 0) {
debug = 1;
- }
- else if( strcmp( argv[i], "-h" ) == 0 )
- {
+ } else if (strcmp(argv[i], "-h") == 0) {
print_usage();
- }
- else if( strcmp( argv[i], "-v" ) == 0 )
- {
+ } else if (strcmp(argv[i], "-v") == 0) {
print_version();
- }
- else if( strcmp( argv[i], "-f" ) == 0 )
- {
- if( ++i >= argc )
- {
- printf_err( "File path is empty\n" );
+ } else if (strcmp(argv[i], "-f") == 0) {
+ if (++i >= argc) {
+ printf_err("File path is empty\n");
error_exit();
}
- if( NULL != b64_file )
- {
- printf_err( "Cannot specify more than one file with -f\n" );
- error_exit( );
- }
-
- if( ( b64_file = fopen( argv[i], "r" )) == NULL )
- {
- printf_err( "Cannot find file \"%s\"\n", argv[i] );
+ if (NULL != b64_file) {
+ printf_err("Cannot specify more than one file with -f\n");
error_exit();
}
- }
- else if( strcmp( argv[i], "--keep-peer-cert=0" ) == 0 )
- {
+
+ if ((b64_file = fopen(argv[i], "r")) == NULL) {
+ printf_err("Cannot find file \"%s\"\n", argv[i]);
+ error_exit();
+ }
+ } else if (strcmp(argv[i], "--keep-peer-cert=0") == 0) {
conf_keep_peer_certificate = 0;
- }
- else if( strcmp( argv[i], "--dtls-protocol=0" ) == 0 )
- {
+ } else if (strcmp(argv[i], "--dtls-protocol=0") == 0) {
conf_dtls_proto = 0;
- }
- else
- {
+ } else {
print_usage();
error_exit();
}
@@ -259,22 +239,20 @@
/*
* This function prints base64 code to the stdout
*/
-void print_b64( const uint8_t *b, size_t len )
+void print_b64(const uint8_t *b, size_t len)
{
size_t i = 0;
const uint8_t *end = b + len;
printf("\t");
- while( b < end )
- {
- if( ++i > 75 )
- {
- printf( "\n\t" );
+ while (b < end) {
+ if (++i > 75) {
+ printf("\n\t");
i = 0;
}
- printf( "%c", *b++ );
+ printf("%c", *b++);
}
- printf( "\n" );
- fflush( stdout );
+ printf("\n");
+ fflush(stdout);
}
/*
@@ -285,25 +263,22 @@
* /p in_line number of bytes in one line
* /p prefix prefix for the new lines
*/
-void print_hex( const uint8_t *b, size_t len,
- const size_t in_line, const char *prefix )
+void print_hex(const uint8_t *b, size_t len,
+ const size_t in_line, const char *prefix)
{
size_t i = 0;
const uint8_t *end = b + len;
- if( prefix == NULL )
- {
+ if (prefix == NULL) {
prefix = "";
}
- while( b < end )
- {
- if( ++i > in_line )
- {
- printf( "\n%s", prefix );
+ while (b < end) {
+ if (++i > in_line) {
+ printf("\n%s", prefix);
i = 1;
}
- printf( "%02X ", (uint8_t) *b++ );
+ printf("%02X ", (uint8_t) *b++);
}
printf("\n");
fflush(stdout);
@@ -312,53 +287,48 @@
/*
* Print the value of time_t in format e.g. 2020-01-23 13:05:59
*/
-void print_time( const uint64_t *time )
+void print_time(const uint64_t *time)
{
#if defined(MBEDTLS_HAVE_TIME)
char buf[20];
- struct tm *t = gmtime( (time_t*) time );
+ struct tm *t = gmtime((time_t *) time);
static const char format[] = "%Y-%m-%d %H:%M:%S";
- if( NULL != t )
- {
- strftime( buf, sizeof( buf ), format, t );
- printf( "%s\n", buf );
- }
- else
- {
- printf( "unknown\n" );
+ if (NULL != t) {
+ strftime(buf, sizeof(buf), format, t);
+ printf("%s\n", buf);
+ } else {
+ printf("unknown\n");
}
#else
(void) time;
- printf( "not supported\n" );
+ printf("not supported\n");
#endif
}
/*
* Print the input string if the bit is set in the value
*/
-void print_if_bit( const char *str, int bit, int val )
+void print_if_bit(const char *str, int bit, int val)
{
- if( bit & val )
- {
- printf( "\t%s\n", str );
+ if (bit & val) {
+ printf("\t%s\n", str);
}
}
/*
* Return pointer to hardcoded "enabled" or "disabled" depending on the input value
*/
-const char * get_enabled_str( int is_en )
+const char *get_enabled_str(int is_en)
{
- return ( is_en ) ? "enabled" : "disabled";
+ return (is_en) ? "enabled" : "disabled";
}
/*
* Return pointer to hardcoded MFL string value depending on the MFL code at the input
*/
-const char * get_mfl_str( int mfl_code )
+const char *get_mfl_str(int mfl_code)
{
- switch( mfl_code )
- {
+ switch (mfl_code) {
case MBEDTLS_SSL_MAX_FRAG_LEN_NONE:
return "none";
case MBEDTLS_SSL_MAX_FRAG_LEN_512:
@@ -389,125 +359,95 @@
* \retval number of bytes written in to the b64 buffer or 0 in case no more
* data was found
*/
-size_t read_next_b64_code( uint8_t **b64, size_t *max_len )
+size_t read_next_b64_code(uint8_t **b64, size_t *max_len)
{
int valid_balance = 0; /* balance between valid and invalid characters */
size_t len = 0;
char pad = 0;
int c = 0;
- while( EOF != c )
- {
+ while (EOF != c) {
char c_valid = 0;
- c = fgetc( b64_file );
+ c = fgetc(b64_file);
- if( pad > 0 )
- {
- if( c == '=' && pad == 1 )
- {
+ if (pad > 0) {
+ if (c == '=' && pad == 1) {
c_valid = 1;
pad = 2;
}
- }
- else if( ( c >= 'A' && c <= 'Z' ) ||
- ( c >= 'a' && c <= 'z' ) ||
- ( c >= '0' && c <= '9' ) ||
- c == '+' || c == '/' )
- {
+ } else if ((c >= 'A' && c <= 'Z') ||
+ (c >= 'a' && c <= 'z') ||
+ (c >= '0' && c <= '9') ||
+ c == '+' || c == '/') {
c_valid = 1;
- }
- else if( c == '=' )
- {
+ } else if (c == '=') {
c_valid = 1;
pad = 1;
- }
- else if( c == '-' )
- {
+ } else if (c == '-') {
c = '+';
c_valid = 1;
- }
- else if( c == '_' )
- {
+ } else if (c == '_') {
c = '/';
c_valid = 1;
}
- if( c_valid )
- {
+ if (c_valid) {
/* A string of characters that could be a base64 code. */
valid_balance++;
- if( len < *max_len )
- {
- ( *b64 )[ len++ ] = c;
- }
- else if( *max_len < MAX_BASE64_LEN )
- {
+ if (len < *max_len) {
+ (*b64)[len++] = c;
+ } else if (*max_len < MAX_BASE64_LEN) {
/* Current buffer is too small, but can be resized. */
void *ptr;
- size_t new_size = ( MAX_BASE64_LEN - 4096 > *max_len ) ?
+ size_t new_size = (MAX_BASE64_LEN - 4096 > *max_len) ?
*max_len + 4096 : MAX_BASE64_LEN;
- ptr = realloc( *b64, new_size );
- if( NULL == ptr )
- {
- printf_err( alloc_err );
+ ptr = realloc(*b64, new_size);
+ if (NULL == ptr) {
+ printf_err(alloc_err);
return 0;
}
*b64 = ptr;
*max_len = new_size;
- ( *b64 )[ len++ ] = c;
- }
- else
- {
+ (*b64)[len++] = c;
+ } else {
/* Too much data so it will be treated as invalid */
len++;
}
- }
- else if( len > 0 )
- {
+ } else if (len > 0) {
/* End of a string that could be a base64 code, but need to check
* that the length of the characters is correct. */
valid_balance--;
- if( len < MIN_CONTEXT_LEN )
- {
- printf_dbg( "The code found is too small to be a SSL context.\n" );
+ if (len < MIN_CONTEXT_LEN) {
+ printf_dbg("The code found is too small to be a SSL context.\n");
len = pad = 0;
- }
- else if( len > *max_len )
- {
- printf_err( "The code found is too large by %" MBEDTLS_PRINTF_SIZET " bytes.\n",
- len - *max_len );
+ } else if (len > *max_len) {
+ printf_err("The code found is too large by %" MBEDTLS_PRINTF_SIZET " bytes.\n",
+ len - *max_len);
len = pad = 0;
- }
- else if( len % 4 != 0 )
- {
- printf_err( "The length of the base64 code found should be a multiple of 4.\n" );
+ } else if (len % 4 != 0) {
+ printf_err("The length of the base64 code found should be a multiple of 4.\n");
len = pad = 0;
- }
- else
- {
+ } else {
/* Base64 code with valid character length. */
return len;
}
- }
- else
- {
+ } else {
valid_balance--;
}
/* Detection of potentially wrong file format like: binary, zip, ISO, etc. */
- if( valid_balance < -100 )
- {
- printf_err( "Too many bad symbols detected. File check aborted.\n" );
+ if (valid_balance < -100) {
+ printf_err("Too many bad symbols detected. File check aborted.\n");
return 0;
}
}
- printf_dbg( "End of file\n" );
+ printf_dbg("End of file\n");
return 0;
}
@@ -517,53 +457,45 @@
*
* /p ssl pointer to serialized certificate
* /p len number of bytes in the buffer
-*/
-void print_deserialized_ssl_cert( const uint8_t *ssl, uint32_t len )
+ */
+void print_deserialized_ssl_cert(const uint8_t *ssl, uint32_t len)
{
enum { STRLEN = 4096 };
mbedtls_x509_crt crt;
int ret;
char str[STRLEN];
- printf( "\nCertificate:\n" );
+ printf("\nCertificate:\n");
- mbedtls_x509_crt_init( &crt );
- ret = mbedtls_x509_crt_parse_der( &crt, ssl, len );
- if( 0 != ret )
- {
- mbedtls_strerror( ret, str, STRLEN );
- printf_err( "Invalid format of X.509 - %s\n", str );
- printf( "Cannot deserialize:\n\t" );
- print_hex( ssl, len, 25, "\t" );
- }
- else
- {
+ mbedtls_x509_crt_init(&crt);
+ ret = mbedtls_x509_crt_parse_der(&crt, ssl, len);
+ if (0 != ret) {
+ mbedtls_strerror(ret, str, STRLEN);
+ printf_err("Invalid format of X.509 - %s\n", str);
+ printf("Cannot deserialize:\n\t");
+ print_hex(ssl, len, 25, "\t");
+ } else {
mbedtls_x509_crt *current = &crt;
- while( current != NULL )
- {
- ret = mbedtls_x509_crt_info( str, STRLEN, "\t", current );
- if( 0 > ret )
- {
- mbedtls_strerror( ret, str, STRLEN );
- printf_err( "Cannot write to the output - %s\n", str );
- }
- else
- {
- printf( "%s", str );
+ while (current != NULL) {
+ ret = mbedtls_x509_crt_info(str, STRLEN, "\t", current);
+ if (0 > ret) {
+ mbedtls_strerror(ret, str, STRLEN);
+ printf_err("Cannot write to the output - %s\n", str);
+ } else {
+ printf("%s", str);
}
current = current->next;
- if( current )
- {
- printf( "\n" );
+ if (current) {
+ printf("\n");
}
}
}
- mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free(&crt);
}
/*
@@ -591,227 +523,203 @@
* /p len number of bytes in the buffer
* /p session_cfg_flag session configuration flags
*/
-void print_deserialized_ssl_session( const uint8_t *ssl, uint32_t len,
- int session_cfg_flag )
+void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len,
+ int session_cfg_flag)
{
- const struct mbedtls_ssl_ciphersuite_t * ciphersuite_info;
+ const struct mbedtls_ssl_ciphersuite_t *ciphersuite_info;
int ciphersuite_id;
uint32_t cert_len, ticket_len;
uint32_t verify_result, ticket_lifetime;
const uint8_t *end = ssl + len;
- printf( "\nSession info:\n" );
+ printf("\nSession info:\n");
- if( session_cfg_flag & SESSION_CONFIG_TIME_BIT )
- {
+ if (session_cfg_flag & SESSION_CONFIG_TIME_BIT) {
uint64_t start;
- CHECK_SSL_END( 8 );
- start = ( (uint64_t) ssl[0] << 56 ) |
- ( (uint64_t) ssl[1] << 48 ) |
- ( (uint64_t) ssl[2] << 40 ) |
- ( (uint64_t) ssl[3] << 32 ) |
- ( (uint64_t) ssl[4] << 24 ) |
- ( (uint64_t) ssl[5] << 16 ) |
- ( (uint64_t) ssl[6] << 8 ) |
- ( (uint64_t) ssl[7] );
+ CHECK_SSL_END(8);
+ start = ((uint64_t) ssl[0] << 56) |
+ ((uint64_t) ssl[1] << 48) |
+ ((uint64_t) ssl[2] << 40) |
+ ((uint64_t) ssl[3] << 32) |
+ ((uint64_t) ssl[4] << 24) |
+ ((uint64_t) ssl[5] << 16) |
+ ((uint64_t) ssl[6] << 8) |
+ ((uint64_t) ssl[7]);
ssl += 8;
- printf( "\tstart time : " );
- print_time( &start );
+ printf("\tstart time : ");
+ print_time(&start);
}
- CHECK_SSL_END( 2 );
- ciphersuite_id = ( (int) ssl[0] << 8 ) | (int) ssl[1];
- printf_dbg( "Ciphersuite ID: %d\n", ciphersuite_id );
+ CHECK_SSL_END(2);
+ ciphersuite_id = ((int) ssl[0] << 8) | (int) ssl[1];
+ printf_dbg("Ciphersuite ID: %d\n", ciphersuite_id);
ssl += 2;
- ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
- if( ciphersuite_info == NULL )
- {
- printf_err( "Cannot find ciphersuite info\n" );
- }
- else
- {
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
+ if (ciphersuite_info == NULL) {
+ printf_err("Cannot find ciphersuite info\n");
+ } else {
const mbedtls_cipher_info_t *cipher_info;
const mbedtls_md_info_t *md_info;
- printf( "\tciphersuite : %s\n", ciphersuite_info->name );
- printf( "\tcipher flags : 0x%02X\n", ciphersuite_info->flags );
+ printf("\tciphersuite : %s\n", ciphersuite_info->name);
+ printf("\tcipher flags : 0x%02X\n", ciphersuite_info->flags);
- cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
- if( cipher_info == NULL )
- {
- printf_err( "Cannot find cipher info\n" );
- }
- else
- {
- printf( "\tcipher : %s\n", cipher_info->name );
+ cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher);
+ if (cipher_info == NULL) {
+ printf_err("Cannot find cipher info\n");
+ } else {
+ printf("\tcipher : %s\n", cipher_info->name);
}
- md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
- if( md_info == NULL )
- {
- printf_err( "Cannot find Message-Digest info\n" );
- }
- else
- {
- printf( "\tMessage-Digest : %s\n", md_info->name );
+ md_info = mbedtls_md_info_from_type(ciphersuite_info->mac);
+ if (md_info == NULL) {
+ printf_err("Cannot find Message-Digest info\n");
+ } else {
+ printf("\tMessage-Digest : %s\n", md_info->name);
}
}
- CHECK_SSL_END( 1 );
- printf( "\tcompression : %s\n", get_enabled_str( *ssl++ ) );
+ CHECK_SSL_END(1);
+ printf("\tcompression : %s\n", get_enabled_str(*ssl++));
/* Note - Here we can get session ID length from serialized data, but we
* use hardcoded 32-bytes length. This approach was taken from
* 'mbedtls_ssl_session_load()'. */
- CHECK_SSL_END( 1 + 32 );
- printf_dbg( "Session id length: %u\n", (uint32_t) *ssl++ );
- printf( "\tsession ID : ");
- print_hex( ssl, 32, 16, "\t " );
+ CHECK_SSL_END(1 + 32);
+ printf_dbg("Session id length: %u\n", (uint32_t) *ssl++);
+ printf("\tsession ID : ");
+ print_hex(ssl, 32, 16, "\t ");
ssl += 32;
- printf( "\tmaster secret : ");
- CHECK_SSL_END( 48 );
- print_hex( ssl, 48, 16, "\t " );
+ printf("\tmaster secret : ");
+ CHECK_SSL_END(48);
+ print_hex(ssl, 48, 16, "\t ");
ssl += 48;
- CHECK_SSL_END( 4 );
- verify_result = ( (uint32_t) ssl[0] << 24 ) |
- ( (uint32_t) ssl[1] << 16 ) |
- ( (uint32_t) ssl[2] << 8 ) |
- ( (uint32_t) ssl[3] );
+ CHECK_SSL_END(4);
+ verify_result = ((uint32_t) ssl[0] << 24) |
+ ((uint32_t) ssl[1] << 16) |
+ ((uint32_t) ssl[2] << 8) |
+ ((uint32_t) ssl[3]);
ssl += 4;
- printf( "\tverify result : 0x%08X\n", verify_result );
+ printf("\tverify result : 0x%08X\n", verify_result);
- if( SESSION_CONFIG_CRT_BIT & session_cfg_flag )
- {
- if( conf_keep_peer_certificate )
- {
- CHECK_SSL_END( 3 );
- cert_len = ( (uint32_t) ssl[0] << 16 ) |
- ( (uint32_t) ssl[1] << 8 ) |
- ( (uint32_t) ssl[2] );
+ if (SESSION_CONFIG_CRT_BIT & session_cfg_flag) {
+ if (conf_keep_peer_certificate) {
+ CHECK_SSL_END(3);
+ cert_len = ((uint32_t) ssl[0] << 16) |
+ ((uint32_t) ssl[1] << 8) |
+ ((uint32_t) ssl[2]);
ssl += 3;
- printf_dbg( "Certificate length: %u\n", cert_len );
+ printf_dbg("Certificate length: %u\n", cert_len);
- if( cert_len > 0 )
- {
- CHECK_SSL_END( cert_len );
- print_deserialized_ssl_cert( ssl, cert_len );
+ if (cert_len > 0) {
+ CHECK_SSL_END(cert_len);
+ print_deserialized_ssl_cert(ssl, cert_len);
ssl += cert_len;
}
- }
- else
- {
- printf( "\tPeer digest : " );
+ } else {
+ printf("\tPeer digest : ");
- CHECK_SSL_END( 1 );
- switch( (mbedtls_md_type_t) *ssl++ )
- {
+ CHECK_SSL_END(1);
+ switch ((mbedtls_md_type_t) *ssl++) {
case MBEDTLS_MD_NONE:
- printf( "none\n" );
+ printf("none\n");
break;
case MBEDTLS_MD_MD2:
- printf( "MD2\n" );
+ printf("MD2\n");
break;
case MBEDTLS_MD_MD4:
- printf( "MD4\n" );
+ printf("MD4\n");
break;
case MBEDTLS_MD_MD5:
- printf( "MD5\n" );
+ printf("MD5\n");
break;
case MBEDTLS_MD_SHA1:
- printf( "SHA1\n" );
+ printf("SHA1\n");
break;
case MBEDTLS_MD_SHA224:
- printf( "SHA224\n" );
+ printf("SHA224\n");
break;
case MBEDTLS_MD_SHA256:
- printf( "SHA256\n" );
+ printf("SHA256\n");
break;
case MBEDTLS_MD_SHA384:
- printf( "SHA384\n" );
+ printf("SHA384\n");
break;
case MBEDTLS_MD_SHA512:
- printf( "SHA512\n" );
+ printf("SHA512\n");
break;
case MBEDTLS_MD_RIPEMD160:
- printf( "RIPEMD160\n" );
+ printf("RIPEMD160\n");
break;
default:
- printf( "undefined or erroneous\n" );
+ printf("undefined or erroneous\n");
break;
}
- CHECK_SSL_END( 1 );
+ CHECK_SSL_END(1);
cert_len = (uint32_t) *ssl++;
- printf_dbg( "Message-Digest length: %u\n", cert_len );
+ printf_dbg("Message-Digest length: %u\n", cert_len);
- if( cert_len > 0 )
- {
- printf( "\tPeer digest cert : " );
- CHECK_SSL_END( cert_len );
- print_hex( ssl, cert_len, 16, "\t " );
+ if (cert_len > 0) {
+ printf("\tPeer digest cert : ");
+ CHECK_SSL_END(cert_len);
+ print_hex(ssl, cert_len, 16, "\t ");
ssl += cert_len;
}
}
}
- if( SESSION_CONFIG_CLIENT_TICKET_BIT & session_cfg_flag )
- {
- printf( "\nTicket:\n" );
+ if (SESSION_CONFIG_CLIENT_TICKET_BIT & session_cfg_flag) {
+ printf("\nTicket:\n");
- CHECK_SSL_END( 3 );
- ticket_len = ( (uint32_t) ssl[0] << 16 ) |
- ( (uint32_t) ssl[1] << 8 ) |
- ( (uint32_t) ssl[2] );
+ CHECK_SSL_END(3);
+ ticket_len = ((uint32_t) ssl[0] << 16) |
+ ((uint32_t) ssl[1] << 8) |
+ ((uint32_t) ssl[2]);
ssl += 3;
- printf_dbg( "Ticket length: %u\n", ticket_len );
+ printf_dbg("Ticket length: %u\n", ticket_len);
- if( ticket_len > 0 )
- {
- printf( "\t" );
- CHECK_SSL_END( ticket_len );
- print_hex( ssl, ticket_len, 22, "\t" );
+ if (ticket_len > 0) {
+ printf("\t");
+ CHECK_SSL_END(ticket_len);
+ print_hex(ssl, ticket_len, 22, "\t");
ssl += ticket_len;
- printf( "\n" );
+ printf("\n");
}
- CHECK_SSL_END( 4 );
- ticket_lifetime = ( (uint32_t) ssl[0] << 24 ) |
- ( (uint32_t) ssl[1] << 16 ) |
- ( (uint32_t) ssl[2] << 8 ) |
- ( (uint32_t) ssl[3] );
+ CHECK_SSL_END(4);
+ ticket_lifetime = ((uint32_t) ssl[0] << 24) |
+ ((uint32_t) ssl[1] << 16) |
+ ((uint32_t) ssl[2] << 8) |
+ ((uint32_t) ssl[3]);
ssl += 4;
- printf( "\tlifetime : %u sec.\n", ticket_lifetime );
+ printf("\tlifetime : %u sec.\n", ticket_lifetime);
}
- if( ssl < end )
- {
- printf( "\nSession others:\n" );
+ if (ssl < end) {
+ printf("\nSession others:\n");
}
- if( SESSION_CONFIG_MFL_BIT & session_cfg_flag )
- {
- CHECK_SSL_END( 1 );
- printf( "\tMFL : %s\n", get_mfl_str( *ssl++ ) );
+ if (SESSION_CONFIG_MFL_BIT & session_cfg_flag) {
+ CHECK_SSL_END(1);
+ printf("\tMFL : %s\n", get_mfl_str(*ssl++));
}
- if( SESSION_CONFIG_TRUNC_HMAC_BIT & session_cfg_flag )
- {
- CHECK_SSL_END( 1 );
- printf( "\tnegotiate truncated HMAC : %s\n", get_enabled_str( *ssl++ ) );
+ if (SESSION_CONFIG_TRUNC_HMAC_BIT & session_cfg_flag) {
+ CHECK_SSL_END(1);
+ printf("\tnegotiate truncated HMAC : %s\n", get_enabled_str(*ssl++));
}
- if( SESSION_CONFIG_ETM_BIT & session_cfg_flag )
- {
- CHECK_SSL_END( 1 );
- printf( "\tEncrypt-then-MAC : %s\n", get_enabled_str( *ssl++ ) );
+ if (SESSION_CONFIG_ETM_BIT & session_cfg_flag) {
+ CHECK_SSL_END(1);
+ printf("\tEncrypt-then-MAC : %s\n", get_enabled_str(*ssl++));
}
- if( 0 != ( end - ssl ) )
- {
- printf_err( "%i bytes left to analyze from session\n", (int32_t)( end - ssl ) );
+ if (0 != (end - ssl)) {
+ printf_err("%i bytes left to analyze from session\n", (int32_t) (end - ssl));
}
}
@@ -848,189 +756,179 @@
* /p ssl pointer to serialized session
* /p len number of bytes in the buffer
*/
-void print_deserialized_ssl_context( const uint8_t *ssl, size_t len )
+void print_deserialized_ssl_context(const uint8_t *ssl, size_t len)
{
const uint8_t *end = ssl + len;
uint32_t session_len;
int session_cfg_flag;
int context_cfg_flag;
- printf( "\nMbed TLS version:\n" );
+ printf("\nMbed TLS version:\n");
- CHECK_SSL_END( 3 + 2 + 3 );
+ CHECK_SSL_END(3 + 2 + 3);
- printf( "\tmajor %u\n", (uint32_t) *ssl++ );
- printf( "\tminor %u\n", (uint32_t) *ssl++ );
- printf( "\tpath %u\n", (uint32_t) *ssl++ );
+ printf("\tmajor %u\n", (uint32_t) *ssl++);
+ printf("\tminor %u\n", (uint32_t) *ssl++);
+ printf("\tpath %u\n", (uint32_t) *ssl++);
- printf( "\nEnabled session and context configuration:\n" );
+ printf("\nEnabled session and context configuration:\n");
- session_cfg_flag = ( (int) ssl[0] << 8 ) | ( (int) ssl[1] );
+ session_cfg_flag = ((int) ssl[0] << 8) | ((int) ssl[1]);
ssl += 2;
- context_cfg_flag = ( (int) ssl[0] << 16 ) |
- ( (int) ssl[1] << 8 ) |
- ( (int) ssl[2] ) ;
+ context_cfg_flag = ((int) ssl[0] << 16) |
+ ((int) ssl[1] << 8) |
+ ((int) ssl[2]);
ssl += 3;
- printf_dbg( "Session config flags 0x%04X\n", session_cfg_flag );
- printf_dbg( "Context config flags 0x%06X\n", context_cfg_flag );
+ printf_dbg("Session config flags 0x%04X\n", session_cfg_flag);
+ printf_dbg("Context config flags 0x%06X\n", context_cfg_flag);
- print_if_bit( "MBEDTLS_HAVE_TIME", SESSION_CONFIG_TIME_BIT, session_cfg_flag );
- print_if_bit( "MBEDTLS_X509_CRT_PARSE_C", SESSION_CONFIG_CRT_BIT, session_cfg_flag );
- print_if_bit( "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH", SESSION_CONFIG_MFL_BIT, session_cfg_flag );
- print_if_bit( "MBEDTLS_SSL_TRUNCATED_HMAC", SESSION_CONFIG_TRUNC_HMAC_BIT, session_cfg_flag );
- print_if_bit( "MBEDTLS_SSL_ENCRYPT_THEN_MAC", SESSION_CONFIG_ETM_BIT, session_cfg_flag );
- print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS", SESSION_CONFIG_TICKET_BIT, session_cfg_flag );
- print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS and client", SESSION_CONFIG_CLIENT_TICKET_BIT, session_cfg_flag );
+ print_if_bit("MBEDTLS_HAVE_TIME", SESSION_CONFIG_TIME_BIT, session_cfg_flag);
+ print_if_bit("MBEDTLS_X509_CRT_PARSE_C", SESSION_CONFIG_CRT_BIT, session_cfg_flag);
+ print_if_bit("MBEDTLS_SSL_MAX_FRAGMENT_LENGTH", SESSION_CONFIG_MFL_BIT, session_cfg_flag);
+ print_if_bit("MBEDTLS_SSL_TRUNCATED_HMAC", SESSION_CONFIG_TRUNC_HMAC_BIT, session_cfg_flag);
+ print_if_bit("MBEDTLS_SSL_ENCRYPT_THEN_MAC", SESSION_CONFIG_ETM_BIT, session_cfg_flag);
+ print_if_bit("MBEDTLS_SSL_SESSION_TICKETS", SESSION_CONFIG_TICKET_BIT, session_cfg_flag);
+ print_if_bit("MBEDTLS_SSL_SESSION_TICKETS and client",
+ SESSION_CONFIG_CLIENT_TICKET_BIT,
+ session_cfg_flag);
- print_if_bit( "MBEDTLS_SSL_DTLS_CONNECTION_ID", CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT, context_cfg_flag );
- print_if_bit( "MBEDTLS_SSL_DTLS_BADMAC_LIMIT", CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT, context_cfg_flag );
- print_if_bit( "MBEDTLS_SSL_DTLS_ANTI_REPLAY", CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT, context_cfg_flag );
- print_if_bit( "MBEDTLS_SSL_ALPN", CONTEXT_CONFIG_ALPN_BIT, context_cfg_flag );
+ print_if_bit("MBEDTLS_SSL_DTLS_CONNECTION_ID",
+ CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT,
+ context_cfg_flag);
+ print_if_bit("MBEDTLS_SSL_DTLS_BADMAC_LIMIT",
+ CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT,
+ context_cfg_flag);
+ print_if_bit("MBEDTLS_SSL_DTLS_ANTI_REPLAY",
+ CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT,
+ context_cfg_flag);
+ print_if_bit("MBEDTLS_SSL_ALPN", CONTEXT_CONFIG_ALPN_BIT, context_cfg_flag);
- CHECK_SSL_END( 4 );
- session_len = ( (uint32_t) ssl[0] << 24 ) |
- ( (uint32_t) ssl[1] << 16 ) |
- ( (uint32_t) ssl[2] << 8 ) |
- ( (uint32_t) ssl[3] );
+ CHECK_SSL_END(4);
+ session_len = ((uint32_t) ssl[0] << 24) |
+ ((uint32_t) ssl[1] << 16) |
+ ((uint32_t) ssl[2] << 8) |
+ ((uint32_t) ssl[3]);
ssl += 4;
- printf_dbg( "Session length %u\n", session_len );
+ printf_dbg("Session length %u\n", session_len);
- CHECK_SSL_END( session_len );
- print_deserialized_ssl_session( ssl, session_len, session_cfg_flag );
+ CHECK_SSL_END(session_len);
+ print_deserialized_ssl_session(ssl, session_len, session_cfg_flag);
ssl += session_len;
- printf( "\nRandom bytes:\n\t");
+ printf("\nRandom bytes:\n\t");
- CHECK_SSL_END( TRANSFORM_RANDBYTE_LEN );
- print_hex( ssl, TRANSFORM_RANDBYTE_LEN, 22, "\t" );
+ CHECK_SSL_END(TRANSFORM_RANDBYTE_LEN);
+ print_hex(ssl, TRANSFORM_RANDBYTE_LEN, 22, "\t");
ssl += TRANSFORM_RANDBYTE_LEN;
- printf( "\nContext others:\n" );
+ printf("\nContext others:\n");
- if( CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT & context_cfg_flag )
- {
+ if (CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT & context_cfg_flag) {
uint8_t cid_len;
- CHECK_SSL_END( 1 );
+ CHECK_SSL_END(1);
cid_len = *ssl++;
- printf_dbg( "In CID length %u\n", (uint32_t) cid_len );
+ printf_dbg("In CID length %u\n", (uint32_t) cid_len);
- printf( "\tin CID : " );
- if( cid_len > 0 )
- {
- CHECK_SSL_END( cid_len );
- print_hex( ssl, cid_len, 20, "\t" );
+ printf("\tin CID : ");
+ if (cid_len > 0) {
+ CHECK_SSL_END(cid_len);
+ print_hex(ssl, cid_len, 20, "\t");
ssl += cid_len;
- }
- else
- {
- printf( "none\n" );
+ } else {
+ printf("none\n");
}
- CHECK_SSL_END( 1 );
+ CHECK_SSL_END(1);
cid_len = *ssl++;
- printf_dbg( "Out CID length %u\n", (uint32_t) cid_len );
+ printf_dbg("Out CID length %u\n", (uint32_t) cid_len);
- printf( "\tout CID : " );
- if( cid_len > 0 )
- {
- CHECK_SSL_END( cid_len );
- print_hex( ssl, cid_len, 20, "\t" );
+ printf("\tout CID : ");
+ if (cid_len > 0) {
+ CHECK_SSL_END(cid_len);
+ print_hex(ssl, cid_len, 20, "\t");
ssl += cid_len;
- }
- else
- {
- printf( "none\n" );
+ } else {
+ printf("none\n");
}
}
- if( CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT & context_cfg_flag )
- {
+ if (CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT & context_cfg_flag) {
uint32_t badmac_seen;
- CHECK_SSL_END( 4 );
- badmac_seen = ( (uint32_t) ssl[0] << 24 ) |
- ( (uint32_t) ssl[1] << 16 ) |
- ( (uint32_t) ssl[2] << 8 ) |
- ( (uint32_t) ssl[3] );
+ CHECK_SSL_END(4);
+ badmac_seen = ((uint32_t) ssl[0] << 24) |
+ ((uint32_t) ssl[1] << 16) |
+ ((uint32_t) ssl[2] << 8) |
+ ((uint32_t) ssl[3]);
ssl += 4;
- printf( "\tbad MAC seen number : %u\n", badmac_seen );
+ printf("\tbad MAC seen number : %u\n", badmac_seen);
/* value 'in_window_top' from mbedtls_ssl_context */
- printf( "\tlast validated record sequence no. : " );
- CHECK_SSL_END( 8 );
- print_hex( ssl, 8, 20, "" );
+ printf("\tlast validated record sequence no. : ");
+ CHECK_SSL_END(8);
+ print_hex(ssl, 8, 20, "");
ssl += 8;
/* value 'in_window' from mbedtls_ssl_context */
- printf( "\tbitmask for replay detection : " );
- CHECK_SSL_END( 8 );
- print_hex( ssl, 8, 20, "" );
+ printf("\tbitmask for replay detection : ");
+ CHECK_SSL_END(8);
+ print_hex(ssl, 8, 20, "");
ssl += 8;
}
- if( conf_dtls_proto )
- {
- CHECK_SSL_END( 1 );
- printf( "\tDTLS datagram packing : %s\n",
- get_enabled_str( ! ( *ssl++ ) ) );
+ if (conf_dtls_proto) {
+ CHECK_SSL_END(1);
+ printf("\tDTLS datagram packing : %s\n",
+ get_enabled_str(!(*ssl++)));
}
/* value 'cur_out_ctr' from mbedtls_ssl_context */
- printf( "\toutgoing record sequence no. : ");
- CHECK_SSL_END( 8 );
- print_hex( ssl, 8, 20, "" );
+ printf("\toutgoing record sequence no. : ");
+ CHECK_SSL_END(8);
+ print_hex(ssl, 8, 20, "");
ssl += 8;
- if( conf_dtls_proto )
- {
+ if (conf_dtls_proto) {
uint16_t mtu;
- CHECK_SSL_END( 2 );
- mtu = ( ssl[0] << 8 ) | ssl[1];
+ CHECK_SSL_END(2);
+ mtu = (ssl[0] << 8) | ssl[1];
ssl += 2;
- printf( "\tMTU : %u\n", mtu );
+ printf("\tMTU : %u\n", mtu);
}
- if( CONTEXT_CONFIG_ALPN_BIT & context_cfg_flag )
- {
+ if (CONTEXT_CONFIG_ALPN_BIT & context_cfg_flag) {
uint8_t alpn_len;
- CHECK_SSL_END( 1 );
+ CHECK_SSL_END(1);
alpn_len = *ssl++;
- printf_dbg( "ALPN length %u\n", (uint32_t) alpn_len );
+ printf_dbg("ALPN length %u\n", (uint32_t) alpn_len);
- printf( "\tALPN negotiation : " );
- CHECK_SSL_END( alpn_len );
- if( alpn_len > 0 )
- {
- if( strlen( (const char*) ssl ) == alpn_len )
- {
- printf( "%s\n", ssl );
- }
- else
- {
- printf( "\n" );
- printf_err( "\tALPN negotiation is incorrect\n" );
+ printf("\tALPN negotiation : ");
+ CHECK_SSL_END(alpn_len);
+ if (alpn_len > 0) {
+ if (strlen((const char *) ssl) == alpn_len) {
+ printf("%s\n", ssl);
+ } else {
+ printf("\n");
+ printf_err("\tALPN negotiation is incorrect\n");
}
ssl += alpn_len;
- }
- else
- {
- printf( "not selected\n" );
+ } else {
+ printf("not selected\n");
}
}
- if( 0 != ( end - ssl ) )
- {
- printf_err( "%i bytes left to analyze from context\n", (int32_t)( end - ssl ) );
+ if (0 != (end - ssl)) {
+ printf_err("%i bytes left to analyze from context\n", (int32_t) (end - ssl));
}
- printf( "\n" );
+ printf("\n");
}
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
enum { SSL_INIT_LEN = 4096 };
@@ -1041,39 +939,33 @@
size_t ssl_max_len = SSL_INIT_LEN;
size_t ssl_len = 0;
- /* The 'b64_file' is opened when parsing arguments to check that the
- * file name is correct */
- parse_arguments( argc, argv );
+ /* The 'b64_file' is opened when parsing arguments to check that the
+ * file name is correct */
+ parse_arguments(argc, argv);
- if( NULL != b64_file )
- {
- b64_buf = malloc( SSL_INIT_LEN );
- ssl_buf = malloc( SSL_INIT_LEN );
+ if (NULL != b64_file) {
+ b64_buf = malloc(SSL_INIT_LEN);
+ ssl_buf = malloc(SSL_INIT_LEN);
- if( NULL == b64_buf || NULL == ssl_buf )
- {
- printf_err( alloc_err );
- fclose( b64_file );
+ if (NULL == b64_buf || NULL == ssl_buf) {
+ printf_err(alloc_err);
+ fclose(b64_file);
b64_file = NULL;
}
}
- while( NULL != b64_file )
- {
- size_t b64_len = read_next_b64_code( &b64_buf, &b64_max_len );
- if( b64_len > 0)
- {
+ while (NULL != b64_file) {
+ size_t b64_len = read_next_b64_code(&b64_buf, &b64_max_len);
+ if (b64_len > 0) {
int ret;
size_t ssl_required_len = b64_len * 3 / 4 + 1;
/* Allocate more memory if necessary. */
- if( ssl_required_len > ssl_max_len )
- {
- void *ptr = realloc( ssl_buf, ssl_required_len );
- if( NULL == ptr )
- {
- printf_err( alloc_err );
- fclose( b64_file );
+ if (ssl_required_len > ssl_max_len) {
+ void *ptr = realloc(ssl_buf, ssl_required_len);
+ if (NULL == ptr) {
+ printf_err(alloc_err);
+ fclose(b64_file);
b64_file = NULL;
break;
}
@@ -1081,45 +973,38 @@
ssl_max_len = ssl_required_len;
}
- printf( "\nDeserializing number %u:\n", ++b64_counter );
+ printf("\nDeserializing number %u:\n", ++b64_counter);
- printf( "\nBase64 code:\n" );
- print_b64( b64_buf, b64_len );
+ printf("\nBase64 code:\n");
+ print_b64(b64_buf, b64_len);
- ret = mbedtls_base64_decode( ssl_buf, ssl_max_len, &ssl_len, b64_buf, b64_len );
- if( ret != 0)
- {
- mbedtls_strerror( ret, (char*) b64_buf, b64_max_len );
- printf_err( "base64 code cannot be decoded - %s\n", b64_buf );
+ ret = mbedtls_base64_decode(ssl_buf, ssl_max_len, &ssl_len, b64_buf, b64_len);
+ if (ret != 0) {
+ mbedtls_strerror(ret, (char *) b64_buf, b64_max_len);
+ printf_err("base64 code cannot be decoded - %s\n", b64_buf);
continue;
}
- if( debug )
- {
- printf( "\nDecoded data in hex:\n\t");
- print_hex( ssl_buf, ssl_len, 25, "\t" );
+ if (debug) {
+ printf("\nDecoded data in hex:\n\t");
+ print_hex(ssl_buf, ssl_len, 25, "\t");
}
- print_deserialized_ssl_context( ssl_buf, ssl_len );
+ print_deserialized_ssl_context(ssl_buf, ssl_len);
- }
- else
- {
- fclose( b64_file );
+ } else {
+ fclose(b64_file);
b64_file = NULL;
}
}
- free( b64_buf );
- free( ssl_buf );
+ free(b64_buf);
+ free(ssl_buf);
- if( b64_counter > 0 )
- {
- printf_dbg( "Finished. Found %u base64 codes\n", b64_counter );
- }
- else
- {
- printf( "Finished. No valid base64 code found\n" );
+ if (b64_counter > 0) {
+ printf_dbg("Finished. Found %u base64 codes\n", b64_counter);
+ } else {
+ printf("Finished. No valid base64 code found\n");
}
return 0;
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 58c8749..5a4ac3e 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -31,24 +31,24 @@
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_TIMING_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_PEM_PARSE_C)
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
((void) argc);
((void) argv);
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
- "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
- "MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
- mbedtls_exit( 0 );
+ "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
+ "MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ mbedtls_exit(0);
}
#elif defined(_WIN32)
-int main( void )
+int main(void)
{
mbedtls_printf("_WIN32 defined. This application requires fork() and signals "
- "to work correctly.\n");
- mbedtls_exit( 0 );
+ "to work correctly.\n");
+ mbedtls_exit(0);
}
#else
@@ -75,17 +75,17 @@
#define DEBUG_LEVEL 0
-static void my_debug( void *ctx, int level,
- const char *file, int line,
- const char *str )
+static void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
{
((void) level);
- mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
- fflush( (FILE *) ctx );
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
+ fflush((FILE *) ctx);
}
-int main( void )
+int main(void)
{
int ret = 1, len, cnt = 0, pid;
int exit_code = MBEDTLS_EXIT_FAILURE;
@@ -100,126 +100,117 @@
mbedtls_x509_crt srvcert;
mbedtls_pk_context pkey;
- mbedtls_net_init( &listen_fd );
- mbedtls_net_init( &client_fd );
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- mbedtls_entropy_init( &entropy );
- mbedtls_pk_init( &pkey );
- mbedtls_x509_crt_init( &srvcert );
- mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_net_init(&listen_fd);
+ mbedtls_net_init(&client_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_entropy_init(&entropy);
+ mbedtls_pk_init(&pkey);
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
- signal( SIGCHLD, SIG_IGN );
+ signal(SIGCHLD, SIG_IGN);
/*
* 0. Initial seeding of the RNG
*/
- mbedtls_printf( "\n . Initial seeding of the random generator..." );
- fflush( stdout );
+ mbedtls_printf("\n . Initial seeding of the random generator...");
+ fflush(stdout);
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed! mbedtls_ctr_drbg_seed returned %d\n\n", ret );
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed! mbedtls_ctr_drbg_seed returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 1. Load the certificates and private RSA key
*/
- mbedtls_printf( " . Loading the server cert. and key..." );
- fflush( stdout );
+ mbedtls_printf(" . Loading the server cert. and key...");
+ fflush(stdout);
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
* server and CA certificates, as well as mbedtls_pk_parse_keyfile().
*/
- ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
- mbedtls_test_srv_crt_len );
- if( ret != 0 )
- {
- mbedtls_printf( " failed! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
- ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
- mbedtls_test_cas_pem_len );
- if( ret != 0 )
- {
- mbedtls_printf( " failed! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
- ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0 );
- if( ret != 0 )
- {
- mbedtls_printf( " failed! mbedtls_pk_parse_key returned %d\n\n", ret );
+ ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0);
+ if (ret != 0) {
+ mbedtls_printf(" failed! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 1b. Prepare SSL configuration
*/
- mbedtls_printf( " . Configuring SSL..." );
- fflush( stdout );
+ mbedtls_printf(" . Configuring SSL...");
+ fflush(stdout);
- if( ( ret = mbedtls_ssl_config_defaults( &conf,
- MBEDTLS_SSL_IS_SERVER,
- MBEDTLS_SSL_TRANSPORT_STREAM,
- MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
- {
- mbedtls_printf( " failed! mbedtls_ssl_config_defaults returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed! mbedtls_ssl_config_defaults returned %d\n\n", ret);
goto exit;
}
- mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
- mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
- if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
- {
- mbedtls_printf( " failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
+ mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
+ if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) {
+ mbedtls_printf(" failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 2. Setup the listening TCP socket
*/
- mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
- fflush( stdout );
+ mbedtls_printf(" . Bind on https://localhost:4433/ ...");
+ fflush(stdout);
- if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
- {
- mbedtls_printf( " failed! mbedtls_net_bind returned %d\n\n", ret );
+ if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) {
+ mbedtls_printf(" failed! mbedtls_net_bind returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
- while( 1 )
- {
+ while (1) {
/*
* 3. Wait until a client connects
*/
- mbedtls_net_init( &client_fd );
- mbedtls_ssl_init( &ssl );
+ mbedtls_net_init(&client_fd);
+ mbedtls_ssl_init(&ssl);
- mbedtls_printf( " . Waiting for a remote connection ...\n" );
- fflush( stdout );
+ mbedtls_printf(" . Waiting for a remote connection ...\n");
+ fflush(stdout);
- if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
- NULL, 0, NULL ) ) != 0 )
- {
- mbedtls_printf( " failed! mbedtls_net_accept returned %d\n\n", ret );
+ if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
+ NULL, 0, NULL)) != 0) {
+ mbedtls_printf(" failed! mbedtls_net_accept returned %d\n\n", ret);
goto exit;
}
@@ -227,113 +218,104 @@
* 3.5. Forking server thread
*/
- mbedtls_printf( " . Forking to handle connection ..." );
- fflush( stdout );
+ mbedtls_printf(" . Forking to handle connection ...");
+ fflush(stdout);
pid = fork();
- if( pid < 0 )
- {
- mbedtls_printf(" failed! fork returned %d\n\n", pid );
+ if (pid < 0) {
+ mbedtls_printf(" failed! fork returned %d\n\n", pid);
goto exit;
}
- if( pid != 0 )
- {
- mbedtls_printf( " ok\n" );
- mbedtls_net_close( &client_fd );
+ if (pid != 0) {
+ mbedtls_printf(" ok\n");
+ mbedtls_net_close(&client_fd);
- if( ( ret = mbedtls_ctr_drbg_reseed( &ctr_drbg,
- (const unsigned char *) "parent",
- 6 ) ) != 0 )
- {
- mbedtls_printf( " failed! mbedtls_ctr_drbg_reseed returned %d\n\n", ret );
+ if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg,
+ (const unsigned char *) "parent",
+ 6)) != 0) {
+ mbedtls_printf(" failed! mbedtls_ctr_drbg_reseed returned %d\n\n", ret);
goto exit;
}
continue;
}
- mbedtls_net_close( &listen_fd );
+ mbedtls_net_close(&listen_fd);
pid = getpid();
/*
* 4. Setup stuff
*/
- mbedtls_printf( "pid %d: Setting up the SSL data.\n", pid );
- fflush( stdout );
+ mbedtls_printf("pid %d: Setting up the SSL data.\n", pid);
+ fflush(stdout);
- if( ( ret = mbedtls_ctr_drbg_reseed( &ctr_drbg,
- (const unsigned char *) "child",
- 5 ) ) != 0 )
- {
+ if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg,
+ (const unsigned char *) "child",
+ 5)) != 0) {
mbedtls_printf(
- "pid %d: SSL setup failed! mbedtls_ctr_drbg_reseed returned %d\n\n",
- pid, ret );
+ "pid %d: SSL setup failed! mbedtls_ctr_drbg_reseed returned %d\n\n",
+ pid, ret);
goto exit;
}
- if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
- {
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
mbedtls_printf(
- "pid %d: SSL setup failed! mbedtls_ssl_setup returned %d\n\n",
- pid, ret );
+ "pid %d: SSL setup failed! mbedtls_ssl_setup returned %d\n\n",
+ pid, ret);
goto exit;
}
- mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
+ mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
- mbedtls_printf( "pid %d: SSL setup ok\n", pid );
+ mbedtls_printf("pid %d: SSL setup ok\n", pid);
/*
* 5. Handshake
*/
- mbedtls_printf( "pid %d: Performing the SSL/TLS handshake.\n", pid );
- fflush( stdout );
+ mbedtls_printf("pid %d: Performing the SSL/TLS handshake.\n", pid);
+ fflush(stdout);
- while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
- {
- if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
- {
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
mbedtls_printf(
- "pid %d: SSL handshake failed! mbedtls_ssl_handshake returned %d\n\n",
- pid, ret );
+ "pid %d: SSL handshake failed! mbedtls_ssl_handshake returned %d\n\n",
+ pid, ret);
goto exit;
}
}
- mbedtls_printf( "pid %d: SSL handshake ok\n", pid );
+ mbedtls_printf("pid %d: SSL handshake ok\n", pid);
/*
* 6. Read the HTTP Request
*/
- mbedtls_printf( "pid %d: Start reading from client.\n", pid );
- fflush( stdout );
+ mbedtls_printf("pid %d: Start reading from client.\n", pid);
+ fflush(stdout);
- do
- {
- len = sizeof( buf ) - 1;
- memset( buf, 0, sizeof( buf ) );
- ret = mbedtls_ssl_read( &ssl, buf, len );
+ do {
+ len = sizeof(buf) - 1;
+ memset(buf, 0, sizeof(buf));
+ ret = mbedtls_ssl_read(&ssl, buf, len);
- if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
continue;
+ }
- if( ret <= 0 )
- {
- switch( ret )
- {
+ if (ret <= 0) {
+ switch (ret) {
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
- mbedtls_printf( "pid %d: connection was closed gracefully\n", pid );
+ mbedtls_printf("pid %d: connection was closed gracefully\n", pid);
break;
case MBEDTLS_ERR_NET_CONN_RESET:
- mbedtls_printf( "pid %d: connection was reset by peer\n", pid );
+ mbedtls_printf("pid %d: connection was reset by peer\n", pid);
break;
default:
- mbedtls_printf( "pid %d: mbedtls_ssl_read returned %d\n", pid, ret );
+ mbedtls_printf("pid %d: mbedtls_ssl_read returned %d\n", pid, ret);
break;
}
@@ -341,70 +323,66 @@
}
len = ret;
- mbedtls_printf( "pid %d: %d bytes read\n\n%s", pid, len, (char *) buf );
+ mbedtls_printf("pid %d: %d bytes read\n\n%s", pid, len, (char *) buf);
- if( ret > 0 )
+ if (ret > 0) {
break;
- }
- while( 1 );
+ }
+ } while (1);
/*
* 7. Write the 200 Response
*/
- mbedtls_printf( "pid %d: Start writing to client.\n", pid );
- fflush( stdout );
+ mbedtls_printf("pid %d: Start writing to client.\n", pid);
+ fflush(stdout);
- len = sprintf( (char *) buf, HTTP_RESPONSE,
- mbedtls_ssl_get_ciphersuite( &ssl ) );
+ len = sprintf((char *) buf, HTTP_RESPONSE,
+ mbedtls_ssl_get_ciphersuite(&ssl));
- while( cnt++ < 100 )
- {
- while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
- {
- if( ret == MBEDTLS_ERR_NET_CONN_RESET )
- {
+ while (cnt++ < 100) {
+ while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
+ if (ret == MBEDTLS_ERR_NET_CONN_RESET) {
mbedtls_printf(
- "pid %d: Write failed! peer closed the connection\n\n", pid );
+ "pid %d: Write failed! peer closed the connection\n\n", pid);
goto exit;
}
- if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
- {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
mbedtls_printf(
- "pid %d: Write failed! mbedtls_ssl_write returned %d\n\n",
- pid, ret );
+ "pid %d: Write failed! mbedtls_ssl_write returned %d\n\n",
+ pid, ret);
goto exit;
}
}
len = ret;
- mbedtls_printf( "pid %d: %d bytes written\n\n%s\n", pid, len, (char *) buf );
+ mbedtls_printf("pid %d: %d bytes written\n\n%s\n", pid, len, (char *) buf);
- mbedtls_net_usleep( 1000000 );
+ mbedtls_net_usleep(1000000);
}
- mbedtls_ssl_close_notify( &ssl );
+ mbedtls_ssl_close_notify(&ssl);
goto exit;
}
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_net_free( &client_fd );
- mbedtls_net_free( &listen_fd );
+ mbedtls_net_free(&client_fd);
+ mbedtls_net_free(&listen_fd);
- mbedtls_x509_crt_free( &srvcert );
- mbedtls_pk_free( &pkey );
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_x509_crt_free(&srvcert);
+ mbedtls_pk_free(&pkey);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 534c68b..643d3c2 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -36,14 +36,14 @@
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_FS_IO)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
- "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
- "not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -99,7 +99,8 @@
#define USAGE_AUTH \
" authentication=%%d default: 0 (disabled)\n" \
" user_name=%%s default: \"" DFL_USER_NAME "\"\n" \
- " user_pwd=%%s default: \"" DFL_USER_PWD "\"\n"
+ " user_pwd=%%s default: \"" \
+ DFL_USER_PWD "\"\n"
#else
#define USAGE_AUTH \
" authentication options disabled. (Require MBEDTLS_BASE64_C)\n"
@@ -119,9 +120,10 @@
"\n usage: ssl_mail_client param=<>...\n" \
"\n acceptable parameters:\n" \
" server_name=%%s default: " DFL_SERVER_NAME "\n" \
- " server_port=%%d default: " DFL_SERVER_PORT "\n" \
- " debug_level=%%d default: 0 (disabled)\n" \
- " mode=%%d default: 0 (SSL/TLS) (1 for STARTTLS)\n" \
+ " server_port=%%d default: " \
+ DFL_SERVER_PORT "\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " mode=%%d default: 0 (SSL/TLS) (1 for STARTTLS)\n" \
USAGE_AUTH \
" mail_from=%%s default: \"\"\n" \
" mail_to=%%s default: \"\"\n" \
@@ -133,8 +135,7 @@
/*
* global options
*/
-struct options
-{
+struct options {
const char *server_name; /* hostname of the server (client only) */
const char *server_port; /* port on which the ssl service runs */
int debug_level; /* level of debugging */
@@ -150,17 +151,17 @@
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
} opt;
-static void my_debug( void *ctx, int level,
- const char *file, int line,
- const char *str )
+static void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
{
((void) level);
- mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
- fflush( (FILE *) ctx );
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
+ fflush((FILE *) ctx);
}
-static int do_handshake( mbedtls_ssl_context *ssl )
+static int do_handshake(mbedtls_ssl_context *ssl)
{
int ret;
uint32_t flags;
@@ -170,69 +171,64 @@
/*
* 4. Handshake
*/
- mbedtls_printf( " . Performing the SSL/TLS handshake..." );
- fflush( stdout );
+ mbedtls_printf(" . Performing the SSL/TLS handshake...");
+ fflush(stdout);
- while( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
- {
- if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
- {
+ while ((ret = mbedtls_ssl_handshake(ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
#if defined(MBEDTLS_ERROR_C)
- mbedtls_strerror( ret, (char *) buf, 1024 );
+ mbedtls_strerror(ret, (char *) buf, 1024);
#endif
- mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d: %s\n\n", ret, buf );
- return( -1 );
- }
- }
-
- mbedtls_printf( " ok\n [ Ciphersuite is %s ]\n",
- mbedtls_ssl_get_ciphersuite( ssl ) );
-
- /*
- * 5. Verify the server certificate
- */
- mbedtls_printf( " . Verifying peer X.509 certificate..." );
-
- /* In real life, we probably want to bail out when ret != 0 */
- if( ( flags = mbedtls_ssl_get_verify_result( ssl ) ) != 0 )
- {
- char vrfy_buf[512];
-
- mbedtls_printf( " failed\n" );
-
- mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
-
- mbedtls_printf( "%s\n", vrfy_buf );
- }
- else
- mbedtls_printf( " ok\n" );
-
- mbedtls_printf( " . Peer certificate information ...\n" );
- mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
- mbedtls_ssl_get_peer_cert( ssl ) );
- mbedtls_printf( "%s\n", buf );
-
- return( 0 );
-}
-
-static int write_ssl_data( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
-{
- int ret;
-
- mbedtls_printf("\n%s", buf);
- while( len && ( ret = mbedtls_ssl_write( ssl, buf, len ) ) <= 0 )
- {
- if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned %d: %s\n\n", ret, buf);
return -1;
}
}
- return( 0 );
+ mbedtls_printf(" ok\n [ Ciphersuite is %s ]\n",
+ mbedtls_ssl_get_ciphersuite(ssl));
+
+ /*
+ * 5. Verify the server certificate
+ */
+ mbedtls_printf(" . Verifying peer X.509 certificate...");
+
+ /* In real life, we probably want to bail out when ret != 0 */
+ if ((flags = mbedtls_ssl_get_verify_result(ssl)) != 0) {
+ char vrfy_buf[512];
+
+ mbedtls_printf(" failed\n");
+
+ mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
+
+ mbedtls_printf("%s\n", vrfy_buf);
+ } else {
+ mbedtls_printf(" ok\n");
+ }
+
+ mbedtls_printf(" . Peer certificate information ...\n");
+ mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ",
+ mbedtls_ssl_get_peer_cert(ssl));
+ mbedtls_printf("%s\n", buf);
+
+ return 0;
}
-static int write_ssl_and_get_response( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
+static int write_ssl_data(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
+{
+ int ret;
+
+ mbedtls_printf("\n%s", buf);
+ while (len && (ret = mbedtls_ssl_write(ssl, buf, len)) <= 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+static int write_ssl_and_get_response(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
{
int ret;
unsigned char data[128];
@@ -240,57 +236,52 @@
size_t i, idx = 0;
mbedtls_printf("\n%s", buf);
- while( len && ( ret = mbedtls_ssl_write( ssl, buf, len ) ) <= 0 )
- {
- if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ while (len && (ret = mbedtls_ssl_write(ssl, buf, len)) <= 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
return -1;
}
}
- do
- {
- len = sizeof( data ) - 1;
- memset( data, 0, sizeof( data ) );
- ret = mbedtls_ssl_read( ssl, data, len );
+ do {
+ len = sizeof(data) - 1;
+ memset(data, 0, sizeof(data));
+ ret = mbedtls_ssl_read(ssl, data, len);
- if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
continue;
+ }
- if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY )
+ if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
return -1;
+ }
- if( ret <= 0 )
- {
- mbedtls_printf( "failed\n ! mbedtls_ssl_read returned %d\n\n", ret );
+ if (ret <= 0) {
+ mbedtls_printf("failed\n ! mbedtls_ssl_read returned %d\n\n", ret);
return -1;
}
mbedtls_printf("\n%s", data);
len = ret;
- for( i = 0; i < len; i++ )
- {
- if( data[i] != '\n' )
- {
- if( idx < 4 )
- code[ idx++ ] = data[i];
+ for (i = 0; i < len; i++) {
+ if (data[i] != '\n') {
+ if (idx < 4) {
+ code[idx++] = data[i];
+ }
continue;
}
- if( idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ' )
- {
+ if (idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ') {
code[3] = '\0';
- return atoi( code );
+ return atoi(code);
}
idx = 0;
}
- }
- while( 1 );
+ } while (1);
}
-static int write_and_get_response( mbedtls_net_context *sock_fd, unsigned char *buf, size_t len )
+static int write_and_get_response(mbedtls_net_context *sock_fd, unsigned char *buf, size_t len)
{
int ret;
unsigned char data[128];
@@ -298,49 +289,43 @@
size_t i, idx = 0;
mbedtls_printf("\n%s", buf);
- if( len && ( ret = mbedtls_net_send( sock_fd, buf, len ) ) <= 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
- return -1;
+ if (len && (ret = mbedtls_net_send(sock_fd, buf, len)) <= 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret);
+ return -1;
}
- do
- {
- len = sizeof( data ) - 1;
- memset( data, 0, sizeof( data ) );
- ret = mbedtls_net_recv( sock_fd, data, len );
+ do {
+ len = sizeof(data) - 1;
+ memset(data, 0, sizeof(data));
+ ret = mbedtls_net_recv(sock_fd, data, len);
- if( ret <= 0 )
- {
- mbedtls_printf( "failed\n ! mbedtls_net_recv returned %d\n\n", ret );
+ if (ret <= 0) {
+ mbedtls_printf("failed\n ! mbedtls_net_recv returned %d\n\n", ret);
return -1;
}
data[len] = '\0';
mbedtls_printf("\n%s", data);
len = ret;
- for( i = 0; i < len; i++ )
- {
- if( data[i] != '\n' )
- {
- if( idx < 4 )
- code[ idx++ ] = data[i];
+ for (i = 0; i < len; i++) {
+ if (data[i] != '\n') {
+ if (idx < 4) {
+ code[idx++] = data[i];
+ }
continue;
}
- if( idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ' )
- {
+ if (idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ') {
code[3] = '\0';
- return atoi( code );
+ return atoi(code);
}
idx = 0;
}
- }
- while( 1 );
+ } while (1);
}
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret = 1, len;
int exit_code = MBEDTLS_EXIT_FAILURE;
@@ -351,7 +336,7 @@
* "%s\r\n". Hence, the size of buf should be at least the size of base
* plus 2 bytes for the \r and \n characters.
*/
- unsigned char buf[sizeof( base ) + 2];
+ unsigned char buf[sizeof(base) + 2];
#else
unsigned char buf[1024];
#endif
@@ -373,24 +358,22 @@
/*
* Make sure memory references are valid in case we exit early.
*/
- mbedtls_net_init( &server_fd );
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- memset( &buf, 0, sizeof( buf ) );
- mbedtls_x509_crt_init( &cacert );
- mbedtls_x509_crt_init( &clicert );
- mbedtls_pk_init( &pkey );
- mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_net_init(&server_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ memset(&buf, 0, sizeof(buf));
+ mbedtls_x509_crt_init(&cacert);
+ mbedtls_x509_crt_init(&clicert);
+ mbedtls_pk_init(&pkey);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
- if( argc == 0 )
- {
- usage:
- mbedtls_printf( USAGE );
+ if (argc == 0) {
+usage:
+ mbedtls_printf(USAGE);
list = mbedtls_ssl_list_ciphersuites();
- while( *list )
- {
- mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name( *list ) );
+ while (*list) {
+ mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
list++;
}
mbedtls_printf("\n");
@@ -409,438 +392,413 @@
opt.ca_file = DFL_CA_FILE;
opt.crt_file = DFL_CRT_FILE;
opt.key_file = DFL_KEY_FILE;
- opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
+ opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
- for( i = 1; i < argc; i++ )
- {
+ for (i = 1; i < argc; i++) {
p = argv[i];
- if( ( q = strchr( p, '=' ) ) == NULL )
+ if ((q = strchr(p, '=')) == NULL) {
goto usage;
+ }
*q++ = '\0';
- if( strcmp( p, "server_name" ) == 0 )
+ if (strcmp(p, "server_name") == 0) {
opt.server_name = q;
- else if( strcmp( p, "server_port" ) == 0 )
+ } else if (strcmp(p, "server_port") == 0) {
opt.server_port = q;
- else if( strcmp( p, "debug_level" ) == 0 )
- {
- opt.debug_level = atoi( q );
- if( opt.debug_level < 0 || opt.debug_level > 65535 )
+ } else if (strcmp(p, "debug_level") == 0) {
+ opt.debug_level = atoi(q);
+ if (opt.debug_level < 0 || opt.debug_level > 65535) {
goto usage;
- }
- else if( strcmp( p, "authentication" ) == 0 )
- {
- opt.authentication = atoi( q );
- if( opt.authentication < 0 || opt.authentication > 1 )
+ }
+ } else if (strcmp(p, "authentication") == 0) {
+ opt.authentication = atoi(q);
+ if (opt.authentication < 0 || opt.authentication > 1) {
goto usage;
- }
- else if( strcmp( p, "mode" ) == 0 )
- {
- opt.mode = atoi( q );
- if( opt.mode < 0 || opt.mode > 1 )
+ }
+ } else if (strcmp(p, "mode") == 0) {
+ opt.mode = atoi(q);
+ if (opt.mode < 0 || opt.mode > 1) {
goto usage;
- }
- else if( strcmp( p, "user_name" ) == 0 )
+ }
+ } else if (strcmp(p, "user_name") == 0) {
opt.user_name = q;
- else if( strcmp( p, "user_pwd" ) == 0 )
+ } else if (strcmp(p, "user_pwd") == 0) {
opt.user_pwd = q;
- else if( strcmp( p, "mail_from" ) == 0 )
+ } else if (strcmp(p, "mail_from") == 0) {
opt.mail_from = q;
- else if( strcmp( p, "mail_to" ) == 0 )
+ } else if (strcmp(p, "mail_to") == 0) {
opt.mail_to = q;
- else if( strcmp( p, "ca_file" ) == 0 )
+ } else if (strcmp(p, "ca_file") == 0) {
opt.ca_file = q;
- else if( strcmp( p, "crt_file" ) == 0 )
+ } else if (strcmp(p, "crt_file") == 0) {
opt.crt_file = q;
- else if( strcmp( p, "key_file" ) == 0 )
+ } else if (strcmp(p, "key_file") == 0) {
opt.key_file = q;
- else if( strcmp( p, "force_ciphersuite" ) == 0 )
- {
+ } else if (strcmp(p, "force_ciphersuite") == 0) {
opt.force_ciphersuite[0] = -1;
- opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
+ opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
- if( opt.force_ciphersuite[0] <= 0 )
+ if (opt.force_ciphersuite[0] <= 0) {
goto usage;
+ }
opt.force_ciphersuite[1] = 0;
- }
- else
+ } else {
goto usage;
+ }
}
/*
* 0. Initialize the RNG and the session data
*/
- mbedtls_printf( "\n . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
- mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ mbedtls_entropy_init(&entropy);
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 1.1. Load the trusted CA
*/
- mbedtls_printf( " . Loading the CA root certificate ..." );
- fflush( stdout );
+ mbedtls_printf(" . Loading the CA root certificate ...");
+ fflush(stdout);
#if defined(MBEDTLS_FS_IO)
- if( strlen( opt.ca_file ) )
- ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
- else
+ if (strlen(opt.ca_file)) {
+ ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file);
+ } else
#endif
#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C)
- ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
- mbedtls_test_cas_pem_len );
+ ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len);
#else
{
mbedtls_printf("MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.");
goto exit;
}
#endif
- if( ret < 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok (%d skipped)\n", ret );
+ mbedtls_printf(" ok (%d skipped)\n", ret);
/*
* 1.2. Load own certificate and private key
*
* (can be skipped if client authentication is not required)
*/
- mbedtls_printf( " . Loading the client cert. and key..." );
- fflush( stdout );
+ mbedtls_printf(" . Loading the client cert. and key...");
+ fflush(stdout);
#if defined(MBEDTLS_FS_IO)
- if( strlen( opt.crt_file ) )
- ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
- else
+ if (strlen(opt.crt_file)) {
+ ret = mbedtls_x509_crt_parse_file(&clicert, opt.crt_file);
+ } else
#endif
#if defined(MBEDTLS_CERTS_C)
- ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
- mbedtls_test_cli_crt_len );
+ ret = mbedtls_x509_crt_parse(&clicert, (const unsigned char *) mbedtls_test_cli_crt,
+ mbedtls_test_cli_crt_len);
#else
{
mbedtls_printf("MBEDTLS_CERTS_C not defined.");
goto exit;
}
#endif
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
#if defined(MBEDTLS_FS_IO)
- if( strlen( opt.key_file ) )
- ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
- else
+ if (strlen(opt.key_file)) {
+ ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "");
+ } else
#endif
#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C)
- ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key,
- mbedtls_test_cli_key_len, NULL, 0 );
+ ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_cli_key,
+ mbedtls_test_cli_key_len, NULL, 0);
#else
{
mbedtls_printf("MBEDTLS_CERTS_C or MBEDTLS_PEM_PARSE_C not defined.");
goto exit;
}
#endif
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 2. Start the connection
*/
- mbedtls_printf( " . Connecting to tcp/%s/%s...", opt.server_name,
- opt.server_port );
- fflush( stdout );
+ mbedtls_printf(" . Connecting to tcp/%s/%s...", opt.server_name,
+ opt.server_port);
+ fflush(stdout);
- if( ( ret = mbedtls_net_connect( &server_fd, opt.server_name,
- opt.server_port, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
+ if ((ret = mbedtls_net_connect(&server_fd, opt.server_name,
+ opt.server_port, MBEDTLS_NET_PROTO_TCP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 3. Setup stuff
*/
- mbedtls_printf( " . Setting up the SSL/TLS structure..." );
- fflush( stdout );
+ mbedtls_printf(" . Setting up the SSL/TLS structure...");
+ fflush(stdout);
- if( ( ret = mbedtls_ssl_config_defaults( &conf,
- MBEDTLS_SSL_IS_CLIENT,
- MBEDTLS_SSL_TRANSPORT_STREAM,
- MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
goto exit;
}
/* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */
- mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
- mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
- if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
- mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
+ if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) {
+ mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite);
+ }
- mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
- if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
+ mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
+ if ((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
goto exit;
}
- if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
goto exit;
}
- if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret);
goto exit;
}
- mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
+ mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
- if( opt.mode == MODE_SSL_TLS )
- {
- if( do_handshake( &ssl ) != 0 )
- goto exit;
-
- mbedtls_printf( " > Get header from server:" );
- fflush( stdout );
-
- ret = write_ssl_and_get_response( &ssl, buf, 0 );
- if( ret < 200 || ret > 299 )
- {
- mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ if (opt.mode == MODE_SSL_TLS) {
+ if (do_handshake(&ssl) != 0) {
goto exit;
}
- mbedtls_printf(" ok\n" );
+ mbedtls_printf(" > Get header from server:");
+ fflush(stdout);
- mbedtls_printf( " > Write EHLO to server:" );
- fflush( stdout );
-
- gethostname( hostname, 32 );
- len = sprintf( (char *) buf, "EHLO %s\r\n", hostname );
- ret = write_ssl_and_get_response( &ssl, buf, len );
- if( ret < 200 || ret > 299 )
- {
- mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
- goto exit;
- }
- }
- else
- {
- mbedtls_printf( " > Get header from server:" );
- fflush( stdout );
-
- ret = write_and_get_response( &server_fd, buf, 0 );
- if( ret < 200 || ret > 299 )
- {
- mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ ret = write_ssl_and_get_response(&ssl, buf, 0);
+ if (ret < 200 || ret > 299) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
goto exit;
}
- mbedtls_printf(" ok\n" );
+ mbedtls_printf(" ok\n");
- mbedtls_printf( " > Write EHLO to server:" );
- fflush( stdout );
+ mbedtls_printf(" > Write EHLO to server:");
+ fflush(stdout);
- gethostname( hostname, 32 );
- len = sprintf( (char *) buf, "EHLO %s\r\n", hostname );
- ret = write_and_get_response( &server_fd, buf, len );
- if( ret < 200 || ret > 299 )
- {
- mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ gethostname(hostname, 32);
+ len = sprintf((char *) buf, "EHLO %s\r\n", hostname);
+ ret = write_ssl_and_get_response(&ssl, buf, len);
+ if (ret < 200 || ret > 299) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
+ goto exit;
+ }
+ } else {
+ mbedtls_printf(" > Get header from server:");
+ fflush(stdout);
+
+ ret = write_and_get_response(&server_fd, buf, 0);
+ if (ret < 200 || ret > 299) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
goto exit;
}
- mbedtls_printf(" ok\n" );
+ mbedtls_printf(" ok\n");
- mbedtls_printf( " > Write STARTTLS to server:" );
- fflush( stdout );
+ mbedtls_printf(" > Write EHLO to server:");
+ fflush(stdout);
- gethostname( hostname, 32 );
- len = sprintf( (char *) buf, "STARTTLS\r\n" );
- ret = write_and_get_response( &server_fd, buf, len );
- if( ret < 200 || ret > 299 )
- {
- mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ gethostname(hostname, 32);
+ len = sprintf((char *) buf, "EHLO %s\r\n", hostname);
+ ret = write_and_get_response(&server_fd, buf, len);
+ if (ret < 200 || ret > 299) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
goto exit;
}
- mbedtls_printf(" ok\n" );
+ mbedtls_printf(" ok\n");
- if( do_handshake( &ssl ) != 0 )
+ mbedtls_printf(" > Write STARTTLS to server:");
+ fflush(stdout);
+
+ gethostname(hostname, 32);
+ len = sprintf((char *) buf, "STARTTLS\r\n");
+ ret = write_and_get_response(&server_fd, buf, len);
+ if (ret < 200 || ret > 299) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ if (do_handshake(&ssl) != 0) {
+ goto exit;
+ }
}
#if defined(MBEDTLS_BASE64_C)
- if( opt.authentication )
- {
- mbedtls_printf( " > Write AUTH LOGIN to server:" );
- fflush( stdout );
+ if (opt.authentication) {
+ mbedtls_printf(" > Write AUTH LOGIN to server:");
+ fflush(stdout);
- len = sprintf( (char *) buf, "AUTH LOGIN\r\n" );
- ret = write_ssl_and_get_response( &ssl, buf, len );
- if( ret < 200 || ret > 399 )
- {
- mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ len = sprintf((char *) buf, "AUTH LOGIN\r\n");
+ ret = write_ssl_and_get_response(&ssl, buf, len);
+ if (ret < 200 || ret > 399) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
goto exit;
}
- mbedtls_printf(" ok\n" );
+ mbedtls_printf(" ok\n");
- mbedtls_printf( " > Write username to server: %s", opt.user_name );
- fflush( stdout );
+ mbedtls_printf(" > Write username to server: %s", opt.user_name);
+ fflush(stdout);
- ret = mbedtls_base64_encode( base, sizeof( base ), &n, (const unsigned char *) opt.user_name,
- strlen( opt.user_name ) );
+ ret = mbedtls_base64_encode(base, sizeof(base), &n, (const unsigned char *) opt.user_name,
+ strlen(opt.user_name));
- if( ret != 0 ) {
- mbedtls_printf( " failed\n ! mbedtls_base64_encode returned %d\n\n", ret );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_base64_encode returned %d\n\n", ret);
goto exit;
}
- len = sprintf( (char *) buf, "%s\r\n", base );
- ret = write_ssl_and_get_response( &ssl, buf, len );
- if( ret < 300 || ret > 399 )
- {
- mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ len = sprintf((char *) buf, "%s\r\n", base);
+ ret = write_ssl_and_get_response(&ssl, buf, len);
+ if (ret < 300 || ret > 399) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
goto exit;
}
- mbedtls_printf(" ok\n" );
+ mbedtls_printf(" ok\n");
- mbedtls_printf( " > Write password to server: %s", opt.user_pwd );
- fflush( stdout );
+ mbedtls_printf(" > Write password to server: %s", opt.user_pwd);
+ fflush(stdout);
- ret = mbedtls_base64_encode( base, sizeof( base ), &n, (const unsigned char *) opt.user_pwd,
- strlen( opt.user_pwd ) );
+ ret = mbedtls_base64_encode(base, sizeof(base), &n, (const unsigned char *) opt.user_pwd,
+ strlen(opt.user_pwd));
- if( ret != 0 ) {
- mbedtls_printf( " failed\n ! mbedtls_base64_encode returned %d\n\n", ret );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_base64_encode returned %d\n\n", ret);
goto exit;
}
- len = sprintf( (char *) buf, "%s\r\n", base );
- ret = write_ssl_and_get_response( &ssl, buf, len );
- if( ret < 200 || ret > 399 )
- {
- mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ len = sprintf((char *) buf, "%s\r\n", base);
+ ret = write_ssl_and_get_response(&ssl, buf, len);
+ if (ret < 200 || ret > 399) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
goto exit;
}
- mbedtls_printf(" ok\n" );
+ mbedtls_printf(" ok\n");
}
#endif
- mbedtls_printf( " > Write MAIL FROM to server:" );
- fflush( stdout );
+ mbedtls_printf(" > Write MAIL FROM to server:");
+ fflush(stdout);
- len = sprintf( (char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from );
- ret = write_ssl_and_get_response( &ssl, buf, len );
- if( ret < 200 || ret > 299 )
- {
- mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ len = sprintf((char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from);
+ ret = write_ssl_and_get_response(&ssl, buf, len);
+ if (ret < 200 || ret > 299) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
goto exit;
}
- mbedtls_printf(" ok\n" );
+ mbedtls_printf(" ok\n");
- mbedtls_printf( " > Write RCPT TO to server:" );
- fflush( stdout );
+ mbedtls_printf(" > Write RCPT TO to server:");
+ fflush(stdout);
- len = sprintf( (char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to );
- ret = write_ssl_and_get_response( &ssl, buf, len );
- if( ret < 200 || ret > 299 )
- {
- mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ len = sprintf((char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to);
+ ret = write_ssl_and_get_response(&ssl, buf, len);
+ if (ret < 200 || ret > 299) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
goto exit;
}
- mbedtls_printf(" ok\n" );
+ mbedtls_printf(" ok\n");
- mbedtls_printf( " > Write DATA to server:" );
- fflush( stdout );
+ mbedtls_printf(" > Write DATA to server:");
+ fflush(stdout);
- len = sprintf( (char *) buf, "DATA\r\n" );
- ret = write_ssl_and_get_response( &ssl, buf, len );
- if( ret < 300 || ret > 399 )
- {
- mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ len = sprintf((char *) buf, "DATA\r\n");
+ ret = write_ssl_and_get_response(&ssl, buf, len);
+ if (ret < 300 || ret > 399) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
goto exit;
}
- mbedtls_printf(" ok\n" );
+ mbedtls_printf(" ok\n");
- mbedtls_printf( " > Write content to server:" );
- fflush( stdout );
+ mbedtls_printf(" > Write content to server:");
+ fflush(stdout);
- len = sprintf( (char *) buf, "From: %s\r\nSubject: mbed TLS Test mail\r\n\r\n"
- "This is a simple test mail from the "
- "mbed TLS mail client example.\r\n"
- "\r\n"
- "Enjoy!", opt.mail_from );
- ret = write_ssl_data( &ssl, buf, len );
+ len = sprintf((char *) buf, "From: %s\r\nSubject: mbed TLS Test mail\r\n\r\n"
+ "This is a simple test mail from the "
+ "mbed TLS mail client example.\r\n"
+ "\r\n"
+ "Enjoy!", opt.mail_from);
+ ret = write_ssl_data(&ssl, buf, len);
- len = sprintf( (char *) buf, "\r\n.\r\n");
- ret = write_ssl_and_get_response( &ssl, buf, len );
- if( ret < 200 || ret > 299 )
- {
- mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ len = sprintf((char *) buf, "\r\n.\r\n");
+ ret = write_ssl_and_get_response(&ssl, buf, len);
+ if (ret < 200 || ret > 299) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
goto exit;
}
- mbedtls_printf(" ok\n" );
+ mbedtls_printf(" ok\n");
- mbedtls_ssl_close_notify( &ssl );
+ mbedtls_ssl_close_notify(&ssl);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_net_free( &server_fd );
- mbedtls_x509_crt_free( &clicert );
- mbedtls_x509_crt_free( &cacert );
- mbedtls_pk_free( &pkey );
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_net_free(&server_fd);
+ mbedtls_x509_crt_free(&clicert);
+ mbedtls_x509_crt_free(&cacert);
+ mbedtls_pk_free(&pkey);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C **
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index ca84c7a..4d7e648 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -33,15 +33,15 @@
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_THREADING_C) || !defined(MBEDTLS_THREADING_PTHREAD) || \
!defined(MBEDTLS_PEM_PARSE_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
- "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
- "MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
- "and/or MBEDTLS_PEM_PARSE_C not defined.\n");
- mbedtls_exit( 0 );
+ "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
+ "MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
+ "and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -80,20 +80,20 @@
mbedtls_threading_mutex_t debug_mutex;
-static void my_mutexed_debug( void *ctx, int level,
- const char *file, int line,
- const char *str )
+static void my_mutexed_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
{
long int thread_id = (long int) pthread_self();
- mbedtls_mutex_lock( &debug_mutex );
+ mbedtls_mutex_lock(&debug_mutex);
((void) level);
- mbedtls_fprintf( (FILE *) ctx, "%s:%04d: [ #%ld ] %s",
- file, line, thread_id, str );
- fflush( (FILE *) ctx );
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: [ #%ld ] %s",
+ file, line, thread_id, str);
+ fflush((FILE *) ctx);
- mbedtls_mutex_unlock( &debug_mutex );
+ mbedtls_mutex_unlock(&debug_mutex);
}
typedef struct {
@@ -111,7 +111,7 @@
static thread_info_t base_info;
static pthread_info_t threads[MAX_NUM_THREADS];
-static void *handle_ssl_connection( void *data )
+static void *handle_ssl_connection(void *data)
{
int ret, len;
thread_info_t *thread_info = (thread_info_t *) data;
@@ -121,190 +121,178 @@
mbedtls_ssl_context ssl;
/* Make sure memory references are valid */
- mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_init(&ssl);
- mbedtls_printf( " [ #%ld ] Setting up SSL/TLS data\n", thread_id );
+ mbedtls_printf(" [ #%ld ] Setting up SSL/TLS data\n", thread_id);
/*
* 4. Get the SSL context ready
*/
- if( ( ret = mbedtls_ssl_setup( &ssl, thread_info->config ) ) != 0 )
- {
- mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_setup returned -0x%04x\n",
- thread_id, ( unsigned int ) -ret );
+ if ((ret = mbedtls_ssl_setup(&ssl, thread_info->config)) != 0) {
+ mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_setup returned -0x%04x\n",
+ thread_id, (unsigned int) -ret);
goto thread_exit;
}
- mbedtls_ssl_set_bio( &ssl, client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
+ mbedtls_ssl_set_bio(&ssl, client_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
/*
* 5. Handshake
*/
- mbedtls_printf( " [ #%ld ] Performing the SSL/TLS handshake\n", thread_id );
+ mbedtls_printf(" [ #%ld ] Performing the SSL/TLS handshake\n", thread_id);
- while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
- {
- if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
- {
- mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_handshake returned -0x%04x\n",
- thread_id, ( unsigned int ) -ret );
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_handshake returned -0x%04x\n",
+ thread_id, (unsigned int) -ret);
goto thread_exit;
}
}
- mbedtls_printf( " [ #%ld ] ok\n", thread_id );
+ mbedtls_printf(" [ #%ld ] ok\n", thread_id);
/*
* 6. Read the HTTP Request
*/
- mbedtls_printf( " [ #%ld ] < Read from client\n", thread_id );
+ mbedtls_printf(" [ #%ld ] < Read from client\n", thread_id);
- do
- {
- len = sizeof( buf ) - 1;
- memset( buf, 0, sizeof( buf ) );
- ret = mbedtls_ssl_read( &ssl, buf, len );
+ do {
+ len = sizeof(buf) - 1;
+ memset(buf, 0, sizeof(buf));
+ ret = mbedtls_ssl_read(&ssl, buf, len);
- if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
continue;
+ }
- if( ret <= 0 )
- {
- switch( ret )
- {
+ if (ret <= 0) {
+ switch (ret) {
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
- mbedtls_printf( " [ #%ld ] connection was closed gracefully\n",
- thread_id );
+ mbedtls_printf(" [ #%ld ] connection was closed gracefully\n",
+ thread_id);
goto thread_exit;
case MBEDTLS_ERR_NET_CONN_RESET:
- mbedtls_printf( " [ #%ld ] connection was reset by peer\n",
- thread_id );
+ mbedtls_printf(" [ #%ld ] connection was reset by peer\n",
+ thread_id);
goto thread_exit;
default:
- mbedtls_printf( " [ #%ld ] mbedtls_ssl_read returned -0x%04x\n",
- thread_id, ( unsigned int ) -ret );
+ mbedtls_printf(" [ #%ld ] mbedtls_ssl_read returned -0x%04x\n",
+ thread_id, (unsigned int) -ret);
goto thread_exit;
}
}
len = ret;
- mbedtls_printf( " [ #%ld ] %d bytes read\n=====\n%s\n=====\n",
- thread_id, len, (char *) buf );
+ mbedtls_printf(" [ #%ld ] %d bytes read\n=====\n%s\n=====\n",
+ thread_id, len, (char *) buf);
- if( ret > 0 )
+ if (ret > 0) {
break;
- }
- while( 1 );
+ }
+ } while (1);
/*
* 7. Write the 200 Response
*/
- mbedtls_printf( " [ #%ld ] > Write to client:\n", thread_id );
+ mbedtls_printf(" [ #%ld ] > Write to client:\n", thread_id);
- len = sprintf( (char *) buf, HTTP_RESPONSE,
- mbedtls_ssl_get_ciphersuite( &ssl ) );
+ len = sprintf((char *) buf, HTTP_RESPONSE,
+ mbedtls_ssl_get_ciphersuite(&ssl));
- while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
- {
- if( ret == MBEDTLS_ERR_NET_CONN_RESET )
- {
- mbedtls_printf( " [ #%ld ] failed: peer closed the connection\n",
- thread_id );
+ while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
+ if (ret == MBEDTLS_ERR_NET_CONN_RESET) {
+ mbedtls_printf(" [ #%ld ] failed: peer closed the connection\n",
+ thread_id);
goto thread_exit;
}
- if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
- {
- mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_write returned -0x%04x\n",
- thread_id, ( unsigned int ) ret );
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_write returned -0x%04x\n",
+ thread_id, (unsigned int) ret);
goto thread_exit;
}
}
len = ret;
- mbedtls_printf( " [ #%ld ] %d bytes written\n=====\n%s\n=====\n",
- thread_id, len, (char *) buf );
+ mbedtls_printf(" [ #%ld ] %d bytes written\n=====\n%s\n=====\n",
+ thread_id, len, (char *) buf);
- mbedtls_printf( " [ #%ld ] . Closing the connection...", thread_id );
+ mbedtls_printf(" [ #%ld ] . Closing the connection...", thread_id);
- while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 )
- {
- if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
- ret != MBEDTLS_ERR_SSL_WANT_WRITE )
- {
- mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_close_notify returned -0x%04x\n",
- thread_id, ( unsigned int ) ret );
+ while ((ret = mbedtls_ssl_close_notify(&ssl)) < 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_close_notify returned -0x%04x\n",
+ thread_id, (unsigned int) ret);
goto thread_exit;
}
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
ret = 0;
thread_exit:
#ifdef MBEDTLS_ERROR_C
- if( ret != 0 )
- {
+ if (ret != 0) {
char error_buf[100];
- mbedtls_strerror( ret, error_buf, 100 );
+ mbedtls_strerror(ret, error_buf, 100);
mbedtls_printf(" [ #%ld ] Last error was: -0x%04x - %s\n\n",
- thread_id, ( unsigned int ) -ret, error_buf );
+ thread_id, (unsigned int) -ret, error_buf);
}
#endif
- mbedtls_net_free( client_fd );
- mbedtls_ssl_free( &ssl );
+ mbedtls_net_free(client_fd);
+ mbedtls_ssl_free(&ssl);
thread_info->thread_complete = 1;
- return( NULL );
+ return NULL;
}
-static int thread_create( mbedtls_net_context *client_fd )
+static int thread_create(mbedtls_net_context *client_fd)
{
int ret, i;
/*
* Find in-active or finished thread slot
*/
- for( i = 0; i < MAX_NUM_THREADS; i++ )
- {
- if( threads[i].active == 0 )
+ for (i = 0; i < MAX_NUM_THREADS; i++) {
+ if (threads[i].active == 0) {
break;
+ }
- if( threads[i].data.thread_complete == 1 )
- {
- mbedtls_printf( " [ main ] Cleaning up thread %d\n", i );
- pthread_join(threads[i].thread, NULL );
- memset( &threads[i], 0, sizeof(pthread_info_t) );
+ if (threads[i].data.thread_complete == 1) {
+ mbedtls_printf(" [ main ] Cleaning up thread %d\n", i);
+ pthread_join(threads[i].thread, NULL);
+ memset(&threads[i], 0, sizeof(pthread_info_t));
break;
}
}
- if( i == MAX_NUM_THREADS )
- return( -1 );
+ if (i == MAX_NUM_THREADS) {
+ return -1;
+ }
/*
* Fill thread-info for thread
*/
- memcpy( &threads[i].data, &base_info, sizeof(base_info) );
+ memcpy(&threads[i].data, &base_info, sizeof(base_info));
threads[i].active = 1;
- memcpy( &threads[i].data.client_fd, client_fd, sizeof( mbedtls_net_context ) );
+ memcpy(&threads[i].data.client_fd, client_fd, sizeof(mbedtls_net_context));
- if( ( ret = pthread_create( &threads[i].thread, NULL, handle_ssl_connection,
- &threads[i].data ) ) != 0 )
- {
- return( ret );
+ if ((ret = pthread_create(&threads[i].thread, NULL, handle_ssl_connection,
+ &threads[i].data)) != 0) {
+ return ret;
}
- return( 0 );
+ return 0;
}
-int main( void )
+int main(void)
{
int ret;
mbedtls_net_context listen_fd, client_fd;
@@ -324,166 +312,156 @@
#endif
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
- mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
+ mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
#endif
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_cache_init( &cache );
+ mbedtls_ssl_cache_init(&cache);
#endif
- mbedtls_x509_crt_init( &srvcert );
- mbedtls_x509_crt_init( &cachain );
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_x509_crt_init(&cachain);
- mbedtls_ssl_config_init( &conf );
- mbedtls_ctr_drbg_init( &ctr_drbg );
- memset( threads, 0, sizeof(threads) );
- mbedtls_net_init( &listen_fd );
- mbedtls_net_init( &client_fd );
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ memset(threads, 0, sizeof(threads));
+ mbedtls_net_init(&listen_fd);
+ mbedtls_net_init(&client_fd);
- mbedtls_mutex_init( &debug_mutex );
+ mbedtls_mutex_init(&debug_mutex);
base_info.config = &conf;
/*
* We use only a single entropy source that is used in all the threads.
*/
- mbedtls_entropy_init( &entropy );
+ mbedtls_entropy_init(&entropy);
/*
* 1. Load the certificates and private RSA key
*/
- mbedtls_printf( "\n . Loading the server cert. and key..." );
- fflush( stdout );
+ mbedtls_printf("\n . Loading the server cert. and key...");
+ fflush(stdout);
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
* server and CA certificates, as well as mbedtls_pk_parse_keyfile().
*/
- ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
- mbedtls_test_srv_crt_len );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
- ret = mbedtls_x509_crt_parse( &cachain, (const unsigned char *) mbedtls_test_cas_pem,
- mbedtls_test_cas_pem_len );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ ret = mbedtls_x509_crt_parse(&cachain, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
- mbedtls_pk_init( &pkey );
- ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0 );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
+ mbedtls_pk_init(&pkey);
+ ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 1b. Seed the random number generator
*/
- mbedtls_printf( " . Seeding the random number generator..." );
+ mbedtls_printf(" . Seeding the random number generator...");
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
- ( unsigned int ) -ret );
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 1c. Prepare SSL configuration
*/
- mbedtls_printf( " . Setting up the SSL data...." );
+ mbedtls_printf(" . Setting up the SSL data....");
- if( ( ret = mbedtls_ssl_config_defaults( &conf,
- MBEDTLS_SSL_IS_SERVER,
- MBEDTLS_SSL_TRANSPORT_STREAM,
- MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
- {
- mbedtls_printf( " failed: mbedtls_ssl_config_defaults returned -0x%04x\n",
- ( unsigned int ) -ret );
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed: mbedtls_ssl_config_defaults returned -0x%04x\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_conf_dbg( &conf, my_mutexed_debug, stdout );
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_ssl_conf_dbg(&conf, my_mutexed_debug, stdout);
/* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
* MBEDTLS_THREADING_C is set.
*/
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_conf_session_cache( &conf, &cache,
+ mbedtls_ssl_conf_session_cache(&conf, &cache,
mbedtls_ssl_cache_get,
- mbedtls_ssl_cache_set );
+ mbedtls_ssl_cache_set);
#endif
- mbedtls_ssl_conf_ca_chain( &conf, &cachain, NULL );
- if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
+ mbedtls_ssl_conf_ca_chain(&conf, &cachain, NULL);
+ if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 2. Setup the listening TCP socket
*/
- mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
- fflush( stdout );
+ mbedtls_printf(" . Bind on https://localhost:4433/ ...");
+ fflush(stdout);
- if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
+ if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
reset:
#ifdef MBEDTLS_ERROR_C
- if( ret != 0 )
- {
+ if (ret != 0) {
char error_buf[100];
- mbedtls_strerror( ret, error_buf, 100 );
- mbedtls_printf( " [ main ] Last error was: -0x%04x - %s\n", ( unsigned int ) -ret,
- error_buf );
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf(" [ main ] Last error was: -0x%04x - %s\n", (unsigned int) -ret,
+ error_buf);
}
#endif
/*
* 3. Wait until a client connects
*/
- mbedtls_printf( " [ main ] Waiting for a remote connection\n" );
+ mbedtls_printf(" [ main ] Waiting for a remote connection\n");
- if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
- NULL, 0, NULL ) ) != 0 )
- {
- mbedtls_printf( " [ main ] failed: mbedtls_net_accept returned -0x%04x\n",
- ( unsigned int ) ret );
+ if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
+ NULL, 0, NULL)) != 0) {
+ mbedtls_printf(" [ main ] failed: mbedtls_net_accept returned -0x%04x\n",
+ (unsigned int) ret);
goto exit;
}
- mbedtls_printf( " [ main ] ok\n" );
- mbedtls_printf( " [ main ] Creating a new thread\n" );
+ mbedtls_printf(" [ main ] ok\n");
+ mbedtls_printf(" [ main ] Creating a new thread\n");
- if( ( ret = thread_create( &client_fd ) ) != 0 )
- {
- mbedtls_printf( " [ main ] failed: thread_create returned %d\n", ret );
- mbedtls_net_free( &client_fd );
+ if ((ret = thread_create(&client_fd)) != 0) {
+ mbedtls_printf(" [ main ] failed: thread_create returned %d\n", ret);
+ mbedtls_net_free(&client_fd);
goto reset;
}
@@ -491,29 +469,29 @@
goto reset;
exit:
- mbedtls_x509_crt_free( &srvcert );
- mbedtls_pk_free( &pkey );
+ mbedtls_x509_crt_free(&srvcert);
+ mbedtls_pk_free(&pkey);
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_cache_free( &cache );
+ mbedtls_ssl_cache_free(&cache);
#endif
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
- mbedtls_ssl_config_free( &conf );
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+ mbedtls_ssl_config_free(&conf);
- mbedtls_net_free( &listen_fd );
+ mbedtls_net_free(&listen_fd);
- mbedtls_mutex_free( &debug_mutex );
+ mbedtls_mutex_free(&debug_mutex);
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_free();
#endif
#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( ret );
+ mbedtls_exit(ret);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 956cebc..8f6a573 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -31,14 +31,14 @@
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_PEM_PARSE_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
- "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
- "and/or MBEDTLS_PEM_PARSE_C not defined.\n");
- mbedtls_exit( 0 );
+ "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -70,17 +70,17 @@
#define DEBUG_LEVEL 0
-static void my_debug( void *ctx, int level,
- const char *file, int line,
- const char *str )
+static void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
{
((void) level);
- mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
- fflush( (FILE *) ctx );
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
+ fflush((FILE *) ctx);
}
-int main( void )
+int main(void)
{
int ret, len;
mbedtls_net_context listen_fd, client_fd;
@@ -97,205 +97,191 @@
mbedtls_ssl_cache_context cache;
#endif
- mbedtls_net_init( &listen_fd );
- mbedtls_net_init( &client_fd );
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
+ mbedtls_net_init(&listen_fd);
+ mbedtls_net_init(&client_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_cache_init( &cache );
+ mbedtls_ssl_cache_init(&cache);
#endif
- mbedtls_x509_crt_init( &srvcert );
- mbedtls_pk_init( &pkey );
- mbedtls_entropy_init( &entropy );
- mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_pk_init(&pkey);
+ mbedtls_entropy_init(&entropy);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
#if defined(MBEDTLS_DEBUG_C)
- mbedtls_debug_set_threshold( DEBUG_LEVEL );
+ mbedtls_debug_set_threshold(DEBUG_LEVEL);
#endif
/*
* 1. Load the certificates and private RSA key
*/
- mbedtls_printf( "\n . Loading the server cert. and key..." );
- fflush( stdout );
+ mbedtls_printf("\n . Loading the server cert. and key...");
+ fflush(stdout);
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
* server and CA certificates, as well as mbedtls_pk_parse_keyfile().
*/
- ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
- mbedtls_test_srv_crt_len );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
- ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
- mbedtls_test_cas_pem_len );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
- ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0 );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
+ ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 2. Setup the listening TCP socket
*/
- mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
- fflush( stdout );
+ mbedtls_printf(" . Bind on https://localhost:4433/ ...");
+ fflush(stdout);
- if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
+ if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 3. Seed the RNG
*/
- mbedtls_printf( " . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf(" . Seeding the random number generator...");
+ fflush(stdout);
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 4. Setup stuff
*/
- mbedtls_printf( " . Setting up the SSL data...." );
- fflush( stdout );
+ mbedtls_printf(" . Setting up the SSL data....");
+ fflush(stdout);
- if( ( ret = mbedtls_ssl_config_defaults( &conf,
- MBEDTLS_SSL_IS_SERVER,
- MBEDTLS_SSL_TRANSPORT_STREAM,
- MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
goto exit;
}
- mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_conf_session_cache( &conf, &cache,
+ mbedtls_ssl_conf_session_cache(&conf, &cache,
mbedtls_ssl_cache_get,
- mbedtls_ssl_cache_set );
+ mbedtls_ssl_cache_set);
#endif
- mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
- if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
+ mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
+ if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
goto exit;
}
- if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
reset:
#ifdef MBEDTLS_ERROR_C
- if( ret != 0 )
- {
+ if (ret != 0) {
char error_buf[100];
- mbedtls_strerror( ret, error_buf, 100 );
- mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
}
#endif
- mbedtls_net_free( &client_fd );
+ mbedtls_net_free(&client_fd);
- mbedtls_ssl_session_reset( &ssl );
+ mbedtls_ssl_session_reset(&ssl);
/*
* 3. Wait until a client connects
*/
- mbedtls_printf( " . Waiting for a remote connection ..." );
- fflush( stdout );
+ mbedtls_printf(" . Waiting for a remote connection ...");
+ fflush(stdout);
- if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
- NULL, 0, NULL ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
+ if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
+ NULL, 0, NULL)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret);
goto exit;
}
- mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
+ mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 5. Handshake
*/
- mbedtls_printf( " . Performing the SSL/TLS handshake..." );
- fflush( stdout );
+ mbedtls_printf(" . Performing the SSL/TLS handshake...");
+ fflush(stdout);
- while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
- {
- if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret );
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret);
goto reset;
}
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 6. Read the HTTP Request
*/
- mbedtls_printf( " < Read from client:" );
- fflush( stdout );
+ mbedtls_printf(" < Read from client:");
+ fflush(stdout);
- do
- {
- len = sizeof( buf ) - 1;
- memset( buf, 0, sizeof( buf ) );
- ret = mbedtls_ssl_read( &ssl, buf, len );
+ do {
+ len = sizeof(buf) - 1;
+ memset(buf, 0, sizeof(buf));
+ ret = mbedtls_ssl_read(&ssl, buf, len);
- if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
continue;
+ }
- if( ret <= 0 )
- {
- switch( ret )
- {
+ if (ret <= 0) {
+ switch (ret) {
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
- mbedtls_printf( " connection was closed gracefully\n" );
+ mbedtls_printf(" connection was closed gracefully\n");
break;
case MBEDTLS_ERR_NET_CONN_RESET:
- mbedtls_printf( " connection was reset by peer\n" );
+ mbedtls_printf(" connection was reset by peer\n");
break;
default:
- mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret );
+ mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret);
break;
}
@@ -303,53 +289,48 @@
}
len = ret;
- mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
+ mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf);
- if( ret > 0 )
+ if (ret > 0) {
break;
- }
- while( 1 );
+ }
+ } while (1);
/*
* 7. Write the 200 Response
*/
- mbedtls_printf( " > Write to client:" );
- fflush( stdout );
+ mbedtls_printf(" > Write to client:");
+ fflush(stdout);
- len = sprintf( (char *) buf, HTTP_RESPONSE,
- mbedtls_ssl_get_ciphersuite( &ssl ) );
+ len = sprintf((char *) buf, HTTP_RESPONSE,
+ mbedtls_ssl_get_ciphersuite(&ssl));
- while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
- {
- if( ret == MBEDTLS_ERR_NET_CONN_RESET )
- {
- mbedtls_printf( " failed\n ! peer closed the connection\n\n" );
+ while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
+ if (ret == MBEDTLS_ERR_NET_CONN_RESET) {
+ mbedtls_printf(" failed\n ! peer closed the connection\n\n");
goto reset;
}
- if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
goto exit;
}
}
len = ret;
- mbedtls_printf( " %d bytes written\n\n%s\n", len, (char *) buf );
+ mbedtls_printf(" %d bytes written\n\n%s\n", len, (char *) buf);
- mbedtls_printf( " . Closing the connection..." );
+ mbedtls_printf(" . Closing the connection...");
- while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 )
- {
- if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
- ret != MBEDTLS_ERR_SSL_WANT_WRITE )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret );
+ while ((ret = mbedtls_ssl_close_notify(&ssl)) < 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret);
goto reset;
}
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
ret = 0;
goto reset;
@@ -357,33 +338,32 @@
exit:
#ifdef MBEDTLS_ERROR_C
- if( ret != 0 )
- {
+ if (ret != 0) {
char error_buf[100];
- mbedtls_strerror( ret, error_buf, 100 );
- mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
}
#endif
- mbedtls_net_free( &client_fd );
- mbedtls_net_free( &listen_fd );
+ mbedtls_net_free(&client_fd);
+ mbedtls_net_free(&listen_fd);
- mbedtls_x509_crt_free( &srvcert );
- mbedtls_pk_free( &pkey );
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
+ mbedtls_x509_crt_free(&srvcert);
+ mbedtls_pk_free(&pkey);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_cache_free( &cache );
+ mbedtls_ssl_cache_free(&cache);
#endif
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( ret );
+ mbedtls_exit(ret);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 4e9e499..dd78c0b 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -20,16 +20,16 @@
#include "ssl_test_lib.h"
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
-int main( void )
+int main(void)
{
- mbedtls_printf( MBEDTLS_SSL_TEST_IMPOSSIBLE );
- mbedtls_exit( 0 );
+ mbedtls_printf(MBEDTLS_SSL_TEST_IMPOSSIBLE);
+ mbedtls_exit(0);
}
#elif !defined(MBEDTLS_SSL_SRV_C)
-int main( void )
+int main(void)
{
- mbedtls_printf( "MBEDTLS_SSL_SRV_C not defined.\n" );
- mbedtls_exit( 0 );
+ mbedtls_printf("MBEDTLS_SSL_SRV_C not defined.\n");
+ mbedtls_exit(0);
}
#else /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_SRV_C */
@@ -88,9 +88,9 @@
#define DFL_KEY_FILE2 ""
#define DFL_KEY_PWD2 ""
#define DFL_ASYNC_OPERATIONS "-"
-#define DFL_ASYNC_PRIVATE_DELAY1 ( -1 )
-#define DFL_ASYNC_PRIVATE_DELAY2 ( -1 )
-#define DFL_ASYNC_PRIVATE_ERROR ( 0 )
+#define DFL_ASYNC_PRIVATE_DELAY1 (-1)
+#define DFL_ASYNC_PRIVATE_DELAY2 (-1)
+#define DFL_ASYNC_PRIVATE_ERROR (0)
#define DFL_PSK ""
#define DFL_PSK_OPAQUE 0
#define DFL_PSK_LIST_OPAQUE 0
@@ -103,7 +103,7 @@
#define DFL_ALLOW_LEGACY -2
#define DFL_RENEGOTIATE 0
#define DFL_RENEGO_DELAY -2
-#define DFL_RENEGO_PERIOD ( (uint64_t)-1 )
+#define DFL_RENEGO_PERIOD ((uint64_t) -1)
#define DFL_EXCHANGES 1
#define DFL_MIN_VERSION -1
#define DFL_MAX_VERSION -1
@@ -149,12 +149,12 @@
#define DFL_SRTP_SUPPORT_MKI 0
#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
- "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
- "03-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
- "04-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
- "05-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
- "06-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
- "07-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah</p>\r\n"
+ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "03-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "04-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "05-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "06-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "07-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah</p>\r\n"
/* Uncomment LONG_RESPONSE at the end of HTTP_RESPONSE to test sending longer
* packets (for fragmentation purposes) */
@@ -180,14 +180,14 @@
" crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
" default: see note after key_file2\n" \
" key_file=%%s default: see note after key_file2\n" \
- " key_pwd=%%s Password for key specified by key_file argument\n"\
+ " key_pwd=%%s Password for key specified by key_file argument\n" \
" default: none\n" \
" crt_file2=%%s Your second cert and chain (in bottom to top order, top may be omitted)\n" \
" default: see note after key_file2\n" \
" key_file2=%%s default: see note below\n" \
" note: if neither crt_file/key_file nor crt_file2/key_file2 are used,\n" \
" preloaded certificate(s) and key(s) are used if available\n" \
- " key_pwd2=%%s Password for key specified by key_file2 argument\n"\
+ " key_pwd2=%%s Password for key specified by key_file2 argument\n" \
" default: none\n" \
" dhm_file=%%s File containing Diffie-Hellman parameters\n" \
" default: preloaded parameters\n"
@@ -335,8 +335,8 @@
#endif
#define USAGE_SNI \
- " sni=%%s name1,cert1,key1,ca1"SNI_CRL",auth1[,...]\n" \
- " default: disabled\n"
+ " sni=%%s name1,cert1,key1,ca1"SNI_CRL ",auth1[,...]\n" \
+ " default: disabled\n"
#else
#define USAGE_SNI ""
#endif /* SNI_OPTION */
@@ -449,7 +449,7 @@
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
" options: 1 (serialize)\n" \
" 2 (serialize with re-initialization)\n" \
- " context_file=%%s The file path to write a serialized connection\n"\
+ " context_file=%%s The file path to write a serialized connection\n" \
" in the form of base64 code (serialize option\n" \
" must be set)\n" \
" default: \"\" (do nothing)\n" \
@@ -472,7 +472,7 @@
" (minimum: 1, max: 16385)\n" \
" response_size=%%d default: about 152 (basic response)\n" \
" (minimum: 0, max: 16384)\n" \
- " increases buffer_size if bigger\n"\
+ " increases buffer_size if bigger\n" \
" nbio=%%d default: 0 (blocking I/O)\n" \
" options: 1 (non-blocking), 2 (added delays)\n" \
" event=%%d default: 0 (loop)\n" \
@@ -540,24 +540,23 @@
#define ALPN_LIST_SIZE 10
#define CURVE_LIST_SIZE 20
-#define PUT_UINT64_BE(out_be,in_le,i) \
-{ \
- (out_be)[(i) + 0] = (unsigned char)( ( (in_le) >> 56 ) & 0xFF ); \
- (out_be)[(i) + 1] = (unsigned char)( ( (in_le) >> 48 ) & 0xFF ); \
- (out_be)[(i) + 2] = (unsigned char)( ( (in_le) >> 40 ) & 0xFF ); \
- (out_be)[(i) + 3] = (unsigned char)( ( (in_le) >> 32 ) & 0xFF ); \
- (out_be)[(i) + 4] = (unsigned char)( ( (in_le) >> 24 ) & 0xFF ); \
- (out_be)[(i) + 5] = (unsigned char)( ( (in_le) >> 16 ) & 0xFF ); \
- (out_be)[(i) + 6] = (unsigned char)( ( (in_le) >> 8 ) & 0xFF ); \
- (out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \
-}
+#define PUT_UINT64_BE(out_be, in_le, i) \
+ { \
+ (out_be)[(i) + 0] = (unsigned char) (((in_le) >> 56) & 0xFF); \
+ (out_be)[(i) + 1] = (unsigned char) (((in_le) >> 48) & 0xFF); \
+ (out_be)[(i) + 2] = (unsigned char) (((in_le) >> 40) & 0xFF); \
+ (out_be)[(i) + 3] = (unsigned char) (((in_le) >> 32) & 0xFF); \
+ (out_be)[(i) + 4] = (unsigned char) (((in_le) >> 24) & 0xFF); \
+ (out_be)[(i) + 5] = (unsigned char) (((in_le) >> 16) & 0xFF); \
+ (out_be)[(i) + 6] = (unsigned char) (((in_le) >> 8) & 0xFF); \
+ (out_be)[(i) + 7] = (unsigned char) (((in_le) >> 0) & 0xFF); \
+ }
/*
* global options
*/
-struct options
-{
+struct options {
const char *server_addr; /* address on which the ssl service runs */
const char *server_port; /* port on which the ssl service runs */
int debug_level; /* level of debugging */
@@ -651,30 +650,33 @@
/*
* Return authmode from string, or -1 on error
*/
-static int get_auth_mode( const char *s )
+static int get_auth_mode(const char *s)
{
- if( strcmp( s, "none" ) == 0 )
- return( MBEDTLS_SSL_VERIFY_NONE );
- if( strcmp( s, "optional" ) == 0 )
- return( MBEDTLS_SSL_VERIFY_OPTIONAL );
- if( strcmp( s, "required" ) == 0 )
- return( MBEDTLS_SSL_VERIFY_REQUIRED );
+ if (strcmp(s, "none") == 0) {
+ return MBEDTLS_SSL_VERIFY_NONE;
+ }
+ if (strcmp(s, "optional") == 0) {
+ return MBEDTLS_SSL_VERIFY_OPTIONAL;
+ }
+ if (strcmp(s, "required") == 0) {
+ return MBEDTLS_SSL_VERIFY_REQUIRED;
+ }
- return( -1 );
+ return -1;
}
/*
* Used by sni_parse and psk_parse to handle coma-separated lists
*/
-#define GET_ITEM( dst ) \
+#define GET_ITEM(dst) \
do \
{ \
(dst) = p; \
- while( *p != ',' ) \
- if( ++p > end ) \
- goto error; \
+ while (*p != ',') \
+ if (++p > end) \
+ goto error; \
*p++ = '\0'; \
- } while( 0 )
+ } while (0)
#if defined(SNI_OPTION)
typedef struct _sni_entry sni_entry;
@@ -683,32 +685,31 @@
const char *name;
mbedtls_x509_crt *cert;
mbedtls_pk_context *key;
- mbedtls_x509_crt* ca;
- mbedtls_x509_crl* crl;
+ mbedtls_x509_crt *ca;
+ mbedtls_x509_crl *crl;
int authmode;
sni_entry *next;
};
-void sni_free( sni_entry *head )
+void sni_free(sni_entry *head)
{
sni_entry *cur = head, *next;
- while( cur != NULL )
- {
- mbedtls_x509_crt_free( cur->cert );
- mbedtls_free( cur->cert );
+ while (cur != NULL) {
+ mbedtls_x509_crt_free(cur->cert);
+ mbedtls_free(cur->cert);
- mbedtls_pk_free( cur->key );
- mbedtls_free( cur->key );
+ mbedtls_pk_free(cur->key);
+ mbedtls_free(cur->key);
- mbedtls_x509_crt_free( cur->ca );
- mbedtls_free( cur->ca );
+ mbedtls_x509_crt_free(cur->ca);
+ mbedtls_free(cur->ca);
#if defined(MBEDTLS_X509_CRL_PARSE_C)
- mbedtls_x509_crl_free( cur->crl );
- mbedtls_free( cur->crl );
+ mbedtls_x509_crl_free(cur->crl);
+ mbedtls_free(cur->crl);
#endif
next = cur->next;
- mbedtls_free( cur );
+ mbedtls_free(cur);
cur = next;
}
}
@@ -720,7 +721,7 @@
*
* Modifies the input string! This is not production quality!
*/
-sni_entry *sni_parse( char *sni_string )
+sni_entry *sni_parse(char *sni_string)
{
sni_entry *cur = NULL, *new = NULL;
char *p = sni_string;
@@ -730,108 +731,111 @@
char *crl_file;
#endif
- while( *end != '\0' )
+ while (*end != '\0') {
++end;
+ }
*end = ',';
- while( p <= end )
- {
- if( ( new = mbedtls_calloc( 1, sizeof( sni_entry ) ) ) == NULL )
- {
- sni_free( cur );
- return( NULL );
+ while (p <= end) {
+ if ((new = mbedtls_calloc(1, sizeof(sni_entry))) == NULL) {
+ sni_free(cur);
+ return NULL;
}
- GET_ITEM( new->name );
- GET_ITEM( crt_file );
- GET_ITEM( key_file );
- GET_ITEM( ca_file );
+ GET_ITEM(new->name);
+ GET_ITEM(crt_file);
+ GET_ITEM(key_file);
+ GET_ITEM(ca_file);
#if defined(MBEDTLS_X509_CRL_PARSE_C)
- GET_ITEM( crl_file );
+ GET_ITEM(crl_file);
#endif
- GET_ITEM( auth_str );
+ GET_ITEM(auth_str);
- if( ( new->cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL ||
- ( new->key = mbedtls_calloc( 1, sizeof( mbedtls_pk_context ) ) ) == NULL )
+ if ((new->cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt))) == NULL ||
+ (new->key = mbedtls_calloc(1, sizeof(mbedtls_pk_context))) == NULL) {
goto error;
+ }
- mbedtls_x509_crt_init( new->cert );
- mbedtls_pk_init( new->key );
+ mbedtls_x509_crt_init(new->cert);
+ mbedtls_pk_init(new->key);
- if( mbedtls_x509_crt_parse_file( new->cert, crt_file ) != 0 ||
- mbedtls_pk_parse_keyfile( new->key, key_file, "" ) != 0 )
+ if (mbedtls_x509_crt_parse_file(new->cert, crt_file) != 0 ||
+ mbedtls_pk_parse_keyfile(new->key, key_file, "") != 0) {
goto error;
+ }
- if( strcmp( ca_file, "-" ) != 0 )
- {
- if( ( new->ca = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL )
+ if (strcmp(ca_file, "-") != 0) {
+ if ((new->ca = mbedtls_calloc(1, sizeof(mbedtls_x509_crt))) == NULL) {
goto error;
+ }
- mbedtls_x509_crt_init( new->ca );
+ mbedtls_x509_crt_init(new->ca);
- if( mbedtls_x509_crt_parse_file( new->ca, ca_file ) != 0 )
+ if (mbedtls_x509_crt_parse_file(new->ca, ca_file) != 0) {
goto error;
+ }
}
#if defined(MBEDTLS_X509_CRL_PARSE_C)
- if( strcmp( crl_file, "-" ) != 0 )
- {
- if( ( new->crl = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ) ) == NULL )
+ if (strcmp(crl_file, "-") != 0) {
+ if ((new->crl = mbedtls_calloc(1, sizeof(mbedtls_x509_crl))) == NULL) {
goto error;
+ }
- mbedtls_x509_crl_init( new->crl );
+ mbedtls_x509_crl_init(new->crl);
- if( mbedtls_x509_crl_parse_file( new->crl, crl_file ) != 0 )
+ if (mbedtls_x509_crl_parse_file(new->crl, crl_file) != 0) {
goto error;
+ }
}
#endif
- if( strcmp( auth_str, "-" ) != 0 )
- {
- if( ( new->authmode = get_auth_mode( auth_str ) ) < 0 )
+ if (strcmp(auth_str, "-") != 0) {
+ if ((new->authmode = get_auth_mode(auth_str)) < 0) {
goto error;
- }
- else
+ }
+ } else {
new->authmode = DFL_AUTH_MODE;
+ }
new->next = cur;
cur = new;
}
- return( cur );
+ return cur;
error:
- sni_free( new );
- sni_free( cur );
- return( NULL );
+ sni_free(new);
+ sni_free(cur);
+ return NULL;
}
/*
* SNI callback.
*/
-int sni_callback( void *p_info, mbedtls_ssl_context *ssl,
- const unsigned char *name, size_t name_len )
+int sni_callback(void *p_info, mbedtls_ssl_context *ssl,
+ const unsigned char *name, size_t name_len)
{
const sni_entry *cur = (const sni_entry *) p_info;
- while( cur != NULL )
- {
- if( name_len == strlen( cur->name ) &&
- memcmp( name, cur->name, name_len ) == 0 )
- {
- if( cur->ca != NULL )
- mbedtls_ssl_set_hs_ca_chain( ssl, cur->ca, cur->crl );
+ while (cur != NULL) {
+ if (name_len == strlen(cur->name) &&
+ memcmp(name, cur->name, name_len) == 0) {
+ if (cur->ca != NULL) {
+ mbedtls_ssl_set_hs_ca_chain(ssl, cur->ca, cur->crl);
+ }
- if( cur->authmode != DFL_AUTH_MODE )
- mbedtls_ssl_set_hs_authmode( ssl, cur->authmode );
+ if (cur->authmode != DFL_AUTH_MODE) {
+ mbedtls_ssl_set_hs_authmode(ssl, cur->authmode);
+ }
- return( mbedtls_ssl_set_hs_own_cert( ssl, cur->cert, cur->key ) );
+ return mbedtls_ssl_set_hs_own_cert(ssl, cur->cert, cur->key);
}
cur = cur->next;
}
- return( -1 );
+ return -1;
}
#endif /* SNI_OPTION */
@@ -840,8 +844,7 @@
typedef struct _psk_entry psk_entry;
-struct _psk_entry
-{
+struct _psk_entry {
const char *name;
size_t key_len;
unsigned char key[MBEDTLS_PSK_MAX_LEN];
@@ -854,30 +857,29 @@
/*
* Free a list of psk_entry's
*/
-int psk_free( psk_entry *head )
+int psk_free(psk_entry *head)
{
psk_entry *next;
- while( head != NULL )
- {
+ while (head != NULL) {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
psa_key_id_t const slot = head->slot;
- if( slot != 0 )
- {
- status = psa_destroy_key( slot );
- if( status != PSA_SUCCESS )
- return( status );
+ if (slot != 0) {
+ status = psa_destroy_key(slot);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
next = head->next;
- mbedtls_free( head );
+ mbedtls_free(head);
head = next;
}
- return( 0 );
+ return 0;
}
/*
@@ -886,68 +888,68 @@
*
* Modifies the input string! This is not production quality!
*/
-psk_entry *psk_parse( char *psk_string )
+psk_entry *psk_parse(char *psk_string)
{
psk_entry *cur = NULL, *new = NULL;
char *p = psk_string;
char *end = p;
char *key_hex;
- while( *end != '\0' )
+ while (*end != '\0') {
++end;
+ }
*end = ',';
- while( p <= end )
- {
- if( ( new = mbedtls_calloc( 1, sizeof( psk_entry ) ) ) == NULL )
+ while (p <= end) {
+ if ((new = mbedtls_calloc(1, sizeof(psk_entry))) == NULL) {
goto error;
+ }
- memset( new, 0, sizeof( psk_entry ) );
+ memset(new, 0, sizeof(psk_entry));
- GET_ITEM( new->name );
- GET_ITEM( key_hex );
+ GET_ITEM(new->name);
+ GET_ITEM(key_hex);
- if( mbedtls_test_unhexify( new->key, MBEDTLS_PSK_MAX_LEN,
- key_hex, &new->key_len ) != 0 )
+ if (mbedtls_test_unhexify(new->key, MBEDTLS_PSK_MAX_LEN,
+ key_hex, &new->key_len) != 0) {
goto error;
+ }
new->next = cur;
cur = new;
}
- return( cur );
+ return cur;
error:
- psk_free( new );
- psk_free( cur );
- return( 0 );
+ psk_free(new);
+ psk_free(cur);
+ return 0;
}
/*
* PSK callback
*/
-int psk_callback( void *p_info, mbedtls_ssl_context *ssl,
- const unsigned char *name, size_t name_len )
+int psk_callback(void *p_info, mbedtls_ssl_context *ssl,
+ const unsigned char *name, size_t name_len)
{
psk_entry *cur = (psk_entry *) p_info;
- while( cur != NULL )
- {
- if( name_len == strlen( cur->name ) &&
- memcmp( name, cur->name, name_len ) == 0 )
- {
+ while (cur != NULL) {
+ if (name_len == strlen(cur->name) &&
+ memcmp(name, cur->name, name_len) == 0) {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( cur->slot != 0 )
- return( mbedtls_ssl_set_hs_psk_opaque( ssl, cur->slot ) );
- else
+ if (cur->slot != 0) {
+ return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot);
+ } else
#endif
- return( mbedtls_ssl_set_hs_psk( ssl, cur->key, cur->key_len ) );
+ return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len);
}
cur = cur->next;
}
- return( -1 );
+ return -1;
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
@@ -956,12 +958,12 @@
/* Interruption handler to ensure clean exit (for valgrind testing) */
#if !defined(_WIN32)
static int received_sigterm = 0;
-void term_handler( int sig )
+void term_handler(int sig)
{
((void) sig);
received_sigterm = 1;
- mbedtls_net_free( &listen_fd ); /* causes mbedtls_net_accept() to abort */
- mbedtls_net_free( &client_fd ); /* causes net_read() to abort */
+ mbedtls_net_free(&listen_fd); /* causes mbedtls_net_accept() to abort */
+ mbedtls_net_free(&client_fd); /* causes net_read() to abort */
}
#endif
@@ -975,16 +977,15 @@
* - A write, when the SSL output buffer contains some data that has not
* been sent over the network yet.
* - An asynchronous callback that has not completed yet. */
-static int mbedtls_status_is_ssl_in_progress( int ret )
+static int mbedtls_status_is_ssl_in_progress(int ret)
{
- return( ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE ||
- ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
+ return ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE ||
+ ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS;
}
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-typedef struct
-{
+typedef struct {
mbedtls_x509_crt *cert; /*!< Certificate corresponding to the key */
mbedtls_pk_context *pk; /*!< Private key */
unsigned delay; /*!< Number of resume steps to go through */
@@ -999,8 +1000,7 @@
#define SSL_ASYNC_INJECT_ERROR_MAX SSL_ASYNC_INJECT_ERROR_RESUME
} ssl_async_inject_error_t;
-typedef struct
-{
+typedef struct {
ssl_async_key_slot_t slots[4]; /* key, key2, sni1, sni2 */
size_t slots_used;
ssl_async_inject_error_t inject_error;
@@ -1008,32 +1008,31 @@
void *p_rng;
} ssl_async_key_context_t;
-int ssl_async_set_key( ssl_async_key_context_t *ctx,
- mbedtls_x509_crt *cert,
- mbedtls_pk_context *pk,
- int pk_take_ownership,
- unsigned delay )
+int ssl_async_set_key(ssl_async_key_context_t *ctx,
+ mbedtls_x509_crt *cert,
+ mbedtls_pk_context *pk,
+ int pk_take_ownership,
+ unsigned delay)
{
- if( ctx->slots_used >= sizeof( ctx->slots ) / sizeof( *ctx->slots ) )
- return( -1 );
+ if (ctx->slots_used >= sizeof(ctx->slots) / sizeof(*ctx->slots)) {
+ return -1;
+ }
ctx->slots[ctx->slots_used].cert = cert;
ctx->slots[ctx->slots_used].pk = pk;
ctx->slots[ctx->slots_used].delay = delay;
ctx->slots[ctx->slots_used].pk_owned = pk_take_ownership;
++ctx->slots_used;
- return( 0 );
+ return 0;
}
#define SSL_ASYNC_INPUT_MAX_SIZE 512
-typedef enum
-{
+typedef enum {
ASYNC_OP_SIGN,
ASYNC_OP_DECRYPT,
} ssl_async_operation_type_t;
-typedef struct
-{
+typedef struct {
unsigned slot;
ssl_async_operation_type_t operation_type;
mbedtls_md_type_t md_alg;
@@ -1053,244 +1052,239 @@
"decrypt",
};
-static int ssl_async_start( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *cert,
- ssl_async_operation_type_t op_type,
- mbedtls_md_type_t md_alg,
- const unsigned char *input,
- size_t input_len )
+static int ssl_async_start(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *cert,
+ ssl_async_operation_type_t op_type,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *input,
+ size_t input_len)
{
ssl_async_key_context_t *config_data =
- mbedtls_ssl_conf_get_async_config_data( ssl->conf );
+ mbedtls_ssl_conf_get_async_config_data(ssl->conf);
unsigned slot;
ssl_async_operation_context_t *ctx = NULL;
const char *op_name = ssl_async_operation_names[op_type];
{
char dn[100];
- if( mbedtls_x509_dn_gets( dn, sizeof( dn ), &cert->subject ) > 0 )
- mbedtls_printf( "Async %s callback: looking for DN=%s\n",
- op_name, dn );
+ if (mbedtls_x509_dn_gets(dn, sizeof(dn), &cert->subject) > 0) {
+ mbedtls_printf("Async %s callback: looking for DN=%s\n",
+ op_name, dn);
+ }
}
/* Look for a private key that matches the public key in cert.
* Since this test code has the private key inside Mbed TLS,
* we call mbedtls_pk_check_pair to match a private key with the
* public key. */
- for( slot = 0; slot < config_data->slots_used; slot++ )
- {
- if( mbedtls_pk_check_pair( &cert->pk,
- config_data->slots[slot].pk ) == 0 )
+ for (slot = 0; slot < config_data->slots_used; slot++) {
+ if (mbedtls_pk_check_pair(&cert->pk,
+ config_data->slots[slot].pk) == 0) {
break;
+ }
}
- if( slot == config_data->slots_used )
- {
- mbedtls_printf( "Async %s callback: no key matches this certificate.\n",
- op_name );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH );
+ if (slot == config_data->slots_used) {
+ mbedtls_printf("Async %s callback: no key matches this certificate.\n",
+ op_name);
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH;
}
- mbedtls_printf( "Async %s callback: using key slot %u, delay=%u.\n",
- op_name, slot, config_data->slots[slot].delay );
+ mbedtls_printf("Async %s callback: using key slot %u, delay=%u.\n",
+ op_name, slot, config_data->slots[slot].delay);
- if( config_data->inject_error == SSL_ASYNC_INJECT_ERROR_START )
- {
- mbedtls_printf( "Async %s callback: injected error\n", op_name );
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+ if (config_data->inject_error == SSL_ASYNC_INJECT_ERROR_START) {
+ mbedtls_printf("Async %s callback: injected error\n", op_name);
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
- if( input_len > SSL_ASYNC_INPUT_MAX_SIZE )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if (input_len > SSL_ASYNC_INPUT_MAX_SIZE) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
- ctx = mbedtls_calloc( 1, sizeof( *ctx ) );
- if( ctx == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ ctx = mbedtls_calloc(1, sizeof(*ctx));
+ if (ctx == NULL) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
ctx->slot = slot;
ctx->operation_type = op_type;
ctx->md_alg = md_alg;
- memcpy( ctx->input, input, input_len );
+ memcpy(ctx->input, input, input_len);
ctx->input_len = input_len;
ctx->remaining_delay = config_data->slots[slot].delay;
- mbedtls_ssl_set_async_operation_data( ssl, ctx );
+ mbedtls_ssl_set_async_operation_data(ssl, ctx);
- if( ctx->remaining_delay == 0 )
- return( 0 );
- else
- return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
+ if (ctx->remaining_delay == 0) {
+ return 0;
+ } else {
+ return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS;
+ }
}
-static int ssl_async_sign( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *cert,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash,
- size_t hash_len )
+static int ssl_async_sign(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *cert,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash,
+ size_t hash_len)
{
- return( ssl_async_start( ssl, cert,
- ASYNC_OP_SIGN, md_alg,
- hash, hash_len ) );
+ return ssl_async_start(ssl, cert,
+ ASYNC_OP_SIGN, md_alg,
+ hash, hash_len);
}
-static int ssl_async_decrypt( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *cert,
- const unsigned char *input,
- size_t input_len )
+static int ssl_async_decrypt(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *cert,
+ const unsigned char *input,
+ size_t input_len)
{
- return( ssl_async_start( ssl, cert,
- ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE,
- input, input_len ) );
+ return ssl_async_start(ssl, cert,
+ ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE,
+ input, input_len);
}
-static int ssl_async_resume( mbedtls_ssl_context *ssl,
- unsigned char *output,
- size_t *output_len,
- size_t output_size )
+static int ssl_async_resume(mbedtls_ssl_context *ssl,
+ unsigned char *output,
+ size_t *output_len,
+ size_t output_size)
{
- ssl_async_operation_context_t *ctx = mbedtls_ssl_get_async_operation_data( ssl );
+ ssl_async_operation_context_t *ctx = mbedtls_ssl_get_async_operation_data(ssl);
ssl_async_key_context_t *config_data =
- mbedtls_ssl_conf_get_async_config_data( ssl->conf );
+ mbedtls_ssl_conf_get_async_config_data(ssl->conf);
ssl_async_key_slot_t *key_slot = &config_data->slots[ctx->slot];
int ret;
const char *op_name;
- if( ctx->remaining_delay > 0 )
- {
+ if (ctx->remaining_delay > 0) {
--ctx->remaining_delay;
- mbedtls_printf( "Async resume (slot %u): call %u more times.\n",
- ctx->slot, ctx->remaining_delay );
- return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
+ mbedtls_printf("Async resume (slot %u): call %u more times.\n",
+ ctx->slot, ctx->remaining_delay);
+ return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS;
}
- switch( ctx->operation_type )
- {
+ switch (ctx->operation_type) {
case ASYNC_OP_DECRYPT:
- ret = mbedtls_pk_decrypt( key_slot->pk,
- ctx->input, ctx->input_len,
- output, output_len, output_size,
- config_data->f_rng, config_data->p_rng );
+ ret = mbedtls_pk_decrypt(key_slot->pk,
+ ctx->input, ctx->input_len,
+ output, output_len, output_size,
+ config_data->f_rng, config_data->p_rng);
break;
case ASYNC_OP_SIGN:
- ret = mbedtls_pk_sign( key_slot->pk,
- ctx->md_alg,
- ctx->input, ctx->input_len,
- output, output_len,
- config_data->f_rng, config_data->p_rng );
+ ret = mbedtls_pk_sign(key_slot->pk,
+ ctx->md_alg,
+ ctx->input, ctx->input_len,
+ output, output_len,
+ config_data->f_rng, config_data->p_rng);
break;
default:
- mbedtls_printf( "Async resume (slot %u): unknown operation type %ld. This shouldn't happen.\n",
- ctx->slot, (long) ctx->operation_type );
- mbedtls_free( ctx );
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+ mbedtls_printf(
+ "Async resume (slot %u): unknown operation type %ld. This shouldn't happen.\n",
+ ctx->slot,
+ (long) ctx->operation_type);
+ mbedtls_free(ctx);
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
break;
}
op_name = ssl_async_operation_names[ctx->operation_type];
- if( config_data->inject_error == SSL_ASYNC_INJECT_ERROR_RESUME )
- {
- mbedtls_printf( "Async resume callback: %s done but injected error\n",
- op_name );
- mbedtls_free( ctx );
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+ if (config_data->inject_error == SSL_ASYNC_INJECT_ERROR_RESUME) {
+ mbedtls_printf("Async resume callback: %s done but injected error\n",
+ op_name);
+ mbedtls_free(ctx);
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
- mbedtls_printf( "Async resume (slot %u): %s done, status=%d.\n",
- ctx->slot, op_name, ret );
- mbedtls_free( ctx );
- return( ret );
+ mbedtls_printf("Async resume (slot %u): %s done, status=%d.\n",
+ ctx->slot, op_name, ret);
+ mbedtls_free(ctx);
+ return ret;
}
-static void ssl_async_cancel( mbedtls_ssl_context *ssl )
+static void ssl_async_cancel(mbedtls_ssl_context *ssl)
{
- ssl_async_operation_context_t *ctx = mbedtls_ssl_get_async_operation_data( ssl );
- mbedtls_printf( "Async cancel callback.\n" );
- mbedtls_free( ctx );
+ ssl_async_operation_context_t *ctx = mbedtls_ssl_get_async_operation_data(ssl);
+ mbedtls_printf("Async cancel callback.\n");
+ mbedtls_free(ctx);
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-static psa_status_t psa_setup_psk_key_slot( psa_key_id_t *slot,
- psa_algorithm_t alg,
- unsigned char *psk,
- size_t psk_len )
+static psa_status_t psa_setup_psk_key_slot(psa_key_id_t *slot,
+ psa_algorithm_t alg,
+ unsigned char *psk,
+ size_t psk_len)
{
psa_status_t status;
psa_key_attributes_t key_attributes;
key_attributes = psa_key_attributes_init();
- psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &key_attributes, alg );
- psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE );
+ psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&key_attributes, alg);
+ psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE);
- status = psa_import_key( &key_attributes, psk, psk_len, slot );
- if( status != PSA_SUCCESS )
- {
- fprintf( stderr, "IMPORT\n" );
- return( status );
+ status = psa_import_key(&key_attributes, psk, psk_len, slot);
+ if (status != PSA_SUCCESS) {
+ fprintf(stderr, "IMPORT\n");
+ return status;
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-int report_cid_usage( mbedtls_ssl_context *ssl,
- const char *additional_description )
+int report_cid_usage(mbedtls_ssl_context *ssl,
+ const char *additional_description)
{
int ret;
- unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
+ unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];
size_t peer_cid_len;
int cid_negotiated;
- if( opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- return( 0 );
+ if (opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ return 0;
+ }
/* Check if the use of a CID has been negotiated */
- ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
- peer_cid, &peer_cid_len );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
- (unsigned int) -ret );
- return( ret );
+ ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated,
+ peer_cid, &peer_cid_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
+ (unsigned int) -ret);
+ return ret;
}
- if( cid_negotiated == MBEDTLS_SSL_CID_DISABLED )
- {
- if( opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED )
- {
- mbedtls_printf( "(%s) Use of Connection ID was not offered by client.\n",
- additional_description );
+ if (cid_negotiated == MBEDTLS_SSL_CID_DISABLED) {
+ if (opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED) {
+ mbedtls_printf("(%s) Use of Connection ID was not offered by client.\n",
+ additional_description);
}
- }
- else
- {
- size_t idx=0;
- mbedtls_printf( "(%s) Use of Connection ID has been negotiated.\n",
- additional_description );
- mbedtls_printf( "(%s) Peer CID (length %u Bytes): ",
- additional_description,
- (unsigned) peer_cid_len );
- while( idx < peer_cid_len )
- {
- mbedtls_printf( "%02x ", peer_cid[ idx ] );
+ } else {
+ size_t idx = 0;
+ mbedtls_printf("(%s) Use of Connection ID has been negotiated.\n",
+ additional_description);
+ mbedtls_printf("(%s) Peer CID (length %u Bytes): ",
+ additional_description,
+ (unsigned) peer_cid_len);
+ while (idx < peer_cid_len) {
+ mbedtls_printf("%02x ", peer_cid[idx]);
idx++;
}
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret = 0, len, written, frags, exchanges_left;
int query_config_ret = 0;
int version_suites[4][2];
io_ctx_t io_ctx;
- unsigned char* buf = 0;
+ unsigned char *buf = 0;
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t alg = 0;
@@ -1346,7 +1340,7 @@
#endif
#if defined(MBEDTLS_ECP_C)
mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
- const mbedtls_ecp_curve_info * curve_cur;
+ const mbedtls_ecp_curve_info *curve_cur;
#endif
#if defined(MBEDTLS_SSL_ALPN)
const char *alpn_list[ALPN_LIST_SIZE];
@@ -1374,107 +1368,106 @@
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
unsigned char eap_tls_keymaterial[16];
unsigned char eap_tls_iv[8];
- const char* eap_tls_label = "client EAP encryption";
+ const char *eap_tls_label = "client EAP encryption";
eap_tls_keys eap_tls_keying;
-#if defined( MBEDTLS_SSL_DTLS_SRTP )
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*! master keys and master salt for SRTP generated during handshake */
- unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
- const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp";
- dtls_srtp_keys dtls_srtp_keying;
- const mbedtls_ssl_srtp_profile default_profiles[] = {
- MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80,
- MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32,
- MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80,
- MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32,
- MBEDTLS_TLS_SRTP_UNSET
- };
+ unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
+ const char *dtls_srtp_label = "EXTRACTOR-dtls_srtp";
+ dtls_srtp_keys dtls_srtp_keying;
+ const mbedtls_ssl_srtp_profile default_profiles[] = {
+ MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80,
+ MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32,
+ MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80,
+ MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32,
+ MBEDTLS_TLS_SRTP_UNSET
+ };
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
- mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
+ mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
#if defined(MBEDTLS_MEMORY_DEBUG)
size_t current_heap_memory, peak_heap_memory, heap_blocks;
#endif /* MBEDTLS_MEMORY_DEBUG */
#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
#if defined(MBEDTLS_TEST_HOOKS)
- test_hooks_init( );
+ test_hooks_init();
#endif /* MBEDTLS_TEST_HOOKS */
/*
* Make sure memory references are valid in case we exit early.
*/
- mbedtls_net_init( &client_fd );
- mbedtls_net_init( &listen_fd );
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- rng_init( &rng );
+ mbedtls_net_init(&client_fd);
+ mbedtls_net_init(&listen_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ rng_init(&rng);
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- mbedtls_x509_crt_init( &cacert );
- mbedtls_x509_crt_init( &srvcert );
- mbedtls_pk_init( &pkey );
- mbedtls_x509_crt_init( &srvcert2 );
- mbedtls_pk_init( &pkey2 );
+ mbedtls_x509_crt_init(&cacert);
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_pk_init(&pkey);
+ mbedtls_x509_crt_init(&srvcert2);
+ mbedtls_pk_init(&pkey2);
#endif
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- memset( &ssl_async_keys, 0, sizeof( ssl_async_keys ) );
+ memset(&ssl_async_keys, 0, sizeof(ssl_async_keys));
#endif
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
- mbedtls_dhm_init( &dhm );
+ mbedtls_dhm_init(&dhm);
#endif
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_cache_init( &cache );
+ mbedtls_ssl_cache_init(&cache);
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
- mbedtls_ssl_ticket_init( &ticket_ctx );
+ mbedtls_ssl_ticket_init(&ticket_ctx);
#endif
#if defined(MBEDTLS_SSL_ALPN)
- memset( (void *) alpn_list, 0, sizeof( alpn_list ) );
+ memset((void *) alpn_list, 0, sizeof(alpn_list));
#endif
#if defined(MBEDTLS_SSL_COOKIE_C)
- mbedtls_ssl_cookie_init( &cookie_ctx );
+ mbedtls_ssl_cookie_init(&cookie_ctx);
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_crypto_init();
- if( status != PSA_SUCCESS )
- {
- mbedtls_fprintf( stderr, "Failed to initialize PSA Crypto implementation: %d\n",
- (int) status );
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto exit;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
- mbedtls_test_enable_insecure_external_rng( );
+ mbedtls_test_enable_insecure_external_rng();
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
#if !defined(_WIN32)
/* Abort cleanly on SIGTERM and SIGINT */
- signal( SIGTERM, term_handler );
- signal( SIGINT, term_handler );
+ signal(SIGTERM, term_handler);
+ signal(SIGINT, term_handler);
#endif
- if( argc == 0 )
- {
- usage:
- if( ret == 0 )
+ if (argc == 0) {
+usage:
+ if (ret == 0) {
ret = 1;
+ }
- mbedtls_printf( USAGE1 );
- mbedtls_printf( USAGE2 );
- mbedtls_printf( USAGE3 );
- mbedtls_printf( USAGE4 );
+ mbedtls_printf(USAGE1);
+ mbedtls_printf(USAGE2);
+ mbedtls_printf(USAGE3);
+ mbedtls_printf(USAGE4);
list = mbedtls_ssl_list_ciphersuites();
- while( *list )
- {
- mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name( *list ) );
+ while (*list) {
+ mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name(*list));
list++;
- if( !*list )
+ if (!*list) {
break;
- mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name( *list ) );
+ }
+ mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
list++;
}
mbedtls_printf("\n");
@@ -1517,7 +1510,7 @@
opt.psk_identity = DFL_PSK_IDENTITY;
opt.psk_list = DFL_PSK_LIST;
opt.ecjpake_pw = DFL_ECJPAKE_PW;
- opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
+ opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
opt.version_suites = DFL_VERSION_SUITES;
opt.renegotiation = DFL_RENEGOTIATION;
opt.allow_legacy = DFL_ALLOW_LEGACY;
@@ -1564,106 +1557,99 @@
opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
opt.support_mki = DFL_SRTP_SUPPORT_MKI;
- for( i = 1; i < argc; i++ )
- {
+ for (i = 1; i < argc; i++) {
p = argv[i];
- if( ( q = strchr( p, '=' ) ) == NULL )
+ if ((q = strchr(p, '=')) == NULL) {
goto usage;
+ }
*q++ = '\0';
- if( strcmp( p, "server_port" ) == 0 )
+ if (strcmp(p, "server_port") == 0) {
opt.server_port = q;
- else if( strcmp( p, "server_addr" ) == 0 )
+ } else if (strcmp(p, "server_addr") == 0) {
opt.server_addr = q;
- else if( strcmp( p, "dtls" ) == 0 )
- {
- int t = atoi( q );
- if( t == 0 )
+ } else if (strcmp(p, "dtls") == 0) {
+ int t = atoi(q);
+ if (t == 0) {
opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM;
- else if( t == 1 )
+ } else if (t == 1) {
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
- else
+ } else {
goto usage;
- }
- else if( strcmp( p, "debug_level" ) == 0 )
- {
- opt.debug_level = atoi( q );
- if( opt.debug_level < 0 || opt.debug_level > 65535 )
+ }
+ } else if (strcmp(p, "debug_level") == 0) {
+ opt.debug_level = atoi(q);
+ if (opt.debug_level < 0 || opt.debug_level > 65535) {
goto usage;
- }
- else if( strcmp( p, "build_version" ) == 0 )
- {
- if( strcmp( q, "1" ) == 0 )
- {
- mbedtls_printf( "build version: %s (build %d)\n",
- MBEDTLS_VERSION_STRING_FULL,
- MBEDTLS_VERSION_NUMBER );
+ }
+ } else if (strcmp(p, "build_version") == 0) {
+ if (strcmp(q, "1") == 0) {
+ mbedtls_printf("build version: %s (build %d)\n",
+ MBEDTLS_VERSION_STRING_FULL,
+ MBEDTLS_VERSION_NUMBER);
goto exit;
}
- }
- else if( strcmp( p, "nbio" ) == 0 )
- {
- opt.nbio = atoi( q );
- if( opt.nbio < 0 || opt.nbio > 2 )
+ } else if (strcmp(p, "nbio") == 0) {
+ opt.nbio = atoi(q);
+ if (opt.nbio < 0 || opt.nbio > 2) {
goto usage;
- }
- else if( strcmp( p, "event" ) == 0 )
- {
- opt.event = atoi( q );
- if( opt.event < 0 || opt.event > 2 )
+ }
+ } else if (strcmp(p, "event") == 0) {
+ opt.event = atoi(q);
+ if (opt.event < 0 || opt.event > 2) {
goto usage;
- }
- else if( strcmp( p, "read_timeout" ) == 0 )
- opt.read_timeout = atoi( q );
- else if( strcmp( p, "buffer_size" ) == 0 )
- {
- opt.buffer_size = atoi( q );
- if( opt.buffer_size < 1 || opt.buffer_size > MBEDTLS_SSL_MAX_CONTENT_LEN + 1 )
+ }
+ } else if (strcmp(p, "read_timeout") == 0) {
+ opt.read_timeout = atoi(q);
+ } else if (strcmp(p, "buffer_size") == 0) {
+ opt.buffer_size = atoi(q);
+ if (opt.buffer_size < 1 || opt.buffer_size > MBEDTLS_SSL_MAX_CONTENT_LEN + 1) {
goto usage;
- }
- else if( strcmp( p, "response_size" ) == 0 )
- {
- opt.response_size = atoi( q );
- if( opt.response_size < 0 || opt.response_size > MBEDTLS_SSL_MAX_CONTENT_LEN )
+ }
+ } else if (strcmp(p, "response_size") == 0) {
+ opt.response_size = atoi(q);
+ if (opt.response_size < 0 || opt.response_size > MBEDTLS_SSL_MAX_CONTENT_LEN) {
goto usage;
- if( opt.buffer_size < opt.response_size )
+ }
+ if (opt.buffer_size < opt.response_size) {
opt.buffer_size = opt.response_size;
- }
- else if( strcmp( p, "ca_file" ) == 0 )
+ }
+ } else if (strcmp(p, "ca_file") == 0) {
opt.ca_file = q;
- else if( strcmp( p, "ca_path" ) == 0 )
+ } else if (strcmp(p, "ca_path") == 0) {
opt.ca_path = q;
- else if( strcmp( p, "crt_file" ) == 0 )
+ } else if (strcmp(p, "crt_file") == 0) {
opt.crt_file = q;
- else if( strcmp( p, "key_file" ) == 0 )
+ } else if (strcmp(p, "key_file") == 0) {
opt.key_file = q;
- else if( strcmp( p, "key_pwd" ) == 0 )
+ } else if (strcmp(p, "key_pwd") == 0) {
opt.key_pwd = q;
+ }
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- else if( strcmp( p, "key_opaque" ) == 0 )
- opt.key_opaque = atoi( q );
+ else if (strcmp(p, "key_opaque") == 0) {
+ opt.key_opaque = atoi(q);
+ }
#endif
- else if( strcmp( p, "crt_file2" ) == 0 )
+ else if (strcmp(p, "crt_file2") == 0) {
opt.crt_file2 = q;
- else if( strcmp( p, "key_file2" ) == 0 )
+ } else if (strcmp(p, "key_file2") == 0) {
opt.key_file2 = q;
- else if( strcmp( p, "key_pwd2" ) == 0 )
+ } else if (strcmp(p, "key_pwd2") == 0) {
opt.key_pwd2 = q;
- else if( strcmp( p, "dhm_file" ) == 0 )
+ } else if (strcmp(p, "dhm_file") == 0) {
opt.dhm_file = q;
+ }
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- else if( strcmp( p, "async_operations" ) == 0 )
+ else if (strcmp(p, "async_operations") == 0) {
opt.async_operations = q;
- else if( strcmp( p, "async_private_delay1" ) == 0 )
- opt.async_private_delay1 = atoi( q );
- else if( strcmp( p, "async_private_delay2" ) == 0 )
- opt.async_private_delay2 = atoi( q );
- else if( strcmp( p, "async_private_error" ) == 0 )
- {
- int n = atoi( q );
- if( n < -SSL_ASYNC_INJECT_ERROR_MAX ||
- n > SSL_ASYNC_INJECT_ERROR_MAX )
- {
+ } else if (strcmp(p, "async_private_delay1") == 0) {
+ opt.async_private_delay1 = atoi(q);
+ } else if (strcmp(p, "async_private_delay2") == 0) {
+ opt.async_private_delay2 = atoi(q);
+ } else if (strcmp(p, "async_private_error") == 0) {
+ int n = atoi(q);
+ if (n < -SSL_ASYNC_INJECT_ERROR_MAX ||
+ n > SSL_ASYNC_INJECT_ERROR_MAX) {
ret = 2;
goto usage;
}
@@ -1671,70 +1657,61 @@
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- else if( strcmp( p, "cid" ) == 0 )
- {
- opt.cid_enabled = atoi( q );
- if( opt.cid_enabled != 0 && opt.cid_enabled != 1 )
+ else if (strcmp(p, "cid") == 0) {
+ opt.cid_enabled = atoi(q);
+ if (opt.cid_enabled != 0 && opt.cid_enabled != 1) {
goto usage;
- }
- else if( strcmp( p, "cid_renego" ) == 0 )
- {
- opt.cid_enabled_renego = atoi( q );
- if( opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1 )
+ }
+ } else if (strcmp(p, "cid_renego") == 0) {
+ opt.cid_enabled_renego = atoi(q);
+ if (opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1) {
goto usage;
- }
- else if( strcmp( p, "cid_val" ) == 0 )
- {
+ }
+ } else if (strcmp(p, "cid_val") == 0) {
opt.cid_val = q;
- }
- else if( strcmp( p, "cid_val_renego" ) == 0 )
- {
+ } else if (strcmp(p, "cid_val_renego") == 0) {
opt.cid_val_renego = q;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- else if( strcmp( p, "psk" ) == 0 )
+ else if (strcmp(p, "psk") == 0) {
opt.psk = q;
+ }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- else if( strcmp( p, "psk_opaque" ) == 0 )
- opt.psk_opaque = atoi( q );
- else if( strcmp( p, "psk_list_opaque" ) == 0 )
- opt.psk_list_opaque = atoi( q );
+ else if (strcmp(p, "psk_opaque") == 0) {
+ opt.psk_opaque = atoi(q);
+ } else if (strcmp(p, "psk_list_opaque") == 0) {
+ opt.psk_list_opaque = atoi(q);
+ }
#endif
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
- else if( strcmp( p, "ca_callback" ) == 0)
- opt.ca_callback = atoi( q );
+ else if (strcmp(p, "ca_callback") == 0) {
+ opt.ca_callback = atoi(q);
+ }
#endif
- else if( strcmp( p, "psk_identity" ) == 0 )
+ else if (strcmp(p, "psk_identity") == 0) {
opt.psk_identity = q;
- else if( strcmp( p, "psk_list" ) == 0 )
+ } else if (strcmp(p, "psk_list") == 0) {
opt.psk_list = q;
- else if( strcmp( p, "ecjpake_pw" ) == 0 )
+ } else if (strcmp(p, "ecjpake_pw") == 0) {
opt.ecjpake_pw = q;
- else if( strcmp( p, "force_ciphersuite" ) == 0 )
- {
- opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
+ } else if (strcmp(p, "force_ciphersuite") == 0) {
+ opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
- if( opt.force_ciphersuite[0] == 0 )
- {
+ if (opt.force_ciphersuite[0] == 0) {
ret = 2;
goto usage;
}
opt.force_ciphersuite[1] = 0;
- }
- else if( strcmp( p, "curves" ) == 0 )
+ } else if (strcmp(p, "curves") == 0) {
opt.curves = q;
- else if( strcmp( p, "version_suites" ) == 0 )
+ } else if (strcmp(p, "version_suites") == 0) {
opt.version_suites = q;
- else if( strcmp( p, "renegotiation" ) == 0 )
- {
- opt.renegotiation = (atoi( q )) ?
- MBEDTLS_SSL_RENEGOTIATION_ENABLED :
- MBEDTLS_SSL_RENEGOTIATION_DISABLED;
- }
- else if( strcmp( p, "allow_legacy" ) == 0 )
- {
- switch( atoi( q ) )
- {
+ } else if (strcmp(p, "renegotiation") == 0) {
+ opt.renegotiation = (atoi(q)) ?
+ MBEDTLS_SSL_RENEGOTIATION_ENABLED :
+ MBEDTLS_SSL_RENEGOTIATION_DISABLED;
+ } else if (strcmp(p, "allow_legacy") == 0) {
+ switch (atoi(q)) {
case -1:
opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE;
break;
@@ -1746,160 +1723,124 @@
break;
default: goto usage;
}
- }
- else if( strcmp( p, "renegotiate" ) == 0 )
- {
- opt.renegotiate = atoi( q );
- if( opt.renegotiate < 0 || opt.renegotiate > 1 )
+ } else if (strcmp(p, "renegotiate") == 0) {
+ opt.renegotiate = atoi(q);
+ if (opt.renegotiate < 0 || opt.renegotiate > 1) {
goto usage;
- }
- else if( strcmp( p, "renego_delay" ) == 0 )
- {
- opt.renego_delay = atoi( q );
- }
- else if( strcmp( p, "renego_period" ) == 0 )
- {
+ }
+ } else if (strcmp(p, "renego_delay") == 0) {
+ opt.renego_delay = atoi(q);
+ } else if (strcmp(p, "renego_period") == 0) {
#if defined(_MSC_VER)
- opt.renego_period = _strtoui64( q, NULL, 10 );
+ opt.renego_period = _strtoui64(q, NULL, 10);
#else
- if( sscanf( q, "%" SCNu64, &opt.renego_period ) != 1 )
+ if (sscanf(q, "%" SCNu64, &opt.renego_period) != 1) {
goto usage;
+ }
#endif /* _MSC_VER */
- if( opt.renego_period < 2 )
+ if (opt.renego_period < 2) {
goto usage;
- }
- else if( strcmp( p, "exchanges" ) == 0 )
- {
- opt.exchanges = atoi( q );
- if( opt.exchanges < 0 )
+ }
+ } else if (strcmp(p, "exchanges") == 0) {
+ opt.exchanges = atoi(q);
+ if (opt.exchanges < 0) {
goto usage;
- }
- else if( strcmp( p, "min_version" ) == 0 )
- {
- if( strcmp( q, "ssl3" ) == 0 )
+ }
+ } else if (strcmp(p, "min_version") == 0) {
+ if (strcmp(q, "ssl3") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
- else if( strcmp( q, "tls1" ) == 0 )
+ } else if (strcmp(q, "tls1") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
- else if( strcmp( q, "tls1_1" ) == 0 ||
- strcmp( q, "dtls1" ) == 0 )
+ } else if (strcmp(q, "tls1_1") == 0 ||
+ strcmp(q, "dtls1") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
- else if( strcmp( q, "tls12" ) == 0 ||
- strcmp( q, "dtls12" ) == 0 )
+ } else if (strcmp(q, "tls12") == 0 ||
+ strcmp(q, "dtls12") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
- else
+ } else {
goto usage;
- }
- else if( strcmp( p, "max_version" ) == 0 )
- {
- if( strcmp( q, "ssl3" ) == 0 )
+ }
+ } else if (strcmp(p, "max_version") == 0) {
+ if (strcmp(q, "ssl3") == 0) {
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
- else if( strcmp( q, "tls1" ) == 0 )
+ } else if (strcmp(q, "tls1") == 0) {
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
- else if( strcmp( q, "tls1_1" ) == 0 ||
- strcmp( q, "dtls1" ) == 0 )
+ } else if (strcmp(q, "tls1_1") == 0 ||
+ strcmp(q, "dtls1") == 0) {
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
- else if( strcmp( q, "tls12" ) == 0 ||
- strcmp( q, "dtls12" ) == 0 )
+ } else if (strcmp(q, "tls12") == 0 ||
+ strcmp(q, "dtls12") == 0) {
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
- else
+ } else {
goto usage;
- }
- else if( strcmp( p, "arc4" ) == 0 )
- {
- switch( atoi( q ) )
- {
+ }
+ } else if (strcmp(p, "arc4") == 0) {
+ switch (atoi(q)) {
case 0: opt.arc4 = MBEDTLS_SSL_ARC4_DISABLED; break;
case 1: opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED; break;
default: goto usage;
}
- }
- else if( strcmp( p, "allow_sha1" ) == 0 )
- {
- switch( atoi( q ) )
- {
+ } else if (strcmp(p, "allow_sha1") == 0) {
+ switch (atoi(q)) {
case 0: opt.allow_sha1 = 0; break;
case 1: opt.allow_sha1 = 1; break;
default: goto usage;
}
- }
- else if( strcmp( p, "force_version" ) == 0 )
- {
- if( strcmp( q, "ssl3" ) == 0 )
- {
+ } else if (strcmp(p, "force_version") == 0) {
+ if (strcmp(q, "ssl3") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
- }
- else if( strcmp( q, "tls1" ) == 0 )
- {
+ } else if (strcmp(q, "tls1") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
- }
- else if( strcmp( q, "tls1_1" ) == 0 )
- {
+ } else if (strcmp(q, "tls1_1") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
- }
- else if( strcmp( q, "tls12" ) == 0 )
- {
+ } else if (strcmp(q, "tls12") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
- }
- else if( strcmp( q, "dtls1" ) == 0 )
- {
+ } else if (strcmp(q, "dtls1") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
- }
- else if( strcmp( q, "dtls12" ) == 0 )
- {
+ } else if (strcmp(q, "dtls12") == 0) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
+ } else {
+ goto usage;
}
- else
+ } else if (strcmp(p, "auth_mode") == 0) {
+ if ((opt.auth_mode = get_auth_mode(q)) < 0) {
goto usage;
- }
- else if( strcmp( p, "auth_mode" ) == 0 )
- {
- if( ( opt.auth_mode = get_auth_mode( q ) ) < 0 )
+ }
+ } else if (strcmp(p, "cert_req_ca_list") == 0) {
+ opt.cert_req_ca_list = atoi(q);
+ if (opt.cert_req_ca_list < 0 || opt.cert_req_ca_list > 1) {
goto usage;
- }
- else if( strcmp( p, "cert_req_ca_list" ) == 0 )
- {
- opt.cert_req_ca_list = atoi( q );
- if( opt.cert_req_ca_list < 0 || opt.cert_req_ca_list > 1 )
- goto usage;
- }
- else if( strcmp( p, "max_frag_len" ) == 0 )
- {
- if( strcmp( q, "512" ) == 0 )
+ }
+ } else if (strcmp(p, "max_frag_len") == 0) {
+ if (strcmp(q, "512") == 0) {
opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
- else if( strcmp( q, "1024" ) == 0 )
+ } else if (strcmp(q, "1024") == 0) {
opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024;
- else if( strcmp( q, "2048" ) == 0 )
+ } else if (strcmp(q, "2048") == 0) {
opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048;
- else if( strcmp( q, "4096" ) == 0 )
+ } else if (strcmp(q, "4096") == 0) {
opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096;
- else
+ } else {
goto usage;
- }
- else if( strcmp( p, "alpn" ) == 0 )
- {
+ }
+ } else if (strcmp(p, "alpn") == 0) {
opt.alpn_string = q;
- }
- else if( strcmp( p, "trunc_hmac" ) == 0 )
- {
- switch( atoi( q ) )
- {
+ } else if (strcmp(p, "trunc_hmac") == 0) {
+ switch (atoi(q)) {
case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break;
case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break;
default: goto usage;
}
- }
- else if( strcmp( p, "extended_ms" ) == 0 )
- {
- switch( atoi( q ) )
- {
+ } else if (strcmp(p, "extended_ms") == 0) {
+ switch (atoi(q)) {
case 0:
opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED;
break;
@@ -1908,158 +1849,125 @@
break;
default: goto usage;
}
- }
- else if( strcmp( p, "etm" ) == 0 )
- {
- switch( atoi( q ) )
- {
+ } else if (strcmp(p, "etm") == 0) {
+ switch (atoi(q)) {
case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break;
case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break;
default: goto usage;
}
- }
- else if( strcmp( p, "tickets" ) == 0 )
- {
- opt.tickets = atoi( q );
- if( opt.tickets < 0 || opt.tickets > 1 )
+ } else if (strcmp(p, "tickets") == 0) {
+ opt.tickets = atoi(q);
+ if (opt.tickets < 0 || opt.tickets > 1) {
goto usage;
- }
- else if( strcmp( p, "ticket_timeout" ) == 0 )
- {
- opt.ticket_timeout = atoi( q );
- if( opt.ticket_timeout < 0 )
+ }
+ } else if (strcmp(p, "ticket_timeout") == 0) {
+ opt.ticket_timeout = atoi(q);
+ if (opt.ticket_timeout < 0) {
goto usage;
- }
- else if( strcmp( p, "cache_max" ) == 0 )
- {
- opt.cache_max = atoi( q );
- if( opt.cache_max < 0 )
- goto usage;
- }
-#if defined(MBEDTLS_HAVE_TIME)
- else if( strcmp( p, "cache_timeout" ) == 0 )
- {
- opt.cache_timeout = atoi( q );
- if( opt.cache_timeout < 0 )
- goto usage;
- }
-#endif
- else if( strcmp( p, "cookies" ) == 0 )
- {
- opt.cookies = atoi( q );
- if( opt.cookies < -1 || opt.cookies > 1)
- goto usage;
- }
- else if( strcmp( p, "anti_replay" ) == 0 )
- {
- opt.anti_replay = atoi( q );
- if( opt.anti_replay < 0 || opt.anti_replay > 1)
- goto usage;
- }
- else if( strcmp( p, "badmac_limit" ) == 0 )
- {
- opt.badmac_limit = atoi( q );
- if( opt.badmac_limit < 0 )
- goto usage;
- }
- else if( strcmp( p, "hs_timeout" ) == 0 )
- {
- if( ( p = strchr( q, '-' ) ) == NULL )
- goto usage;
- *p++ = '\0';
- opt.hs_to_min = atoi( q );
- opt.hs_to_max = atoi( p );
- if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
- goto usage;
- }
- else if( strcmp( p, "mtu" ) == 0 )
- {
- opt.dtls_mtu = atoi( q );
- if( opt.dtls_mtu < 0 )
- goto usage;
- }
- else if( strcmp( p, "dgram_packing" ) == 0 )
- {
- opt.dgram_packing = atoi( q );
- if( opt.dgram_packing != 0 &&
- opt.dgram_packing != 1 )
- {
+ }
+ } else if (strcmp(p, "cache_max") == 0) {
+ opt.cache_max = atoi(q);
+ if (opt.cache_max < 0) {
goto usage;
}
}
- else if( strcmp( p, "sni" ) == 0 )
- {
+#if defined(MBEDTLS_HAVE_TIME)
+ else if (strcmp(p, "cache_timeout") == 0) {
+ opt.cache_timeout = atoi(q);
+ if (opt.cache_timeout < 0) {
+ goto usage;
+ }
+ }
+#endif
+ else if (strcmp(p, "cookies") == 0) {
+ opt.cookies = atoi(q);
+ if (opt.cookies < -1 || opt.cookies > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "anti_replay") == 0) {
+ opt.anti_replay = atoi(q);
+ if (opt.anti_replay < 0 || opt.anti_replay > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "badmac_limit") == 0) {
+ opt.badmac_limit = atoi(q);
+ if (opt.badmac_limit < 0) {
+ goto usage;
+ }
+ } else if (strcmp(p, "hs_timeout") == 0) {
+ if ((p = strchr(q, '-')) == NULL) {
+ goto usage;
+ }
+ *p++ = '\0';
+ opt.hs_to_min = atoi(q);
+ opt.hs_to_max = atoi(p);
+ if (opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min) {
+ goto usage;
+ }
+ } else if (strcmp(p, "mtu") == 0) {
+ opt.dtls_mtu = atoi(q);
+ if (opt.dtls_mtu < 0) {
+ goto usage;
+ }
+ } else if (strcmp(p, "dgram_packing") == 0) {
+ opt.dgram_packing = atoi(q);
+ if (opt.dgram_packing != 0 &&
+ opt.dgram_packing != 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "sni") == 0) {
opt.sni = q;
- }
- else if( strcmp( p, "query_config" ) == 0 )
- {
+ } else if (strcmp(p, "query_config") == 0) {
opt.query_config_mode = 1;
- query_config_ret = query_config( q );
+ query_config_ret = query_config(q);
goto exit;
- }
- else if( strcmp( p, "serialize") == 0 )
- {
- opt.serialize = atoi( q );
- if( opt.serialize < 0 || opt.serialize > 2)
+ } else if (strcmp(p, "serialize") == 0) {
+ opt.serialize = atoi(q);
+ if (opt.serialize < 0 || opt.serialize > 2) {
goto usage;
- }
- else if( strcmp( p, "context_file") == 0 )
- {
+ }
+ } else if (strcmp(p, "context_file") == 0) {
opt.context_file = q;
- }
- else if( strcmp( p, "eap_tls" ) == 0 )
- {
- opt.eap_tls = atoi( q );
- if( opt.eap_tls < 0 || opt.eap_tls > 1 )
+ } else if (strcmp(p, "eap_tls") == 0) {
+ opt.eap_tls = atoi(q);
+ if (opt.eap_tls < 0 || opt.eap_tls > 1) {
goto usage;
- }
- else if( strcmp( p, "reproducible" ) == 0 )
- {
+ }
+ } else if (strcmp(p, "reproducible") == 0) {
opt.reproducible = 1;
- }
- else if( strcmp( p, "nss_keylog" ) == 0 )
- {
- opt.nss_keylog = atoi( q );
- if( opt.nss_keylog < 0 || opt.nss_keylog > 1 )
+ } else if (strcmp(p, "nss_keylog") == 0) {
+ opt.nss_keylog = atoi(q);
+ if (opt.nss_keylog < 0 || opt.nss_keylog > 1) {
goto usage;
- }
- else if( strcmp( p, "nss_keylog_file" ) == 0 )
- {
+ }
+ } else if (strcmp(p, "nss_keylog_file") == 0) {
opt.nss_keylog_file = q;
- }
- else if( strcmp( p, "use_srtp" ) == 0 )
- {
- opt.use_srtp = atoi ( q );
- }
- else if( strcmp( p, "srtp_force_profile" ) == 0 )
- {
- opt.force_srtp_profile = atoi( q );
- }
- else if( strcmp( p, "support_mki" ) == 0 )
- {
- opt.support_mki = atoi( q );
- }
- else
+ } else if (strcmp(p, "use_srtp") == 0) {
+ opt.use_srtp = atoi(q);
+ } else if (strcmp(p, "srtp_force_profile") == 0) {
+ opt.force_srtp_profile = atoi(q);
+ } else if (strcmp(p, "support_mki") == 0) {
+ opt.support_mki = atoi(q);
+ } else {
goto usage;
+ }
}
- if( opt.nss_keylog != 0 && opt.eap_tls != 0 )
- {
- mbedtls_printf( "Error: eap_tls and nss_keylog options cannot be used together.\n" );
+ if (opt.nss_keylog != 0 && opt.eap_tls != 0) {
+ mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n");
goto usage;
}
/* Event-driven IO is incompatible with the above custom
* receive and send functions, as the polling builds on
* refers to the underlying net_context. */
- if( opt.event == 1 && opt.nbio != 1 )
- {
- mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" );
+ if (opt.event == 1 && opt.nbio != 1) {
+ mbedtls_printf("Warning: event-driven IO mandates nbio=1 - overwrite\n");
opt.nbio = 1;
}
#if defined(MBEDTLS_DEBUG_C)
- mbedtls_debug_set_threshold( opt.debug_level );
+ mbedtls_debug_set_threshold(opt.debug_level);
#endif
/* buf will alternatively contain the input read from the client and the
@@ -2067,102 +1975,89 @@
size_t buf_content_size = opt.buffer_size;
/* The default response contains the ciphersuite name. Leave enough
* room for that plus some margin. */
- if( buf_content_size < strlen( HTTP_RESPONSE ) + 80 )
- {
- buf_content_size = strlen( HTTP_RESPONSE ) + 80;
+ if (buf_content_size < strlen(HTTP_RESPONSE) + 80) {
+ buf_content_size = strlen(HTTP_RESPONSE) + 80;
}
- if( opt.response_size != DFL_RESPONSE_SIZE &&
- buf_content_size < (size_t) opt.response_size )
- {
+ if (opt.response_size != DFL_RESPONSE_SIZE &&
+ buf_content_size < (size_t) opt.response_size) {
buf_content_size = opt.response_size;
}
- buf = mbedtls_calloc( 1, buf_content_size + 1 );
- if( buf == NULL )
- {
- mbedtls_printf( "Could not allocate %lu bytes\n",
- (unsigned long) buf_content_size + 1 );
+ buf = mbedtls_calloc(1, buf_content_size + 1);
+ if (buf == NULL) {
+ mbedtls_printf("Could not allocate %lu bytes\n",
+ (unsigned long) buf_content_size + 1);
ret = 3;
goto exit;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( opt.psk_opaque != 0 )
- {
- if( strlen( opt.psk ) == 0 )
- {
- mbedtls_printf( "psk_opaque set but no psk to be imported specified.\n" );
+ if (opt.psk_opaque != 0) {
+ if (strlen(opt.psk) == 0) {
+ mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
ret = 2;
goto usage;
}
- if( opt.force_ciphersuite[0] <= 0 )
- {
- mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
+ if (opt.force_ciphersuite[0] <= 0) {
+ mbedtls_printf(
+ "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n");
ret = 2;
goto usage;
}
}
- if( opt.psk_list_opaque != 0 )
- {
- if( opt.psk_list == NULL )
- {
- mbedtls_printf( "psk_slot set but no psk to be imported specified.\n" );
+ if (opt.psk_list_opaque != 0) {
+ if (opt.psk_list == NULL) {
+ mbedtls_printf("psk_slot set but no psk to be imported specified.\n");
ret = 2;
goto usage;
}
- if( opt.force_ciphersuite[0] <= 0 )
- {
- mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
+ if (opt.force_ciphersuite[0] <= 0) {
+ mbedtls_printf(
+ "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n");
ret = 2;
goto usage;
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( opt.force_ciphersuite[0] > 0 )
- {
+ if (opt.force_ciphersuite[0] > 0) {
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
ciphersuite_info =
- mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
+ mbedtls_ssl_ciphersuite_from_id(opt.force_ciphersuite[0]);
- if( opt.max_version != -1 &&
- ciphersuite_info->min_minor_ver > opt.max_version )
- {
- mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
+ if (opt.max_version != -1 &&
+ ciphersuite_info->min_minor_ver > opt.max_version) {
+ mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
ret = 2;
goto usage;
}
- if( opt.min_version != -1 &&
- ciphersuite_info->max_minor_ver < opt.min_version )
- {
- mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
+ if (opt.min_version != -1 &&
+ ciphersuite_info->max_minor_ver < opt.min_version) {
+ mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
ret = 2;
goto usage;
}
/* If we select a version that's not supported by
* this suite, then there will be no common ciphersuite... */
- if( opt.max_version == -1 ||
- opt.max_version > ciphersuite_info->max_minor_ver )
- {
+ if (opt.max_version == -1 ||
+ opt.max_version > ciphersuite_info->max_minor_ver) {
opt.max_version = ciphersuite_info->max_minor_ver;
}
- if( opt.min_version < ciphersuite_info->min_minor_ver )
- {
+ if (opt.min_version < ciphersuite_info->min_minor_ver) {
opt.min_version = ciphersuite_info->min_minor_ver;
/* DTLS starts with TLS 1.1 */
- if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 )
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2) {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
+ }
}
/* Enable RC4 if needed and not explicitly disabled */
- if( ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
- {
- if( opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED )
- {
+ if (ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128) {
+ if (opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED) {
mbedtls_printf("forced RC4 ciphersuite with RC4 disabled\n");
ret = 2;
goto usage;
@@ -2173,55 +2068,51 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 )
- {
+ if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) {
/* Determine KDF algorithm the opaque PSK will be used in. */
#if defined(MBEDTLS_SHA512_C)
- if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+ if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
- else
+ } else
#endif /* MBEDTLS_SHA512_C */
- alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
+ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
- if( opt.version_suites != NULL )
- {
+ if (opt.version_suites != NULL) {
const char *name[4] = { 0 };
/* Parse 4-element coma-separated list */
- for( i = 0, p = (char *) opt.version_suites;
+ for (i = 0, p = (char *) opt.version_suites;
i < 4 && *p != '\0';
- i++ )
- {
+ i++) {
name[i] = p;
/* Terminate the current string and move on to next one */
- while( *p != ',' && *p != '\0' )
+ while (*p != ',' && *p != '\0') {
p++;
- if( *p == ',' )
+ }
+ if (*p == ',') {
*p++ = '\0';
+ }
}
- if( i != 4 )
- {
- mbedtls_printf( "too few values for version_suites\n" );
+ if (i != 4) {
+ mbedtls_printf("too few values for version_suites\n");
ret = 1;
goto exit;
}
- memset( version_suites, 0, sizeof( version_suites ) );
+ memset(version_suites, 0, sizeof(version_suites));
/* Get the suites identifiers from their name */
- for( i = 0; i < 4; i++ )
- {
- version_suites[i][0] = mbedtls_ssl_get_ciphersuite_id( name[i] );
+ for (i = 0; i < 4; i++) {
+ version_suites[i][0] = mbedtls_ssl_get_ciphersuite_id(name[i]);
- if( version_suites[i][0] == 0 )
- {
- mbedtls_printf( "unknown ciphersuite: '%s'\n", name[i] );
+ if (version_suites[i][0] == 0) {
+ mbedtls_printf("unknown ciphersuite: '%s'\n", name[i]);
ret = 2;
goto usage;
}
@@ -2229,24 +2120,24 @@
}
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if( mbedtls_test_unhexify( cid, sizeof( cid ),
- opt.cid_val, &cid_len ) != 0 )
- {
- mbedtls_printf( "CID not valid hex\n" );
+ if (mbedtls_test_unhexify(cid, sizeof(cid),
+ opt.cid_val, &cid_len) != 0) {
+ mbedtls_printf("CID not valid hex\n");
goto exit;
}
/* Keep CID settings for renegotiation unless
* specified otherwise. */
- if( opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO )
+ if (opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO) {
opt.cid_enabled_renego = opt.cid_enabled;
- if( opt.cid_val_renego == DFL_CID_VALUE_RENEGO )
+ }
+ if (opt.cid_val_renego == DFL_CID_VALUE_RENEGO) {
opt.cid_val_renego = opt.cid_val;
+ }
- if( mbedtls_test_unhexify( cid_renego, sizeof( cid_renego ),
- opt.cid_val_renego, &cid_renego_len ) != 0 )
- {
- mbedtls_printf( "CID not valid hex\n" );
+ if (mbedtls_test_unhexify(cid_renego, sizeof(cid_renego),
+ opt.cid_val_renego, &cid_renego_len) != 0) {
+ mbedtls_printf("CID not valid hex\n");
goto exit;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -2255,71 +2146,60 @@
/*
* Unhexify the pre-shared key and parse the list if any given
*/
- if( mbedtls_test_unhexify( psk, sizeof( psk ),
- opt.psk, &psk_len ) != 0 )
- {
- mbedtls_printf( "pre-shared key not valid hex\n" );
+ if (mbedtls_test_unhexify(psk, sizeof(psk),
+ opt.psk, &psk_len) != 0) {
+ mbedtls_printf("pre-shared key not valid hex\n");
goto exit;
}
- if( opt.psk_list != NULL )
- {
- if( ( psk_info = psk_parse( opt.psk_list ) ) == NULL )
- {
- mbedtls_printf( "psk_list invalid" );
+ if (opt.psk_list != NULL) {
+ if ((psk_info = psk_parse(opt.psk_list)) == NULL) {
+ mbedtls_printf("psk_list invalid");
goto exit;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_ECP_C)
- if( opt.curves != NULL )
- {
+ if (opt.curves != NULL) {
p = (char *) opt.curves;
i = 0;
- if( strcmp( p, "none" ) == 0 )
- {
+ if (strcmp(p, "none") == 0) {
curve_list[0] = MBEDTLS_ECP_DP_NONE;
- }
- else if( strcmp( p, "default" ) != 0 )
- {
+ } else if (strcmp(p, "default") != 0) {
/* Leave room for a final NULL in curve list */
- while( i < CURVE_LIST_SIZE - 1 && *p != '\0' )
- {
+ while (i < CURVE_LIST_SIZE - 1 && *p != '\0') {
q = p;
/* Terminate the current string */
- while( *p != ',' && *p != '\0' )
+ while (*p != ',' && *p != '\0') {
p++;
- if( *p == ',' )
- *p++ = '\0';
-
- if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL )
- {
- curve_list[i++] = curve_cur->grp_id;
}
- else
- {
- mbedtls_printf( "unknown curve %s\n", q );
- mbedtls_printf( "supported curves: " );
- for( curve_cur = mbedtls_ecp_curve_list();
+ if (*p == ',') {
+ *p++ = '\0';
+ }
+
+ if ((curve_cur = mbedtls_ecp_curve_info_from_name(q)) != NULL) {
+ curve_list[i++] = curve_cur->grp_id;
+ } else {
+ mbedtls_printf("unknown curve %s\n", q);
+ mbedtls_printf("supported curves: ");
+ for (curve_cur = mbedtls_ecp_curve_list();
curve_cur->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_cur++ )
- {
- mbedtls_printf( "%s ", curve_cur->name );
+ curve_cur++) {
+ mbedtls_printf("%s ", curve_cur->name);
}
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
goto exit;
}
}
- mbedtls_printf("Number of curves: %d\n", i );
+ mbedtls_printf("Number of curves: %d\n", i);
- if( i == CURVE_LIST_SIZE - 1 && *p != '\0' )
- {
- mbedtls_printf( "curves list too long, maximum %d",
- CURVE_LIST_SIZE - 1 );
+ if (i == CURVE_LIST_SIZE - 1 && *p != '\0') {
+ mbedtls_printf("curves list too long, maximum %d",
+ CURVE_LIST_SIZE - 1);
goto exit;
}
@@ -2329,202 +2209,186 @@
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_SSL_ALPN)
- if( opt.alpn_string != NULL )
- {
+ if (opt.alpn_string != NULL) {
p = (char *) opt.alpn_string;
i = 0;
/* Leave room for a final NULL in alpn_list */
- while( i < ALPN_LIST_SIZE - 1 && *p != '\0' )
- {
+ while (i < ALPN_LIST_SIZE - 1 && *p != '\0') {
alpn_list[i++] = p;
/* Terminate the current string and move on to next one */
- while( *p != ',' && *p != '\0' )
+ while (*p != ',' && *p != '\0') {
p++;
- if( *p == ',' )
+ }
+ if (*p == ',') {
*p++ = '\0';
+ }
}
}
#endif /* MBEDTLS_SSL_ALPN */
- mbedtls_printf( "build version: %s (build %d)\n",
- MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER );
+ mbedtls_printf("build version: %s (build %d)\n",
+ MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER);
/*
* 0. Initialize the RNG and the session data
*/
- mbedtls_printf( "\n . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
- ret = rng_seed( &rng, opt.reproducible, pers );
- if( ret != 0 )
+ ret = rng_seed(&rng, opt.reproducible, pers);
+ if (ret != 0) {
goto exit;
- mbedtls_printf( " ok\n" );
+ }
+ mbedtls_printf(" ok\n");
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
* 1.1. Load the trusted CA
*/
- mbedtls_printf( " . Loading the CA root certificate ..." );
- fflush( stdout );
+ mbedtls_printf(" . Loading the CA root certificate ...");
+ fflush(stdout);
- if( strcmp( opt.ca_path, "none" ) == 0 ||
- strcmp( opt.ca_file, "none" ) == 0 )
- {
+ if (strcmp(opt.ca_path, "none") == 0 ||
+ strcmp(opt.ca_file, "none") == 0) {
ret = 0;
- }
- else
+ } else
#if defined(MBEDTLS_FS_IO)
- if( strlen( opt.ca_path ) )
- ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
- else if( strlen( opt.ca_file ) )
- ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
- else
+ if (strlen(opt.ca_path)) {
+ ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path);
+ } else if (strlen(opt.ca_file)) {
+ ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file);
+ } else
#endif
#if defined(MBEDTLS_CERTS_C)
{
#if defined(MBEDTLS_PEM_PARSE_C)
- for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
- {
- ret = mbedtls_x509_crt_parse( &cacert,
- (const unsigned char *) mbedtls_test_cas[i],
- mbedtls_test_cas_len[i] );
- if( ret != 0 )
+ for (i = 0; mbedtls_test_cas[i] != NULL; i++) {
+ ret = mbedtls_x509_crt_parse(&cacert,
+ (const unsigned char *) mbedtls_test_cas[i],
+ mbedtls_test_cas_len[i]);
+ if (ret != 0) {
break;
+ }
}
#endif /* MBEDTLS_PEM_PARSE_C */
- if( ret == 0 )
- {
- for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
- {
- ret = mbedtls_x509_crt_parse_der( &cacert,
- (const unsigned char *) mbedtls_test_cas_der[i],
- mbedtls_test_cas_der_len[i] );
- if( ret != 0 )
+ if (ret == 0) {
+ for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) {
+ ret = mbedtls_x509_crt_parse_der(&cacert,
+ (const unsigned char *) mbedtls_test_cas_der[i],
+ mbedtls_test_cas_der_len[i]);
+ if (ret != 0) {
break;
+ }
}
}
}
#else
{
ret = 1;
- mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
+ mbedtls_printf("MBEDTLS_CERTS_C not defined.");
}
#endif /* MBEDTLS_CERTS_C */
- if( ret < 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( " ok (%d skipped)\n", ret );
+ mbedtls_printf(" ok (%d skipped)\n", ret);
/*
* 1.2. Load own certificate and private key
*/
- mbedtls_printf( " . Loading the server cert. and key..." );
- fflush( stdout );
+ mbedtls_printf(" . Loading the server cert. and key...");
+ fflush(stdout);
#if defined(MBEDTLS_FS_IO)
- if( strlen( opt.crt_file ) && strcmp( opt.crt_file, "none" ) != 0 )
- {
+ if (strlen(opt.crt_file) && strcmp(opt.crt_file, "none") != 0) {
key_cert_init++;
- if( ( ret = mbedtls_x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_x509_crt_parse_file(&srvcert, opt.crt_file)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
}
- if( strlen( opt.key_file ) && strcmp( opt.key_file, "none" ) != 0 )
- {
+ if (strlen(opt.key_file) && strcmp(opt.key_file, "none") != 0) {
key_cert_init++;
- if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file,
- opt.key_pwd ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", (unsigned int) -ret );
+ if ((ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file,
+ opt.key_pwd)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
}
- if( key_cert_init == 1 )
- {
- mbedtls_printf( " failed\n ! crt_file without key_file or vice-versa\n\n" );
+ if (key_cert_init == 1) {
+ mbedtls_printf(" failed\n ! crt_file without key_file or vice-versa\n\n");
goto exit;
}
- if( strlen( opt.crt_file2 ) && strcmp( opt.crt_file2, "none" ) != 0 )
- {
+ if (strlen(opt.crt_file2) && strcmp(opt.crt_file2, "none") != 0) {
key_cert_init2++;
- if( ( ret = mbedtls_x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file(2) returned -0x%x\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_x509_crt_parse_file(&srvcert2, opt.crt_file2)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file(2) returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
}
- if( strlen( opt.key_file2 ) && strcmp( opt.key_file2, "none" ) != 0 )
- {
+ if (strlen(opt.key_file2) && strcmp(opt.key_file2, "none") != 0) {
key_cert_init2++;
- if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2,
- opt.key_pwd2 ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_pk_parse_keyfile(&pkey2, opt.key_file2,
+ opt.key_pwd2)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
}
- if( key_cert_init2 == 1 )
- {
- mbedtls_printf( " failed\n ! crt_file2 without key_file2 or vice-versa\n\n" );
+ if (key_cert_init2 == 1) {
+ mbedtls_printf(" failed\n ! crt_file2 without key_file2 or vice-versa\n\n");
goto exit;
}
#endif
- if( key_cert_init == 0 &&
- strcmp( opt.crt_file, "none" ) != 0 &&
- strcmp( opt.key_file, "none" ) != 0 &&
+ if (key_cert_init == 0 &&
+ strcmp(opt.crt_file, "none") != 0 &&
+ strcmp(opt.key_file, "none") != 0 &&
key_cert_init2 == 0 &&
- strcmp( opt.crt_file2, "none" ) != 0 &&
- strcmp( opt.key_file2, "none" ) != 0 )
- {
+ strcmp(opt.crt_file2, "none") != 0 &&
+ strcmp(opt.key_file2, "none") != 0) {
#if !defined(MBEDTLS_CERTS_C)
- mbedtls_printf( "Not certificated or key provided, and \nMBEDTLS_CERTS_C not defined!\n" );
+ mbedtls_printf("Not certificated or key provided, and \nMBEDTLS_CERTS_C not defined!\n");
goto exit;
#else
#if defined(MBEDTLS_RSA_C)
- if( ( ret = mbedtls_x509_crt_parse( &srvcert,
- (const unsigned char *) mbedtls_test_srv_crt_rsa,
- mbedtls_test_srv_crt_rsa_len ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_x509_crt_parse(&srvcert,
+ (const unsigned char *) mbedtls_test_srv_crt_rsa,
+ mbedtls_test_srv_crt_rsa_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- if( ( ret = mbedtls_pk_parse_key( &pkey,
- (const unsigned char *) mbedtls_test_srv_key_rsa,
- mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_pk_parse_key(&pkey,
+ (const unsigned char *) mbedtls_test_srv_key_rsa,
+ mbedtls_test_srv_key_rsa_len, NULL, 0)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
key_cert_init = 2;
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECDSA_C)
- if( ( ret = mbedtls_x509_crt_parse( &srvcert2,
- (const unsigned char *) mbedtls_test_srv_crt_ec,
- mbedtls_test_srv_crt_ec_len ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_x509_crt_parse(&srvcert2,
+ (const unsigned char *) mbedtls_test_srv_crt_ec,
+ mbedtls_test_srv_crt_ec_len)) != 0) {
+ mbedtls_printf(" failed\n ! x509_crt_parse2 returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- if( ( ret = mbedtls_pk_parse_key( &pkey2,
- (const unsigned char *) mbedtls_test_srv_key_ec,
- mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_pk_parse_key(&pkey2,
+ (const unsigned char *) mbedtls_test_srv_key_ec,
+ mbedtls_test_srv_key_ec_len, NULL, 0)) != 0) {
+ mbedtls_printf(" failed\n ! pk_parse_key2 returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
key_cert_init2 = 2;
@@ -2532,26 +2396,23 @@
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( opt.key_opaque != 0 )
- {
- if ( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
- {
- if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
- PSA_ALG_ANY_HASH ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! "
- "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
+ if (opt.key_opaque != 0) {
+ if (mbedtls_pk_get_type(&pkey) == MBEDTLS_PK_ECKEY) {
+ if ((ret = mbedtls_pk_wrap_as_opaque(&pkey, &key_slot,
+ PSA_ALG_ANY_HASH)) != 0) {
+ mbedtls_printf(" failed\n ! "
+ "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
}
- if ( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY )
- {
- if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2,
- PSA_ALG_ANY_HASH ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! "
- "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
+ if (mbedtls_pk_get_type(&pkey2) == MBEDTLS_PK_ECKEY) {
+ if ((ret = mbedtls_pk_wrap_as_opaque(&pkey2, &key_slot2,
+ PSA_ALG_ANY_HASH)) != 0) {
+ mbedtls_printf(" failed\n ! "
+ "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
}
@@ -2559,73 +2420,70 @@
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_CERTS_C */
- mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) );
+ mbedtls_printf(" ok (key types: %s - %s)\n",
+ mbedtls_pk_get_name(&pkey),
+ mbedtls_pk_get_name(&pkey2));
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
- if( opt.dhm_file != NULL )
- {
- mbedtls_printf( " . Loading DHM parameters..." );
- fflush( stdout );
+ if (opt.dhm_file != NULL) {
+ mbedtls_printf(" . Loading DHM parameters...");
+ fflush(stdout);
- if( ( ret = mbedtls_dhm_parse_dhmfile( &dhm, opt.dhm_file ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_dhm_parse_dhmfile returned -0x%04X\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_dhm_parse_dhmfile(&dhm, opt.dhm_file)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_dhm_parse_dhmfile returned -0x%04X\n\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
}
#endif
#if defined(SNI_OPTION)
- if( opt.sni != NULL )
- {
- mbedtls_printf( " . Setting up SNI information..." );
- fflush( stdout );
+ if (opt.sni != NULL) {
+ mbedtls_printf(" . Setting up SNI information...");
+ fflush(stdout);
- if( ( sni_info = sni_parse( opt.sni ) ) == NULL )
- {
- mbedtls_printf( " failed\n" );
+ if ((sni_info = sni_parse(opt.sni)) == NULL) {
+ mbedtls_printf(" failed\n");
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
}
#endif /* SNI_OPTION */
/*
* 2. Setup the listening TCP socket
*/
- mbedtls_printf( " . Bind on %s://%s:%s/ ...",
- opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
- opt.server_addr ? opt.server_addr : "*",
- opt.server_port );
- fflush( stdout );
+ mbedtls_printf(" . Bind on %s://%s:%s/ ...",
+ opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
+ opt.server_addr ? opt.server_addr : "*",
+ opt.server_port);
+ fflush(stdout);
- if( ( ret = mbedtls_net_bind( &listen_fd, opt.server_addr, opt.server_port,
- opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
- MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_bind returned -0x%x\n\n", (unsigned int) -ret );
+ if ((ret = mbedtls_net_bind(&listen_fd, opt.server_addr, opt.server_port,
+ opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
+ MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_bind returned -0x%x\n\n", (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 3. Setup stuff
*/
- mbedtls_printf( " . Setting up the SSL/TLS structure..." );
- fflush( stdout );
+ mbedtls_printf(" . Setting up the SSL/TLS structure...");
+ fflush(stdout);
- if( ( ret = mbedtls_ssl_config_defaults( &conf,
- MBEDTLS_SSL_IS_SERVER,
- opt.transport,
- MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", (unsigned int) -ret );
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_SERVER,
+ opt.transport,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
@@ -2633,374 +2491,350 @@
/* The default algorithms profile disables SHA-1, but our tests still
rely on it heavily. Hence we allow it here. A real-world server
should use the default profile unless there is a good reason not to. */
- if( opt.allow_sha1 > 0 )
- {
- crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
- mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
- mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
+ if (opt.allow_sha1 > 0) {
+ crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1);
+ mbedtls_ssl_conf_cert_profile(&conf, &crt_profile_for_test);
+ mbedtls_ssl_conf_sig_hashes(&conf, ssl_sig_hashes_for_test);
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
- if( opt.auth_mode != DFL_AUTH_MODE )
- mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
+ if (opt.auth_mode != DFL_AUTH_MODE) {
+ mbedtls_ssl_conf_authmode(&conf, opt.auth_mode);
+ }
- if( opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST )
- mbedtls_ssl_conf_cert_req_ca_list( &conf, opt.cert_req_ca_list );
+ if (opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST) {
+ mbedtls_ssl_conf_cert_req_ca_list(&conf, opt.cert_req_ca_list);
+ }
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
- mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
+ if (opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX) {
+ mbedtls_ssl_conf_handshake_timeout(&conf, opt.hs_to_min, opt.hs_to_max);
+ }
- if( opt.dgram_packing != DFL_DGRAM_PACKING )
- mbedtls_ssl_set_datagram_packing( &ssl, opt.dgram_packing );
+ if (opt.dgram_packing != DFL_DGRAM_PACKING) {
+ mbedtls_ssl_set_datagram_packing(&ssl, opt.dgram_packing);
+ }
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_conf_max_frag_len(&conf, opt.mfl_code)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret);
goto exit;
}
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
- {
- if( opt.cid_enabled == 1 &&
+ if (opt.cid_enabled == 1 || opt.cid_enabled_renego == 1) {
+ if (opt.cid_enabled == 1 &&
opt.cid_enabled_renego == 1 &&
- cid_len != cid_renego_len )
- {
- mbedtls_printf( "CID length must not change during renegotiation\n" );
+ cid_len != cid_renego_len) {
+ mbedtls_printf("CID length must not change during renegotiation\n");
goto usage;
}
- if( opt.cid_enabled == 1 )
- ret = mbedtls_ssl_conf_cid( &conf, cid_len,
- MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
- else
- ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
- MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
+ if (opt.cid_enabled == 1) {
+ ret = mbedtls_ssl_conf_cid(&conf, cid_len,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE);
+ } else {
+ ret = mbedtls_ssl_conf_cid(&conf, cid_renego_len,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE);
+ }
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
- (unsigned int) -ret );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
+ (unsigned int) -ret);
goto exit;
}
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
- if( opt.use_srtp == 1 )
- {
- if( opt.force_srtp_profile != 0 )
- {
- ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile );
- }
- else
- {
- ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, default_profiles );
+ const mbedtls_ssl_srtp_profile forced_profile[] =
+ { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
+ if (opt.use_srtp == 1) {
+ if (opt.force_srtp_profile != 0) {
+ ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, forced_profile);
+ } else {
+ ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, default_profiles);
}
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", ret );
+ if (ret != 0) {
+ mbedtls_printf(
+ " failed\n ! mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n",
+ ret);
goto exit;
}
- mbedtls_ssl_conf_srtp_mki_value_supported( &conf,
- opt.support_mki ?
- MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED :
- MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED );
+ mbedtls_ssl_conf_srtp_mki_value_supported(&conf,
+ opt.support_mki ?
+ MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED :
+ MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED);
- }
- else if( opt.force_srtp_profile != 0 )
- {
- mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" );
+ } else if (opt.force_srtp_profile != 0) {
+ mbedtls_printf(" failed\n ! must enable use_srtp to force srtp profile\n\n");
goto exit;
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- if( opt.trunc_hmac != DFL_TRUNC_HMAC )
- mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
+ if (opt.trunc_hmac != DFL_TRUNC_HMAC) {
+ mbedtls_ssl_conf_truncated_hmac(&conf, opt.trunc_hmac);
+ }
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- if( opt.extended_ms != DFL_EXTENDED_MS )
- mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
+ if (opt.extended_ms != DFL_EXTENDED_MS) {
+ mbedtls_ssl_conf_extended_master_secret(&conf, opt.extended_ms);
+ }
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( opt.etm != DFL_ETM )
- mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
+ if (opt.etm != DFL_ETM) {
+ mbedtls_ssl_conf_encrypt_then_mac(&conf, opt.etm);
+ }
#endif
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
- if( opt.eap_tls != 0 )
- {
- mbedtls_ssl_conf_export_keys_ext_cb( &conf, eap_tls_key_derivation,
- &eap_tls_keying );
+ if (opt.eap_tls != 0) {
+ mbedtls_ssl_conf_export_keys_ext_cb(&conf, eap_tls_key_derivation,
+ &eap_tls_keying);
+ } else if (opt.nss_keylog != 0) {
+ mbedtls_ssl_conf_export_keys_ext_cb(&conf,
+ nss_keylog_export,
+ NULL);
}
- else if( opt.nss_keylog != 0 )
- {
- mbedtls_ssl_conf_export_keys_ext_cb( &conf,
- nss_keylog_export,
- NULL );
- }
-#if defined( MBEDTLS_SSL_DTLS_SRTP )
- else if( opt.use_srtp != 0 )
- {
- mbedtls_ssl_conf_export_keys_ext_cb( &conf, dtls_srtp_key_derivation,
- &dtls_srtp_keying );
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ else if (opt.use_srtp != 0) {
+ mbedtls_ssl_conf_export_keys_ext_cb(&conf, dtls_srtp_key_derivation,
+ &dtls_srtp_keying);
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_SSL_ALPN)
- if( opt.alpn_string != NULL )
- if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", ret );
+ if (opt.alpn_string != NULL) {
+ if ((ret = mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", ret);
goto exit;
}
+ }
#endif
- if (opt.reproducible)
- {
+ if (opt.reproducible) {
#if defined(MBEDTLS_HAVE_TIME)
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
- mbedtls_platform_set_time( dummy_constant_time );
+ mbedtls_platform_set_time(dummy_constant_time);
#else
- fprintf( stderr, "Warning: reproducible option used without constant time\n" );
+ fprintf(stderr, "Warning: reproducible option used without constant time\n");
#endif
#endif /* MBEDTLS_HAVE_TIME */
}
- mbedtls_ssl_conf_rng( &conf, rng_get, &rng );
- mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+ mbedtls_ssl_conf_rng(&conf, rng_get, &rng);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
#if defined(MBEDTLS_SSL_CACHE_C)
- if( opt.cache_max != -1 )
- mbedtls_ssl_cache_set_max_entries( &cache, opt.cache_max );
+ if (opt.cache_max != -1) {
+ mbedtls_ssl_cache_set_max_entries(&cache, opt.cache_max);
+ }
#if defined(MBEDTLS_HAVE_TIME)
- if( opt.cache_timeout != -1 )
- mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout );
+ if (opt.cache_timeout != -1) {
+ mbedtls_ssl_cache_set_timeout(&cache, opt.cache_timeout);
+ }
#endif
- mbedtls_ssl_conf_session_cache( &conf, &cache,
+ mbedtls_ssl_conf_session_cache(&conf, &cache,
mbedtls_ssl_cache_get,
- mbedtls_ssl_cache_set );
+ mbedtls_ssl_cache_set);
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
- if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED )
- {
- if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
- rng_get, &rng,
- MBEDTLS_CIPHER_AES_256_GCM,
- opt.ticket_timeout ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", ret );
+ if (opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED) {
+ if ((ret = mbedtls_ssl_ticket_setup(&ticket_ctx,
+ rng_get, &rng,
+ MBEDTLS_CIPHER_AES_256_GCM,
+ opt.ticket_timeout)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", ret);
goto exit;
}
- mbedtls_ssl_conf_session_tickets_cb( &conf,
- mbedtls_ssl_ticket_write,
- mbedtls_ssl_ticket_parse,
- &ticket_ctx );
+ mbedtls_ssl_conf_session_tickets_cb(&conf,
+ mbedtls_ssl_ticket_write,
+ mbedtls_ssl_ticket_parse,
+ &ticket_ctx);
}
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
#if defined(MBEDTLS_SSL_COOKIE_C)
- if( opt.cookies > 0 )
- {
- if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
- rng_get, &rng ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
+ if (opt.cookies > 0) {
+ if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx,
+ rng_get, &rng)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret);
goto exit;
}
- mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
- &cookie_ctx );
- }
- else
+ mbedtls_ssl_conf_dtls_cookies(&conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
+ &cookie_ctx);
+ } else
#endif /* MBEDTLS_SSL_COOKIE_C */
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
- if( opt.cookies == 0 )
- {
- mbedtls_ssl_conf_dtls_cookies( &conf, NULL, NULL, NULL );
- }
- else
+ if (opt.cookies == 0) {
+ mbedtls_ssl_conf_dtls_cookies(&conf, NULL, NULL, NULL);
+ } else
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
{
; /* Nothing to do */
}
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- if( opt.anti_replay != DFL_ANTI_REPLAY )
- mbedtls_ssl_conf_dtls_anti_replay( &conf, opt.anti_replay );
+ if (opt.anti_replay != DFL_ANTI_REPLAY) {
+ mbedtls_ssl_conf_dtls_anti_replay(&conf, opt.anti_replay);
+ }
#endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
- if( opt.badmac_limit != DFL_BADMAC_LIMIT )
- mbedtls_ssl_conf_dtls_badmac_limit( &conf, opt.badmac_limit );
+ if (opt.badmac_limit != DFL_BADMAC_LIMIT) {
+ mbedtls_ssl_conf_dtls_badmac_limit(&conf, opt.badmac_limit);
+ }
#endif
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
- mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
-
-#if defined(MBEDTLS_ARC4_C)
- if( opt.arc4 != DFL_ARC4 )
- mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 );
-#endif
-
- if( opt.version_suites != NULL )
- {
- mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[0],
- MBEDTLS_SSL_MAJOR_VERSION_3,
- MBEDTLS_SSL_MINOR_VERSION_0 );
- mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[1],
- MBEDTLS_SSL_MAJOR_VERSION_3,
- MBEDTLS_SSL_MINOR_VERSION_1 );
- mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[2],
- MBEDTLS_SSL_MAJOR_VERSION_3,
- MBEDTLS_SSL_MINOR_VERSION_2 );
- mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[3],
- MBEDTLS_SSL_MAJOR_VERSION_3,
- MBEDTLS_SSL_MINOR_VERSION_3 );
+ if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) {
+ mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite);
}
- if( opt.allow_legacy != DFL_ALLOW_LEGACY )
- mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
+#if defined(MBEDTLS_ARC4_C)
+ if (opt.arc4 != DFL_ARC4) {
+ mbedtls_ssl_conf_arc4_support(&conf, opt.arc4);
+ }
+#endif
+
+ if (opt.version_suites != NULL) {
+ mbedtls_ssl_conf_ciphersuites_for_version(&conf, version_suites[0],
+ MBEDTLS_SSL_MAJOR_VERSION_3,
+ MBEDTLS_SSL_MINOR_VERSION_0);
+ mbedtls_ssl_conf_ciphersuites_for_version(&conf, version_suites[1],
+ MBEDTLS_SSL_MAJOR_VERSION_3,
+ MBEDTLS_SSL_MINOR_VERSION_1);
+ mbedtls_ssl_conf_ciphersuites_for_version(&conf, version_suites[2],
+ MBEDTLS_SSL_MAJOR_VERSION_3,
+ MBEDTLS_SSL_MINOR_VERSION_2);
+ mbedtls_ssl_conf_ciphersuites_for_version(&conf, version_suites[3],
+ MBEDTLS_SSL_MAJOR_VERSION_3,
+ MBEDTLS_SSL_MINOR_VERSION_3);
+ }
+
+ if (opt.allow_legacy != DFL_ALLOW_LEGACY) {
+ mbedtls_ssl_conf_legacy_renegotiation(&conf, opt.allow_legacy);
+ }
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
+ mbedtls_ssl_conf_renegotiation(&conf, opt.renegotiation);
- if( opt.renego_delay != DFL_RENEGO_DELAY )
- mbedtls_ssl_conf_renegotiation_enforced( &conf, opt.renego_delay );
+ if (opt.renego_delay != DFL_RENEGO_DELAY) {
+ mbedtls_ssl_conf_renegotiation_enforced(&conf, opt.renego_delay);
+ }
- if( opt.renego_period != DFL_RENEGO_PERIOD )
- {
- PUT_UINT64_BE( renego_period, opt.renego_period, 0 );
- mbedtls_ssl_conf_renegotiation_period( &conf, renego_period );
+ if (opt.renego_period != DFL_RENEGO_PERIOD) {
+ PUT_UINT64_BE(renego_period, opt.renego_period, 0);
+ mbedtls_ssl_conf_renegotiation_period(&conf, renego_period);
}
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- if( strcmp( opt.ca_path, "none" ) != 0 &&
- strcmp( opt.ca_file, "none" ) != 0 )
- {
+ if (strcmp(opt.ca_path, "none") != 0 &&
+ strcmp(opt.ca_file, "none") != 0) {
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
- if( opt.ca_callback != 0 )
- mbedtls_ssl_conf_ca_cb( &conf, ca_callback, &cacert);
- else
+ if (opt.ca_callback != 0) {
+ mbedtls_ssl_conf_ca_cb(&conf, ca_callback, &cacert);
+ } else
#endif
- mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+ mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
}
- if( key_cert_init )
- {
+ if (key_cert_init) {
mbedtls_pk_context *pk = &pkey;
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- if( opt.async_private_delay1 >= 0 )
- {
- ret = ssl_async_set_key( &ssl_async_keys, &srvcert, pk, 0,
- opt.async_private_delay1 );
- if( ret < 0 )
- {
- mbedtls_printf( " Test error: ssl_async_set_key failed (%d)\n",
- ret );
+ if (opt.async_private_delay1 >= 0) {
+ ret = ssl_async_set_key(&ssl_async_keys, &srvcert, pk, 0,
+ opt.async_private_delay1);
+ if (ret < 0) {
+ mbedtls_printf(" Test error: ssl_async_set_key failed (%d)\n",
+ ret);
goto exit;
}
pk = NULL;
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
- if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, pk ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, pk)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
goto exit;
}
}
- if( key_cert_init2 )
- {
+ if (key_cert_init2) {
mbedtls_pk_context *pk = &pkey2;
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- if( opt.async_private_delay2 >= 0 )
- {
- ret = ssl_async_set_key( &ssl_async_keys, &srvcert2, pk, 0,
- opt.async_private_delay2 );
- if( ret < 0 )
- {
- mbedtls_printf( " Test error: ssl_async_set_key failed (%d)\n",
- ret );
+ if (opt.async_private_delay2 >= 0) {
+ ret = ssl_async_set_key(&ssl_async_keys, &srvcert2, pk, 0,
+ opt.async_private_delay2);
+ if (ret < 0) {
+ mbedtls_printf(" Test error: ssl_async_set_key failed (%d)\n",
+ ret);
goto exit;
}
pk = NULL;
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
- if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert2, pk ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert2, pk)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
goto exit;
}
}
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- if( opt.async_operations[0] != '-' )
- {
+ if (opt.async_operations[0] != '-') {
mbedtls_ssl_async_sign_t *sign = NULL;
mbedtls_ssl_async_decrypt_t *decrypt = NULL;
const char *r;
- for( r = opt.async_operations; *r; r++ )
- {
- switch( *r )
- {
- case 'd':
- decrypt = ssl_async_decrypt;
- break;
- case 's':
- sign = ssl_async_sign;
- break;
+ for (r = opt.async_operations; *r; r++) {
+ switch (*r) {
+ case 'd':
+ decrypt = ssl_async_decrypt;
+ break;
+ case 's':
+ sign = ssl_async_sign;
+ break;
}
}
- ssl_async_keys.inject_error = ( opt.async_private_error < 0 ?
- - opt.async_private_error :
- opt.async_private_error );
+ ssl_async_keys.inject_error = (opt.async_private_error < 0 ?
+ -opt.async_private_error :
+ opt.async_private_error);
ssl_async_keys.f_rng = rng_get;
ssl_async_keys.p_rng = &rng;
- mbedtls_ssl_conf_async_private_cb( &conf,
- sign,
- decrypt,
- ssl_async_resume,
- ssl_async_cancel,
- &ssl_async_keys );
+ mbedtls_ssl_conf_async_private_cb(&conf,
+ sign,
+ decrypt,
+ ssl_async_resume,
+ ssl_async_cancel,
+ &ssl_async_keys);
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(SNI_OPTION)
- if( opt.sni != NULL )
- {
- mbedtls_ssl_conf_sni( &conf, sni_callback, sni_info );
+ if (opt.sni != NULL) {
+ mbedtls_ssl_conf_sni(&conf, sni_callback, sni_info);
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- if( opt.async_private_delay2 >= 0 )
- {
+ if (opt.async_private_delay2 >= 0) {
sni_entry *cur;
- for( cur = sni_info; cur != NULL; cur = cur->next )
- {
- ret = ssl_async_set_key( &ssl_async_keys,
- cur->cert, cur->key, 1,
- opt.async_private_delay2 );
- if( ret < 0 )
- {
- mbedtls_printf( " Test error: ssl_async_set_key failed (%d)\n",
- ret );
+ for (cur = sni_info; cur != NULL; cur = cur->next) {
+ ret = ssl_async_set_key(&ssl_async_keys,
+ cur->cert, cur->key, 1,
+ opt.async_private_delay2);
+ if (ret < 0) {
+ mbedtls_printf(" Test error: ssl_async_set_key failed (%d)\n",
+ ret);
goto exit;
}
cur->key = NULL;
@@ -3011,66 +2845,55 @@
#endif
#if defined(MBEDTLS_ECP_C)
- if( opt.curves != NULL &&
- strcmp( opt.curves, "default" ) != 0 )
- {
- mbedtls_ssl_conf_curves( &conf, curve_list );
+ if (opt.curves != NULL &&
+ strcmp(opt.curves, "default") != 0) {
+ mbedtls_ssl_conf_curves(&conf, curve_list);
}
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
- {
+ if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( opt.psk_opaque != 0 )
- {
+ if (opt.psk_opaque != 0) {
/* The algorithm has already been determined earlier. */
- status = psa_setup_psk_key_slot( &psk_slot, alg, psk, psk_len );
- if( status != PSA_SUCCESS )
- {
- fprintf( stderr, "SETUP FAIL\n" );
+ status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len);
+ if (status != PSA_SUCCESS) {
+ fprintf(stderr, "SETUP FAIL\n");
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto exit;
}
- if( ( ret = mbedtls_ssl_conf_psk_opaque( &conf, psk_slot,
- (const unsigned char *) opt.psk_identity,
- strlen( opt.psk_identity ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n",
- ret );
+ if ((ret = mbedtls_ssl_conf_psk_opaque(&conf, psk_slot,
+ (const unsigned char *) opt.psk_identity,
+ strlen(opt.psk_identity))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n",
+ ret);
goto exit;
}
- }
- else
+ } else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( psk_len > 0 )
- {
- ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
- (const unsigned char *) opt.psk_identity,
- strlen( opt.psk_identity ) );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", (unsigned int) -ret );
+ if (psk_len > 0) {
+ ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
+ (const unsigned char *) opt.psk_identity,
+ strlen(opt.psk_identity));
+ if (ret != 0) {
+ mbedtls_printf(" failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n",
+ (unsigned int) -ret);
goto exit;
}
}
}
- if( opt.psk_list != NULL )
- {
+ if (opt.psk_list != NULL) {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( opt.psk_list_opaque != 0 )
- {
+ if (opt.psk_list_opaque != 0) {
psk_entry *cur_psk;
- for( cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next )
- {
+ for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) {
- status = psa_setup_psk_key_slot( &cur_psk->slot, alg,
- cur_psk->key,
- cur_psk->key_len );
- if( status != PSA_SUCCESS )
- {
+ status = psa_setup_psk_key_slot(&cur_psk->slot, alg,
+ cur_psk->key,
+ cur_psk->key_len);
+ if (status != PSA_SUCCESS) {
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto exit;
}
@@ -3078,7 +2901,7 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- mbedtls_ssl_conf_psk_cb( &conf, psk_callback, psk_info );
+ mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info);
}
#endif
@@ -3087,146 +2910,140 @@
* Use different group than default DHM group
*/
#if defined(MBEDTLS_FS_IO)
- if( opt.dhm_file != NULL )
- ret = mbedtls_ssl_conf_dh_param_ctx( &conf, &dhm );
+ if (opt.dhm_file != NULL) {
+ ret = mbedtls_ssl_conf_dh_param_ctx(&conf, &dhm);
+ }
#endif
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n", (unsigned int) -ret );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n",
+ (unsigned int) -ret);
goto exit;
}
#endif
- if( opt.min_version != DFL_MIN_VERSION )
- mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
+ if (opt.min_version != DFL_MIN_VERSION) {
+ mbedtls_ssl_conf_min_version(&conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version);
+ }
- if( opt.max_version != DFL_MIN_VERSION )
- mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
+ if (opt.max_version != DFL_MIN_VERSION) {
+ mbedtls_ssl_conf_max_version(&conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version);
+ }
- if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", (unsigned int) -ret );
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", (unsigned int) -ret);
goto exit;
}
io_ctx.ssl = &ssl;
io_ctx.net = &client_fd;
- mbedtls_ssl_set_bio( &ssl, &io_ctx, send_cb, recv_cb,
- opt.nbio == 0 ? recv_timeout_cb : NULL );
+ mbedtls_ssl_set_bio(&ssl, &io_ctx, send_cb, recv_cb,
+ opt.nbio == 0 ? recv_timeout_cb : NULL);
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled,
- cid, cid_len ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
- ret );
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled,
+ cid, cid_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
+ ret);
goto exit;
}
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( opt.dtls_mtu != DFL_DTLS_MTU )
- mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
+ if (opt.dtls_mtu != DFL_DTLS_MTU) {
+ mbedtls_ssl_set_mtu(&ssl, opt.dtls_mtu);
+ }
#endif
#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
+ mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
#endif
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
reset:
#if !defined(_WIN32)
- if( received_sigterm )
- {
- mbedtls_printf( " interrupted by SIGTERM (not in net_accept())\n" );
- if( ret == MBEDTLS_ERR_NET_INVALID_CONTEXT )
+ if (received_sigterm) {
+ mbedtls_printf(" interrupted by SIGTERM (not in net_accept())\n");
+ if (ret == MBEDTLS_ERR_NET_INVALID_CONTEXT) {
ret = 0;
+ }
goto exit;
}
#endif
- if( ret == MBEDTLS_ERR_SSL_CLIENT_RECONNECT )
- {
- mbedtls_printf( " ! Client initiated reconnection from same port\n" );
+ if (ret == MBEDTLS_ERR_SSL_CLIENT_RECONNECT) {
+ mbedtls_printf(" ! Client initiated reconnection from same port\n");
goto handshake;
}
#ifdef MBEDTLS_ERROR_C
- if( ret != 0 )
- {
+ if (ret != 0) {
char error_buf[100];
- mbedtls_strerror( ret, error_buf, 100 );
- mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
}
#endif
- mbedtls_net_free( &client_fd );
+ mbedtls_net_free(&client_fd);
- mbedtls_ssl_session_reset( &ssl );
+ mbedtls_ssl_session_reset(&ssl);
/*
* 3. Wait until a client connects
*/
- mbedtls_printf( " . Waiting for a remote connection ..." );
- fflush( stdout );
+ mbedtls_printf(" . Waiting for a remote connection ...");
+ fflush(stdout);
- if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
- client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 )
- {
+ if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
+ client_ip, sizeof(client_ip), &cliip_len)) != 0) {
#if !defined(_WIN32)
- if( received_sigterm )
- {
- mbedtls_printf( " interrupted by SIGTERM (in net_accept())\n" );
- if( ret == MBEDTLS_ERR_NET_ACCEPT_FAILED )
+ if (received_sigterm) {
+ mbedtls_printf(" interrupted by SIGTERM (in net_accept())\n");
+ if (ret == MBEDTLS_ERR_NET_ACCEPT_FAILED) {
ret = 0;
+ }
goto exit;
}
#endif
- mbedtls_printf( " failed\n ! mbedtls_net_accept returned -0x%x\n\n", (unsigned int) -ret );
+ mbedtls_printf(" failed\n ! mbedtls_net_accept returned -0x%x\n\n", (unsigned int) -ret);
goto exit;
}
- if( opt.nbio > 0 )
- ret = mbedtls_net_set_nonblock( &client_fd );
- else
- ret = mbedtls_net_set_block( &client_fd );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", (unsigned int) -ret );
+ if (opt.nbio > 0) {
+ ret = mbedtls_net_set_nonblock(&client_fd);
+ } else {
+ ret = mbedtls_net_set_block(&client_fd);
+ }
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n", (unsigned int) -ret);
goto exit;
}
- mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
+ mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout);
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
- if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl,
- client_ip, cliip_len ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n",
- (unsigned int) -ret );
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ if ((ret = mbedtls_ssl_set_client_transport_id(&ssl,
+ client_ip, cliip_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
}
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- if( opt.ecjpake_pw != DFL_ECJPAKE_PW )
- {
- if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( &ssl,
- (const unsigned char *) opt.ecjpake_pw,
- strlen( opt.ecjpake_pw ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", ret );
+ if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
+ if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
+ (const unsigned char *) opt.ecjpake_pw,
+ strlen(opt.ecjpake_pw))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", ret);
goto exit;
}
}
@@ -3236,89 +3053,84 @@
* 4. Handshake
*/
handshake:
- mbedtls_printf( " . Performing the SSL/TLS handshake..." );
- fflush( stdout );
+ mbedtls_printf(" . Performing the SSL/TLS handshake...");
+ fflush(stdout);
- while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
- {
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- if( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS &&
- ssl_async_keys.inject_error == SSL_ASYNC_INJECT_ERROR_CANCEL )
- {
- mbedtls_printf( " cancelling on injected error\n" );
+ if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS &&
+ ssl_async_keys.inject_error == SSL_ASYNC_INJECT_ERROR_CANCEL) {
+ mbedtls_printf(" cancelling on injected error\n");
break;
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
- if( ! mbedtls_status_is_ssl_in_progress( ret ) )
+ if (!mbedtls_status_is_ssl_in_progress(ret)) {
break;
+ }
/* For event-driven IO, wait for socket to become available */
- if( opt.event == 1 /* level triggered IO */ )
- {
+ if (opt.event == 1 /* level triggered IO */) {
#if defined(MBEDTLS_TIMING_C)
- ret = idle( &client_fd, &timer, ret );
+ ret = idle(&client_fd, &timer, ret);
#else
- ret = idle( &client_fd, ret );
+ ret = idle(&client_fd, ret);
#endif
- if( ret != 0 )
+ if (ret != 0) {
goto reset;
+ }
}
}
- if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
- {
- mbedtls_printf( " hello verification requested\n" );
+ if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
+ mbedtls_printf(" hello verification requested\n");
ret = 0;
goto reset;
- }
- else if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
+ } else if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
+ (unsigned int) -ret);
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
- {
+ if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
char vrfy_buf[512];
- flags = mbedtls_ssl_get_verify_result( &ssl );
+ flags = mbedtls_ssl_get_verify_result(&ssl);
- mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
+ mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
- mbedtls_printf( "%s\n", vrfy_buf );
+ mbedtls_printf("%s\n", vrfy_buf);
}
#endif
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- if( opt.async_private_error < 0 )
+ if (opt.async_private_error < 0) {
/* Injected error only the first time round, to test reset */
ssl_async_keys.inject_error = SSL_ASYNC_INJECT_ERROR_NONE;
+ }
#endif
goto reset;
- }
- else /* ret == 0 */
- {
- mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
- mbedtls_ssl_get_version( &ssl ), mbedtls_ssl_get_ciphersuite( &ssl ) );
+ } else { /* ret == 0 */
+ mbedtls_printf(" ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
+ mbedtls_ssl_get_version(&ssl), mbedtls_ssl_get_ciphersuite(&ssl));
}
- if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
- mbedtls_printf( " [ Record expansion is %d ]\n", ret );
- else
- mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
+ if ((ret = mbedtls_ssl_get_record_expansion(&ssl)) >= 0) {
+ mbedtls_printf(" [ Record expansion is %d ]\n", ret);
+ } else {
+ mbedtls_printf(" [ Record expansion is unknown (compression) ]\n");
+ }
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
- (unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
- mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
- (unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
+ mbedtls_printf(" [ Maximum input fragment length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_input_max_frag_len(&ssl));
+ mbedtls_printf(" [ Maximum output fragment length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_output_max_frag_len(&ssl));
#endif
#if defined(MBEDTLS_SSL_ALPN)
- if( opt.alpn_string != NULL )
- {
- const char *alp = mbedtls_ssl_get_alpn_protocol( &ssl );
- mbedtls_printf( " [ Application Layer Protocol is %s ]\n",
- alp ? alp : "(none)" );
+ if (opt.alpn_string != NULL) {
+ const char *alp = mbedtls_ssl_get_alpn_protocol(&ssl);
+ mbedtls_printf(" [ Application Layer Protocol is %s ]\n",
+ alp ? alp : "(none)");
}
#endif
@@ -3326,146 +3138,131 @@
/*
* 5. Verify the client certificate
*/
- mbedtls_printf( " . Verifying peer X.509 certificate..." );
+ mbedtls_printf(" . Verifying peer X.509 certificate...");
- if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
- {
+ if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
char vrfy_buf[512];
- mbedtls_printf( " failed\n" );
+ mbedtls_printf(" failed\n");
- mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
+ mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
- mbedtls_printf( "%s\n", vrfy_buf );
+ mbedtls_printf("%s\n", vrfy_buf);
+ } else {
+ mbedtls_printf(" ok\n");
}
- else
- mbedtls_printf( " ok\n" );
- if( mbedtls_ssl_get_peer_cert( &ssl ) != NULL )
- {
+ if (mbedtls_ssl_get_peer_cert(&ssl) != NULL) {
char crt_buf[512];
- mbedtls_printf( " . Peer certificate information ...\n" );
- mbedtls_x509_crt_info( crt_buf, sizeof( crt_buf ), " ",
- mbedtls_ssl_get_peer_cert( &ssl ) );
- mbedtls_printf( "%s\n", crt_buf );
+ mbedtls_printf(" . Peer certificate information ...\n");
+ mbedtls_x509_crt_info(crt_buf, sizeof(crt_buf), " ",
+ mbedtls_ssl_get_peer_cert(&ssl));
+ mbedtls_printf("%s\n", crt_buf);
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
- if( opt.eap_tls != 0 )
- {
+ if (opt.eap_tls != 0) {
size_t j = 0;
- if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type,
- eap_tls_keying.master_secret,
- sizeof( eap_tls_keying.master_secret ),
- eap_tls_label,
- eap_tls_keying.randbytes,
- sizeof( eap_tls_keying.randbytes ),
- eap_tls_keymaterial,
- sizeof( eap_tls_keymaterial ) ) )
- != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
- (unsigned int) -ret );
+ if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type,
+ eap_tls_keying.master_secret,
+ sizeof(eap_tls_keying.master_secret),
+ eap_tls_label,
+ eap_tls_keying.randbytes,
+ sizeof(eap_tls_keying.randbytes),
+ eap_tls_keymaterial,
+ sizeof(eap_tls_keymaterial)))
+ != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ (unsigned int) -ret);
goto reset;
}
- mbedtls_printf( " EAP-TLS key material is:" );
- for( j = 0; j < sizeof( eap_tls_keymaterial ); j++ )
- {
- if( j % 8 == 0 )
+ mbedtls_printf(" EAP-TLS key material is:");
+ for (j = 0; j < sizeof(eap_tls_keymaterial); j++) {
+ if (j % 8 == 0) {
mbedtls_printf("\n ");
- mbedtls_printf("%02x ", eap_tls_keymaterial[j] );
+ }
+ mbedtls_printf("%02x ", eap_tls_keymaterial[j]);
}
mbedtls_printf("\n");
- if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type, NULL, 0,
- eap_tls_label,
- eap_tls_keying.randbytes,
- sizeof( eap_tls_keying.randbytes ),
- eap_tls_iv,
- sizeof( eap_tls_iv ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
- (unsigned int) -ret );
- goto reset;
- }
+ if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type, NULL, 0,
+ eap_tls_label,
+ eap_tls_keying.randbytes,
+ sizeof(eap_tls_keying.randbytes),
+ eap_tls_iv,
+ sizeof(eap_tls_iv))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto reset;
+ }
- mbedtls_printf( " EAP-TLS IV is:" );
- for( j = 0; j < sizeof( eap_tls_iv ); j++ )
- {
- if( j % 8 == 0 )
+ mbedtls_printf(" EAP-TLS IV is:");
+ for (j = 0; j < sizeof(eap_tls_iv); j++) {
+ if (j % 8 == 0) {
mbedtls_printf("\n ");
- mbedtls_printf("%02x ", eap_tls_iv[j] );
+ }
+ mbedtls_printf("%02x ", eap_tls_iv[j]);
}
mbedtls_printf("\n");
}
-#if defined( MBEDTLS_SSL_DTLS_SRTP )
- else if( opt.use_srtp != 0 )
- {
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ else if (opt.use_srtp != 0) {
size_t j = 0;
mbedtls_dtls_srtp_info dtls_srtp_negotiation_result;
- mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl, &dtls_srtp_negotiation_result );
+ mbedtls_ssl_get_dtls_srtp_negotiation_result(&ssl, &dtls_srtp_negotiation_result);
- if( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile
- == MBEDTLS_TLS_SRTP_UNSET )
- {
- mbedtls_printf( " Unable to negotiate "
- "the use of DTLS-SRTP\n" );
- }
- else
- {
- if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type,
- dtls_srtp_keying.master_secret,
- sizeof( dtls_srtp_keying.master_secret ),
- dtls_srtp_label,
- dtls_srtp_keying.randbytes,
- sizeof( dtls_srtp_keying.randbytes ),
- dtls_srtp_key_material,
- sizeof( dtls_srtp_key_material ) ) )
- != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
- (unsigned int) -ret );
+ if (dtls_srtp_negotiation_result.chosen_dtls_srtp_profile
+ == MBEDTLS_TLS_SRTP_UNSET) {
+ mbedtls_printf(" Unable to negotiate "
+ "the use of DTLS-SRTP\n");
+ } else {
+ if ((ret = mbedtls_ssl_tls_prf(dtls_srtp_keying.tls_prf_type,
+ dtls_srtp_keying.master_secret,
+ sizeof(dtls_srtp_keying.master_secret),
+ dtls_srtp_label,
+ dtls_srtp_keying.randbytes,
+ sizeof(dtls_srtp_keying.randbytes),
+ dtls_srtp_key_material,
+ sizeof(dtls_srtp_key_material)))
+ != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( " DTLS-SRTP key material is:" );
- for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
- {
- if( j % 8 == 0 )
- mbedtls_printf( "\n " );
- mbedtls_printf( "%02x ", dtls_srtp_key_material[j] );
+ mbedtls_printf(" DTLS-SRTP key material is:");
+ for (j = 0; j < sizeof(dtls_srtp_key_material); j++) {
+ if (j % 8 == 0) {
+ mbedtls_printf("\n ");
+ }
+ mbedtls_printf("%02x ", dtls_srtp_key_material[j]);
}
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
/* produce a less readable output used to perform automatic checks
* - compare client and server output
* - interop test with openssl which client produces this kind of output
*/
- mbedtls_printf( " Keying material: " );
- for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
- {
- mbedtls_printf( "%02X", dtls_srtp_key_material[j] );
+ mbedtls_printf(" Keying material: ");
+ for (j = 0; j < sizeof(dtls_srtp_key_material); j++) {
+ mbedtls_printf("%02X", dtls_srtp_key_material[j]);
}
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
- if ( dtls_srtp_negotiation_result.mki_len > 0 )
- {
- mbedtls_printf( " DTLS-SRTP mki value: " );
- for( j = 0; j < dtls_srtp_negotiation_result.mki_len; j++ )
- {
- mbedtls_printf( "%02X", dtls_srtp_negotiation_result.mki_value[j] );
+ if (dtls_srtp_negotiation_result.mki_len > 0) {
+ mbedtls_printf(" DTLS-SRTP mki value: ");
+ for (j = 0; j < dtls_srtp_negotiation_result.mki_len; j++) {
+ mbedtls_printf("%02X", dtls_srtp_negotiation_result.mki_value[j]);
}
+ } else {
+ mbedtls_printf(" DTLS-SRTP no mki value negotiated");
}
- else
- {
- mbedtls_printf( " DTLS-SRTP no mki value negotiated" );
- }
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
}
}
@@ -3473,154 +3270,140 @@
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- ret = report_cid_usage( &ssl, "initial handshake" );
- if( ret != 0 )
+ ret = report_cid_usage(&ssl, "initial handshake");
+ if (ret != 0) {
goto exit;
+ }
- if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled_renego,
- cid_renego, cid_renego_len ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
- ret );
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled_renego,
+ cid_renego, cid_renego_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
+ ret);
goto exit;
}
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_memory_buffer_alloc_cur_get( ¤t_heap_memory, &heap_blocks );
- mbedtls_memory_buffer_alloc_max_get( &peak_heap_memory, &heap_blocks );
- mbedtls_printf( "Heap memory usage after handshake: %lu bytes. Peak memory usage was %lu\n",
- (unsigned long) current_heap_memory, (unsigned long) peak_heap_memory );
+ mbedtls_memory_buffer_alloc_cur_get(¤t_heap_memory, &heap_blocks);
+ mbedtls_memory_buffer_alloc_max_get(&peak_heap_memory, &heap_blocks);
+ mbedtls_printf("Heap memory usage after handshake: %lu bytes. Peak memory usage was %lu\n",
+ (unsigned long) current_heap_memory, (unsigned long) peak_heap_memory);
#endif /* MBEDTLS_MEMORY_DEBUG */
- if( opt.exchanges == 0 )
+ if (opt.exchanges == 0) {
goto close_notify;
+ }
exchanges_left = opt.exchanges;
data_exchange:
/*
* 6. Read the HTTP Request
*/
- mbedtls_printf( " < Read from client:" );
- fflush( stdout );
+ mbedtls_printf(" < Read from client:");
+ fflush(stdout);
/*
* TLS and DTLS need different reading styles (stream vs datagram)
*/
- if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
- {
- do
- {
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) {
+ do {
int terminated = 0;
len = opt.buffer_size;
- memset( buf, 0, opt.buffer_size );
- ret = mbedtls_ssl_read( &ssl, buf, len );
+ memset(buf, 0, opt.buffer_size);
+ ret = mbedtls_ssl_read(&ssl, buf, len);
- if( mbedtls_status_is_ssl_in_progress( ret ) )
- {
- if( opt.event == 1 /* level triggered IO */ )
- {
+ if (mbedtls_status_is_ssl_in_progress(ret)) {
+ if (opt.event == 1 /* level triggered IO */) {
#if defined(MBEDTLS_TIMING_C)
- idle( &client_fd, &timer, ret );
+ idle(&client_fd, &timer, ret);
#else
- idle( &client_fd, ret );
+ idle(&client_fd, ret);
#endif
}
continue;
}
- if( ret <= 0 )
- {
- switch( ret )
- {
+ if (ret <= 0) {
+ switch (ret) {
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
- mbedtls_printf( " connection was closed gracefully\n" );
+ mbedtls_printf(" connection was closed gracefully\n");
goto close_notify;
case 0:
case MBEDTLS_ERR_NET_CONN_RESET:
- mbedtls_printf( " connection was reset by peer\n" );
+ mbedtls_printf(" connection was reset by peer\n");
ret = MBEDTLS_ERR_NET_CONN_RESET;
goto reset;
default:
- mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret );
+ mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret);
goto reset;
}
}
- if( mbedtls_ssl_get_bytes_avail( &ssl ) == 0 )
- {
+ if (mbedtls_ssl_get_bytes_avail(&ssl) == 0) {
len = ret;
buf[len] = '\0';
- mbedtls_printf( " %d bytes read\n\n%s\n", len, (char *) buf );
+ mbedtls_printf(" %d bytes read\n\n%s\n", len, (char *) buf);
/* End of message should be detected according to the syntax of the
* application protocol (eg HTTP), just use a dummy test here. */
- if( buf[len - 1] == '\n' )
+ if (buf[len - 1] == '\n') {
terminated = 1;
- }
- else
- {
+ }
+ } else {
int extra_len, ori_len;
unsigned char *larger_buf;
ori_len = ret;
- extra_len = (int) mbedtls_ssl_get_bytes_avail( &ssl );
+ extra_len = (int) mbedtls_ssl_get_bytes_avail(&ssl);
- larger_buf = mbedtls_calloc( 1, ori_len + extra_len + 1 );
- if( larger_buf == NULL )
- {
- mbedtls_printf( " ! memory allocation failed\n" );
+ larger_buf = mbedtls_calloc(1, ori_len + extra_len + 1);
+ if (larger_buf == NULL) {
+ mbedtls_printf(" ! memory allocation failed\n");
ret = 1;
goto reset;
}
- memset( larger_buf, 0, ori_len + extra_len );
- memcpy( larger_buf, buf, ori_len );
+ memset(larger_buf, 0, ori_len + extra_len);
+ memcpy(larger_buf, buf, ori_len);
/* This read should never fail and get the whole cached data */
- ret = mbedtls_ssl_read( &ssl, larger_buf + ori_len, extra_len );
- if( ret != extra_len ||
- mbedtls_ssl_get_bytes_avail( &ssl ) != 0 )
- {
- mbedtls_printf( " ! mbedtls_ssl_read failed on cached data\n" );
+ ret = mbedtls_ssl_read(&ssl, larger_buf + ori_len, extra_len);
+ if (ret != extra_len ||
+ mbedtls_ssl_get_bytes_avail(&ssl) != 0) {
+ mbedtls_printf(" ! mbedtls_ssl_read failed on cached data\n");
ret = 1;
goto reset;
}
larger_buf[ori_len + extra_len] = '\0';
- mbedtls_printf( " %d bytes read (%d + %d)\n\n%s\n",
- ori_len + extra_len, ori_len, extra_len,
- (char *) larger_buf );
+ mbedtls_printf(" %d bytes read (%d + %d)\n\n%s\n",
+ ori_len + extra_len, ori_len, extra_len,
+ (char *) larger_buf);
/* End of message should be detected according to the syntax of the
* application protocol (eg HTTP), just use a dummy test here. */
- if( larger_buf[ori_len + extra_len - 1] == '\n' )
+ if (larger_buf[ori_len + extra_len - 1] == '\n') {
terminated = 1;
+ }
- mbedtls_free( larger_buf );
+ mbedtls_free(larger_buf);
}
- if( terminated )
- {
+ if (terminated) {
ret = 0;
break;
}
- }
- while( 1 );
- }
- else /* Not stream, so datagram */
- {
+ } while (1);
+ } else { /* Not stream, so datagram */
len = opt.buffer_size;
- memset( buf, 0, opt.buffer_size );
+ memset(buf, 0, opt.buffer_size);
- do
- {
+ do {
/* Without the call to `mbedtls_ssl_check_pending`, it might
* happen that the client sends application data in the same
* datagram as the Finished message concluding the handshake.
@@ -3633,43 +3416,39 @@
*/
/* For event-driven IO, wait for socket to become available */
- if( mbedtls_ssl_check_pending( &ssl ) == 0 &&
- opt.event == 1 /* level triggered IO */ )
- {
+ if (mbedtls_ssl_check_pending(&ssl) == 0 &&
+ opt.event == 1 /* level triggered IO */) {
#if defined(MBEDTLS_TIMING_C)
- idle( &client_fd, &timer, MBEDTLS_ERR_SSL_WANT_READ );
+ idle(&client_fd, &timer, MBEDTLS_ERR_SSL_WANT_READ);
#else
- idle( &client_fd, MBEDTLS_ERR_SSL_WANT_READ );
+ idle(&client_fd, MBEDTLS_ERR_SSL_WANT_READ);
#endif
}
- ret = mbedtls_ssl_read( &ssl, buf, len );
+ ret = mbedtls_ssl_read(&ssl, buf, len);
/* Note that even if `mbedtls_ssl_check_pending` returns true,
* it can happen that the subsequent call to `mbedtls_ssl_read`
* returns `MBEDTLS_ERR_SSL_WANT_READ`, because the pending messages
* might be discarded (e.g. because they are retransmissions). */
- }
- while( mbedtls_status_is_ssl_in_progress( ret ) );
+ } while (mbedtls_status_is_ssl_in_progress(ret));
- if( ret <= 0 )
- {
- switch( ret )
- {
+ if (ret <= 0) {
+ switch (ret) {
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
- mbedtls_printf( " connection was closed gracefully\n" );
+ mbedtls_printf(" connection was closed gracefully\n");
ret = 0;
goto close_notify;
default:
- mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret );
+ mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret);
goto reset;
}
}
len = ret;
buf[len] = '\0';
- mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
+ mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf);
ret = 0;
}
@@ -3678,124 +3457,113 @@
* (only on the first exchange, to be able to test retransmission)
*/
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( opt.renegotiate && exchanges_left == opt.exchanges )
- {
- mbedtls_printf( " . Requestion renegotiation..." );
- fflush( stdout );
+ if (opt.renegotiate && exchanges_left == opt.exchanges) {
+ mbedtls_printf(" . Requestion renegotiation...");
+ fflush(stdout);
- while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 )
- {
- if( ! mbedtls_status_is_ssl_in_progress( ret ) )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret );
+ while ((ret = mbedtls_ssl_renegotiate(&ssl)) != 0) {
+ if (!mbedtls_status_is_ssl_in_progress(ret)) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret);
goto reset;
}
/* For event-driven IO, wait for socket to become available */
- if( opt.event == 1 /* level triggered IO */ )
- {
+ if (opt.event == 1 /* level triggered IO */) {
#if defined(MBEDTLS_TIMING_C)
- idle( &client_fd, &timer, ret );
+ idle(&client_fd, &timer, ret);
#else
- idle( &client_fd, ret );
+ idle(&client_fd, ret);
#endif
}
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- ret = report_cid_usage( &ssl, "after renegotiation" );
- if( ret != 0 )
+ ret = report_cid_usage(&ssl, "after renegotiation");
+ if (ret != 0) {
goto exit;
+ }
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/*
* 7. Write the 200 Response
*/
- mbedtls_printf( " > Write to client:" );
- fflush( stdout );
+ mbedtls_printf(" > Write to client:");
+ fflush(stdout);
/* If the format of the response changes, make sure there is enough
* room in buf (buf_content_size calculation above). */
- len = sprintf( (char *) buf, HTTP_RESPONSE,
- mbedtls_ssl_get_ciphersuite( &ssl ) );
+ len = sprintf((char *) buf, HTTP_RESPONSE,
+ mbedtls_ssl_get_ciphersuite(&ssl));
/* Add padding to the response to reach opt.response_size in length */
- if( opt.response_size != DFL_RESPONSE_SIZE &&
- len < opt.response_size )
- {
- memset( buf + len, 'B', opt.response_size - len );
+ if (opt.response_size != DFL_RESPONSE_SIZE &&
+ len < opt.response_size) {
+ memset(buf + len, 'B', opt.response_size - len);
len += opt.response_size - len;
}
/* Truncate if response size is smaller than the "natural" size */
- if( opt.response_size != DFL_RESPONSE_SIZE &&
- len > opt.response_size )
- {
+ if (opt.response_size != DFL_RESPONSE_SIZE &&
+ len > opt.response_size) {
len = opt.response_size;
/* Still end with \r\n unless that's really not possible */
- if( len >= 2 ) buf[len - 2] = '\r';
- if( len >= 1 ) buf[len - 1] = '\n';
+ if (len >= 2) {
+ buf[len - 2] = '\r';
+ }
+ if (len >= 1) {
+ buf[len - 1] = '\n';
+ }
}
- if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
- {
- for( written = 0, frags = 0; written < len; written += ret, frags++ )
- {
- while( ( ret = mbedtls_ssl_write( &ssl, buf + written, len - written ) )
- <= 0 )
- {
- if( ret == MBEDTLS_ERR_NET_CONN_RESET )
- {
- mbedtls_printf( " failed\n ! peer closed the connection\n\n" );
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) {
+ for (written = 0, frags = 0; written < len; written += ret, frags++) {
+ while ((ret = mbedtls_ssl_write(&ssl, buf + written, len - written))
+ <= 0) {
+ if (ret == MBEDTLS_ERR_NET_CONN_RESET) {
+ mbedtls_printf(" failed\n ! peer closed the connection\n\n");
goto reset;
}
- if( ! mbedtls_status_is_ssl_in_progress( ret ) )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ if (!mbedtls_status_is_ssl_in_progress(ret)) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
goto reset;
}
/* For event-driven IO, wait for socket to become available */
- if( opt.event == 1 /* level triggered IO */ )
- {
+ if (opt.event == 1 /* level triggered IO */) {
#if defined(MBEDTLS_TIMING_C)
- idle( &client_fd, &timer, ret );
+ idle(&client_fd, &timer, ret);
#else
- idle( &client_fd, ret );
+ idle(&client_fd, ret);
#endif
}
}
}
- }
- else /* Not stream, so datagram */
- {
- while( 1 )
- {
- ret = mbedtls_ssl_write( &ssl, buf, len );
+ } else { /* Not stream, so datagram */
+ while (1) {
+ ret = mbedtls_ssl_write(&ssl, buf, len);
- if( ! mbedtls_status_is_ssl_in_progress( ret ) )
+ if (!mbedtls_status_is_ssl_in_progress(ret)) {
break;
+ }
/* For event-driven IO, wait for socket to become available */
- if( opt.event == 1 /* level triggered IO */ )
- {
+ if (opt.event == 1 /* level triggered IO */) {
#if defined(MBEDTLS_TIMING_C)
- idle( &client_fd, &timer, ret );
+ idle(&client_fd, &timer, ret);
#else
- idle( &client_fd, ret );
+ idle(&client_fd, ret);
#endif
}
}
- if( ret < 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
goto reset;
}
@@ -3804,96 +3572,87 @@
}
buf[written] = '\0';
- mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
+ mbedtls_printf(" %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf);
ret = 0;
/*
* 7b. Simulate serialize/deserialize and go back to data exchange
*/
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
- if( opt.serialize != 0 )
- {
+ if (opt.serialize != 0) {
size_t buf_len;
- mbedtls_printf( " . Serializing live connection..." );
+ mbedtls_printf(" . Serializing live connection...");
- ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &buf_len );
- if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
- "-0x%x\n\n", (unsigned int) -ret );
+ ret = mbedtls_ssl_context_save(&ssl, NULL, 0, &buf_len);
+ if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned "
+ "-0x%x\n\n", (unsigned int) -ret);
goto exit;
}
- if( ( context_buf = mbedtls_calloc( 1, buf_len ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Couldn't allocate buffer for "
- "serialized context" );
+ if ((context_buf = mbedtls_calloc(1, buf_len)) == NULL) {
+ mbedtls_printf(" failed\n ! Couldn't allocate buffer for "
+ "serialized context");
goto exit;
}
context_buf_len = buf_len;
- if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf,
- buf_len, &buf_len ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
- "-0x%x\n\n", (unsigned int) -ret );
+ if ((ret = mbedtls_ssl_context_save(&ssl, context_buf,
+ buf_len, &buf_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned "
+ "-0x%x\n\n", (unsigned int) -ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/* Save serialized context to the 'opt.context_file' as a base64 code */
- if( 0 < strlen( opt.context_file ) )
- {
+ if (0 < strlen(opt.context_file)) {
FILE *b64_file;
uint8_t *b64_buf;
size_t b64_len;
- mbedtls_printf( " . Save serialized context to a file... " );
+ mbedtls_printf(" . Save serialized context to a file... ");
- mbedtls_base64_encode( NULL, 0, &b64_len, context_buf, buf_len );
+ mbedtls_base64_encode(NULL, 0, &b64_len, context_buf, buf_len);
- if( ( b64_buf = mbedtls_calloc( 1, b64_len ) ) == NULL )
- {
- mbedtls_printf( "failed\n ! Couldn't allocate buffer for "
- "the base64 code\n" );
+ if ((b64_buf = mbedtls_calloc(1, b64_len)) == NULL) {
+ mbedtls_printf("failed\n ! Couldn't allocate buffer for "
+ "the base64 code\n");
goto exit;
}
- if( ( ret = mbedtls_base64_encode( b64_buf, b64_len, &b64_len,
- context_buf, buf_len ) ) != 0 )
- {
- mbedtls_printf( "failed\n ! mbedtls_base64_encode returned "
- "-0x%x\n", (unsigned int) -ret );
- mbedtls_free( b64_buf );
+ if ((ret = mbedtls_base64_encode(b64_buf, b64_len, &b64_len,
+ context_buf, buf_len)) != 0) {
+ mbedtls_printf("failed\n ! mbedtls_base64_encode returned "
+ "-0x%x\n", (unsigned int) -ret);
+ mbedtls_free(b64_buf);
goto exit;
}
- if( ( b64_file = fopen( opt.context_file, "w" ) ) == NULL )
- {
- mbedtls_printf( "failed\n ! Cannot open '%s' for writing.\n",
- opt.context_file );
- mbedtls_free( b64_buf );
+ if ((b64_file = fopen(opt.context_file, "w")) == NULL) {
+ mbedtls_printf("failed\n ! Cannot open '%s' for writing.\n",
+ opt.context_file);
+ mbedtls_free(b64_buf);
goto exit;
}
- if( b64_len != fwrite( b64_buf, 1, b64_len, b64_file ) )
- {
- mbedtls_printf( "failed\n ! fwrite(%ld bytes) failed\n",
- (long) b64_len );
- mbedtls_free( b64_buf );
- fclose( b64_file );
+ if (b64_len != fwrite(b64_buf, 1, b64_len, b64_file)) {
+ mbedtls_printf("failed\n ! fwrite(%ld bytes) failed\n",
+ (long) b64_len);
+ mbedtls_free(b64_buf);
+ fclose(b64_file);
goto exit;
}
- mbedtls_free( b64_buf );
- fclose( b64_file );
+ mbedtls_free(b64_buf);
+ fclose(b64_file);
- mbedtls_printf( "ok\n" );
+ mbedtls_printf("ok\n");
}
/*
@@ -3903,10 +3662,9 @@
* case you can just reset() it, and then it's ready to receive
* serialized data from another connection (or the same here).
*/
- if( opt.serialize == 1 )
- {
+ if (opt.serialize == 1) {
/* nothing to do here, done by context_save() already */
- mbedtls_printf( " . Context has been reset... ok\n" );
+ mbedtls_printf(" . Context has been reset... ok\n");
}
/*
@@ -3917,18 +3675,16 @@
* teardown/startup code needed - for example, preparing the
* ssl_config again (see section 3 "setup stuff" in this file).
*/
- if( opt.serialize == 2 )
- {
- mbedtls_printf( " . Freeing and reinitializing context..." );
+ if (opt.serialize == 2) {
+ mbedtls_printf(" . Freeing and reinitializing context...");
- mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_free(&ssl);
- mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_init(&ssl);
- if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned "
- "-0x%x\n\n", (unsigned int) -ret );
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned "
+ "-0x%x\n\n", (unsigned int) -ret);
goto exit;
}
@@ -3938,60 +3694,62 @@
* if you want to share your set up code between the case of
* establishing a new connection and this case.
*/
- if( opt.nbio == 2 )
- mbedtls_ssl_set_bio( &ssl, &client_fd, delayed_send,
- delayed_recv, NULL );
- else
- mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send,
- mbedtls_net_recv,
- opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
+ if (opt.nbio == 2) {
+ mbedtls_ssl_set_bio(&ssl, &client_fd, delayed_send,
+ delayed_recv, NULL);
+ } else {
+ mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send,
+ mbedtls_net_recv,
+ opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL);
+ }
#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb( &ssl, &timer,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
+ mbedtls_ssl_set_timer_cb(&ssl, &timer,
+ mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
#endif /* MBEDTLS_TIMING_C */
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
}
- mbedtls_printf( " . Deserializing connection..." );
+ mbedtls_printf(" . Deserializing connection...");
- if( ( ret = mbedtls_ssl_context_load( &ssl, context_buf,
- buf_len ) ) != 0 )
- {
- mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned "
- "-0x%x\n\n", (unsigned int) -ret );
+ if ((ret = mbedtls_ssl_context_load(&ssl, context_buf,
+ buf_len)) != 0) {
+ mbedtls_printf("failed\n ! mbedtls_ssl_context_load returned "
+ "-0x%x\n\n", (unsigned int) -ret);
goto exit;
}
- mbedtls_free( context_buf );
+ mbedtls_free(context_buf);
context_buf = NULL;
context_buf_len = 0;
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
}
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
/*
* 7c. Continue doing data exchanges?
*/
- if( --exchanges_left > 0 )
+ if (--exchanges_left > 0) {
goto data_exchange;
+ }
/*
* 8. Done, cleanly close the connection
*/
close_notify:
- mbedtls_printf( " . Closing the connection..." );
+ mbedtls_printf(" . Closing the connection...");
/* No error checking, the connection might be closed already */
- do ret = mbedtls_ssl_close_notify( &ssl );
- while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ do {
+ ret = mbedtls_ssl_close_notify(&ssl);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
ret = 0;
- mbedtls_printf( " done\n" );
+ mbedtls_printf(" done\n");
goto reset;
@@ -4000,75 +3758,73 @@
*/
exit:
#ifdef MBEDTLS_ERROR_C
- if( ret != 0 )
- {
+ if (ret != 0) {
char error_buf[100];
- mbedtls_strerror( ret, error_buf, 100 );
- mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf );
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf);
}
#endif
- if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
- {
- mbedtls_printf( " . Cleaning up..." );
- fflush( stdout );
+ if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) {
+ mbedtls_printf(" . Cleaning up...");
+ fflush(stdout);
}
- mbedtls_net_free( &client_fd );
- mbedtls_net_free( &listen_fd );
+ mbedtls_net_free(&client_fd);
+ mbedtls_net_free(&listen_fd);
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_cache_free( &cache );
+ mbedtls_ssl_cache_free(&cache);
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
- mbedtls_ssl_ticket_free( &ticket_ctx );
+ mbedtls_ssl_ticket_free(&ticket_ctx);
#endif
#if defined(MBEDTLS_SSL_COOKIE_C)
- mbedtls_ssl_cookie_free( &cookie_ctx );
+ mbedtls_ssl_cookie_free(&cookie_ctx);
#endif
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
- if( context_buf != NULL )
- mbedtls_platform_zeroize( context_buf, context_buf_len );
- mbedtls_free( context_buf );
+ if (context_buf != NULL) {
+ mbedtls_platform_zeroize(context_buf, context_buf_len);
+ }
+ mbedtls_free(context_buf);
#endif
#if defined(SNI_OPTION)
- sni_free( sni_info );
+ sni_free(sni_info);
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- ret = psk_free( psk_info );
- if( ( ret != 0 ) && ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
- mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
+ ret = psk_free(psk_info);
+ if ((ret != 0) && (opt.query_config_mode == DFL_QUERY_CONFIG_MODE)) {
+ mbedtls_printf("Failed to list of opaque PSKs - error was %d\n", ret);
+ }
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- mbedtls_x509_crt_free( &cacert );
- mbedtls_x509_crt_free( &srvcert );
- mbedtls_pk_free( &pkey );
- mbedtls_x509_crt_free( &srvcert2 );
- mbedtls_pk_free( &pkey2 );
+ mbedtls_x509_crt_free(&cacert);
+ mbedtls_x509_crt_free(&srvcert);
+ mbedtls_pk_free(&pkey);
+ mbedtls_x509_crt_free(&srvcert2);
+ mbedtls_pk_free(&pkey2);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_destroy_key( key_slot );
- psa_destroy_key( key_slot2 );
+ psa_destroy_key(key_slot);
+ psa_destroy_key(key_slot2);
#endif
#endif
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
- mbedtls_dhm_free( &dhm );
+ mbedtls_dhm_free(&dhm);
#endif
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- for( i = 0; (size_t) i < ssl_async_keys.slots_used; i++ )
- {
- if( ssl_async_keys.slots[i].pk_owned )
- {
- mbedtls_pk_free( ssl_async_keys.slots[i].pk );
- mbedtls_free( ssl_async_keys.slots[i].pk );
+ for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) {
+ if (ssl_async_keys.slots[i].pk_owned) {
+ mbedtls_pk_free(ssl_async_keys.slots[i].pk);
+ mbedtls_free(ssl_async_keys.slots[i].pk);
ssl_async_keys.slots[i].pk = NULL;
}
}
@@ -4076,30 +3832,28 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
defined(MBEDTLS_USE_PSA_CRYPTO)
- if( opt.psk_opaque != 0 )
- {
+ if (opt.psk_opaque != 0) {
/* This is ok even if the slot hasn't been
* initialized (we might have jumed here
* immediately because of bad cmd line params,
* for example). */
- status = psa_destroy_key( psk_slot );
- if( ( status != PSA_SUCCESS ) &&
- ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
- {
- mbedtls_printf( "Failed to destroy key slot %u - error was %d",
- (unsigned) psk_slot, (int) status );
+ status = psa_destroy_key(psk_slot);
+ if ((status != PSA_SUCCESS) &&
+ (opt.query_config_mode == DFL_QUERY_CONFIG_MODE)) {
+ mbedtls_printf("Failed to destroy key slot %u - error was %d",
+ (unsigned) psk_slot, (int) status);
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- const char* message = mbedtls_test_helper_is_psa_leaking();
- if( message )
- {
- if( ret == 0 )
+ const char *message = mbedtls_test_helper_is_psa_leaking();
+ if (message) {
+ if (ret == 0) {
ret = 1;
- mbedtls_printf( "PSA memory leak detected: %s\n", message);
+ }
+ mbedtls_printf("PSA memory leak detected: %s\n", message);
}
#endif
@@ -4107,27 +3861,26 @@
* resources are freed by rng_free(). */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
!defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
- mbedtls_psa_crypto_free( );
+ mbedtls_psa_crypto_free();
#endif
- rng_free( &rng );
+ rng_free(&rng);
- mbedtls_free( buf );
+ mbedtls_free(buf);
#if defined(MBEDTLS_TEST_HOOKS)
/* Let test hooks detect errors such as resource leaks.
* Don't do it in query_config mode, because some test code prints
* information to stdout and this gets mixed with the regular output. */
- if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
- {
- if( test_hooks_failure_detected( ) )
- {
- if( ret == 0 )
+ if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) {
+ if (test_hooks_failure_detected()) {
+ if (ret == 0) {
ret = 1;
- mbedtls_printf( "Test hooks detected errors.\n" );
+ }
+ mbedtls_printf("Test hooks detected errors.\n");
}
}
- test_hooks_free( );
+ test_hooks_free();
#endif /* MBEDTLS_TEST_HOOKS */
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
@@ -4137,23 +3890,24 @@
mbedtls_memory_buffer_alloc_free();
#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
- if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
- {
- mbedtls_printf( " done.\n" );
+ if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) {
+ mbedtls_printf(" done.\n");
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
}
// Shell can not handle large exit numbers -> 1 for errors
- if( ret < 0 )
+ if (ret < 0) {
ret = 1;
+ }
- if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
- mbedtls_exit( ret );
- else
- mbedtls_exit( query_config_ret );
+ if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) {
+ mbedtls_exit(ret);
+ } else {
+ mbedtls_exit(query_config_ret);
+ }
}
#endif /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_SRV_C */
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index f5d8680..d3ce67e 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -25,44 +25,43 @@
*/
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-int eap_tls_key_derivation( void *p_expkey,
- const unsigned char *ms,
- const unsigned char *kb,
- size_t maclen,
- size_t keylen,
- size_t ivlen,
- const unsigned char client_random[32],
- const unsigned char server_random[32],
- mbedtls_tls_prf_types tls_prf_type )
+int eap_tls_key_derivation(void *p_expkey,
+ const unsigned char *ms,
+ const unsigned char *kb,
+ size_t maclen,
+ size_t keylen,
+ size_t ivlen,
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type)
{
- eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
+ eap_tls_keys *keys = (eap_tls_keys *) p_expkey;
- ( ( void ) kb );
- memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) );
- memcpy( keys->randbytes, client_random, 32 );
- memcpy( keys->randbytes + 32, server_random, 32 );
+ ((void) kb);
+ memcpy(keys->master_secret, ms, sizeof(keys->master_secret));
+ memcpy(keys->randbytes, client_random, 32);
+ memcpy(keys->randbytes + 32, server_random, 32);
keys->tls_prf_type = tls_prf_type;
- if( opt.debug_level > 2 )
- {
- mbedtls_printf("exported maclen is %u\n", (unsigned)maclen);
- mbedtls_printf("exported keylen is %u\n", (unsigned)keylen);
- mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen);
+ if (opt.debug_level > 2) {
+ mbedtls_printf("exported maclen is %u\n", (unsigned) maclen);
+ mbedtls_printf("exported keylen is %u\n", (unsigned) keylen);
+ mbedtls_printf("exported ivlen is %u\n", (unsigned) ivlen);
}
- return( 0 );
+ return 0;
}
-int nss_keylog_export( void *p_expkey,
- const unsigned char *ms,
- const unsigned char *kb,
- size_t maclen,
- size_t keylen,
- size_t ivlen,
- const unsigned char client_random[32],
- const unsigned char server_random[32],
- mbedtls_tls_prf_types tls_prf_type )
+int nss_keylog_export(void *p_expkey,
+ const unsigned char *ms,
+ const unsigned char *kb,
+ size_t maclen,
+ size_t keylen,
+ size_t ivlen,
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type)
{
- char nss_keylog_line[ 200 ];
+ char nss_keylog_line[200];
size_t const client_random_len = 32;
size_t const master_secret_len = 48;
size_t len = 0;
@@ -77,138 +76,134 @@
((void) server_random);
((void) tls_prf_type);
- len += sprintf( nss_keylog_line + len,
- "%s", "CLIENT_RANDOM " );
+ len += sprintf(nss_keylog_line + len,
+ "%s", "CLIENT_RANDOM ");
- for( j = 0; j < client_random_len; j++ )
- {
- len += sprintf( nss_keylog_line + len,
- "%02x", client_random[j] );
+ for (j = 0; j < client_random_len; j++) {
+ len += sprintf(nss_keylog_line + len,
+ "%02x", client_random[j]);
}
- len += sprintf( nss_keylog_line + len, " " );
+ len += sprintf(nss_keylog_line + len, " ");
- for( j = 0; j < master_secret_len; j++ )
- {
- len += sprintf( nss_keylog_line + len,
- "%02x", ms[j] );
+ for (j = 0; j < master_secret_len; j++) {
+ len += sprintf(nss_keylog_line + len,
+ "%02x", ms[j]);
}
- len += sprintf( nss_keylog_line + len, "\n" );
- nss_keylog_line[ len ] = '\0';
+ len += sprintf(nss_keylog_line + len, "\n");
+ nss_keylog_line[len] = '\0';
- mbedtls_printf( "\n" );
- mbedtls_printf( "---------------- NSS KEYLOG -----------------\n" );
- mbedtls_printf( "%s", nss_keylog_line );
- mbedtls_printf( "---------------------------------------------\n" );
+ mbedtls_printf("\n");
+ mbedtls_printf("---------------- NSS KEYLOG -----------------\n");
+ mbedtls_printf("%s", nss_keylog_line);
+ mbedtls_printf("---------------------------------------------\n");
- if( opt.nss_keylog_file != NULL )
- {
+ if (opt.nss_keylog_file != NULL) {
FILE *f;
- if( ( f = fopen( opt.nss_keylog_file, "a" ) ) == NULL )
- {
+ if ((f = fopen(opt.nss_keylog_file, "a")) == NULL) {
ret = -1;
goto exit;
}
- if( fwrite( nss_keylog_line, 1, len, f ) != len )
- {
+ if (fwrite(nss_keylog_line, 1, len, f) != len) {
ret = -1;
- fclose( f );
+ fclose(f);
goto exit;
}
- fclose( f );
+ fclose(f);
}
exit:
- mbedtls_platform_zeroize( nss_keylog_line,
- sizeof( nss_keylog_line ) );
- return( ret );
+ mbedtls_platform_zeroize(nss_keylog_line,
+ sizeof(nss_keylog_line));
+ return ret;
}
-#if defined( MBEDTLS_SSL_DTLS_SRTP )
-int dtls_srtp_key_derivation( void *p_expkey,
- const unsigned char *ms,
- const unsigned char *kb,
- size_t maclen,
- size_t keylen,
- size_t ivlen,
- const unsigned char client_random[32],
- const unsigned char server_random[32],
- mbedtls_tls_prf_types tls_prf_type )
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+int dtls_srtp_key_derivation(void *p_expkey,
+ const unsigned char *ms,
+ const unsigned char *kb,
+ size_t maclen,
+ size_t keylen,
+ size_t ivlen,
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type)
{
- dtls_srtp_keys *keys = (dtls_srtp_keys *)p_expkey;
+ dtls_srtp_keys *keys = (dtls_srtp_keys *) p_expkey;
- ( ( void ) kb );
- memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) );
- memcpy( keys->randbytes, client_random, 32 );
- memcpy( keys->randbytes + 32, server_random, 32 );
+ ((void) kb);
+ memcpy(keys->master_secret, ms, sizeof(keys->master_secret));
+ memcpy(keys->randbytes, client_random, 32);
+ memcpy(keys->randbytes + 32, server_random, 32);
keys->tls_prf_type = tls_prf_type;
- if( opt.debug_level > 2 )
- {
- mbedtls_printf( "exported maclen is %u\n", (unsigned) maclen );
- mbedtls_printf( "exported keylen is %u\n", (unsigned) keylen );
- mbedtls_printf( "exported ivlen is %u\n", (unsigned) ivlen );
+ if (opt.debug_level > 2) {
+ mbedtls_printf("exported maclen is %u\n", (unsigned) maclen);
+ mbedtls_printf("exported keylen is %u\n", (unsigned) keylen);
+ mbedtls_printf("exported ivlen is %u\n", (unsigned) ivlen);
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_SSL_RECORD_CHECKING)
-int ssl_check_record( mbedtls_ssl_context const *ssl,
- unsigned char const *buf, size_t len )
+int ssl_check_record(mbedtls_ssl_context const *ssl,
+ unsigned char const *buf, size_t len)
{
int my_ret = 0, ret_cr1, ret_cr2;
unsigned char *tmp_buf;
/* Record checking may modify the input buffer,
* so make a copy. */
- tmp_buf = mbedtls_calloc( 1, len );
- if( tmp_buf == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
- memcpy( tmp_buf, buf, len );
+ tmp_buf = mbedtls_calloc(1, len);
+ if (tmp_buf == NULL) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
+ memcpy(tmp_buf, buf, len);
- ret_cr1 = mbedtls_ssl_check_record( ssl, tmp_buf, len );
- if( ret_cr1 != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE )
- {
+ ret_cr1 = mbedtls_ssl_check_record(ssl, tmp_buf, len);
+ if (ret_cr1 != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) {
/* Test-only: Make sure that mbedtls_ssl_check_record()
* doesn't alter state. */
- memcpy( tmp_buf, buf, len ); /* Restore buffer */
- ret_cr2 = mbedtls_ssl_check_record( ssl, tmp_buf, len );
- if( ret_cr2 != ret_cr1 )
- {
- mbedtls_printf( "mbedtls_ssl_check_record() returned inconsistent results.\n" );
+ memcpy(tmp_buf, buf, len); /* Restore buffer */
+ ret_cr2 = mbedtls_ssl_check_record(ssl, tmp_buf, len);
+ if (ret_cr2 != ret_cr1) {
+ mbedtls_printf("mbedtls_ssl_check_record() returned inconsistent results.\n");
my_ret = -1;
goto cleanup;
}
- switch( ret_cr1 )
- {
+ switch (ret_cr1) {
case 0:
break;
case MBEDTLS_ERR_SSL_INVALID_RECORD:
- if( opt.debug_level > 1 )
- mbedtls_printf( "mbedtls_ssl_check_record() detected invalid record.\n" );
+ if (opt.debug_level > 1) {
+ mbedtls_printf("mbedtls_ssl_check_record() detected invalid record.\n");
+ }
break;
case MBEDTLS_ERR_SSL_INVALID_MAC:
- if( opt.debug_level > 1 )
- mbedtls_printf( "mbedtls_ssl_check_record() detected unauthentic record.\n" );
+ if (opt.debug_level > 1) {
+ mbedtls_printf("mbedtls_ssl_check_record() detected unauthentic record.\n");
+ }
break;
case MBEDTLS_ERR_SSL_UNEXPECTED_RECORD:
- if( opt.debug_level > 1 )
- mbedtls_printf( "mbedtls_ssl_check_record() detected unexpected record.\n" );
+ if (opt.debug_level > 1) {
+ mbedtls_printf("mbedtls_ssl_check_record() detected unexpected record.\n");
+ }
break;
default:
- mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", (unsigned int) -ret_cr1 );
+ mbedtls_printf("mbedtls_ssl_check_record() failed fatally with -%#04x.\n",
+ (unsigned int) -ret_cr1);
my_ret = -1;
goto cleanup;
}
@@ -217,74 +212,78 @@
}
cleanup:
- mbedtls_free( tmp_buf );
+ mbedtls_free(tmp_buf);
- return( my_ret );
+ return my_ret;
}
#endif /* MBEDTLS_SSL_RECORD_CHECKING */
-int recv_cb( void *ctx, unsigned char *buf, size_t len )
+int recv_cb(void *ctx, unsigned char *buf, size_t len)
{
- io_ctx_t *io_ctx = (io_ctx_t*) ctx;
+ io_ctx_t *io_ctx = (io_ctx_t *) ctx;
size_t recv_len;
int ret;
- if( opt.nbio == 2 )
- ret = delayed_recv( io_ctx->net, buf, len );
- else
- ret = mbedtls_net_recv( io_ctx->net, buf, len );
- if( ret < 0 )
- return( ret );
+ if (opt.nbio == 2) {
+ ret = delayed_recv(io_ctx->net, buf, len);
+ } else {
+ ret = mbedtls_net_recv(io_ctx->net, buf, len);
+ }
+ if (ret < 0) {
+ return ret;
+ }
recv_len = (size_t) ret;
- if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
/* Here's the place to do any datagram/record checking
* in between receiving the packet from the underlying
* transport and passing it on to the TLS stack. */
#if defined(MBEDTLS_SSL_RECORD_CHECKING)
- if( ssl_check_record( io_ctx->ssl, buf, recv_len ) != 0 )
- return( -1 );
+ if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) {
+ return -1;
+ }
#endif /* MBEDTLS_SSL_RECORD_CHECKING */
}
- return( (int) recv_len );
+ return (int) recv_len;
}
-int recv_timeout_cb( void *ctx, unsigned char *buf, size_t len,
- uint32_t timeout )
+int recv_timeout_cb(void *ctx, unsigned char *buf, size_t len,
+ uint32_t timeout)
{
- io_ctx_t *io_ctx = (io_ctx_t*) ctx;
+ io_ctx_t *io_ctx = (io_ctx_t *) ctx;
int ret;
size_t recv_len;
- ret = mbedtls_net_recv_timeout( io_ctx->net, buf, len, timeout );
- if( ret < 0 )
- return( ret );
+ ret = mbedtls_net_recv_timeout(io_ctx->net, buf, len, timeout);
+ if (ret < 0) {
+ return ret;
+ }
recv_len = (size_t) ret;
- if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
/* Here's the place to do any datagram/record checking
* in between receiving the packet from the underlying
* transport and passing it on to the TLS stack. */
#if defined(MBEDTLS_SSL_RECORD_CHECKING)
- if( ssl_check_record( io_ctx->ssl, buf, recv_len ) != 0 )
- return( -1 );
+ if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) {
+ return -1;
+ }
#endif /* MBEDTLS_SSL_RECORD_CHECKING */
}
- return( (int) recv_len );
+ return (int) recv_len;
}
-int send_cb( void *ctx, unsigned char const *buf, size_t len )
+int send_cb(void *ctx, unsigned char const *buf, size_t len)
{
- io_ctx_t *io_ctx = (io_ctx_t*) ctx;
+ io_ctx_t *io_ctx = (io_ctx_t *) ctx;
- if( opt.nbio == 2 )
- return( delayed_send( io_ctx->net, buf, len ) );
+ if (opt.nbio == 2) {
+ return delayed_send(io_ctx->net, buf, len);
+ }
- return( mbedtls_net_send( io_ctx->net, buf, len ) );
+ return mbedtls_net_send(io_ctx->net, buf, len);
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
index 70cddfa..d639003 100644
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@@ -28,24 +28,26 @@
#if !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
-void my_debug( void *ctx, int level,
- const char *file, int line,
- const char *str )
+void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
{
const char *p, *basename;
/* Extract basename from file */
- for( p = basename = file; *p != '\0'; p++ )
- if( *p == '/' || *p == '\\' )
+ for (p = basename = file; *p != '\0'; p++) {
+ if (*p == '/' || *p == '\\') {
basename = p + 1;
+ }
+ }
- mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s",
- basename, line, level, str );
- fflush( (FILE *) ctx );
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: |%d| %s",
+ basename, line, level, str);
+ fflush((FILE *) ctx);
}
#if defined(MBEDTLS_HAVE_TIME)
-mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
+mbedtls_time_t dummy_constant_time(mbedtls_time_t *time)
{
(void) time;
return 0x5af2a056;
@@ -53,74 +55,72 @@
#endif
#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
-static int dummy_entropy( void *data, unsigned char *output, size_t len )
+static int dummy_entropy(void *data, unsigned char *output, size_t len)
{
size_t i;
int ret;
(void) data;
- ret = mbedtls_entropy_func( data, output, len );
- for( i = 0; i < len; i++ )
- {
+ ret = mbedtls_entropy_func(data, output, len);
+ for (i = 0; i < len; i++) {
//replace result with pseudo random
output[i] = (unsigned char) rand();
}
- return( ret );
+ return ret;
}
#endif
-void rng_init( rng_context_t *rng )
+void rng_init(rng_context_t *rng)
{
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
(void) rng;
- psa_crypto_init( );
+ psa_crypto_init();
#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
#if defined(MBEDTLS_CTR_DRBG_C)
- mbedtls_ctr_drbg_init( &rng->drbg );
+ mbedtls_ctr_drbg_init(&rng->drbg);
#elif defined(MBEDTLS_HMAC_DRBG_C)
- mbedtls_hmac_drbg_init( &rng->drbg );
+ mbedtls_hmac_drbg_init(&rng->drbg);
#else
#error "No DRBG available"
#endif
- mbedtls_entropy_init( &rng->entropy );
+ mbedtls_entropy_init(&rng->entropy);
#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
}
-int rng_seed( rng_context_t *rng, int reproducible, const char *pers )
+int rng_seed(rng_context_t *rng, int reproducible, const char *pers)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( reproducible )
- {
- mbedtls_fprintf( stderr,
- "MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n" );
- return( -1 );
+ if (reproducible) {
+ mbedtls_fprintf(stderr,
+ "MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n");
+ return -1;
}
#endif
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
/* The PSA crypto RNG does its own seeding. */
(void) rng;
(void) pers;
- if( reproducible )
- {
- mbedtls_fprintf( stderr,
- "The PSA RNG does not support reproducible mode.\n" );
- return( -1 );
+ if (reproducible) {
+ mbedtls_fprintf(stderr,
+ "The PSA RNG does not support reproducible mode.\n");
+ return -1;
}
- return( 0 );
+ return 0;
#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
- int ( *f_entropy )( void *, unsigned char *, size_t ) =
- ( reproducible ? dummy_entropy : mbedtls_entropy_func );
+ int (*f_entropy)(void *, unsigned char *, size_t) =
+ (reproducible ? dummy_entropy : mbedtls_entropy_func);
- if ( reproducible )
- srand( 1 );
+ if (reproducible) {
+ srand(1);
+ }
#if defined(MBEDTLS_CTR_DRBG_C)
- int ret = mbedtls_ctr_drbg_seed( &rng->drbg,
- f_entropy, &rng->entropy,
- (const unsigned char *) pers,
- strlen( pers ) );
+ int ret = mbedtls_ctr_drbg_seed(&rng->drbg,
+ f_entropy, &rng->entropy,
+ (const unsigned char *) pers,
+ strlen(pers));
#elif defined(MBEDTLS_HMAC_DRBG_C)
#if defined(MBEDTLS_SHA256_C)
const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256;
@@ -129,61 +129,60 @@
#else
#error "No message digest available for HMAC_DRBG"
#endif
- int ret = mbedtls_hmac_drbg_seed( &rng->drbg,
- mbedtls_md_info_from_type( md_type ),
- f_entropy, &rng->entropy,
- (const unsigned char *) pers,
- strlen( pers ) );
+ int ret = mbedtls_hmac_drbg_seed(&rng->drbg,
+ mbedtls_md_info_from_type(md_type),
+ f_entropy, &rng->entropy,
+ (const unsigned char *) pers,
+ strlen(pers));
#else /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
#error "No DRBG available"
#endif /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
- (unsigned int) -ret );
- return( ret );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
+ (unsigned int) -ret);
+ return ret;
}
#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
- return( 0 );
+ return 0;
}
-void rng_free( rng_context_t *rng )
+void rng_free(rng_context_t *rng)
{
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
(void) rng;
/* Deinitialize the PSA crypto subsystem. This deactivates all PSA APIs.
* This is ok because none of our applications try to do any crypto after
* deinitializing the RNG. */
- mbedtls_psa_crypto_free( );
+ mbedtls_psa_crypto_free();
#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
#if defined(MBEDTLS_CTR_DRBG_C)
- mbedtls_ctr_drbg_free( &rng->drbg );
+ mbedtls_ctr_drbg_free(&rng->drbg);
#elif defined(MBEDTLS_HMAC_DRBG_C)
- mbedtls_hmac_drbg_free( &rng->drbg );
+ mbedtls_hmac_drbg_free(&rng->drbg);
#else
#error "No DRBG available"
#endif
- mbedtls_entropy_free( &rng->entropy );
+ mbedtls_entropy_free(&rng->entropy);
#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
}
-int rng_get( void *p_rng, unsigned char *output, size_t output_len )
+int rng_get(void *p_rng, unsigned char *output, size_t output_len)
{
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
(void) p_rng;
- return( mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE,
- output, output_len ) );
+ return mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
+ output, output_len);
#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
rng_context_t *rng = p_rng;
#if defined(MBEDTLS_CTR_DRBG_C)
- return( mbedtls_ctr_drbg_random( &rng->drbg, output, output_len ) );
+ return mbedtls_ctr_drbg_random(&rng->drbg, output, output_len);
#elif defined(MBEDTLS_HMAC_DRBG_C)
- return( mbedtls_hmac_drbg_random( &rng->drbg, output, output_len ) );
+ return mbedtls_hmac_drbg_random(&rng->drbg, output, output_len);
#else
#error "No DRBG available"
#endif
@@ -192,8 +191,8 @@
}
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
-int ca_callback( void *data, mbedtls_x509_crt const *child,
- mbedtls_x509_crt **candidates )
+int ca_callback(void *data, mbedtls_x509_crt const *child,
+ mbedtls_x509_crt **candidates)
{
int ret = 0;
mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
@@ -209,25 +208,21 @@
* and parent `Subject` field or matching key identifiers. */
((void) child);
- first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
- if( first == NULL )
- {
+ first = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
+ if (first == NULL) {
ret = -1;
goto exit;
}
- mbedtls_x509_crt_init( first );
+ mbedtls_x509_crt_init(first);
- if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
- {
+ if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
ret = -1;
goto exit;
}
- while( ca->next != NULL )
- {
+ while (ca->next != NULL) {
ca = ca->next;
- if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
- {
+ if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
ret = -1;
goto exit;
}
@@ -235,122 +230,123 @@
exit:
- if( ret != 0 )
- {
- mbedtls_x509_crt_free( first );
- mbedtls_free( first );
+ if (ret != 0) {
+ mbedtls_x509_crt_free(first);
+ mbedtls_free(first);
first = NULL;
}
*candidates = first;
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-int delayed_recv( void *ctx, unsigned char *buf, size_t len )
+int delayed_recv(void *ctx, unsigned char *buf, size_t len)
{
static int first_try = 1;
int ret;
- if( first_try )
- {
+ if (first_try) {
first_try = 0;
- return( MBEDTLS_ERR_SSL_WANT_READ );
+ return MBEDTLS_ERR_SSL_WANT_READ;
}
- ret = mbedtls_net_recv( ctx, buf, len );
- if( ret != MBEDTLS_ERR_SSL_WANT_READ )
+ ret = mbedtls_net_recv(ctx, buf, len);
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ) {
first_try = 1; /* Next call will be a new operation */
- return( ret );
+ }
+ return ret;
}
-int delayed_send( void *ctx, const unsigned char *buf, size_t len )
+int delayed_send(void *ctx, const unsigned char *buf, size_t len)
{
static int first_try = 1;
int ret;
- if( first_try )
- {
+ if (first_try) {
first_try = 0;
- return( MBEDTLS_ERR_SSL_WANT_WRITE );
+ return MBEDTLS_ERR_SSL_WANT_WRITE;
}
- ret = mbedtls_net_send( ctx, buf, len );
- if( ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ ret = mbedtls_net_send(ctx, buf, len);
+ if (ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
first_try = 1; /* Next call will be a new operation */
- return( ret );
+ }
+ return ret;
}
#if !defined(MBEDTLS_TIMING_C)
-int idle( mbedtls_net_context *fd,
- int idle_reason )
+int idle(mbedtls_net_context *fd,
+ int idle_reason)
#else
-int idle( mbedtls_net_context *fd,
- mbedtls_timing_delay_context *timer,
- int idle_reason )
+int idle(mbedtls_net_context *fd,
+ mbedtls_timing_delay_context *timer,
+ int idle_reason)
#endif
{
int ret;
int poll_type = 0;
- if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE )
+ if (idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE) {
poll_type = MBEDTLS_NET_POLL_WRITE;
- else if( idle_reason == MBEDTLS_ERR_SSL_WANT_READ )
+ } else if (idle_reason == MBEDTLS_ERR_SSL_WANT_READ) {
poll_type = MBEDTLS_NET_POLL_READ;
+ }
#if !defined(MBEDTLS_TIMING_C)
- else
- return( 0 );
+ else {
+ return 0;
+ }
#endif
- while( 1 )
- {
+ while (1) {
/* Check if timer has expired */
#if defined(MBEDTLS_TIMING_C)
- if( timer != NULL &&
- mbedtls_timing_get_delay( timer ) == 2 )
- {
+ if (timer != NULL &&
+ mbedtls_timing_get_delay(timer) == 2) {
break;
}
#endif /* MBEDTLS_TIMING_C */
/* Check if underlying transport became available */
- if( poll_type != 0 )
- {
- ret = mbedtls_net_poll( fd, poll_type, 0 );
- if( ret < 0 )
- return( ret );
- if( ret == poll_type )
+ if (poll_type != 0) {
+ ret = mbedtls_net_poll(fd, poll_type, 0);
+ if (ret < 0) {
+ return ret;
+ }
+ if (ret == poll_type) {
break;
+ }
}
}
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_TEST_HOOKS)
-void test_hooks_init( void )
+void test_hooks_init(void)
{
- mbedtls_test_info_reset( );
+ mbedtls_test_info_reset();
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
- mbedtls_test_mutex_usage_init( );
+ mbedtls_test_mutex_usage_init();
#endif
}
-int test_hooks_failure_detected( void )
+int test_hooks_failure_detected(void)
{
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
/* Errors are reported via mbedtls_test_info. */
- mbedtls_test_mutex_usage_check( );
+ mbedtls_test_mutex_usage_check();
#endif
- if( mbedtls_test_info.result != MBEDTLS_TEST_RESULT_SUCCESS )
- return( 1 );
- return( 0 );
+ if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_SUCCESS) {
+ return 1;
+ }
+ return 0;
}
-void test_hooks_free( void )
+void test_hooks_free(void)
{
}
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index e02cf0a..b6d1995 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -32,13 +32,13 @@
#undef HAVE_RNG
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) || \
- defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) )
+ (defined(MBEDTLS_USE_PSA_CRYPTO) || \
+ defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG))
#define HAVE_RNG
#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
#define HAVE_RNG
#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_HMAC_DRBG_C) && \
- ( defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA512_C) )
+ (defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA512_C))
#define HAVE_RNG
#endif
@@ -88,14 +88,13 @@
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-typedef struct eap_tls_keys
-{
+typedef struct eap_tls_keys {
unsigned char master_secret[48];
unsigned char randbytes[64];
mbedtls_tls_prf_types tls_prf_type;
} eap_tls_keys;
-#if defined( MBEDTLS_SSL_DTLS_SRTP )
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
/* Supported SRTP mode needs a maximum of :
* - 16 bytes for key (AES-128)
@@ -104,8 +103,7 @@
*/
#define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60
-typedef struct dtls_srtp_keys
-{
+typedef struct dtls_srtp_keys {
unsigned char master_secret[48];
unsigned char randbytes[64];
mbedtls_tls_prf_types tls_prf_type;
@@ -115,18 +113,17 @@
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
-typedef struct
-{
+typedef struct {
mbedtls_ssl_context *ssl;
mbedtls_net_context *net;
} io_ctx_t;
-void my_debug( void *ctx, int level,
- const char *file, int line,
- const char *str );
+void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str);
#if defined(MBEDTLS_HAVE_TIME)
-mbedtls_time_t dummy_constant_time( mbedtls_time_t* time );
+mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -156,8 +153,7 @@
/** A context for random number generation (RNG).
*/
-typedef struct
-{
+typedef struct {
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
unsigned char dummy;
#else /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
@@ -177,7 +173,7 @@
* This function only initializes the memory used by the RNG context.
* Before using the RNG, it must be seeded with rng_seed().
*/
-void rng_init( rng_context_t *rng );
+void rng_init(rng_context_t *rng);
/* Seed the random number generator.
*
@@ -193,14 +189,14 @@
*
* return 0 on success, a negative value on error.
*/
-int rng_seed( rng_context_t *rng, int reproducible, const char *pers );
+int rng_seed(rng_context_t *rng, int reproducible, const char *pers);
/** Deinitialize the RNG. Free any embedded resource.
*
* \param rng The RNG context to deinitialize. It must have been
* initialized with rng_init().
*/
-void rng_free( rng_context_t *rng );
+void rng_free(rng_context_t *rng);
/** Generate random data.
*
@@ -215,7 +211,7 @@
* \return \c 0 on success.
* \return An Mbed TLS error code on error.
*/
-int rng_get( void *p_rng, unsigned char *output, size_t output_len );
+int rng_get(void *p_rng, unsigned char *output, size_t output_len);
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/* The test implementation of the PSA external RNG is insecure. When
@@ -226,31 +222,31 @@
#endif
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
-int ca_callback( void *data, mbedtls_x509_crt const *child,
- mbedtls_x509_crt **candidates );
+int ca_callback(void *data, mbedtls_x509_crt const *child,
+ mbedtls_x509_crt **candidates);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
/*
* Test recv/send functions that make sure each try returns
* WANT_READ/WANT_WRITE at least once before succeeding
*/
-int delayed_recv( void *ctx, unsigned char *buf, size_t len );
-int delayed_send( void *ctx, const unsigned char *buf, size_t len );
+int delayed_recv(void *ctx, unsigned char *buf, size_t len);
+int delayed_send(void *ctx, const unsigned char *buf, size_t len);
/*
* Wait for an event from the underlying transport or the timer
* (Used in event-driven IO mode).
*/
-int idle( mbedtls_net_context *fd,
+int idle(mbedtls_net_context *fd,
#if defined(MBEDTLS_TIMING_C)
- mbedtls_timing_delay_context *timer,
+ mbedtls_timing_delay_context *timer,
#endif
- int idle_reason );
+ int idle_reason);
#if defined(MBEDTLS_TEST_HOOKS)
/** Initialize whatever test hooks are enabled by the compile-time
* configuration and make sense for the TLS test programs. */
-void test_hooks_init( void );
+void test_hooks_init(void);
/** Check if any test hooks detected a problem.
*
@@ -268,14 +264,14 @@
* \return Nonzero if a problem was detected.
* \c 0 if no problem was detected.
*/
-int test_hooks_failure_detected( void );
+int test_hooks_failure_detected(void);
/** Free any resources allocated for the sake of test hooks.
*
* Call this at the end of the program so that resource leak analyzers
* don't complain.
*/
-void test_hooks_free( void );
+void test_hooks_free(void);
#endif /* !MBEDTLS_TEST_HOOKS */
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 44e9a58..bbb7046 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -26,10 +26,10 @@
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_TIMING_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_TIMING_C not defined.\n");
- mbedtls_exit( 0 );
+ mbedtls_exit(0);
}
#else
@@ -78,7 +78,7 @@
* block. ptmalloc2/3 (used in gnu libc for instance) uses 2 size_t per block,
* so use that as our baseline.
*/
-#define MEM_BLOCK_OVERHEAD ( 2 * sizeof( size_t ) )
+#define MEM_BLOCK_OVERHEAD (2 * sizeof(size_t))
/*
* Size to use for the alloc buffer if MEMORY_BUFFER_ALLOC_C is defined.
@@ -99,45 +99,45 @@
#if defined(MBEDTLS_ERROR_C)
#define PRINT_ERROR \
- mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \
- mbedtls_printf( "FAILED: %s\n", tmp );
+ mbedtls_strerror(ret, (char *) tmp, sizeof(tmp)); \
+ mbedtls_printf("FAILED: %s\n", tmp);
#else
#define PRINT_ERROR \
- mbedtls_printf( "FAILED: -0x%04x\n", (unsigned int) -ret );
+ mbedtls_printf("FAILED: -0x%04x\n", (unsigned int) -ret);
#endif
-#define TIME_AND_TSC( TITLE, CODE ) \
-do { \
- unsigned long ii, jj, tsc; \
- int ret = 0; \
+#define TIME_AND_TSC(TITLE, CODE) \
+ do { \
+ unsigned long ii, jj, tsc; \
+ int ret = 0; \
\
- mbedtls_printf( HEADER_FORMAT, TITLE ); \
- fflush( stdout ); \
+ mbedtls_printf(HEADER_FORMAT, TITLE); \
+ fflush(stdout); \
\
- mbedtls_set_alarm( 1 ); \
- for( ii = 1; ret == 0 && ! mbedtls_timing_alarmed; ii++ ) \
- { \
- ret = CODE; \
- } \
+ mbedtls_set_alarm(1); \
+ for (ii = 1; ret == 0 && !mbedtls_timing_alarmed; ii++) \
+ { \
+ ret = CODE; \
+ } \
\
- tsc = mbedtls_timing_hardclock(); \
- for( jj = 0; ret == 0 && jj < 1024; jj++ ) \
- { \
- ret = CODE; \
- } \
+ tsc = mbedtls_timing_hardclock(); \
+ for (jj = 0; ret == 0 && jj < 1024; jj++) \
+ { \
+ ret = CODE; \
+ } \
\
- if( ret != 0 ) \
- { \
- PRINT_ERROR; \
- } \
- else \
- { \
- mbedtls_printf( "%9lu KiB/s, %9lu cycles/byte\n", \
- ii * BUFSIZE / 1024, \
- ( mbedtls_timing_hardclock() - tsc ) \
- / ( jj * BUFSIZE ) ); \
- } \
-} while( 0 )
+ if (ret != 0) \
+ { \
+ PRINT_ERROR; \
+ } \
+ else \
+ { \
+ mbedtls_printf("%9lu KiB/s, %9lu cycles/byte\n", \
+ ii * BUFSIZE / 1024, \
+ (mbedtls_timing_hardclock() - tsc) \
+ / (jj * BUFSIZE)); \
+ } \
+ } while (0)
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
@@ -155,88 +155,89 @@
#define MEMORY_MEASURE_INIT \
size_t max_used, max_blocks, max_bytes; \
size_t prv_used, prv_blocks; \
- mbedtls_memory_buffer_alloc_cur_get( &prv_used, &prv_blocks ); \
- mbedtls_memory_buffer_alloc_max_reset( );
+ mbedtls_memory_buffer_alloc_cur_get(&prv_used, &prv_blocks); \
+ mbedtls_memory_buffer_alloc_max_reset();
-#define MEMORY_MEASURE_PRINT( title_len ) \
- mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
+#define MEMORY_MEASURE_PRINT(title_len) \
+ mbedtls_memory_buffer_alloc_max_get(&max_used, &max_blocks); \
ii = TITLE_SPACE > (title_len) ? TITLE_SPACE - (title_len) : 1; \
- while( ii-- ) mbedtls_printf( " " ); \
+ while (ii--) mbedtls_printf(" "); \
max_used -= prv_used; \
max_blocks -= prv_blocks; \
max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \
- mbedtls_printf( "%6u heap bytes", (unsigned) max_bytes );
+ mbedtls_printf("%6u heap bytes", (unsigned) max_bytes);
#else
#define MEMORY_MEASURE_INIT
-#define MEMORY_MEASURE_PRINT( title_len )
+#define MEMORY_MEASURE_PRINT(title_len)
#endif
-#define TIME_PUBLIC( TITLE, TYPE, CODE ) \
-do { \
- unsigned long ii; \
- int ret; \
- MEMORY_MEASURE_INIT; \
+#define TIME_PUBLIC(TITLE, TYPE, CODE) \
+ do { \
+ unsigned long ii; \
+ int ret; \
+ MEMORY_MEASURE_INIT; \
\
- mbedtls_printf( HEADER_FORMAT, TITLE ); \
- fflush( stdout ); \
- mbedtls_set_alarm( 3 ); \
+ mbedtls_printf(HEADER_FORMAT, TITLE); \
+ fflush(stdout); \
+ mbedtls_set_alarm(3); \
\
- ret = 0; \
- for( ii = 1; ! mbedtls_timing_alarmed && ! ret ; ii++ ) \
- { \
- CODE; \
- } \
+ ret = 0; \
+ for (ii = 1; !mbedtls_timing_alarmed && !ret; ii++) \
+ { \
+ CODE; \
+ } \
\
- if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ) \
- { \
- mbedtls_printf( "Feature Not Supported. Skipping.\n" ); \
- ret = 0; \
- } \
- else if( ret != 0 ) \
- { \
- PRINT_ERROR; \
- } \
- else \
- { \
- mbedtls_printf( "%6lu " TYPE "/s", ii / 3 ); \
- MEMORY_MEASURE_PRINT( sizeof( TYPE ) + 1 ); \
- mbedtls_printf( "\n" ); \
- } \
-} while( 0 )
+ if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) \
+ { \
+ mbedtls_printf("Feature Not Supported. Skipping.\n"); \
+ ret = 0; \
+ } \
+ else if (ret != 0) \
+ { \
+ PRINT_ERROR; \
+ } \
+ else \
+ { \
+ mbedtls_printf("%6lu " TYPE "/s", ii / 3); \
+ MEMORY_MEASURE_PRINT(sizeof(TYPE) + 1); \
+ mbedtls_printf("\n"); \
+ } \
+ } while (0)
-static int myrand( void *rng_state, unsigned char *output, size_t len )
+static int myrand(void *rng_state, unsigned char *output, size_t len)
{
size_t use_len;
int rnd;
- if( rng_state != NULL )
+ if (rng_state != NULL) {
rng_state = NULL;
+ }
- while( len > 0 )
- {
+ while (len > 0) {
use_len = len;
- if( use_len > sizeof(int) )
+ if (use_len > sizeof(int)) {
use_len = sizeof(int);
+ }
rnd = rand();
- memcpy( output, &rnd, use_len );
+ memcpy(output, &rnd, use_len);
output += use_len;
len -= use_len;
}
- return( 0 );
+ return 0;
}
-#define CHECK_AND_CONTINUE( R ) \
+#define CHECK_AND_CONTINUE(R) \
{ \
- int CHECK_AND_CONTINUE_ret = ( R ); \
- if( CHECK_AND_CONTINUE_ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ) { \
- mbedtls_printf( "Feature not supported. Skipping.\n" ); \
+ int CHECK_AND_CONTINUE_ret = (R); \
+ if (CHECK_AND_CONTINUE_ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) { \
+ mbedtls_printf("Feature not supported. Skipping.\n"); \
continue; \
} \
- else if( CHECK_AND_CONTINUE_ret != 0 ) { \
- mbedtls_exit( 1 ); \
+ else if (CHECK_AND_CONTINUE_ret != 0) { \
+ mbedtls_exit(1); \
} \
}
@@ -244,34 +245,33 @@
* Clear some memory that was used to prepare the context
*/
#if defined(MBEDTLS_ECP_C)
-void ecp_clear_precomputed( mbedtls_ecp_group *grp )
+void ecp_clear_precomputed(mbedtls_ecp_group *grp)
{
- if( grp->T != NULL )
- {
+ if (grp->T != NULL) {
size_t i;
- for( i = 0; i < grp->T_size; i++ )
- mbedtls_ecp_point_free( &grp->T[i] );
- mbedtls_free( grp->T );
+ for (i = 0; i < grp->T_size; i++) {
+ mbedtls_ecp_point_free(&grp->T[i]);
+ }
+ mbedtls_free(grp->T);
}
grp->T = NULL;
grp->T_size = 0;
}
#else
-#define ecp_clear_precomputed( g )
+#define ecp_clear_precomputed(g)
#endif
#if defined(MBEDTLS_ECP_C)
-static int set_ecp_curve( const char *string, mbedtls_ecp_curve_info *curve )
+static int set_ecp_curve(const char *string, mbedtls_ecp_curve_info *curve)
{
const mbedtls_ecp_curve_info *found =
- mbedtls_ecp_curve_info_from_name( string );
- if( found != NULL )
- {
+ mbedtls_ecp_curve_info_from_name(string);
+ if (found != NULL) {
*curve = *found;
- return( 1 );
+ return 1;
+ } else {
+ return 0;
}
- else
- return( 0 );
}
#endif
@@ -289,7 +289,7 @@
} todo_list;
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int i;
unsigned char tmp[200];
@@ -303,514 +303,498 @@
{ MBEDTLS_ECP_DP_NONE, 0, 0, NULL },
{ MBEDTLS_ECP_DP_NONE, 0, 0, NULL },
};
- const mbedtls_ecp_curve_info *curve_list = mbedtls_ecp_curve_list( );
+ const mbedtls_ecp_curve_info *curve_list = mbedtls_ecp_curve_list();
#endif
#if defined(MBEDTLS_ECP_C)
(void) curve_list; /* Unused in some configurations where no benchmark uses ECC */
#endif
- if( argc <= 1 )
- {
- memset( &todo, 1, sizeof( todo ) );
- }
- else
- {
- memset( &todo, 0, sizeof( todo ) );
+ if (argc <= 1) {
+ memset(&todo, 1, sizeof(todo));
+ } else {
+ memset(&todo, 0, sizeof(todo));
- for( i = 1; i < argc; i++ )
- {
- if( strcmp( argv[i], "md4" ) == 0 )
+ for (i = 1; i < argc; i++) {
+ if (strcmp(argv[i], "md4") == 0) {
todo.md4 = 1;
- else if( strcmp( argv[i], "md5" ) == 0 )
+ } else if (strcmp(argv[i], "md5") == 0) {
todo.md5 = 1;
- else if( strcmp( argv[i], "ripemd160" ) == 0 )
+ } else if (strcmp(argv[i], "ripemd160") == 0) {
todo.ripemd160 = 1;
- else if( strcmp( argv[i], "sha1" ) == 0 )
+ } else if (strcmp(argv[i], "sha1") == 0) {
todo.sha1 = 1;
- else if( strcmp( argv[i], "sha256" ) == 0 )
+ } else if (strcmp(argv[i], "sha256") == 0) {
todo.sha256 = 1;
- else if( strcmp( argv[i], "sha512" ) == 0 )
+ } else if (strcmp(argv[i], "sha512") == 0) {
todo.sha512 = 1;
- else if( strcmp( argv[i], "arc4" ) == 0 )
+ } else if (strcmp(argv[i], "arc4") == 0) {
todo.arc4 = 1;
- else if( strcmp( argv[i], "des3" ) == 0 )
+ } else if (strcmp(argv[i], "des3") == 0) {
todo.des3 = 1;
- else if( strcmp( argv[i], "des" ) == 0 )
+ } else if (strcmp(argv[i], "des") == 0) {
todo.des = 1;
- else if( strcmp( argv[i], "aes_cbc" ) == 0 )
+ } else if (strcmp(argv[i], "aes_cbc") == 0) {
todo.aes_cbc = 1;
- else if( strcmp( argv[i], "aes_xts" ) == 0 )
+ } else if (strcmp(argv[i], "aes_xts") == 0) {
todo.aes_xts = 1;
- else if( strcmp( argv[i], "aes_gcm" ) == 0 )
+ } else if (strcmp(argv[i], "aes_gcm") == 0) {
todo.aes_gcm = 1;
- else if( strcmp( argv[i], "aes_ccm" ) == 0 )
+ } else if (strcmp(argv[i], "aes_ccm") == 0) {
todo.aes_ccm = 1;
- else if( strcmp( argv[i], "chachapoly" ) == 0 )
+ } else if (strcmp(argv[i], "chachapoly") == 0) {
todo.chachapoly = 1;
- else if( strcmp( argv[i], "aes_cmac" ) == 0 )
+ } else if (strcmp(argv[i], "aes_cmac") == 0) {
todo.aes_cmac = 1;
- else if( strcmp( argv[i], "des3_cmac" ) == 0 )
+ } else if (strcmp(argv[i], "des3_cmac") == 0) {
todo.des3_cmac = 1;
- else if( strcmp( argv[i], "aria" ) == 0 )
+ } else if (strcmp(argv[i], "aria") == 0) {
todo.aria = 1;
- else if( strcmp( argv[i], "camellia" ) == 0 )
+ } else if (strcmp(argv[i], "camellia") == 0) {
todo.camellia = 1;
- else if( strcmp( argv[i], "blowfish" ) == 0 )
+ } else if (strcmp(argv[i], "blowfish") == 0) {
todo.blowfish = 1;
- else if( strcmp( argv[i], "chacha20" ) == 0 )
+ } else if (strcmp(argv[i], "chacha20") == 0) {
todo.chacha20 = 1;
- else if( strcmp( argv[i], "poly1305" ) == 0 )
+ } else if (strcmp(argv[i], "poly1305") == 0) {
todo.poly1305 = 1;
- else if( strcmp( argv[i], "havege" ) == 0 )
+ } else if (strcmp(argv[i], "havege") == 0) {
todo.havege = 1;
- else if( strcmp( argv[i], "ctr_drbg" ) == 0 )
+ } else if (strcmp(argv[i], "ctr_drbg") == 0) {
todo.ctr_drbg = 1;
- else if( strcmp( argv[i], "hmac_drbg" ) == 0 )
+ } else if (strcmp(argv[i], "hmac_drbg") == 0) {
todo.hmac_drbg = 1;
- else if( strcmp( argv[i], "rsa" ) == 0 )
+ } else if (strcmp(argv[i], "rsa") == 0) {
todo.rsa = 1;
- else if( strcmp( argv[i], "dhm" ) == 0 )
+ } else if (strcmp(argv[i], "dhm") == 0) {
todo.dhm = 1;
- else if( strcmp( argv[i], "ecdsa" ) == 0 )
+ } else if (strcmp(argv[i], "ecdsa") == 0) {
todo.ecdsa = 1;
- else if( strcmp( argv[i], "ecdh" ) == 0 )
+ } else if (strcmp(argv[i], "ecdh") == 0) {
todo.ecdh = 1;
+ }
#if defined(MBEDTLS_ECP_C)
- else if( set_ecp_curve( argv[i], single_curve ) )
+ else if (set_ecp_curve(argv[i], single_curve)) {
curve_list = single_curve;
+ }
#endif
- else
- {
- mbedtls_printf( "Unrecognized option: %s\n", argv[i] );
- mbedtls_printf( "Available options: " OPTIONS );
+ else {
+ mbedtls_printf("Unrecognized option: %s\n", argv[i]);
+ mbedtls_printf("Available options: " OPTIONS);
}
}
}
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
- mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof( alloc_buf ) );
+ mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
#endif
- memset( buf, 0xAA, sizeof( buf ) );
- memset( tmp, 0xBB, sizeof( tmp ) );
+ memset(buf, 0xAA, sizeof(buf));
+ memset(tmp, 0xBB, sizeof(tmp));
#if defined(MBEDTLS_MD4_C)
- if( todo.md4 )
- TIME_AND_TSC( "MD4", mbedtls_md4_ret( buf, BUFSIZE, tmp ) );
+ if (todo.md4) {
+ TIME_AND_TSC("MD4", mbedtls_md4_ret(buf, BUFSIZE, tmp));
+ }
#endif
#if defined(MBEDTLS_MD5_C)
- if( todo.md5 )
- TIME_AND_TSC( "MD5", mbedtls_md5_ret( buf, BUFSIZE, tmp ) );
+ if (todo.md5) {
+ TIME_AND_TSC("MD5", mbedtls_md5_ret(buf, BUFSIZE, tmp));
+ }
#endif
#if defined(MBEDTLS_RIPEMD160_C)
- if( todo.ripemd160 )
- TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160_ret( buf, BUFSIZE, tmp ) );
+ if (todo.ripemd160) {
+ TIME_AND_TSC("RIPEMD160", mbedtls_ripemd160_ret(buf, BUFSIZE, tmp));
+ }
#endif
#if defined(MBEDTLS_SHA1_C)
- if( todo.sha1 )
- TIME_AND_TSC( "SHA-1", mbedtls_sha1_ret( buf, BUFSIZE, tmp ) );
+ if (todo.sha1) {
+ TIME_AND_TSC("SHA-1", mbedtls_sha1_ret(buf, BUFSIZE, tmp));
+ }
#endif
#if defined(MBEDTLS_SHA256_C)
- if( todo.sha256 )
- TIME_AND_TSC( "SHA-256", mbedtls_sha256_ret( buf, BUFSIZE, tmp, 0 ) );
+ if (todo.sha256) {
+ TIME_AND_TSC("SHA-256", mbedtls_sha256_ret(buf, BUFSIZE, tmp, 0));
+ }
#endif
#if defined(MBEDTLS_SHA512_C)
- if( todo.sha512 )
- TIME_AND_TSC( "SHA-512", mbedtls_sha512_ret( buf, BUFSIZE, tmp, 0 ) );
+ if (todo.sha512) {
+ TIME_AND_TSC("SHA-512", mbedtls_sha512_ret(buf, BUFSIZE, tmp, 0));
+ }
#endif
#if defined(MBEDTLS_ARC4_C)
- if( todo.arc4 )
- {
+ if (todo.arc4) {
mbedtls_arc4_context arc4;
- mbedtls_arc4_init( &arc4 );
- mbedtls_arc4_setup( &arc4, tmp, 32 );
- TIME_AND_TSC( "ARC4", mbedtls_arc4_crypt( &arc4, BUFSIZE, buf, buf ) );
- mbedtls_arc4_free( &arc4 );
+ mbedtls_arc4_init(&arc4);
+ mbedtls_arc4_setup(&arc4, tmp, 32);
+ TIME_AND_TSC("ARC4", mbedtls_arc4_crypt(&arc4, BUFSIZE, buf, buf));
+ mbedtls_arc4_free(&arc4);
}
#endif
#if defined(MBEDTLS_DES_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- if( todo.des3 )
- {
+ if (todo.des3) {
mbedtls_des3_context des3;
- mbedtls_des3_init( &des3 );
- if( mbedtls_des3_set3key_enc( &des3, tmp ) != 0 )
- mbedtls_exit( 1 );
- TIME_AND_TSC( "3DES",
- mbedtls_des3_crypt_cbc( &des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
- mbedtls_des3_free( &des3 );
+ mbedtls_des3_init(&des3);
+ if (mbedtls_des3_set3key_enc(&des3, tmp) != 0) {
+ mbedtls_exit(1);
+ }
+ TIME_AND_TSC("3DES",
+ mbedtls_des3_crypt_cbc(&des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf));
+ mbedtls_des3_free(&des3);
}
- if( todo.des )
- {
+ if (todo.des) {
mbedtls_des_context des;
- mbedtls_des_init( &des );
- if( mbedtls_des_setkey_enc( &des, tmp ) != 0 )
- mbedtls_exit( 1 );
- TIME_AND_TSC( "DES",
- mbedtls_des_crypt_cbc( &des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
- mbedtls_des_free( &des );
+ mbedtls_des_init(&des);
+ if (mbedtls_des_setkey_enc(&des, tmp) != 0) {
+ mbedtls_exit(1);
+ }
+ TIME_AND_TSC("DES",
+ mbedtls_des_crypt_cbc(&des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf));
+ mbedtls_des_free(&des);
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CMAC_C)
- if( todo.des3_cmac )
- {
+ if (todo.des3_cmac) {
unsigned char output[8];
const mbedtls_cipher_info_t *cipher_info;
- memset( buf, 0, sizeof( buf ) );
- memset( tmp, 0, sizeof( tmp ) );
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
- cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_DES_EDE3_ECB );
+ cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_EDE3_ECB);
- TIME_AND_TSC( "3DES-CMAC",
- mbedtls_cipher_cmac( cipher_info, tmp, 192, buf,
- BUFSIZE, output ) );
+ TIME_AND_TSC("3DES-CMAC",
+ mbedtls_cipher_cmac(cipher_info, tmp, 192, buf,
+ BUFSIZE, output));
}
#endif /* MBEDTLS_CMAC_C */
#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_AES_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- if( todo.aes_cbc )
- {
+ if (todo.aes_cbc) {
int keysize;
mbedtls_aes_context aes;
- mbedtls_aes_init( &aes );
- for( keysize = 128; keysize <= 256; keysize += 64 )
- {
- mbedtls_snprintf( title, sizeof( title ), "AES-CBC-%d", keysize );
+ mbedtls_aes_init(&aes);
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "AES-CBC-%d", keysize);
- memset( buf, 0, sizeof( buf ) );
- memset( tmp, 0, sizeof( tmp ) );
- CHECK_AND_CONTINUE( mbedtls_aes_setkey_enc( &aes, tmp, keysize ) );
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize));
- TIME_AND_TSC( title,
- mbedtls_aes_crypt_cbc( &aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
+ TIME_AND_TSC(title,
+ mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf));
}
- mbedtls_aes_free( &aes );
+ mbedtls_aes_free(&aes);
}
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
- if( todo.aes_xts )
- {
+ if (todo.aes_xts) {
int keysize;
mbedtls_aes_xts_context ctx;
- mbedtls_aes_xts_init( &ctx );
- for( keysize = 128; keysize <= 256; keysize += 128 )
- {
- mbedtls_snprintf( title, sizeof( title ), "AES-XTS-%d", keysize );
+ mbedtls_aes_xts_init(&ctx);
+ for (keysize = 128; keysize <= 256; keysize += 128) {
+ mbedtls_snprintf(title, sizeof(title), "AES-XTS-%d", keysize);
- memset( buf, 0, sizeof( buf ) );
- memset( tmp, 0, sizeof( tmp ) );
- CHECK_AND_CONTINUE( mbedtls_aes_xts_setkey_enc( &ctx, tmp, keysize * 2 ) );
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ CHECK_AND_CONTINUE(mbedtls_aes_xts_setkey_enc(&ctx, tmp, keysize * 2));
- TIME_AND_TSC( title,
- mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, BUFSIZE,
- tmp, buf, buf ) );
+ TIME_AND_TSC(title,
+ mbedtls_aes_crypt_xts(&ctx, MBEDTLS_AES_ENCRYPT, BUFSIZE,
+ tmp, buf, buf));
- mbedtls_aes_xts_free( &ctx );
+ mbedtls_aes_xts_free(&ctx);
}
}
#endif
#if defined(MBEDTLS_GCM_C)
- if( todo.aes_gcm )
- {
+ if (todo.aes_gcm) {
int keysize;
mbedtls_gcm_context gcm;
- mbedtls_gcm_init( &gcm );
- for( keysize = 128; keysize <= 256; keysize += 64 )
- {
- mbedtls_snprintf( title, sizeof( title ), "AES-GCM-%d", keysize );
+ mbedtls_gcm_init(&gcm);
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "AES-GCM-%d", keysize);
- memset( buf, 0, sizeof( buf ) );
- memset( tmp, 0, sizeof( tmp ) );
- mbedtls_gcm_setkey( &gcm, MBEDTLS_CIPHER_ID_AES, tmp, keysize );
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ mbedtls_gcm_setkey(&gcm, MBEDTLS_CIPHER_ID_AES, tmp, keysize);
- TIME_AND_TSC( title,
- mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_ENCRYPT, BUFSIZE, tmp,
- 12, NULL, 0, buf, buf, 16, tmp ) );
+ TIME_AND_TSC(title,
+ mbedtls_gcm_crypt_and_tag(&gcm, MBEDTLS_GCM_ENCRYPT, BUFSIZE, tmp,
+ 12, NULL, 0, buf, buf, 16, tmp));
- mbedtls_gcm_free( &gcm );
+ mbedtls_gcm_free(&gcm);
}
}
#endif
#if defined(MBEDTLS_CCM_C)
- if( todo.aes_ccm )
- {
+ if (todo.aes_ccm) {
int keysize;
mbedtls_ccm_context ccm;
- mbedtls_ccm_init( &ccm );
- for( keysize = 128; keysize <= 256; keysize += 64 )
- {
- mbedtls_snprintf( title, sizeof( title ), "AES-CCM-%d", keysize );
+ mbedtls_ccm_init(&ccm);
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "AES-CCM-%d", keysize);
- memset( buf, 0, sizeof( buf ) );
- memset( tmp, 0, sizeof( tmp ) );
- mbedtls_ccm_setkey( &ccm, MBEDTLS_CIPHER_ID_AES, tmp, keysize );
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ mbedtls_ccm_setkey(&ccm, MBEDTLS_CIPHER_ID_AES, tmp, keysize);
- TIME_AND_TSC( title,
- mbedtls_ccm_encrypt_and_tag( &ccm, BUFSIZE, tmp,
- 12, NULL, 0, buf, buf, tmp, 16 ) );
+ TIME_AND_TSC(title,
+ mbedtls_ccm_encrypt_and_tag(&ccm, BUFSIZE, tmp,
+ 12, NULL, 0, buf, buf, tmp, 16));
- mbedtls_ccm_free( &ccm );
+ mbedtls_ccm_free(&ccm);
}
}
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
- if( todo.chachapoly )
- {
+ if (todo.chachapoly) {
mbedtls_chachapoly_context chachapoly;
- mbedtls_chachapoly_init( &chachapoly );
- memset( buf, 0, sizeof( buf ) );
- memset( tmp, 0, sizeof( tmp ) );
+ mbedtls_chachapoly_init(&chachapoly);
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
- mbedtls_snprintf( title, sizeof( title ), "ChaCha20-Poly1305" );
+ mbedtls_snprintf(title, sizeof(title), "ChaCha20-Poly1305");
- mbedtls_chachapoly_setkey( &chachapoly, tmp );
+ mbedtls_chachapoly_setkey(&chachapoly, tmp);
- TIME_AND_TSC( title,
- mbedtls_chachapoly_encrypt_and_tag( &chachapoly,
- BUFSIZE, tmp, NULL, 0, buf, buf, tmp ) );
+ TIME_AND_TSC(title,
+ mbedtls_chachapoly_encrypt_and_tag(&chachapoly,
+ BUFSIZE, tmp, NULL, 0, buf, buf, tmp));
- mbedtls_chachapoly_free( &chachapoly );
+ mbedtls_chachapoly_free(&chachapoly);
}
#endif
#if defined(MBEDTLS_CMAC_C)
- if( todo.aes_cmac )
- {
+ if (todo.aes_cmac) {
unsigned char output[16];
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_type_t cipher_type;
int keysize;
- for( keysize = 128, cipher_type = MBEDTLS_CIPHER_AES_128_ECB;
+ for (keysize = 128, cipher_type = MBEDTLS_CIPHER_AES_128_ECB;
keysize <= 256;
- keysize += 64, cipher_type++ )
- {
- mbedtls_snprintf( title, sizeof( title ), "AES-CMAC-%d", keysize );
+ keysize += 64, cipher_type++) {
+ mbedtls_snprintf(title, sizeof(title), "AES-CMAC-%d", keysize);
- memset( buf, 0, sizeof( buf ) );
- memset( tmp, 0, sizeof( tmp ) );
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
- cipher_info = mbedtls_cipher_info_from_type( cipher_type );
+ cipher_info = mbedtls_cipher_info_from_type(cipher_type);
- TIME_AND_TSC( title,
- mbedtls_cipher_cmac( cipher_info, tmp, keysize,
- buf, BUFSIZE, output ) );
+ TIME_AND_TSC(title,
+ mbedtls_cipher_cmac(cipher_info, tmp, keysize,
+ buf, BUFSIZE, output));
}
- memset( buf, 0, sizeof( buf ) );
- memset( tmp, 0, sizeof( tmp ) );
- TIME_AND_TSC( "AES-CMAC-PRF-128",
- mbedtls_aes_cmac_prf_128( tmp, 16, buf, BUFSIZE,
- output ) );
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ TIME_AND_TSC("AES-CMAC-PRF-128",
+ mbedtls_aes_cmac_prf_128(tmp, 16, buf, BUFSIZE,
+ output));
}
#endif /* MBEDTLS_CMAC_C */
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_ARIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
- if( todo.aria )
- {
+ if (todo.aria) {
int keysize;
mbedtls_aria_context aria;
- mbedtls_aria_init( &aria );
- for( keysize = 128; keysize <= 256; keysize += 64 )
- {
- mbedtls_snprintf( title, sizeof( title ), "ARIA-CBC-%d", keysize );
+ mbedtls_aria_init(&aria);
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "ARIA-CBC-%d", keysize);
- memset( buf, 0, sizeof( buf ) );
- memset( tmp, 0, sizeof( tmp ) );
- mbedtls_aria_setkey_enc( &aria, tmp, keysize );
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ mbedtls_aria_setkey_enc(&aria, tmp, keysize);
- TIME_AND_TSC( title,
- mbedtls_aria_crypt_cbc( &aria, MBEDTLS_ARIA_ENCRYPT,
- BUFSIZE, tmp, buf, buf ) );
+ TIME_AND_TSC(title,
+ mbedtls_aria_crypt_cbc(&aria, MBEDTLS_ARIA_ENCRYPT,
+ BUFSIZE, tmp, buf, buf));
}
- mbedtls_aria_free( &aria );
+ mbedtls_aria_free(&aria);
}
#endif
#if defined(MBEDTLS_CAMELLIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
- if( todo.camellia )
- {
+ if (todo.camellia) {
int keysize;
mbedtls_camellia_context camellia;
- mbedtls_camellia_init( &camellia );
- for( keysize = 128; keysize <= 256; keysize += 64 )
- {
- mbedtls_snprintf( title, sizeof( title ), "CAMELLIA-CBC-%d", keysize );
+ mbedtls_camellia_init(&camellia);
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "CAMELLIA-CBC-%d", keysize);
- memset( buf, 0, sizeof( buf ) );
- memset( tmp, 0, sizeof( tmp ) );
- mbedtls_camellia_setkey_enc( &camellia, tmp, keysize );
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ mbedtls_camellia_setkey_enc(&camellia, tmp, keysize);
- TIME_AND_TSC( title,
- mbedtls_camellia_crypt_cbc( &camellia, MBEDTLS_CAMELLIA_ENCRYPT,
- BUFSIZE, tmp, buf, buf ) );
+ TIME_AND_TSC(title,
+ mbedtls_camellia_crypt_cbc(&camellia, MBEDTLS_CAMELLIA_ENCRYPT,
+ BUFSIZE, tmp, buf, buf));
}
- mbedtls_camellia_free( &camellia );
+ mbedtls_camellia_free(&camellia);
}
#endif
#if defined(MBEDTLS_CHACHA20_C)
- if ( todo.chacha20 )
- {
- TIME_AND_TSC( "ChaCha20", mbedtls_chacha20_crypt( buf, buf, 0U, BUFSIZE, buf, buf ) );
+ if (todo.chacha20) {
+ TIME_AND_TSC("ChaCha20", mbedtls_chacha20_crypt(buf, buf, 0U, BUFSIZE, buf, buf));
}
#endif
#if defined(MBEDTLS_POLY1305_C)
- if ( todo.poly1305 )
- {
- TIME_AND_TSC( "Poly1305", mbedtls_poly1305_mac( buf, buf, BUFSIZE, buf ) );
+ if (todo.poly1305) {
+ TIME_AND_TSC("Poly1305", mbedtls_poly1305_mac(buf, buf, BUFSIZE, buf));
}
#endif
#if defined(MBEDTLS_BLOWFISH_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
- if( todo.blowfish )
- {
+ if (todo.blowfish) {
int keysize;
mbedtls_blowfish_context blowfish;
- mbedtls_blowfish_init( &blowfish );
+ mbedtls_blowfish_init(&blowfish);
- for( keysize = 128; keysize <= 256; keysize += 64 )
- {
- mbedtls_snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize );
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "BLOWFISH-CBC-%d", keysize);
- memset( buf, 0, sizeof( buf ) );
- memset( tmp, 0, sizeof( tmp ) );
- mbedtls_blowfish_setkey( &blowfish, tmp, keysize );
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ mbedtls_blowfish_setkey(&blowfish, tmp, keysize);
- TIME_AND_TSC( title,
- mbedtls_blowfish_crypt_cbc( &blowfish, MBEDTLS_BLOWFISH_ENCRYPT, BUFSIZE,
- tmp, buf, buf ) );
+ TIME_AND_TSC(title,
+ mbedtls_blowfish_crypt_cbc(&blowfish, MBEDTLS_BLOWFISH_ENCRYPT, BUFSIZE,
+ tmp, buf, buf));
}
- mbedtls_blowfish_free( &blowfish );
+ mbedtls_blowfish_free(&blowfish);
}
#endif
#if defined(MBEDTLS_HAVEGE_C)
- if( todo.havege )
- {
+ if (todo.havege) {
mbedtls_havege_state hs;
- mbedtls_havege_init( &hs );
- TIME_AND_TSC( "HAVEGE", mbedtls_havege_random( &hs, buf, BUFSIZE ) );
- mbedtls_havege_free( &hs );
+ mbedtls_havege_init(&hs);
+ TIME_AND_TSC("HAVEGE", mbedtls_havege_random(&hs, buf, BUFSIZE));
+ mbedtls_havege_free(&hs);
}
#endif
#if defined(MBEDTLS_CTR_DRBG_C)
- if( todo.ctr_drbg )
- {
+ if (todo.ctr_drbg) {
mbedtls_ctr_drbg_context ctr_drbg;
- mbedtls_ctr_drbg_init( &ctr_drbg );
- if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ if (mbedtls_ctr_drbg_seed(&ctr_drbg, myrand, NULL, NULL, 0) != 0) {
mbedtls_exit(1);
- TIME_AND_TSC( "CTR_DRBG (NOPR)",
- mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) );
- mbedtls_ctr_drbg_free( &ctr_drbg );
+ }
+ TIME_AND_TSC("CTR_DRBG (NOPR)",
+ mbedtls_ctr_drbg_random(&ctr_drbg, buf, BUFSIZE));
+ mbedtls_ctr_drbg_free(&ctr_drbg);
- mbedtls_ctr_drbg_init( &ctr_drbg );
- if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ if (mbedtls_ctr_drbg_seed(&ctr_drbg, myrand, NULL, NULL, 0) != 0) {
mbedtls_exit(1);
- mbedtls_ctr_drbg_set_prediction_resistance( &ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON );
- TIME_AND_TSC( "CTR_DRBG (PR)",
- mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) );
- mbedtls_ctr_drbg_free( &ctr_drbg );
+ }
+ mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON);
+ TIME_AND_TSC("CTR_DRBG (PR)",
+ mbedtls_ctr_drbg_random(&ctr_drbg, buf, BUFSIZE));
+ mbedtls_ctr_drbg_free(&ctr_drbg);
}
#endif
#if defined(MBEDTLS_HMAC_DRBG_C) && \
- ( defined(MBEDTLS_SHA1_C) || defined(MBEDTLS_SHA256_C) )
- if( todo.hmac_drbg )
- {
+ (defined(MBEDTLS_SHA1_C) || defined(MBEDTLS_SHA256_C))
+ if (todo.hmac_drbg) {
mbedtls_hmac_drbg_context hmac_drbg;
const mbedtls_md_info_t *md_info;
- mbedtls_hmac_drbg_init( &hmac_drbg );
+ mbedtls_hmac_drbg_init(&hmac_drbg);
#if defined(MBEDTLS_SHA1_C)
- if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL )
+ if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1)) == NULL) {
mbedtls_exit(1);
+ }
- if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
+ if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) {
mbedtls_exit(1);
- TIME_AND_TSC( "HMAC_DRBG SHA-1 (NOPR)",
- mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) );
+ }
+ TIME_AND_TSC("HMAC_DRBG SHA-1 (NOPR)",
+ mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE));
- if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
+ if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) {
mbedtls_exit(1);
- mbedtls_hmac_drbg_set_prediction_resistance( &hmac_drbg,
- MBEDTLS_HMAC_DRBG_PR_ON );
- TIME_AND_TSC( "HMAC_DRBG SHA-1 (PR)",
- mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) );
+ }
+ mbedtls_hmac_drbg_set_prediction_resistance(&hmac_drbg,
+ MBEDTLS_HMAC_DRBG_PR_ON);
+ TIME_AND_TSC("HMAC_DRBG SHA-1 (PR)",
+ mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE));
#endif
#if defined(MBEDTLS_SHA256_C)
- if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ) ) == NULL )
+ if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)) == NULL) {
mbedtls_exit(1);
+ }
- if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
+ if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) {
mbedtls_exit(1);
- TIME_AND_TSC( "HMAC_DRBG SHA-256 (NOPR)",
- mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) );
+ }
+ TIME_AND_TSC("HMAC_DRBG SHA-256 (NOPR)",
+ mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE));
- if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
+ if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) {
mbedtls_exit(1);
- mbedtls_hmac_drbg_set_prediction_resistance( &hmac_drbg,
- MBEDTLS_HMAC_DRBG_PR_ON );
- TIME_AND_TSC( "HMAC_DRBG SHA-256 (PR)",
- mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) );
+ }
+ mbedtls_hmac_drbg_set_prediction_resistance(&hmac_drbg,
+ MBEDTLS_HMAC_DRBG_PR_ON);
+ TIME_AND_TSC("HMAC_DRBG SHA-256 (PR)",
+ mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE));
#endif
- mbedtls_hmac_drbg_free( &hmac_drbg );
+ mbedtls_hmac_drbg_free(&hmac_drbg);
}
#endif /* MBEDTLS_HMAC_DRBG_C && ( MBEDTLS_SHA1_C || MBEDTLS_SHA256_C ) */
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
- if( todo.rsa )
- {
+ if (todo.rsa) {
int keysize;
mbedtls_rsa_context rsa;
- for( keysize = 2048; keysize <= 4096; keysize *= 2 )
- {
- mbedtls_snprintf( title, sizeof( title ), "RSA-%d", keysize );
+ for (keysize = 2048; keysize <= 4096; keysize *= 2) {
+ mbedtls_snprintf(title, sizeof(title), "RSA-%d", keysize);
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
- mbedtls_rsa_gen_key( &rsa, myrand, NULL, keysize, 65537 );
+ mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0);
+ mbedtls_rsa_gen_key(&rsa, myrand, NULL, keysize, 65537);
- TIME_PUBLIC( title, " public",
- buf[0] = 0;
- ret = mbedtls_rsa_public( &rsa, buf, buf ) );
+ TIME_PUBLIC(title, " public",
+ buf[0] = 0;
+ ret = mbedtls_rsa_public(&rsa, buf, buf));
- TIME_PUBLIC( title, "private",
- buf[0] = 0;
- ret = mbedtls_rsa_private( &rsa, myrand, NULL, buf, buf ) );
+ TIME_PUBLIC(title, "private",
+ buf[0] = 0;
+ ret = mbedtls_rsa_private(&rsa, myrand, NULL, buf, buf));
- mbedtls_rsa_free( &rsa );
+ mbedtls_rsa_free(&rsa);
}
}
#endif
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_BIGNUM_C)
- if( todo.dhm )
- {
+ if (todo.dhm) {
int dhm_sizes[] = { 2048, 3072 };
static const unsigned char dhm_P_2048[] =
MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
@@ -822,109 +806,110 @@
MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN;
const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 };
- const size_t dhm_P_size[] = { sizeof( dhm_P_2048 ),
- sizeof( dhm_P_3072 ) };
+ const size_t dhm_P_size[] = { sizeof(dhm_P_2048),
+ sizeof(dhm_P_3072) };
const unsigned char *dhm_G[] = { dhm_G_2048, dhm_G_3072 };
- const size_t dhm_G_size[] = { sizeof( dhm_G_2048 ),
- sizeof( dhm_G_3072 ) };
+ const size_t dhm_G_size[] = { sizeof(dhm_G_2048),
+ sizeof(dhm_G_3072) };
mbedtls_dhm_context dhm;
size_t olen;
- for( i = 0; (size_t) i < sizeof( dhm_sizes ) / sizeof( dhm_sizes[0] ); i++ )
- {
- mbedtls_dhm_init( &dhm );
+ for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) {
+ mbedtls_dhm_init(&dhm);
- if( mbedtls_mpi_read_binary( &dhm.P, dhm_P[i],
- dhm_P_size[i] ) != 0 ||
- mbedtls_mpi_read_binary( &dhm.G, dhm_G[i],
- dhm_G_size[i] ) != 0 )
- {
- mbedtls_exit( 1 );
+ if (mbedtls_mpi_read_binary(&dhm.P, dhm_P[i],
+ dhm_P_size[i]) != 0 ||
+ mbedtls_mpi_read_binary(&dhm.G, dhm_G[i],
+ dhm_G_size[i]) != 0) {
+ mbedtls_exit(1);
}
- dhm.len = mbedtls_mpi_size( &dhm.P );
- mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len, myrand, NULL );
- if( mbedtls_mpi_copy( &dhm.GY, &dhm.GX ) != 0 )
- mbedtls_exit( 1 );
+ dhm.len = mbedtls_mpi_size(&dhm.P);
+ mbedtls_dhm_make_public(&dhm, (int) dhm.len, buf, dhm.len, myrand, NULL);
+ if (mbedtls_mpi_copy(&dhm.GY, &dhm.GX) != 0) {
+ mbedtls_exit(1);
+ }
- mbedtls_snprintf( title, sizeof( title ), "DHE-%d", dhm_sizes[i] );
- TIME_PUBLIC( title, "handshake",
- ret |= mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len,
- myrand, NULL );
- ret |= mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &olen, myrand, NULL ) );
+ mbedtls_snprintf(title, sizeof(title), "DHE-%d", dhm_sizes[i]);
+ TIME_PUBLIC(title, "handshake",
+ ret |= mbedtls_dhm_make_public(&dhm, (int) dhm.len, buf, dhm.len,
+ myrand, NULL);
+ ret |=
+ mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL));
- mbedtls_snprintf( title, sizeof( title ), "DH-%d", dhm_sizes[i] );
- TIME_PUBLIC( title, "handshake",
- ret |= mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &olen, myrand, NULL ) );
+ mbedtls_snprintf(title, sizeof(title), "DH-%d", dhm_sizes[i]);
+ TIME_PUBLIC(title, "handshake",
+ ret |=
+ mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL));
- mbedtls_dhm_free( &dhm );
+ mbedtls_dhm_free(&dhm);
}
}
#endif
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C)
- if( todo.ecdsa )
- {
+ if (todo.ecdsa) {
mbedtls_ecdsa_context ecdsa;
const mbedtls_ecp_curve_info *curve_info;
size_t sig_len;
- memset( buf, 0x2A, sizeof( buf ) );
+ memset(buf, 0x2A, sizeof(buf));
- for( curve_info = curve_list;
+ for (curve_info = curve_list;
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++ )
- {
- if( ! mbedtls_ecdsa_can_do( curve_info->grp_id ) )
+ curve_info++) {
+ if (!mbedtls_ecdsa_can_do(curve_info->grp_id)) {
continue;
+ }
- mbedtls_ecdsa_init( &ecdsa );
+ mbedtls_ecdsa_init(&ecdsa);
- if( mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL ) != 0 )
- mbedtls_exit( 1 );
- ecp_clear_precomputed( &ecdsa.grp );
+ if (mbedtls_ecdsa_genkey(&ecdsa, curve_info->grp_id, myrand, NULL) != 0) {
+ mbedtls_exit(1);
+ }
+ ecp_clear_precomputed(&ecdsa.grp);
- mbedtls_snprintf( title, sizeof( title ), "ECDSA-%s",
- curve_info->name );
- TIME_PUBLIC( title, "sign",
- ret = mbedtls_ecdsa_write_signature( &ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size,
- tmp, &sig_len, myrand, NULL ) );
+ mbedtls_snprintf(title, sizeof(title), "ECDSA-%s",
+ curve_info->name);
+ TIME_PUBLIC(title, "sign",
+ ret =
+ mbedtls_ecdsa_write_signature(&ecdsa, MBEDTLS_MD_SHA256, buf,
+ curve_info->bit_size,
+ tmp, &sig_len, myrand, NULL));
- mbedtls_ecdsa_free( &ecdsa );
+ mbedtls_ecdsa_free(&ecdsa);
}
- for( curve_info = curve_list;
+ for (curve_info = curve_list;
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++ )
- {
- if( ! mbedtls_ecdsa_can_do( curve_info->grp_id ) )
+ curve_info++) {
+ if (!mbedtls_ecdsa_can_do(curve_info->grp_id)) {
continue;
-
- mbedtls_ecdsa_init( &ecdsa );
-
- if( mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL ) != 0 ||
- mbedtls_ecdsa_write_signature( &ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size,
- tmp, &sig_len, myrand, NULL ) != 0 )
- {
- mbedtls_exit( 1 );
}
- ecp_clear_precomputed( &ecdsa.grp );
- mbedtls_snprintf( title, sizeof( title ), "ECDSA-%s",
- curve_info->name );
- TIME_PUBLIC( title, "verify",
- ret = mbedtls_ecdsa_read_signature( &ecdsa, buf, curve_info->bit_size,
- tmp, sig_len ) );
+ mbedtls_ecdsa_init(&ecdsa);
- mbedtls_ecdsa_free( &ecdsa );
+ if (mbedtls_ecdsa_genkey(&ecdsa, curve_info->grp_id, myrand, NULL) != 0 ||
+ mbedtls_ecdsa_write_signature(&ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size,
+ tmp, &sig_len, myrand, NULL) != 0) {
+ mbedtls_exit(1);
+ }
+ ecp_clear_precomputed(&ecdsa.grp);
+
+ mbedtls_snprintf(title, sizeof(title), "ECDSA-%s",
+ curve_info->name);
+ TIME_PUBLIC(title, "verify",
+ ret = mbedtls_ecdsa_read_signature(&ecdsa, buf, curve_info->bit_size,
+ tmp, sig_len));
+
+ mbedtls_ecdsa_free(&ecdsa);
}
}
#endif
#if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- if( todo.ecdh )
- {
+ if (todo.ecdh) {
mbedtls_ecdh_context ecdh;
mbedtls_mpi z;
const mbedtls_ecp_curve_info montgomery_curve_list[] = {
@@ -941,170 +926,176 @@
const mbedtls_ecp_curve_info *selected_montgomery_curve_list =
montgomery_curve_list;
- if( curve_list == (const mbedtls_ecp_curve_info*) &single_curve )
- {
+ if (curve_list == (const mbedtls_ecp_curve_info *) &single_curve) {
mbedtls_ecp_group grp;
- mbedtls_ecp_group_init( &grp );
- if( mbedtls_ecp_group_load( &grp, curve_list->grp_id ) != 0 )
- mbedtls_exit( 1 );
- if( mbedtls_ecp_get_type( &grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
+ mbedtls_ecp_group_init(&grp);
+ if (mbedtls_ecp_group_load(&grp, curve_list->grp_id) != 0) {
+ mbedtls_exit(1);
+ }
+ if (mbedtls_ecp_get_type(&grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
selected_montgomery_curve_list = single_curve;
- else /* empty list */
+ } else { /* empty list */
selected_montgomery_curve_list = single_curve + 1;
- mbedtls_ecp_group_free( &grp );
+ }
+ mbedtls_ecp_group_free(&grp);
}
- for( curve_info = curve_list;
+ for (curve_info = curve_list;
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++ )
- {
- if( ! mbedtls_ecdh_can_do( curve_info->grp_id ) )
+ curve_info++) {
+ if (!mbedtls_ecdh_can_do(curve_info->grp_id)) {
continue;
+ }
- mbedtls_ecdh_init( &ecdh );
+ mbedtls_ecdh_init(&ecdh);
- CHECK_AND_CONTINUE( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) );
- CHECK_AND_CONTINUE( mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
- myrand, NULL ) );
- CHECK_AND_CONTINUE( mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) );
- ecp_clear_precomputed( &ecdh.grp );
+ CHECK_AND_CONTINUE(mbedtls_ecp_group_load(&ecdh.grp, curve_info->grp_id));
+ CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh, &olen, buf, sizeof(buf),
+ myrand, NULL));
+ CHECK_AND_CONTINUE(mbedtls_ecp_copy(&ecdh.Qp, &ecdh.Q));
+ ecp_clear_precomputed(&ecdh.grp);
- mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s",
- curve_info->name );
- TIME_PUBLIC( title, "handshake",
- CHECK_AND_CONTINUE( mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
- myrand, NULL ) );
- CHECK_AND_CONTINUE( mbedtls_ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ),
- myrand, NULL ) ) );
- mbedtls_ecdh_free( &ecdh );
+ mbedtls_snprintf(title, sizeof(title), "ECDHE-%s",
+ curve_info->name);
+ TIME_PUBLIC(title, "handshake",
+ CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh, &olen, buf, sizeof(buf),
+ myrand, NULL));
+ CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh, &olen, buf, sizeof(buf),
+ myrand, NULL)));
+ mbedtls_ecdh_free(&ecdh);
}
/* Montgomery curves need to be handled separately */
- for ( curve_info = selected_montgomery_curve_list;
- curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++ )
- {
- mbedtls_ecdh_init( &ecdh );
- mbedtls_mpi_init( &z );
+ for (curve_info = selected_montgomery_curve_list;
+ curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+ curve_info++) {
+ mbedtls_ecdh_init(&ecdh);
+ mbedtls_mpi_init(&z);
- CHECK_AND_CONTINUE( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) );
- CHECK_AND_CONTINUE( mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL ) );
+ CHECK_AND_CONTINUE(mbedtls_ecp_group_load(&ecdh.grp, curve_info->grp_id));
+ CHECK_AND_CONTINUE(mbedtls_ecdh_gen_public(&ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL));
- mbedtls_snprintf( title, sizeof(title), "ECDHE-%s",
- curve_info->name );
- TIME_PUBLIC( title, "handshake",
- CHECK_AND_CONTINUE( mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q,
- myrand, NULL ) );
- CHECK_AND_CONTINUE( mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
- myrand, NULL ) ) );
+ mbedtls_snprintf(title, sizeof(title), "ECDHE-%s",
+ curve_info->name);
+ TIME_PUBLIC(title, "handshake",
+ CHECK_AND_CONTINUE(mbedtls_ecdh_gen_public(&ecdh.grp, &ecdh.d, &ecdh.Q,
+ myrand, NULL));
+ CHECK_AND_CONTINUE(mbedtls_ecdh_compute_shared(&ecdh.grp, &z, &ecdh.Qp,
+ &ecdh.d,
+ myrand, NULL)));
- mbedtls_ecdh_free( &ecdh );
- mbedtls_mpi_free( &z );
+ mbedtls_ecdh_free(&ecdh);
+ mbedtls_mpi_free(&z);
}
- for( curve_info = curve_list;
+ for (curve_info = curve_list;
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++ )
- {
- if( ! mbedtls_ecdh_can_do( curve_info->grp_id ) )
+ curve_info++) {
+ if (!mbedtls_ecdh_can_do(curve_info->grp_id)) {
continue;
+ }
- mbedtls_ecdh_init( &ecdh );
+ mbedtls_ecdh_init(&ecdh);
- CHECK_AND_CONTINUE( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) );
- CHECK_AND_CONTINUE( mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
- myrand, NULL ) );
- CHECK_AND_CONTINUE( mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) );
- CHECK_AND_CONTINUE( mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
- myrand, NULL ) );
- ecp_clear_precomputed( &ecdh.grp );
+ CHECK_AND_CONTINUE(mbedtls_ecp_group_load(&ecdh.grp, curve_info->grp_id));
+ CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh, &olen, buf, sizeof(buf),
+ myrand, NULL));
+ CHECK_AND_CONTINUE(mbedtls_ecp_copy(&ecdh.Qp, &ecdh.Q));
+ CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh, &olen, buf, sizeof(buf),
+ myrand, NULL));
+ ecp_clear_precomputed(&ecdh.grp);
- mbedtls_snprintf( title, sizeof( title ), "ECDH-%s",
- curve_info->name );
- TIME_PUBLIC( title, "handshake",
- CHECK_AND_CONTINUE( mbedtls_ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ),
- myrand, NULL ) ) );
- mbedtls_ecdh_free( &ecdh );
+ mbedtls_snprintf(title, sizeof(title), "ECDH-%s",
+ curve_info->name);
+ TIME_PUBLIC(title, "handshake",
+ CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh, &olen, buf, sizeof(buf),
+ myrand, NULL)));
+ mbedtls_ecdh_free(&ecdh);
}
/* Montgomery curves need to be handled separately */
- for ( curve_info = selected_montgomery_curve_list;
- curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++)
- {
- mbedtls_ecdh_init( &ecdh );
- mbedtls_mpi_init( &z );
+ for (curve_info = selected_montgomery_curve_list;
+ curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+ curve_info++) {
+ mbedtls_ecdh_init(&ecdh);
+ mbedtls_mpi_init(&z);
- CHECK_AND_CONTINUE( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) );
- CHECK_AND_CONTINUE( mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp,
- myrand, NULL ) );
- CHECK_AND_CONTINUE( mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL ) );
+ CHECK_AND_CONTINUE(mbedtls_ecp_group_load(&ecdh.grp, curve_info->grp_id));
+ CHECK_AND_CONTINUE(mbedtls_ecdh_gen_public(&ecdh.grp, &ecdh.d, &ecdh.Qp,
+ myrand, NULL));
+ CHECK_AND_CONTINUE(mbedtls_ecdh_gen_public(&ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL));
- mbedtls_snprintf( title, sizeof(title), "ECDH-%s",
- curve_info->name );
- TIME_PUBLIC( title, "handshake",
- CHECK_AND_CONTINUE( mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
- myrand, NULL ) ) );
+ mbedtls_snprintf(title, sizeof(title), "ECDH-%s",
+ curve_info->name);
+ TIME_PUBLIC(title, "handshake",
+ CHECK_AND_CONTINUE(mbedtls_ecdh_compute_shared(&ecdh.grp, &z, &ecdh.Qp,
+ &ecdh.d,
+ myrand, NULL)));
- mbedtls_ecdh_free( &ecdh );
- mbedtls_mpi_free( &z );
+ mbedtls_ecdh_free(&ecdh);
+ mbedtls_mpi_free(&z);
}
}
#endif
#if defined(MBEDTLS_ECDH_C)
- if( todo.ecdh )
- {
+ if (todo.ecdh) {
mbedtls_ecdh_context ecdh_srv, ecdh_cli;
unsigned char buf_srv[BUFSIZE], buf_cli[BUFSIZE];
const mbedtls_ecp_curve_info *curve_info;
size_t olen;
- for( curve_info = curve_list;
- curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++ )
- {
- if( ! mbedtls_ecdh_can_do( curve_info->grp_id ) )
+ for (curve_info = curve_list;
+ curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+ curve_info++) {
+ if (!mbedtls_ecdh_can_do(curve_info->grp_id)) {
continue;
+ }
- mbedtls_ecdh_init( &ecdh_srv );
- mbedtls_ecdh_init( &ecdh_cli );
+ mbedtls_ecdh_init(&ecdh_srv);
+ mbedtls_ecdh_init(&ecdh_cli);
- mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s", curve_info->name );
- TIME_PUBLIC( title, "full handshake",
- const unsigned char * p_srv = buf_srv;
+ mbedtls_snprintf(title, sizeof(title), "ECDHE-%s", curve_info->name);
+ TIME_PUBLIC(title,
+ "full handshake",
+ const unsigned char *p_srv = buf_srv;
- CHECK_AND_CONTINUE( mbedtls_ecdh_setup( &ecdh_srv, curve_info->grp_id ) );
- CHECK_AND_CONTINUE( mbedtls_ecdh_make_params( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ) );
+ CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id));
+ CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, &olen, buf_srv,
+ sizeof(buf_srv), myrand, NULL));
- CHECK_AND_CONTINUE( mbedtls_ecdh_read_params( &ecdh_cli, &p_srv, p_srv + olen ) );
- CHECK_AND_CONTINUE( mbedtls_ecdh_make_public( &ecdh_cli, &olen, buf_cli, sizeof( buf_cli ), myrand, NULL ) );
+ CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv,
+ p_srv + olen));
+ CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &olen, buf_cli,
+ sizeof(buf_cli), myrand, NULL));
- CHECK_AND_CONTINUE( mbedtls_ecdh_read_public( &ecdh_srv, buf_cli, olen ) );
- CHECK_AND_CONTINUE( mbedtls_ecdh_calc_secret( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ) );
+ CHECK_AND_CONTINUE(mbedtls_ecdh_read_public(&ecdh_srv, buf_cli, olen));
+ CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_srv, &olen, buf_srv,
+ sizeof(buf_srv), myrand, NULL));
- CHECK_AND_CONTINUE( mbedtls_ecdh_calc_secret( &ecdh_cli, &olen, buf_cli, sizeof( buf_cli ), myrand, NULL ) );
- mbedtls_ecdh_free( &ecdh_cli );
+ CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &olen, buf_cli,
+ sizeof(buf_cli), myrand, NULL));
+ mbedtls_ecdh_free(&ecdh_cli);
- mbedtls_ecdh_free( &ecdh_srv );
- );
+ mbedtls_ecdh_free(&ecdh_srv);
+ );
}
}
#endif
- mbedtls_printf( "\n" );
+ mbedtls_printf("\n");
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_free();
#endif
#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( 0 );
+ mbedtls_exit(0);
}
#endif /* MBEDTLS_TIMING_C */
diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c
index 13f7c3d..a83d45a 100644
--- a/programs/test/cmake_subproject/cmake_subproject.c
+++ b/programs/test/cmake_subproject/cmake_subproject.c
@@ -36,9 +36,9 @@
/* This version string is 18 bytes long, as advised by version.h. */
char version[18];
- mbedtls_version_get_string_full( version );
+ mbedtls_version_get_string_full(version);
- mbedtls_printf( "Built against %s\n", version );
+ mbedtls_printf("Built against %s\n", version);
- return( 0 );
+ return 0;
}
diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c
index b07ba66..e8134f6 100644
--- a/programs/test/dlopen.c
+++ b/programs/test/dlopen.c
@@ -41,67 +41,68 @@
#include <dlfcn.h>
-#define CHECK_DLERROR( function, argument ) \
+#define CHECK_DLERROR(function, argument) \
do \
{ \
- char *CHECK_DLERROR_error = dlerror ( ); \
- if( CHECK_DLERROR_error != NULL ) \
+ char *CHECK_DLERROR_error = dlerror(); \
+ if (CHECK_DLERROR_error != NULL) \
{ \
- fprintf( stderr, "Dynamic loading error for %s(%s): %s\n", \
- function, argument, CHECK_DLERROR_error ); \
- mbedtls_exit( MBEDTLS_EXIT_FAILURE ); \
+ fprintf(stderr, "Dynamic loading error for %s(%s): %s\n", \
+ function, argument, CHECK_DLERROR_error); \
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE); \
} \
} \
- while( 0 )
+ while (0)
-int main( void )
+int main(void)
{
#if defined(MBEDTLS_MD_C) || defined(MBEDTLS_SSL_TLS_C)
unsigned n;
#endif
#if defined(MBEDTLS_SSL_TLS_C)
- void *tls_so = dlopen( TLS_SO_FILENAME, RTLD_NOW );
- CHECK_DLERROR( "dlopen", TLS_SO_FILENAME );
- const int *( *ssl_list_ciphersuites )( void ) =
- dlsym( tls_so, "mbedtls_ssl_list_ciphersuites" );
- CHECK_DLERROR( "dlsym", "mbedtls_ssl_list_ciphersuites" );
- const int *ciphersuites = ssl_list_ciphersuites( );
- for( n = 0; ciphersuites[n] != 0; n++ )
- /* nothing to do, we're just counting */;
- mbedtls_printf( "dlopen(%s): %u ciphersuites\n",
- TLS_SO_FILENAME, n );
- dlclose( tls_so );
- CHECK_DLERROR( "dlclose", TLS_SO_FILENAME );
+ void *tls_so = dlopen(TLS_SO_FILENAME, RTLD_NOW);
+ CHECK_DLERROR("dlopen", TLS_SO_FILENAME);
+ const int *(*ssl_list_ciphersuites)(void) =
+ dlsym(tls_so, "mbedtls_ssl_list_ciphersuites");
+ CHECK_DLERROR("dlsym", "mbedtls_ssl_list_ciphersuites");
+ const int *ciphersuites = ssl_list_ciphersuites();
+ for (n = 0; ciphersuites[n] != 0; n++) {/* nothing to do, we're just counting */
+ ;
+ }
+ mbedtls_printf("dlopen(%s): %u ciphersuites\n",
+ TLS_SO_FILENAME, n);
+ dlclose(tls_so);
+ CHECK_DLERROR("dlclose", TLS_SO_FILENAME);
#endif /* MBEDTLS_SSL_TLS_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- void *x509_so = dlopen( X509_SO_FILENAME, RTLD_NOW );
- CHECK_DLERROR( "dlopen", X509_SO_FILENAME );
+ void *x509_so = dlopen(X509_SO_FILENAME, RTLD_NOW);
+ CHECK_DLERROR("dlopen", X509_SO_FILENAME);
const mbedtls_x509_crt_profile *profile =
- dlsym( x509_so, "mbedtls_x509_crt_profile_default" );
- CHECK_DLERROR( "dlsym", "mbedtls_x509_crt_profile_default" );
- mbedtls_printf( "dlopen(%s): Allowed md mask: %08x\n",
- X509_SO_FILENAME, (unsigned) profile->allowed_mds );
- dlclose( x509_so );
- CHECK_DLERROR( "dlclose", X509_SO_FILENAME );
+ dlsym(x509_so, "mbedtls_x509_crt_profile_default");
+ CHECK_DLERROR("dlsym", "mbedtls_x509_crt_profile_default");
+ mbedtls_printf("dlopen(%s): Allowed md mask: %08x\n",
+ X509_SO_FILENAME, (unsigned) profile->allowed_mds);
+ dlclose(x509_so);
+ CHECK_DLERROR("dlclose", X509_SO_FILENAME);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_MD_C)
- void *crypto_so = dlopen( CRYPTO_SO_FILENAME, RTLD_NOW );
- CHECK_DLERROR( "dlopen", CRYPTO_SO_FILENAME );
- const int *( *md_list )( void ) =
- dlsym( crypto_so, "mbedtls_md_list" );
- CHECK_DLERROR( "dlsym", "mbedtls_md_list" );
- const int *mds = md_list( );
- for( n = 0; mds[n] != 0; n++ )
- /* nothing to do, we're just counting */;
- mbedtls_printf( "dlopen(%s): %u hashes\n",
- CRYPTO_SO_FILENAME, n );
- dlclose( crypto_so );
- CHECK_DLERROR( "dlclose", CRYPTO_SO_FILENAME );
+ void *crypto_so = dlopen(CRYPTO_SO_FILENAME, RTLD_NOW);
+ CHECK_DLERROR("dlopen", CRYPTO_SO_FILENAME);
+ const int *(*md_list)(void) =
+ dlsym(crypto_so, "mbedtls_md_list");
+ CHECK_DLERROR("dlsym", "mbedtls_md_list");
+ const int *mds = md_list();
+ for (n = 0; mds[n] != 0; n++) {/* nothing to do, we're just counting */
+ ;
+ }
+ mbedtls_printf("dlopen(%s): %u hashes\n",
+ CRYPTO_SO_FILENAME, n);
+ dlclose(crypto_so);
+ CHECK_DLERROR("dlclose", CRYPTO_SO_FILENAME);
#endif /* MBEDTLS_MD_C */
- return( 0 );
+ return 0;
}
-
diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c
index d3f4e78..d846031 100644
--- a/programs/test/query_compile_time_config.c
+++ b/programs/test/query_compile_time_config.c
@@ -36,19 +36,17 @@
#include <string.h>
#include "query_config.h"
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
- if ( argc != 2 )
- {
- mbedtls_printf( USAGE, argv[0] );
- return( MBEDTLS_EXIT_FAILURE );
+ if (argc != 2) {
+ mbedtls_printf(USAGE, argv[0]);
+ return MBEDTLS_EXIT_FAILURE;
}
- if( strcmp( argv[1], "-l" ) == 0 )
- {
+ if (strcmp(argv[1], "-l") == 0) {
list_config();
- return( 0 );
+ return 0;
}
- return( query_config( argv[1] ) );
+ return query_config(argv[1]);
}
diff --git a/programs/test/query_config.h b/programs/test/query_config.h
index bcc348e..54e4a0f 100644
--- a/programs/test/query_config.h
+++ b/programs/test/query_config.h
@@ -37,7 +37,7 @@
* which is automatically generated by
* `scripts/generate_query_config.pl`.
*/
-int query_config( const char *config );
+int query_config(const char *config);
/** List all enabled configuration symbols
*
@@ -45,6 +45,6 @@
* which is automatically generated by
* `scripts/generate_query_config.pl`.
*/
-void list_config( void );
+void list_config(void);
#endif /* MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H */
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 89299f8..598c66e 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -70,106 +70,101 @@
/* Sanity check for malloc. This is not expected to fail, and is rather
* intended to display potentially useful information about the platform,
* in particular the behavior of malloc(0). */
-static int calloc_self_test( int verbose )
+static int calloc_self_test(int verbose)
{
int failures = 0;
- void *empty1 = mbedtls_calloc( 0, 1 );
- void *empty2 = mbedtls_calloc( 0, 1 );
- void *buffer1 = mbedtls_calloc( 1, 1 );
- void *buffer2 = mbedtls_calloc( 1, 1 );
+ void *empty1 = mbedtls_calloc(0, 1);
+ void *empty2 = mbedtls_calloc(0, 1);
+ void *buffer1 = mbedtls_calloc(1, 1);
+ void *buffer2 = mbedtls_calloc(1, 1);
- if( empty1 == NULL && empty2 == NULL )
- {
- if( verbose )
- mbedtls_printf( " CALLOC(0): passed (NULL)\n" );
- }
- else if( empty1 == NULL || empty2 == NULL )
- {
- if( verbose )
- mbedtls_printf( " CALLOC(0): failed (mix of NULL and non-NULL)\n" );
+ if (empty1 == NULL && empty2 == NULL) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(0): passed (NULL)\n");
+ }
+ } else if (empty1 == NULL || empty2 == NULL) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(0): failed (mix of NULL and non-NULL)\n");
+ }
++failures;
- }
- else if( empty1 == empty2 )
- {
- if( verbose )
- mbedtls_printf( " CALLOC(0): passed (same non-null)\n" );
- }
- else
- {
- if( verbose )
- mbedtls_printf( " CALLOC(0): passed (distinct non-null)\n" );
+ } else if (empty1 == empty2) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(0): passed (same non-null)\n");
+ }
+ } else {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(0): passed (distinct non-null)\n");
+ }
}
- if( buffer1 == NULL || buffer2 == NULL )
- {
- if( verbose )
- mbedtls_printf( " CALLOC(1): failed (NULL)\n" );
+ if (buffer1 == NULL || buffer2 == NULL) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1): failed (NULL)\n");
+ }
++failures;
- }
- else if( buffer1 == buffer2 )
- {
- if( verbose )
- mbedtls_printf( " CALLOC(1): failed (same buffer twice)\n" );
+ } else if (buffer1 == buffer2) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1): failed (same buffer twice)\n");
+ }
++failures;
- }
- else
- {
- if( verbose )
- mbedtls_printf( " CALLOC(1): passed\n" );
+ } else {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1): passed\n");
+ }
}
- mbedtls_free( buffer1 );
- buffer1 = mbedtls_calloc( 1, 1 );
- if( buffer1 == NULL )
- {
- if( verbose )
- mbedtls_printf( " CALLOC(1 again): failed (NULL)\n" );
+ mbedtls_free(buffer1);
+ buffer1 = mbedtls_calloc(1, 1);
+ if (buffer1 == NULL) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1 again): failed (NULL)\n");
+ }
++failures;
- }
- else
- {
- if( verbose )
- mbedtls_printf( " CALLOC(1 again): passed\n" );
+ } else {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1 again): passed\n");
+ }
}
- if( verbose )
- mbedtls_printf( "\n" );
- mbedtls_free( empty1 );
- mbedtls_free( empty2 );
- mbedtls_free( buffer1 );
- mbedtls_free( buffer2 );
- return( failures );
+ if (verbose) {
+ mbedtls_printf("\n");
+ }
+ mbedtls_free(empty1);
+ mbedtls_free(empty2);
+ mbedtls_free(buffer1);
+ mbedtls_free(buffer2);
+ return failures;
}
#endif /* MBEDTLS_SELF_TEST */
-static int test_snprintf( size_t n, const char *ref_buf, int ref_ret )
+static int test_snprintf(size_t n, const char *ref_buf, int ref_ret)
{
int ret;
char buf[10] = "xxxxxxxxx";
const char ref[10] = "xxxxxxxxx";
- ret = mbedtls_snprintf( buf, n, "%s", "123" );
- if( ret < 0 || (size_t) ret >= n )
+ ret = mbedtls_snprintf(buf, n, "%s", "123");
+ if (ret < 0 || (size_t) ret >= n) {
ret = -1;
-
- if( strncmp( ref_buf, buf, sizeof( buf ) ) != 0 ||
- ref_ret != ret ||
- memcmp( buf + n, ref + n, sizeof( buf ) - n ) != 0 )
- {
- return( 1 );
}
- return( 0 );
+ if (strncmp(ref_buf, buf, sizeof(buf)) != 0 ||
+ ref_ret != ret ||
+ memcmp(buf + n, ref + n, sizeof(buf) - n) != 0) {
+ return 1;
+ }
+
+ return 0;
}
-static int run_test_snprintf( void )
+static int run_test_snprintf(void)
{
- return( test_snprintf( 0, "xxxxxxxxx", -1 ) != 0 ||
- test_snprintf( 1, "", -1 ) != 0 ||
- test_snprintf( 2, "1", -1 ) != 0 ||
- test_snprintf( 3, "12", -1 ) != 0 ||
- test_snprintf( 4, "123", 3 ) != 0 ||
- test_snprintf( 5, "123", 3 ) != 0 );
+ return test_snprintf(0, "xxxxxxxxx", -1) != 0 ||
+ test_snprintf(1, "", -1) != 0 ||
+ test_snprintf(2, "1", -1) != 0 ||
+ test_snprintf(3, "12", -1) != 0 ||
+ test_snprintf(4, "123", 3) != 0 ||
+ test_snprintf(5, "123", 3) != 0;
}
/*
@@ -179,7 +174,7 @@
*/
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C)
#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
-static void create_entropy_seed_file( void )
+static void create_entropy_seed_file(void)
{
int result;
size_t output_len = 0;
@@ -187,164 +182,165 @@
/* Attempt to read the entropy seed file. If this fails - attempt to write
* to the file to ensure one is present. */
- result = mbedtls_platform_std_nv_seed_read( seed_value,
- MBEDTLS_ENTROPY_BLOCK_SIZE );
- if( 0 == result )
+ result = mbedtls_platform_std_nv_seed_read(seed_value,
+ MBEDTLS_ENTROPY_BLOCK_SIZE);
+ if (0 == result) {
return;
+ }
- result = mbedtls_platform_entropy_poll( NULL,
- seed_value,
- MBEDTLS_ENTROPY_BLOCK_SIZE,
- &output_len );
- if( 0 != result )
+ result = mbedtls_platform_entropy_poll(NULL,
+ seed_value,
+ MBEDTLS_ENTROPY_BLOCK_SIZE,
+ &output_len);
+ if (0 != result) {
return;
+ }
- if( MBEDTLS_ENTROPY_BLOCK_SIZE != output_len )
+ if (MBEDTLS_ENTROPY_BLOCK_SIZE != output_len) {
return;
+ }
- mbedtls_platform_std_nv_seed_write( seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE );
+ mbedtls_platform_std_nv_seed_write(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE);
}
#endif
-int mbedtls_entropy_self_test_wrapper( int verbose )
+int mbedtls_entropy_self_test_wrapper(int verbose)
{
#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
- create_entropy_seed_file( );
+ create_entropy_seed_file();
#endif
- return( mbedtls_entropy_self_test( verbose ) );
+ return mbedtls_entropy_self_test(verbose);
}
#endif
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-int mbedtls_memory_buffer_alloc_free_and_self_test( int verbose )
+int mbedtls_memory_buffer_alloc_free_and_self_test(int verbose)
{
- if( verbose != 0 )
- {
+ if (verbose != 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_memory_buffer_alloc_status( );
+ mbedtls_memory_buffer_alloc_status();
#endif
}
- mbedtls_memory_buffer_alloc_free( );
- return( mbedtls_memory_buffer_alloc_self_test( verbose ) );
+ mbedtls_memory_buffer_alloc_free();
+ return mbedtls_memory_buffer_alloc_self_test(verbose);
}
#endif
-typedef struct
-{
+typedef struct {
const char *name;
- int ( *function )( int );
+ int (*function)(int);
} selftest_t;
const selftest_t selftests[] =
{
- {"calloc", calloc_self_test},
+ { "calloc", calloc_self_test },
#if defined(MBEDTLS_MD2_C)
- {"md2", mbedtls_md2_self_test},
+ { "md2", mbedtls_md2_self_test },
#endif
#if defined(MBEDTLS_MD4_C)
- {"md4", mbedtls_md4_self_test},
+ { "md4", mbedtls_md4_self_test },
#endif
#if defined(MBEDTLS_MD5_C)
- {"md5", mbedtls_md5_self_test},
+ { "md5", mbedtls_md5_self_test },
#endif
#if defined(MBEDTLS_RIPEMD160_C)
- {"ripemd160", mbedtls_ripemd160_self_test},
+ { "ripemd160", mbedtls_ripemd160_self_test },
#endif
#if defined(MBEDTLS_SHA1_C)
- {"sha1", mbedtls_sha1_self_test},
+ { "sha1", mbedtls_sha1_self_test },
#endif
#if defined(MBEDTLS_SHA256_C)
- {"sha256", mbedtls_sha256_self_test},
+ { "sha256", mbedtls_sha256_self_test },
#endif
#if defined(MBEDTLS_SHA512_C)
- {"sha512", mbedtls_sha512_self_test},
+ { "sha512", mbedtls_sha512_self_test },
#endif
#if defined(MBEDTLS_ARC4_C)
- {"arc4", mbedtls_arc4_self_test},
+ { "arc4", mbedtls_arc4_self_test },
#endif
#if defined(MBEDTLS_DES_C)
- {"des", mbedtls_des_self_test},
+ { "des", mbedtls_des_self_test },
#endif
#if defined(MBEDTLS_AES_C)
- {"aes", mbedtls_aes_self_test},
+ { "aes", mbedtls_aes_self_test },
#endif
#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)
- {"gcm", mbedtls_gcm_self_test},
+ { "gcm", mbedtls_gcm_self_test },
#endif
#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)
- {"ccm", mbedtls_ccm_self_test},
+ { "ccm", mbedtls_ccm_self_test },
#endif
#if defined(MBEDTLS_NIST_KW_C) && defined(MBEDTLS_AES_C)
- {"nist_kw", mbedtls_nist_kw_self_test},
+ { "nist_kw", mbedtls_nist_kw_self_test },
#endif
#if defined(MBEDTLS_CMAC_C)
- {"cmac", mbedtls_cmac_self_test},
+ { "cmac", mbedtls_cmac_self_test },
#endif
#if defined(MBEDTLS_CHACHA20_C)
- {"chacha20", mbedtls_chacha20_self_test},
+ { "chacha20", mbedtls_chacha20_self_test },
#endif
#if defined(MBEDTLS_POLY1305_C)
- {"poly1305", mbedtls_poly1305_self_test},
+ { "poly1305", mbedtls_poly1305_self_test },
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
- {"chacha20-poly1305", mbedtls_chachapoly_self_test},
+ { "chacha20-poly1305", mbedtls_chachapoly_self_test },
#endif
#if defined(MBEDTLS_BASE64_C)
- {"base64", mbedtls_base64_self_test},
+ { "base64", mbedtls_base64_self_test },
#endif
#if defined(MBEDTLS_BIGNUM_C)
- {"mpi", mbedtls_mpi_self_test},
+ { "mpi", mbedtls_mpi_self_test },
#endif
#if defined(MBEDTLS_RSA_C)
- {"rsa", mbedtls_rsa_self_test},
+ { "rsa", mbedtls_rsa_self_test },
#endif
#if defined(MBEDTLS_X509_USE_C)
- {"x509", mbedtls_x509_self_test},
+ { "x509", mbedtls_x509_self_test },
#endif
#if defined(MBEDTLS_XTEA_C)
- {"xtea", mbedtls_xtea_self_test},
+ { "xtea", mbedtls_xtea_self_test },
#endif
#if defined(MBEDTLS_CAMELLIA_C)
- {"camellia", mbedtls_camellia_self_test},
+ { "camellia", mbedtls_camellia_self_test },
#endif
#if defined(MBEDTLS_ARIA_C)
- {"aria", mbedtls_aria_self_test},
+ { "aria", mbedtls_aria_self_test },
#endif
#if defined(MBEDTLS_CTR_DRBG_C)
- {"ctr_drbg", mbedtls_ctr_drbg_self_test},
+ { "ctr_drbg", mbedtls_ctr_drbg_self_test },
#endif
#if defined(MBEDTLS_HMAC_DRBG_C)
- {"hmac_drbg", mbedtls_hmac_drbg_self_test},
+ { "hmac_drbg", mbedtls_hmac_drbg_self_test },
#endif
#if defined(MBEDTLS_ECP_C)
- {"ecp", mbedtls_ecp_self_test},
+ { "ecp", mbedtls_ecp_self_test },
#endif
#if defined(MBEDTLS_ECJPAKE_C)
- {"ecjpake", mbedtls_ecjpake_self_test},
+ { "ecjpake", mbedtls_ecjpake_self_test },
#endif
#if defined(MBEDTLS_DHM_C)
- {"dhm", mbedtls_dhm_self_test},
+ { "dhm", mbedtls_dhm_self_test },
#endif
#if defined(MBEDTLS_ENTROPY_C)
- {"entropy", mbedtls_entropy_self_test_wrapper},
+ { "entropy", mbedtls_entropy_self_test_wrapper },
#endif
#if defined(MBEDTLS_PKCS5_C)
- {"pkcs5", mbedtls_pkcs5_self_test},
+ { "pkcs5", mbedtls_pkcs5_self_test },
#endif
/* Slower test after the faster ones */
#if defined(MBEDTLS_TIMING_C)
- {"timing", mbedtls_timing_self_test},
+ { "timing", mbedtls_timing_self_test },
#endif
/* Heap test comes last */
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
- {"memory_buffer_alloc", mbedtls_memory_buffer_alloc_free_and_self_test},
+ { "memory_buffer_alloc", mbedtls_memory_buffer_alloc_free_and_self_test },
#endif
- {NULL, NULL}
+ { NULL, NULL }
};
#endif /* MBEDTLS_SELF_TEST */
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
#if defined(MBEDTLS_SELF_TEST)
const selftest_t *test;
@@ -363,93 +359,77 @@
* of a NULL pointer. We do however use that in our code for initializing
* structures, which should work on every modern platform. Let's be sure.
*/
- memset( &pointer, 0, sizeof( void * ) );
- if( pointer != NULL )
- {
- mbedtls_printf( "all-bits-zero is not a NULL pointer\n" );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+ memset(&pointer, 0, sizeof(void *));
+ if (pointer != NULL) {
+ mbedtls_printf("all-bits-zero is not a NULL pointer\n");
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
}
/*
* Make sure we have a snprintf that correctly zero-terminates
*/
- if( run_test_snprintf() != 0 )
- {
- mbedtls_printf( "the snprintf implementation is broken\n" );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+ if (run_test_snprintf() != 0) {
+ mbedtls_printf("the snprintf implementation is broken\n");
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
}
- for( argp = argv + ( argc >= 1 ? 1 : argc ); *argp != NULL; ++argp )
- {
- if( strcmp( *argp, "--quiet" ) == 0 ||
- strcmp( *argp, "-q" ) == 0 )
- {
+ for (argp = argv + (argc >= 1 ? 1 : argc); *argp != NULL; ++argp) {
+ if (strcmp(*argp, "--quiet") == 0 ||
+ strcmp(*argp, "-q") == 0) {
v = 0;
- }
- else if( strcmp( *argp, "--exclude" ) == 0 ||
- strcmp( *argp, "-x" ) == 0 )
- {
+ } else if (strcmp(*argp, "--exclude") == 0 ||
+ strcmp(*argp, "-x") == 0) {
exclude_mode = 1;
- }
- else
+ } else {
break;
+ }
}
- if( v != 0 )
- mbedtls_printf( "\n" );
+ if (v != 0) {
+ mbedtls_printf("\n");
+ }
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
- mbedtls_memory_buffer_alloc_init( buf, sizeof(buf) );
+ mbedtls_memory_buffer_alloc_init(buf, sizeof(buf));
#endif
- if( *argp != NULL && exclude_mode == 0 )
- {
+ if (*argp != NULL && exclude_mode == 0) {
/* Run the specified tests */
- for( ; *argp != NULL; argp++ )
- {
- for( test = selftests; test->name != NULL; test++ )
- {
- if( !strcmp( *argp, test->name ) )
- {
- if( test->function( v ) != 0 )
- {
+ for (; *argp != NULL; argp++) {
+ for (test = selftests; test->name != NULL; test++) {
+ if (!strcmp(*argp, test->name)) {
+ if (test->function(v) != 0) {
suites_failed++;
}
suites_tested++;
break;
}
}
- if( test->name == NULL )
- {
- mbedtls_printf( " Test suite %s not available -> failed\n\n", *argp );
+ if (test->name == NULL) {
+ mbedtls_printf(" Test suite %s not available -> failed\n\n", *argp);
suites_failed++;
}
}
- }
- else
- {
+ } else {
/* Run all the tests except excluded ones */
- for( test = selftests; test->name != NULL; test++ )
- {
- if( exclude_mode )
- {
+ for (test = selftests; test->name != NULL; test++) {
+ if (exclude_mode) {
char **excluded;
- for( excluded = argp; *excluded != NULL; ++excluded )
- {
- if( !strcmp( *excluded, test->name ) )
+ for (excluded = argp; *excluded != NULL; ++excluded) {
+ if (!strcmp(*excluded, test->name)) {
break;
+ }
}
- if( *excluded )
- {
- if( v )
- mbedtls_printf( " Skip: %s\n", test->name );
+ if (*excluded) {
+ if (v) {
+ mbedtls_printf(" Skip: %s\n", test->name);
+ }
continue;
}
}
- if( test->function( v ) != 0 )
- {
+ if (test->function(v) != 0) {
suites_failed++;
}
suites_tested++;
@@ -458,29 +438,26 @@
#else
(void) exclude_mode;
- mbedtls_printf( " MBEDTLS_SELF_TEST not defined.\n" );
+ mbedtls_printf(" MBEDTLS_SELF_TEST not defined.\n");
#endif
- if( v != 0 )
- {
- mbedtls_printf( " Executed %d test suites\n\n", suites_tested );
+ if (v != 0) {
+ mbedtls_printf(" Executed %d test suites\n\n", suites_tested);
- if( suites_failed > 0)
- {
- mbedtls_printf( " [ %d tests FAIL ]\n\n", suites_failed );
- }
- else
- {
- mbedtls_printf( " [ All tests PASS ]\n\n" );
+ if (suites_failed > 0) {
+ mbedtls_printf(" [ %d tests FAIL ]\n\n", suites_failed);
+ } else {
+ mbedtls_printf(" [ All tests PASS ]\n\n");
}
#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
}
- if( suites_failed > 0)
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+ if (suites_failed > 0) {
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+ }
- mbedtls_exit( MBEDTLS_EXIT_SUCCESS );
+ mbedtls_exit(MBEDTLS_EXIT_SUCCESS);
}
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 5fcfa0f..cc0bf79 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -48,10 +48,10 @@
#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_NET_C)
-int main( void )
+int main(void)
{
- mbedtls_printf( "MBEDTLS_NET_C not defined.\n" );
- mbedtls_exit( 0 );
+ mbedtls_printf("MBEDTLS_NET_C not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -111,20 +111,20 @@
" delay=%%d default: 0 (no delayed packets)\n" \
" delay about 1:N packets randomly\n" \
" delay_ccs=0/1 default: 0 (don't delay ChangeCipherSpec)\n" \
- " delay_cli=%%s Handshake message from client that should be\n"\
+ " delay_cli=%%s Handshake message from client that should be\n" \
" delayed. Possible values are 'ClientHello',\n" \
" 'Certificate', 'CertificateVerify', and\n" \
" 'ClientKeyExchange'.\n" \
- " May be used multiple times, even for the same\n"\
- " message, in which case the respective message\n"\
+ " May be used multiple times, even for the same\n" \
+ " message, in which case the respective message\n" \
" gets delayed multiple times.\n" \
- " delay_srv=%%s Handshake message from server that should be\n"\
- " delayed. Possible values are 'HelloRequest',\n"\
- " 'ServerHello', 'ServerHelloDone', 'Certificate'\n"\
- " 'ServerKeyExchange', 'NewSessionTicket',\n"\
- " 'HelloVerifyRequest' and ''CertificateRequest'.\n"\
- " May be used multiple times, even for the same\n"\
- " message, in which case the respective message\n"\
+ " delay_srv=%%s Handshake message from server that should be\n" \
+ " delayed. Possible values are 'HelloRequest',\n" \
+ " 'ServerHello', 'ServerHelloDone', 'Certificate'\n" \
+ " 'ServerKeyExchange', 'NewSessionTicket',\n" \
+ " 'HelloVerifyRequest' and ''CertificateRequest'.\n" \
+ " May be used multiple times, even for the same\n" \
+ " message, in which case the respective message\n" \
" gets delayed multiple times.\n" \
" drop=%%d default: 0 (no dropped packets)\n" \
" drop about 1:N packets randomly\n" \
@@ -148,8 +148,7 @@
#define MAX_DELAYED_HS 10
-static struct options
-{
+static struct options {
const char *server_addr; /* address to forward packets to */
const char *server_port; /* port to forward packets to */
const char *listen_addr; /* address for accepting client connections */
@@ -158,10 +157,10 @@
int duplicate; /* duplicate 1 in N packets (none if 0) */
int delay; /* delay 1 packet in N (none if 0) */
int delay_ccs; /* delay ChangeCipherSpec */
- char* delay_cli[MAX_DELAYED_HS]; /* handshake types of messages from
+ char *delay_cli[MAX_DELAYED_HS]; /* handshake types of messages from
* client that should be delayed. */
uint8_t delay_cli_cnt; /* Number of entries in delay_cli. */
- char* delay_srv[MAX_DELAYED_HS]; /* handshake types of messages from
+ char *delay_srv[MAX_DELAYED_HS]; /* handshake types of messages from
* server that should be delayed. */
uint8_t delay_srv_cnt; /* Number of entries in delay_srv. */
int drop; /* drop 1 packet in N (none if 0) */
@@ -176,18 +175,19 @@
unsigned int seed; /* seed for "random" events */
} opt;
-static void exit_usage( const char *name, const char *value )
+static void exit_usage(const char *name, const char *value)
{
- if( value == NULL )
- mbedtls_printf( " unknown option or missing value: %s\n", name );
- else
- mbedtls_printf( " option %s: illegal value: %s\n", name, value );
+ if (value == NULL) {
+ mbedtls_printf(" unknown option or missing value: %s\n", name);
+ } else {
+ mbedtls_printf(" option %s: illegal value: %s\n", name, value);
+ }
- mbedtls_printf( USAGE );
- mbedtls_exit( 1 );
+ mbedtls_printf(USAGE);
+ mbedtls_exit(1);
}
-static void get_options( int argc, char *argv[] )
+static void get_options(int argc, char *argv[])
{
int i;
char *p, *q;
@@ -201,200 +201,184 @@
opt.delay_cli_cnt = 0;
opt.delay_srv_cnt = 0;
- memset( opt.delay_cli, 0, sizeof( opt.delay_cli ) );
- memset( opt.delay_srv, 0, sizeof( opt.delay_srv ) );
+ memset(opt.delay_cli, 0, sizeof(opt.delay_cli));
+ memset(opt.delay_srv, 0, sizeof(opt.delay_srv));
- for( i = 1; i < argc; i++ )
- {
+ for (i = 1; i < argc; i++) {
p = argv[i];
- if( ( q = strchr( p, '=' ) ) == NULL )
- exit_usage( p, NULL );
+ if ((q = strchr(p, '=')) == NULL) {
+ exit_usage(p, NULL);
+ }
*q++ = '\0';
- if( strcmp( p, "server_addr" ) == 0 )
+ if (strcmp(p, "server_addr") == 0) {
opt.server_addr = q;
- else if( strcmp( p, "server_port" ) == 0 )
+ } else if (strcmp(p, "server_port") == 0) {
opt.server_port = q;
- else if( strcmp( p, "listen_addr" ) == 0 )
+ } else if (strcmp(p, "listen_addr") == 0) {
opt.listen_addr = q;
- else if( strcmp( p, "listen_port" ) == 0 )
+ } else if (strcmp(p, "listen_port") == 0) {
opt.listen_port = q;
- else if( strcmp( p, "duplicate" ) == 0 )
- {
- opt.duplicate = atoi( q );
- if( opt.duplicate < 0 || opt.duplicate > 20 )
- exit_usage( p, q );
- }
- else if( strcmp( p, "delay" ) == 0 )
- {
- opt.delay = atoi( q );
- if( opt.delay < 0 || opt.delay > 20 || opt.delay == 1 )
- exit_usage( p, q );
- }
- else if( strcmp( p, "delay_ccs" ) == 0 )
- {
- opt.delay_ccs = atoi( q );
- if( opt.delay_ccs < 0 || opt.delay_ccs > 1 )
- exit_usage( p, q );
- }
- else if( strcmp( p, "delay_cli" ) == 0 ||
- strcmp( p, "delay_srv" ) == 0 )
- {
+ } else if (strcmp(p, "duplicate") == 0) {
+ opt.duplicate = atoi(q);
+ if (opt.duplicate < 0 || opt.duplicate > 20) {
+ exit_usage(p, q);
+ }
+ } else if (strcmp(p, "delay") == 0) {
+ opt.delay = atoi(q);
+ if (opt.delay < 0 || opt.delay > 20 || opt.delay == 1) {
+ exit_usage(p, q);
+ }
+ } else if (strcmp(p, "delay_ccs") == 0) {
+ opt.delay_ccs = atoi(q);
+ if (opt.delay_ccs < 0 || opt.delay_ccs > 1) {
+ exit_usage(p, q);
+ }
+ } else if (strcmp(p, "delay_cli") == 0 ||
+ strcmp(p, "delay_srv") == 0) {
uint8_t *delay_cnt;
char **delay_list;
size_t len;
char *buf;
- if( strcmp( p, "delay_cli" ) == 0 )
- {
+ if (strcmp(p, "delay_cli") == 0) {
delay_cnt = &opt.delay_cli_cnt;
delay_list = opt.delay_cli;
- }
- else
- {
+ } else {
delay_cnt = &opt.delay_srv_cnt;
delay_list = opt.delay_srv;
}
- if( *delay_cnt == MAX_DELAYED_HS )
- {
- mbedtls_printf( " too many uses of %s: only %d allowed\n",
- p, MAX_DELAYED_HS );
- exit_usage( p, NULL );
+ if (*delay_cnt == MAX_DELAYED_HS) {
+ mbedtls_printf(" too many uses of %s: only %d allowed\n",
+ p, MAX_DELAYED_HS);
+ exit_usage(p, NULL);
}
- len = strlen( q );
- buf = mbedtls_calloc( 1, len + 1 );
- if( buf == NULL )
- {
- mbedtls_printf( " Allocation failure\n" );
- exit( 1 );
+ len = strlen(q);
+ buf = mbedtls_calloc(1, len + 1);
+ if (buf == NULL) {
+ mbedtls_printf(" Allocation failure\n");
+ exit(1);
}
- memcpy( buf, q, len + 1 );
+ memcpy(buf, q, len + 1);
- delay_list[ (*delay_cnt)++ ] = buf;
- }
- else if( strcmp( p, "drop" ) == 0 )
- {
- opt.drop = atoi( q );
- if( opt.drop < 0 || opt.drop > 20 || opt.drop == 1 )
- exit_usage( p, q );
- }
- else if( strcmp( p, "pack" ) == 0 )
- {
+ delay_list[(*delay_cnt)++] = buf;
+ } else if (strcmp(p, "drop") == 0) {
+ opt.drop = atoi(q);
+ if (opt.drop < 0 || opt.drop > 20 || opt.drop == 1) {
+ exit_usage(p, q);
+ }
+ } else if (strcmp(p, "pack") == 0) {
#if defined(MBEDTLS_TIMING_C)
- opt.pack = (unsigned) atoi( q );
+ opt.pack = (unsigned) atoi(q);
#else
- mbedtls_printf( " option pack only defined if MBEDTLS_TIMING_C is enabled\n" );
- exit( 1 );
+ mbedtls_printf(" option pack only defined if MBEDTLS_TIMING_C is enabled\n");
+ exit(1);
#endif
- }
- else if( strcmp( p, "mtu" ) == 0 )
- {
- opt.mtu = atoi( q );
- if( opt.mtu < 0 || opt.mtu > MAX_MSG_SIZE )
- exit_usage( p, q );
- }
- else if( strcmp( p, "bad_ad" ) == 0 )
- {
- opt.bad_ad = atoi( q );
- if( opt.bad_ad < 0 || opt.bad_ad > 1 )
- exit_usage( p, q );
+ } else if (strcmp(p, "mtu") == 0) {
+ opt.mtu = atoi(q);
+ if (opt.mtu < 0 || opt.mtu > MAX_MSG_SIZE) {
+ exit_usage(p, q);
+ }
+ } else if (strcmp(p, "bad_ad") == 0) {
+ opt.bad_ad = atoi(q);
+ if (opt.bad_ad < 0 || opt.bad_ad > 1) {
+ exit_usage(p, q);
+ }
}
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- else if( strcmp( p, "bad_cid" ) == 0 )
- {
- opt.bad_cid = (unsigned) atoi( q );
+ else if (strcmp(p, "bad_cid") == 0) {
+ opt.bad_cid = (unsigned) atoi(q);
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- else if( strcmp( p, "protect_hvr" ) == 0 )
- {
- opt.protect_hvr = atoi( q );
- if( opt.protect_hvr < 0 || opt.protect_hvr > 1 )
- exit_usage( p, q );
+ else if (strcmp(p, "protect_hvr") == 0) {
+ opt.protect_hvr = atoi(q);
+ if (opt.protect_hvr < 0 || opt.protect_hvr > 1) {
+ exit_usage(p, q);
+ }
+ } else if (strcmp(p, "protect_len") == 0) {
+ opt.protect_len = atoi(q);
+ if (opt.protect_len < 0) {
+ exit_usage(p, q);
+ }
+ } else if (strcmp(p, "inject_clihlo") == 0) {
+ opt.inject_clihlo = atoi(q);
+ if (opt.inject_clihlo < 0 || opt.inject_clihlo > 1) {
+ exit_usage(p, q);
+ }
+ } else if (strcmp(p, "seed") == 0) {
+ opt.seed = atoi(q);
+ if (opt.seed == 0) {
+ exit_usage(p, q);
+ }
+ } else {
+ exit_usage(p, NULL);
}
- else if( strcmp( p, "protect_len" ) == 0 )
- {
- opt.protect_len = atoi( q );
- if( opt.protect_len < 0 )
- exit_usage( p, q );
- }
- else if( strcmp( p, "inject_clihlo" ) == 0 )
- {
- opt.inject_clihlo = atoi( q );
- if( opt.inject_clihlo < 0 || opt.inject_clihlo > 1 )
- exit_usage( p, q );
- }
- else if( strcmp( p, "seed" ) == 0 )
- {
- opt.seed = atoi( q );
- if( opt.seed == 0 )
- exit_usage( p, q );
- }
- else
- exit_usage( p, NULL );
}
}
-static const char *msg_type( unsigned char *msg, size_t len )
+static const char *msg_type(unsigned char *msg, size_t len)
{
- if( len < 1 ) return( "Invalid" );
- switch( msg[0] )
- {
- case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: return( "ChangeCipherSpec" );
- case MBEDTLS_SSL_MSG_ALERT: return( "Alert" );
- case MBEDTLS_SSL_MSG_APPLICATION_DATA: return( "ApplicationData" );
- case MBEDTLS_SSL_MSG_CID: return( "CID" );
+ if (len < 1) {
+ return "Invalid";
+ }
+ switch (msg[0]) {
+ case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: return "ChangeCipherSpec";
+ case MBEDTLS_SSL_MSG_ALERT: return "Alert";
+ case MBEDTLS_SSL_MSG_APPLICATION_DATA: return "ApplicationData";
+ case MBEDTLS_SSL_MSG_CID: return "CID";
case MBEDTLS_SSL_MSG_HANDSHAKE: break; /* See below */
- default: return( "Unknown" );
+ default: return "Unknown";
}
- if( len < 13 + 12 ) return( "Invalid handshake" );
+ if (len < 13 + 12) {
+ return "Invalid handshake";
+ }
/*
* Our handshake message are less than 2^16 bytes long, so they should
* have 0 as the first byte of length, frag_offset and frag_length.
* Otherwise, assume they are encrypted.
*/
- if( msg[14] || msg[19] || msg[22] ) return( "Encrypted handshake" );
+ if (msg[14] || msg[19] || msg[22]) {
+ return "Encrypted handshake";
+ }
- switch( msg[13] )
- {
- case MBEDTLS_SSL_HS_HELLO_REQUEST: return( "HelloRequest" );
- case MBEDTLS_SSL_HS_CLIENT_HELLO: return( "ClientHello" );
- case MBEDTLS_SSL_HS_SERVER_HELLO: return( "ServerHello" );
- case MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST: return( "HelloVerifyRequest" );
- case MBEDTLS_SSL_HS_NEW_SESSION_TICKET: return( "NewSessionTicket" );
- case MBEDTLS_SSL_HS_CERTIFICATE: return( "Certificate" );
- case MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE: return( "ServerKeyExchange" );
- case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: return( "CertificateRequest" );
- case MBEDTLS_SSL_HS_SERVER_HELLO_DONE: return( "ServerHelloDone" );
- case MBEDTLS_SSL_HS_CERTIFICATE_VERIFY: return( "CertificateVerify" );
- case MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE: return( "ClientKeyExchange" );
- case MBEDTLS_SSL_HS_FINISHED: return( "Finished" );
- default: return( "Unknown handshake" );
+ switch (msg[13]) {
+ case MBEDTLS_SSL_HS_HELLO_REQUEST: return "HelloRequest";
+ case MBEDTLS_SSL_HS_CLIENT_HELLO: return "ClientHello";
+ case MBEDTLS_SSL_HS_SERVER_HELLO: return "ServerHello";
+ case MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST: return "HelloVerifyRequest";
+ case MBEDTLS_SSL_HS_NEW_SESSION_TICKET: return "NewSessionTicket";
+ case MBEDTLS_SSL_HS_CERTIFICATE: return "Certificate";
+ case MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE: return "ServerKeyExchange";
+ case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: return "CertificateRequest";
+ case MBEDTLS_SSL_HS_SERVER_HELLO_DONE: return "ServerHelloDone";
+ case MBEDTLS_SSL_HS_CERTIFICATE_VERIFY: return "CertificateVerify";
+ case MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE: return "ClientKeyExchange";
+ case MBEDTLS_SSL_HS_FINISHED: return "Finished";
+ default: return "Unknown handshake";
}
}
#if defined(MBEDTLS_TIMING_C)
/* Return elapsed time in milliseconds since the first call */
-static unsigned elapsed_time( void )
+static unsigned elapsed_time(void)
{
static int initialized = 0;
static struct mbedtls_timing_hr_time hires;
- if( initialized == 0 )
- {
- (void) mbedtls_timing_get_timer( &hires, 1 );
+ if (initialized == 0) {
+ (void) mbedtls_timing_get_timer(&hires, 1);
initialized = 1;
- return( 0 );
+ return 0;
}
- return( mbedtls_timing_get_timer( &hires, 0 ) );
+ return mbedtls_timing_get_timer(&hires, 0);
}
-typedef struct
-{
+typedef struct {
mbedtls_net_context *ctx;
const char *description;
@@ -409,102 +393,102 @@
static ctx_buffer outbuf[2];
-static int ctx_buffer_flush( ctx_buffer *buf )
+static int ctx_buffer_flush(ctx_buffer *buf)
{
int ret;
- mbedtls_printf( " %05u flush %s: %u bytes, %u datagrams, last %u ms\n",
- elapsed_time(), buf->description,
- (unsigned) buf->len, buf->num_datagrams,
- elapsed_time() - buf->packet_lifetime );
+ mbedtls_printf(" %05u flush %s: %u bytes, %u datagrams, last %u ms\n",
+ elapsed_time(), buf->description,
+ (unsigned) buf->len, buf->num_datagrams,
+ elapsed_time() - buf->packet_lifetime);
- ret = mbedtls_net_send( buf->ctx, buf->data, buf->len );
+ ret = mbedtls_net_send(buf->ctx, buf->data, buf->len);
buf->len = 0;
buf->num_datagrams = 0;
- return( ret );
+ return ret;
}
-static unsigned ctx_buffer_time_remaining( ctx_buffer *buf )
+static unsigned ctx_buffer_time_remaining(ctx_buffer *buf)
{
unsigned const cur_time = elapsed_time();
- if( buf->num_datagrams == 0 )
- return( (unsigned) -1 );
+ if (buf->num_datagrams == 0) {
+ return (unsigned) -1;
+ }
- if( cur_time - buf->packet_lifetime >= opt.pack )
- return( 0 );
+ if (cur_time - buf->packet_lifetime >= opt.pack) {
+ return 0;
+ }
- return( opt.pack - ( cur_time - buf->packet_lifetime ) );
+ return opt.pack - (cur_time - buf->packet_lifetime);
}
-static int ctx_buffer_append( ctx_buffer *buf,
- const unsigned char * data,
- size_t len )
+static int ctx_buffer_append(ctx_buffer *buf,
+ const unsigned char *data,
+ size_t len)
{
int ret;
- if( len > (size_t) INT_MAX )
- return( -1 );
-
- if( len > sizeof( buf->data ) )
- {
- mbedtls_printf( " ! buffer size %u too large (max %u)\n",
- (unsigned) len, (unsigned) sizeof( buf->data ) );
- return( -1 );
+ if (len > (size_t) INT_MAX) {
+ return -1;
}
- if( sizeof( buf->data ) - buf->len < len )
- {
- if( ( ret = ctx_buffer_flush( buf ) ) <= 0 )
- {
- mbedtls_printf( "ctx_buffer_flush failed with -%#04x", (unsigned int) -ret );
- return( ret );
+ if (len > sizeof(buf->data)) {
+ mbedtls_printf(" ! buffer size %u too large (max %u)\n",
+ (unsigned) len, (unsigned) sizeof(buf->data));
+ return -1;
+ }
+
+ if (sizeof(buf->data) - buf->len < len) {
+ if ((ret = ctx_buffer_flush(buf)) <= 0) {
+ mbedtls_printf("ctx_buffer_flush failed with -%#04x", (unsigned int) -ret);
+ return ret;
}
}
- memcpy( buf->data + buf->len, data, len );
+ memcpy(buf->data + buf->len, data, len);
buf->len += len;
- if( ++buf->num_datagrams == 1 )
+ if (++buf->num_datagrams == 1) {
buf->packet_lifetime = elapsed_time();
+ }
- return( (int) len );
+ return (int) len;
}
#endif /* MBEDTLS_TIMING_C */
-static int dispatch_data( mbedtls_net_context *ctx,
- const unsigned char * data,
- size_t len )
+static int dispatch_data(mbedtls_net_context *ctx,
+ const unsigned char *data,
+ size_t len)
{
int ret;
#if defined(MBEDTLS_TIMING_C)
ctx_buffer *buf = NULL;
- if( opt.pack > 0 )
- {
- if( outbuf[0].ctx == ctx )
+ if (opt.pack > 0) {
+ if (outbuf[0].ctx == ctx) {
buf = &outbuf[0];
- else if( outbuf[1].ctx == ctx )
+ } else if (outbuf[1].ctx == ctx) {
buf = &outbuf[1];
+ }
- if( buf == NULL )
- return( -1 );
+ if (buf == NULL) {
+ return -1;
+ }
- return( ctx_buffer_append( buf, data, len ) );
+ return ctx_buffer_append(buf, data, len);
}
#endif /* MBEDTLS_TIMING_C */
- ret = mbedtls_net_send( ctx, data, len );
- if( ret < 0 )
- {
- mbedtls_printf( "net_send returned -%#04x\n", (unsigned int) -ret );
+ ret = mbedtls_net_send(ctx, data, len);
+ if (ret < 0) {
+ mbedtls_printf("net_send returned -%#04x\n", (unsigned int) -ret);
}
- return( ret );
+ return ret;
}
-typedef struct
-{
+typedef struct {
mbedtls_net_context *dst;
const char *way;
const char *type;
@@ -513,25 +497,27 @@
} packet;
/* Print packet. Outgoing packets come with a reason (forward, dupl, etc.) */
-void print_packet( const packet *p, const char *why )
+void print_packet(const packet *p, const char *why)
{
#if defined(MBEDTLS_TIMING_C)
- if( why == NULL )
- mbedtls_printf( " %05u dispatch %s %s (%u bytes)\n",
- elapsed_time(), p->way, p->type, p->len );
- else
- mbedtls_printf( " %05u dispatch %s %s (%u bytes): %s\n",
- elapsed_time(), p->way, p->type, p->len, why );
+ if (why == NULL) {
+ mbedtls_printf(" %05u dispatch %s %s (%u bytes)\n",
+ elapsed_time(), p->way, p->type, p->len);
+ } else {
+ mbedtls_printf(" %05u dispatch %s %s (%u bytes): %s\n",
+ elapsed_time(), p->way, p->type, p->len, why);
+ }
#else
- if( why == NULL )
- mbedtls_printf( " dispatch %s %s (%u bytes)\n",
- p->way, p->type, p->len );
- else
- mbedtls_printf( " dispatch %s %s (%u bytes): %s\n",
- p->way, p->type, p->len, why );
+ if (why == NULL) {
+ mbedtls_printf(" dispatch %s %s (%u bytes)\n",
+ p->way, p->type, p->len);
+ } else {
+ mbedtls_printf(" dispatch %s %s (%u bytes): %s\n",
+ p->way, p->type, p->len, why);
+ }
#endif
- fflush( stdout );
+ fflush(stdout);
}
/*
@@ -555,135 +541,123 @@
static inject_clihlo_state_t inject_clihlo_state;
static packet initial_clihlo;
-int send_packet( const packet *p, const char *why )
+int send_packet(const packet *p, const char *why)
{
int ret;
mbedtls_net_context *dst = p->dst;
/* save initial ClientHello? */
- if( opt.inject_clihlo != 0 &&
+ if (opt.inject_clihlo != 0 &&
inject_clihlo_state == ICH_INIT &&
- strcmp( p->type, "ClientHello" ) == 0 )
- {
- memcpy( &initial_clihlo, p, sizeof( packet ) );
+ strcmp(p->type, "ClientHello") == 0) {
+ memcpy(&initial_clihlo, p, sizeof(packet));
inject_clihlo_state = ICH_CACHED;
}
/* insert corrupted CID record? */
- if( opt.bad_cid != 0 &&
- strcmp( p->type, "CID" ) == 0 &&
- ( rand() % opt.bad_cid ) == 0 )
- {
+ if (opt.bad_cid != 0 &&
+ strcmp(p->type, "CID") == 0 &&
+ (rand() % opt.bad_cid) == 0) {
unsigned char buf[MAX_MSG_SIZE];
- memcpy( buf, p->buf, p->len );
+ memcpy(buf, p->buf, p->len);
/* The CID resides at offset 11 in the DTLS record header. */
buf[11] ^= 1;
- print_packet( p, "modified CID" );
+ print_packet(p, "modified CID");
- if( ( ret = dispatch_data( dst, buf, p->len ) ) <= 0 )
- {
- mbedtls_printf( " ! dispatch returned %d\n", ret );
- return( ret );
+ if ((ret = dispatch_data(dst, buf, p->len)) <= 0) {
+ mbedtls_printf(" ! dispatch returned %d\n", ret);
+ return ret;
}
}
/* insert corrupted ApplicationData record? */
- if( opt.bad_ad &&
- strcmp( p->type, "ApplicationData" ) == 0 )
- {
+ if (opt.bad_ad &&
+ strcmp(p->type, "ApplicationData") == 0) {
unsigned char buf[MAX_MSG_SIZE];
- memcpy( buf, p->buf, p->len );
+ memcpy(buf, p->buf, p->len);
- if( p->len <= 13 )
- {
- mbedtls_printf( " ! can't corrupt empty AD record" );
- }
- else
- {
+ if (p->len <= 13) {
+ mbedtls_printf(" ! can't corrupt empty AD record");
+ } else {
++buf[13];
- print_packet( p, "corrupted" );
+ print_packet(p, "corrupted");
}
- if( ( ret = dispatch_data( dst, buf, p->len ) ) <= 0 )
- {
- mbedtls_printf( " ! dispatch returned %d\n", ret );
- return( ret );
+ if ((ret = dispatch_data(dst, buf, p->len)) <= 0) {
+ mbedtls_printf(" ! dispatch returned %d\n", ret);
+ return ret;
}
}
- print_packet( p, why );
- if( ( ret = dispatch_data( dst, p->buf, p->len ) ) <= 0 )
- {
- mbedtls_printf( " ! dispatch returned %d\n", ret );
- return( ret );
+ print_packet(p, why);
+ if ((ret = dispatch_data(dst, p->buf, p->len)) <= 0) {
+ mbedtls_printf(" ! dispatch returned %d\n", ret);
+ return ret;
}
/* Don't duplicate Application Data, only handshake covered */
- if( opt.duplicate != 0 &&
- strcmp( p->type, "ApplicationData" ) != 0 &&
- rand() % opt.duplicate == 0 )
- {
- print_packet( p, "duplicated" );
+ if (opt.duplicate != 0 &&
+ strcmp(p->type, "ApplicationData") != 0 &&
+ rand() % opt.duplicate == 0) {
+ print_packet(p, "duplicated");
- if( ( ret = dispatch_data( dst, p->buf, p->len ) ) <= 0 )
- {
- mbedtls_printf( " ! dispatch returned %d\n", ret );
- return( ret );
+ if ((ret = dispatch_data(dst, p->buf, p->len)) <= 0) {
+ mbedtls_printf(" ! dispatch returned %d\n", ret);
+ return ret;
}
}
/* Inject ClientHello after first ApplicationData */
- if( opt.inject_clihlo != 0 &&
+ if (opt.inject_clihlo != 0 &&
inject_clihlo_state == ICH_CACHED &&
- strcmp( p->type, "ApplicationData" ) == 0 )
- {
- print_packet( &initial_clihlo, "injected" );
+ strcmp(p->type, "ApplicationData") == 0) {
+ print_packet(&initial_clihlo, "injected");
- if( ( ret = dispatch_data( dst, initial_clihlo.buf,
- initial_clihlo.len ) ) <= 0 )
- {
- mbedtls_printf( " ! dispatch returned %d\n", ret );
- return( ret );
+ if ((ret = dispatch_data(dst, initial_clihlo.buf,
+ initial_clihlo.len)) <= 0) {
+ mbedtls_printf(" ! dispatch returned %d\n", ret);
+ return ret;
}
inject_clihlo_state = ICH_INJECTED;
}
- return( 0 );
+ return 0;
}
#define MAX_DELAYED_MSG 5
static size_t prev_len;
static packet prev[MAX_DELAYED_MSG];
-void clear_pending( void )
+void clear_pending(void)
{
- memset( &prev, 0, sizeof( prev ) );
+ memset(&prev, 0, sizeof(prev));
prev_len = 0;
}
-void delay_packet( packet *delay )
+void delay_packet(packet *delay)
{
- if( prev_len == MAX_DELAYED_MSG )
+ if (prev_len == MAX_DELAYED_MSG) {
return;
+ }
- memcpy( &prev[prev_len++], delay, sizeof( packet ) );
+ memcpy(&prev[prev_len++], delay, sizeof(packet));
}
int send_delayed()
{
uint8_t offset;
int ret;
- for( offset = 0; offset < prev_len; offset++ )
- {
- ret = send_packet( &prev[offset], "delayed" );
- if( ret != 0 )
- return( ret );
+ for (offset = 0; offset < prev_len; offset++) {
+ ret = send_packet(&prev[offset], "delayed");
+ if (ret != 0) {
+ return ret;
+ }
}
clear_pending();
- return( 0 );
+ return 0;
}
/*
@@ -703,108 +677,100 @@
static unsigned char held[2048] = { 0 };
#define HOLD_MAX 2
-int handle_message( const char *way,
- mbedtls_net_context *dst,
- mbedtls_net_context *src )
+int handle_message(const char *way,
+ mbedtls_net_context *dst,
+ mbedtls_net_context *src)
{
int ret;
packet cur;
size_t id;
uint8_t delay_idx;
- char ** delay_list;
+ char **delay_list;
uint8_t delay_list_len;
/* receive packet */
- if( ( ret = mbedtls_net_recv( src, cur.buf, sizeof( cur.buf ) ) ) <= 0 )
- {
- mbedtls_printf( " ! mbedtls_net_recv returned %d\n", ret );
- return( ret );
+ if ((ret = mbedtls_net_recv(src, cur.buf, sizeof(cur.buf))) <= 0) {
+ mbedtls_printf(" ! mbedtls_net_recv returned %d\n", ret);
+ return ret;
}
cur.len = ret;
- cur.type = msg_type( cur.buf, cur.len );
+ cur.type = msg_type(cur.buf, cur.len);
cur.way = way;
cur.dst = dst;
- print_packet( &cur, NULL );
+ print_packet(&cur, NULL);
- id = cur.len % sizeof( held );
+ id = cur.len % sizeof(held);
- if( strcmp( way, "S <- C" ) == 0 )
- {
+ if (strcmp(way, "S <- C") == 0) {
delay_list = opt.delay_cli;
delay_list_len = opt.delay_cli_cnt;
- }
- else
- {
+ } else {
delay_list = opt.delay_srv;
delay_list_len = opt.delay_srv_cnt;
}
/* Check if message type is in the list of messages
* that should be delayed */
- for( delay_idx = 0; delay_idx < delay_list_len; delay_idx++ )
- {
- if( delay_list[ delay_idx ] == NULL )
+ for (delay_idx = 0; delay_idx < delay_list_len; delay_idx++) {
+ if (delay_list[delay_idx] == NULL) {
continue;
+ }
- if( strcmp( delay_list[ delay_idx ], cur.type ) == 0 )
- {
+ if (strcmp(delay_list[delay_idx], cur.type) == 0) {
/* Delay message */
- delay_packet( &cur );
+ delay_packet(&cur);
/* Remove entry from list */
- mbedtls_free( delay_list[delay_idx] );
+ mbedtls_free(delay_list[delay_idx]);
delay_list[delay_idx] = NULL;
- return( 0 );
+ return 0;
}
}
/* do we want to drop, delay, or forward it? */
- if( ( opt.mtu != 0 &&
- cur.len > (unsigned) opt.mtu ) ||
- ( opt.drop != 0 &&
- strcmp( cur.type, "CID" ) != 0 &&
- strcmp( cur.type, "ApplicationData" ) != 0 &&
- ! ( opt.protect_hvr &&
- strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) &&
- cur.len != (size_t) opt.protect_len &&
- held[id] < HOLD_MAX &&
- rand() % opt.drop == 0 ) )
- {
+ if ((opt.mtu != 0 &&
+ cur.len > (unsigned) opt.mtu) ||
+ (opt.drop != 0 &&
+ strcmp(cur.type, "CID") != 0 &&
+ strcmp(cur.type, "ApplicationData") != 0 &&
+ !(opt.protect_hvr &&
+ strcmp(cur.type, "HelloVerifyRequest") == 0) &&
+ cur.len != (size_t) opt.protect_len &&
+ held[id] < HOLD_MAX &&
+ rand() % opt.drop == 0)) {
++held[id];
- }
- else if( ( opt.delay_ccs == 1 &&
- strcmp( cur.type, "ChangeCipherSpec" ) == 0 ) ||
- ( opt.delay != 0 &&
- strcmp( cur.type, "CID" ) != 0 &&
- strcmp( cur.type, "ApplicationData" ) != 0 &&
- ! ( opt.protect_hvr &&
- strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) &&
- cur.len != (size_t) opt.protect_len &&
- held[id] < HOLD_MAX &&
- rand() % opt.delay == 0 ) )
- {
+ } else if ((opt.delay_ccs == 1 &&
+ strcmp(cur.type, "ChangeCipherSpec") == 0) ||
+ (opt.delay != 0 &&
+ strcmp(cur.type, "CID") != 0 &&
+ strcmp(cur.type, "ApplicationData") != 0 &&
+ !(opt.protect_hvr &&
+ strcmp(cur.type, "HelloVerifyRequest") == 0) &&
+ cur.len != (size_t) opt.protect_len &&
+ held[id] < HOLD_MAX &&
+ rand() % opt.delay == 0)) {
++held[id];
- delay_packet( &cur );
- }
- else
- {
+ delay_packet(&cur);
+ } else {
/* forward and possibly duplicate */
- if( ( ret = send_packet( &cur, "forwarded" ) ) != 0 )
- return( ret );
+ if ((ret = send_packet(&cur, "forwarded")) != 0) {
+ return ret;
+ }
/* send previously delayed messages if any */
ret = send_delayed();
- if( ret != 0 )
- return( ret );
+ if (ret != 0) {
+ return ret;
+ }
}
- return( 0 );
+ return 0;
}
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@@ -812,7 +778,7 @@
mbedtls_net_context listen_fd, client_fd, server_fd;
-#if defined( MBEDTLS_TIMING_C )
+#if defined(MBEDTLS_TIMING_C)
struct timeval tm;
#endif
@@ -821,11 +787,11 @@
int nb_fds;
fd_set read_fds;
- mbedtls_net_init( &listen_fd );
- mbedtls_net_init( &client_fd );
- mbedtls_net_init( &server_fd );
+ mbedtls_net_init(&listen_fd);
+ mbedtls_net_init(&client_fd);
+ mbedtls_net_init(&server_fd);
- get_options( argc, argv );
+ get_options(argc, argv);
/*
* Decisions to drop/delay/duplicate packets are pseudo-random: dropping
@@ -835,84 +801,81 @@
* In order to be able to reproduce problems reliably, the seed may be
* specified explicitly.
*/
- if( opt.seed == 0 )
- {
+ if (opt.seed == 0) {
#if defined(MBEDTLS_HAVE_TIME)
- opt.seed = (unsigned int) mbedtls_time( NULL );
+ opt.seed = (unsigned int) mbedtls_time(NULL);
#else
opt.seed = 1;
#endif /* MBEDTLS_HAVE_TIME */
- mbedtls_printf( " . Pseudo-random seed: %u\n", opt.seed );
+ mbedtls_printf(" . Pseudo-random seed: %u\n", opt.seed);
}
- srand( opt.seed );
+ srand(opt.seed);
/*
* 0. "Connect" to the server
*/
- mbedtls_printf( " . Connect to server on UDP/%s/%s ...",
- opt.server_addr, opt.server_port );
- fflush( stdout );
+ mbedtls_printf(" . Connect to server on UDP/%s/%s ...",
+ opt.server_addr, opt.server_port);
+ fflush(stdout);
- if( ( ret = mbedtls_net_connect( &server_fd, opt.server_addr, opt.server_port,
- MBEDTLS_NET_PROTO_UDP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
+ if ((ret = mbedtls_net_connect(&server_fd, opt.server_addr, opt.server_port,
+ MBEDTLS_NET_PROTO_UDP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 1. Setup the "listening" UDP socket
*/
- mbedtls_printf( " . Bind on UDP/%s/%s ...",
- opt.listen_addr, opt.listen_port );
- fflush( stdout );
+ mbedtls_printf(" . Bind on UDP/%s/%s ...",
+ opt.listen_addr, opt.listen_port);
+ fflush(stdout);
- if( ( ret = mbedtls_net_bind( &listen_fd, opt.listen_addr, opt.listen_port,
- MBEDTLS_NET_PROTO_UDP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
+ if ((ret = mbedtls_net_bind(&listen_fd, opt.listen_addr, opt.listen_port,
+ MBEDTLS_NET_PROTO_UDP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 2. Wait until a client connects
*/
accept:
- mbedtls_net_free( &client_fd );
+ mbedtls_net_free(&client_fd);
- mbedtls_printf( " . Waiting for a remote connection ..." );
- fflush( stdout );
+ mbedtls_printf(" . Waiting for a remote connection ...");
+ fflush(stdout);
- if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
- NULL, 0, NULL ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
+ if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
+ NULL, 0, NULL)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 3. Forward packets forever (kill the process to terminate it)
*/
clear_pending();
- memset( held, 0, sizeof( held ) );
+ memset(held, 0, sizeof(held));
nb_fds = client_fd.fd;
- if( nb_fds < server_fd.fd )
+ if (nb_fds < server_fd.fd) {
nb_fds = server_fd.fd;
- if( nb_fds < listen_fd.fd )
+ }
+ if (nb_fds < listen_fd.fd) {
nb_fds = listen_fd.fd;
+ }
++nb_fds;
#if defined(MBEDTLS_TIMING_C)
- if( opt.pack > 0 )
- {
+ if (opt.pack > 0) {
outbuf[0].ctx = &server_fd;
outbuf[0].description = "S <- C";
outbuf[0].num_datagrams = 0;
@@ -925,70 +888,66 @@
}
#endif /* MBEDTLS_TIMING_C */
- while( 1 )
- {
+ while (1) {
#if defined(MBEDTLS_TIMING_C)
- if( opt.pack > 0 )
- {
+ if (opt.pack > 0) {
unsigned max_wait_server, max_wait_client, max_wait;
- max_wait_server = ctx_buffer_time_remaining( &outbuf[0] );
- max_wait_client = ctx_buffer_time_remaining( &outbuf[1] );
+ max_wait_server = ctx_buffer_time_remaining(&outbuf[0]);
+ max_wait_client = ctx_buffer_time_remaining(&outbuf[1]);
max_wait = (unsigned) -1;
- if( max_wait_server == 0 )
- ctx_buffer_flush( &outbuf[0] );
- else
+ if (max_wait_server == 0) {
+ ctx_buffer_flush(&outbuf[0]);
+ } else {
max_wait = max_wait_server;
-
- if( max_wait_client == 0 )
- ctx_buffer_flush( &outbuf[1] );
- else
- {
- if( max_wait_client < max_wait )
- max_wait = max_wait_client;
}
- if( max_wait != (unsigned) -1 )
- {
+ if (max_wait_client == 0) {
+ ctx_buffer_flush(&outbuf[1]);
+ } else {
+ if (max_wait_client < max_wait) {
+ max_wait = max_wait_client;
+ }
+ }
+
+ if (max_wait != (unsigned) -1) {
tm.tv_sec = max_wait / 1000;
- tm.tv_usec = ( max_wait % 1000 ) * 1000;
+ tm.tv_usec = (max_wait % 1000) * 1000;
tm_ptr = &tm;
- }
- else
- {
+ } else {
tm_ptr = NULL;
}
}
#endif /* MBEDTLS_TIMING_C */
- FD_ZERO( &read_fds );
- FD_SET( server_fd.fd, &read_fds );
- FD_SET( client_fd.fd, &read_fds );
- FD_SET( listen_fd.fd, &read_fds );
+ FD_ZERO(&read_fds);
+ FD_SET(server_fd.fd, &read_fds);
+ FD_SET(client_fd.fd, &read_fds);
+ FD_SET(listen_fd.fd, &read_fds);
- if( ( ret = select( nb_fds, &read_fds, NULL, NULL, tm_ptr ) ) < 0 )
- {
- perror( "select" );
+ if ((ret = select(nb_fds, &read_fds, NULL, NULL, tm_ptr)) < 0) {
+ perror("select");
goto exit;
}
- if( FD_ISSET( listen_fd.fd, &read_fds ) )
+ if (FD_ISSET(listen_fd.fd, &read_fds)) {
goto accept;
-
- if( FD_ISSET( client_fd.fd, &read_fds ) )
- {
- if( ( ret = handle_message( "S <- C",
- &server_fd, &client_fd ) ) != 0 )
- goto accept;
}
- if( FD_ISSET( server_fd.fd, &read_fds ) )
- {
- if( ( ret = handle_message( "S -> C",
- &client_fd, &server_fd ) ) != 0 )
+ if (FD_ISSET(client_fd.fd, &read_fds)) {
+ if ((ret = handle_message("S <- C",
+ &server_fd, &client_fd)) != 0) {
goto accept;
+ }
+ }
+
+ if (FD_ISSET(server_fd.fd, &read_fds)) {
+ if ((ret = handle_message("S -> C",
+ &client_fd, &server_fd)) != 0) {
+ goto accept;
+ }
}
}
@@ -998,31 +957,29 @@
exit:
#ifdef MBEDTLS_ERROR_C
- if( exit_code != MBEDTLS_EXIT_SUCCESS )
- {
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
char error_buf[100];
- mbedtls_strerror( ret, error_buf, 100 );
- mbedtls_printf( "Last error was: -0x%04X - %s\n\n", (unsigned int) -ret, error_buf );
- fflush( stdout );
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf("Last error was: -0x%04X - %s\n\n", (unsigned int) -ret, error_buf);
+ fflush(stdout);
}
#endif
- for( delay_idx = 0; delay_idx < MAX_DELAYED_HS; delay_idx++ )
- {
- mbedtls_free( opt.delay_cli[delay_idx] );
- mbedtls_free( opt.delay_srv[delay_idx] );
+ for (delay_idx = 0; delay_idx < MAX_DELAYED_HS; delay_idx++) {
+ mbedtls_free(opt.delay_cli[delay_idx]);
+ mbedtls_free(opt.delay_srv[delay_idx]);
}
- mbedtls_net_free( &client_fd );
- mbedtls_net_free( &server_fd );
- mbedtls_net_free( &listen_fd );
+ mbedtls_net_free(&client_fd);
+ mbedtls_net_free(&server_fd);
+ mbedtls_net_free(&listen_fd);
#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_NET_C */
diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c
index d46ae50..3bc76fd 100644
--- a/programs/test/zeroize.c
+++ b/programs/test/zeroize.c
@@ -39,16 +39,16 @@
#define BUFFER_LEN 1024
-void usage( void )
+void usage(void)
{
- mbedtls_printf( "Zeroize is a simple program to assist with testing\n" );
- mbedtls_printf( "the mbedtls_platform_zeroize() function by using the\n" );
- mbedtls_printf( "debugger. This program takes a file as input and\n" );
- mbedtls_printf( "prints the first %d characters. Usage:\n\n", BUFFER_LEN );
- mbedtls_printf( " zeroize <FILE>\n" );
+ mbedtls_printf("Zeroize is a simple program to assist with testing\n");
+ mbedtls_printf("the mbedtls_platform_zeroize() function by using the\n");
+ mbedtls_printf("debugger. This program takes a file as input and\n");
+ mbedtls_printf("prints the first %d characters. Usage:\n\n", BUFFER_LEN);
+ mbedtls_printf(" zeroize <FILE>\n");
}
-int main( int argc, char** argv )
+int main(int argc, char **argv)
{
int exit_code = MBEDTLS_EXIT_FAILURE;
FILE *fp;
@@ -57,34 +57,32 @@
char *end = p + BUFFER_LEN;
int c;
- if( argc != 2 )
- {
- mbedtls_printf( "This program takes exactly 1 argument\n" );
+ if (argc != 2) {
+ mbedtls_printf("This program takes exactly 1 argument\n");
usage();
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
- fp = fopen( argv[1], "r" );
- if( fp == NULL )
- {
- mbedtls_printf( "Could not open file '%s'\n", argv[1] );
- mbedtls_exit( exit_code );
+ fp = fopen(argv[1], "r");
+ if (fp == NULL) {
+ mbedtls_printf("Could not open file '%s'\n", argv[1]);
+ mbedtls_exit(exit_code);
}
- while( ( c = fgetc( fp ) ) != EOF && p < end - 1 )
- *p++ = (char)c;
+ while ((c = fgetc(fp)) != EOF && p < end - 1) {
+ *p++ = (char) c;
+ }
*p = '\0';
- if( p - buf != 0 )
- {
- mbedtls_printf( "%s\n", buf );
+ if (p - buf != 0) {
+ mbedtls_printf("%s\n", buf);
exit_code = MBEDTLS_EXIT_SUCCESS;
+ } else {
+ mbedtls_printf("The file is empty!\n");
}
- else
- mbedtls_printf( "The file is empty!\n" );
- fclose( fp );
- mbedtls_platform_zeroize( buf, sizeof( buf ) );
+ fclose(fp);
+ mbedtls_platform_zeroize(buf, sizeof(buf));
- mbedtls_exit( exit_code ); // GDB_BREAK_HERE -- don't remove this comment!
+ mbedtls_exit(exit_code); // GDB_BREAK_HERE -- don't remove this comment!
}
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index 9f5d70a..b66226d 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -45,10 +45,10 @@
"\n"
#if !defined(MBEDTLS_BASE64_C) || !defined(MBEDTLS_FS_IO)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BASE64_C and/or MBEDTLS_FS_IO not defined.\n");
- mbedtls_exit( 0 );
+ mbedtls_exit(0);
}
#else
@@ -56,120 +56,127 @@
/*
* global options
*/
-struct options
-{
+struct options {
const char *filename; /* filename of the input file */
const char *output_file; /* where to store the output */
} opt;
-int convert_pem_to_der( const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen )
+int convert_pem_to_der(const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen)
{
int ret;
const unsigned char *s1, *s2, *end = input + ilen;
size_t len = 0;
- s1 = (unsigned char *) strstr( (const char *) input, "-----BEGIN" );
- if( s1 == NULL )
- return( -1 );
+ s1 = (unsigned char *) strstr((const char *) input, "-----BEGIN");
+ if (s1 == NULL) {
+ return -1;
+ }
- s2 = (unsigned char *) strstr( (const char *) input, "-----END" );
- if( s2 == NULL )
- return( -1 );
+ s2 = (unsigned char *) strstr((const char *) input, "-----END");
+ if (s2 == NULL) {
+ return -1;
+ }
s1 += 10;
- while( s1 < end && *s1 != '-' )
+ while (s1 < end && *s1 != '-') {
s1++;
- while( s1 < end && *s1 == '-' )
+ }
+ while (s1 < end && *s1 == '-') {
s1++;
- if( *s1 == '\r' ) s1++;
- if( *s1 == '\n' ) s1++;
+ }
+ if (*s1 == '\r') {
+ s1++;
+ }
+ if (*s1 == '\n') {
+ s1++;
+ }
- if( s2 <= s1 || s2 > end )
- return( -1 );
+ if (s2 <= s1 || s2 > end) {
+ return -1;
+ }
- ret = mbedtls_base64_decode( NULL, 0, &len, (const unsigned char *) s1, s2 - s1 );
- if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER )
- return( ret );
+ ret = mbedtls_base64_decode(NULL, 0, &len, (const unsigned char *) s1, s2 - s1);
+ if (ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER) {
+ return ret;
+ }
- if( len > *olen )
- return( -1 );
+ if (len > *olen) {
+ return -1;
+ }
- if( ( ret = mbedtls_base64_decode( output, len, &len, (const unsigned char *) s1,
- s2 - s1 ) ) != 0 )
- {
- return( ret );
+ if ((ret = mbedtls_base64_decode(output, len, &len, (const unsigned char *) s1,
+ s2 - s1)) != 0) {
+ return ret;
}
*olen = len;
- return( 0 );
+ return 0;
}
/*
* Load all data from a file into a given buffer.
*/
-static int load_file( const char *path, unsigned char **buf, size_t *n )
+static int load_file(const char *path, unsigned char **buf, size_t *n)
{
FILE *f;
long size;
- if( ( f = fopen( path, "rb" ) ) == NULL )
- return( -1 );
-
- fseek( f, 0, SEEK_END );
- if( ( size = ftell( f ) ) == -1 )
- {
- fclose( f );
- return( -1 );
+ if ((f = fopen(path, "rb")) == NULL) {
+ return -1;
}
- fseek( f, 0, SEEK_SET );
+
+ fseek(f, 0, SEEK_END);
+ if ((size = ftell(f)) == -1) {
+ fclose(f);
+ return -1;
+ }
+ fseek(f, 0, SEEK_SET);
*n = (size_t) size;
- if( *n + 1 == 0 ||
- ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
- {
- fclose( f );
- return( -1 );
+ if (*n + 1 == 0 ||
+ (*buf = mbedtls_calloc(1, *n + 1)) == NULL) {
+ fclose(f);
+ return -1;
}
- if( fread( *buf, 1, *n, f ) != *n )
- {
- fclose( f );
- free( *buf );
+ if (fread(*buf, 1, *n, f) != *n) {
+ fclose(f);
+ free(*buf);
*buf = NULL;
- return( -1 );
+ return -1;
}
- fclose( f );
+ fclose(f);
(*buf)[*n] = '\0';
- return( 0 );
+ return 0;
}
/*
* Write buffer to a file
*/
-static int write_file( const char *path, unsigned char *buf, size_t n )
+static int write_file(const char *path, unsigned char *buf, size_t n)
{
FILE *f;
- if( ( f = fopen( path, "wb" ) ) == NULL )
- return( -1 );
-
- if( fwrite( buf, 1, n, f ) != n )
- {
- fclose( f );
- return( -1 );
+ if ((f = fopen(path, "wb")) == NULL) {
+ return -1;
}
- fclose( f );
- return( 0 );
+ if (fwrite(buf, 1, n, f) != n) {
+ fclose(f);
+ return -1;
+ }
+
+ fclose(f);
+ return 0;
}
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@@ -183,100 +190,97 @@
/*
* Set to sane values
*/
- memset( buf, 0, sizeof(buf) );
- memset( der_buffer, 0, sizeof(der_buffer) );
+ memset(buf, 0, sizeof(buf));
+ memset(der_buffer, 0, sizeof(der_buffer));
- if( argc == 0 )
- {
- usage:
- mbedtls_printf( USAGE );
+ if (argc == 0) {
+usage:
+ mbedtls_printf(USAGE);
goto exit;
}
opt.filename = DFL_FILENAME;
opt.output_file = DFL_OUTPUT_FILENAME;
- for( i = 1; i < argc; i++ )
- {
+ for (i = 1; i < argc; i++) {
p = argv[i];
- if( ( q = strchr( p, '=' ) ) == NULL )
+ if ((q = strchr(p, '=')) == NULL) {
goto usage;
+ }
*q++ = '\0';
- if( strcmp( p, "filename" ) == 0 )
+ if (strcmp(p, "filename") == 0) {
opt.filename = q;
- else if( strcmp( p, "output_file" ) == 0 )
+ } else if (strcmp(p, "output_file") == 0) {
opt.output_file = q;
- else
+ } else {
goto usage;
+ }
}
/*
* 1.1. Load the PEM file
*/
- mbedtls_printf( "\n . Loading the PEM file ..." );
- fflush( stdout );
+ mbedtls_printf("\n . Loading the PEM file ...");
+ fflush(stdout);
- ret = load_file( opt.filename, &pem_buffer, &pem_size );
+ ret = load_file(opt.filename, &pem_buffer, &pem_size);
- if( ret != 0 )
- {
+ if (ret != 0) {
#ifdef MBEDTLS_ERROR_C
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror(ret, buf, 1024);
#endif
- mbedtls_printf( " failed\n ! load_file returned %d - %s\n\n", ret, buf );
+ mbedtls_printf(" failed\n ! load_file returned %d - %s\n\n", ret, buf);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 1.2. Convert from PEM to DER
*/
- mbedtls_printf( " . Converting from PEM to DER ..." );
- fflush( stdout );
+ mbedtls_printf(" . Converting from PEM to DER ...");
+ fflush(stdout);
- if( ( ret = convert_pem_to_der( pem_buffer, pem_size, der_buffer, &der_size ) ) != 0 )
- {
+ if ((ret = convert_pem_to_der(pem_buffer, pem_size, der_buffer, &der_size)) != 0) {
#ifdef MBEDTLS_ERROR_C
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror(ret, buf, 1024);
#endif
- mbedtls_printf( " failed\n ! convert_pem_to_der %d - %s\n\n", ret, buf );
+ mbedtls_printf(" failed\n ! convert_pem_to_der %d - %s\n\n", ret, buf);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 1.3. Write the DER file
*/
- mbedtls_printf( " . Writing the DER file ..." );
- fflush( stdout );
+ mbedtls_printf(" . Writing the DER file ...");
+ fflush(stdout);
- ret = write_file( opt.output_file, der_buffer, der_size );
+ ret = write_file(opt.output_file, der_buffer, der_size);
- if( ret != 0 )
- {
+ if (ret != 0) {
#ifdef MBEDTLS_ERROR_C
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror(ret, buf, 1024);
#endif
- mbedtls_printf( " failed\n ! write_file returned %d - %s\n\n", ret, buf );
+ mbedtls_printf(" failed\n ! write_file returned %d - %s\n\n", ret, buf);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- free( pem_buffer );
+ free(pem_buffer);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BASE64_C && MBEDTLS_FS_IO */
diff --git a/programs/util/strerror.c b/programs/util/strerror.c
index 7dde90d..77f1831 100644
--- a/programs/util/strerror.c
+++ b/programs/util/strerror.c
@@ -38,48 +38,45 @@
"\n where <errorcode> can be a decimal or hexadecimal (starts with 0x or -0x)\n"
#if !defined(MBEDTLS_ERROR_C) && !defined(MBEDTLS_ERROR_STRERROR_DUMMY)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_ERROR_C and/or MBEDTLS_ERROR_STRERROR_DUMMY not defined.\n");
- mbedtls_exit( 0 );
+ mbedtls_exit(0);
}
#else
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
long int val;
char *end = argv[1];
- if( argc != 2 )
- {
- mbedtls_printf( USAGE );
- mbedtls_exit( 0 );
+ if (argc != 2) {
+ mbedtls_printf(USAGE);
+ mbedtls_exit(0);
}
- val = strtol( argv[1], &end, 10 );
- if( *end != '\0' )
- {
- val = strtol( argv[1], &end, 16 );
- if( *end != '\0' )
- {
- mbedtls_printf( USAGE );
- return( 0 );
+ val = strtol(argv[1], &end, 10);
+ if (*end != '\0') {
+ val = strtol(argv[1], &end, 16);
+ if (*end != '\0') {
+ mbedtls_printf(USAGE);
+ return 0;
}
}
- if( val > 0 )
+ if (val > 0) {
val = -val;
+ }
- if( val != 0 )
- {
+ if (val != 0) {
char error_buf[200];
- mbedtls_strerror( val, error_buf, 200 );
- mbedtls_printf("Last error was: -0x%04x - %s\n\n", (unsigned int) -val, error_buf );
+ mbedtls_strerror(val, error_buf, 200);
+ mbedtls_printf("Last error was: -0x%04x - %s\n\n", (unsigned int) -val, error_buf);
}
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( val );
+ mbedtls_exit(val);
}
#endif /* MBEDTLS_ERROR_C */
diff --git a/programs/wince_main.c b/programs/wince_main.c
index 851012c..be98eae 100644
--- a/programs/wince_main.c
+++ b/programs/wince_main.c
@@ -21,23 +21,23 @@
#include <windows.h>
-extern int main( int, const char ** );
+extern int main(int, const char **);
-int _tmain( int argc, _TCHAR* targv[] )
+int _tmain(int argc, _TCHAR *targv[])
{
char **argv;
int i;
- argv = ( char ** ) calloc( argc, sizeof( char * ) );
+ argv = (char **) calloc(argc, sizeof(char *));
- for ( i = 0; i < argc; i++ ) {
+ for (i = 0; i < argc; i++) {
size_t len;
- len = _tcslen( targv[i] ) + 1;
- argv[i] = ( char * ) calloc( len, sizeof( char ) );
- wcstombs( argv[i], targv[i], len );
+ len = _tcslen(targv[i]) + 1;
+ argv[i] = (char *) calloc(len, sizeof(char));
+ wcstombs(argv[i], targv[i], len);
}
- return main( argc, argv );
+ return main(argc, argv);
}
#endif /* defined(_WIN32_WCE) */
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 8b76879..a45802c 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -30,14 +30,14 @@
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_CTR_DRBG_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
- "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_CTR_DRBG_C not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -90,8 +90,7 @@
/*
* global options
*/
-struct options
-{
+struct options {
int mode; /* the mode to run the application in */
const char *filename; /* filename of the certificate file */
const char *ca_file; /* the file with the CA certificate(s) */
@@ -103,37 +102,36 @@
int permissive; /* permissive parsing */
} opt;
-static void my_debug( void *ctx, int level,
- const char *file, int line,
- const char *str )
+static void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
{
((void) level);
- mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
- fflush( (FILE *) ctx );
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
+ fflush((FILE *) ctx);
}
-static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags )
+static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags)
{
char buf[1024];
((void) data);
- mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
- mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
- mbedtls_printf( "%s", buf );
+ mbedtls_printf("\nVerify requested for (Depth %d):\n", depth);
+ mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
+ mbedtls_printf("%s", buf);
- if ( ( *flags ) == 0 )
- mbedtls_printf( " This certificate has no flags\n" );
- else
- {
- mbedtls_x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags );
- mbedtls_printf( "%s\n", buf );
+ if ((*flags) == 0) {
+ mbedtls_printf(" This certificate has no flags\n");
+ } else {
+ mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", *flags);
+ mbedtls_printf("%s\n", buf);
}
- return( 0 );
+ return 0;
}
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@@ -154,23 +152,22 @@
/*
* Set to sane values
*/
- mbedtls_net_init( &server_fd );
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- mbedtls_x509_crt_init( &cacert );
+ mbedtls_net_init(&server_fd);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_x509_crt_init(&cacert);
#if defined(MBEDTLS_X509_CRL_PARSE_C)
- mbedtls_x509_crl_init( &cacrl );
+ mbedtls_x509_crl_init(&cacrl);
#else
/* Zeroize structure as CRL parsing is not supported and we have to pass
it to the verify function */
- memset( &cacrl, 0, sizeof(mbedtls_x509_crl) );
+ memset(&cacrl, 0, sizeof(mbedtls_x509_crl));
#endif
- if( argc == 0 )
- {
- usage:
- mbedtls_printf( USAGE );
+ if (argc == 0) {
+usage:
+ mbedtls_printf(USAGE);
goto exit;
}
@@ -184,91 +181,85 @@
opt.debug_level = DFL_DEBUG_LEVEL;
opt.permissive = DFL_PERMISSIVE;
- for( i = 1; i < argc; i++ )
- {
+ for (i = 1; i < argc; i++) {
p = argv[i];
- if( ( q = strchr( p, '=' ) ) == NULL )
+ if ((q = strchr(p, '=')) == NULL) {
goto usage;
+ }
*q++ = '\0';
- for( j = 0; p + j < q; j++ )
- {
- if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
+ for (j = 0; p + j < q; j++) {
+ if (argv[i][j] >= 'A' && argv[i][j] <= 'Z') {
argv[i][j] |= 0x20;
+ }
}
- if( strcmp( p, "mode" ) == 0 )
- {
- if( strcmp( q, "file" ) == 0 )
+ if (strcmp(p, "mode") == 0) {
+ if (strcmp(q, "file") == 0) {
opt.mode = MODE_FILE;
- else if( strcmp( q, "ssl" ) == 0 )
+ } else if (strcmp(q, "ssl") == 0) {
opt.mode = MODE_SSL;
- else
+ } else {
goto usage;
- }
- else if( strcmp( p, "filename" ) == 0 )
+ }
+ } else if (strcmp(p, "filename") == 0) {
opt.filename = q;
- else if( strcmp( p, "ca_file" ) == 0 )
+ } else if (strcmp(p, "ca_file") == 0) {
opt.ca_file = q;
- else if( strcmp( p, "crl_file" ) == 0 )
+ } else if (strcmp(p, "crl_file") == 0) {
opt.crl_file = q;
- else if( strcmp( p, "ca_path" ) == 0 )
+ } else if (strcmp(p, "ca_path") == 0) {
opt.ca_path = q;
- else if( strcmp( p, "server_name" ) == 0 )
+ } else if (strcmp(p, "server_name") == 0) {
opt.server_name = q;
- else if( strcmp( p, "server_port" ) == 0 )
+ } else if (strcmp(p, "server_port") == 0) {
opt.server_port = q;
- else if( strcmp( p, "debug_level" ) == 0 )
- {
- opt.debug_level = atoi( q );
- if( opt.debug_level < 0 || opt.debug_level > 65535 )
+ } else if (strcmp(p, "debug_level") == 0) {
+ opt.debug_level = atoi(q);
+ if (opt.debug_level < 0 || opt.debug_level > 65535) {
goto usage;
- }
- else if( strcmp( p, "permissive" ) == 0 )
- {
- opt.permissive = atoi( q );
- if( opt.permissive < 0 || opt.permissive > 1 )
+ }
+ } else if (strcmp(p, "permissive") == 0) {
+ opt.permissive = atoi(q);
+ if (opt.permissive < 0 || opt.permissive > 1) {
goto usage;
- }
- else
+ }
+ } else {
goto usage;
+ }
}
/*
* 1.1. Load the trusted CA
*/
- mbedtls_printf( " . Loading the CA root certificate ..." );
- fflush( stdout );
+ mbedtls_printf(" . Loading the CA root certificate ...");
+ fflush(stdout);
- if( strlen( opt.ca_path ) )
- {
- if( ( ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path ) ) < 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_path returned -0x%x\n\n", (unsigned int) -ret );
+ if (strlen(opt.ca_path)) {
+ if ((ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path)) < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_path returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
verify = 1;
- }
- else if( strlen( opt.ca_file ) )
- {
- if( ( ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ) ) < 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n", (unsigned int) -ret );
+ } else if (strlen(opt.ca_file)) {
+ if ((ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file)) < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
verify = 1;
}
- mbedtls_printf( " ok (%d skipped)\n", ret );
+ mbedtls_printf(" ok (%d skipped)\n", ret);
#if defined(MBEDTLS_X509_CRL_PARSE_C)
- if( strlen( opt.crl_file ) )
- {
- if( ( ret = mbedtls_x509_crl_parse_file( &cacrl, opt.crl_file ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse returned -0x%x\n\n", (unsigned int) -ret );
+ if (strlen(opt.crl_file)) {
+ if ((ret = mbedtls_x509_crl_parse_file(&cacrl, opt.crl_file)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crl_parse returned -0x%x\n\n",
+ (unsigned int) -ret);
goto exit;
}
@@ -276,52 +267,49 @@
}
#endif
- if( opt.mode == MODE_FILE )
- {
+ if (opt.mode == MODE_FILE) {
mbedtls_x509_crt crt;
mbedtls_x509_crt *cur = &crt;
- mbedtls_x509_crt_init( &crt );
+ mbedtls_x509_crt_init(&crt);
/*
* 1.1. Load the certificate(s)
*/
- mbedtls_printf( "\n . Loading the certificate(s) ..." );
- fflush( stdout );
+ mbedtls_printf("\n . Loading the certificate(s) ...");
+ fflush(stdout);
- ret = mbedtls_x509_crt_parse_file( &crt, opt.filename );
+ ret = mbedtls_x509_crt_parse_file(&crt, opt.filename);
- if( ret < 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret );
- mbedtls_x509_crt_free( &crt );
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret);
+ mbedtls_x509_crt_free(&crt);
goto exit;
}
- if( opt.permissive == 0 && ret > 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse failed to parse %d certificates\n\n", ret );
- mbedtls_x509_crt_free( &crt );
+ if (opt.permissive == 0 && ret > 0) {
+ mbedtls_printf(
+ " failed\n ! mbedtls_x509_crt_parse failed to parse %d certificates\n\n",
+ ret);
+ mbedtls_x509_crt_free(&crt);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 1.2 Print the certificate(s)
*/
- while( cur != NULL )
- {
- mbedtls_printf( " . Peer certificate information ...\n" );
- ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
- cur );
- if( ret == -1 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret );
- mbedtls_x509_crt_free( &crt );
+ while (cur != NULL) {
+ mbedtls_printf(" . Peer certificate information ...\n");
+ ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ",
+ cur);
+ if (ret == -1) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret);
+ mbedtls_x509_crt_free(&crt);
goto exit;
}
- mbedtls_printf( "%s\n", buf );
+ mbedtls_printf("%s\n", buf);
cur = cur->next;
}
@@ -329,161 +317,148 @@
/*
* 1.3 Verify the certificate
*/
- if( verify )
- {
- mbedtls_printf( " . Verifying X.509 certificate..." );
+ if (verify) {
+ mbedtls_printf(" . Verifying X.509 certificate...");
- if( ( ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl, NULL, &flags,
- my_verify, NULL ) ) != 0 )
- {
+ if ((ret = mbedtls_x509_crt_verify(&crt, &cacert, &cacrl, NULL, &flags,
+ my_verify, NULL)) != 0) {
char vrfy_buf[512];
- mbedtls_printf( " failed\n" );
+ mbedtls_printf(" failed\n");
- mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
+ mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
- mbedtls_printf( "%s\n", vrfy_buf );
+ mbedtls_printf("%s\n", vrfy_buf);
+ } else {
+ mbedtls_printf(" ok\n");
}
- else
- mbedtls_printf( " ok\n" );
}
- mbedtls_x509_crt_free( &crt );
- }
- else if( opt.mode == MODE_SSL )
- {
+ mbedtls_x509_crt_free(&crt);
+ } else if (opt.mode == MODE_SSL) {
/*
* 1. Initialize the RNG and the session data
*/
- mbedtls_printf( "\n . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
- mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ mbedtls_entropy_init(&entropy);
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto ssl_exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
#if defined(MBEDTLS_DEBUG_C)
- mbedtls_debug_set_threshold( opt.debug_level );
+ mbedtls_debug_set_threshold(opt.debug_level);
#endif
/*
* 2. Start the connection
*/
- mbedtls_printf( " . SSL connection to tcp/%s/%s...", opt.server_name,
- opt.server_port );
- fflush( stdout );
+ mbedtls_printf(" . SSL connection to tcp/%s/%s...", opt.server_name,
+ opt.server_port);
+ fflush(stdout);
- if( ( ret = mbedtls_net_connect( &server_fd, opt.server_name,
- opt.server_port, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
+ if ((ret = mbedtls_net_connect(&server_fd, opt.server_name,
+ opt.server_port, MBEDTLS_NET_PROTO_TCP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
goto ssl_exit;
}
/*
* 3. Setup stuff
*/
- if( ( ret = mbedtls_ssl_config_defaults( &conf,
- MBEDTLS_SSL_IS_CLIENT,
- MBEDTLS_SSL_TRANSPORT_STREAM,
- MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
goto exit;
}
- if( verify )
- {
- mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
- mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
- mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
+ if (verify) {
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+ mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
+ mbedtls_ssl_conf_verify(&conf, my_verify, NULL);
+ } else {
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
}
- else
- mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
- mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
- if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
goto ssl_exit;
}
- if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
+ if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret);
goto ssl_exit;
}
- mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
+ mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
/*
* 4. Handshake
*/
- while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
- {
- if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret );
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret);
goto ssl_exit;
}
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 5. Print the certificate
*/
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- mbedtls_printf( " . Peer certificate information ... skipped\n" );
+ mbedtls_printf(" . Peer certificate information ... skipped\n");
#else
- mbedtls_printf( " . Peer certificate information ...\n" );
- ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
- mbedtls_ssl_get_peer_cert( &ssl ) );
- if( ret == -1 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret );
+ mbedtls_printf(" . Peer certificate information ...\n");
+ ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ",
+ mbedtls_ssl_get_peer_cert(&ssl));
+ if (ret == -1) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret);
goto ssl_exit;
}
- mbedtls_printf( "%s\n", buf );
+ mbedtls_printf("%s\n", buf);
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- mbedtls_ssl_close_notify( &ssl );
+ mbedtls_ssl_close_notify(&ssl);
ssl_exit:
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
- }
- else
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+ } else {
goto usage;
+ }
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_net_free( &server_fd );
- mbedtls_x509_crt_free( &cacert );
+ mbedtls_net_free(&server_fd);
+ mbedtls_x509_crt_free(&cacert);
#if defined(MBEDTLS_X509_CRL_PARSE_C)
- mbedtls_x509_crl_free( &cacrl );
+ mbedtls_x509_crl_free(&cacrl);
#endif
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index ab04648..9b854a1 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -29,13 +29,13 @@
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_SHA256_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_PEM_WRITE_C)
-int main( void )
+int main(void)
{
- mbedtls_printf( "MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_PK_PARSE_C and/or MBEDTLS_SHA256_C and/or "
- "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
- "not defined.\n");
- mbedtls_exit( 0 );
+ mbedtls_printf("MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_PK_PARSE_C and/or MBEDTLS_SHA256_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
+ "not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -99,8 +99,7 @@
/*
* global options
*/
-struct options
-{
+struct options {
const char *filename; /* filename of the key file */
const char *password; /* password for the key file */
int debug_level; /* level of debugging */
@@ -113,36 +112,37 @@
mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
} opt;
-int write_certificate_request( mbedtls_x509write_csr *req, const char *output_file,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret;
FILE *f;
unsigned char output_buf[4096];
size_t len = 0;
- memset( output_buf, 0, 4096 );
- if( ( ret = mbedtls_x509write_csr_pem( req, output_buf, 4096, f_rng, p_rng ) ) < 0 )
- return( ret );
-
- len = strlen( (char *) output_buf );
-
- if( ( f = fopen( output_file, "w" ) ) == NULL )
- return( -1 );
-
- if( fwrite( output_buf, 1, len, f ) != len )
- {
- fclose( f );
- return( -1 );
+ memset(output_buf, 0, 4096);
+ if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096, f_rng, p_rng)) < 0) {
+ return ret;
}
- fclose( f );
+ len = strlen((char *) output_buf);
- return( 0 );
+ if ((f = fopen(output_file, "w")) == NULL) {
+ return -1;
+ }
+
+ if (fwrite(output_buf, 1, len, f) != len) {
+ fclose(f);
+ return -1;
+ }
+
+ fclose(f);
+
+ return 0;
}
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@@ -158,15 +158,14 @@
/*
* Set to sane values
*/
- mbedtls_x509write_csr_init( &req );
- mbedtls_pk_init( &key );
- mbedtls_ctr_drbg_init( &ctr_drbg );
- memset( buf, 0, sizeof( buf ) );
+ mbedtls_x509write_csr_init(&req);
+ mbedtls_pk_init(&key);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ memset(buf, 0, sizeof(buf));
- if( argc == 0 )
- {
- usage:
- mbedtls_printf( USAGE );
+ if (argc == 0) {
+usage:
+ mbedtls_printf(USAGE);
goto exit;
}
@@ -181,214 +180,198 @@
opt.force_ns_cert_type = DFL_FORCE_NS_CERT_TYPE;
opt.md_alg = DFL_MD_ALG;
- for( i = 1; i < argc; i++ )
- {
+ for (i = 1; i < argc; i++) {
p = argv[i];
- if( ( q = strchr( p, '=' ) ) == NULL )
+ if ((q = strchr(p, '=')) == NULL) {
goto usage;
+ }
*q++ = '\0';
- if( strcmp( p, "filename" ) == 0 )
+ if (strcmp(p, "filename") == 0) {
opt.filename = q;
- else if( strcmp( p, "password" ) == 0 )
+ } else if (strcmp(p, "password") == 0) {
opt.password = q;
- else if( strcmp( p, "output_file" ) == 0 )
+ } else if (strcmp(p, "output_file") == 0) {
opt.output_file = q;
- else if( strcmp( p, "debug_level" ) == 0 )
- {
- opt.debug_level = atoi( q );
- if( opt.debug_level < 0 || opt.debug_level > 65535 )
- goto usage;
- }
- else if( strcmp( p, "subject_name" ) == 0 )
- {
- opt.subject_name = q;
- }
- else if( strcmp( p, "md" ) == 0 )
- {
- const mbedtls_md_info_t *md_info =
- mbedtls_md_info_from_string( q );
- if( md_info == NULL )
- {
- mbedtls_printf( "Invalid argument for option %s\n", p );
+ } else if (strcmp(p, "debug_level") == 0) {
+ opt.debug_level = atoi(q);
+ if (opt.debug_level < 0 || opt.debug_level > 65535) {
goto usage;
}
- opt.md_alg = mbedtls_md_get_type( md_info );
- }
- else if( strcmp( p, "key_usage" ) == 0 )
- {
- while( q != NULL )
- {
- if( ( r = strchr( q, ',' ) ) != NULL )
+ } else if (strcmp(p, "subject_name") == 0) {
+ opt.subject_name = q;
+ } else if (strcmp(p, "md") == 0) {
+ const mbedtls_md_info_t *md_info =
+ mbedtls_md_info_from_string(q);
+ if (md_info == NULL) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
+ goto usage;
+ }
+ opt.md_alg = mbedtls_md_get_type(md_info);
+ } else if (strcmp(p, "key_usage") == 0) {
+ while (q != NULL) {
+ if ((r = strchr(q, ',')) != NULL) {
*r++ = '\0';
+ }
- if( strcmp( q, "digital_signature" ) == 0 )
+ if (strcmp(q, "digital_signature") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
- else if( strcmp( q, "non_repudiation" ) == 0 )
+ } else if (strcmp(q, "non_repudiation") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION;
- else if( strcmp( q, "key_encipherment" ) == 0 )
+ } else if (strcmp(q, "key_encipherment") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
- else if( strcmp( q, "data_encipherment" ) == 0 )
+ } else if (strcmp(q, "data_encipherment") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT;
- else if( strcmp( q, "key_agreement" ) == 0 )
+ } else if (strcmp(q, "key_agreement") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT;
- else if( strcmp( q, "key_cert_sign" ) == 0 )
+ } else if (strcmp(q, "key_cert_sign") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN;
- else if( strcmp( q, "crl_sign" ) == 0 )
+ } else if (strcmp(q, "crl_sign") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_CRL_SIGN;
- else
+ } else {
goto usage;
+ }
q = r;
}
- }
- else if( strcmp( p, "force_key_usage" ) == 0 )
- {
- switch( atoi( q ) )
- {
+ } else if (strcmp(p, "force_key_usage") == 0) {
+ switch (atoi(q)) {
case 0: opt.force_key_usage = 0; break;
case 1: opt.force_key_usage = 1; break;
default: goto usage;
}
- }
- else if( strcmp( p, "ns_cert_type" ) == 0 )
- {
- while( q != NULL )
- {
- if( ( r = strchr( q, ',' ) ) != NULL )
+ } else if (strcmp(p, "ns_cert_type") == 0) {
+ while (q != NULL) {
+ if ((r = strchr(q, ',')) != NULL) {
*r++ = '\0';
+ }
- if( strcmp( q, "ssl_client" ) == 0 )
+ if (strcmp(q, "ssl_client") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT;
- else if( strcmp( q, "ssl_server" ) == 0 )
+ } else if (strcmp(q, "ssl_server") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER;
- else if( strcmp( q, "email" ) == 0 )
+ } else if (strcmp(q, "email") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL;
- else if( strcmp( q, "object_signing" ) == 0 )
+ } else if (strcmp(q, "object_signing") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING;
- else if( strcmp( q, "ssl_ca" ) == 0 )
+ } else if (strcmp(q, "ssl_ca") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA;
- else if( strcmp( q, "email_ca" ) == 0 )
+ } else if (strcmp(q, "email_ca") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA;
- else if( strcmp( q, "object_signing_ca" ) == 0 )
+ } else if (strcmp(q, "object_signing_ca") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA;
- else
+ } else {
goto usage;
+ }
q = r;
}
- }
- else if( strcmp( p, "force_ns_cert_type" ) == 0 )
- {
- switch( atoi( q ) )
- {
+ } else if (strcmp(p, "force_ns_cert_type") == 0) {
+ switch (atoi(q)) {
case 0: opt.force_ns_cert_type = 0; break;
case 1: opt.force_ns_cert_type = 1; break;
default: goto usage;
}
- }
- else
+ } else {
goto usage;
+ }
}
- mbedtls_x509write_csr_set_md_alg( &req, opt.md_alg );
+ mbedtls_x509write_csr_set_md_alg(&req, opt.md_alg);
- if( opt.key_usage || opt.force_key_usage == 1 )
- mbedtls_x509write_csr_set_key_usage( &req, opt.key_usage );
+ if (opt.key_usage || opt.force_key_usage == 1) {
+ mbedtls_x509write_csr_set_key_usage(&req, opt.key_usage);
+ }
- if( opt.ns_cert_type || opt.force_ns_cert_type == 1 )
- mbedtls_x509write_csr_set_ns_cert_type( &req, opt.ns_cert_type );
+ if (opt.ns_cert_type || opt.force_ns_cert_type == 1) {
+ mbedtls_x509write_csr_set_ns_cert_type(&req, opt.ns_cert_type);
+ }
/*
* 0. Seed the PRNG
*/
- mbedtls_printf( " . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf(" . Seeding the random number generator...");
+ fflush(stdout);
- mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d", ret );
+ mbedtls_entropy_init(&entropy);
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 1.0. Check the subject name for validity
*/
- mbedtls_printf( " . Checking subject name..." );
- fflush( stdout );
+ mbedtls_printf(" . Checking subject name...");
+ fflush(stdout);
- if( ( ret = mbedtls_x509write_csr_set_subject_name( &req, opt.subject_name ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509write_csr_set_subject_name returned %d", ret );
+ if ((ret = mbedtls_x509write_csr_set_subject_name(&req, opt.subject_name)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509write_csr_set_subject_name returned %d", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 1.1. Load the key
*/
- mbedtls_printf( " . Loading the private key ..." );
- fflush( stdout );
+ mbedtls_printf(" . Loading the private key ...");
+ fflush(stdout);
- ret = mbedtls_pk_parse_keyfile( &key, opt.filename, opt.password );
+ ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password);
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned %d", ret );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned %d", ret);
goto exit;
}
- mbedtls_x509write_csr_set_key( &req, &key );
+ mbedtls_x509write_csr_set_key(&req, &key);
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 1.2. Writing the request
*/
- mbedtls_printf( " . Writing the certificate request ..." );
- fflush( stdout );
+ mbedtls_printf(" . Writing the certificate request ...");
+ fflush(stdout);
- if( ( ret = write_certificate_request( &req, opt.output_file,
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! write_certificate_request %d", ret );
+ if ((ret = write_certificate_request(&req, opt.output_file,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! write_certificate_request %d", ret);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- if( exit_code != MBEDTLS_EXIT_SUCCESS )
- {
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
#ifdef MBEDTLS_ERROR_C
- mbedtls_strerror( ret, buf, sizeof( buf ) );
- mbedtls_printf( " - %s\n", buf );
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" - %s\n", buf);
#else
mbedtls_printf("\n");
#endif
}
- mbedtls_x509write_csr_free( &req );
- mbedtls_pk_free( &key );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_x509write_csr_free(&req);
+ mbedtls_pk_free(&key);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 30e9e0a..ad3dacd 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -30,13 +30,13 @@
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_ERROR_C) || !defined(MBEDTLS_SHA256_C) || \
!defined(MBEDTLS_PEM_WRITE_C)
-int main( void )
+int main(void)
{
- mbedtls_printf( "MBEDTLS_X509_CRT_WRITE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
- "MBEDTLS_FS_IO and/or MBEDTLS_SHA256_C and/or "
- "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
- "MBEDTLS_ERROR_C not defined.\n");
- mbedtls_exit( 0 );
+ mbedtls_printf("MBEDTLS_X509_CRT_WRITE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
+ "MBEDTLS_FS_IO and/or MBEDTLS_SHA256_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_ERROR_C not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -104,8 +104,8 @@
" issuer_pwd=%%s default: (empty)\n" \
" output_file=%%s default: cert.crt\n" \
" serial=%%s default: 1\n" \
- " not_before=%%s default: 20010101000000\n"\
- " not_after=%%s default: 20301231235959\n"\
+ " not_before=%%s default: 20010101000000\n" \
+ " not_after=%%s default: 20301231235959\n" \
" is_ca=%%d default: 0 (disabled)\n" \
" max_pathlen=%%d default: -1 (none)\n" \
" md=%%s default: SHA256\n" \
@@ -113,16 +113,16 @@
" MD2, MD4, MD5, RIPEMD160, SHA1,\n" \
" SHA224, SHA256, SHA384, SHA512\n" \
" version=%%d default: 3\n" \
- " Possible values: 1, 2, 3\n"\
+ " Possible values: 1, 2, 3\n" \
" subject_identifier=%%s default: 1\n" \
" Possible values: 0, 1\n" \
- " (Considered for v3 only)\n"\
+ " (Considered for v3 only)\n" \
" authority_identifier=%%s default: 1\n" \
" Possible values: 0, 1\n" \
- " (Considered for v3 only)\n"\
+ " (Considered for v3 only)\n" \
" basic_constraints=%%d default: 1\n" \
" Possible values: 0, 1\n" \
- " (Considered for v3 only)\n"\
+ " (Considered for v3 only)\n" \
" key_usage=%%s default: (empty)\n" \
" Comma-separated-list of values:\n" \
" digital_signature\n" \
@@ -132,7 +132,7 @@
" key_agreement\n" \
" key_cert_sign\n" \
" crl_sign\n" \
- " (Considered for v3 only)\n"\
+ " (Considered for v3 only)\n" \
" ns_cert_type=%%s default: (empty)\n" \
" Comma-separated-list of values:\n" \
" ssl_client\n" \
@@ -148,8 +148,7 @@
/*
* global options
*/
-struct options
-{
+struct options {
const char *issuer_crt; /* filename of the issuer certificate */
const char *request_file; /* filename of the certificate request */
const char *subject_key; /* filename of the subject key file */
@@ -174,44 +173,45 @@
unsigned char ns_cert_type; /* NS cert type */
} opt;
-int write_certificate( mbedtls_x509write_cert *crt, const char *output_file,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int write_certificate(mbedtls_x509write_cert *crt, const char *output_file,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
{
int ret;
FILE *f;
unsigned char output_buf[4096];
size_t len = 0;
- memset( output_buf, 0, 4096 );
- if( ( ret = mbedtls_x509write_crt_pem( crt, output_buf, 4096,
- f_rng, p_rng ) ) < 0 )
- return( ret );
-
- len = strlen( (char *) output_buf );
-
- if( ( f = fopen( output_file, "w" ) ) == NULL )
- return( -1 );
-
- if( fwrite( output_buf, 1, len, f ) != len )
- {
- fclose( f );
- return( -1 );
+ memset(output_buf, 0, 4096);
+ if ((ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096,
+ f_rng, p_rng)) < 0) {
+ return ret;
}
- fclose( f );
+ len = strlen((char *) output_buf);
- return( 0 );
+ if ((f = fopen(output_file, "w")) == NULL) {
+ return -1;
+ }
+
+ if (fwrite(output_buf, 1, len, f) != len) {
+ fclose(f);
+ return -1;
+ }
+
+ fclose(f);
+
+ return 0;
}
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_x509_crt issuer_crt;
mbedtls_pk_context loaded_issuer_key, loaded_subject_key;
mbedtls_pk_context *issuer_key = &loaded_issuer_key,
- *subject_key = &loaded_subject_key;
+ *subject_key = &loaded_subject_key;
char buf[1024];
char issuer_name[256];
int i;
@@ -229,22 +229,21 @@
/*
* Set to sane values
*/
- mbedtls_x509write_crt_init( &crt );
- mbedtls_pk_init( &loaded_issuer_key );
- mbedtls_pk_init( &loaded_subject_key );
- mbedtls_mpi_init( &serial );
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_entropy_init( &entropy );
+ mbedtls_x509write_crt_init(&crt);
+ mbedtls_pk_init(&loaded_issuer_key);
+ mbedtls_pk_init(&loaded_subject_key);
+ mbedtls_mpi_init(&serial);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
#if defined(MBEDTLS_X509_CSR_PARSE_C)
- mbedtls_x509_csr_init( &csr );
+ mbedtls_x509_csr_init(&csr);
#endif
- mbedtls_x509_crt_init( &issuer_crt );
- memset( buf, 0, 1024 );
+ mbedtls_x509_crt_init(&issuer_crt);
+ memset(buf, 0, 1024);
- if( argc == 0 )
- {
- usage:
- mbedtls_printf( USAGE );
+ if (argc == 0) {
+usage:
+ mbedtls_printf(USAGE);
goto exit;
}
@@ -271,188 +270,149 @@
opt.authority_identifier = DFL_AUTH_IDENT;
opt.basic_constraints = DFL_CONSTRAINTS;
- for( i = 1; i < argc; i++ )
- {
+ for (i = 1; i < argc; i++) {
p = argv[i];
- if( ( q = strchr( p, '=' ) ) == NULL )
+ if ((q = strchr(p, '=')) == NULL) {
goto usage;
+ }
*q++ = '\0';
- if( strcmp( p, "request_file" ) == 0 )
+ if (strcmp(p, "request_file") == 0) {
opt.request_file = q;
- else if( strcmp( p, "subject_key" ) == 0 )
+ } else if (strcmp(p, "subject_key") == 0) {
opt.subject_key = q;
- else if( strcmp( p, "issuer_key" ) == 0 )
+ } else if (strcmp(p, "issuer_key") == 0) {
opt.issuer_key = q;
- else if( strcmp( p, "subject_pwd" ) == 0 )
+ } else if (strcmp(p, "subject_pwd") == 0) {
opt.subject_pwd = q;
- else if( strcmp( p, "issuer_pwd" ) == 0 )
+ } else if (strcmp(p, "issuer_pwd") == 0) {
opt.issuer_pwd = q;
- else if( strcmp( p, "issuer_crt" ) == 0 )
+ } else if (strcmp(p, "issuer_crt") == 0) {
opt.issuer_crt = q;
- else if( strcmp( p, "output_file" ) == 0 )
+ } else if (strcmp(p, "output_file") == 0) {
opt.output_file = q;
- else if( strcmp( p, "subject_name" ) == 0 )
- {
+ } else if (strcmp(p, "subject_name") == 0) {
opt.subject_name = q;
- }
- else if( strcmp( p, "issuer_name" ) == 0 )
- {
+ } else if (strcmp(p, "issuer_name") == 0) {
opt.issuer_name = q;
- }
- else if( strcmp( p, "not_before" ) == 0 )
- {
+ } else if (strcmp(p, "not_before") == 0) {
opt.not_before = q;
- }
- else if( strcmp( p, "not_after" ) == 0 )
- {
+ } else if (strcmp(p, "not_after") == 0) {
opt.not_after = q;
- }
- else if( strcmp( p, "serial" ) == 0 )
- {
+ } else if (strcmp(p, "serial") == 0) {
opt.serial = q;
- }
- else if( strcmp( p, "authority_identifier" ) == 0 )
- {
- opt.authority_identifier = atoi( q );
- if( opt.authority_identifier != 0 &&
- opt.authority_identifier != 1 )
- {
- mbedtls_printf( "Invalid argument for option %s\n", p );
+ } else if (strcmp(p, "authority_identifier") == 0) {
+ opt.authority_identifier = atoi(q);
+ if (opt.authority_identifier != 0 &&
+ opt.authority_identifier != 1) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
goto usage;
}
- }
- else if( strcmp( p, "subject_identifier" ) == 0 )
- {
- opt.subject_identifier = atoi( q );
- if( opt.subject_identifier != 0 &&
- opt.subject_identifier != 1 )
- {
- mbedtls_printf( "Invalid argument for option %s\n", p );
+ } else if (strcmp(p, "subject_identifier") == 0) {
+ opt.subject_identifier = atoi(q);
+ if (opt.subject_identifier != 0 &&
+ opt.subject_identifier != 1) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
goto usage;
}
- }
- else if( strcmp( p, "basic_constraints" ) == 0 )
- {
- opt.basic_constraints = atoi( q );
- if( opt.basic_constraints != 0 &&
- opt.basic_constraints != 1 )
- {
- mbedtls_printf( "Invalid argument for option %s\n", p );
+ } else if (strcmp(p, "basic_constraints") == 0) {
+ opt.basic_constraints = atoi(q);
+ if (opt.basic_constraints != 0 &&
+ opt.basic_constraints != 1) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
goto usage;
}
- }
- else if( strcmp( p, "md" ) == 0 )
- {
+ } else if (strcmp(p, "md") == 0) {
const mbedtls_md_info_t *md_info =
- mbedtls_md_info_from_string( q );
- if( md_info == NULL )
- {
- mbedtls_printf( "Invalid argument for option %s\n", p );
+ mbedtls_md_info_from_string(q);
+ if (md_info == NULL) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
goto usage;
}
- opt.md = mbedtls_md_get_type( md_info );
- }
- else if( strcmp( p, "version" ) == 0 )
- {
- opt.version = atoi( q );
- if( opt.version < 1 || opt.version > 3 )
- {
- mbedtls_printf( "Invalid argument for option %s\n", p );
+ opt.md = mbedtls_md_get_type(md_info);
+ } else if (strcmp(p, "version") == 0) {
+ opt.version = atoi(q);
+ if (opt.version < 1 || opt.version > 3) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
goto usage;
}
opt.version--;
- }
- else if( strcmp( p, "selfsign" ) == 0 )
- {
- opt.selfsign = atoi( q );
- if( opt.selfsign < 0 || opt.selfsign > 1 )
- {
- mbedtls_printf( "Invalid argument for option %s\n", p );
+ } else if (strcmp(p, "selfsign") == 0) {
+ opt.selfsign = atoi(q);
+ if (opt.selfsign < 0 || opt.selfsign > 1) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
goto usage;
}
- }
- else if( strcmp( p, "is_ca" ) == 0 )
- {
- opt.is_ca = atoi( q );
- if( opt.is_ca < 0 || opt.is_ca > 1 )
- {
- mbedtls_printf( "Invalid argument for option %s\n", p );
+ } else if (strcmp(p, "is_ca") == 0) {
+ opt.is_ca = atoi(q);
+ if (opt.is_ca < 0 || opt.is_ca > 1) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
goto usage;
}
- }
- else if( strcmp( p, "max_pathlen" ) == 0 )
- {
- opt.max_pathlen = atoi( q );
- if( opt.max_pathlen < -1 || opt.max_pathlen > 127 )
- {
- mbedtls_printf( "Invalid argument for option %s\n", p );
+ } else if (strcmp(p, "max_pathlen") == 0) {
+ opt.max_pathlen = atoi(q);
+ if (opt.max_pathlen < -1 || opt.max_pathlen > 127) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
goto usage;
}
- }
- else if( strcmp( p, "key_usage" ) == 0 )
- {
- while( q != NULL )
- {
- if( ( r = strchr( q, ',' ) ) != NULL )
+ } else if (strcmp(p, "key_usage") == 0) {
+ while (q != NULL) {
+ if ((r = strchr(q, ',')) != NULL) {
*r++ = '\0';
+ }
- if( strcmp( q, "digital_signature" ) == 0 )
+ if (strcmp(q, "digital_signature") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
- else if( strcmp( q, "non_repudiation" ) == 0 )
+ } else if (strcmp(q, "non_repudiation") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION;
- else if( strcmp( q, "key_encipherment" ) == 0 )
+ } else if (strcmp(q, "key_encipherment") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
- else if( strcmp( q, "data_encipherment" ) == 0 )
+ } else if (strcmp(q, "data_encipherment") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT;
- else if( strcmp( q, "key_agreement" ) == 0 )
+ } else if (strcmp(q, "key_agreement") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT;
- else if( strcmp( q, "key_cert_sign" ) == 0 )
+ } else if (strcmp(q, "key_cert_sign") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN;
- else if( strcmp( q, "crl_sign" ) == 0 )
+ } else if (strcmp(q, "crl_sign") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_CRL_SIGN;
- else
- {
- mbedtls_printf( "Invalid argument for option %s\n", p );
+ } else {
+ mbedtls_printf("Invalid argument for option %s\n", p);
goto usage;
}
q = r;
}
- }
- else if( strcmp( p, "ns_cert_type" ) == 0 )
- {
- while( q != NULL )
- {
- if( ( r = strchr( q, ',' ) ) != NULL )
+ } else if (strcmp(p, "ns_cert_type") == 0) {
+ while (q != NULL) {
+ if ((r = strchr(q, ',')) != NULL) {
*r++ = '\0';
+ }
- if( strcmp( q, "ssl_client" ) == 0 )
+ if (strcmp(q, "ssl_client") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT;
- else if( strcmp( q, "ssl_server" ) == 0 )
+ } else if (strcmp(q, "ssl_server") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER;
- else if( strcmp( q, "email" ) == 0 )
+ } else if (strcmp(q, "email") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL;
- else if( strcmp( q, "object_signing" ) == 0 )
+ } else if (strcmp(q, "object_signing") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING;
- else if( strcmp( q, "ssl_ca" ) == 0 )
+ } else if (strcmp(q, "ssl_ca") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA;
- else if( strcmp( q, "email_ca" ) == 0 )
+ } else if (strcmp(q, "email_ca") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA;
- else if( strcmp( q, "object_signing_ca" ) == 0 )
+ } else if (strcmp(q, "object_signing_ca") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA;
- else
- {
- mbedtls_printf( "Invalid argument for option %s\n", p );
+ } else {
+ mbedtls_printf("Invalid argument for option %s\n", p);
goto usage;
}
q = r;
}
- }
- else
+ } else {
goto usage;
+ }
}
mbedtls_printf("\n");
@@ -460,339 +420,310 @@
/*
* 0. Seed the PRNG
*/
- mbedtls_printf( " . Seeding the random number generator..." );
- fflush( stdout );
+ mbedtls_printf(" . Seeding the random number generator...");
+ fflush(stdout);
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n",
- ret, buf );
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n",
+ ret, buf);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
// Parse serial to MPI
//
- mbedtls_printf( " . Reading serial number..." );
- fflush( stdout );
+ mbedtls_printf(" . Reading serial number...");
+ fflush(stdout);
- if( ( ret = mbedtls_mpi_read_string( &serial, 10, opt.serial ) ) != 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_mpi_read_string "
- "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
+ if ((ret = mbedtls_mpi_read_string(&serial, 10, opt.serial)) != 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! mbedtls_mpi_read_string "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
// Parse issuer certificate if present
//
- if( !opt.selfsign && strlen( opt.issuer_crt ) )
- {
+ if (!opt.selfsign && strlen(opt.issuer_crt)) {
/*
* 1.0.a. Load the certificates
*/
- mbedtls_printf( " . Loading the issuer certificate ..." );
- fflush( stdout );
+ mbedtls_printf(" . Loading the issuer certificate ...");
+ fflush(stdout);
- if( ( ret = mbedtls_x509_crt_parse_file( &issuer_crt, opt.issuer_crt ) ) != 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file "
- "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
+ if ((ret = mbedtls_x509_crt_parse_file(&issuer_crt, opt.issuer_crt)) != 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
goto exit;
}
- ret = mbedtls_x509_dn_gets( issuer_name, sizeof(issuer_name),
- &issuer_crt.subject );
- if( ret < 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets "
- "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
+ ret = mbedtls_x509_dn_gets(issuer_name, sizeof(issuer_name),
+ &issuer_crt.subject);
+ if (ret < 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! mbedtls_x509_dn_gets "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
goto exit;
}
opt.issuer_name = issuer_name;
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
}
#if defined(MBEDTLS_X509_CSR_PARSE_C)
// Parse certificate request if present
//
- if( !opt.selfsign && strlen( opt.request_file ) )
- {
+ if (!opt.selfsign && strlen(opt.request_file)) {
/*
* 1.0.b. Load the CSR
*/
- mbedtls_printf( " . Loading the certificate request ..." );
- fflush( stdout );
+ mbedtls_printf(" . Loading the certificate request ...");
+ fflush(stdout);
- if( ( ret = mbedtls_x509_csr_parse_file( &csr, opt.request_file ) ) != 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file "
- "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
+ if ((ret = mbedtls_x509_csr_parse_file(&csr, opt.request_file)) != 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! mbedtls_x509_csr_parse_file "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
goto exit;
}
- ret = mbedtls_x509_dn_gets( subject_name, sizeof(subject_name),
- &csr.subject );
- if( ret < 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets "
- "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
+ ret = mbedtls_x509_dn_gets(subject_name, sizeof(subject_name),
+ &csr.subject);
+ if (ret < 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! mbedtls_x509_dn_gets "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
goto exit;
}
opt.subject_name = subject_name;
subject_key = &csr.pk;
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
}
#endif /* MBEDTLS_X509_CSR_PARSE_C */
/*
* 1.1. Load the keys
*/
- if( !opt.selfsign && !strlen( opt.request_file ) )
- {
- mbedtls_printf( " . Loading the subject key ..." );
- fflush( stdout );
+ if (!opt.selfsign && !strlen(opt.request_file)) {
+ mbedtls_printf(" . Loading the subject key ...");
+ fflush(stdout);
- ret = mbedtls_pk_parse_keyfile( &loaded_subject_key, opt.subject_key,
- opt.subject_pwd );
- if( ret != 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile "
- "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
+ ret = mbedtls_pk_parse_keyfile(&loaded_subject_key, opt.subject_key,
+ opt.subject_pwd);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
}
- mbedtls_printf( " . Loading the issuer key ..." );
- fflush( stdout );
+ mbedtls_printf(" . Loading the issuer key ...");
+ fflush(stdout);
- ret = mbedtls_pk_parse_keyfile( &loaded_issuer_key, opt.issuer_key,
- opt.issuer_pwd );
- if( ret != 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile "
- "returned -x%02x - %s\n\n", (unsigned int) -ret, buf );
+ ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, opt.issuer_key,
+ opt.issuer_pwd);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile "
+ "returned -x%02x - %s\n\n", (unsigned int) -ret, buf);
goto exit;
}
// Check if key and issuer certificate match
//
- if( strlen( opt.issuer_crt ) )
- {
- if( mbedtls_pk_check_pair( &issuer_crt.pk, issuer_key ) != 0 )
- {
- mbedtls_printf( " failed\n ! issuer_key does not match "
- "issuer certificate\n\n" );
+ if (strlen(opt.issuer_crt)) {
+ if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key) != 0) {
+ mbedtls_printf(" failed\n ! issuer_key does not match "
+ "issuer certificate\n\n");
goto exit;
}
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
- if( opt.selfsign )
- {
+ if (opt.selfsign) {
opt.subject_name = opt.issuer_name;
subject_key = issuer_key;
}
- mbedtls_x509write_crt_set_subject_key( &crt, subject_key );
- mbedtls_x509write_crt_set_issuer_key( &crt, issuer_key );
+ mbedtls_x509write_crt_set_subject_key(&crt, subject_key);
+ mbedtls_x509write_crt_set_issuer_key(&crt, issuer_key);
/*
* 1.0. Check the names for validity
*/
- if( ( ret = mbedtls_x509write_crt_set_subject_name( &crt, opt.subject_name ) ) != 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name "
- "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
+ if ((ret = mbedtls_x509write_crt_set_subject_name(&crt, opt.subject_name)) != 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_subject_name "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
goto exit;
}
- if( ( ret = mbedtls_x509write_crt_set_issuer_name( &crt, opt.issuer_name ) ) != 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name "
- "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
+ if ((ret = mbedtls_x509write_crt_set_issuer_name(&crt, opt.issuer_name)) != 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_issuer_name "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
goto exit;
}
- mbedtls_printf( " . Setting certificate values ..." );
- fflush( stdout );
+ mbedtls_printf(" . Setting certificate values ...");
+ fflush(stdout);
- mbedtls_x509write_crt_set_version( &crt, opt.version );
- mbedtls_x509write_crt_set_md_alg( &crt, opt.md );
+ mbedtls_x509write_crt_set_version(&crt, opt.version);
+ mbedtls_x509write_crt_set_md_alg(&crt, opt.md);
- ret = mbedtls_x509write_crt_set_serial( &crt, &serial );
- if( ret != 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial "
- "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
+ ret = mbedtls_x509write_crt_set_serial(&crt, &serial);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_serial "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
goto exit;
}
- ret = mbedtls_x509write_crt_set_validity( &crt, opt.not_before, opt.not_after );
- if( ret != 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity "
- "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
+ ret = mbedtls_x509write_crt_set_validity(&crt, opt.not_before, opt.not_after);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_validity "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
- if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
- opt.basic_constraints != 0 )
- {
- mbedtls_printf( " . Adding the Basic Constraints extension ..." );
- fflush( stdout );
+ if (opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
+ opt.basic_constraints != 0) {
+ mbedtls_printf(" . Adding the Basic Constraints extension ...");
+ fflush(stdout);
- ret = mbedtls_x509write_crt_set_basic_constraints( &crt, opt.is_ca,
- opt.max_pathlen );
- if( ret != 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! x509write_crt_set_basic_constraints "
- "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
+ ret = mbedtls_x509write_crt_set_basic_constraints(&crt, opt.is_ca,
+ opt.max_pathlen);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! x509write_crt_set_basic_constraints "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
}
#if defined(MBEDTLS_SHA1_C)
- if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
- opt.subject_identifier != 0 )
- {
- mbedtls_printf( " . Adding the Subject Key Identifier ..." );
- fflush( stdout );
+ if (opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
+ opt.subject_identifier != 0) {
+ mbedtls_printf(" . Adding the Subject Key Identifier ...");
+ fflush(stdout);
- ret = mbedtls_x509write_crt_set_subject_key_identifier( &crt );
- if( ret != 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject"
- "_key_identifier returned -0x%04x - %s\n\n",
- (unsigned int) -ret, buf );
+ ret = mbedtls_x509write_crt_set_subject_key_identifier(&crt);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_subject"
+ "_key_identifier returned -0x%04x - %s\n\n",
+ (unsigned int) -ret, buf);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
}
- if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
- opt.authority_identifier != 0 )
- {
- mbedtls_printf( " . Adding the Authority Key Identifier ..." );
- fflush( stdout );
+ if (opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
+ opt.authority_identifier != 0) {
+ mbedtls_printf(" . Adding the Authority Key Identifier ...");
+ fflush(stdout);
- ret = mbedtls_x509write_crt_set_authority_key_identifier( &crt );
- if( ret != 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_authority_"
- "key_identifier returned -0x%04x - %s\n\n",
- (unsigned int) -ret, buf );
+ ret = mbedtls_x509write_crt_set_authority_key_identifier(&crt);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_authority_"
+ "key_identifier returned -0x%04x - %s\n\n",
+ (unsigned int) -ret, buf);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
}
#endif /* MBEDTLS_SHA1_C */
- if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
- opt.key_usage != 0 )
- {
- mbedtls_printf( " . Adding the Key Usage extension ..." );
- fflush( stdout );
+ if (opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
+ opt.key_usage != 0) {
+ mbedtls_printf(" . Adding the Key Usage extension ...");
+ fflush(stdout);
- ret = mbedtls_x509write_crt_set_key_usage( &crt, opt.key_usage );
- if( ret != 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage "
- "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
+ ret = mbedtls_x509write_crt_set_key_usage(&crt, opt.key_usage);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_key_usage "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
}
- if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
- opt.ns_cert_type != 0 )
- {
- mbedtls_printf( " . Adding the NS Cert Type extension ..." );
- fflush( stdout );
+ if (opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
+ opt.ns_cert_type != 0) {
+ mbedtls_printf(" . Adding the NS Cert Type extension ...");
+ fflush(stdout);
- ret = mbedtls_x509write_crt_set_ns_cert_type( &crt, opt.ns_cert_type );
- if( ret != 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type "
- "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
+ ret = mbedtls_x509write_crt_set_ns_cert_type(&crt, opt.ns_cert_type);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_ns_cert_type "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
}
/*
* 1.2. Writing the certificate
*/
- mbedtls_printf( " . Writing the certificate..." );
- fflush( stdout );
+ mbedtls_printf(" . Writing the certificate...");
+ fflush(stdout);
- if( ( ret = write_certificate( &crt, opt.output_file,
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! write_certificate -0x%04x - %s\n\n",
- (unsigned int) -ret, buf );
+ if ((ret = write_certificate(&crt, opt.output_file,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_strerror(ret, buf, 1024);
+ mbedtls_printf(" failed\n ! write_certificate -0x%04x - %s\n\n",
+ (unsigned int) -ret, buf);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
#if defined(MBEDTLS_X509_CSR_PARSE_C)
- mbedtls_x509_csr_free( &csr );
+ mbedtls_x509_csr_free(&csr);
#endif /* MBEDTLS_X509_CSR_PARSE_C */
- mbedtls_x509_crt_free( &issuer_crt );
- mbedtls_x509write_crt_free( &crt );
- mbedtls_pk_free( &loaded_subject_key );
- mbedtls_pk_free( &loaded_issuer_key );
- mbedtls_mpi_free( &serial );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_x509_crt_free(&issuer_crt);
+ mbedtls_x509write_crt_free(&crt);
+ mbedtls_pk_free(&loaded_subject_key);
+ mbedtls_pk_free(&loaded_issuer_key);
+ mbedtls_mpi_free(&serial);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C &&
MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 0a6d261..4b98757 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -27,11 +27,11 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -54,12 +54,11 @@
/*
* global options
*/
-struct options
-{
+struct options {
const char *filename; /* filename of the certificate file */
} opt;
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@@ -71,72 +70,70 @@
/*
* Set to sane values
*/
- mbedtls_x509_crl_init( &crl );
+ mbedtls_x509_crl_init(&crl);
- if( argc == 0 )
- {
- usage:
- mbedtls_printf( USAGE );
+ if (argc == 0) {
+usage:
+ mbedtls_printf(USAGE);
goto exit;
}
opt.filename = DFL_FILENAME;
- for( i = 1; i < argc; i++ )
- {
+ for (i = 1; i < argc; i++) {
p = argv[i];
- if( ( q = strchr( p, '=' ) ) == NULL )
+ if ((q = strchr(p, '=')) == NULL) {
goto usage;
+ }
*q++ = '\0';
- if( strcmp( p, "filename" ) == 0 )
+ if (strcmp(p, "filename") == 0) {
opt.filename = q;
- else
+ } else {
goto usage;
+ }
}
/*
* 1.1. Load the CRL
*/
- mbedtls_printf( "\n . Loading the CRL ..." );
- fflush( stdout );
+ mbedtls_printf("\n . Loading the CRL ...");
+ fflush(stdout);
- ret = mbedtls_x509_crl_parse_file( &crl, opt.filename );
+ ret = mbedtls_x509_crl_parse_file(&crl, opt.filename);
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse_file returned %d\n\n", ret );
- mbedtls_x509_crl_free( &crl );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crl_parse_file returned %d\n\n", ret);
+ mbedtls_x509_crl_free(&crl);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 1.2 Print the CRL
*/
- mbedtls_printf( " . CRL information ...\n" );
- ret = mbedtls_x509_crl_info( (char *) buf, sizeof( buf ) - 1, " ", &crl );
- if( ret == -1 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crl_info returned %d\n\n", ret );
- mbedtls_x509_crl_free( &crl );
+ mbedtls_printf(" . CRL information ...\n");
+ ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl);
+ if (ret == -1) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crl_info returned %d\n\n", ret);
+ mbedtls_x509_crl_free(&crl);
goto exit;
}
- mbedtls_printf( "%s\n", buf );
+ mbedtls_printf("%s\n", buf);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_x509_crl_free( &crl );
+ mbedtls_x509_crl_free(&crl);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CRL_PARSE_C &&
MBEDTLS_FS_IO */
diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c
index 611fe88..faf4ba9 100644
--- a/programs/x509/load_roots.c
+++ b/programs/x509/load_roots.c
@@ -54,11 +54,11 @@
#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_TIMING_C)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_TIMING_C not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_TIMING_C not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -84,55 +84,51 @@
/*
* global options
*/
-struct options
-{
+struct options {
const char **filenames; /* NULL-terminated list of file names */
unsigned iterations; /* Number of iterations to time */
int prime_cache; /* Prime the disk read cache? */
} opt;
-int read_certificates( const char *const *filenames )
+int read_certificates(const char *const *filenames)
{
mbedtls_x509_crt cas;
int ret = 0;
const char *const *cur;
- mbedtls_x509_crt_init( &cas );
+ mbedtls_x509_crt_init(&cas);
- for( cur = filenames; *cur != NULL; cur++ )
- {
- ret = mbedtls_x509_crt_parse_file( &cas, *cur );
- if( ret != 0 )
- {
+ for (cur = filenames; *cur != NULL; cur++) {
+ ret = mbedtls_x509_crt_parse_file(&cas, *cur);
+ if (ret != 0) {
#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
char error_message[200];
- mbedtls_strerror( ret, error_message, sizeof( error_message ) );
- printf( "\n%s: -0x%04x (%s)\n",
- *cur, (unsigned) -ret, error_message );
+ mbedtls_strerror(ret, error_message, sizeof(error_message));
+ printf("\n%s: -0x%04x (%s)\n",
+ *cur, (unsigned) -ret, error_message);
#else
- printf( "\n%s: -0x%04x\n",
- *cur, (unsigned) -ret );
+ printf("\n%s: -0x%04x\n",
+ *cur, (unsigned) -ret);
#endif
goto exit;
}
}
exit:
- mbedtls_x509_crt_free( &cas );
- return( ret == 0 );
+ mbedtls_x509_crt_free(&cas);
+ return ret == 0;
}
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int exit_code = MBEDTLS_EXIT_FAILURE;
unsigned i, j;
struct mbedtls_timing_hr_time timer;
unsigned long ms;
- if( argc <= 1 )
- {
- mbedtls_printf( USAGE );
+ if (argc <= 1) {
+ mbedtls_printf(USAGE);
goto exit;
}
@@ -140,66 +136,61 @@
opt.iterations = DFL_ITERATIONS;
opt.prime_cache = DFL_PRIME_CACHE;
- for( i = 1; i < (unsigned) argc; i++ )
- {
+ for (i = 1; i < (unsigned) argc; i++) {
char *p = argv[i];
char *q = NULL;
- if( strcmp( p, "--" ) == 0 )
+ if (strcmp(p, "--") == 0) {
break;
- if( ( q = strchr( p, '=' ) ) == NULL )
+ }
+ if ((q = strchr(p, '=')) == NULL) {
break;
+ }
*q++ = '\0';
- for( j = 0; p + j < q; j++ )
- {
- if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
+ for (j = 0; p + j < q; j++) {
+ if (argv[i][j] >= 'A' && argv[i][j] <= 'Z') {
argv[i][j] |= 0x20;
+ }
}
- if( strcmp( p, "iterations" ) == 0 )
- {
- opt.iterations = atoi( q );
- }
- else if( strcmp( p, "prime" ) == 0 )
- {
- opt.iterations = atoi( q ) != 0;
- }
- else
- {
- mbedtls_printf( "Unknown option: %s\n", p );
- mbedtls_printf( USAGE );
+ if (strcmp(p, "iterations") == 0) {
+ opt.iterations = atoi(q);
+ } else if (strcmp(p, "prime") == 0) {
+ opt.iterations = atoi(q) != 0;
+ } else {
+ mbedtls_printf("Unknown option: %s\n", p);
+ mbedtls_printf(USAGE);
goto exit;
}
}
- opt.filenames = (const char**) argv + i;
- if( *opt.filenames == 0 )
- {
- mbedtls_printf( "Missing list of certificate files to parse\n" );
+ opt.filenames = (const char **) argv + i;
+ if (*opt.filenames == 0) {
+ mbedtls_printf("Missing list of certificate files to parse\n");
goto exit;
}
- mbedtls_printf( "Parsing %u certificates", argc - i );
- if( opt.prime_cache )
- {
- if( ! read_certificates( opt.filenames ) )
+ mbedtls_printf("Parsing %u certificates", argc - i);
+ if (opt.prime_cache) {
+ if (!read_certificates(opt.filenames)) {
goto exit;
- mbedtls_printf( " " );
+ }
+ mbedtls_printf(" ");
}
- (void) mbedtls_timing_get_timer( &timer, 1 );
- for( i = 1; i <= opt.iterations; i++ )
- {
- if( ! read_certificates( opt.filenames ) )
+ (void) mbedtls_timing_get_timer(&timer, 1);
+ for (i = 1; i <= opt.iterations; i++) {
+ if (!read_certificates(opt.filenames)) {
goto exit;
- mbedtls_printf( "." );
+ }
+ mbedtls_printf(".");
}
- ms = mbedtls_timing_get_timer( &timer, 0 );
- mbedtls_printf( "\n%u iterations -> %lu ms\n", opt.iterations, ms );
+ ms = mbedtls_timing_get_timer(&timer, 0);
+ mbedtls_printf("\n%u iterations -> %lu ms\n", opt.iterations, ms);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* necessary configuration */
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 1a76f45..bc9f67f 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -27,11 +27,11 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO)
-int main( void )
+int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
- mbedtls_exit( 0 );
+ "MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
+ mbedtls_exit(0);
}
#else
@@ -54,12 +54,11 @@
/*
* global options
*/
-struct options
-{
+struct options {
const char *filename; /* filename of the certificate request */
} opt;
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@@ -71,72 +70,70 @@
/*
* Set to sane values
*/
- mbedtls_x509_csr_init( &csr );
+ mbedtls_x509_csr_init(&csr);
- if( argc == 0 )
- {
- usage:
- mbedtls_printf( USAGE );
+ if (argc == 0) {
+usage:
+ mbedtls_printf(USAGE);
goto exit;
}
opt.filename = DFL_FILENAME;
- for( i = 1; i < argc; i++ )
- {
+ for (i = 1; i < argc; i++) {
p = argv[i];
- if( ( q = strchr( p, '=' ) ) == NULL )
+ if ((q = strchr(p, '=')) == NULL) {
goto usage;
+ }
*q++ = '\0';
- if( strcmp( p, "filename" ) == 0 )
+ if (strcmp(p, "filename") == 0) {
opt.filename = q;
- else
+ } else {
goto usage;
+ }
}
/*
* 1.1. Load the CSR
*/
- mbedtls_printf( "\n . Loading the CSR ..." );
- fflush( stdout );
+ mbedtls_printf("\n . Loading the CSR ...");
+ fflush(stdout);
- ret = mbedtls_x509_csr_parse_file( &csr, opt.filename );
+ ret = mbedtls_x509_csr_parse_file(&csr, opt.filename);
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file returned %d\n\n", ret );
- mbedtls_x509_csr_free( &csr );
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_csr_parse_file returned %d\n\n", ret);
+ mbedtls_x509_csr_free(&csr);
goto exit;
}
- mbedtls_printf( " ok\n" );
+ mbedtls_printf(" ok\n");
/*
* 1.2 Print the CSR
*/
- mbedtls_printf( " . CSR information ...\n" );
- ret = mbedtls_x509_csr_info( (char *) buf, sizeof( buf ) - 1, " ", &csr );
- if( ret == -1 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_csr_info returned %d\n\n", ret );
- mbedtls_x509_csr_free( &csr );
+ mbedtls_printf(" . CSR information ...\n");
+ ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr);
+ if (ret == -1) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_csr_info returned %d\n\n", ret);
+ mbedtls_x509_csr_free(&csr);
goto exit;
}
- mbedtls_printf( "%s\n", buf );
+ mbedtls_printf("%s\n", buf);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_x509_csr_free( &csr );
+ mbedtls_x509_csr_free(&csr);
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf(" + Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
#endif
- mbedtls_exit( exit_code );
+ mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CSR_PARSE_C &&
MBEDTLS_FS_IO */
diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt
index fc210b9..0775003 100644
--- a/scripts/data_files/error.fmt
+++ b/scripts/data_files/error.fmt
@@ -32,115 +32,120 @@
HEADER_INCLUDED
-const char * mbedtls_high_level_strerr( int error_code )
+const char *mbedtls_high_level_strerr(int error_code)
{
int high_level_error_code;
- if( error_code < 0 )
+ if (error_code < 0) {
error_code = -error_code;
+ }
/* Extract the high-level part from the error code. */
high_level_error_code = error_code & 0xFF80;
- switch( high_level_error_code )
- {
- /* Begin Auto-Generated Code. */
-HIGH_LEVEL_CODE_CHECKS
+ switch (high_level_error_code) {
+ /* Begin Auto-Generated Code. */
+ HIGH_LEVEL_CODE_CHECKS
/* End Auto-Generated Code. */
default:
break;
}
- return( NULL );
+ return NULL;
}
-const char * mbedtls_low_level_strerr( int error_code )
+const char *mbedtls_low_level_strerr(int error_code)
{
int low_level_error_code;
- if( error_code < 0 )
+ if (error_code < 0) {
error_code = -error_code;
+ }
/* Extract the low-level part from the error code. */
low_level_error_code = error_code & ~0xFF80;
- switch( low_level_error_code )
- {
- /* Begin Auto-Generated Code. */
-LOW_LEVEL_CODE_CHECKS
+ switch (low_level_error_code) {
+ /* Begin Auto-Generated Code. */
+ LOW_LEVEL_CODE_CHECKS
/* End Auto-Generated Code. */
default:
break;
}
- return( NULL );
+ return NULL;
}
-void mbedtls_strerror( int ret, char *buf, size_t buflen )
+void mbedtls_strerror(int ret, char *buf, size_t buflen)
{
size_t len;
int use_ret;
- const char * high_level_error_description = NULL;
- const char * low_level_error_description = NULL;
+ const char *high_level_error_description = NULL;
+ const char *low_level_error_description = NULL;
- if( buflen == 0 )
+ if (buflen == 0) {
return;
+ }
- memset( buf, 0x00, buflen );
+ memset(buf, 0x00, buflen);
- if( ret < 0 )
+ if (ret < 0) {
ret = -ret;
+ }
- if( ret & 0xFF80 )
- {
+ if (ret & 0xFF80) {
use_ret = ret & 0xFF80;
// Translate high level error code.
- high_level_error_description = mbedtls_high_level_strerr( ret );
+ high_level_error_description = mbedtls_high_level_strerr(ret);
- if( high_level_error_description == NULL )
- mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret );
- else
- mbedtls_snprintf( buf, buflen, "%s", high_level_error_description );
+ if (high_level_error_description == NULL) {
+ mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret);
+ } else {
+ mbedtls_snprintf(buf, buflen, "%s", high_level_error_description);
+ }
#if defined(MBEDTLS_SSL_TLS_C)
// Early return in case of a fatal error - do not try to translate low
// level code.
- if(use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE))
+ if (use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) {
return;
+ }
#endif /* MBEDTLS_SSL_TLS_C */
}
use_ret = ret & ~0xFF80;
- if( use_ret == 0 )
+ if (use_ret == 0) {
return;
+ }
// If high level code is present, make a concatenation between both
// error strings.
//
- len = strlen( buf );
+ len = strlen(buf);
- if( len > 0 )
- {
- if( buflen - len < 5 )
+ if (len > 0) {
+ if (buflen - len < 5) {
return;
+ }
- mbedtls_snprintf( buf + len, buflen - len, " : " );
+ mbedtls_snprintf(buf + len, buflen - len, " : ");
buf += len + 3;
buflen -= len + 3;
}
// Translate low level error code.
- low_level_error_description = mbedtls_low_level_strerr( ret );
+ low_level_error_description = mbedtls_low_level_strerr(ret);
- if( low_level_error_description == NULL )
- mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret );
- else
- mbedtls_snprintf( buf, buflen, "%s", low_level_error_description );
+ if (low_level_error_description == NULL) {
+ mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret);
+ } else {
+ mbedtls_snprintf(buf, buflen, "%s", low_level_error_description);
+ }
}
#else /* MBEDTLS_ERROR_C */
@@ -148,18 +153,19 @@
/*
* Provide a dummy implementation when MBEDTLS_ERROR_C is not defined
*/
-void mbedtls_strerror( int ret, char *buf, size_t buflen )
+void mbedtls_strerror(int ret, char *buf, size_t buflen)
{
((void) ret);
- if( buflen > 0 )
+ if (buflen > 0) {
buf[0] = '\0';
+ }
}
#endif /* MBEDTLS_ERROR_C */
#if defined(MBEDTLS_TEST_HOOKS)
-void (*mbedtls_test_hook_error_add)( int, int, const char *, int );
+void (*mbedtls_test_hook_error_add)(int, int, const char *, int);
#endif
#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */
diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt
index 6ed9d4e..6470ee0 100644
--- a/scripts/data_files/query_config.fmt
+++ b/scripts/data_files/query_config.fmt
@@ -110,11 +110,12 @@
*/
#define MACRO_EXPANSION_TO_STR(macro) MACRO_NAME_TO_STR(macro)
#define MACRO_NAME_TO_STR(macro) \
- mbedtls_printf( "%s", strlen( #macro "" ) > 0 ? #macro "\n" : "" )
+ mbedtls_printf("%s", strlen( #macro "") > 0 ? #macro "\n" : "")
#define STRINGIFY(macro) #macro
#define OUTPUT_MACRO_NAME_VALUE(macro) mbedtls_printf( #macro "%s\n", \
- ( STRINGIFY(macro) "" )[0] != 0 ? "=" STRINGIFY(macro) : "" )
+ (STRINGIFY(macro) "")[0] != 0 ? "=" STRINGIFY( \
+ macro) : "")
#if defined(_MSC_VER)
/*
@@ -129,13 +130,13 @@
#pragma warning(disable:4003)
#endif /* _MSC_VER */
-int query_config( const char *config )
+int query_config(const char *config)
{
-CHECK_CONFIG /* If the symbol is not found, return an error */
- return( 1 );
+ CHECK_CONFIG /* If the symbol is not found, return an error */
+ return 1;
}
-void list_config( void )
+void list_config(void)
{
LIST_CONFIG
}
diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt
index d4bf774..d3217a1 100644
--- a/scripts/data_files/version_features.fmt
+++ b/scripts/data_files/version_features.fmt
@@ -27,28 +27,30 @@
static const char * const features[] = {
#if defined(MBEDTLS_VERSION_FEATURES)
-FEATURE_DEFINES
+ FEATURE_DEFINES
#endif /* MBEDTLS_VERSION_FEATURES */
NULL
};
-int mbedtls_version_check_feature( const char *feature )
+int mbedtls_version_check_feature(const char *feature)
{
const char * const *idx = features;
- if( *idx == NULL )
- return( -2 );
+ if (*idx == NULL) {
+ return -2;
+ }
- if( feature == NULL )
- return( -1 );
+ if (feature == NULL) {
+ return -1;
+ }
- while( *idx != NULL )
- {
- if( !strcmp( *idx, feature ) )
- return( 0 );
+ while (*idx != NULL) {
+ if (!strcmp(*idx, feature)) {
+ return 0;
+ }
idx++;
}
- return( -1 );
+ return -1;
}
#endif /* MBEDTLS_VERSION_C */
diff --git a/tests/configs/config-wrapper-malloc-0-null.h b/tests/configs/config-wrapper-malloc-0-null.h
index add1a78..622ac57 100644
--- a/tests/configs/config-wrapper-malloc-0-null.h
+++ b/tests/configs/config-wrapper-malloc-0-null.h
@@ -26,11 +26,12 @@
#include <stdlib.h>
#ifndef MBEDTLS_PLATFORM_STD_CALLOC
-static inline void *custom_calloc( size_t nmemb, size_t size )
+static inline void *custom_calloc(size_t nmemb, size_t size)
{
- if( nmemb == 0 || size == 0 )
- return( NULL );
- return( calloc( nmemb, size ) );
+ if (nmemb == 0 || size == 0) {
+ return NULL;
+ }
+ return calloc(nmemb, size);
}
#define MBEDTLS_PLATFORM_MEMORY
diff --git a/tests/include/spe/crypto_spe.h b/tests/include/spe/crypto_spe.h
index 1aee8a5..a79ce17 100644
--- a/tests/include/spe/crypto_spe.h
+++ b/tests/include/spe/crypto_spe.h
@@ -34,110 +34,110 @@
#define PSA_FUNCTION_NAME(x) mbedcrypto__ ## x
#define psa_crypto_init \
- PSA_FUNCTION_NAME(psa_crypto_init)
+ PSA_FUNCTION_NAME(psa_crypto_init)
#define psa_key_derivation_get_capacity \
- PSA_FUNCTION_NAME(psa_key_derivation_get_capacity)
+ PSA_FUNCTION_NAME(psa_key_derivation_get_capacity)
#define psa_key_derivation_set_capacity \
- PSA_FUNCTION_NAME(psa_key_derivation_set_capacity)
+ PSA_FUNCTION_NAME(psa_key_derivation_set_capacity)
#define psa_key_derivation_input_bytes \
- PSA_FUNCTION_NAME(psa_key_derivation_input_bytes)
+ PSA_FUNCTION_NAME(psa_key_derivation_input_bytes)
#define psa_key_derivation_output_bytes \
- PSA_FUNCTION_NAME(psa_key_derivation_output_bytes)
+ PSA_FUNCTION_NAME(psa_key_derivation_output_bytes)
#define psa_key_derivation_input_key \
- PSA_FUNCTION_NAME(psa_key_derivation_input_key)
+ PSA_FUNCTION_NAME(psa_key_derivation_input_key)
#define psa_key_derivation_output_key \
- PSA_FUNCTION_NAME(psa_key_derivation_output_key)
+ PSA_FUNCTION_NAME(psa_key_derivation_output_key)
#define psa_key_derivation_setup \
- PSA_FUNCTION_NAME(psa_key_derivation_setup)
+ PSA_FUNCTION_NAME(psa_key_derivation_setup)
#define psa_key_derivation_abort \
- PSA_FUNCTION_NAME(psa_key_derivation_abort)
+ PSA_FUNCTION_NAME(psa_key_derivation_abort)
#define psa_key_derivation_key_agreement \
- PSA_FUNCTION_NAME(psa_key_derivation_key_agreement)
+ PSA_FUNCTION_NAME(psa_key_derivation_key_agreement)
#define psa_raw_key_agreement \
- PSA_FUNCTION_NAME(psa_raw_key_agreement)
+ PSA_FUNCTION_NAME(psa_raw_key_agreement)
#define psa_generate_random \
- PSA_FUNCTION_NAME(psa_generate_random)
+ PSA_FUNCTION_NAME(psa_generate_random)
#define psa_aead_encrypt \
- PSA_FUNCTION_NAME(psa_aead_encrypt)
+ PSA_FUNCTION_NAME(psa_aead_encrypt)
#define psa_aead_decrypt \
- PSA_FUNCTION_NAME(psa_aead_decrypt)
+ PSA_FUNCTION_NAME(psa_aead_decrypt)
#define psa_open_key \
- PSA_FUNCTION_NAME(psa_open_key)
+ PSA_FUNCTION_NAME(psa_open_key)
#define psa_close_key \
- PSA_FUNCTION_NAME(psa_close_key)
+ PSA_FUNCTION_NAME(psa_close_key)
#define psa_import_key \
- PSA_FUNCTION_NAME(psa_import_key)
+ PSA_FUNCTION_NAME(psa_import_key)
#define psa_destroy_key \
- PSA_FUNCTION_NAME(psa_destroy_key)
+ PSA_FUNCTION_NAME(psa_destroy_key)
#define psa_get_key_attributes \
- PSA_FUNCTION_NAME(psa_get_key_attributes)
+ PSA_FUNCTION_NAME(psa_get_key_attributes)
#define psa_reset_key_attributes \
- PSA_FUNCTION_NAME(psa_reset_key_attributes)
+ PSA_FUNCTION_NAME(psa_reset_key_attributes)
#define psa_export_key \
- PSA_FUNCTION_NAME(psa_export_key)
+ PSA_FUNCTION_NAME(psa_export_key)
#define psa_export_public_key \
- PSA_FUNCTION_NAME(psa_export_public_key)
+ PSA_FUNCTION_NAME(psa_export_public_key)
#define psa_purge_key \
- PSA_FUNCTION_NAME(psa_purge_key)
+ PSA_FUNCTION_NAME(psa_purge_key)
#define psa_copy_key \
- PSA_FUNCTION_NAME(psa_copy_key)
+ PSA_FUNCTION_NAME(psa_copy_key)
#define psa_cipher_operation_init \
- PSA_FUNCTION_NAME(psa_cipher_operation_init)
+ PSA_FUNCTION_NAME(psa_cipher_operation_init)
#define psa_cipher_generate_iv \
- PSA_FUNCTION_NAME(psa_cipher_generate_iv)
+ PSA_FUNCTION_NAME(psa_cipher_generate_iv)
#define psa_cipher_set_iv \
- PSA_FUNCTION_NAME(psa_cipher_set_iv)
+ PSA_FUNCTION_NAME(psa_cipher_set_iv)
#define psa_cipher_encrypt_setup \
- PSA_FUNCTION_NAME(psa_cipher_encrypt_setup)
+ PSA_FUNCTION_NAME(psa_cipher_encrypt_setup)
#define psa_cipher_decrypt_setup \
- PSA_FUNCTION_NAME(psa_cipher_decrypt_setup)
+ PSA_FUNCTION_NAME(psa_cipher_decrypt_setup)
#define psa_cipher_update \
- PSA_FUNCTION_NAME(psa_cipher_update)
+ PSA_FUNCTION_NAME(psa_cipher_update)
#define psa_cipher_finish \
- PSA_FUNCTION_NAME(psa_cipher_finish)
+ PSA_FUNCTION_NAME(psa_cipher_finish)
#define psa_cipher_abort \
- PSA_FUNCTION_NAME(psa_cipher_abort)
+ PSA_FUNCTION_NAME(psa_cipher_abort)
#define psa_hash_operation_init \
- PSA_FUNCTION_NAME(psa_hash_operation_init)
+ PSA_FUNCTION_NAME(psa_hash_operation_init)
#define psa_hash_setup \
- PSA_FUNCTION_NAME(psa_hash_setup)
+ PSA_FUNCTION_NAME(psa_hash_setup)
#define psa_hash_update \
- PSA_FUNCTION_NAME(psa_hash_update)
+ PSA_FUNCTION_NAME(psa_hash_update)
#define psa_hash_finish \
- PSA_FUNCTION_NAME(psa_hash_finish)
+ PSA_FUNCTION_NAME(psa_hash_finish)
#define psa_hash_verify \
- PSA_FUNCTION_NAME(psa_hash_verify)
+ PSA_FUNCTION_NAME(psa_hash_verify)
#define psa_hash_abort \
- PSA_FUNCTION_NAME(psa_hash_abort)
+ PSA_FUNCTION_NAME(psa_hash_abort)
#define psa_hash_clone \
- PSA_FUNCTION_NAME(psa_hash_clone)
+ PSA_FUNCTION_NAME(psa_hash_clone)
#define psa_hash_compute \
- PSA_FUNCTION_NAME(psa_hash_compute)
+ PSA_FUNCTION_NAME(psa_hash_compute)
#define psa_hash_compare \
- PSA_FUNCTION_NAME(psa_hash_compare)
+ PSA_FUNCTION_NAME(psa_hash_compare)
#define psa_mac_operation_init \
- PSA_FUNCTION_NAME(psa_mac_operation_init)
+ PSA_FUNCTION_NAME(psa_mac_operation_init)
#define psa_mac_sign_setup \
- PSA_FUNCTION_NAME(psa_mac_sign_setup)
+ PSA_FUNCTION_NAME(psa_mac_sign_setup)
#define psa_mac_verify_setup \
- PSA_FUNCTION_NAME(psa_mac_verify_setup)
+ PSA_FUNCTION_NAME(psa_mac_verify_setup)
#define psa_mac_update \
- PSA_FUNCTION_NAME(psa_mac_update)
+ PSA_FUNCTION_NAME(psa_mac_update)
#define psa_mac_sign_finish \
- PSA_FUNCTION_NAME(psa_mac_sign_finish)
+ PSA_FUNCTION_NAME(psa_mac_sign_finish)
#define psa_mac_verify_finish \
- PSA_FUNCTION_NAME(psa_mac_verify_finish)
+ PSA_FUNCTION_NAME(psa_mac_verify_finish)
#define psa_mac_abort \
- PSA_FUNCTION_NAME(psa_mac_abort)
+ PSA_FUNCTION_NAME(psa_mac_abort)
#define psa_sign_hash \
- PSA_FUNCTION_NAME(psa_sign_hash)
+ PSA_FUNCTION_NAME(psa_sign_hash)
#define psa_verify_hash \
- PSA_FUNCTION_NAME(psa_verify_hash)
+ PSA_FUNCTION_NAME(psa_verify_hash)
#define psa_asymmetric_encrypt \
- PSA_FUNCTION_NAME(psa_asymmetric_encrypt)
+ PSA_FUNCTION_NAME(psa_asymmetric_encrypt)
#define psa_asymmetric_decrypt \
- PSA_FUNCTION_NAME(psa_asymmetric_decrypt)
+ PSA_FUNCTION_NAME(psa_asymmetric_decrypt)
#define psa_generate_key \
- PSA_FUNCTION_NAME(psa_generate_key)
+ PSA_FUNCTION_NAME(psa_generate_key)
#endif /* CRYPTO_SPE_H */
diff --git a/tests/include/test/asn1_helpers.h b/tests/include/test/asn1_helpers.h
index 91ae260..dee3cbd 100644
--- a/tests/include/test/asn1_helpers.h
+++ b/tests/include/test/asn1_helpers.h
@@ -43,8 +43,8 @@
*
* \return \c 0 if the test failed, otherwise 1.
*/
-int mbedtls_test_asn1_skip_integer( unsigned char **p, const unsigned char *end,
- size_t min_bits, size_t max_bits,
- int must_be_odd );
+int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end,
+ size_t min_bits, size_t max_bits,
+ int must_be_odd);
#endif /* ASN1_HELPERS_H */
diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h
index 2207cb3..182bed2 100644
--- a/tests/include/test/drivers/aead.h
+++ b/tests/include/test/drivers/aead.h
@@ -41,10 +41,10 @@
#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0 }
static inline mbedtls_test_driver_aead_hooks_t
- mbedtls_test_driver_aead_hooks_init( void )
+mbedtls_test_driver_aead_hooks_init(void)
{
const mbedtls_test_driver_aead_hooks_t v = MBEDTLS_TEST_DRIVER_AEAD_INIT;
- return( v );
+ return v;
}
extern mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks;
@@ -56,7 +56,7 @@
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *plaintext, size_t plaintext_length,
- uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length );
+ uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length);
psa_status_t mbedtls_test_transparent_aead_decrypt(
const psa_key_attributes_t *attributes,
@@ -65,7 +65,7 @@
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *ciphertext, size_t ciphertext_length,
- uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
+ uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */
diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h
index c1aa616..2bd7b62 100644
--- a/tests/include/test/drivers/cipher.h
+++ b/tests/include/test/drivers/cipher.h
@@ -45,10 +45,10 @@
#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0 }
static inline mbedtls_test_driver_cipher_hooks_t
- mbedtls_test_driver_cipher_hooks_init( void )
+mbedtls_test_driver_cipher_hooks_init(void)
{
const mbedtls_test_driver_cipher_hooks_t v = MBEDTLS_TEST_DRIVER_CIPHER_INIT;
- return( v );
+ return v;
}
extern mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks;
@@ -81,7 +81,7 @@
psa_algorithm_t alg);
psa_status_t mbedtls_test_transparent_cipher_abort(
- mbedtls_transparent_test_driver_cipher_operation_t *operation );
+ mbedtls_transparent_test_driver_cipher_operation_t *operation);
psa_status_t mbedtls_test_transparent_cipher_set_iv(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
diff --git a/tests/include/test/drivers/hash.h b/tests/include/test/drivers/hash.h
index 865cd74..de7ebc5 100644
--- a/tests/include/test/drivers/hash.h
+++ b/tests/include/test/drivers/hash.h
@@ -41,10 +41,10 @@
#define MBEDTLS_TEST_DRIVER_HASH_INIT { 0, 0, 0 }
static inline mbedtls_test_driver_hash_hooks_t
- mbedtls_test_driver_hash_hooks_init( void )
+mbedtls_test_driver_hash_hooks_init(void)
{
const mbedtls_test_driver_hash_hooks_t v = MBEDTLS_TEST_DRIVER_HASH_INIT;
- return( v );
+ return v;
}
extern mbedtls_test_driver_hash_hooks_t mbedtls_test_driver_hash_hooks;
@@ -52,29 +52,29 @@
psa_status_t mbedtls_test_transparent_hash_compute(
psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
- uint8_t *hash, size_t hash_size, size_t *hash_length );
+ uint8_t *hash, size_t hash_size, size_t *hash_length);
psa_status_t mbedtls_test_transparent_hash_setup(
mbedtls_transparent_test_driver_hash_operation_t *operation,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
psa_status_t mbedtls_test_transparent_hash_clone(
const mbedtls_transparent_test_driver_hash_operation_t *source_operation,
- mbedtls_transparent_test_driver_hash_operation_t *target_operation );
+ mbedtls_transparent_test_driver_hash_operation_t *target_operation);
psa_status_t mbedtls_test_transparent_hash_update(
mbedtls_transparent_test_driver_hash_operation_t *operation,
const uint8_t *input,
- size_t input_length );
+ size_t input_length);
psa_status_t mbedtls_test_transparent_hash_finish(
mbedtls_transparent_test_driver_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
- size_t *hash_length );
+ size_t *hash_length);
psa_status_t mbedtls_test_transparent_hash_abort(
- mbedtls_transparent_test_driver_hash_operation_t *operation );
+ mbedtls_transparent_test_driver_hash_operation_t *operation);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
index c8dfbb3..d10ba4b 100644
--- a/tests/include/test/drivers/key_management.h
+++ b/tests/include/test/drivers/key_management.h
@@ -52,43 +52,43 @@
* used as a location of an opaque test drivers. */
#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0x800000 }
static inline mbedtls_test_driver_key_management_hooks_t
- mbedtls_test_driver_key_management_hooks_init( void )
+mbedtls_test_driver_key_management_hooks_init(void)
{
const mbedtls_test_driver_key_management_hooks_t
v = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT;
- return( v );
+ return v;
}
extern mbedtls_test_driver_key_management_hooks_t
mbedtls_test_driver_key_management_hooks;
-psa_status_t mbedtls_test_transparent_init( void );
-void mbedtls_test_transparent_free( void );
-psa_status_t mbedtls_test_opaque_init( void );
-void mbedtls_test_opaque_free( void );
+psa_status_t mbedtls_test_transparent_init(void);
+void mbedtls_test_transparent_free(void);
+psa_status_t mbedtls_test_opaque_init(void);
+void mbedtls_test_opaque_free(void);
psa_status_t mbedtls_test_transparent_generate_key(
const psa_key_attributes_t *attributes,
- uint8_t *key, size_t key_size, size_t *key_length );
+ uint8_t *key, size_t key_size, size_t *key_length);
psa_status_t mbedtls_test_opaque_generate_key(
const psa_key_attributes_t *attributes,
- uint8_t *key, size_t key_size, size_t *key_length );
+ uint8_t *key, size_t key_size, size_t *key_length);
psa_status_t mbedtls_test_opaque_export_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length );
+ uint8_t *data, size_t data_size, size_t *data_length);
psa_status_t mbedtls_test_transparent_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length );
+ uint8_t *data, size_t data_size, size_t *data_length);
psa_status_t mbedtls_test_opaque_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length );
+ uint8_t *data, size_t data_size, size_t *data_length);
psa_status_t mbedtls_test_transparent_import_key(
const psa_key_attributes_t *attributes,
@@ -102,7 +102,7 @@
psa_status_t mbedtls_test_opaque_get_builtin_key(
psa_drv_slot_number_t slot_number,
psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */
diff --git a/tests/include/test/drivers/mac.h b/tests/include/test/drivers/mac.h
index 7733dd3..8af1335 100644
--- a/tests/include/test/drivers/mac.h
+++ b/tests/include/test/drivers/mac.h
@@ -41,10 +41,10 @@
#define MBEDTLS_TEST_DRIVER_MAC_INIT { 0, 0, 0 }
static inline mbedtls_test_driver_mac_hooks_t
- mbedtls_test_driver_mac_hooks_init( void )
+mbedtls_test_driver_mac_hooks_init(void)
{
const mbedtls_test_driver_mac_hooks_t v = MBEDTLS_TEST_DRIVER_MAC_INIT;
- return( v );
+ return v;
}
extern mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks;
@@ -58,40 +58,40 @@
size_t input_length,
uint8_t *mac,
size_t mac_size,
- size_t *mac_length );
+ size_t *mac_length);
psa_status_t mbedtls_test_transparent_mac_sign_setup(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
psa_status_t mbedtls_test_transparent_mac_verify_setup(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
psa_status_t mbedtls_test_transparent_mac_update(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const uint8_t *input,
- size_t input_length );
+ size_t input_length);
psa_status_t mbedtls_test_transparent_mac_sign_finish(
mbedtls_transparent_test_driver_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
- size_t *mac_length );
+ size_t *mac_length);
psa_status_t mbedtls_test_transparent_mac_verify_finish(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const uint8_t *mac,
- size_t mac_length );
+ size_t mac_length);
psa_status_t mbedtls_test_transparent_mac_abort(
- mbedtls_transparent_test_driver_mac_operation_t *operation );
+ mbedtls_transparent_test_driver_mac_operation_t *operation);
psa_status_t mbedtls_test_opaque_mac_compute(
const psa_key_attributes_t *attributes,
@@ -102,40 +102,40 @@
size_t input_length,
uint8_t *mac,
size_t mac_size,
- size_t *mac_length );
+ size_t *mac_length);
psa_status_t mbedtls_test_opaque_mac_sign_setup(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
psa_status_t mbedtls_test_opaque_mac_verify_setup(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
psa_status_t mbedtls_test_opaque_mac_update(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const uint8_t *input,
- size_t input_length );
+ size_t input_length);
psa_status_t mbedtls_test_opaque_mac_sign_finish(
mbedtls_opaque_test_driver_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
- size_t *mac_length );
+ size_t *mac_length);
psa_status_t mbedtls_test_opaque_mac_verify_finish(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const uint8_t *mac,
- size_t mac_length );
+ size_t mac_length);
psa_status_t mbedtls_test_opaque_mac_abort(
- mbedtls_opaque_test_driver_mac_operation_t *operation );
+ mbedtls_opaque_test_driver_mac_operation_t *operation);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_MAC_H */
diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h
index 5e64edc..4a2465b 100644
--- a/tests/include/test/drivers/signature.h
+++ b/tests/include/test/drivers/signature.h
@@ -42,11 +42,11 @@
#define MBEDTLS_TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 }
static inline mbedtls_test_driver_signature_hooks_t
- mbedtls_test_driver_signature_hooks_init( void )
+mbedtls_test_driver_signature_hooks_init(void)
{
const mbedtls_test_driver_signature_hooks_t
v = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
- return( v );
+ return v;
}
extern mbedtls_test_driver_signature_hooks_t
@@ -63,7 +63,7 @@
size_t input_length,
uint8_t *signature,
size_t signature_size,
- size_t *signature_length );
+ size_t *signature_length);
psa_status_t mbedtls_test_opaque_signature_sign_message(
const psa_key_attributes_t *attributes,
@@ -74,7 +74,7 @@
size_t input_length,
uint8_t *signature,
size_t signature_size,
- size_t *signature_length );
+ size_t *signature_length);
psa_status_t mbedtls_test_transparent_signature_verify_message(
const psa_key_attributes_t *attributes,
@@ -84,7 +84,7 @@
const uint8_t *input,
size_t input_length,
const uint8_t *signature,
- size_t signature_length );
+ size_t signature_length);
psa_status_t mbedtls_test_opaque_signature_verify_message(
const psa_key_attributes_t *attributes,
@@ -94,35 +94,35 @@
const uint8_t *input,
size_t input_length,
const uint8_t *signature,
- size_t signature_length );
+ size_t signature_length);
psa_status_t mbedtls_test_transparent_signature_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length );
+ uint8_t *signature, size_t signature_size, size_t *signature_length);
psa_status_t mbedtls_test_opaque_signature_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length );
+ uint8_t *signature, size_t signature_size, size_t *signature_length);
psa_status_t mbedtls_test_transparent_signature_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length );
+ const uint8_t *signature, size_t signature_length);
psa_status_t mbedtls_test_opaque_signature_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length );
+ const uint8_t *signature, size_t signature_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */
diff --git a/tests/include/test/drivers/size.h b/tests/include/test/drivers/size.h
index b2665bd..9d0adcf 100644
--- a/tests/include/test/drivers/size.h
+++ b/tests/include/test/drivers/size.h
@@ -31,7 +31,7 @@
size_t mbedtls_test_size_function(
const psa_key_type_t key_type,
- const size_t key_bits );
+ const size_t key_bits);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_SIZE_H */
diff --git a/tests/include/test/fake_external_rng_for_test.h b/tests/include/test/fake_external_rng_for_test.h
index faeef22..ad8e1c6 100644
--- a/tests/include/test/fake_external_rng_for_test.h
+++ b/tests/include/test/fake_external_rng_for_test.h
@@ -44,13 +44,13 @@
* of the PSA subsystem. You may disable it temporarily to simulate a
* depleted entropy source.
*/
-void mbedtls_test_enable_insecure_external_rng( void );
+void mbedtls_test_enable_insecure_external_rng(void);
/** Disable the insecure implementation of mbedtls_psa_external_get_random().
*
* See mbedtls_test_enable_insecure_external_rng().
*/
-void mbedtls_test_disable_insecure_external_rng( void );
+void mbedtls_test_disable_insecure_external_rng(void);
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
#endif /* FAKE_EXTERNAL_RNG_FOR_TEST_H */
diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
index 7a87c5b..9d60c20 100644
--- a/tests/include/test/helpers.h
+++ b/tests/include/test/helpers.h
@@ -46,21 +46,18 @@
#endif
/** The type of test case arguments that contain binary data. */
-typedef struct data_tag
-{
- uint8_t * x;
+typedef struct data_tag {
+ uint8_t *x;
uint32_t len;
} data_t;
-typedef enum
-{
+typedef enum {
MBEDTLS_TEST_RESULT_SUCCESS = 0,
MBEDTLS_TEST_RESULT_FAILED,
MBEDTLS_TEST_RESULT_SKIPPED
} mbedtls_test_result_t;
-typedef struct
-{
+typedef struct {
mbedtls_test_result_t result;
const char *test;
const char *filename;
@@ -75,8 +72,8 @@
mbedtls_test_info_t;
extern mbedtls_test_info_t mbedtls_test_info;
-int mbedtls_test_platform_setup( void );
-void mbedtls_test_platform_teardown( void );
+int mbedtls_test_platform_setup(void);
+void mbedtls_test_platform_teardown(void);
/**
* \brief Record the current test case as a failure.
@@ -94,7 +91,7 @@
* \param line_no Line number where the failure originated.
* \param filename Filename where the failure originated.
*/
-void mbedtls_test_fail( const char *test, int line_no, const char* filename );
+void mbedtls_test_fail(const char *test, int line_no, const char *filename);
/**
* \brief Record the current test case as skipped.
@@ -107,7 +104,7 @@
* \param line_no Line number where the test case was skipped.
* \param filename Filename where the test case was skipped.
*/
-void mbedtls_test_skip( const char *test, int line_no, const char* filename );
+void mbedtls_test_skip(const char *test, int line_no, const char *filename);
/**
* \brief Set the test step number for failure reports.
@@ -119,12 +116,12 @@
*
* \param step The step number to report.
*/
-void mbedtls_test_set_step( unsigned long step );
+void mbedtls_test_set_step(unsigned long step);
/**
* \brief Reset mbedtls_test_info to a ready/starting state.
*/
-void mbedtls_test_info_reset( void );
+void mbedtls_test_info_reset(void);
/**
* \brief Record the current test case as a failure if two integers
@@ -144,8 +141,8 @@
*
* \return \c 1 if the values are equal, otherwise \c 0.
*/
-int mbedtls_test_equal( const char *test, int line_no, const char* filename,
- unsigned long long value1, unsigned long long value2 );
+int mbedtls_test_equal(const char *test, int line_no, const char *filename,
+ unsigned long long value1, unsigned long long value2);
/**
* \brief Record the current test case as a failure based
@@ -165,8 +162,8 @@
*
* \return \c 1 if \p value1 <= \p value2, otherwise \c 0.
*/
-int mbedtls_test_le_u( const char *test, int line_no, const char* filename,
- unsigned long long value1, unsigned long long value2 );
+int mbedtls_test_le_u(const char *test, int line_no, const char *filename,
+ unsigned long long value1, unsigned long long value2);
/**
* \brief Record the current test case as a failure based
@@ -186,8 +183,8 @@
*
* \return \c 1 if \p value1 <= \p value2, otherwise \c 0.
*/
-int mbedtls_test_le_s( const char *test, int line_no, const char* filename,
- long long value1, long long value2 );
+int mbedtls_test_le_s(const char *test, int line_no, const char *filename,
+ long long value1, long long value2);
/**
* \brief This function decodes the hexadecimal representation of
@@ -207,12 +204,12 @@
* \return \c -1 if the output buffer is too small or the input string
* is not a valid hexadecimal representation.
*/
-int mbedtls_test_unhexify( unsigned char *obuf, size_t obufmax,
- const char *ibuf, size_t *len );
+int mbedtls_test_unhexify(unsigned char *obuf, size_t obufmax,
+ const char *ibuf, size_t *len);
-void mbedtls_test_hexify( unsigned char *obuf,
- const unsigned char *ibuf,
- int len );
+void mbedtls_test_hexify(unsigned char *obuf,
+ const unsigned char *ibuf,
+ int len);
/**
* Allocate and zeroize a buffer.
@@ -221,7 +218,7 @@
*
* For convenience, dies if allocation fails.
*/
-unsigned char *mbedtls_test_zero_alloc( size_t len );
+unsigned char *mbedtls_test_zero_alloc(size_t len);
/**
* Allocate and fill a buffer from hex data.
@@ -233,15 +230,14 @@
*
* For convenience, dies if allocation fails.
*/
-unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen );
+unsigned char *mbedtls_test_unhexify_alloc(const char *ibuf, size_t *olen);
-int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b,
- uint32_t a_len, uint32_t b_len );
+int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b,
+ uint32_t a_len, uint32_t b_len);
#if defined(MBEDTLS_CHECK_PARAMS)
-typedef struct
-{
+typedef struct {
const char *failure_condition;
const char *file;
int line;
@@ -257,7 +253,7 @@
* mbedtls_param_failed() that cancels it.
*/
void mbedtls_test_param_failed_get_location_record(
- mbedtls_test_param_failed_location_record_t *location_record );
+ mbedtls_test_param_failed_location_record_t *location_record);
/**
* \brief State that a call to mbedtls_param_failed() is expected.
@@ -266,7 +262,7 @@
* mbedtls_test_param_failed_check_expected_call() or
* mbedtls_param_failed that cancel it.
*/
-void mbedtls_test_param_failed_expect_call( void );
+void mbedtls_test_param_failed_expect_call(void);
/**
* \brief Check whether mbedtls_param_failed() has been called as expected.
@@ -279,7 +275,7 @@
* mbedtls_param_failed() has been called.
* \c -1 Otherwise.
*/
-int mbedtls_test_param_failed_check_expected_call( void );
+int mbedtls_test_param_failed_check_expected_call(void);
/**
* \brief Get the address of the object of type jmp_buf holding the execution
@@ -308,7 +304,7 @@
* \return Address of the object of type jmp_buf holding the execution state
* information used by mbedtls_param_failed() to do a long jump.
*/
-void* mbedtls_test_param_failed_get_state_buf( void );
+void *mbedtls_test_param_failed_get_state_buf(void);
/**
* \brief Reset the execution state used by mbedtls_param_failed() to do a
@@ -324,7 +320,7 @@
* mbedtls_param_failed() will not trigger a long jump with
* undefined behavior but rather a long jump that will rather fault.
*/
-void mbedtls_test_param_failed_reset_state( void );
+void mbedtls_test_param_failed_reset_state(void);
#endif /* MBEDTLS_CHECK_PARAMS */
#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
@@ -334,11 +330,11 @@
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
/** Permanently activate the mutex usage verification framework. See
* threading_helpers.c for information. */
-void mbedtls_test_mutex_usage_init( void );
+void mbedtls_test_mutex_usage_init(void);
/** Call this function after executing a test case to check for mutex usage
* errors. */
-void mbedtls_test_mutex_usage_check( void );
+void mbedtls_test_mutex_usage_check(void);
#endif /* MBEDTLS_TEST_MUTEX_USAGE */
#if defined(MBEDTLS_TEST_HOOKS)
@@ -353,8 +349,8 @@
*
* \note If the check fails, fail the test currently being run.
*/
-void mbedtls_test_err_add_check( int high, int low,
- const char *file, int line);
+void mbedtls_test_err_add_check(int high, int low,
+ const char *file, int line);
#endif
#if defined(MBEDTLS_BIGNUM_C)
@@ -379,7 +375,7 @@
*
* \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
*/
-int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s );
+int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s);
/** Nonzero if the current test case had an input parsed with
* mbedtls_test_read_mpi() that is a negative 0 (`"-"`, `"-0"`, `"-00"`, etc.,
diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h
index f9de646..2354205 100644
--- a/tests/include/test/macros.h
+++ b/tests/include/test/macros.h
@@ -62,14 +62,14 @@
*
* \param TEST The test expression to be tested.
*/
-#define TEST_ASSERT( TEST ) \
+#define TEST_ASSERT(TEST) \
do { \
- if( ! (TEST) ) \
- { \
- mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \
- goto exit; \
- } \
- } while( 0 )
+ if (!(TEST)) \
+ { \
+ mbedtls_test_fail( #TEST, __LINE__, __FILE__); \
+ goto exit; \
+ } \
+ } while (0)
/** Evaluate two integer expressions and fail the test case if they have
* different values.
@@ -80,12 +80,12 @@
* \param expr1 An integral-typed expression to evaluate.
* \param expr2 Another integral-typed expression to evaluate.
*/
-#define TEST_EQUAL( expr1, expr2 ) \
+#define TEST_EQUAL(expr1, expr2) \
do { \
- if( ! mbedtls_test_equal( #expr1 " == " #expr2, __LINE__, __FILE__, \
- expr1, expr2 ) ) \
- goto exit; \
- } while( 0 )
+ if (!mbedtls_test_equal( #expr1 " == " #expr2, __LINE__, __FILE__, \
+ expr1, expr2)) \
+ goto exit; \
+ } while (0)
/** Evaluate two unsigned integer expressions and fail the test case
* if they are not in increasing order (left <= right).
@@ -93,12 +93,12 @@
* \param expr1 An integral-typed expression to evaluate.
* \param expr2 Another integral-typed expression to evaluate.
*/
-#define TEST_LE_U( expr1, expr2 ) \
+#define TEST_LE_U(expr1, expr2) \
do { \
- if( ! mbedtls_test_le_u( #expr1 " <= " #expr2, __LINE__, __FILE__, \
- expr1, expr2 ) ) \
- goto exit; \
- } while( 0 )
+ if (!mbedtls_test_le_u( #expr1 " <= " #expr2, __LINE__, __FILE__, \
+ expr1, expr2)) \
+ goto exit; \
+ } while (0)
/** Evaluate two signed integer expressions and fail the test case
* if they are not in increasing order (left <= right).
@@ -106,12 +106,12 @@
* \param expr1 An integral-typed expression to evaluate.
* \param expr2 Another integral-typed expression to evaluate.
*/
-#define TEST_LE_S( expr1, expr2 ) \
+#define TEST_LE_S(expr1, expr2) \
do { \
- if( ! mbedtls_test_le_s( #expr1 " <= " #expr2, __LINE__, __FILE__, \
- expr1, expr2 ) ) \
- goto exit; \
- } while( 0 )
+ if (!mbedtls_test_le_s( #expr1 " <= " #expr2, __LINE__, __FILE__, \
+ expr1, expr2)) \
+ goto exit; \
+ } while (0)
/** Allocate memory dynamically and fail the test case if this fails.
* The allocated memory will be filled with zeros.
@@ -133,36 +133,36 @@
* This expression may be evaluated multiple times.
*
*/
-#define ASSERT_ALLOC( pointer, length ) \
+#define ASSERT_ALLOC(pointer, length) \
do \
{ \
- TEST_ASSERT( ( pointer ) == NULL ); \
- if( ( length ) != 0 ) \
+ TEST_ASSERT((pointer) == NULL); \
+ if ((length) != 0) \
{ \
- ( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \
- ( length ) ); \
- TEST_ASSERT( ( pointer ) != NULL ); \
+ (pointer) = mbedtls_calloc(sizeof(*(pointer)), \
+ (length)); \
+ TEST_ASSERT((pointer) != NULL); \
} \
} \
- while( 0 )
+ while (0)
/** Allocate memory dynamically. If the allocation fails, skip the test case.
*
* This macro behaves like #ASSERT_ALLOC, except that if the allocation
* fails, it marks the test as skipped rather than failed.
*/
-#define ASSERT_ALLOC_WEAK( pointer, length ) \
+#define ASSERT_ALLOC_WEAK(pointer, length) \
do \
{ \
- TEST_ASSERT( ( pointer ) == NULL ); \
- if( ( length ) != 0 ) \
+ TEST_ASSERT((pointer) == NULL); \
+ if ((length) != 0) \
{ \
- ( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \
- ( length ) ); \
- TEST_ASSUME( ( pointer ) != NULL ); \
+ (pointer) = mbedtls_calloc(sizeof(*(pointer)), \
+ (length)); \
+ TEST_ASSUME((pointer) != NULL); \
} \
} \
- while( 0 )
+ while (0)
/** Compare two buffers and fail the test case if they differ.
*
@@ -176,14 +176,14 @@
* \param size2 Size of the second buffer in bytes.
* This expression may be evaluated multiple times.
*/
-#define ASSERT_COMPARE( p1, size1, p2, size2 ) \
+#define ASSERT_COMPARE(p1, size1, p2, size2) \
do \
{ \
- TEST_ASSERT( ( size1 ) == ( size2 ) ); \
- if( ( size1 ) != 0 ) \
- TEST_ASSERT( memcmp( ( p1 ), ( p2 ), ( size1 ) ) == 0 ); \
+ TEST_ASSERT((size1) == (size2)); \
+ if ((size1) != 0) \
+ TEST_ASSERT(memcmp((p1), (p2), (size1)) == 0); \
} \
- while( 0 )
+ while (0)
/**
* \brief This macro tests the expression passed to it and skips the
@@ -191,14 +191,14 @@
*
* \param TEST The test expression to be tested.
*/
-#define TEST_ASSUME( TEST ) \
+#define TEST_ASSUME(TEST) \
do { \
- if( ! (TEST) ) \
+ if (!(TEST)) \
{ \
- mbedtls_test_skip( #TEST, __LINE__, __FILE__ ); \
+ mbedtls_test_skip( #TEST, __LINE__, __FILE__); \
goto exit; \
} \
- } while( 0 )
+ } while (0)
#if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT)
/**
@@ -221,17 +221,17 @@
*
* \param TEST The test expression to be tested.
*/
-#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \
+#define TEST_INVALID_PARAM_RET(PARAM_ERR_VALUE, TEST) \
do { \
- mbedtls_test_param_failed_expect_call( ); \
- if( ( ( TEST ) != ( PARAM_ERR_VALUE ) ) || \
- ( mbedtls_test_param_failed_check_expected_call( ) != 0 ) ) \
+ mbedtls_test_param_failed_expect_call(); \
+ if (((TEST) != (PARAM_ERR_VALUE)) || \
+ (mbedtls_test_param_failed_check_expected_call() != 0)) \
{ \
- mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \
+ mbedtls_test_fail( #TEST, __LINE__, __FILE__); \
goto exit; \
} \
- mbedtls_test_param_failed_check_expected_call( ); \
- } while( 0 )
+ mbedtls_test_param_failed_check_expected_call(); \
+ } while (0)
/**
* \brief This macro tests the statement passed to it as a test step or
@@ -253,18 +253,18 @@
*
* \param TEST The test expression to be tested.
*/
-#define TEST_INVALID_PARAM( TEST ) \
+#define TEST_INVALID_PARAM(TEST) \
do { \
- memcpy( jmp_tmp, mbedtls_test_param_failed_get_state_buf( ), \
- sizeof( jmp_tmp ) ); \
- if( setjmp( mbedtls_test_param_failed_get_state_buf( ) ) == 0 ) \
+ memcpy(jmp_tmp, mbedtls_test_param_failed_get_state_buf(), \
+ sizeof(jmp_tmp)); \
+ if (setjmp(mbedtls_test_param_failed_get_state_buf()) == 0) \
{ \
TEST; \
- mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \
+ mbedtls_test_fail( #TEST, __LINE__, __FILE__); \
goto exit; \
} \
- mbedtls_test_param_failed_reset_state( ); \
- } while( 0 )
+ mbedtls_test_param_failed_reset_state(); \
+ } while (0)
#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */
/**
@@ -298,15 +298,15 @@
*
* \param TEST The test expression to be tested.
*/
-#define TEST_VALID_PARAM( TEST ) \
- TEST_ASSERT( ( TEST, 1 ) );
+#define TEST_VALID_PARAM(TEST) \
+ TEST_ASSERT((TEST, 1));
-#define TEST_HELPER_ASSERT(a) if( !( a ) ) \
-{ \
- mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \
- __FILE__, __LINE__, #a ); \
- mbedtls_exit( 1 ); \
-}
+#define TEST_HELPER_ASSERT(a) if (!(a)) \
+ { \
+ mbedtls_fprintf(stderr, "Assertion Failed at %s:%d - %s\n", \
+ __FILE__, __LINE__, #a); \
+ mbedtls_exit(1); \
+ }
/** \def ARRAY_LENGTH
* Return the number of elements of a static or stack array.
@@ -317,34 +317,34 @@
*/
/* A correct implementation of ARRAY_LENGTH, but which silently gives
* a nonsensical result if called with a pointer rather than an array. */
-#define ARRAY_LENGTH_UNSAFE( array ) \
- ( sizeof( array ) / sizeof( *( array ) ) )
+#define ARRAY_LENGTH_UNSAFE(array) \
+ (sizeof(array) / sizeof(*(array)))
#if defined(__GNUC__)
/* Test if arg and &(arg)[0] have the same type. This is true if arg is
* an array but not if it's a pointer. */
-#define IS_ARRAY_NOT_POINTER( arg ) \
- ( ! __builtin_types_compatible_p( __typeof__( arg ), \
- __typeof__( &( arg )[0] ) ) )
+#define IS_ARRAY_NOT_POINTER(arg) \
+ (!__builtin_types_compatible_p(__typeof__(arg), \
+ __typeof__(&(arg)[0])))
/* A compile-time constant with the value 0. If `const_expr` is not a
* compile-time constant with a nonzero value, cause a compile-time error. */
-#define STATIC_ASSERT_EXPR( const_expr ) \
- ( 0 && sizeof( struct { unsigned int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) )
+#define STATIC_ASSERT_EXPR(const_expr) \
+ (0 && sizeof(struct { unsigned int STATIC_ASSERT : 1 - 2 * !(const_expr); }))
/* Return the scalar value `value` (possibly promoted). This is a compile-time
* constant if `value` is. `condition` must be a compile-time constant.
* If `condition` is false, arrange to cause a compile-time error. */
-#define STATIC_ASSERT_THEN_RETURN( condition, value ) \
- ( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) )
+#define STATIC_ASSERT_THEN_RETURN(condition, value) \
+ (STATIC_ASSERT_EXPR(condition) ? 0 : (value))
-#define ARRAY_LENGTH( array ) \
- ( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \
- ARRAY_LENGTH_UNSAFE( array ) ) )
+#define ARRAY_LENGTH(array) \
+ (STATIC_ASSERT_THEN_RETURN(IS_ARRAY_NOT_POINTER(array), \
+ ARRAY_LENGTH_UNSAFE(array)))
#else
/* If we aren't sure the compiler supports our non-standard tricks,
* fall back to the unsafe implementation. */
-#define ARRAY_LENGTH( array ) ARRAY_LENGTH_UNSAFE( array )
+#define ARRAY_LENGTH(array) ARRAY_LENGTH_UNSAFE(array)
#endif
/** Return the smaller of two values.
@@ -354,7 +354,7 @@
*
* \return The smaller of \p x and \p y.
*/
-#define MIN( x, y ) ( ( x ) < ( y ) ? ( x ) : ( y ) )
+#define MIN(x, y) ((x) < (y) ? (x) : (y))
/** Return the larger of two values.
*
@@ -363,29 +363,29 @@
*
* \return The larger of \p x and \p y.
*/
-#define MAX( x, y ) ( ( x ) > ( y ) ? ( x ) : ( y ) )
+#define MAX(x, y) ((x) > (y) ? (x) : (y))
/*
* 32-bit integer manipulation macros (big endian)
*/
#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i) \
-{ \
- (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
- | ( (uint32_t) (b)[(i) + 1] << 16 ) \
- | ( (uint32_t) (b)[(i) + 2] << 8 ) \
- | ( (uint32_t) (b)[(i) + 3] ); \
-}
+#define GET_UINT32_BE(n, b, i) \
+ { \
+ (n) = ((uint32_t) (b)[(i)] << 24) \
+ | ((uint32_t) (b)[(i) + 1] << 16) \
+ | ((uint32_t) (b)[(i) + 2] << 8) \
+ | ((uint32_t) (b)[(i) + 3]); \
+ }
#endif
#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i) \
-{ \
- (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
- (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
- (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
- (b)[(i) + 3] = (unsigned char) ( (n) ); \
-}
+#define PUT_UINT32_BE(n, b, i) \
+ { \
+ (b)[(i)] = (unsigned char) ((n) >> 24); \
+ (b)[(i) + 1] = (unsigned char) ((n) >> 16); \
+ (b)[(i) + 2] = (unsigned char) ((n) >> 8); \
+ (b)[(i) + 3] = (unsigned char) ((n)); \
+ }
#endif
#endif /* TEST_MACROS_H */
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index 7dc829b..08179e2 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -36,11 +36,11 @@
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
/* Internal function for #TEST_USES_KEY_ID. Return 1 on success, 0 on failure. */
-int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id );
+int mbedtls_test_uses_key_id(mbedtls_svc_key_id_t key_id);
/** Destroy persistent keys recorded with #TEST_USES_KEY_ID.
*/
-void mbedtls_test_psa_purge_key_storage( void );
+void mbedtls_test_psa_purge_key_storage(void);
/** Purge the in-memory cache of persistent keys recorded with
* #TEST_USES_KEY_ID.
@@ -48,7 +48,7 @@
* Call this function before calling PSA_DONE() if it's ok for
* persistent keys to still exist at this point.
*/
-void mbedtls_test_psa_purge_key_cache( void );
+void mbedtls_test_psa_purge_key_cache(void);
/** \def TEST_USES_KEY_ID
*
@@ -75,18 +75,18 @@
*
* \param key_id The PSA key identifier to record.
*/
-#define TEST_USES_KEY_ID( key_id ) \
- TEST_ASSERT( mbedtls_test_uses_key_id( key_id ) )
+#define TEST_USES_KEY_ID(key_id) \
+ TEST_ASSERT(mbedtls_test_uses_key_id(key_id))
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-#define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) )
-#define mbedtls_test_psa_purge_key_storage( ) ( (void) 0 )
-#define mbedtls_test_psa_purge_key_cache( ) ( (void) 0 )
+#define TEST_USES_KEY_ID(key_id) ((void) (key_id))
+#define mbedtls_test_psa_purge_key_storage() ((void) 0)
+#define mbedtls_test_psa_purge_key_cache() ((void) 0)
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-#define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) )
+#define PSA_INIT() PSA_ASSERT(psa_crypto_init())
/** Check for things that have not been cleaned up properly in the
* PSA subsystem.
@@ -95,7 +95,7 @@
* \return A string literal explaining what has not been cleaned up
* if applicable.
*/
-const char *mbedtls_test_helper_is_psa_leaking( void );
+const char *mbedtls_test_helper_is_psa_leaking(void);
/** Check that no PSA Crypto key slots are in use.
*
@@ -104,13 +104,13 @@
* `TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )`
* but with a more informative message.
*/
-#define ASSERT_PSA_PRISTINE( ) \
+#define ASSERT_PSA_PRISTINE() \
do \
{ \
- if( test_fail_if_psa_leaking( __LINE__, __FILE__ ) ) \
- goto exit; \
+ if (test_fail_if_psa_leaking(__LINE__, __FILE__)) \
+ goto exit; \
} \
- while( 0 )
+ while (0)
/** Shut down the PSA Crypto subsystem and destroy persistent keys.
* Expect a clean shutdown, with no slots in use.
@@ -122,14 +122,14 @@
* \note Persistent keys must be recorded with #TEST_USES_KEY_ID before
* creating them.
*/
-#define PSA_DONE( ) \
+#define PSA_DONE() \
do \
{ \
- test_fail_if_psa_leaking( __LINE__, __FILE__ ); \
- mbedtls_test_psa_purge_key_storage( ); \
- mbedtls_psa_crypto_free( ); \
+ test_fail_if_psa_leaking(__LINE__, __FILE__); \
+ mbedtls_test_psa_purge_key_storage(); \
+ mbedtls_psa_crypto_free(); \
} \
- while( 0 )
+ while (0)
/** Shut down the PSA Crypto subsystem, allowing persistent keys to survive.
* Expect a clean shutdown, with no slots in use.
@@ -137,22 +137,22 @@
* If some key slots are still in use, record the test case as failed and
* jump to the `exit` label.
*/
-#define PSA_SESSION_DONE( ) \
+#define PSA_SESSION_DONE() \
do \
{ \
- mbedtls_test_psa_purge_key_cache( ); \
- ASSERT_PSA_PRISTINE( ); \
- mbedtls_psa_crypto_free( ); \
+ mbedtls_test_psa_purge_key_cache(); \
+ ASSERT_PSA_PRISTINE(); \
+ mbedtls_psa_crypto_free(); \
} \
- while( 0 )
+ while (0)
#if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
-psa_status_t mbedtls_test_record_status( psa_status_t status,
- const char *func,
- const char *file, int line,
- const char *expr );
+psa_status_t mbedtls_test_record_status(psa_status_t status,
+ const char *func,
+ const char *file, int line,
+ const char *expr);
/** Return value logging wrapper macro.
*
@@ -178,8 +178,8 @@
* a value of type #psa_status_t.
* \return The value of \p expr.
*/
-#define RECORD_STATUS( string, expr ) \
- mbedtls_test_record_status( ( expr ), string, __FILE__, __LINE__, #expr )
+#define RECORD_STATUS(string, expr) \
+ mbedtls_test_record_status((expr), string, __FILE__, __LINE__, #expr)
#include "instrument_record_status.h"
@@ -191,7 +191,7 @@
* permissions of other usage policies
* (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSAGE).
*/
-psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags );
+psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags);
/** Skip a test case if the given key is a 192 bits AES key and the AES
* implementation is at least partially provided by an accelerator or
@@ -220,18 +220,18 @@
#define MBEDTLS_TEST_HAVE_ALT_AES 0
#endif
-#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_bits ) \
+#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_bits) \
do \
{ \
- if( ( MBEDTLS_TEST_HAVE_ALT_AES ) && \
- ( ( key_type ) == PSA_KEY_TYPE_AES ) && \
- ( key_bits == 192 ) ) \
+ if ((MBEDTLS_TEST_HAVE_ALT_AES) && \
+ ((key_type) == PSA_KEY_TYPE_AES) && \
+ (key_bits == 192)) \
{ \
- mbedtls_test_skip( "AES-192 not supported", __LINE__, __FILE__ ); \
+ mbedtls_test_skip("AES-192 not supported", __LINE__, __FILE__); \
goto exit; \
} \
} \
- while( 0 )
+ while (0)
/** Skip a test case if a GCM operation with a nonce length different from
* 12 bytes fails and was performed by an accelerator or alternative
@@ -262,20 +262,20 @@
#define MBEDTLS_TEST_HAVE_ALT_GCM 0
#endif
-#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, \
- nonce_length ) \
+#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, \
+ nonce_length) \
do \
{ \
- if( ( MBEDTLS_TEST_HAVE_ALT_GCM ) && \
- ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( ( alg ) , 0 ) == \
- PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ) ) && \
- ( ( nonce_length ) != 12 ) ) \
+ if ((MBEDTLS_TEST_HAVE_ALT_GCM) && \
+ (PSA_ALG_AEAD_WITH_SHORTENED_TAG((alg), 0) == \
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0)) && \
+ ((nonce_length) != 12)) \
{ \
- mbedtls_test_skip( "GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); \
+ mbedtls_test_skip("GCM with non-12-byte IV is not supported", __LINE__, __FILE__); \
goto exit; \
} \
} \
- while( 0 )
+ while (0)
#endif /* MBEDTLS_PSA_CRYPTO_C */
@@ -292,14 +292,14 @@
* #MBEDTLS_USE_PSA_CRYPTO is disabled.
*/
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#define USE_PSA_INIT( ) PSA_INIT( )
-#define USE_PSA_DONE( ) PSA_DONE( )
+#define USE_PSA_INIT() PSA_INIT()
+#define USE_PSA_DONE() PSA_DONE()
#else /* MBEDTLS_USE_PSA_CRYPTO */
/* Define empty macros so that we can use them in the preamble and teardown
* of every test function that uses PSA conditionally based on
* MBEDTLS_USE_PSA_CRYPTO. */
-#define USE_PSA_INIT( ) ( (void) 0 )
-#define USE_PSA_DONE( ) ( (void) 0 )
+#define USE_PSA_INIT() ((void) 0)
+#define USE_PSA_DONE() ((void) 0)
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
#endif /* PSA_CRYPTO_HELPERS_H */
diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h
index 4306c1a..179df18 100644
--- a/tests/include/test/psa_exercise_key.h
+++ b/tests/include/test/psa_exercise_key.h
@@ -109,7 +109,7 @@
* This is used in some smoke tests.
*/
#if defined(KNOWN_SUPPORTED_HASH_ALG) && defined(PSA_WANT_ALG_HMAC)
-#define KNOWN_SUPPORTED_MAC_ALG ( PSA_ALG_HMAC( KNOWN_SUPPORTED_HASH_ALG ) )
+#define KNOWN_SUPPORTED_MAC_ALG (PSA_ALG_HMAC(KNOWN_SUPPORTED_HASH_ALG))
#define KNOWN_SUPPORTED_MAC_KEY_TYPE PSA_KEY_TYPE_HMAC
#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CMAC_C)
#define KNOWN_SUPPORTED_MAC_ALG PSA_ALG_CMAC
@@ -168,12 +168,12 @@
* \return \c 1 on success, \c 0 on failure.
*/
int mbedtls_test_psa_setup_key_derivation_wrap(
- psa_key_derivation_operation_t* operation,
+ psa_key_derivation_operation_t *operation,
mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
- const unsigned char* input1, size_t input1_length,
- const unsigned char* input2, size_t input2_length,
- size_t capacity );
+ const unsigned char *input1, size_t input1_length,
+ const unsigned char *input2, size_t input2_length,
+ size_t capacity);
/** Perform a key agreement using the given key pair against its public key
* using psa_raw_key_agreement().
@@ -189,7 +189,7 @@
*/
psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
psa_algorithm_t alg,
- mbedtls_svc_key_id_t key );
+ mbedtls_svc_key_id_t key);
/** Perform a key agreement using the given key pair against its public key
* using psa_key_derivation_raw_key().
@@ -208,7 +208,7 @@
*/
psa_status_t mbedtls_test_psa_key_agreement_with_self(
psa_key_derivation_operation_t *operation,
- mbedtls_svc_key_id_t key );
+ mbedtls_svc_key_id_t key);
/** Perform sanity checks on the given key representation.
*
@@ -230,7 +230,7 @@
*/
int mbedtls_test_psa_exported_key_sanity_check(
psa_key_type_t type, size_t bits,
- const uint8_t *exported, size_t exported_length );
+ const uint8_t *exported, size_t exported_length);
/** Do smoke tests on a key.
*
@@ -259,11 +259,11 @@
* \retval 0 The key failed the smoke tests.
* \retval 1 The key passed the smoke tests.
*/
-int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg );
+int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg);
-psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type,
- psa_algorithm_t alg );
+psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type,
+ psa_algorithm_t alg);
#endif /* PSA_EXERCISE_KEY_H */
diff --git a/tests/include/test/psa_helpers.h b/tests/include/test/psa_helpers.h
index f438a71..2665fac 100644
--- a/tests/include/test/psa_helpers.h
+++ b/tests/include/test/psa_helpers.h
@@ -31,6 +31,6 @@
* to a \c psa_xxx function that returns a value of type
* #psa_status_t.
*/
-#define PSA_ASSERT( expr ) TEST_EQUAL( ( expr ), PSA_SUCCESS )
+#define PSA_ASSERT(expr) TEST_EQUAL((expr), PSA_SUCCESS)
#endif /* PSA_HELPERS_H */
diff --git a/tests/include/test/random.h b/tests/include/test/random.h
index 6428280..4f7b55c 100644
--- a/tests/include/test/random.h
+++ b/tests/include/test/random.h
@@ -34,12 +34,11 @@
#include <stddef.h>
#include <stdint.h>
-typedef struct
-{
+typedef struct {
unsigned char *buf; /* Pointer to a buffer of length bytes. */
size_t length;
/* If fallback_f_rng is NULL, fail after delivering length bytes. */
- int ( *fallback_f_rng )( void*, unsigned char *, size_t );
+ int (*fallback_f_rng)(void *, unsigned char *, size_t);
void *fallback_p_rng;
} mbedtls_test_rnd_buf_info;
@@ -50,8 +49,7 @@
* Do not forget endianness!
* State( v0, v1 ) should be set to zero.
*/
-typedef struct
-{
+typedef struct {
uint32_t key[16];
uint32_t v0, v1;
} mbedtls_test_rnd_pseudo_info;
@@ -65,18 +63,18 @@
*
* rng_state shall be NULL.
*/
-int mbedtls_test_rnd_std_rand( void *rng_state,
- unsigned char *output,
- size_t len );
+int mbedtls_test_rnd_std_rand(void *rng_state,
+ unsigned char *output,
+ size_t len);
/**
* This function only returns zeros.
*
* \p rng_state shall be \c NULL.
*/
-int mbedtls_test_rnd_zero_rand( void *rng_state,
- unsigned char *output,
- size_t len );
+int mbedtls_test_rnd_zero_rand(void *rng_state,
+ unsigned char *output,
+ size_t len);
/**
* This function returns random data based on a buffer it receives.
@@ -90,9 +88,9 @@
* #mbedtls_test_rnd_buf_info structure if there is one, and
* will return #MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise.
*/
-int mbedtls_test_rnd_buffer_rand( void *rng_state,
- unsigned char *output,
- size_t len );
+int mbedtls_test_rnd_buffer_rand(void *rng_state,
+ unsigned char *output,
+ size_t len);
/**
* This function returns random based on a pseudo random function.
@@ -102,8 +100,8 @@
*
* \p rng_state shall be a pointer to a #mbedtls_test_rnd_pseudo_info structure.
*/
-int mbedtls_test_rnd_pseudo_rand( void *rng_state,
- unsigned char *output,
- size_t len );
+int mbedtls_test_rnd_pseudo_rand(void *rng_state,
+ unsigned char *output,
+ size_t len);
#endif /* TEST_RANDOM_H */
diff --git a/tests/src/asn1_helpers.c b/tests/src/asn1_helpers.c
index 79aa166..aaf7587 100644
--- a/tests/src/asn1_helpers.c
+++ b/tests/src/asn1_helpers.c
@@ -27,48 +27,48 @@
#include <mbedtls/asn1.h>
-int mbedtls_test_asn1_skip_integer( unsigned char **p, const unsigned char *end,
- size_t min_bits, size_t max_bits,
- int must_be_odd )
+int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end,
+ size_t min_bits, size_t max_bits,
+ int must_be_odd)
{
size_t len;
size_t actual_bits;
unsigned char msb;
- TEST_EQUAL( mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_INTEGER ),
- 0 );
+ TEST_EQUAL(mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_INTEGER),
+ 0);
/* Check if the retrieved length doesn't extend the actual buffer's size.
* It is assumed here, that end >= p, which validates casting to size_t. */
- TEST_ASSERT( len <= (size_t)( end - *p) );
+ TEST_ASSERT(len <= (size_t) (end - *p));
/* Tolerate a slight departure from DER encoding:
* - 0 may be represented by an empty string or a 1-byte string.
* - The sign bit may be used as a value bit. */
- if( ( len == 1 && ( *p )[0] == 0 ) ||
- ( len > 1 && ( *p )[0] == 0 && ( ( *p )[1] & 0x80 ) != 0 ) )
- {
- ++( *p );
+ if ((len == 1 && (*p)[0] == 0) ||
+ (len > 1 && (*p)[0] == 0 && ((*p)[1] & 0x80) != 0)) {
+ ++(*p);
--len;
}
- if( min_bits == 0 && len == 0 )
- return( 1 );
- msb = ( *p )[0];
- TEST_ASSERT( msb != 0 );
- actual_bits = 8 * ( len - 1 );
- while( msb != 0 )
- {
+ if (min_bits == 0 && len == 0) {
+ return 1;
+ }
+ msb = (*p)[0];
+ TEST_ASSERT(msb != 0);
+ actual_bits = 8 * (len - 1);
+ while (msb != 0) {
msb >>= 1;
++actual_bits;
}
- TEST_ASSERT( actual_bits >= min_bits );
- TEST_ASSERT( actual_bits <= max_bits );
- if( must_be_odd )
- TEST_ASSERT( ( ( *p )[len-1] & 1 ) != 0 );
+ TEST_ASSERT(actual_bits >= min_bits);
+ TEST_ASSERT(actual_bits <= max_bits);
+ if (must_be_odd) {
+ TEST_ASSERT(((*p)[len-1] & 1) != 0);
+ }
*p += len;
- return( 1 );
+ return 1;
exit:
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_ASN1_PARSE_C */
diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c
index 0d59bee..9cfb707 100644
--- a/tests/src/drivers/hash.c
+++ b/tests/src/drivers/hash.c
@@ -38,28 +38,25 @@
psa_status_t mbedtls_test_transparent_hash_compute(
psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
- uint8_t *hash, size_t hash_size, size_t *hash_length )
+ uint8_t *hash, size_t hash_size, size_t *hash_length)
{
mbedtls_test_driver_hash_hooks.hits++;
- if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_test_driver_hash_hooks.forced_status;
+ } else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
libtestdriver1_mbedtls_psa_hash_compute(
alg, input, input_length,
- hash, hash_size, hash_length );
+ hash, hash_size, hash_length);
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_psa_hash_compute(
alg, input, input_length,
- hash, hash_size, hash_length );
+ hash, hash_size, hash_length);
#else
(void) alg;
(void) input;
@@ -71,29 +68,26 @@
#endif
}
- return( mbedtls_test_driver_hash_hooks.driver_status );
+ return mbedtls_test_driver_hash_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_hash_setup(
mbedtls_transparent_test_driver_hash_operation_t *operation,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
mbedtls_test_driver_hash_hooks.hits++;
- if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- }
- else
- {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
+ if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_hash_hooks.driver_status =
- libtestdriver1_mbedtls_psa_hash_setup( operation, alg );
+ mbedtls_test_driver_hash_hooks.forced_status;
+ } else {
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
+ mbedtls_test_driver_hash_hooks.driver_status =
+ libtestdriver1_mbedtls_psa_hash_setup(operation, alg);
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_psa_hash_setup( operation, alg );
+ mbedtls_psa_hash_setup(operation, alg);
#else
(void) operation;
(void) alg;
@@ -101,30 +95,27 @@
#endif
}
- return( mbedtls_test_driver_hash_hooks.driver_status );
+ return mbedtls_test_driver_hash_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_hash_clone(
const mbedtls_transparent_test_driver_hash_operation_t *source_operation,
- mbedtls_transparent_test_driver_hash_operation_t *target_operation )
+ mbedtls_transparent_test_driver_hash_operation_t *target_operation)
{
mbedtls_test_driver_hash_hooks.hits++;
- if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- }
- else
- {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
+ if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_hash_hooks.driver_status =
- libtestdriver1_mbedtls_psa_hash_clone( source_operation,
- target_operation );
+ mbedtls_test_driver_hash_hooks.forced_status;
+ } else {
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
+ mbedtls_test_driver_hash_hooks.driver_status =
+ libtestdriver1_mbedtls_psa_hash_clone(source_operation,
+ target_operation);
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_psa_hash_clone( source_operation, target_operation );
+ mbedtls_psa_hash_clone(source_operation, target_operation);
#else
(void) source_operation;
(void) target_operation;
@@ -132,31 +123,28 @@
#endif
}
- return( mbedtls_test_driver_hash_hooks.driver_status );
+ return mbedtls_test_driver_hash_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_hash_update(
mbedtls_transparent_test_driver_hash_operation_t *operation,
const uint8_t *input,
- size_t input_length )
+ size_t input_length)
{
mbedtls_test_driver_hash_hooks.hits++;
- if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_test_driver_hash_hooks.forced_status;
+ } else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
libtestdriver1_mbedtls_psa_hash_update(
- operation, input, input_length );
+ operation, input, input_length);
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_psa_hash_update( operation, input, input_length );
+ mbedtls_psa_hash_update(operation, input, input_length);
#else
(void) operation;
(void) input;
@@ -165,32 +153,29 @@
#endif
}
- return( mbedtls_test_driver_hash_hooks.driver_status );
+ return mbedtls_test_driver_hash_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_hash_finish(
mbedtls_transparent_test_driver_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
- size_t *hash_length )
+ size_t *hash_length)
{
mbedtls_test_driver_hash_hooks.hits++;
- if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_test_driver_hash_hooks.forced_status;
+ } else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
libtestdriver1_mbedtls_psa_hash_finish(
- operation, hash, hash_size, hash_length );
+ operation, hash, hash_size, hash_length);
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_psa_hash_finish( operation, hash, hash_size, hash_length );
+ mbedtls_psa_hash_finish(operation, hash, hash_size, hash_length);
#else
(void) operation;
(void) hash;
@@ -200,34 +185,31 @@
#endif
}
- return( mbedtls_test_driver_hash_hooks.driver_status );
+ return mbedtls_test_driver_hash_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_hash_abort(
- mbedtls_transparent_test_driver_hash_operation_t *operation )
+ mbedtls_transparent_test_driver_hash_operation_t *operation)
{
mbedtls_test_driver_hash_hooks.hits++;
- if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- }
- else
- {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
+ if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_hash_hooks.driver_status =
- libtestdriver1_mbedtls_psa_hash_abort( operation );
+ mbedtls_test_driver_hash_hooks.forced_status;
+ } else {
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
+ mbedtls_test_driver_hash_hooks.driver_status =
+ libtestdriver1_mbedtls_psa_hash_abort(operation);
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_psa_hash_abort( operation );
+ mbedtls_psa_hash_abort(operation);
#else
(void) operation;
mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
- return( mbedtls_test_driver_hash_hooks.driver_status );
+ return mbedtls_test_driver_hash_hooks.driver_status;
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/platform_builtin_keys.c b/tests/src/drivers/platform_builtin_keys.c
index 759fa78..f073410 100644
--- a/tests/src/drivers/platform_builtin_keys.c
+++ b/tests/src/drivers/platform_builtin_keys.c
@@ -27,8 +27,7 @@
#include <test/drivers/test_driver.h>
#endif
-typedef struct
-{
+typedef struct {
psa_key_id_t builtin_key_id;
psa_key_lifetime_t lifetime;
psa_drv_slot_number_t slot_number;
@@ -40,52 +39,50 @@
* ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MIN,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT},
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT },
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MAX,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
#else
- {0, 0, 0}
+ { 0, 0, 0 }
#endif
};
psa_status_t mbedtls_psa_platform_get_builtin_key(
mbedtls_svc_key_id_t key_id,
psa_key_lifetime_t *lifetime,
- psa_drv_slot_number_t *slot_number )
+ psa_drv_slot_number_t *slot_number)
{
- psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id );
+ psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id);
const mbedtls_psa_builtin_key_description_t *builtin_key;
- for( size_t i = 0;
- i < ( sizeof( builtin_keys ) / sizeof( builtin_keys[0] ) ); i++ )
- {
+ for (size_t i = 0;
+ i < (sizeof(builtin_keys) / sizeof(builtin_keys[0])); i++) {
builtin_key = &builtin_keys[i];
- if( builtin_key->builtin_key_id == app_key_id )
- {
+ if (builtin_key->builtin_key_id == app_key_id) {
*lifetime = builtin_key->lifetime;
*slot_number = builtin_key->slot_number;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
}
- return( PSA_ERROR_DOES_NOT_EXIST );
+ return PSA_ERROR_DOES_NOT_EXIST;
}
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index e249ec3..ebee4f8 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -42,28 +42,25 @@
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *plaintext, size_t plaintext_length,
- uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
+ uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length)
{
mbedtls_test_driver_aead_hooks.hits++;
- if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_aead_hooks.driver_status =
+ mbedtls_test_driver_aead_hooks.forced_status;
+ } else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
libtestdriver1_mbedtls_psa_aead_encrypt(
- (const libtestdriver1_psa_key_attributes_t *)attributes,
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
alg,
nonce, nonce_length,
additional_data, additional_data_length,
plaintext, plaintext_length,
- ciphertext, ciphertext_size, ciphertext_length );
+ ciphertext, ciphertext_size, ciphertext_length);
#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_psa_aead_encrypt(
@@ -72,7 +69,7 @@
nonce, nonce_length,
additional_data, additional_data_length,
plaintext, plaintext_length,
- ciphertext, ciphertext_size, ciphertext_length );
+ ciphertext, ciphertext_size, ciphertext_length);
#else
(void) attributes;
(void) key_buffer;
@@ -90,7 +87,7 @@
mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
- return( mbedtls_test_driver_aead_hooks.driver_status );
+ return mbedtls_test_driver_aead_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_aead_decrypt(
@@ -100,28 +97,25 @@
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *ciphertext, size_t ciphertext_length,
- uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
+ uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length)
{
mbedtls_test_driver_aead_hooks.hits++;
- if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_aead_hooks.driver_status =
+ mbedtls_test_driver_aead_hooks.forced_status;
+ } else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
libtestdriver1_mbedtls_psa_aead_decrypt(
- (const libtestdriver1_psa_key_attributes_t *)attributes,
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
alg,
nonce, nonce_length,
additional_data, additional_data_length,
ciphertext, ciphertext_length,
- plaintext, plaintext_size, plaintext_length );
+ plaintext, plaintext_size, plaintext_length);
#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_psa_aead_decrypt(
@@ -130,7 +124,7 @@
nonce, nonce_length,
additional_data, additional_data_length,
ciphertext, ciphertext_length,
- plaintext, plaintext_size, plaintext_length );
+ plaintext, plaintext_size, plaintext_length);
#else
(void) attributes;
(void) key_buffer;
@@ -148,7 +142,7 @@
mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
- return( mbedtls_test_driver_aead_hooks.driver_status );
+ return mbedtls_test_driver_aead_hooks.driver_status;
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c
index 30a8119..42eb74d 100644
--- a/tests/src/drivers/test_driver_cipher.c
+++ b/tests/src/drivers/test_driver_cipher.c
@@ -54,41 +54,42 @@
size_t input_length,
uint8_t *output,
size_t output_size,
- size_t *output_length )
+ size_t *output_length)
{
mbedtls_test_driver_cipher_hooks.hits++;
- if( mbedtls_test_driver_cipher_hooks.forced_output != NULL )
- {
- if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) {
+ if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
- memcpy( output,
- mbedtls_test_driver_cipher_hooks.forced_output,
- mbedtls_test_driver_cipher_hooks.forced_output_length );
+ memcpy(output,
+ mbedtls_test_driver_cipher_hooks.forced_output,
+ mbedtls_test_driver_cipher_hooks.forced_output_length);
*output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
- return( mbedtls_test_driver_cipher_hooks.forced_status );
+ return mbedtls_test_driver_cipher_hooks.forced_status;
}
- if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( mbedtls_test_driver_cipher_hooks.forced_status );
+ if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
+ return mbedtls_test_driver_cipher_hooks.forced_status;
+ }
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return( libtestdriver1_mbedtls_psa_cipher_encrypt(
- (const libtestdriver1_psa_key_attributes_t *)attributes,
- key_buffer, key_buffer_size,
- alg, iv, iv_length, input, input_length,
- output, output_size, output_length ) );
+ return libtestdriver1_mbedtls_psa_cipher_encrypt(
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ key_buffer, key_buffer_size,
+ alg, iv, iv_length, input, input_length,
+ output, output_size, output_length);
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return( mbedtls_psa_cipher_encrypt(
- attributes, key_buffer, key_buffer_size,
- alg, iv, iv_length, input, input_length,
- output, output_size, output_length ) );
+ return mbedtls_psa_cipher_encrypt(
+ attributes, key_buffer, key_buffer_size,
+ alg, iv, iv_length, input, input_length,
+ output, output_size, output_length);
#endif
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_cipher_decrypt(
@@ -100,41 +101,42 @@
size_t input_length,
uint8_t *output,
size_t output_size,
- size_t *output_length )
+ size_t *output_length)
{
- mbedtls_test_driver_cipher_hooks.hits++;
+ mbedtls_test_driver_cipher_hooks.hits++;
- if( mbedtls_test_driver_cipher_hooks.forced_output != NULL )
- {
- if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) {
+ if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
- memcpy( output,
- mbedtls_test_driver_cipher_hooks.forced_output,
- mbedtls_test_driver_cipher_hooks.forced_output_length );
+ memcpy(output,
+ mbedtls_test_driver_cipher_hooks.forced_output,
+ mbedtls_test_driver_cipher_hooks.forced_output_length);
*output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
- return( mbedtls_test_driver_cipher_hooks.forced_status );
+ return mbedtls_test_driver_cipher_hooks.forced_status;
}
- if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( mbedtls_test_driver_cipher_hooks.forced_status );
+ if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
+ return mbedtls_test_driver_cipher_hooks.forced_status;
+ }
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return( libtestdriver1_mbedtls_psa_cipher_decrypt(
- (const libtestdriver1_psa_key_attributes_t *)attributes,
- key_buffer, key_buffer_size,
- alg, input, input_length,
- output, output_size, output_length ) );
+ return libtestdriver1_mbedtls_psa_cipher_decrypt(
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ key_buffer, key_buffer_size,
+ alg, input, input_length,
+ output, output_size, output_length);
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return( mbedtls_psa_cipher_decrypt(
- attributes, key_buffer, key_buffer_size,
- alg, input, input_length,
- output, output_size, output_length ) );
+ return mbedtls_psa_cipher_decrypt(
+ attributes, key_buffer, key_buffer_size,
+ alg, input, input_length,
+ output, output_size, output_length);
#endif
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_cipher_encrypt_setup(
@@ -149,23 +151,24 @@
* useful for the test suite, since it gives a chance of catching memory
* corruption errors should the core not have allocated (enough) memory for
* our context struct. */
- memset( operation, 0, sizeof( *operation ) );
+ memset(operation, 0, sizeof(*operation));
- if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( mbedtls_test_driver_cipher_hooks.forced_status );
+ if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
+ return mbedtls_test_driver_cipher_hooks.forced_status;
+ }
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return( libtestdriver1_mbedtls_psa_cipher_encrypt_setup(
- operation,
- (const libtestdriver1_psa_key_attributes_t *)attributes,
- key, key_length, alg ) );
+ return libtestdriver1_mbedtls_psa_cipher_encrypt_setup(
+ operation,
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ key, key_length, alg);
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return( mbedtls_psa_cipher_encrypt_setup(
- operation, attributes, key, key_length, alg ) );
+ return mbedtls_psa_cipher_encrypt_setup(
+ operation, attributes, key, key_length, alg);
#endif
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_cipher_decrypt_setup(
@@ -176,21 +179,22 @@
{
mbedtls_test_driver_cipher_hooks.hits++;
- if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( mbedtls_test_driver_cipher_hooks.forced_status );
+ if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
+ return mbedtls_test_driver_cipher_hooks.forced_status;
+ }
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return( libtestdriver1_mbedtls_psa_cipher_decrypt_setup(
- operation,
- (const libtestdriver1_psa_key_attributes_t *)attributes,
- key, key_length, alg ) );
+ return libtestdriver1_mbedtls_psa_cipher_decrypt_setup(
+ operation,
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ key, key_length, alg);
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return( mbedtls_psa_cipher_decrypt_setup(
- operation, attributes, key, key_length, alg ) );
+ return mbedtls_psa_cipher_decrypt_setup(
+ operation, attributes, key, key_length, alg);
#endif
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_cipher_abort(
@@ -198,23 +202,24 @@
{
mbedtls_test_driver_cipher_hooks.hits++;
- if( operation->alg == 0 )
- return( PSA_SUCCESS );
+ if (operation->alg == 0) {
+ return PSA_SUCCESS;
+ }
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- libtestdriver1_mbedtls_psa_cipher_abort( operation );
+ libtestdriver1_mbedtls_psa_cipher_abort(operation);
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- mbedtls_psa_cipher_abort( operation );
+ mbedtls_psa_cipher_abort(operation);
#endif
/* Wiping the entire struct here, instead of member-by-member. This is
* useful for the test suite, since it gives a chance of catching memory
* corruption errors should the core not have allocated (enough) memory for
* our context struct. */
- memset( operation, 0, sizeof( *operation ) );
+ memset(operation, 0, sizeof(*operation));
- return( mbedtls_test_driver_cipher_hooks.forced_status );
+ return mbedtls_test_driver_cipher_hooks.forced_status;
}
psa_status_t mbedtls_test_transparent_cipher_set_iv(
@@ -224,18 +229,19 @@
{
mbedtls_test_driver_cipher_hooks.hits++;
- if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( mbedtls_test_driver_cipher_hooks.forced_status );
+ if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
+ return mbedtls_test_driver_cipher_hooks.forced_status;
+ }
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return( libtestdriver1_mbedtls_psa_cipher_set_iv(
- operation, iv, iv_length ) );
+ return libtestdriver1_mbedtls_psa_cipher_set_iv(
+ operation, iv, iv_length);
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return( mbedtls_psa_cipher_set_iv( operation, iv, iv_length ) );
+ return mbedtls_psa_cipher_set_iv(operation, iv, iv_length);
#endif
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_cipher_update(
@@ -248,34 +254,35 @@
{
mbedtls_test_driver_cipher_hooks.hits++;
- if( mbedtls_test_driver_cipher_hooks.forced_output != NULL )
- {
- if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length )
+ if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) {
+ if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) {
return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
- memcpy( output,
- mbedtls_test_driver_cipher_hooks.forced_output,
- mbedtls_test_driver_cipher_hooks.forced_output_length );
+ memcpy(output,
+ mbedtls_test_driver_cipher_hooks.forced_output,
+ mbedtls_test_driver_cipher_hooks.forced_output_length);
*output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
- return( mbedtls_test_driver_cipher_hooks.forced_status );
+ return mbedtls_test_driver_cipher_hooks.forced_status;
}
- if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( mbedtls_test_driver_cipher_hooks.forced_status );
+ if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
+ return mbedtls_test_driver_cipher_hooks.forced_status;
+ }
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return( libtestdriver1_mbedtls_psa_cipher_update(
- operation, input, input_length,
- output, output_size, output_length ) );
+ return libtestdriver1_mbedtls_psa_cipher_update(
+ operation, input, input_length,
+ output, output_size, output_length);
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return( mbedtls_psa_cipher_update(
- operation, input, input_length,
- output, output_size, output_length ) );
+ return mbedtls_psa_cipher_update(
+ operation, input, input_length,
+ output, output_size, output_length);
#endif
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_cipher_finish(
@@ -286,32 +293,33 @@
{
mbedtls_test_driver_cipher_hooks.hits++;
- if( mbedtls_test_driver_cipher_hooks.forced_output != NULL )
- {
- if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length )
+ if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) {
+ if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) {
return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
- memcpy( output,
- mbedtls_test_driver_cipher_hooks.forced_output,
- mbedtls_test_driver_cipher_hooks.forced_output_length );
+ memcpy(output,
+ mbedtls_test_driver_cipher_hooks.forced_output,
+ mbedtls_test_driver_cipher_hooks.forced_output_length);
*output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
- return( mbedtls_test_driver_cipher_hooks.forced_status );
+ return mbedtls_test_driver_cipher_hooks.forced_status;
}
- if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( mbedtls_test_driver_cipher_hooks.forced_status );
+ if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
+ return mbedtls_test_driver_cipher_hooks.forced_status;
+ }
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return( libtestdriver1_mbedtls_psa_cipher_finish(
- operation, output, output_size, output_length ) );
+ return libtestdriver1_mbedtls_psa_cipher_finish(
+ operation, output, output_size, output_length);
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return( mbedtls_psa_cipher_finish(
- operation, output, output_size, output_length ) );
+ return mbedtls_psa_cipher_finish(
+ operation, output, output_size, output_length);
#endif
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
/*
@@ -336,7 +344,7 @@
(void) output;
(void) output_size;
(void) output_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_cipher_decrypt(
@@ -355,7 +363,7 @@
(void) output;
(void) output_size;
(void) output_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_cipher_encrypt_setup(
@@ -369,7 +377,7 @@
(void) key;
(void) key_length;
(void) alg;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_cipher_decrypt_setup(
@@ -383,14 +391,14 @@
(void) key;
(void) key_length;
(void) alg;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_cipher_abort(
- mbedtls_opaque_test_driver_cipher_operation_t *operation )
+ mbedtls_opaque_test_driver_cipher_operation_t *operation)
{
(void) operation;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_cipher_set_iv(
@@ -401,7 +409,7 @@
(void) operation;
(void) iv;
(void) iv_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_cipher_update(
@@ -418,7 +426,7 @@
(void) output;
(void) output_size;
(void) output_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_cipher_finish(
@@ -431,6 +439,6 @@
(void) output;
(void) output_size;
(void) output_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
index 89cb8b9..f337e42 100644
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -48,116 +48,115 @@
mbedtls_test_driver_key_management_hooks = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT;
const uint8_t mbedtls_test_driver_aes_key[16] =
- { 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46,
- 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 };
+{ 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46,
+ 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 };
const uint8_t mbedtls_test_driver_ecdsa_key[32] =
- { 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63,
- 0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18,
- 0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7,
- 0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a };
+{ 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63,
+ 0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18,
+ 0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7,
+ 0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a };
const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] =
- { 0x04,
- 0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c,
- 0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44,
- 0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a,
- 0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19,
- 0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31,
- 0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b,
- 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79,
- 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c };
+{ 0x04,
+ 0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c,
+ 0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44,
+ 0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a,
+ 0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19,
+ 0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31,
+ 0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b,
+ 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79,
+ 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c };
-psa_status_t mbedtls_test_transparent_init( void )
+psa_status_t mbedtls_test_transparent_init(void)
{
-psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
- status = libtestdriver1_psa_crypto_init( );
- if( status != PSA_SUCCESS )
- return( status );
+ status = libtestdriver1_psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
#endif
- (void)status;
- return( PSA_SUCCESS );
+ (void) status;
+ return PSA_SUCCESS;
}
-void mbedtls_test_transparent_free( void )
+void mbedtls_test_transparent_free(void)
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
- libtestdriver1_mbedtls_psa_crypto_free( );
+ libtestdriver1_mbedtls_psa_crypto_free();
#endif
return;
}
-psa_status_t mbedtls_test_opaque_init( void )
+psa_status_t mbedtls_test_opaque_init(void)
{
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-void mbedtls_test_opaque_free( void )
+void mbedtls_test_opaque_free(void)
{
return;
}
psa_status_t mbedtls_test_transparent_generate_key(
const psa_key_attributes_t *attributes,
- uint8_t *key, size_t key_size, size_t *key_length )
+ uint8_t *key, size_t key_size, size_t *key_length)
{
++mbedtls_test_driver_key_management_hooks.hits;
- if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
- return( mbedtls_test_driver_key_management_hooks.forced_status );
+ if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
+ return mbedtls_test_driver_key_management_hooks.forced_status;
+ }
- if( mbedtls_test_driver_key_management_hooks.forced_output != NULL )
- {
- if( mbedtls_test_driver_key_management_hooks.forced_output_length >
- key_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
- memcpy( key, mbedtls_test_driver_key_management_hooks.forced_output,
- mbedtls_test_driver_key_management_hooks.forced_output_length );
+ if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) {
+ if (mbedtls_test_driver_key_management_hooks.forced_output_length >
+ key_size) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
+ memcpy(key, mbedtls_test_driver_key_management_hooks.forced_output,
+ mbedtls_test_driver_key_management_hooks.forced_output_length);
*key_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
- if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) )
- && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) )
- {
+ if (PSA_KEY_TYPE_IS_ECC(psa_get_key_type(attributes))
+ && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
- return( libtestdriver1_mbedtls_psa_ecp_generate_key(
- (const libtestdriver1_psa_key_attributes_t *)attributes,
- key, key_size, key_length ) );
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
+ return libtestdriver1_mbedtls_psa_ecp_generate_key(
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ key, key_size, key_length);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
- return( mbedtls_psa_ecp_generate_key(
- attributes, key, key_size, key_length ) );
+ return mbedtls_psa_ecp_generate_key(
+ attributes, key, key_size, key_length);
#endif
- }
- else if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_RSA_KEY_PAIR )
- {
+ } else if (psa_get_key_type(attributes) == PSA_KEY_TYPE_RSA_KEY_PAIR) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
- return( libtestdriver1_mbedtls_psa_rsa_generate_key(
- (const libtestdriver1_psa_key_attributes_t *)attributes,
- key, key_size, key_length ) );
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+ return libtestdriver1_mbedtls_psa_rsa_generate_key(
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ key, key_size, key_length);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
- return( mbedtls_psa_rsa_generate_key(
- attributes, key, key_size, key_length ) );
+ return mbedtls_psa_rsa_generate_key(
+ attributes, key, key_size, key_length);
#endif
}
- (void)attributes;
- return( PSA_ERROR_NOT_SUPPORTED );
+ (void) attributes;
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_generate_key(
const psa_key_attributes_t *attributes,
- uint8_t *key, size_t key_size, size_t *key_length )
+ uint8_t *key, size_t key_size, size_t *key_length)
{
(void) attributes;
(void) key;
(void) key_size;
(void) key_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_import_key(
@@ -169,231 +168,237 @@
size_t *key_buffer_length,
size_t *bits)
{
- psa_key_type_t type = psa_get_key_type( attributes );
+ psa_key_type_t type = psa_get_key_type(attributes);
++mbedtls_test_driver_key_management_hooks.hits;
mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE;
- if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
- return( mbedtls_test_driver_key_management_hooks.forced_status );
+ if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
+ return mbedtls_test_driver_key_management_hooks.forced_status;
+ }
- if( PSA_KEY_TYPE_IS_ECC( type ) )
- {
+ if (PSA_KEY_TYPE_IS_ECC(type)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) )
- return( libtestdriver1_mbedtls_psa_ecp_import_key(
- (const libtestdriver1_psa_key_attributes_t *)attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits ) );
+ (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY))
+ return libtestdriver1_mbedtls_psa_ecp_import_key(
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length, bits);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
- return( mbedtls_psa_ecp_import_key(
- attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits ) );
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
+ return mbedtls_psa_ecp_import_key(
+ attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length, bits);
#endif
- }
- else if( PSA_KEY_TYPE_IS_RSA( type ) )
- {
+ } else if (PSA_KEY_TYPE_IS_RSA(type)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) )
- return( libtestdriver1_mbedtls_psa_rsa_import_key(
- (const libtestdriver1_psa_key_attributes_t *)attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits ) );
+ (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
+ return libtestdriver1_mbedtls_psa_rsa_import_key(
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length, bits);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
- return( mbedtls_psa_rsa_import_key(
- attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits ) );
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
+ return mbedtls_psa_rsa_import_key(
+ attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length, bits);
#endif
}
- (void)data;
- (void)data_length;
- (void)key_buffer;
- (void)key_buffer_size;
- (void)key_buffer_length;
- (void)bits;
- (void)type;
+ (void) data;
+ (void) data_length;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) key_buffer_length;
+ (void) bits;
+ (void) type;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_export_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length )
+ uint8_t *data, size_t data_size, size_t *data_length)
{
/* Assume this is a builtin key based on the key material length. */
- psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key );
+ psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key);
- if( key_length != sizeof( psa_drv_slot_number_t ) )
- {
+ if (key_length != sizeof(psa_drv_slot_number_t)) {
/* Test driver does not support generic opaque key handling yet. */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
- switch( slot_number )
- {
+ switch (slot_number) {
case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
/* This is the ECDSA slot. Verify the key's attributes before
* returning the private key. */
- if( psa_get_key_type( attributes ) !=
- PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) )
- return( PSA_ERROR_CORRUPTION_DETECTED );
- if( psa_get_key_bits( attributes ) != 256 )
- return( PSA_ERROR_CORRUPTION_DETECTED );
- if( psa_get_key_algorithm( attributes ) !=
- PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) )
- return( PSA_ERROR_CORRUPTION_DETECTED );
- if( ( psa_get_key_usage_flags( attributes ) &
- PSA_KEY_USAGE_EXPORT ) == 0 )
- return( PSA_ERROR_CORRUPTION_DETECTED );
+ if (psa_get_key_type(attributes) !=
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
+ if (psa_get_key_bits(attributes) != 256) {
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
+ if (psa_get_key_algorithm(attributes) !=
+ PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
+ if ((psa_get_key_usage_flags(attributes) &
+ PSA_KEY_USAGE_EXPORT) == 0) {
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
- if( data_size < sizeof( mbedtls_test_driver_ecdsa_key ) )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (data_size < sizeof(mbedtls_test_driver_ecdsa_key)) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
- memcpy( data, mbedtls_test_driver_ecdsa_key,
- sizeof( mbedtls_test_driver_ecdsa_key ) );
- *data_length = sizeof( mbedtls_test_driver_ecdsa_key );
- return( PSA_SUCCESS );
+ memcpy(data, mbedtls_test_driver_ecdsa_key,
+ sizeof(mbedtls_test_driver_ecdsa_key));
+ *data_length = sizeof(mbedtls_test_driver_ecdsa_key);
+ return PSA_SUCCESS;
case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
/* This is the AES slot. Verify the key's attributes before
* returning the key. */
- if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES )
- return( PSA_ERROR_CORRUPTION_DETECTED );
- if( psa_get_key_bits( attributes ) != 128 )
- return( PSA_ERROR_CORRUPTION_DETECTED );
- if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR )
- return( PSA_ERROR_CORRUPTION_DETECTED );
- if( ( psa_get_key_usage_flags( attributes ) &
- PSA_KEY_USAGE_EXPORT ) == 0 )
- return( PSA_ERROR_CORRUPTION_DETECTED );
+ if (psa_get_key_type(attributes) != PSA_KEY_TYPE_AES) {
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
+ if (psa_get_key_bits(attributes) != 128) {
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
+ if (psa_get_key_algorithm(attributes) != PSA_ALG_CTR) {
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
+ if ((psa_get_key_usage_flags(attributes) &
+ PSA_KEY_USAGE_EXPORT) == 0) {
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
- if( data_size < sizeof( mbedtls_test_driver_aes_key ) )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (data_size < sizeof(mbedtls_test_driver_aes_key)) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
- memcpy( data, mbedtls_test_driver_aes_key,
- sizeof( mbedtls_test_driver_aes_key ) );
- *data_length = sizeof( mbedtls_test_driver_aes_key );
- return( PSA_SUCCESS );
+ memcpy(data, mbedtls_test_driver_aes_key,
+ sizeof(mbedtls_test_driver_aes_key));
+ *data_length = sizeof(mbedtls_test_driver_aes_key);
+ return PSA_SUCCESS;
default:
- return( PSA_ERROR_DOES_NOT_EXIST );
+ return PSA_ERROR_DOES_NOT_EXIST;
}
}
psa_status_t mbedtls_test_transparent_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length )
+ uint8_t *data, size_t data_size, size_t *data_length)
{
++mbedtls_test_driver_key_management_hooks.hits;
- if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
- return( mbedtls_test_driver_key_management_hooks.forced_status );
+ if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
+ return mbedtls_test_driver_key_management_hooks.forced_status;
+ }
- if( mbedtls_test_driver_key_management_hooks.forced_output != NULL )
- {
- if( mbedtls_test_driver_key_management_hooks.forced_output_length >
- data_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
- memcpy( data, mbedtls_test_driver_key_management_hooks.forced_output,
- mbedtls_test_driver_key_management_hooks.forced_output_length );
+ if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) {
+ if (mbedtls_test_driver_key_management_hooks.forced_output_length >
+ data_size) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
+ memcpy(data, mbedtls_test_driver_key_management_hooks.forced_output,
+ mbedtls_test_driver_key_management_hooks.forced_output_length);
*data_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
- psa_key_type_t key_type = psa_get_key_type( attributes );
+ psa_key_type_t key_type = psa_get_key_type(attributes);
- if( PSA_KEY_TYPE_IS_ECC( key_type ) )
- {
+ if (PSA_KEY_TYPE_IS_ECC(key_type)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) )
- return( libtestdriver1_mbedtls_psa_ecp_export_public_key(
- (const libtestdriver1_psa_key_attributes_t *)attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length ) );
+ (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY))
+ return libtestdriver1_mbedtls_psa_ecp_export_public_key(
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ key_buffer, key_buffer_size,
+ data, data_size, data_length);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
- return( mbedtls_psa_ecp_export_public_key(
- attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length ) );
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
+ return mbedtls_psa_ecp_export_public_key(
+ attributes,
+ key_buffer, key_buffer_size,
+ data, data_size, data_length);
#endif
- }
- else if( PSA_KEY_TYPE_IS_RSA( key_type ) )
- {
+ } else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) )
- return( libtestdriver1_mbedtls_psa_rsa_export_public_key(
- (const libtestdriver1_psa_key_attributes_t *)attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length ) );
+ (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
+ return libtestdriver1_mbedtls_psa_rsa_export_public_key(
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ key_buffer, key_buffer_size,
+ data, data_size, data_length);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
- return( mbedtls_psa_rsa_export_public_key(
- attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length ) );
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
+ return mbedtls_psa_rsa_export_public_key(
+ attributes,
+ key_buffer, key_buffer_size,
+ data, data_size, data_length);
#endif
}
- (void)key_buffer;
- (void)key_buffer_size;
- (void)key_type;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) key_type;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length )
+ uint8_t *data, size_t data_size, size_t *data_length)
{
- if( key_length != sizeof( psa_drv_slot_number_t ) )
- {
+ if (key_length != sizeof(psa_drv_slot_number_t)) {
/* Test driver does not support generic opaque key handling yet. */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
/* Assume this is a builtin key based on the key material length. */
- psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key );
- switch( slot_number )
- {
+ psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key);
+ switch (slot_number) {
case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
/* This is the ECDSA slot. Verify the key's attributes before
* returning the public key. */
- if( psa_get_key_type( attributes ) !=
- PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) )
- return( PSA_ERROR_CORRUPTION_DETECTED );
- if( psa_get_key_bits( attributes ) != 256 )
- return( PSA_ERROR_CORRUPTION_DETECTED );
- if( psa_get_key_algorithm( attributes ) !=
- PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) )
- return( PSA_ERROR_CORRUPTION_DETECTED );
+ if (psa_get_key_type(attributes) !=
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
+ if (psa_get_key_bits(attributes) != 256) {
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
+ if (psa_get_key_algorithm(attributes) !=
+ PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
- if( data_size < sizeof( mbedtls_test_driver_ecdsa_pubkey ) )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (data_size < sizeof(mbedtls_test_driver_ecdsa_pubkey)) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
- memcpy( data, mbedtls_test_driver_ecdsa_pubkey,
- sizeof( mbedtls_test_driver_ecdsa_pubkey ) );
- *data_length = sizeof( mbedtls_test_driver_ecdsa_pubkey );
- return( PSA_SUCCESS );
+ memcpy(data, mbedtls_test_driver_ecdsa_pubkey,
+ sizeof(mbedtls_test_driver_ecdsa_pubkey));
+ *data_length = sizeof(mbedtls_test_driver_ecdsa_pubkey);
+ return PSA_SUCCESS;
default:
- return( PSA_ERROR_DOES_NOT_EXIST );
+ return PSA_ERROR_DOES_NOT_EXIST;
}
}
@@ -410,49 +415,50 @@
psa_status_t mbedtls_test_opaque_get_builtin_key(
psa_drv_slot_number_t slot_number,
psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
{
- switch( slot_number )
- {
+ switch (slot_number) {
case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
- psa_set_key_type( attributes, PSA_KEY_TYPE_AES );
- psa_set_key_bits( attributes, 128 );
+ psa_set_key_type(attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(attributes, 128);
psa_set_key_usage_flags(
attributes,
PSA_KEY_USAGE_ENCRYPT |
PSA_KEY_USAGE_DECRYPT |
- PSA_KEY_USAGE_EXPORT );
- psa_set_key_algorithm( attributes, PSA_ALG_CTR );
+ PSA_KEY_USAGE_EXPORT);
+ psa_set_key_algorithm(attributes, PSA_ALG_CTR);
- if( key_buffer_size < sizeof( psa_drv_slot_number_t ) )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (key_buffer_size < sizeof(psa_drv_slot_number_t)) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
- *( (psa_drv_slot_number_t*) key_buffer ) =
+ *((psa_drv_slot_number_t *) key_buffer) =
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT;
- *key_buffer_length = sizeof( psa_drv_slot_number_t );
- return( PSA_SUCCESS );
+ *key_buffer_length = sizeof(psa_drv_slot_number_t);
+ return PSA_SUCCESS;
case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
psa_set_key_type(
attributes,
- PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
- psa_set_key_bits( attributes, 256 );
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
+ psa_set_key_bits(attributes, 256);
psa_set_key_usage_flags(
attributes,
PSA_KEY_USAGE_SIGN_HASH |
PSA_KEY_USAGE_VERIFY_HASH |
- PSA_KEY_USAGE_EXPORT );
+ PSA_KEY_USAGE_EXPORT);
psa_set_key_algorithm(
- attributes, PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) );
+ attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH));
- if( key_buffer_size < sizeof( psa_drv_slot_number_t ) )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (key_buffer_size < sizeof(psa_drv_slot_number_t)) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
- *( (psa_drv_slot_number_t*) key_buffer ) =
+ *((psa_drv_slot_number_t *) key_buffer) =
PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT;
- *key_buffer_length = sizeof( psa_drv_slot_number_t );
- return( PSA_SUCCESS );
+ *key_buffer_length = sizeof(psa_drv_slot_number_t);
+ return PSA_SUCCESS;
default:
- return( PSA_ERROR_DOES_NOT_EXIST );
+ return PSA_ERROR_DOES_NOT_EXIST;
}
}
diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c
index 06b6eb7..362cc43 100644
--- a/tests/src/drivers/test_driver_mac.c
+++ b/tests/src/drivers/test_driver_mac.c
@@ -44,31 +44,28 @@
size_t input_length,
uint8_t *mac,
size_t mac_size,
- size_t *mac_length )
+ size_t *mac_length)
{
mbedtls_test_driver_mac_hooks.hits++;
- if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ } else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
libtestdriver1_mbedtls_psa_mac_compute(
- (const libtestdriver1_psa_key_attributes_t *)attributes,
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size, alg,
input, input_length,
- mac, mac_size, mac_length );
+ mac, mac_size, mac_length);
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_compute(
attributes, key_buffer, key_buffer_size, alg,
input, input_length,
- mac, mac_size, mac_length );
+ mac, mac_size, mac_length);
#else
(void) attributes;
(void) key_buffer;
@@ -83,7 +80,7 @@
#endif
}
- return( mbedtls_test_driver_mac_hooks.driver_status );
+ return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_mac_sign_setup(
@@ -91,28 +88,25 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
mbedtls_test_driver_mac_hooks.hits++;
- if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ } else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
libtestdriver1_mbedtls_psa_mac_sign_setup(
operation,
- (const libtestdriver1_psa_key_attributes_t *)attributes,
- key_buffer, key_buffer_size, alg );
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ key_buffer, key_buffer_size, alg);
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_sign_setup(
- operation, attributes, key_buffer, key_buffer_size, alg );
+ operation, attributes, key_buffer, key_buffer_size, alg);
#else
(void) operation;
(void) attributes;
@@ -123,7 +117,7 @@
#endif
}
- return( mbedtls_test_driver_mac_hooks.driver_status );
+ return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_mac_verify_setup(
@@ -131,28 +125,25 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
mbedtls_test_driver_mac_hooks.hits++;
- if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ } else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
libtestdriver1_mbedtls_psa_mac_verify_setup(
operation,
- (const libtestdriver1_psa_key_attributes_t *)attributes,
- key_buffer, key_buffer_size, alg );
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ key_buffer, key_buffer_size, alg);
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_verify_setup(
- operation, attributes, key_buffer, key_buffer_size, alg );
+ operation, attributes, key_buffer, key_buffer_size, alg);
#else
(void) operation;
(void) attributes;
@@ -163,32 +154,29 @@
#endif
}
- return( mbedtls_test_driver_mac_hooks.driver_status );
+ return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_mac_update(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const uint8_t *input,
- size_t input_length )
+ size_t input_length)
{
mbedtls_test_driver_mac_hooks.hits++;
- if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ } else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
libtestdriver1_mbedtls_psa_mac_update(
- operation, input, input_length );
+ operation, input, input_length);
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_update(
- operation, input, input_length );
+ operation, input, input_length);
#else
(void) operation;
(void) input;
@@ -197,33 +185,30 @@
#endif
}
- return( mbedtls_test_driver_mac_hooks.driver_status );
+ return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_mac_sign_finish(
mbedtls_transparent_test_driver_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
- size_t *mac_length )
+ size_t *mac_length)
{
mbedtls_test_driver_mac_hooks.hits++;
- if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ } else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
libtestdriver1_mbedtls_psa_mac_sign_finish(
- operation, mac, mac_size, mac_length );
+ operation, mac, mac_size, mac_length);
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_sign_finish(
- operation, mac, mac_size, mac_length );
+ operation, mac, mac_size, mac_length);
#else
(void) operation;
(void) mac;
@@ -233,32 +218,29 @@
#endif
}
- return( mbedtls_test_driver_mac_hooks.driver_status );
+ return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_mac_verify_finish(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const uint8_t *mac,
- size_t mac_length )
+ size_t mac_length)
{
mbedtls_test_driver_mac_hooks.hits++;
- if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ } else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
libtestdriver1_mbedtls_psa_mac_verify_finish(
- operation, mac, mac_length );
+ operation, mac, mac_length);
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_verify_finish(
- operation, mac, mac_length );
+ operation, mac, mac_length);
#else
(void) operation;
(void) mac;
@@ -267,35 +249,32 @@
#endif
}
- return( mbedtls_test_driver_mac_hooks.driver_status );
+ return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_mac_abort(
- mbedtls_transparent_test_driver_mac_operation_t *operation )
+ mbedtls_transparent_test_driver_mac_operation_t *operation)
{
mbedtls_test_driver_mac_hooks.hits++;
- if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- }
- else
- {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
+ if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_mac_hooks.driver_status =
- libtestdriver1_mbedtls_psa_mac_abort( operation );
+ mbedtls_test_driver_mac_hooks.forced_status;
+ } else {
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
+ mbedtls_test_driver_mac_hooks.driver_status =
+ libtestdriver1_mbedtls_psa_mac_abort(operation);
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_psa_mac_abort( operation );
+ mbedtls_psa_mac_abort(operation);
#else
(void) operation;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
- return( mbedtls_test_driver_mac_hooks.driver_status );
+ return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_opaque_mac_compute(
@@ -307,17 +286,14 @@
size_t input_length,
uint8_t *mac,
size_t mac_size,
- size_t *mac_length )
+ size_t *mac_length)
{
mbedtls_test_driver_mac_hooks.hits++;
- if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ } else {
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
@@ -330,7 +306,7 @@
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
- return( mbedtls_test_driver_mac_hooks.driver_status );
+ return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_opaque_mac_sign_setup(
@@ -338,17 +314,14 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
mbedtls_test_driver_mac_hooks.hits++;
- if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ } else {
(void) operation;
(void) attributes;
(void) key_buffer;
@@ -357,7 +330,7 @@
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
- return( mbedtls_test_driver_mac_hooks.driver_status );
+ return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_opaque_mac_verify_setup(
@@ -365,17 +338,14 @@
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
mbedtls_test_driver_mac_hooks.hits++;
- if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ } else {
(void) operation;
(void) attributes;
(void) key_buffer;
@@ -384,47 +354,41 @@
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
- return( mbedtls_test_driver_mac_hooks.driver_status );
+ return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_opaque_mac_update(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const uint8_t *input,
- size_t input_length )
+ size_t input_length)
{
mbedtls_test_driver_mac_hooks.hits++;
- if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ } else {
(void) operation;
(void) input;
(void) input_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
- return( mbedtls_test_driver_mac_hooks.driver_status );
+ return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_opaque_mac_sign_finish(
mbedtls_opaque_test_driver_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
- size_t *mac_length )
+ size_t *mac_length)
{
mbedtls_test_driver_mac_hooks.hits++;
- if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ } else {
(void) operation;
(void) mac;
(void) mac_size;
@@ -432,49 +396,43 @@
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
- return( mbedtls_test_driver_mac_hooks.driver_status );
+ return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_opaque_mac_verify_finish(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const uint8_t *mac,
- size_t mac_length )
+ size_t mac_length)
{
mbedtls_test_driver_mac_hooks.hits++;
- if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ } else {
(void) operation;
(void) mac;
(void) mac_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
- return( mbedtls_test_driver_mac_hooks.driver_status );
+ return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_opaque_mac_abort(
- mbedtls_opaque_test_driver_mac_operation_t *operation )
+ mbedtls_opaque_test_driver_mac_operation_t *operation)
{
mbedtls_test_driver_mac_hooks.hits++;
- if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
- {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- }
- else
- {
+ if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ } else {
(void) operation;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
- return( mbedtls_test_driver_mac_hooks.driver_status );
+ return mbedtls_test_driver_mac_hooks.driver_status;
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c
index 3de43a8..75d7703 100644
--- a/tests/src/drivers/test_driver_signature.c
+++ b/tests/src/drivers/test_driver_signature.c
@@ -64,72 +64,63 @@
size_t hash_length,
uint8_t *signature,
size_t signature_size,
- size_t *signature_length )
+ size_t *signature_length)
{
- if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
- {
- if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
- PSA_ALG_IS_RSA_PSS( alg) )
- {
+ if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
+ if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
+ PSA_ALG_IS_RSA_PSS(alg)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) )
- return( libtestdriver1_mbedtls_psa_rsa_sign_hash(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length ) );
+ (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS))
+ return libtestdriver1_mbedtls_psa_rsa_sign_hash(
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length);
#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
- return( mbedtls_psa_rsa_sign_hash(
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length ) );
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
+ return mbedtls_psa_rsa_sign_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length);
#endif
+ } else {
+ return PSA_ERROR_INVALID_ARGUMENT;
}
- else
- {
- return( PSA_ERROR_INVALID_ARGUMENT );
- }
- }
- else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
- {
- if( PSA_ALG_IS_ECDSA( alg ) )
- {
+ } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
+ if (PSA_ALG_IS_ECDSA(alg)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) )
- return( libtestdriver1_mbedtls_psa_ecdsa_sign_hash(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length ) );
+ (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA))
+ return libtestdriver1_mbedtls_psa_ecdsa_sign_hash(
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length);
#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
- return( mbedtls_psa_ecdsa_sign_hash(
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length ) );
+ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
+ return mbedtls_psa_ecdsa_sign_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length);
#endif
- }
- else
- {
- return( PSA_ERROR_INVALID_ARGUMENT );
+ } else {
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
- (void)attributes;
- (void)key_buffer;
- (void)key_buffer_size;
- (void)alg;
- (void)hash;
- (void)hash_length;
- (void)signature;
- (void)signature_size;
- (void)signature_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ (void) attributes;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) alg;
+ (void) hash;
+ (void) hash_length;
+ (void) signature;
+ (void) signature_size;
+ (void) signature_length;
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t verify_hash(
@@ -140,71 +131,62 @@
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
- size_t signature_length )
+ size_t signature_length)
{
- if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
- {
- if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
- PSA_ALG_IS_RSA_PSS( alg) )
- {
+ if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) {
+ if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
+ PSA_ALG_IS_RSA_PSS(alg)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) )
- return( libtestdriver1_mbedtls_psa_rsa_verify_hash(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length ) );
+ (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS))
+ return libtestdriver1_mbedtls_psa_rsa_verify_hash(
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length);
#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
- return( mbedtls_psa_rsa_verify_hash(
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length ) );
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
+ return mbedtls_psa_rsa_verify_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length);
#endif
+ } else {
+ return PSA_ERROR_INVALID_ARGUMENT;
}
- else
- {
- return( PSA_ERROR_INVALID_ARGUMENT );
- }
- }
- else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
- {
- if( PSA_ALG_IS_ECDSA( alg ) )
- {
+ } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
+ if (PSA_ALG_IS_ECDSA(alg)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) )
- return( libtestdriver1_mbedtls_psa_ecdsa_verify_hash(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length ) );
+ (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA))
+ return libtestdriver1_mbedtls_psa_ecdsa_verify_hash(
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length);
#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
- return( mbedtls_psa_ecdsa_verify_hash(
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length ) );
+ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
+ return mbedtls_psa_ecdsa_verify_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length);
#endif
- }
- else
- {
- return( PSA_ERROR_INVALID_ARGUMENT );
+ } else {
+ return PSA_ERROR_INVALID_ARGUMENT;
}
}
- (void)attributes;
- (void)key_buffer;
- (void)key_buffer_size;
- (void)alg;
- (void)hash;
- (void)hash_length;
- (void)signature;
- (void)signature_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ (void) attributes;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) alg;
+ (void) hash;
+ (void) hash_length;
+ (void) signature;
+ (void) signature_length;
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_signature_sign_message(
@@ -216,7 +198,7 @@
size_t input_length,
uint8_t *signature,
size_t signature_size,
- size_t *signature_length )
+ size_t *signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t hash_length;
@@ -224,41 +206,43 @@
++mbedtls_test_driver_signature_sign_hooks.hits;
- if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS )
- return( mbedtls_test_driver_signature_sign_hooks.forced_status );
+ if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) {
+ return mbedtls_test_driver_signature_sign_hooks.forced_status;
+ }
- if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL )
- {
- if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) {
+ if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
- memcpy( signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
- mbedtls_test_driver_signature_sign_hooks.forced_output_length );
+ memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
+ mbedtls_test_driver_signature_sign_hooks.forced_output_length);
*signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
status = libtestdriver1_mbedtls_psa_hash_compute(
- PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
- hash, sizeof( hash ), &hash_length );
+ PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
+ hash, sizeof(hash), &hash_length);
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
status = mbedtls_psa_hash_compute(
- PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
- hash, sizeof( hash ), &hash_length );
+ PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
+ hash, sizeof(hash), &hash_length);
#else
(void) input;
(void) input_length;
status = PSA_ERROR_NOT_SUPPORTED;
#endif
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
return status;
+ }
- return( sign_hash( attributes, key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length ) );
+ return sign_hash(attributes, key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length);
}
psa_status_t mbedtls_test_opaque_signature_sign_message(
@@ -270,7 +254,7 @@
size_t input_length,
uint8_t *signature,
size_t signature_size,
- size_t *signature_length )
+ size_t *signature_length)
{
(void) attributes;
(void) key;
@@ -282,7 +266,7 @@
(void) signature_size;
(void) signature_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_signature_verify_message(
@@ -293,7 +277,7 @@
const uint8_t *input,
size_t input_length,
const uint8_t *signature,
- size_t signature_length )
+ size_t signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t hash_length;
@@ -301,29 +285,31 @@
++mbedtls_test_driver_signature_verify_hooks.hits;
- if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
- return( mbedtls_test_driver_signature_verify_hooks.forced_status );
+ if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) {
+ return mbedtls_test_driver_signature_verify_hooks.forced_status;
+ }
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
status = libtestdriver1_mbedtls_psa_hash_compute(
- PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
- hash, sizeof( hash ), &hash_length );
+ PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
+ hash, sizeof(hash), &hash_length);
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
status = mbedtls_psa_hash_compute(
- PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
- hash, sizeof( hash ), &hash_length );
+ PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
+ hash, sizeof(hash), &hash_length);
#else
(void) input;
(void) input_length;
status = PSA_ERROR_NOT_SUPPORTED;
#endif
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
return status;
+ }
- return( verify_hash( attributes, key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length ) );
+ return verify_hash(attributes, key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length);
}
psa_status_t mbedtls_test_opaque_signature_verify_message(
@@ -334,7 +320,7 @@
const uint8_t *input,
size_t input_length,
const uint8_t *signature,
- size_t signature_length )
+ size_t signature_length)
{
(void) attributes;
(void) key;
@@ -345,7 +331,7 @@
(void) signature;
(void) signature_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_signature_sign_hash(
@@ -353,26 +339,27 @@
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length )
+ uint8_t *signature, size_t signature_size, size_t *signature_length)
{
++mbedtls_test_driver_signature_sign_hooks.hits;
- if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS )
- return( mbedtls_test_driver_signature_sign_hooks.forced_status );
-
- if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL )
- {
- if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
- memcpy( signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
- mbedtls_test_driver_signature_sign_hooks.forced_output_length );
- *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
- return( PSA_SUCCESS );
+ if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) {
+ return mbedtls_test_driver_signature_sign_hooks.forced_status;
}
- return( sign_hash( attributes, key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length ) );
+ if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) {
+ if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
+ memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
+ mbedtls_test_driver_signature_sign_hooks.forced_output_length);
+ *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
+ return PSA_SUCCESS;
+ }
+
+ return sign_hash(attributes, key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length);
}
psa_status_t mbedtls_test_opaque_signature_sign_hash(
@@ -380,7 +367,7 @@
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length )
+ uint8_t *signature, size_t signature_size, size_t *signature_length)
{
(void) attributes;
(void) key;
@@ -392,7 +379,7 @@
(void) signature_size;
(void) signature_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_signature_verify_hash(
@@ -400,16 +387,17 @@
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length )
+ const uint8_t *signature, size_t signature_length)
{
++mbedtls_test_driver_signature_verify_hooks.hits;
- if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
- return( mbedtls_test_driver_signature_verify_hooks.forced_status );
+ if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) {
+ return mbedtls_test_driver_signature_verify_hooks.forced_status;
+ }
- return verify_hash( attributes, key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length );
+ return verify_hash(attributes, key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length);
}
psa_status_t mbedtls_test_opaque_signature_verify_hash(
@@ -417,7 +405,7 @@
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length )
+ const uint8_t *signature, size_t signature_length)
{
(void) attributes;
(void) key;
@@ -427,7 +415,7 @@
(void) hash_length;
(void) signature;
(void) signature_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_size.c b/tests/src/drivers/test_driver_size.c
index d8bcaee..e0226dd 100644
--- a/tests/src/drivers/test_driver_size.c
+++ b/tests/src/drivers/test_driver_size.c
@@ -37,7 +37,7 @@
* This macro returns the base size for the key context. It is the size of the
* driver specific information stored in each key context.
*/
-#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t )
+#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof(test_driver_key_context_t)
/*
* Number of bytes included in every key context for a key pair.
@@ -70,32 +70,27 @@
size_t mbedtls_test_size_function(
const psa_key_type_t key_type,
- const size_t key_bits )
+ const size_t key_bits)
{
size_t key_buffer_size = 0;
- if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) )
- {
+ if (PSA_KEY_TYPE_IS_KEY_PAIR(key_type)) {
int public_key_overhead =
- ( ( TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1 )
- ? PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ) : 0 );
+ ((TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1)
+ ? PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) : 0);
key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE +
TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE +
public_key_overhead;
- }
- else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( key_type ) )
- {
+ } else if (PSA_KEY_TYPE_IS_PUBLIC_KEY(key_type)) {
key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE +
TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE;
- }
- else if ( !PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) &&
- !PSA_KEY_TYPE_IS_PUBLIC_KEY ( key_type ) )
- {
+ } else if (!PSA_KEY_TYPE_IS_KEY_PAIR(key_type) &&
+ !PSA_KEY_TYPE_IS_PUBLIC_KEY(key_type)) {
key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE +
- ( TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR *
- ( ( key_bits + 7 ) / 8 ) );
+ (TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR *
+ ((key_bits + 7) / 8));
}
- return( key_buffer_size );
+ return key_buffer_size;
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/fake_external_rng_for_test.c b/tests/src/fake_external_rng_for_test.c
index 9c2195b..89af7d3 100644
--- a/tests/src/fake_external_rng_for_test.c
+++ b/tests/src/fake_external_rng_for_test.c
@@ -28,29 +28,30 @@
static int test_insecure_external_rng_enabled = 0;
-void mbedtls_test_enable_insecure_external_rng( void )
+void mbedtls_test_enable_insecure_external_rng(void)
{
test_insecure_external_rng_enabled = 1;
}
-void mbedtls_test_disable_insecure_external_rng( void )
+void mbedtls_test_disable_insecure_external_rng(void)
{
test_insecure_external_rng_enabled = 0;
}
psa_status_t mbedtls_psa_external_get_random(
mbedtls_psa_external_random_context_t *context,
- uint8_t *output, size_t output_size, size_t *output_length )
+ uint8_t *output, size_t output_size, size_t *output_length)
{
(void) context;
- if( !test_insecure_external_rng_enabled )
- return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+ if (!test_insecure_external_rng_enabled) {
+ return PSA_ERROR_INSUFFICIENT_ENTROPY;
+ }
/* This implementation is for test purposes only!
* Use the libc non-cryptographic random generator. */
- mbedtls_test_rnd_std_rand( NULL, output, output_size );
+ mbedtls_test_rnd_std_rand(NULL, output, output_size);
*output_length = output_size;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index 77b4d94..6c215d1 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -28,8 +28,7 @@
/* Static global variables */
#if defined(MBEDTLS_CHECK_PARAMS)
-typedef struct
-{
+typedef struct {
uint8_t expected_call;
uint8_t expected_call_happened;
@@ -50,40 +49,40 @@
/*----------------------------------------------------------------------------*/
/* Helper Functions */
-int mbedtls_test_platform_setup( void )
+int mbedtls_test_platform_setup(void)
{
int ret = 0;
#if defined(MBEDTLS_PLATFORM_C)
- ret = mbedtls_platform_setup( &platform_ctx );
+ ret = mbedtls_platform_setup(&platform_ctx);
#endif /* MBEDTLS_PLATFORM_C */
- return( ret );
+ return ret;
}
-void mbedtls_test_platform_teardown( void )
+void mbedtls_test_platform_teardown(void)
{
#if defined(MBEDTLS_PLATFORM_C)
- mbedtls_platform_teardown( &platform_ctx );
+ mbedtls_platform_teardown(&platform_ctx);
#endif /* MBEDTLS_PLATFORM_C */
}
static int ascii2uc(const char c, unsigned char *uc)
{
- if( ( c >= '0' ) && ( c <= '9' ) )
+ if ((c >= '0') && (c <= '9')) {
*uc = c - '0';
- else if( ( c >= 'a' ) && ( c <= 'f' ) )
+ } else if ((c >= 'a') && (c <= 'f')) {
*uc = c - 'a' + 10;
- else if( ( c >= 'A' ) && ( c <= 'F' ) )
+ } else if ((c >= 'A') && (c <= 'F')) {
*uc = c - 'A' + 10;
- else
- return( -1 );
+ } else {
+ return -1;
+ }
- return( 0 );
+ return 0;
}
-void mbedtls_test_fail( const char *test, int line_no, const char* filename )
+void mbedtls_test_fail(const char *test, int line_no, const char *filename)
{
- if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED )
- {
+ if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) {
/* We've already recorded the test as having failed. Don't
* overwrite any previous information about the failure. */
return;
@@ -94,7 +93,7 @@
mbedtls_test_info.filename = filename;
}
-void mbedtls_test_skip( const char *test, int line_no, const char* filename )
+void mbedtls_test_skip(const char *test, int line_no, const char *filename)
{
mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SKIPPED;
mbedtls_test_info.test = test;
@@ -102,7 +101,7 @@
mbedtls_test_info.filename = filename;
}
-void mbedtls_test_set_step( unsigned long step )
+void mbedtls_test_set_step(unsigned long step)
{
mbedtls_test_info.step = step;
}
@@ -111,201 +110,205 @@
unsigned mbedtls_test_case_uses_negative_0 = 0;
#endif
-void mbedtls_test_info_reset( void )
+void mbedtls_test_info_reset(void)
{
mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SUCCESS;
- mbedtls_test_info.step = (unsigned long)( -1 );
+ mbedtls_test_info.step = (unsigned long) (-1);
mbedtls_test_info.test = 0;
mbedtls_test_info.line_no = 0;
mbedtls_test_info.filename = 0;
- memset( mbedtls_test_info.line1, 0, sizeof( mbedtls_test_info.line1 ) );
- memset( mbedtls_test_info.line2, 0, sizeof( mbedtls_test_info.line2 ) );
+ memset(mbedtls_test_info.line1, 0, sizeof(mbedtls_test_info.line1));
+ memset(mbedtls_test_info.line2, 0, sizeof(mbedtls_test_info.line2));
#if defined(MBEDTLS_BIGNUM_C)
mbedtls_test_case_uses_negative_0 = 0;
#endif
}
-int mbedtls_test_equal( const char *test, int line_no, const char* filename,
- unsigned long long value1, unsigned long long value2 )
+int mbedtls_test_equal(const char *test, int line_no, const char *filename,
+ unsigned long long value1, unsigned long long value2)
{
- TEST_CF_PUBLIC( &value1, sizeof( value1 ) );
- TEST_CF_PUBLIC( &value2, sizeof( value2 ) );
+ TEST_CF_PUBLIC(&value1, sizeof(value1));
+ TEST_CF_PUBLIC(&value2, sizeof(value2));
- if( value1 == value2 )
- return( 1 );
+ if (value1 == value2) {
+ return 1;
+ }
- if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED )
- {
+ if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) {
/* We've already recorded the test as having failed. Don't
* overwrite any previous information about the failure. */
- return( 0 );
+ return 0;
}
- mbedtls_test_fail( test, line_no, filename );
- (void) mbedtls_snprintf( mbedtls_test_info.line1,
- sizeof( mbedtls_test_info.line1 ),
- "lhs = 0x%016llx = %lld",
- value1, (long long) value1 );
- (void) mbedtls_snprintf( mbedtls_test_info.line2,
- sizeof( mbedtls_test_info.line2 ),
- "rhs = 0x%016llx = %lld",
- value2, (long long) value2 );
- return( 0 );
+ mbedtls_test_fail(test, line_no, filename);
+ (void) mbedtls_snprintf(mbedtls_test_info.line1,
+ sizeof(mbedtls_test_info.line1),
+ "lhs = 0x%016llx = %lld",
+ value1, (long long) value1);
+ (void) mbedtls_snprintf(mbedtls_test_info.line2,
+ sizeof(mbedtls_test_info.line2),
+ "rhs = 0x%016llx = %lld",
+ value2, (long long) value2);
+ return 0;
}
-int mbedtls_test_le_u( const char *test, int line_no, const char* filename,
- unsigned long long value1, unsigned long long value2 )
+int mbedtls_test_le_u(const char *test, int line_no, const char *filename,
+ unsigned long long value1, unsigned long long value2)
{
- TEST_CF_PUBLIC( &value1, sizeof( value1 ) );
- TEST_CF_PUBLIC( &value2, sizeof( value2 ) );
+ TEST_CF_PUBLIC(&value1, sizeof(value1));
+ TEST_CF_PUBLIC(&value2, sizeof(value2));
- if( value1 <= value2 )
- return( 1 );
+ if (value1 <= value2) {
+ return 1;
+ }
- if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED )
- {
+ if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) {
/* We've already recorded the test as having failed. Don't
* overwrite any previous information about the failure. */
- return( 0 );
+ return 0;
}
- mbedtls_test_fail( test, line_no, filename );
- (void) mbedtls_snprintf( mbedtls_test_info.line1,
- sizeof( mbedtls_test_info.line1 ),
- "lhs = 0x%016llx = %llu",
- value1, value1 );
- (void) mbedtls_snprintf( mbedtls_test_info.line2,
- sizeof( mbedtls_test_info.line2 ),
- "rhs = 0x%016llx = %llu",
- value2, value2 );
- return( 0 );
+ mbedtls_test_fail(test, line_no, filename);
+ (void) mbedtls_snprintf(mbedtls_test_info.line1,
+ sizeof(mbedtls_test_info.line1),
+ "lhs = 0x%016llx = %llu",
+ value1, value1);
+ (void) mbedtls_snprintf(mbedtls_test_info.line2,
+ sizeof(mbedtls_test_info.line2),
+ "rhs = 0x%016llx = %llu",
+ value2, value2);
+ return 0;
}
-int mbedtls_test_le_s( const char *test, int line_no, const char* filename,
- long long value1, long long value2 )
+int mbedtls_test_le_s(const char *test, int line_no, const char *filename,
+ long long value1, long long value2)
{
- TEST_CF_PUBLIC( &value1, sizeof( value1 ) );
- TEST_CF_PUBLIC( &value2, sizeof( value2 ) );
+ TEST_CF_PUBLIC(&value1, sizeof(value1));
+ TEST_CF_PUBLIC(&value2, sizeof(value2));
- if( value1 <= value2 )
- return( 1 );
+ if (value1 <= value2) {
+ return 1;
+ }
- if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED )
- {
+ if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) {
/* We've already recorded the test as having failed. Don't
* overwrite any previous information about the failure. */
- return( 0 );
+ return 0;
}
- mbedtls_test_fail( test, line_no, filename );
- (void) mbedtls_snprintf( mbedtls_test_info.line1,
- sizeof( mbedtls_test_info.line1 ),
- "lhs = 0x%016llx = %lld",
- (unsigned long long) value1, value1 );
- (void) mbedtls_snprintf( mbedtls_test_info.line2,
- sizeof( mbedtls_test_info.line2 ),
- "rhs = 0x%016llx = %lld",
- (unsigned long long) value2, value2 );
- return( 0 );
+ mbedtls_test_fail(test, line_no, filename);
+ (void) mbedtls_snprintf(mbedtls_test_info.line1,
+ sizeof(mbedtls_test_info.line1),
+ "lhs = 0x%016llx = %lld",
+ (unsigned long long) value1, value1);
+ (void) mbedtls_snprintf(mbedtls_test_info.line2,
+ sizeof(mbedtls_test_info.line2),
+ "rhs = 0x%016llx = %lld",
+ (unsigned long long) value2, value2);
+ return 0;
}
-int mbedtls_test_unhexify( unsigned char *obuf,
- size_t obufmax,
- const char *ibuf,
- size_t *len )
+int mbedtls_test_unhexify(unsigned char *obuf,
+ size_t obufmax,
+ const char *ibuf,
+ size_t *len)
{
unsigned char uc, uc2;
- *len = strlen( ibuf );
+ *len = strlen(ibuf);
/* Must be even number of bytes. */
- if ( ( *len ) & 1 )
- return( -1 );
+ if ((*len) & 1) {
+ return -1;
+ }
*len /= 2;
- if ( (*len) > obufmax )
- return( -1 );
-
- while( *ibuf != 0 )
- {
- if ( ascii2uc( *(ibuf++), &uc ) != 0 )
- return( -1 );
-
- if ( ascii2uc( *(ibuf++), &uc2 ) != 0 )
- return( -1 );
-
- *(obuf++) = ( uc << 4 ) | uc2;
+ if ((*len) > obufmax) {
+ return -1;
}
- return( 0 );
+ while (*ibuf != 0) {
+ if (ascii2uc(*(ibuf++), &uc) != 0) {
+ return -1;
+ }
+
+ if (ascii2uc(*(ibuf++), &uc2) != 0) {
+ return -1;
+ }
+
+ *(obuf++) = (uc << 4) | uc2;
+ }
+
+ return 0;
}
-void mbedtls_test_hexify( unsigned char *obuf,
- const unsigned char *ibuf,
- int len )
+void mbedtls_test_hexify(unsigned char *obuf,
+ const unsigned char *ibuf,
+ int len)
{
unsigned char l, h;
- while( len != 0 )
- {
+ while (len != 0) {
h = *ibuf / 16;
l = *ibuf % 16;
- if( h < 10 )
+ if (h < 10) {
*obuf++ = '0' + h;
- else
+ } else {
*obuf++ = 'a' + h - 10;
+ }
- if( l < 10 )
+ if (l < 10) {
*obuf++ = '0' + l;
- else
+ } else {
*obuf++ = 'a' + l - 10;
+ }
++ibuf;
len--;
}
}
-unsigned char *mbedtls_test_zero_alloc( size_t len )
+unsigned char *mbedtls_test_zero_alloc(size_t len)
{
void *p;
- size_t actual_len = ( len != 0 ) ? len : 1;
+ size_t actual_len = (len != 0) ? len : 1;
- p = mbedtls_calloc( 1, actual_len );
- TEST_HELPER_ASSERT( p != NULL );
+ p = mbedtls_calloc(1, actual_len);
+ TEST_HELPER_ASSERT(p != NULL);
- memset( p, 0x00, actual_len );
+ memset(p, 0x00, actual_len);
- return( p );
+ return p;
}
-unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen )
+unsigned char *mbedtls_test_unhexify_alloc(const char *ibuf, size_t *olen)
{
unsigned char *obuf;
size_t len;
- *olen = strlen( ibuf ) / 2;
+ *olen = strlen(ibuf) / 2;
- if( *olen == 0 )
- return( mbedtls_test_zero_alloc( *olen ) );
+ if (*olen == 0) {
+ return mbedtls_test_zero_alloc(*olen);
+ }
- obuf = mbedtls_calloc( 1, *olen );
- TEST_HELPER_ASSERT( obuf != NULL );
- TEST_HELPER_ASSERT( mbedtls_test_unhexify( obuf, *olen, ibuf, &len ) == 0 );
+ obuf = mbedtls_calloc(1, *olen);
+ TEST_HELPER_ASSERT(obuf != NULL);
+ TEST_HELPER_ASSERT(mbedtls_test_unhexify(obuf, *olen, ibuf, &len) == 0);
- return( obuf );
+ return obuf;
}
-int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b,
- uint32_t a_len, uint32_t b_len )
+int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b,
+ uint32_t a_len, uint32_t b_len)
{
int ret = 0;
uint32_t i = 0;
- if( a_len != b_len )
- return( -1 );
+ if (a_len != b_len) {
+ return -1;
+ }
- for( i = 0; i < a_len; i++ )
- {
- if( a[i] != b[i] )
- {
+ for (i = 0; i < a_len; i++) {
+ if (a[i] != b[i]) {
ret = -1;
break;
}
@@ -315,40 +318,41 @@
#if defined(MBEDTLS_CHECK_PARAMS)
void mbedtls_test_param_failed_get_location_record(
- mbedtls_test_param_failed_location_record_t *location_record )
+ mbedtls_test_param_failed_location_record_t *location_record)
{
*location_record = param_failed_ctx.location_record;
}
-void mbedtls_test_param_failed_expect_call( void )
+void mbedtls_test_param_failed_expect_call(void)
{
param_failed_ctx.expected_call_happened = 0;
param_failed_ctx.expected_call = 1;
}
-int mbedtls_test_param_failed_check_expected_call( void )
+int mbedtls_test_param_failed_check_expected_call(void)
{
param_failed_ctx.expected_call = 0;
- if( param_failed_ctx.expected_call_happened != 0 )
- return( 0 );
+ if (param_failed_ctx.expected_call_happened != 0) {
+ return 0;
+ }
- return( -1 );
+ return -1;
}
-void* mbedtls_test_param_failed_get_state_buf( void )
+void *mbedtls_test_param_failed_get_state_buf(void)
{
return ¶m_failed_ctx.state;
}
-void mbedtls_test_param_failed_reset_state( void )
+void mbedtls_test_param_failed_reset_state(void)
{
- memset( param_failed_ctx.state, 0, sizeof( param_failed_ctx.state ) );
+ memset(param_failed_ctx.state, 0, sizeof(param_failed_ctx.state));
}
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
+void mbedtls_param_failed(const char *failure_condition,
+ const char *file,
+ int line)
{
/* Record the location of the failure */
param_failed_ctx.location_record.failure_condition = failure_condition;
@@ -356,27 +360,24 @@
param_failed_ctx.location_record.line = line;
/* If we are testing the callback function... */
- if( param_failed_ctx.expected_call != 0 )
- {
+ if (param_failed_ctx.expected_call != 0) {
param_failed_ctx.expected_call = 0;
param_failed_ctx.expected_call_happened = 1;
- }
- else
- {
+ } else {
/* ...else try a long jump. If the execution state has not been set-up
* or reset then the long jump buffer is all zero's and the call will
* with high probability fault, emphasizing there is something to look
* at.
*/
- longjmp( param_failed_ctx.state, 1 );
+ longjmp(param_failed_ctx.state, 1);
}
}
#endif /* MBEDTLS_CHECK_PARAMS */
#if defined(MBEDTLS_TEST_HOOKS)
-void mbedtls_test_err_add_check( int high, int low,
- const char *file, int line )
+void mbedtls_test_err_add_check(int high, int low,
+ const char *file, int line)
{
/* Error codes are always negative (a value of zero is a success) however
* their positive opposites can be easier to understand. The following
@@ -390,74 +391,64 @@
* and module-dependent error code (bits 7..11)).
* l = low level error code.
*/
- if ( high > -0x1000 && high != 0 )
- /* high < 0001000000000000
- * No high level module ID bits are set.
- */
- {
- mbedtls_test_fail( "'high' is not a high-level error code",
- line, file );
- }
- else if ( high < -0x7F80 )
- /* high > 0111111110000000
- * Error code is greater than the largest allowed high level module ID.
- */
- {
- mbedtls_test_fail( "'high' error code is greater than 15 bits",
- line, file );
- }
- else if ( ( high & 0x7F ) != 0 )
- /* high & 0000000001111111
- * Error code contains low level error code bits.
- */
- {
- mbedtls_test_fail( "'high' contains a low-level error code",
- line, file );
- }
- else if ( low < -0x007F )
- /* low > 0000000001111111
- * Error code contains high or module level error code bits.
- */
- {
- mbedtls_test_fail( "'low' error code is greater than 7 bits",
- line, file );
- }
- else if ( low > 0 )
- {
- mbedtls_test_fail( "'low' error code is greater than zero",
- line, file );
+ if (high > -0x1000 && high != 0) {
+ /* high < 0001000000000000
+ * No high level module ID bits are set.
+ */
+ mbedtls_test_fail("'high' is not a high-level error code",
+ line, file);
+ } else if (high < -0x7F80) {
+ /* high > 0111111110000000
+ * Error code is greater than the largest allowed high level module ID.
+ */
+ mbedtls_test_fail("'high' error code is greater than 15 bits",
+ line, file);
+ } else if ((high & 0x7F) != 0) {
+ /* high & 0000000001111111
+ * Error code contains low level error code bits.
+ */
+ mbedtls_test_fail("'high' contains a low-level error code",
+ line, file);
+ } else if (low < -0x007F) {
+ /* low > 0000000001111111
+ * Error code contains high or module level error code bits.
+ */
+ mbedtls_test_fail("'low' error code is greater than 7 bits",
+ line, file);
+ } else if (low > 0) {
+ mbedtls_test_fail("'low' error code is greater than zero",
+ line, file);
}
}
#endif /* MBEDTLS_TEST_HOOKS */
#if defined(MBEDTLS_BIGNUM_C)
-int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s )
+int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s)
{
int negative = 0;
/* Always set the sign bit to -1 if the input has a minus sign, even for 0.
* This creates an invalid representation, which mbedtls_mpi_read_string()
* avoids but we want to be able to create that in test data. */
- if( s[0] == '-' )
- {
+ if (s[0] == '-') {
++s;
negative = 1;
}
/* mbedtls_mpi_read_string() currently retains leading zeros.
* It always allocates at least one limb for the value 0. */
- if( s[0] == 0 )
- {
- mbedtls_mpi_free( X );
- return( 0 );
+ if (s[0] == 0) {
+ mbedtls_mpi_free(X);
+ return 0;
}
- int ret = mbedtls_mpi_read_string( X, 16, s );
- if( ret != 0 )
- return( ret );
- if( negative )
- {
- if( mbedtls_mpi_cmp_int( X, 0 ) == 0 )
+ int ret = mbedtls_mpi_read_string(X, 16, s);
+ if (ret != 0) {
+ return ret;
+ }
+ if (negative) {
+ if (mbedtls_mpi_cmp_int(X, 0) == 0) {
++mbedtls_test_case_uses_negative_0;
+ }
X->s = -1;
}
- return( 0 );
+ return 0;
}
#endif
diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c
index 299b6d1..06274d3 100644
--- a/tests/src/psa_crypto_helpers.c
+++ b/tests/src/psa_crypto_helpers.c
@@ -36,96 +36,106 @@
static mbedtls_svc_key_id_t key_ids_used_in_test[9];
static size_t num_key_ids_used;
-int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id )
+int mbedtls_test_uses_key_id(mbedtls_svc_key_id_t key_id)
{
size_t i;
- if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id ) >
- PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
- {
+ if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id) >
+ PSA_MAX_PERSISTENT_KEY_IDENTIFIER) {
/* Don't touch key id values that designate non-key files. */
- return( 1 );
+ return 1;
}
- for( i = 0; i < num_key_ids_used ; i++ )
- {
- if( mbedtls_svc_key_id_equal( key_id, key_ids_used_in_test[i] ) )
- return( 1 );
+ for (i = 0; i < num_key_ids_used; i++) {
+ if (mbedtls_svc_key_id_equal(key_id, key_ids_used_in_test[i])) {
+ return 1;
+ }
}
- if( num_key_ids_used == ARRAY_LENGTH( key_ids_used_in_test ) )
- return( 0 );
+ if (num_key_ids_used == ARRAY_LENGTH(key_ids_used_in_test)) {
+ return 0;
+ }
key_ids_used_in_test[num_key_ids_used] = key_id;
++num_key_ids_used;
- return( 1 );
+ return 1;
}
-void mbedtls_test_psa_purge_key_storage( void )
+void mbedtls_test_psa_purge_key_storage(void)
{
size_t i;
- for( i = 0; i < num_key_ids_used; i++ )
- psa_destroy_persistent_key( key_ids_used_in_test[i] );
+ for (i = 0; i < num_key_ids_used; i++) {
+ psa_destroy_persistent_key(key_ids_used_in_test[i]);
+ }
num_key_ids_used = 0;
}
-void mbedtls_test_psa_purge_key_cache( void )
+void mbedtls_test_psa_purge_key_cache(void)
{
size_t i;
- for( i = 0; i < num_key_ids_used; i++ )
- psa_purge_key( key_ids_used_in_test[i] );
+ for (i = 0; i < num_key_ids_used; i++) {
+ psa_purge_key(key_ids_used_in_test[i]);
+ }
}
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-const char *mbedtls_test_helper_is_psa_leaking( void )
+const char *mbedtls_test_helper_is_psa_leaking(void)
{
mbedtls_psa_stats_t stats;
- mbedtls_psa_get_stats( &stats );
+ mbedtls_psa_get_stats(&stats);
- if( stats.volatile_slots != 0 )
- return( "A volatile slot has not been closed properly." );
- if( stats.persistent_slots != 0 )
- return( "A persistent slot has not been closed properly." );
- if( stats.external_slots != 0 )
- return( "An external slot has not been closed properly." );
- if( stats.half_filled_slots != 0 )
- return( "A half-filled slot has not been cleared properly." );
- if( stats.locked_slots != 0 )
- return( "Some slots are still marked as locked." );
+ if (stats.volatile_slots != 0) {
+ return "A volatile slot has not been closed properly.";
+ }
+ if (stats.persistent_slots != 0) {
+ return "A persistent slot has not been closed properly.";
+ }
+ if (stats.external_slots != 0) {
+ return "An external slot has not been closed properly.";
+ }
+ if (stats.half_filled_slots != 0) {
+ return "A half-filled slot has not been cleared properly.";
+ }
+ if (stats.locked_slots != 0) {
+ return "Some slots are still marked as locked.";
+ }
- return( NULL );
+ return NULL;
}
#if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
/** Name of the file where return statuses are logged by #RECORD_STATUS. */
#define STATUS_LOG_FILE_NAME "statuses.log"
-psa_status_t mbedtls_test_record_status( psa_status_t status,
- const char *func,
- const char *file, int line,
- const char *expr )
+psa_status_t mbedtls_test_record_status(psa_status_t status,
+ const char *func,
+ const char *file, int line,
+ const char *expr)
{
/* We open the log file on first use.
* We never close the log file, so the record_status feature is not
* compatible with resource leak detectors such as Asan.
*/
static FILE *log;
- if( log == NULL )
- log = fopen( STATUS_LOG_FILE_NAME, "a" );
- fprintf( log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr );
- return( status );
+ if (log == NULL) {
+ log = fopen(STATUS_LOG_FILE_NAME, "a");
+ }
+ fprintf(log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr);
+ return status;
}
#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */
-psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags )
+psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags)
{
psa_key_usage_t updated_usage = usage_flags;
- if( usage_flags & PSA_KEY_USAGE_SIGN_HASH )
+ if (usage_flags & PSA_KEY_USAGE_SIGN_HASH) {
updated_usage |= PSA_KEY_USAGE_SIGN_MESSAGE;
+ }
- if( usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
+ if (usage_flags & PSA_KEY_USAGE_VERIFY_HASH) {
updated_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE;
+ }
- return( updated_usage );
+ return updated_usage;
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index d1650f1..0843e24 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -33,14 +33,14 @@
#include <test/psa_crypto_helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-static int lifetime_is_dynamic_secure_element( psa_key_lifetime_t lifetime )
+static int lifetime_is_dynamic_secure_element(psa_key_lifetime_t lifetime)
{
- return( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) !=
- PSA_KEY_LOCATION_LOCAL_STORAGE );
+ return PSA_KEY_LIFETIME_GET_LOCATION(lifetime) !=
+ PSA_KEY_LOCATION_LOCAL_STORAGE;
}
#endif
-static int check_key_attributes_sanity( mbedtls_svc_key_id_t key )
+static int check_key_attributes_sanity(mbedtls_svc_key_id_t key)
{
int ok = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -49,58 +49,54 @@
psa_key_type_t type;
size_t bits;
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- lifetime = psa_get_key_lifetime( &attributes );
- id = psa_get_key_id( &attributes );
- type = psa_get_key_type( &attributes );
- bits = psa_get_key_bits( &attributes );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ lifetime = psa_get_key_lifetime(&attributes);
+ id = psa_get_key_id(&attributes);
+ type = psa_get_key_type(&attributes);
+ bits = psa_get_key_bits(&attributes);
/* Persistence */
- if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
- {
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
TEST_ASSERT(
- ( PSA_KEY_ID_VOLATILE_MIN <=
- MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) &&
- ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <=
- PSA_KEY_ID_VOLATILE_MAX ) );
- }
- else
- {
+ (PSA_KEY_ID_VOLATILE_MIN <=
+ MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id)) &&
+ (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) <=
+ PSA_KEY_ID_VOLATILE_MAX));
+ } else {
TEST_ASSERT(
- ( PSA_KEY_ID_USER_MIN <= MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) &&
- ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <= PSA_KEY_ID_USER_MAX ) );
+ (PSA_KEY_ID_USER_MIN <= MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id)) &&
+ (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) <= PSA_KEY_ID_USER_MAX));
}
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* randomly-generated 64-bit constant, should never appear in test data */
psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21;
- psa_status_t status = psa_get_key_slot_number( &attributes, &slot_number );
- if( lifetime_is_dynamic_secure_element( lifetime ) )
- {
+ psa_status_t status = psa_get_key_slot_number(&attributes, &slot_number);
+ if (lifetime_is_dynamic_secure_element(lifetime)) {
/* Mbed Crypto currently always exposes the slot number to
* applications. This is not mandated by the PSA specification
* and may change in future versions. */
- TEST_EQUAL( status, 0 );
- TEST_ASSERT( slot_number != 0xec94d4a5058a1a21 );
- }
- else
- {
- TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT );
+ TEST_EQUAL(status, 0);
+ TEST_ASSERT(slot_number != 0xec94d4a5058a1a21);
+ } else {
+ TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT);
}
#endif
/* Type and size */
- TEST_ASSERT( type != 0 );
- TEST_ASSERT( bits != 0 );
- TEST_ASSERT( bits <= PSA_MAX_KEY_BITS );
- if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
- TEST_ASSERT( bits % 8 == 0 );
+ TEST_ASSERT(type != 0);
+ TEST_ASSERT(bits != 0);
+ TEST_ASSERT(bits <= PSA_MAX_KEY_BITS);
+ if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
+ TEST_ASSERT(bits % 8 == 0);
+ }
/* MAX macros concerning specific key types */
- if( PSA_KEY_TYPE_IS_ECC( type ) )
- TEST_ASSERT( bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS );
- else if( PSA_KEY_TYPE_IS_RSA( type ) )
- TEST_ASSERT( bits <= PSA_VENDOR_RSA_MAX_KEY_BITS );
- TEST_ASSERT( PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ) <= PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE );
+ if (PSA_KEY_TYPE_IS_ECC(type)) {
+ TEST_ASSERT(bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS);
+ } else if (PSA_KEY_TYPE_IS_RSA(type)) {
+ TEST_ASSERT(bits <= PSA_VENDOR_RSA_MAX_KEY_BITS);
+ }
+ TEST_ASSERT(PSA_BLOCK_CIPHER_BLOCK_LENGTH(type) <= PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE);
ok = 1;
@@ -109,410 +105,389 @@
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- return( ok );
+ return ok;
}
-static int exercise_mac_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int exercise_mac_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
const unsigned char input[] = "foo";
- unsigned char mac[PSA_MAC_MAX_SIZE] = {0};
- size_t mac_length = sizeof( mac );
+ unsigned char mac[PSA_MAC_MAX_SIZE] = { 0 };
+ size_t mac_length = sizeof(mac);
/* Convert wildcard algorithm to exercisable algorithm */
- if( alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG )
- {
- alg = PSA_ALG_TRUNCATED_MAC( alg, PSA_MAC_TRUNCATED_LENGTH( alg ) );
+ if (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) {
+ alg = PSA_ALG_TRUNCATED_MAC(alg, PSA_MAC_TRUNCATED_LENGTH(alg));
}
- if( usage & PSA_KEY_USAGE_SIGN_HASH )
- {
- PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_mac_update( &operation,
- input, sizeof( input ) ) );
- PSA_ASSERT( psa_mac_sign_finish( &operation,
- mac, sizeof( mac ),
- &mac_length ) );
+ if (usage & PSA_KEY_USAGE_SIGN_HASH) {
+ PSA_ASSERT(psa_mac_sign_setup(&operation, key, alg));
+ PSA_ASSERT(psa_mac_update(&operation,
+ input, sizeof(input)));
+ PSA_ASSERT(psa_mac_sign_finish(&operation,
+ mac, sizeof(mac),
+ &mac_length));
}
- if( usage & PSA_KEY_USAGE_VERIFY_HASH )
- {
+ if (usage & PSA_KEY_USAGE_VERIFY_HASH) {
psa_status_t verify_status =
- ( usage & PSA_KEY_USAGE_SIGN_HASH ?
- PSA_SUCCESS :
- PSA_ERROR_INVALID_SIGNATURE );
- PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_mac_update( &operation,
- input, sizeof( input ) ) );
- TEST_EQUAL( psa_mac_verify_finish( &operation, mac, mac_length ),
- verify_status );
+ (usage & PSA_KEY_USAGE_SIGN_HASH ?
+ PSA_SUCCESS :
+ PSA_ERROR_INVALID_SIGNATURE);
+ PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg));
+ PSA_ASSERT(psa_mac_update(&operation,
+ input, sizeof(input)));
+ TEST_EQUAL(psa_mac_verify_finish(&operation, mac, mac_length),
+ verify_status);
}
- return( 1 );
+ return 1;
exit:
- psa_mac_abort( &operation );
- return( 0 );
+ psa_mac_abort(&operation);
+ return 0;
}
-static int exercise_cipher_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int exercise_cipher_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- unsigned char iv[PSA_CIPHER_IV_MAX_SIZE] = {0};
+ unsigned char iv[PSA_CIPHER_IV_MAX_SIZE] = { 0 };
size_t iv_length;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type;
const unsigned char plaintext[16] = "Hello, world...";
unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)";
- size_t ciphertext_length = sizeof( ciphertext );
- unsigned char decrypted[sizeof( ciphertext )];
+ size_t ciphertext_length = sizeof(ciphertext);
+ unsigned char decrypted[sizeof(ciphertext)];
size_t part_length;
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_type = psa_get_key_type( &attributes );
- iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_type = psa_get_key_type(&attributes);
+ iv_length = PSA_CIPHER_IV_LENGTH(key_type, alg);
- if( usage & PSA_KEY_USAGE_ENCRYPT )
- {
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- if( iv_length != 0 )
- {
- PSA_ASSERT( psa_cipher_generate_iv( &operation,
- iv, sizeof( iv ),
- &iv_length ) );
+ if (usage & PSA_KEY_USAGE_ENCRYPT) {
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
+ if (iv_length != 0) {
+ PSA_ASSERT(psa_cipher_generate_iv(&operation,
+ iv, sizeof(iv),
+ &iv_length));
}
- PSA_ASSERT( psa_cipher_update( &operation,
- plaintext, sizeof( plaintext ),
- ciphertext, sizeof( ciphertext ),
- &ciphertext_length ) );
- PSA_ASSERT( psa_cipher_finish( &operation,
- ciphertext + ciphertext_length,
- sizeof( ciphertext ) - ciphertext_length,
- &part_length ) );
+ PSA_ASSERT(psa_cipher_update(&operation,
+ plaintext, sizeof(plaintext),
+ ciphertext, sizeof(ciphertext),
+ &ciphertext_length));
+ PSA_ASSERT(psa_cipher_finish(&operation,
+ ciphertext + ciphertext_length,
+ sizeof(ciphertext) - ciphertext_length,
+ &part_length));
ciphertext_length += part_length;
}
- if( usage & PSA_KEY_USAGE_DECRYPT )
- {
+ if (usage & PSA_KEY_USAGE_DECRYPT) {
psa_status_t status;
int maybe_invalid_padding = 0;
- if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) )
- {
- maybe_invalid_padding = ! PSA_ALG_IS_STREAM_CIPHER( alg );
+ if (!(usage & PSA_KEY_USAGE_ENCRYPT)) {
+ maybe_invalid_padding = !PSA_ALG_IS_STREAM_CIPHER(alg);
}
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
- if( iv_length != 0 )
- {
- PSA_ASSERT( psa_cipher_set_iv( &operation,
- iv, iv_length ) );
+ PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg));
+ if (iv_length != 0) {
+ PSA_ASSERT(psa_cipher_set_iv(&operation,
+ iv, iv_length));
}
- PSA_ASSERT( psa_cipher_update( &operation,
- ciphertext, ciphertext_length,
- decrypted, sizeof( decrypted ),
- &part_length ) );
- status = psa_cipher_finish( &operation,
- decrypted + part_length,
- sizeof( decrypted ) - part_length,
- &part_length );
+ PSA_ASSERT(psa_cipher_update(&operation,
+ ciphertext, ciphertext_length,
+ decrypted, sizeof(decrypted),
+ &part_length));
+ status = psa_cipher_finish(&operation,
+ decrypted + part_length,
+ sizeof(decrypted) - part_length,
+ &part_length);
/* For a stream cipher, all inputs are valid. For a block cipher,
* if the input is some arbitrary data rather than an actual
- ciphertext, a padding error is likely. */
- if( maybe_invalid_padding )
- TEST_ASSERT( status == PSA_SUCCESS ||
- status == PSA_ERROR_INVALID_PADDING );
- else
- PSA_ASSERT( status );
+ ciphertext, a padding error is likely. */
+ if (maybe_invalid_padding) {
+ TEST_ASSERT(status == PSA_SUCCESS ||
+ status == PSA_ERROR_INVALID_PADDING);
+ } else {
+ PSA_ASSERT(status);
+ }
}
- return( 1 );
+ return 1;
exit:
- psa_cipher_abort( &operation );
- psa_reset_key_attributes( &attributes );
- return( 0 );
+ psa_cipher_abort(&operation);
+ psa_reset_key_attributes(&attributes);
+ return 0;
}
-static int exercise_aead_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int exercise_aead_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
- unsigned char nonce[PSA_AEAD_NONCE_MAX_SIZE] = {0};
+ unsigned char nonce[PSA_AEAD_NONCE_MAX_SIZE] = { 0 };
size_t nonce_length;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type;
unsigned char plaintext[16] = "Hello, world...";
unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)";
- size_t ciphertext_length = sizeof( ciphertext );
- size_t plaintext_length = sizeof( ciphertext );
+ size_t ciphertext_length = sizeof(ciphertext);
+ size_t plaintext_length = sizeof(ciphertext);
/* Convert wildcard algorithm to exercisable algorithm */
- if( alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG )
- {
- alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) );
+ if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) {
+ alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, PSA_ALG_AEAD_GET_TAG_LENGTH(alg));
}
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_type = psa_get_key_type( &attributes );
- nonce_length = PSA_AEAD_NONCE_LENGTH( key_type, alg );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_type = psa_get_key_type(&attributes);
+ nonce_length = PSA_AEAD_NONCE_LENGTH(key_type, alg);
- if( usage & PSA_KEY_USAGE_ENCRYPT )
- {
- PSA_ASSERT( psa_aead_encrypt( key, alg,
- nonce, nonce_length,
- NULL, 0,
- plaintext, sizeof( plaintext ),
- ciphertext, sizeof( ciphertext ),
- &ciphertext_length ) );
+ if (usage & PSA_KEY_USAGE_ENCRYPT) {
+ PSA_ASSERT(psa_aead_encrypt(key, alg,
+ nonce, nonce_length,
+ NULL, 0,
+ plaintext, sizeof(plaintext),
+ ciphertext, sizeof(ciphertext),
+ &ciphertext_length));
}
- if( usage & PSA_KEY_USAGE_DECRYPT )
- {
+ if (usage & PSA_KEY_USAGE_DECRYPT) {
psa_status_t verify_status =
- ( usage & PSA_KEY_USAGE_ENCRYPT ?
- PSA_SUCCESS :
- PSA_ERROR_INVALID_SIGNATURE );
- TEST_EQUAL( psa_aead_decrypt( key, alg,
- nonce, nonce_length,
- NULL, 0,
- ciphertext, ciphertext_length,
- plaintext, sizeof( plaintext ),
- &plaintext_length ),
- verify_status );
+ (usage & PSA_KEY_USAGE_ENCRYPT ?
+ PSA_SUCCESS :
+ PSA_ERROR_INVALID_SIGNATURE);
+ TEST_EQUAL(psa_aead_decrypt(key, alg,
+ nonce, nonce_length,
+ NULL, 0,
+ ciphertext, ciphertext_length,
+ plaintext, sizeof(plaintext),
+ &plaintext_length),
+ verify_status);
}
- return( 1 );
+ return 1;
exit:
- psa_reset_key_attributes( &attributes );
- return( 0 );
+ psa_reset_key_attributes(&attributes);
+ return 0;
}
-static int can_sign_or_verify_message( psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int can_sign_or_verify_message(psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
/* Sign-the-unspecified-hash algorithms can only be used with
* {sign,verify}_hash, not with {sign,verify}_message. */
- if( alg == PSA_ALG_ECDSA_ANY || alg == PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
- return( 0 );
- return( usage & ( PSA_KEY_USAGE_SIGN_MESSAGE |
- PSA_KEY_USAGE_VERIFY_MESSAGE ) );
+ if (alg == PSA_ALG_ECDSA_ANY || alg == PSA_ALG_RSA_PKCS1V15_SIGN_RAW) {
+ return 0;
+ }
+ return usage & (PSA_KEY_USAGE_SIGN_MESSAGE |
+ PSA_KEY_USAGE_VERIFY_MESSAGE);
}
-static int exercise_signature_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int exercise_signature_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
- if( usage & ( PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ) )
- {
- unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
+ if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH)) {
+ unsigned char payload[PSA_HASH_MAX_SIZE] = { 1 };
size_t payload_length = 16;
- unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
- size_t signature_length = sizeof( signature );
- psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
+ unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 };
+ size_t signature_length = sizeof(signature);
+ psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
/* If the policy allows signing with any hash, just pick one. */
- if( PSA_ALG_IS_SIGN_HASH( alg ) && hash_alg == PSA_ALG_ANY_HASH )
- {
+ if (PSA_ALG_IS_SIGN_HASH(alg) && hash_alg == PSA_ALG_ANY_HASH) {
#if defined(KNOWN_MBEDTLS_SUPPORTED_HASH_ALG)
hash_alg = KNOWN_MBEDTLS_SUPPORTED_HASH_ALG;
alg ^= PSA_ALG_ANY_HASH ^ hash_alg;
#else
- TEST_ASSERT( ! "No hash algorithm for hash-and-sign testing" );
+ TEST_ASSERT(!"No hash algorithm for hash-and-sign testing");
#endif
}
/* Some algorithms require the payload to have the size of
* the hash encoded in the algorithm. Use this input size
* even for algorithms that allow other input sizes. */
- if( hash_alg != 0 )
- payload_length = PSA_HASH_LENGTH( hash_alg );
+ if (hash_alg != 0) {
+ payload_length = PSA_HASH_LENGTH(hash_alg);
+ }
- if( usage & PSA_KEY_USAGE_SIGN_HASH )
- {
- PSA_ASSERT( psa_sign_hash( key, alg,
+ if (usage & PSA_KEY_USAGE_SIGN_HASH) {
+ PSA_ASSERT(psa_sign_hash(key, alg,
+ payload, payload_length,
+ signature, sizeof(signature),
+ &signature_length));
+ }
+
+ if (usage & PSA_KEY_USAGE_VERIFY_HASH) {
+ psa_status_t verify_status =
+ (usage & PSA_KEY_USAGE_SIGN_HASH ?
+ PSA_SUCCESS :
+ PSA_ERROR_INVALID_SIGNATURE);
+ TEST_EQUAL(psa_verify_hash(key, alg,
payload, payload_length,
- signature, sizeof( signature ),
- &signature_length ) );
- }
-
- if( usage & PSA_KEY_USAGE_VERIFY_HASH )
- {
- psa_status_t verify_status =
- ( usage & PSA_KEY_USAGE_SIGN_HASH ?
- PSA_SUCCESS :
- PSA_ERROR_INVALID_SIGNATURE );
- TEST_EQUAL( psa_verify_hash( key, alg,
- payload, payload_length,
- signature, signature_length ),
- verify_status );
+ signature, signature_length),
+ verify_status);
}
}
- if( can_sign_or_verify_message( usage, alg ) )
- {
+ if (can_sign_or_verify_message(usage, alg)) {
unsigned char message[256] = "Hello, world...";
- unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
+ unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 };
size_t message_length = 16;
- size_t signature_length = sizeof( signature );
+ size_t signature_length = sizeof(signature);
- if( usage & PSA_KEY_USAGE_SIGN_MESSAGE )
- {
- PSA_ASSERT( psa_sign_message( key, alg,
- message, message_length,
- signature, sizeof( signature ),
- &signature_length ) );
+ if (usage & PSA_KEY_USAGE_SIGN_MESSAGE) {
+ PSA_ASSERT(psa_sign_message(key, alg,
+ message, message_length,
+ signature, sizeof(signature),
+ &signature_length));
}
- if( usage & PSA_KEY_USAGE_VERIFY_MESSAGE )
- {
+ if (usage & PSA_KEY_USAGE_VERIFY_MESSAGE) {
psa_status_t verify_status =
- ( usage & PSA_KEY_USAGE_SIGN_MESSAGE ?
- PSA_SUCCESS :
- PSA_ERROR_INVALID_SIGNATURE );
- TEST_EQUAL( psa_verify_message( key, alg,
- message, message_length,
- signature, signature_length ),
- verify_status );
+ (usage & PSA_KEY_USAGE_SIGN_MESSAGE ?
+ PSA_SUCCESS :
+ PSA_ERROR_INVALID_SIGNATURE);
+ TEST_EQUAL(psa_verify_message(key, alg,
+ message, message_length,
+ signature, signature_length),
+ verify_status);
}
}
- return( 1 );
+ return 1;
exit:
- return( 0 );
+ return 0;
}
-static int exercise_asymmetric_encryption_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int exercise_asymmetric_encryption_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
unsigned char plaintext[256] = "Hello, world...";
unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)";
- size_t ciphertext_length = sizeof( ciphertext );
+ size_t ciphertext_length = sizeof(ciphertext);
size_t plaintext_length = 16;
- if( usage & PSA_KEY_USAGE_ENCRYPT )
- {
- PSA_ASSERT( psa_asymmetric_encrypt( key, alg,
- plaintext, plaintext_length,
- NULL, 0,
- ciphertext, sizeof( ciphertext ),
- &ciphertext_length ) );
+ if (usage & PSA_KEY_USAGE_ENCRYPT) {
+ PSA_ASSERT(psa_asymmetric_encrypt(key, alg,
+ plaintext, plaintext_length,
+ NULL, 0,
+ ciphertext, sizeof(ciphertext),
+ &ciphertext_length));
}
- if( usage & PSA_KEY_USAGE_DECRYPT )
- {
+ if (usage & PSA_KEY_USAGE_DECRYPT) {
psa_status_t status =
- psa_asymmetric_decrypt( key, alg,
- ciphertext, ciphertext_length,
- NULL, 0,
- plaintext, sizeof( plaintext ),
- &plaintext_length );
- TEST_ASSERT( status == PSA_SUCCESS ||
- ( ( usage & PSA_KEY_USAGE_ENCRYPT ) == 0 &&
- ( status == PSA_ERROR_INVALID_ARGUMENT ||
- status == PSA_ERROR_INVALID_PADDING ) ) );
+ psa_asymmetric_decrypt(key, alg,
+ ciphertext, ciphertext_length,
+ NULL, 0,
+ plaintext, sizeof(plaintext),
+ &plaintext_length);
+ TEST_ASSERT(status == PSA_SUCCESS ||
+ ((usage & PSA_KEY_USAGE_ENCRYPT) == 0 &&
+ (status == PSA_ERROR_INVALID_ARGUMENT ||
+ status == PSA_ERROR_INVALID_PADDING)));
}
- return( 1 );
+ return 1;
exit:
- return( 0 );
+ return 0;
}
int mbedtls_test_psa_setup_key_derivation_wrap(
- psa_key_derivation_operation_t* operation,
+ psa_key_derivation_operation_t *operation,
mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
- const unsigned char* input1, size_t input1_length,
- const unsigned char* input2, size_t input2_length,
- size_t capacity )
+ const unsigned char *input1, size_t input1_length,
+ const unsigned char *input2, size_t input2_length,
+ size_t capacity)
{
- PSA_ASSERT( psa_key_derivation_setup( operation, alg ) );
- if( PSA_ALG_IS_HKDF( alg ) )
- {
- PSA_ASSERT( psa_key_derivation_input_bytes( operation,
- PSA_KEY_DERIVATION_INPUT_SALT,
- input1, input1_length ) );
- PSA_ASSERT( psa_key_derivation_input_key( operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- key ) );
- PSA_ASSERT( psa_key_derivation_input_bytes( operation,
- PSA_KEY_DERIVATION_INPUT_INFO,
- input2,
- input2_length ) );
- }
- else if( PSA_ALG_IS_TLS12_PRF( alg ) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
- {
- PSA_ASSERT( psa_key_derivation_input_bytes( operation,
- PSA_KEY_DERIVATION_INPUT_SEED,
- input1, input1_length ) );
- PSA_ASSERT( psa_key_derivation_input_key( operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- key ) );
- PSA_ASSERT( psa_key_derivation_input_bytes( operation,
- PSA_KEY_DERIVATION_INPUT_LABEL,
- input2, input2_length ) );
- }
- else
- {
- TEST_ASSERT( ! "Key derivation algorithm not supported" );
+ PSA_ASSERT(psa_key_derivation_setup(operation, alg));
+ if (PSA_ALG_IS_HKDF(alg)) {
+ PSA_ASSERT(psa_key_derivation_input_bytes(operation,
+ PSA_KEY_DERIVATION_INPUT_SALT,
+ input1, input1_length));
+ PSA_ASSERT(psa_key_derivation_input_key(operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ key));
+ PSA_ASSERT(psa_key_derivation_input_bytes(operation,
+ PSA_KEY_DERIVATION_INPUT_INFO,
+ input2,
+ input2_length));
+ } else if (PSA_ALG_IS_TLS12_PRF(alg) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) {
+ PSA_ASSERT(psa_key_derivation_input_bytes(operation,
+ PSA_KEY_DERIVATION_INPUT_SEED,
+ input1, input1_length));
+ PSA_ASSERT(psa_key_derivation_input_key(operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ key));
+ PSA_ASSERT(psa_key_derivation_input_bytes(operation,
+ PSA_KEY_DERIVATION_INPUT_LABEL,
+ input2, input2_length));
+ } else {
+ TEST_ASSERT(!"Key derivation algorithm not supported");
}
- if( capacity != SIZE_MAX )
- PSA_ASSERT( psa_key_derivation_set_capacity( operation, capacity ) );
+ if (capacity != SIZE_MAX) {
+ PSA_ASSERT(psa_key_derivation_set_capacity(operation, capacity));
+ }
- return( 1 );
+ return 1;
exit:
- return( 0 );
+ return 0;
}
-static int exercise_key_derivation_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int exercise_key_derivation_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char input1[] = "Input 1";
- size_t input1_length = sizeof( input1 );
+ size_t input1_length = sizeof(input1);
unsigned char input2[] = "Input 2";
- size_t input2_length = sizeof( input2 );
+ size_t input2_length = sizeof(input2);
unsigned char output[1];
- size_t capacity = sizeof( output );
+ size_t capacity = sizeof(output);
- if( usage & PSA_KEY_USAGE_DERIVE )
- {
- if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg,
- input1, input1_length,
- input2, input2_length,
- capacity ) )
+ if (usage & PSA_KEY_USAGE_DERIVE) {
+ if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, key, alg,
+ input1, input1_length,
+ input2, input2_length,
+ capacity)) {
goto exit;
+ }
- PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
- output,
- capacity ) );
- PSA_ASSERT( psa_key_derivation_abort( &operation ) );
+ PSA_ASSERT(psa_key_derivation_output_bytes(&operation,
+ output,
+ capacity));
+ PSA_ASSERT(psa_key_derivation_abort(&operation));
}
- return( 1 );
+ return 1;
exit:
- return( 0 );
+ return 0;
}
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
psa_status_t mbedtls_test_psa_key_agreement_with_self(
psa_key_derivation_operation_t *operation,
- mbedtls_svc_key_id_t key )
+ mbedtls_svc_key_id_t key)
{
psa_key_type_t private_key_type;
psa_key_type_t public_key_type;
@@ -525,34 +500,34 @@
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- private_key_type = psa_get_key_type( &attributes );
- key_bits = psa_get_key_bits( &attributes );
- public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
- public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_key_type, key_bits );
- ASSERT_ALLOC( public_key, public_key_length );
- PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length,
- &public_key_length ) );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ private_key_type = psa_get_key_type(&attributes);
+ key_bits = psa_get_key_bits(&attributes);
+ public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type);
+ public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits);
+ ASSERT_ALLOC(public_key, public_key_length);
+ PSA_ASSERT(psa_export_public_key(key, public_key, public_key_length,
+ &public_key_length));
status = psa_key_derivation_key_agreement(
operation, PSA_KEY_DERIVATION_INPUT_SECRET, key,
- public_key, public_key_length );
+ public_key, public_key_length);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- mbedtls_free( public_key );
- return( status );
+ mbedtls_free(public_key);
+ return status;
}
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
psa_algorithm_t alg,
- mbedtls_svc_key_id_t key )
+ mbedtls_svc_key_id_t key)
{
psa_key_type_t private_key_type;
psa_key_type_t public_key_type;
@@ -567,26 +542,25 @@
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- private_key_type = psa_get_key_type( &attributes );
- key_bits = psa_get_key_bits( &attributes );
- public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
- public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_key_type, key_bits );
- ASSERT_ALLOC( public_key, public_key_length );
- PSA_ASSERT( psa_export_public_key( key,
- public_key, public_key_length,
- &public_key_length ) );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ private_key_type = psa_get_key_type(&attributes);
+ key_bits = psa_get_key_bits(&attributes);
+ public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type);
+ public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits);
+ ASSERT_ALLOC(public_key, public_key_length);
+ PSA_ASSERT(psa_export_public_key(key,
+ public_key, public_key_length,
+ &public_key_length));
- status = psa_raw_key_agreement( alg, key,
- public_key, public_key_length,
- output, sizeof( output ), &output_length );
- if ( status == PSA_SUCCESS )
- {
- TEST_ASSERT( output_length <=
- PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( private_key_type,
- key_bits ) );
- TEST_ASSERT( output_length <=
- PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE );
+ status = psa_raw_key_agreement(alg, key,
+ public_key, public_key_length,
+ output, sizeof(output), &output_length);
+ if (status == PSA_SUCCESS) {
+ TEST_ASSERT(output_length <=
+ PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(private_key_type,
+ key_bits));
+ TEST_ASSERT(output_length <=
+ PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE);
}
exit:
@@ -594,93 +568,86 @@
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- mbedtls_free( public_key );
- return( status );
+ mbedtls_free(public_key);
+ return status;
}
-static int exercise_raw_key_agreement_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int exercise_raw_key_agreement_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
int ok = 0;
- if( usage & PSA_KEY_USAGE_DERIVE )
- {
+ if (usage & PSA_KEY_USAGE_DERIVE) {
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
- PSA_ASSERT( mbedtls_test_psa_raw_key_agreement_with_self( alg, key ) );
+ PSA_ASSERT(mbedtls_test_psa_raw_key_agreement_with_self(alg, key));
}
ok = 1;
exit:
- return( ok );
+ return ok;
}
-static int exercise_key_agreement_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int exercise_key_agreement_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char input[1];
unsigned char output[1];
int ok = 0;
- psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
+ psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg);
- if( usage & PSA_KEY_USAGE_DERIVE )
- {
+ if (usage & PSA_KEY_USAGE_DERIVE) {
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
- PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
- if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
- {
- PSA_ASSERT( psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_SEED,
- input, sizeof( input ) ) );
+ PSA_ASSERT(psa_key_derivation_setup(&operation, alg));
+ if (PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
+ PSA_ASSERT(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_SEED,
+ input, sizeof(input)));
}
- PSA_ASSERT( mbedtls_test_psa_key_agreement_with_self( &operation, key ) );
+ PSA_ASSERT(mbedtls_test_psa_key_agreement_with_self(&operation, key));
- if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
- {
- PSA_ASSERT( psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_LABEL,
- input, sizeof( input ) ) );
+ if (PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
+ PSA_ASSERT(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_LABEL,
+ input, sizeof(input)));
+ } else if (PSA_ALG_IS_HKDF(kdf_alg)) {
+ PSA_ASSERT(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_INFO,
+ input, sizeof(input)));
}
- else if( PSA_ALG_IS_HKDF( kdf_alg ) )
- {
- PSA_ASSERT( psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_INFO,
- input, sizeof( input ) ) );
- }
- PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
- output,
- sizeof( output ) ) );
- PSA_ASSERT( psa_key_derivation_abort( &operation ) );
+ PSA_ASSERT(psa_key_derivation_output_bytes(&operation,
+ output,
+ sizeof(output)));
+ PSA_ASSERT(psa_key_derivation_abort(&operation));
}
ok = 1;
exit:
- return( ok );
+ return ok;
}
int mbedtls_test_psa_exported_key_sanity_check(
psa_key_type_t type, size_t bits,
- const uint8_t *exported, size_t exported_length )
+ const uint8_t *exported, size_t exported_length)
{
- TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ) );
+ TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE(type, bits));
- if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
- TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) );
- else
+ if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
+ TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits));
+ } else
#if defined(MBEDTLS_ASN1_PARSE_C)
- if( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
- {
- uint8_t *p = (uint8_t*) exported;
+ if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
+ uint8_t *p = (uint8_t *) exported;
const uint8_t *end = exported + exported_length;
size_t len;
/* RSAPrivateKey ::= SEQUENCE {
@@ -695,140 +662,139 @@
* coefficient INTEGER, -- (inverse of q) mod p
* }
*/
- TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_SEQUENCE |
- MBEDTLS_ASN1_CONSTRUCTED ), 0 );
- TEST_EQUAL( len, end - p );
- if( ! mbedtls_test_asn1_skip_integer( &p, end, 0, 0, 0 ) )
+ TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_SEQUENCE |
+ MBEDTLS_ASN1_CONSTRUCTED), 0);
+ TEST_EQUAL(len, end - p);
+ if (!mbedtls_test_asn1_skip_integer(&p, end, 0, 0, 0)) {
goto exit;
- if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) )
+ }
+ if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) {
goto exit;
- if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) )
+ }
+ if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) {
goto exit;
+ }
/* Require d to be at least half the size of n. */
- if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits, 1 ) )
+ if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits, 1)) {
goto exit;
+ }
/* Require p and q to be at most half the size of n, rounded up. */
- if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
+ if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits / 2 + 1, 1)) {
goto exit;
- if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
+ }
+ if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits / 2 + 1, 1)) {
goto exit;
- if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
+ }
+ if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) {
goto exit;
- if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
+ }
+ if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) {
goto exit;
- if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
+ }
+ if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) {
goto exit;
- TEST_EQUAL( p - end, 0 );
+ }
+ TEST_EQUAL(p - end, 0);
- TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
- }
- else
+ TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE);
+ } else
#endif /* MBEDTLS_ASN1_PARSE_C */
#if defined(MBEDTLS_ECP_C)
- if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
- {
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
/* Just the secret value */
- TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) );
+ TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits));
- TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
- }
- else
+ TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE);
+ } else
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_ASN1_PARSE_C)
- if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY )
- {
- uint8_t *p = (uint8_t*) exported;
+ if (type == PSA_KEY_TYPE_RSA_PUBLIC_KEY) {
+ uint8_t *p = (uint8_t *) exported;
const uint8_t *end = exported + exported_length;
size_t len;
/* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
* publicExponent INTEGER } -- e
*/
- TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_SEQUENCE |
- MBEDTLS_ASN1_CONSTRUCTED ),
- 0 );
- TEST_EQUAL( len, end - p );
- if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) )
+ TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_SEQUENCE |
+ MBEDTLS_ASN1_CONSTRUCTED),
+ 0);
+ TEST_EQUAL(len, end - p);
+ if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) {
goto exit;
- if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) )
+ }
+ if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) {
goto exit;
- TEST_EQUAL( p - end, 0 );
+ }
+ TEST_EQUAL(p - end, 0);
- TEST_ASSERT( exported_length <=
- PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( type, bits ) );
- TEST_ASSERT( exported_length <=
- PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
- }
- else
+ TEST_ASSERT(exported_length <=
+ PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits));
+ TEST_ASSERT(exported_length <=
+ PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
+ } else
#endif /* MBEDTLS_ASN1_PARSE_C */
#if defined(MBEDTLS_ECP_C)
- if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) )
- {
+ if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) {
- TEST_ASSERT( exported_length <=
- PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( type, bits ) );
- TEST_ASSERT( exported_length <=
- PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
+ TEST_ASSERT(exported_length <=
+ PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits));
+ TEST_ASSERT(exported_length <=
+ PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
- if( PSA_KEY_TYPE_ECC_GET_FAMILY( type ) == PSA_ECC_FAMILY_MONTGOMERY )
- {
+ if (PSA_KEY_TYPE_ECC_GET_FAMILY(type) == PSA_ECC_FAMILY_MONTGOMERY) {
/* The representation of an ECC Montgomery public key is
* the raw compressed point */
- TEST_EQUAL( PSA_BITS_TO_BYTES( bits ), exported_length );
- }
- else
- {
+ TEST_EQUAL(PSA_BITS_TO_BYTES(bits), exported_length);
+ } else {
/* The representation of an ECC Weierstrass public key is:
* - The byte 0x04;
* - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
* - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
* - where m is the bit size associated with the curve.
*/
- TEST_EQUAL( 1 + 2 * PSA_BITS_TO_BYTES( bits ), exported_length );
- TEST_EQUAL( exported[0], 4 );
+ TEST_EQUAL(1 + 2 * PSA_BITS_TO_BYTES(bits), exported_length);
+ TEST_EQUAL(exported[0], 4);
}
- }
- else
+ } else
#endif /* MBEDTLS_ECP_C */
{
(void) exported;
- TEST_ASSERT( ! "Sanity check not implemented for this key type" );
+ TEST_ASSERT(!"Sanity check not implemented for this key type");
}
#if defined(MBEDTLS_DES_C)
- if( type == PSA_KEY_TYPE_DES )
- {
+ if (type == PSA_KEY_TYPE_DES) {
/* Check the parity bits. */
unsigned i;
- for( i = 0; i < bits / 8; i++ )
- {
+ for (i = 0; i < bits / 8; i++) {
unsigned bit_count = 0;
unsigned m;
- for( m = 1; m <= 0x100; m <<= 1 )
- {
- if( exported[i] & m )
+ for (m = 1; m <= 0x100; m <<= 1) {
+ if (exported[i] & m) {
++bit_count;
+ }
}
- TEST_ASSERT( bit_count % 2 != 0 );
+ TEST_ASSERT(bit_count % 2 != 0);
}
}
#endif
- return( 1 );
+ return 1;
exit:
- return( 0 );
+ return 0;
}
-static int exercise_export_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage )
+static int exercise_export_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage)
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *exported = NULL;
@@ -836,42 +802,41 @@
size_t exported_length = 0;
int ok = 0;
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
- psa_get_key_type( &attributes ),
- psa_get_key_bits( &attributes ) );
- ASSERT_ALLOC( exported, exported_size );
+ psa_get_key_type(&attributes),
+ psa_get_key_bits(&attributes));
+ ASSERT_ALLOC(exported, exported_size);
- if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 &&
- ! PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( &attributes ) ) )
- {
- TEST_EQUAL( psa_export_key( key, exported,
- exported_size, &exported_length ),
- PSA_ERROR_NOT_PERMITTED );
+ if ((usage & PSA_KEY_USAGE_EXPORT) == 0 &&
+ !PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(&attributes))) {
+ TEST_EQUAL(psa_export_key(key, exported,
+ exported_size, &exported_length),
+ PSA_ERROR_NOT_PERMITTED);
ok = 1;
goto exit;
}
- PSA_ASSERT( psa_export_key( key,
- exported, exported_size,
- &exported_length ) );
+ PSA_ASSERT(psa_export_key(key,
+ exported, exported_size,
+ &exported_length));
ok = mbedtls_test_psa_exported_key_sanity_check(
- psa_get_key_type( &attributes ), psa_get_key_bits( &attributes ),
- exported, exported_length );
+ psa_get_key_type(&attributes), psa_get_key_bits(&attributes),
+ exported, exported_length);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- mbedtls_free( exported );
- return( ok );
+ mbedtls_free(exported);
+ return ok;
}
-static int exercise_export_public_key( mbedtls_svc_key_id_t key )
+static int exercise_export_public_key(mbedtls_svc_key_id_t key)
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t public_type;
@@ -880,119 +845,113 @@
size_t exported_length = 0;
int ok = 0;
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type( &attributes ) ) )
- {
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ if (!PSA_KEY_TYPE_IS_ASYMMETRIC(psa_get_key_type(&attributes))) {
exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
- psa_get_key_type( &attributes ),
- psa_get_key_bits( &attributes ) );
- ASSERT_ALLOC( exported, exported_size );
+ psa_get_key_type(&attributes),
+ psa_get_key_bits(&attributes));
+ ASSERT_ALLOC(exported, exported_size);
- TEST_EQUAL( psa_export_public_key( key, exported,
- exported_size, &exported_length ),
- PSA_ERROR_INVALID_ARGUMENT );
+ TEST_EQUAL(psa_export_public_key(key, exported,
+ exported_size, &exported_length),
+ PSA_ERROR_INVALID_ARGUMENT);
ok = 1;
goto exit;
}
public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(
- psa_get_key_type( &attributes ) );
- exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type,
- psa_get_key_bits( &attributes ) );
- ASSERT_ALLOC( exported, exported_size );
+ psa_get_key_type(&attributes));
+ exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type,
+ psa_get_key_bits(&attributes));
+ ASSERT_ALLOC(exported, exported_size);
- PSA_ASSERT( psa_export_public_key( key,
- exported, exported_size,
- &exported_length ) );
+ PSA_ASSERT(psa_export_public_key(key,
+ exported, exported_size,
+ &exported_length));
ok = mbedtls_test_psa_exported_key_sanity_check(
- public_type, psa_get_key_bits( &attributes ),
- exported, exported_length );
+ public_type, psa_get_key_bits(&attributes),
+ exported, exported_length);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- mbedtls_free( exported );
- return( ok );
+ mbedtls_free(exported);
+ return ok;
}
-int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
int ok = 0;
- if( ! check_key_attributes_sanity( key ) )
- return( 0 );
+ if (!check_key_attributes_sanity(key)) {
+ return 0;
+ }
- if( alg == 0 )
+ if (alg == 0) {
ok = 1; /* If no algorithm, do nothing (used for raw data "keys"). */
- else if( PSA_ALG_IS_MAC( alg ) )
- ok = exercise_mac_key( key, usage, alg );
- else if( PSA_ALG_IS_CIPHER( alg ) )
- ok = exercise_cipher_key( key, usage, alg );
- else if( PSA_ALG_IS_AEAD( alg ) )
- ok = exercise_aead_key( key, usage, alg );
- else if( PSA_ALG_IS_SIGN( alg ) )
- ok = exercise_signature_key( key, usage, alg );
- else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
- ok = exercise_asymmetric_encryption_key( key, usage, alg );
- else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
- ok = exercise_key_derivation_key( key, usage, alg );
- else if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
- ok = exercise_raw_key_agreement_key( key, usage, alg );
- else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
- ok = exercise_key_agreement_key( key, usage, alg );
- else
- TEST_ASSERT( ! "No code to exercise this category of algorithm" );
+ } else if (PSA_ALG_IS_MAC(alg)) {
+ ok = exercise_mac_key(key, usage, alg);
+ } else if (PSA_ALG_IS_CIPHER(alg)) {
+ ok = exercise_cipher_key(key, usage, alg);
+ } else if (PSA_ALG_IS_AEAD(alg)) {
+ ok = exercise_aead_key(key, usage, alg);
+ } else if (PSA_ALG_IS_SIGN(alg)) {
+ ok = exercise_signature_key(key, usage, alg);
+ } else if (PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)) {
+ ok = exercise_asymmetric_encryption_key(key, usage, alg);
+ } else if (PSA_ALG_IS_KEY_DERIVATION(alg)) {
+ ok = exercise_key_derivation_key(key, usage, alg);
+ } else if (PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) {
+ ok = exercise_raw_key_agreement_key(key, usage, alg);
+ } else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) {
+ ok = exercise_key_agreement_key(key, usage, alg);
+ } else {
+ TEST_ASSERT(!"No code to exercise this category of algorithm");
+ }
- ok = ok && exercise_export_key( key, usage );
- ok = ok && exercise_export_public_key( key );
+ ok = ok && exercise_export_key(key, usage);
+ ok = ok && exercise_export_public_key(key);
exit:
- return( ok );
+ return ok;
}
-psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type,
- psa_algorithm_t alg )
+psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type,
+ psa_algorithm_t alg)
{
- if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) )
- {
- if( PSA_ALG_IS_SIGN_HASH( alg ) )
- {
- if( PSA_ALG_SIGN_GET_HASH( alg ) )
- return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
- PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:
- PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH |
- PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE );
+ if (PSA_ALG_IS_MAC(alg) || PSA_ALG_IS_SIGN(alg)) {
+ if (PSA_ALG_IS_SIGN_HASH(alg)) {
+ if (PSA_ALG_SIGN_GET_HASH(alg)) {
+ return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ?
+ PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE :
+ PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH |
+ PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE;
+ }
+ } else if (PSA_ALG_IS_SIGN_MESSAGE(alg)) {
+ return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ?
+ PSA_KEY_USAGE_VERIFY_MESSAGE :
+ PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE;
}
- else if( PSA_ALG_IS_SIGN_MESSAGE( alg) )
- return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
- PSA_KEY_USAGE_VERIFY_MESSAGE :
- PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE );
- return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
- PSA_KEY_USAGE_VERIFY_HASH :
- PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
- }
- else if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) ||
- PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
- {
- return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
- PSA_KEY_USAGE_ENCRYPT :
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
- }
- else if( PSA_ALG_IS_KEY_DERIVATION( alg ) ||
- PSA_ALG_IS_KEY_AGREEMENT( alg ) )
- {
- return( PSA_KEY_USAGE_DERIVE );
- }
- else
- {
- return( 0 );
+ return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ?
+ PSA_KEY_USAGE_VERIFY_HASH :
+ PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH;
+ } else if (PSA_ALG_IS_CIPHER(alg) || PSA_ALG_IS_AEAD(alg) ||
+ PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)) {
+ return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ?
+ PSA_KEY_USAGE_ENCRYPT :
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
+ } else if (PSA_ALG_IS_KEY_DERIVATION(alg) ||
+ PSA_ALG_IS_KEY_AGREEMENT(alg)) {
+ return PSA_KEY_USAGE_DERIVE;
+ } else {
+ return 0;
}
}
diff --git a/tests/src/random.c b/tests/src/random.c
index 7f3f401..e74e689 100644
--- a/tests/src/random.c
+++ b/tests/src/random.c
@@ -37,109 +37,111 @@
#include <mbedtls/entropy.h>
-int mbedtls_test_rnd_std_rand( void *rng_state,
- unsigned char *output,
- size_t len )
+int mbedtls_test_rnd_std_rand(void *rng_state,
+ unsigned char *output,
+ size_t len)
{
#if !defined(__OpenBSD__) && !defined(__NetBSD__)
size_t i;
- if( rng_state != NULL )
+ if (rng_state != NULL) {
rng_state = NULL;
+ }
- for( i = 0; i < len; ++i )
+ for (i = 0; i < len; ++i) {
output[i] = rand();
+ }
#else
- if( rng_state != NULL )
+ if (rng_state != NULL) {
rng_state = NULL;
+ }
- arc4random_buf( output, len );
+ arc4random_buf(output, len);
#endif /* !OpenBSD && !NetBSD */
- return( 0 );
+ return 0;
}
-int mbedtls_test_rnd_zero_rand( void *rng_state,
- unsigned char *output,
- size_t len )
+int mbedtls_test_rnd_zero_rand(void *rng_state,
+ unsigned char *output,
+ size_t len)
{
- if( rng_state != NULL )
+ if (rng_state != NULL) {
rng_state = NULL;
+ }
- memset( output, 0, len );
+ memset(output, 0, len);
- return( 0 );
+ return 0;
}
-int mbedtls_test_rnd_buffer_rand( void *rng_state,
- unsigned char *output,
- size_t len )
+int mbedtls_test_rnd_buffer_rand(void *rng_state,
+ unsigned char *output,
+ size_t len)
{
mbedtls_test_rnd_buf_info *info = (mbedtls_test_rnd_buf_info *) rng_state;
size_t use_len;
- if( rng_state == NULL )
- return( mbedtls_test_rnd_std_rand( NULL, output, len ) );
+ if (rng_state == NULL) {
+ return mbedtls_test_rnd_std_rand(NULL, output, len);
+ }
use_len = len;
- if( len > info->length )
+ if (len > info->length) {
use_len = info->length;
+ }
- if( use_len )
- {
- memcpy( output, info->buf, use_len );
+ if (use_len) {
+ memcpy(output, info->buf, use_len);
info->buf += use_len;
info->length -= use_len;
}
- if( len - use_len > 0 )
- {
- if( info->fallback_f_rng != NULL )
- {
- return( info->fallback_f_rng( info->fallback_p_rng,
- output + use_len,
- len - use_len ) );
+ if (len - use_len > 0) {
+ if (info->fallback_f_rng != NULL) {
+ return info->fallback_f_rng(info->fallback_p_rng,
+ output + use_len,
+ len - use_len);
+ } else {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
- else
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
}
- return( 0 );
+ return 0;
}
-int mbedtls_test_rnd_pseudo_rand( void *rng_state,
- unsigned char *output,
- size_t len )
+int mbedtls_test_rnd_pseudo_rand(void *rng_state,
+ unsigned char *output,
+ size_t len)
{
mbedtls_test_rnd_pseudo_info *info =
(mbedtls_test_rnd_pseudo_info *) rng_state;
- uint32_t i, *k, sum, delta=0x9E3779B9;
+ uint32_t i, *k, sum, delta = 0x9E3779B9;
unsigned char result[4], *out = output;
- if( rng_state == NULL )
- return( mbedtls_test_rnd_std_rand( NULL, output, len ) );
+ if (rng_state == NULL) {
+ return mbedtls_test_rnd_std_rand(NULL, output, len);
+ }
k = info->key;
- while( len > 0 )
- {
- size_t use_len = ( len > 4 ) ? 4 : len;
+ while (len > 0) {
+ size_t use_len = (len > 4) ? 4 : len;
sum = 0;
- for( i = 0; i < 32; i++ )
- {
- info->v0 += ( ( ( info->v1 << 4 ) ^ ( info->v1 >> 5 ) )
- + info->v1 ) ^ ( sum + k[sum & 3] );
+ for (i = 0; i < 32; i++) {
+ info->v0 += (((info->v1 << 4) ^ (info->v1 >> 5))
+ + info->v1) ^ (sum + k[sum & 3]);
sum += delta;
- info->v1 += ( ( ( info->v0 << 4 ) ^ ( info->v0 >> 5 ) )
- + info->v0 ) ^ ( sum + k[( sum>>11 ) & 3] );
+ info->v1 += (((info->v0 << 4) ^ (info->v0 >> 5))
+ + info->v0) ^ (sum + k[(sum>>11) & 3]);
}
- PUT_UINT32_BE( info->v0, result, 0 );
- memcpy( out, result, use_len );
+ PUT_UINT32_BE(info->v0, result, 0);
+ memcpy(out, result, use_len);
len -= use_len;
out += 4;
}
- return( 0 );
+ return 0;
}
diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c
index ca91b79..ae6e590 100644
--- a/tests/src/threading_helpers.c
+++ b/tests/src/threading_helpers.c
@@ -70,8 +70,7 @@
* indicate the exact location of the problematic call. To locate the error,
* use a debugger and set a breakpoint on mbedtls_test_mutex_usage_error().
*/
-enum value_of_mutex_is_valid_field
-{
+enum value_of_mutex_is_valid_field {
/* Potential values for the is_valid field of mbedtls_threading_mutex_t.
* Note that MUTEX_FREED must be 0 and MUTEX_IDLE must be 1 for
* compatibility with threading_mutex_init_pthread() and
@@ -82,12 +81,11 @@
MUTEX_LOCKED = 2, //!< Set by our lock
};
-typedef struct
-{
- void (*init)( mbedtls_threading_mutex_t * );
- void (*free)( mbedtls_threading_mutex_t * );
- int (*lock)( mbedtls_threading_mutex_t * );
- int (*unlock)( mbedtls_threading_mutex_t * );
+typedef struct {
+ void (*init)(mbedtls_threading_mutex_t *);
+ void (*free)(mbedtls_threading_mutex_t *);
+ int (*lock)(mbedtls_threading_mutex_t *);
+ int (*unlock)(mbedtls_threading_mutex_t *);
} mutex_functions_t;
static mutex_functions_t mutex_functions;
@@ -98,94 +96,96 @@
*/
static int live_mutexes;
-static void mbedtls_test_mutex_usage_error( mbedtls_threading_mutex_t *mutex,
- const char *msg )
+static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex,
+ const char *msg)
{
(void) mutex;
- if( mbedtls_test_info.mutex_usage_error == NULL )
+ if (mbedtls_test_info.mutex_usage_error == NULL) {
mbedtls_test_info.mutex_usage_error = msg;
- mbedtls_fprintf( stdout, "[mutex: %s] ", msg );
+ }
+ mbedtls_fprintf(stdout, "[mutex: %s] ", msg);
/* Don't mark the test as failed yet. This way, if the test fails later
* for a functional reason, the test framework will report the message
* and location for this functional reason. If the test passes,
* mbedtls_test_mutex_usage_check() will mark it as failed. */
}
-static void mbedtls_test_wrap_mutex_init( mbedtls_threading_mutex_t *mutex )
+static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex)
{
- mutex_functions.init( mutex );
- if( mutex->is_valid )
+ mutex_functions.init(mutex);
+ if (mutex->is_valid) {
++live_mutexes;
+ }
}
-static void mbedtls_test_wrap_mutex_free( mbedtls_threading_mutex_t *mutex )
+static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex)
{
- switch( mutex->is_valid )
- {
+ switch (mutex->is_valid) {
case MUTEX_FREED:
- mbedtls_test_mutex_usage_error( mutex, "free without init or double free" );
+ mbedtls_test_mutex_usage_error(mutex, "free without init or double free");
break;
case MUTEX_IDLE:
/* Do nothing. The underlying free function will reset is_valid
* to 0. */
break;
case MUTEX_LOCKED:
- mbedtls_test_mutex_usage_error( mutex, "free without unlock" );
+ mbedtls_test_mutex_usage_error(mutex, "free without unlock");
break;
default:
- mbedtls_test_mutex_usage_error( mutex, "corrupted state" );
+ mbedtls_test_mutex_usage_error(mutex, "corrupted state");
break;
}
- if( mutex->is_valid )
+ if (mutex->is_valid) {
--live_mutexes;
- mutex_functions.free( mutex );
+ }
+ mutex_functions.free(mutex);
}
-static int mbedtls_test_wrap_mutex_lock( mbedtls_threading_mutex_t *mutex )
+static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex)
{
- int ret = mutex_functions.lock( mutex );
- switch( mutex->is_valid )
- {
+ int ret = mutex_functions.lock(mutex);
+ switch (mutex->is_valid) {
case MUTEX_FREED:
- mbedtls_test_mutex_usage_error( mutex, "lock without init" );
+ mbedtls_test_mutex_usage_error(mutex, "lock without init");
break;
case MUTEX_IDLE:
- if( ret == 0 )
+ if (ret == 0) {
mutex->is_valid = 2;
+ }
break;
case MUTEX_LOCKED:
- mbedtls_test_mutex_usage_error( mutex, "double lock" );
+ mbedtls_test_mutex_usage_error(mutex, "double lock");
break;
default:
- mbedtls_test_mutex_usage_error( mutex, "corrupted state" );
+ mbedtls_test_mutex_usage_error(mutex, "corrupted state");
break;
}
- return( ret );
+ return ret;
}
-static int mbedtls_test_wrap_mutex_unlock( mbedtls_threading_mutex_t *mutex )
+static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex)
{
- int ret = mutex_functions.unlock( mutex );
- switch( mutex->is_valid )
- {
+ int ret = mutex_functions.unlock(mutex);
+ switch (mutex->is_valid) {
case MUTEX_FREED:
- mbedtls_test_mutex_usage_error( mutex, "unlock without init" );
+ mbedtls_test_mutex_usage_error(mutex, "unlock without init");
break;
case MUTEX_IDLE:
- mbedtls_test_mutex_usage_error( mutex, "unlock without lock" );
+ mbedtls_test_mutex_usage_error(mutex, "unlock without lock");
break;
case MUTEX_LOCKED:
- if( ret == 0 )
+ if (ret == 0) {
mutex->is_valid = MUTEX_IDLE;
+ }
break;
default:
- mbedtls_test_mutex_usage_error( mutex, "corrupted state" );
+ mbedtls_test_mutex_usage_error(mutex, "corrupted state");
break;
}
- return( ret );
+ return ret;
}
-void mbedtls_test_mutex_usage_init( void )
+void mbedtls_test_mutex_usage_init(void)
{
mutex_functions.init = mbedtls_mutex_init;
mutex_functions.free = mbedtls_mutex_free;
@@ -197,25 +197,24 @@
mbedtls_mutex_unlock = &mbedtls_test_wrap_mutex_unlock;
}
-void mbedtls_test_mutex_usage_check( void )
+void mbedtls_test_mutex_usage_check(void)
{
- if( live_mutexes != 0 )
- {
+ if (live_mutexes != 0) {
/* A positive number (more init than free) means that a mutex resource
* is leaking (on platforms where a mutex consumes more than the
* mbedtls_threading_mutex_t object itself). The rare case of a
* negative number means a missing init somewhere. */
- mbedtls_fprintf( stdout, "[mutex: %d leaked] ", live_mutexes );
+ mbedtls_fprintf(stdout, "[mutex: %d leaked] ", live_mutexes);
live_mutexes = 0;
- if( mbedtls_test_info.mutex_usage_error == NULL )
+ if (mbedtls_test_info.mutex_usage_error == NULL) {
mbedtls_test_info.mutex_usage_error = "missing free";
+ }
}
- if( mbedtls_test_info.mutex_usage_error != NULL &&
- mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED )
- {
+ if (mbedtls_test_info.mutex_usage_error != NULL &&
+ mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
/* Functionally, the test passed. But there was a mutex usage error,
* so mark the test as failed after all. */
- mbedtls_test_fail( "Mutex usage error", __LINE__, __FILE__ );
+ mbedtls_test_fail("Mutex usage error", __LINE__, __FILE__);
}
mbedtls_test_info.mutex_usage_error = NULL;
}
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index c085b18..eb0dc03 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -68,11 +68,11 @@
/* Indicates whether we expect mbedtls_entropy_init
* to initialize some strong entropy source. */
#if defined(MBEDTLS_TEST_NULL_ENTROPY) || \
- ( !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \
- ( !defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \
- defined(MBEDTLS_HAVEGE_C) || \
- defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
- defined(ENTROPY_NV_SEED) ) )
+ (!defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \
+ (!defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \
+ defined(MBEDTLS_HAVEGE_C) || \
+ defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
+ defined(ENTROPY_NV_SEED)))
#define ENTROPY_HAVE_STRONG
#endif
@@ -87,65 +87,60 @@
*
* \return 0 if the key store is empty, 1 otherwise.
*/
-int test_fail_if_psa_leaking( int line_no, const char *filename )
+int test_fail_if_psa_leaking(int line_no, const char *filename)
{
- const char *msg = mbedtls_test_helper_is_psa_leaking( );
- if( msg == NULL )
+ const char *msg = mbedtls_test_helper_is_psa_leaking();
+ if (msg == NULL) {
return 0;
- else
- {
- mbedtls_test_fail( msg, line_no, filename );
+ } else {
+ mbedtls_test_fail(msg, line_no, filename);
return 1;
}
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_C) */
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
-static int redirect_output( FILE* out_stream, const char* path )
+static int redirect_output(FILE *out_stream, const char *path)
{
int out_fd, dup_fd;
- FILE* path_stream;
+ FILE *path_stream;
- out_fd = fileno( out_stream );
- dup_fd = dup( out_fd );
+ out_fd = fileno(out_stream);
+ dup_fd = dup(out_fd);
- if( dup_fd == -1 )
- {
- return( -1 );
+ if (dup_fd == -1) {
+ return -1;
}
- path_stream = fopen( path, "w" );
- if( path_stream == NULL )
- {
- close( dup_fd );
- return( -1 );
+ path_stream = fopen(path, "w");
+ if (path_stream == NULL) {
+ close(dup_fd);
+ return -1;
}
- fflush( out_stream );
- if( dup2( fileno( path_stream ), out_fd ) == -1 )
- {
- close( dup_fd );
- fclose( path_stream );
- return( -1 );
+ fflush(out_stream);
+ if (dup2(fileno(path_stream), out_fd) == -1) {
+ close(dup_fd);
+ fclose(path_stream);
+ return -1;
}
- fclose( path_stream );
- return( dup_fd );
+ fclose(path_stream);
+ return dup_fd;
}
-static int restore_output( FILE* out_stream, int dup_fd )
+static int restore_output(FILE *out_stream, int dup_fd)
{
- int out_fd = fileno( out_stream );
+ int out_fd = fileno(out_stream);
- fflush( out_stream );
- if( dup2( dup_fd, out_fd ) == -1 )
- {
- close( out_fd );
- close( dup_fd );
- return( -1 );
+ fflush(out_stream);
+ if (dup2(dup_fd, out_fd) == -1) {
+ close(out_fd);
+ close(dup_fd);
+ return -1;
}
- close( dup_fd );
- return( 0 );
+ close(dup_fd);
+ return 0;
}
#endif /* __unix__ || __APPLE__ __MACH__ */
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index bb06822..475a9c8 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -8,20 +8,19 @@
*
* \return 0 if success else 1
*/
-int verify_string( char **str )
+int verify_string(char **str)
{
- if( ( *str )[0] != '"' ||
- ( *str )[strlen( *str ) - 1] != '"' )
- {
- mbedtls_fprintf( stderr,
- "Expected string (with \"\") for parameter and got: %s\n", *str );
- return( -1 );
+ if ((*str)[0] != '"' ||
+ (*str)[strlen(*str) - 1] != '"') {
+ mbedtls_fprintf(stderr,
+ "Expected string (with \"\") for parameter and got: %s\n", *str);
+ return -1;
}
- ( *str )++;
- ( *str )[strlen( *str ) - 1] = '\0';
+ (*str)++;
+ (*str)[strlen(*str) - 1] = '\0';
- return( 0 );
+ return 0;
}
/**
@@ -33,50 +32,46 @@
*
* \return 0 if success else 1
*/
-int verify_int( char *str, int32_t *value )
+int verify_int(char *str, int32_t *value)
{
size_t i;
int minus = 0;
int digits = 1;
int hex = 0;
- for( i = 0; i < strlen( str ); i++ )
- {
- if( i == 0 && str[i] == '-' )
- {
+ for (i = 0; i < strlen(str); i++) {
+ if (i == 0 && str[i] == '-') {
minus = 1;
continue;
}
- if( ( ( minus && i == 2 ) || ( !minus && i == 1 ) ) &&
- str[i - 1] == '0' && ( str[i] == 'x' || str[i] == 'X' ) )
- {
+ if (((minus && i == 2) || (!minus && i == 1)) &&
+ str[i - 1] == '0' && (str[i] == 'x' || str[i] == 'X')) {
hex = 1;
continue;
}
- if( ! ( ( str[i] >= '0' && str[i] <= '9' ) ||
- ( hex && ( ( str[i] >= 'a' && str[i] <= 'f' ) ||
- ( str[i] >= 'A' && str[i] <= 'F' ) ) ) ) )
- {
+ if (!((str[i] >= '0' && str[i] <= '9') ||
+ (hex && ((str[i] >= 'a' && str[i] <= 'f') ||
+ (str[i] >= 'A' && str[i] <= 'F'))))) {
digits = 0;
break;
}
}
- if( digits )
- {
- if( hex )
- *value = strtol( str, NULL, 16 );
- else
- *value = strtol( str, NULL, 10 );
+ if (digits) {
+ if (hex) {
+ *value = strtol(str, NULL, 16);
+ } else {
+ *value = strtol(str, NULL, 10);
+ }
- return( 0 );
+ return 0;
}
- mbedtls_fprintf( stderr,
- "Expected integer for parameter and got: %s\n", str );
- return( KEY_VALUE_MAPPING_NOT_FOUND );
+ mbedtls_fprintf(stderr,
+ "Expected integer for parameter and got: %s\n", str);
+ return KEY_VALUE_MAPPING_NOT_FOUND;
}
@@ -107,44 +102,45 @@
*
* \return 0 if success else -1
*/
-int get_line( FILE *f, char *buf, size_t len )
+int get_line(FILE *f, char *buf, size_t len)
{
char *ret;
int i = 0, str_len = 0, has_string = 0;
/* Read until we get a valid line */
- do
- {
- ret = fgets( buf, len, f );
- if( ret == NULL )
- return( -1 );
+ do {
+ ret = fgets(buf, len, f);
+ if (ret == NULL) {
+ return -1;
+ }
- str_len = strlen( buf );
+ str_len = strlen(buf);
/* Skip empty line and comment */
- if ( str_len == 0 || buf[0] == '#' )
+ if (str_len == 0 || buf[0] == '#') {
continue;
+ }
has_string = 0;
- for ( i = 0; i < str_len; i++ )
- {
+ for (i = 0; i < str_len; i++) {
char c = buf[i];
- if ( c != ' ' && c != '\t' && c != '\n' &&
- c != '\v' && c != '\f' && c != '\r' )
- {
+ if (c != ' ' && c != '\t' && c != '\n' &&
+ c != '\v' && c != '\f' && c != '\r') {
has_string = 1;
break;
}
}
- } while( !has_string );
+ } while (!has_string);
/* Strip new line and carriage return */
- ret = buf + strlen( buf );
- if( ret-- > buf && *ret == '\n' )
+ ret = buf + strlen(buf);
+ if (ret-- > buf && *ret == '\n') {
*ret = '\0';
- if( ret-- > buf && *ret == '\r' )
+ }
+ if (ret-- > buf && *ret == '\r') {
*ret = '\0';
+ }
- return( 0 );
+ return 0;
}
/**
@@ -157,8 +153,8 @@
*
* \return Count of strings found.
*/
-static int parse_arguments( char *buf, size_t len, char **params,
- size_t params_len )
+static int parse_arguments(char *buf, size_t len, char **params,
+ size_t params_len)
{
size_t cnt = 0, i;
char *cur = buf;
@@ -166,20 +162,16 @@
params[cnt++] = cur;
- while( *p != '\0' && p < ( buf + len ) )
- {
- if( *p == '\\' )
- {
+ while (*p != '\0' && p < (buf + len)) {
+ if (*p == '\\') {
p++;
p++;
continue;
}
- if( *p == ':' )
- {
- if( p + 1 < buf + len )
- {
+ if (*p == ':') {
+ if (p + 1 < buf + len) {
cur = p + 1;
- TEST_HELPER_ASSERT( cnt < params_len );
+ TEST_HELPER_ASSERT(cnt < params_len);
params[cnt++] = cur;
}
*p = '\0';
@@ -189,35 +181,28 @@
}
/* Replace newlines, question marks and colons in strings */
- for( i = 0; i < cnt; i++ )
- {
+ for (i = 0; i < cnt; i++) {
p = params[i];
q = params[i];
- while( *p != '\0' )
- {
- if( *p == '\\' && *( p + 1 ) == 'n' )
- {
+ while (*p != '\0') {
+ if (*p == '\\' && *(p + 1) == 'n') {
p += 2;
- *( q++ ) = '\n';
- }
- else if( *p == '\\' && *( p + 1 ) == ':' )
- {
+ *(q++) = '\n';
+ } else if (*p == '\\' && *(p + 1) == ':') {
p += 2;
- *( q++ ) = ':';
- }
- else if( *p == '\\' && *( p + 1 ) == '?' )
- {
+ *(q++) = ':';
+ } else if (*p == '\\' && *(p + 1) == '?') {
p += 2;
- *( q++ ) = '?';
+ *(q++) = '?';
+ } else {
+ *(q++) = *(p++);
}
- else
- *( q++ ) = *( p++ );
}
*q = '\0';
}
- return( cnt );
+ return cnt;
}
/**
@@ -238,81 +223,59 @@
*
* \return 0 for success else 1
*/
-static int convert_params( size_t cnt , char ** params , int32_t * int_params_store )
+static int convert_params(size_t cnt, char **params, int32_t *int_params_store)
{
- char ** cur = params;
- char ** out = params;
+ char **cur = params;
+ char **out = params;
int ret = DISPATCH_TEST_SUCCESS;
- while ( cur < params + cnt )
- {
- char * type = *cur++;
- char * val = *cur++;
+ while (cur < params + cnt) {
+ char *type = *cur++;
+ char *val = *cur++;
- if ( strcmp( type, "char*" ) == 0 )
- {
- if ( verify_string( &val ) == 0 )
- {
- *out++ = val;
- }
- else
- {
- ret = ( DISPATCH_INVALID_TEST_DATA );
+ if (strcmp(type, "char*") == 0) {
+ if (verify_string(&val) == 0) {
+ *out++ = val;
+ } else {
+ ret = (DISPATCH_INVALID_TEST_DATA);
break;
}
- }
- else if ( strcmp( type, "int" ) == 0 )
- {
- if ( verify_int( val, int_params_store ) == 0 )
- {
- *out++ = (char *) int_params_store++;
- }
- else
- {
- ret = ( DISPATCH_INVALID_TEST_DATA );
+ } else if (strcmp(type, "int") == 0) {
+ if (verify_int(val, int_params_store) == 0) {
+ *out++ = (char *) int_params_store++;
+ } else {
+ ret = (DISPATCH_INVALID_TEST_DATA);
break;
}
- }
- else if ( strcmp( type, "hex" ) == 0 )
- {
- if ( verify_string( &val ) == 0 )
- {
+ } else if (strcmp(type, "hex") == 0) {
+ if (verify_string(&val) == 0) {
size_t len;
TEST_HELPER_ASSERT(
- mbedtls_test_unhexify( (unsigned char *) val, strlen( val ),
- val, &len ) == 0 );
+ mbedtls_test_unhexify((unsigned char *) val, strlen(val),
+ val, &len) == 0);
*int_params_store = len;
*out++ = val;
- *out++ = (char *)(int_params_store++);
- }
- else
- {
- ret = ( DISPATCH_INVALID_TEST_DATA );
+ *out++ = (char *) (int_params_store++);
+ } else {
+ ret = (DISPATCH_INVALID_TEST_DATA);
break;
}
- }
- else if ( strcmp( type, "exp" ) == 0 )
- {
- int exp_id = strtol( val, NULL, 10 );
- if ( get_expression ( exp_id, int_params_store ) == 0 )
- {
- *out++ = (char *)int_params_store++;
+ } else if (strcmp(type, "exp") == 0) {
+ int exp_id = strtol(val, NULL, 10);
+ if (get_expression(exp_id, int_params_store) == 0) {
+ *out++ = (char *) int_params_store++;
+ } else {
+ ret = (DISPATCH_INVALID_TEST_DATA);
+ break;
}
- else
- {
- ret = ( DISPATCH_INVALID_TEST_DATA );
- break;
- }
- }
- else
- {
- ret = ( DISPATCH_INVALID_TEST_DATA );
- break;
+ } else {
+ ret = (DISPATCH_INVALID_TEST_DATA);
+ break;
}
}
- return( ret );
+ return ret;
}
/**
@@ -335,26 +298,27 @@
#if defined(__GNUC__)
__attribute__((__noinline__))
#endif
-static int test_snprintf( size_t n, const char *ref_buf, int ref_ret )
+static int test_snprintf(size_t n, const char *ref_buf, int ref_ret)
{
int ret;
char buf[10] = "xxxxxxxxx";
const char ref[10] = "xxxxxxxxx";
- if( n >= sizeof( buf ) )
- return( -1 );
- ret = mbedtls_snprintf( buf, n, "%s", "123" );
- if( ret < 0 || (size_t) ret >= n )
+ if (n >= sizeof(buf)) {
+ return -1;
+ }
+ ret = mbedtls_snprintf(buf, n, "%s", "123");
+ if (ret < 0 || (size_t) ret >= n) {
ret = -1;
-
- if( strncmp( ref_buf, buf, sizeof( buf ) ) != 0 ||
- ref_ret != ret ||
- memcmp( buf + n, ref + n, sizeof( buf ) - n ) != 0 )
- {
- return( 1 );
}
- return( 0 );
+ if (strncmp(ref_buf, buf, sizeof(buf)) != 0 ||
+ ref_ret != ret ||
+ memcmp(buf + n, ref + n, sizeof(buf) - n) != 0) {
+ return 1;
+ }
+
+ return 0;
}
/**
@@ -362,14 +326,14 @@
*
* \return 0 for success else 1
*/
-static int run_test_snprintf( void )
+static int run_test_snprintf(void)
{
- return( test_snprintf( 0, "xxxxxxxxx", -1 ) != 0 ||
- test_snprintf( 1, "", -1 ) != 0 ||
- test_snprintf( 2, "1", -1 ) != 0 ||
- test_snprintf( 3, "12", -1 ) != 0 ||
- test_snprintf( 4, "123", 3 ) != 0 ||
- test_snprintf( 5, "123", 3 ) != 0 );
+ return test_snprintf(0, "xxxxxxxxx", -1) != 0 ||
+ test_snprintf(1, "", -1) != 0 ||
+ test_snprintf(2, "1", -1) != 0 ||
+ test_snprintf(3, "12", -1) != 0 ||
+ test_snprintf(4, "123", 3) != 0 ||
+ test_snprintf(5, "123", 3) != 0;
}
/** \brief Write the description of the test case to the outcome CSV file.
@@ -379,43 +343,44 @@
* \param argv0 The test suite name.
* \param test_case The test case description.
*/
-static void write_outcome_entry( FILE *outcome_file,
- const char *argv0,
- const char *test_case )
+static void write_outcome_entry(FILE *outcome_file,
+ const char *argv0,
+ const char *test_case)
{
/* The non-varying fields are initialized on first use. */
static const char *platform = NULL;
static const char *configuration = NULL;
static const char *test_suite = NULL;
- if( outcome_file == NULL )
+ if (outcome_file == NULL) {
return;
+ }
- if( platform == NULL )
- {
- platform = getenv( "MBEDTLS_TEST_PLATFORM" );
- if( platform == NULL )
+ if (platform == NULL) {
+ platform = getenv("MBEDTLS_TEST_PLATFORM");
+ if (platform == NULL) {
platform = "unknown";
+ }
}
- if( configuration == NULL )
- {
- configuration = getenv( "MBEDTLS_TEST_CONFIGURATION" );
- if( configuration == NULL )
+ if (configuration == NULL) {
+ configuration = getenv("MBEDTLS_TEST_CONFIGURATION");
+ if (configuration == NULL) {
configuration = "unknown";
+ }
}
- if( test_suite == NULL )
- {
- test_suite = strrchr( argv0, '/' );
- if( test_suite != NULL )
+ if (test_suite == NULL) {
+ test_suite = strrchr(argv0, '/');
+ if (test_suite != NULL) {
test_suite += 1; // skip the '/'
- else
+ } else {
test_suite = argv0;
+ }
}
/* Write the beginning of the outcome line.
* Ignore errors: writing the outcome file is on a best-effort basis. */
- mbedtls_fprintf( outcome_file, "%s;%s;%s;%s;",
- platform, configuration, test_suite, test_case );
+ mbedtls_fprintf(outcome_file, "%s;%s;%s;%s;",
+ platform, configuration, test_suite, test_case);
}
/** \brief Write the result of the test case to the outcome CSV file.
@@ -429,65 +394,63 @@
* \param ret The test dispatch status (DISPATCH_xxx).
* \param info A pointer to the test info structure.
*/
-static void write_outcome_result( FILE *outcome_file,
- size_t unmet_dep_count,
- int unmet_dependencies[],
- int missing_unmet_dependencies,
- int ret,
- const mbedtls_test_info_t *info )
+static void write_outcome_result(FILE *outcome_file,
+ size_t unmet_dep_count,
+ int unmet_dependencies[],
+ int missing_unmet_dependencies,
+ int ret,
+ const mbedtls_test_info_t *info)
{
- if( outcome_file == NULL )
+ if (outcome_file == NULL) {
return;
+ }
/* Write the end of the outcome line.
* Ignore errors: writing the outcome file is on a best-effort basis. */
- switch( ret )
- {
+ switch (ret) {
case DISPATCH_TEST_SUCCESS:
- if( unmet_dep_count > 0 )
- {
+ if (unmet_dep_count > 0) {
size_t i;
- mbedtls_fprintf( outcome_file, "SKIP" );
- for( i = 0; i < unmet_dep_count; i++ )
- {
- mbedtls_fprintf( outcome_file, "%c%d",
- i == 0 ? ';' : ':',
- unmet_dependencies[i] );
+ mbedtls_fprintf(outcome_file, "SKIP");
+ for (i = 0; i < unmet_dep_count; i++) {
+ mbedtls_fprintf(outcome_file, "%c%d",
+ i == 0 ? ';' : ':',
+ unmet_dependencies[i]);
}
- if( missing_unmet_dependencies )
- mbedtls_fprintf( outcome_file, ":..." );
+ if (missing_unmet_dependencies) {
+ mbedtls_fprintf(outcome_file, ":...");
+ }
break;
}
- switch( info->result )
- {
+ switch (info->result) {
case MBEDTLS_TEST_RESULT_SUCCESS:
- mbedtls_fprintf( outcome_file, "PASS;" );
+ mbedtls_fprintf(outcome_file, "PASS;");
break;
case MBEDTLS_TEST_RESULT_SKIPPED:
- mbedtls_fprintf( outcome_file, "SKIP;Runtime skip" );
+ mbedtls_fprintf(outcome_file, "SKIP;Runtime skip");
break;
default:
- mbedtls_fprintf( outcome_file, "FAIL;%s:%d:%s",
- info->filename, info->line_no,
- info->test );
+ mbedtls_fprintf(outcome_file, "FAIL;%s:%d:%s",
+ info->filename, info->line_no,
+ info->test);
break;
}
break;
case DISPATCH_TEST_FN_NOT_FOUND:
- mbedtls_fprintf( outcome_file, "FAIL;Test function not found" );
+ mbedtls_fprintf(outcome_file, "FAIL;Test function not found");
break;
case DISPATCH_INVALID_TEST_DATA:
- mbedtls_fprintf( outcome_file, "FAIL;Invalid test data" );
+ mbedtls_fprintf(outcome_file, "FAIL;Invalid test data");
break;
case DISPATCH_UNSUPPORTED_SUITE:
- mbedtls_fprintf( outcome_file, "SKIP;Unsupported suite" );
+ mbedtls_fprintf(outcome_file, "SKIP;Unsupported suite");
break;
default:
- mbedtls_fprintf( outcome_file, "FAIL;Unknown cause" );
+ mbedtls_fprintf(outcome_file, "FAIL;Unknown cause");
break;
}
- mbedtls_fprintf( outcome_file, "\n" );
- fflush( outcome_file );
+ mbedtls_fprintf(outcome_file, "\n");
+ fflush(outcome_file);
}
/**
@@ -500,7 +463,7 @@
*
* \return Program exit status.
*/
-int execute_tests( int argc , const char ** argv )
+int execute_tests(int argc, const char **argv)
{
/* Local Configurations and options */
const char *default_filename = "DATA_FILE";
@@ -525,17 +488,17 @@
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
int stdout_fd = -1;
#endif /* __unix__ || __APPLE__ __MACH__ */
- const char *outcome_file_name = getenv( "MBEDTLS_TEST_OUTCOME_FILE" );
+ const char *outcome_file_name = getenv("MBEDTLS_TEST_OUTCOME_FILE");
FILE *outcome_file = NULL;
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
!defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
unsigned char alloc_buf[1000000];
- mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof( alloc_buf ) );
+ mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
#endif
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
- mbedtls_test_mutex_usage_init( );
+ mbedtls_test_mutex_usage_init();
#endif
/*
@@ -543,52 +506,42 @@
* of a NULL pointer. We do however use that in our code for initializing
* structures, which should work on every modern platform. Let's be sure.
*/
- memset( &pointer, 0, sizeof( void * ) );
- if( pointer != NULL )
- {
- mbedtls_fprintf( stderr, "all-bits-zero is not a NULL pointer\n" );
- return( 1 );
+ memset(&pointer, 0, sizeof(void *));
+ if (pointer != NULL) {
+ mbedtls_fprintf(stderr, "all-bits-zero is not a NULL pointer\n");
+ return 1;
}
/*
* Make sure we have a snprintf that correctly zero-terminates
*/
- if( run_test_snprintf() != 0 )
- {
- mbedtls_fprintf( stderr, "the snprintf implementation is broken\n" );
- return( 1 );
+ if (run_test_snprintf() != 0) {
+ mbedtls_fprintf(stderr, "the snprintf implementation is broken\n");
+ return 1;
}
- if( outcome_file_name != NULL && *outcome_file_name != '\0' )
- {
- outcome_file = fopen( outcome_file_name, "a" );
- if( outcome_file == NULL )
- {
- mbedtls_fprintf( stderr, "Unable to open outcome file. Continuing anyway.\n" );
+ if (outcome_file_name != NULL && *outcome_file_name != '\0') {
+ outcome_file = fopen(outcome_file_name, "a");
+ if (outcome_file == NULL) {
+ mbedtls_fprintf(stderr, "Unable to open outcome file. Continuing anyway.\n");
}
}
- while( arg_index < argc )
- {
+ while (arg_index < argc) {
next_arg = argv[arg_index];
- if( strcmp( next_arg, "--verbose" ) == 0 ||
- strcmp( next_arg, "-v" ) == 0 )
- {
+ if (strcmp(next_arg, "--verbose") == 0 ||
+ strcmp(next_arg, "-v") == 0) {
option_verbose = 1;
- }
- else if( strcmp(next_arg, "--help" ) == 0 ||
- strcmp(next_arg, "-h" ) == 0 )
- {
- mbedtls_fprintf( stdout, USAGE );
- mbedtls_exit( EXIT_SUCCESS );
- }
- else
- {
+ } else if (strcmp(next_arg, "--help") == 0 ||
+ strcmp(next_arg, "-h") == 0) {
+ mbedtls_fprintf(stdout, USAGE);
+ mbedtls_exit(EXIT_SUCCESS);
+ } else {
/* Not an option, therefore treat all further arguments as the file
* list.
*/
- test_files = &argv[ arg_index ];
+ test_files = &argv[arg_index];
testfile_count = argc - arg_index;
break;
}
@@ -597,226 +550,204 @@
}
/* If no files were specified, assume a default */
- if ( test_files == NULL || testfile_count == 0 )
- {
+ if (test_files == NULL || testfile_count == 0) {
test_files = &default_filename;
testfile_count = 1;
}
/* Initialize the struct that holds information about the last test */
- mbedtls_test_info_reset( );
+ mbedtls_test_info_reset();
/* Now begin to execute the tests in the testfiles */
- for ( testfile_index = 0;
- testfile_index < testfile_count;
- testfile_index++ )
- {
+ for (testfile_index = 0;
+ testfile_index < testfile_count;
+ testfile_index++) {
size_t unmet_dep_count = 0;
int unmet_dependencies[20];
int missing_unmet_dependencies = 0;
- test_filename = test_files[ testfile_index ];
+ test_filename = test_files[testfile_index];
- file = fopen( test_filename, "r" );
- if( file == NULL )
- {
- mbedtls_fprintf( stderr, "Failed to open test file: %s\n",
- test_filename );
- if( outcome_file != NULL )
- fclose( outcome_file );
- return( 1 );
+ file = fopen(test_filename, "r");
+ if (file == NULL) {
+ mbedtls_fprintf(stderr, "Failed to open test file: %s\n",
+ test_filename);
+ if (outcome_file != NULL) {
+ fclose(outcome_file);
+ }
+ return 1;
}
- while( !feof( file ) )
- {
- if( unmet_dep_count > 0 )
- {
- mbedtls_fprintf( stderr,
- "FATAL: Dep count larger than zero at start of loop\n" );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+ while (!feof(file)) {
+ if (unmet_dep_count > 0) {
+ mbedtls_fprintf(stderr,
+ "FATAL: Dep count larger than zero at start of loop\n");
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
}
unmet_dep_count = 0;
missing_unmet_dependencies = 0;
- if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
+ if ((ret = get_line(file, buf, sizeof(buf))) != 0) {
break;
- mbedtls_fprintf( stdout, "%s%.66s",
- mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ?
- "\n" : "", buf );
- mbedtls_fprintf( stdout, " " );
- for( i = strlen( buf ) + 1; i < 67; i++ )
- mbedtls_fprintf( stdout, "." );
- mbedtls_fprintf( stdout, " " );
- fflush( stdout );
- write_outcome_entry( outcome_file, argv[0], buf );
+ }
+ mbedtls_fprintf(stdout, "%s%.66s",
+ mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ?
+ "\n" : "", buf);
+ mbedtls_fprintf(stdout, " ");
+ for (i = strlen(buf) + 1; i < 67; i++) {
+ mbedtls_fprintf(stdout, ".");
+ }
+ mbedtls_fprintf(stdout, " ");
+ fflush(stdout);
+ write_outcome_entry(outcome_file, argv[0], buf);
total_tests++;
- if( ( ret = get_line( file, buf, sizeof( buf ) ) ) != 0 )
+ if ((ret = get_line(file, buf, sizeof(buf))) != 0) {
break;
- cnt = parse_arguments( buf, strlen( buf ), params,
- sizeof( params ) / sizeof( params[0] ) );
+ }
+ cnt = parse_arguments(buf, strlen(buf), params,
+ sizeof(params) / sizeof(params[0]));
- if( strcmp( params[0], "depends_on" ) == 0 )
- {
- for( i = 1; i < cnt; i++ )
- {
- int dep_id = strtol( params[i], NULL, 10 );
- if( dep_check( dep_id ) != DEPENDENCY_SUPPORTED )
- {
- if( unmet_dep_count <
- ARRAY_LENGTH( unmet_dependencies ) )
- {
+ if (strcmp(params[0], "depends_on") == 0) {
+ for (i = 1; i < cnt; i++) {
+ int dep_id = strtol(params[i], NULL, 10);
+ if (dep_check(dep_id) != DEPENDENCY_SUPPORTED) {
+ if (unmet_dep_count <
+ ARRAY_LENGTH(unmet_dependencies)) {
unmet_dependencies[unmet_dep_count] = dep_id;
unmet_dep_count++;
- }
- else
- {
+ } else {
missing_unmet_dependencies = 1;
}
}
}
- if( ( ret = get_line( file, buf, sizeof( buf ) ) ) != 0 )
+ if ((ret = get_line(file, buf, sizeof(buf))) != 0) {
break;
- cnt = parse_arguments( buf, strlen( buf ), params,
- sizeof( params ) / sizeof( params[0] ) );
+ }
+ cnt = parse_arguments(buf, strlen(buf), params,
+ sizeof(params) / sizeof(params[0]));
}
// If there are no unmet dependencies execute the test
- if( unmet_dep_count == 0 )
- {
- mbedtls_test_info_reset( );
+ if (unmet_dep_count == 0) {
+ mbedtls_test_info_reset();
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
/* Suppress all output from the library unless we're verbose
* mode
*/
- if( !option_verbose )
- {
- stdout_fd = redirect_output( stdout, "/dev/null" );
- if( stdout_fd == -1 )
- {
+ if (!option_verbose) {
+ stdout_fd = redirect_output(stdout, "/dev/null");
+ if (stdout_fd == -1) {
/* Redirection has failed with no stdout so exit */
- exit( 1 );
+ exit(1);
}
}
#endif /* __unix__ || __APPLE__ __MACH__ */
- function_id = strtoul( params[0], NULL, 10 );
- if ( (ret = check_test( function_id )) == DISPATCH_TEST_SUCCESS )
- {
- ret = convert_params( cnt - 1, params + 1, int_params );
- if ( DISPATCH_TEST_SUCCESS == ret )
- {
- ret = dispatch_test( function_id, (void **)( params + 1 ) );
+ function_id = strtoul(params[0], NULL, 10);
+ if ((ret = check_test(function_id)) == DISPATCH_TEST_SUCCESS) {
+ ret = convert_params(cnt - 1, params + 1, int_params);
+ if (DISPATCH_TEST_SUCCESS == ret) {
+ ret = dispatch_test(function_id, (void **) (params + 1));
}
}
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
- if( !option_verbose && restore_output( stdout, stdout_fd ) )
- {
- /* Redirection has failed with no stdout so exit */
- exit( 1 );
+ if (!option_verbose && restore_output(stdout, stdout_fd)) {
+ /* Redirection has failed with no stdout so exit */
+ exit(1);
}
#endif /* __unix__ || __APPLE__ __MACH__ */
}
- write_outcome_result( outcome_file,
- unmet_dep_count, unmet_dependencies,
- missing_unmet_dependencies,
- ret, &mbedtls_test_info );
- if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE )
- {
+ write_outcome_result(outcome_file,
+ unmet_dep_count, unmet_dependencies,
+ missing_unmet_dependencies,
+ ret, &mbedtls_test_info);
+ if (unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE) {
total_skipped++;
- mbedtls_fprintf( stdout, "----" );
+ mbedtls_fprintf(stdout, "----");
- if( 1 == option_verbose && ret == DISPATCH_UNSUPPORTED_SUITE )
- {
- mbedtls_fprintf( stdout, "\n Test Suite not enabled" );
+ if (1 == option_verbose && ret == DISPATCH_UNSUPPORTED_SUITE) {
+ mbedtls_fprintf(stdout, "\n Test Suite not enabled");
}
- if( 1 == option_verbose && unmet_dep_count > 0 )
- {
- mbedtls_fprintf( stdout, "\n Unmet dependencies: " );
- for( i = 0; i < unmet_dep_count; i++ )
- {
- mbedtls_fprintf( stdout, "%d ",
- unmet_dependencies[i] );
+ if (1 == option_verbose && unmet_dep_count > 0) {
+ mbedtls_fprintf(stdout, "\n Unmet dependencies: ");
+ for (i = 0; i < unmet_dep_count; i++) {
+ mbedtls_fprintf(stdout, "%d ",
+ unmet_dependencies[i]);
}
- if( missing_unmet_dependencies )
- mbedtls_fprintf( stdout, "..." );
+ if (missing_unmet_dependencies) {
+ mbedtls_fprintf(stdout, "...");
+ }
}
- mbedtls_fprintf( stdout, "\n" );
- fflush( stdout );
+ mbedtls_fprintf(stdout, "\n");
+ fflush(stdout);
unmet_dep_count = 0;
missing_unmet_dependencies = 0;
- }
- else if( ret == DISPATCH_TEST_SUCCESS )
- {
- if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SUCCESS )
- {
- mbedtls_fprintf( stdout, "PASS\n" );
- }
- else if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SKIPPED )
- {
- mbedtls_fprintf( stdout, "----\n" );
+ } else if (ret == DISPATCH_TEST_SUCCESS) {
+ if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SUCCESS) {
+ mbedtls_fprintf(stdout, "PASS\n");
+ } else if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SKIPPED) {
+ mbedtls_fprintf(stdout, "----\n");
total_skipped++;
- }
- else
- {
+ } else {
total_errors++;
- mbedtls_fprintf( stdout, "FAILED\n" );
- mbedtls_fprintf( stdout, " %s\n at ",
- mbedtls_test_info.test );
- if( mbedtls_test_info.step != (unsigned long)( -1 ) )
- {
- mbedtls_fprintf( stdout, "step %lu, ",
- mbedtls_test_info.step );
+ mbedtls_fprintf(stdout, "FAILED\n");
+ mbedtls_fprintf(stdout, " %s\n at ",
+ mbedtls_test_info.test);
+ if (mbedtls_test_info.step != (unsigned long) (-1)) {
+ mbedtls_fprintf(stdout, "step %lu, ",
+ mbedtls_test_info.step);
}
- mbedtls_fprintf( stdout, "line %d, %s",
- mbedtls_test_info.line_no,
- mbedtls_test_info.filename );
- if( mbedtls_test_info.line1[0] != 0 )
- mbedtls_fprintf( stdout, "\n %s",
- mbedtls_test_info.line1 );
- if( mbedtls_test_info.line2[0] != 0 )
- mbedtls_fprintf( stdout, "\n %s",
- mbedtls_test_info.line2 );
+ mbedtls_fprintf(stdout, "line %d, %s",
+ mbedtls_test_info.line_no,
+ mbedtls_test_info.filename);
+ if (mbedtls_test_info.line1[0] != 0) {
+ mbedtls_fprintf(stdout, "\n %s",
+ mbedtls_test_info.line1);
+ }
+ if (mbedtls_test_info.line2[0] != 0) {
+ mbedtls_fprintf(stdout, "\n %s",
+ mbedtls_test_info.line2);
+ }
}
- fflush( stdout );
- }
- else if( ret == DISPATCH_INVALID_TEST_DATA )
- {
- mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" );
- fclose( file );
- mbedtls_exit( 2 );
- }
- else if( ret == DISPATCH_TEST_FN_NOT_FOUND )
- {
- mbedtls_fprintf( stderr, "FAILED: FATAL TEST FUNCTION NOT FOUND\n" );
- fclose( file );
- mbedtls_exit( 2 );
- }
- else
+ fflush(stdout);
+ } else if (ret == DISPATCH_INVALID_TEST_DATA) {
+ mbedtls_fprintf(stderr, "FAILED: FATAL PARSE ERROR\n");
+ fclose(file);
+ mbedtls_exit(2);
+ } else if (ret == DISPATCH_TEST_FN_NOT_FOUND) {
+ mbedtls_fprintf(stderr, "FAILED: FATAL TEST FUNCTION NOT FOUND\n");
+ fclose(file);
+ mbedtls_exit(2);
+ } else {
total_errors++;
+ }
}
- fclose( file );
+ fclose(file);
}
- if( outcome_file != NULL )
- fclose( outcome_file );
+ if (outcome_file != NULL) {
+ fclose(outcome_file);
+ }
- mbedtls_fprintf( stdout, "\n----------------------------------------------------------------------------\n\n");
- if( total_errors == 0 )
- mbedtls_fprintf( stdout, "PASSED" );
- else
- mbedtls_fprintf( stdout, "FAILED" );
+ mbedtls_fprintf(stdout,
+ "\n----------------------------------------------------------------------------\n\n");
+ if (total_errors == 0) {
+ mbedtls_fprintf(stdout, "PASSED");
+ } else {
+ mbedtls_fprintf(stdout, "FAILED");
+ }
- mbedtls_fprintf( stdout, " (%u / %u tests (%u skipped))\n",
- total_tests - total_errors, total_tests, total_skipped );
+ mbedtls_fprintf(stdout, " (%u / %u tests (%u skipped))\n",
+ total_tests - total_errors, total_tests, total_skipped);
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
!defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
@@ -826,5 +757,5 @@
mbedtls_memory_buffer_alloc_free();
#endif
- return( total_errors != 0 );
+ return total_errors != 0;
}
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 65c7083..1e5c666 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -81,24 +81,23 @@
*
* \return 0 if exp_id is found. 1 otherwise.
*/
-int get_expression( int32_t exp_id, int32_t * out_value )
+int get_expression(int32_t exp_id, int32_t *out_value)
{
int ret = KEY_VALUE_MAPPING_FOUND;
(void) exp_id;
(void) out_value;
- switch( exp_id )
- {
-__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE
+ switch (exp_id) {
+ __MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
default:
- {
- ret = KEY_VALUE_MAPPING_NOT_FOUND;
- }
- break;
+ {
+ ret = KEY_VALUE_MAPPING_NOT_FOUND;
+ }
+ break;
}
- return( ret );
+ return ret;
}
@@ -113,20 +112,19 @@
*
* \return DEPENDENCY_SUPPORTED if set else DEPENDENCY_NOT_SUPPORTED
*/
-int dep_check( int dep_id )
+int dep_check(int dep_id)
{
int ret = DEPENDENCY_NOT_SUPPORTED;
(void) dep_id;
- switch( dep_id )
- {
-__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE
+ switch (dep_id) {
+ __MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
default:
break;
}
- return( ret );
+ return ret;
}
@@ -143,7 +141,7 @@
* dereferences. Each wrapper function hard-codes the
* number and types of the parameters.
*/
-typedef void (*TestWrapper_t)( void **param_array );
+typedef void (*TestWrapper_t)(void **param_array);
/**
@@ -154,7 +152,7 @@
*/
TestWrapper_t test_funcs[] =
{
-__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE
+ __MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
};
@@ -173,32 +171,29 @@
void execute_function_ptr(TestWrapper_t fp, void **params)
{
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
- mbedtls_test_enable_insecure_external_rng( );
+ mbedtls_test_enable_insecure_external_rng();
#endif
#if defined(MBEDTLS_CHECK_PARAMS)
mbedtls_test_param_failed_location_record_t location_record;
- if ( setjmp( mbedtls_test_param_failed_get_state_buf( ) ) == 0 )
- {
- fp( params );
- }
- else
- {
+ if (setjmp(mbedtls_test_param_failed_get_state_buf()) == 0) {
+ fp(params);
+ } else {
/* Unexpected parameter validation error */
- mbedtls_test_param_failed_get_location_record( &location_record );
- mbedtls_test_fail( location_record.failure_condition,
- location_record.line,
- location_record.file );
+ mbedtls_test_param_failed_get_location_record(&location_record);
+ mbedtls_test_fail(location_record.failure_condition,
+ location_record.line,
+ location_record.file);
}
- mbedtls_test_param_failed_reset_state( );
+ mbedtls_test_param_failed_reset_state();
#else
- fp( params );
+ fp(params);
#endif
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
- mbedtls_test_mutex_usage_check( );
+ mbedtls_test_mutex_usage_check();
#endif /* MBEDTLS_TEST_MUTEX_USAGE */
}
@@ -213,25 +208,23 @@
* DISPATCH_TEST_FN_NOT_FOUND if not found
* DISPATCH_UNSUPPORTED_SUITE if not compile time enabled.
*/
-int dispatch_test( size_t func_idx, void ** params )
+int dispatch_test(size_t func_idx, void **params)
{
int ret = DISPATCH_TEST_SUCCESS;
TestWrapper_t fp = NULL;
- if ( func_idx < (int)( sizeof( test_funcs ) / sizeof( TestWrapper_t ) ) )
- {
+ if (func_idx < (int) (sizeof(test_funcs) / sizeof(TestWrapper_t))) {
fp = test_funcs[func_idx];
- if ( fp )
+ if (fp) {
execute_function_ptr(fp, params);
- else
+ } else {
ret = DISPATCH_UNSUPPORTED_SUITE;
- }
- else
- {
+ }
+ } else {
ret = DISPATCH_TEST_FN_NOT_FOUND;
}
- return( ret );
+ return ret;
}
@@ -245,23 +238,21 @@
* DISPATCH_TEST_FN_NOT_FOUND if not found
* DISPATCH_UNSUPPORTED_SUITE if not compile time enabled.
*/
-int check_test( size_t func_idx )
+int check_test(size_t func_idx)
{
int ret = DISPATCH_TEST_SUCCESS;
TestWrapper_t fp = NULL;
- if ( func_idx < (int)( sizeof(test_funcs)/sizeof( TestWrapper_t ) ) )
- {
+ if (func_idx < (int) (sizeof(test_funcs)/sizeof(TestWrapper_t))) {
fp = test_funcs[func_idx];
- if ( fp == NULL )
+ if (fp == NULL) {
ret = DISPATCH_UNSUPPORTED_SUITE;
- }
- else
- {
+ }
+ } else {
ret = DISPATCH_TEST_FN_NOT_FOUND;
}
- return( ret );
+ return ret;
}
@@ -281,22 +272,21 @@
*
* \return Exit code.
*/
-int main( int argc, const char *argv[] )
+int main(int argc, const char *argv[])
{
-#if defined(MBEDTLS_TEST_HOOKS) && defined (MBEDTLS_ERROR_C)
+#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_ERROR_C)
mbedtls_test_hook_error_add = &mbedtls_test_err_add_check;
#endif
int ret = mbedtls_test_platform_setup();
- if( ret != 0 )
- {
- mbedtls_fprintf( stderr,
- "FATAL: Failed to initialize platform - error %d\n",
- ret );
- return( -1 );
+ if (ret != 0) {
+ mbedtls_fprintf(stderr,
+ "FATAL: Failed to initialize platform - error %d\n",
+ ret);
+ return -1;
}
- ret = execute_tests( argc, argv );
+ ret = execute_tests(argc, argv);
mbedtls_test_platform_teardown();
- return( ret );
+ return ret;
}
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 57b8b92..6b92b87 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -8,107 +8,105 @@
*/
/* BEGIN_CASE */
-void aes_encrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * dst, int setkey_result )
+void aes_encrypt_ecb(data_t *key_str, data_t *src_str,
+ data_t *dst, int setkey_result)
{
unsigned char output[100];
mbedtls_aes_context ctx;
memset(output, 0x00, 100);
- mbedtls_aes_init( &ctx );
+ mbedtls_aes_init(&ctx);
- TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
- if( setkey_result == 0 )
- {
- TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output ) == 0 );
+ TEST_ASSERT(mbedtls_aes_setkey_enc(&ctx, key_str->x, key_str->len * 8) == setkey_result);
+ if (setkey_result == 0) {
+ TEST_ASSERT(mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, 16, dst->len) == 0);
}
exit:
- mbedtls_aes_free( &ctx );
+ mbedtls_aes_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void aes_decrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * dst, int setkey_result )
+void aes_decrypt_ecb(data_t *key_str, data_t *src_str,
+ data_t *dst, int setkey_result)
{
unsigned char output[100];
mbedtls_aes_context ctx;
memset(output, 0x00, 100);
- mbedtls_aes_init( &ctx );
+ mbedtls_aes_init(&ctx);
- TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
- if( setkey_result == 0 )
- {
- TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == 0 );
+ TEST_ASSERT(mbedtls_aes_setkey_dec(&ctx, key_str->x, key_str->len * 8) == setkey_result);
+ if (setkey_result == 0) {
+ TEST_ASSERT(mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_DECRYPT, src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, 16, dst->len) == 0);
}
exit:
- mbedtls_aes_free( &ctx );
+ mbedtls_aes_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void aes_encrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst,
- int cbc_result )
+void aes_encrypt_cbc(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst,
+ int cbc_result)
{
unsigned char output[100];
mbedtls_aes_context ctx;
memset(output, 0x00, 100);
- mbedtls_aes_init( &ctx );
+ mbedtls_aes_init(&ctx);
- TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
- TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
- if( cbc_result == 0 )
- {
+ TEST_ASSERT(mbedtls_aes_setkey_enc(&ctx, key_str->x, key_str->len * 8) == 0);
+ TEST_ASSERT(mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x,
+ src_str->x, output) == cbc_result);
+ if (cbc_result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
- src_str->len, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x,
+ src_str->len, dst->len) == 0);
}
exit:
- mbedtls_aes_free( &ctx );
+ mbedtls_aes_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void aes_decrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst,
- int cbc_result )
+void aes_decrypt_cbc(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst,
+ int cbc_result)
{
unsigned char output[100];
mbedtls_aes_context ctx;
memset(output, 0x00, 100);
- mbedtls_aes_init( &ctx );
+ mbedtls_aes_init(&ctx);
- TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == 0 );
- TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
- if( cbc_result == 0)
- {
+ TEST_ASSERT(mbedtls_aes_setkey_dec(&ctx, key_str->x, key_str->len * 8) == 0);
+ TEST_ASSERT(mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x,
+ src_str->x, output) == cbc_result);
+ if (cbc_result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
- src_str->len, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x,
+ src_str->len, dst->len) == 0);
}
exit:
- mbedtls_aes_free( &ctx );
+ mbedtls_aes_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XTS */
-void aes_encrypt_xts( char *hex_key_string, char *hex_data_unit_string,
- char *hex_src_string, char *hex_dst_string )
+void aes_encrypt_xts(char *hex_key_string, char *hex_data_unit_string,
+ char *hex_src_string, char *hex_dst_string)
{
enum { AES_BLOCK_SIZE = 16 };
unsigned char *data_unit = NULL;
@@ -119,40 +117,40 @@
mbedtls_aes_xts_context ctx;
size_t key_len, src_len, dst_len, data_unit_len;
- mbedtls_aes_xts_init( &ctx );
+ mbedtls_aes_xts_init(&ctx);
- data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string,
- &data_unit_len );
- TEST_ASSERT( data_unit_len == AES_BLOCK_SIZE );
+ data_unit = mbedtls_test_unhexify_alloc(hex_data_unit_string,
+ &data_unit_len);
+ TEST_ASSERT(data_unit_len == AES_BLOCK_SIZE);
- key = mbedtls_test_unhexify_alloc( hex_key_string, &key_len );
- TEST_ASSERT( key_len % 2 == 0 );
+ key = mbedtls_test_unhexify_alloc(hex_key_string, &key_len);
+ TEST_ASSERT(key_len % 2 == 0);
- src = mbedtls_test_unhexify_alloc( hex_src_string, &src_len );
- dst = mbedtls_test_unhexify_alloc( hex_dst_string, &dst_len );
- TEST_ASSERT( src_len == dst_len );
+ src = mbedtls_test_unhexify_alloc(hex_src_string, &src_len);
+ dst = mbedtls_test_unhexify_alloc(hex_dst_string, &dst_len);
+ TEST_ASSERT(src_len == dst_len);
- output = mbedtls_test_zero_alloc( dst_len );
+ output = mbedtls_test_zero_alloc(dst_len);
- TEST_ASSERT( mbedtls_aes_xts_setkey_enc( &ctx, key, key_len * 8 ) == 0 );
- TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, src_len,
- data_unit, src, output ) == 0 );
+ TEST_ASSERT(mbedtls_aes_xts_setkey_enc(&ctx, key, key_len * 8) == 0);
+ TEST_ASSERT(mbedtls_aes_crypt_xts(&ctx, MBEDTLS_AES_ENCRYPT, src_len,
+ data_unit, src, output) == 0);
- TEST_ASSERT( memcmp( output, dst, dst_len ) == 0 );
+ TEST_ASSERT(memcmp(output, dst, dst_len) == 0);
exit:
- mbedtls_aes_xts_free( &ctx );
- mbedtls_free( data_unit );
- mbedtls_free( key );
- mbedtls_free( src );
- mbedtls_free( dst );
- mbedtls_free( output );
+ mbedtls_aes_xts_free(&ctx);
+ mbedtls_free(data_unit);
+ mbedtls_free(key);
+ mbedtls_free(src);
+ mbedtls_free(dst);
+ mbedtls_free(output);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XTS */
-void aes_decrypt_xts( char *hex_key_string, char *hex_data_unit_string,
- char *hex_dst_string, char *hex_src_string )
+void aes_decrypt_xts(char *hex_key_string, char *hex_data_unit_string,
+ char *hex_dst_string, char *hex_src_string)
{
enum { AES_BLOCK_SIZE = 16 };
unsigned char *data_unit = NULL;
@@ -163,39 +161,39 @@
mbedtls_aes_xts_context ctx;
size_t key_len, src_len, dst_len, data_unit_len;
- mbedtls_aes_xts_init( &ctx );
+ mbedtls_aes_xts_init(&ctx);
- data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string,
- &data_unit_len );
- TEST_ASSERT( data_unit_len == AES_BLOCK_SIZE );
+ data_unit = mbedtls_test_unhexify_alloc(hex_data_unit_string,
+ &data_unit_len);
+ TEST_ASSERT(data_unit_len == AES_BLOCK_SIZE);
- key = mbedtls_test_unhexify_alloc( hex_key_string, &key_len );
- TEST_ASSERT( key_len % 2 == 0 );
+ key = mbedtls_test_unhexify_alloc(hex_key_string, &key_len);
+ TEST_ASSERT(key_len % 2 == 0);
- src = mbedtls_test_unhexify_alloc( hex_src_string, &src_len );
- dst = mbedtls_test_unhexify_alloc( hex_dst_string, &dst_len );
- TEST_ASSERT( src_len == dst_len );
+ src = mbedtls_test_unhexify_alloc(hex_src_string, &src_len);
+ dst = mbedtls_test_unhexify_alloc(hex_dst_string, &dst_len);
+ TEST_ASSERT(src_len == dst_len);
- output = mbedtls_test_zero_alloc( dst_len );
+ output = mbedtls_test_zero_alloc(dst_len);
- TEST_ASSERT( mbedtls_aes_xts_setkey_dec( &ctx, key, key_len * 8 ) == 0 );
- TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_DECRYPT, src_len,
- data_unit, src, output ) == 0 );
+ TEST_ASSERT(mbedtls_aes_xts_setkey_dec(&ctx, key, key_len * 8) == 0);
+ TEST_ASSERT(mbedtls_aes_crypt_xts(&ctx, MBEDTLS_AES_DECRYPT, src_len,
+ data_unit, src, output) == 0);
- TEST_ASSERT( memcmp( output, dst, dst_len ) == 0 );
+ TEST_ASSERT(memcmp(output, dst, dst_len) == 0);
exit:
- mbedtls_aes_xts_free( &ctx );
- mbedtls_free( data_unit );
- mbedtls_free( key );
- mbedtls_free( src );
- mbedtls_free( dst );
- mbedtls_free( output );
+ mbedtls_aes_xts_free(&ctx);
+ mbedtls_free(data_unit);
+ mbedtls_free(key);
+ mbedtls_free(src);
+ mbedtls_free(dst);
+ mbedtls_free(output);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XTS */
-void aes_crypt_xts_size( int size, int retval )
+void aes_crypt_xts_size(int size, int retval)
{
mbedtls_aes_xts_context ctx;
const unsigned char src[16] = { 0 };
@@ -203,166 +201,171 @@
unsigned char data_unit[16];
size_t length = size;
- mbedtls_aes_xts_init( &ctx );
- memset( data_unit, 0x00, sizeof( data_unit ) );
+ mbedtls_aes_xts_init(&ctx);
+ memset(data_unit, 0x00, sizeof(data_unit));
/* Valid pointers are passed for builds with MBEDTLS_CHECK_PARAMS, as
* otherwise we wouldn't get to the size check we're interested in. */
- TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, length, data_unit, src, output ) == retval );
+ TEST_ASSERT(mbedtls_aes_crypt_xts(&ctx, MBEDTLS_AES_ENCRYPT, length, data_unit, src,
+ output) == retval);
exit:
- mbedtls_aes_xts_free( &ctx );
+ mbedtls_aes_xts_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XTS */
-void aes_crypt_xts_keysize( int size, int retval )
+void aes_crypt_xts_keysize(int size, int retval)
{
mbedtls_aes_xts_context ctx;
const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
size_t key_len = size;
- mbedtls_aes_xts_init( &ctx );
+ mbedtls_aes_xts_init(&ctx);
- TEST_ASSERT( mbedtls_aes_xts_setkey_enc( &ctx, key, key_len * 8 ) == retval );
- TEST_ASSERT( mbedtls_aes_xts_setkey_dec( &ctx, key, key_len * 8 ) == retval );
+ TEST_ASSERT(mbedtls_aes_xts_setkey_enc(&ctx, key, key_len * 8) == retval);
+ TEST_ASSERT(mbedtls_aes_xts_setkey_dec(&ctx, key, key_len * 8) == retval);
exit:
- mbedtls_aes_xts_free( &ctx );
+ mbedtls_aes_xts_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_encrypt_cfb128( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst )
+void aes_encrypt_cfb128(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst)
{
unsigned char output[100];
mbedtls_aes_context ctx;
size_t iv_offset = 0;
memset(output, 0x00, 100);
- mbedtls_aes_init( &ctx );
+ mbedtls_aes_init(&ctx);
- TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
- TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
+ TEST_ASSERT(mbedtls_aes_setkey_enc(&ctx, key_str->x, key_str->len * 8) == 0);
+ TEST_ASSERT(mbedtls_aes_crypt_cfb128(&ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x,
+ src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, 16, dst->len) == 0);
exit:
- mbedtls_aes_free( &ctx );
+ mbedtls_aes_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_decrypt_cfb128( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst )
+void aes_decrypt_cfb128(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst)
{
unsigned char output[100];
mbedtls_aes_context ctx;
size_t iv_offset = 0;
memset(output, 0x00, 100);
- mbedtls_aes_init( &ctx );
+ mbedtls_aes_init(&ctx);
- TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
- TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
+ TEST_ASSERT(mbedtls_aes_setkey_enc(&ctx, key_str->x, key_str->len * 8) == 0);
+ TEST_ASSERT(mbedtls_aes_crypt_cfb128(&ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x,
+ src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, 16, dst->len) == 0);
exit:
- mbedtls_aes_free( &ctx );
+ mbedtls_aes_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_encrypt_cfb8( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst )
+void aes_encrypt_cfb8(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst)
{
unsigned char output[100];
mbedtls_aes_context ctx;
memset(output, 0x00, 100);
- mbedtls_aes_init( &ctx );
+ mbedtls_aes_init(&ctx);
- TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
- TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
+ TEST_ASSERT(mbedtls_aes_setkey_enc(&ctx, key_str->x, key_str->len * 8) == 0);
+ TEST_ASSERT(mbedtls_aes_crypt_cfb8(&ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x,
+ src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
- src_str->len, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x,
+ src_str->len, dst->len) == 0);
exit:
- mbedtls_aes_free( &ctx );
+ mbedtls_aes_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_decrypt_cfb8( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst )
+void aes_decrypt_cfb8(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst)
{
unsigned char output[100];
mbedtls_aes_context ctx;
memset(output, 0x00, 100);
- mbedtls_aes_init( &ctx );
+ mbedtls_aes_init(&ctx);
- TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
- TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
+ TEST_ASSERT(mbedtls_aes_setkey_enc(&ctx, key_str->x, key_str->len * 8) == 0);
+ TEST_ASSERT(mbedtls_aes_crypt_cfb8(&ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x,
+ src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
- src_str->len, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x,
+ src_str->len, dst->len) == 0);
exit:
- mbedtls_aes_free( &ctx );
+ mbedtls_aes_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_OFB */
-void aes_encrypt_ofb( int fragment_size, data_t *key_str,
- data_t *iv_str, data_t *src_str,
- data_t *expected_output )
+void aes_encrypt_ofb(int fragment_size, data_t *key_str,
+ data_t *iv_str, data_t *src_str,
+ data_t *expected_output)
{
unsigned char output[32];
mbedtls_aes_context ctx;
size_t iv_offset = 0;
int in_buffer_len;
- unsigned char* src_str_next;
+ unsigned char *src_str_next;
- memset( output, 0x00, sizeof( output ) );
- mbedtls_aes_init( &ctx );
+ memset(output, 0x00, sizeof(output));
+ mbedtls_aes_init(&ctx);
- TEST_ASSERT( (size_t)fragment_size < sizeof( output ) );
+ TEST_ASSERT((size_t) fragment_size < sizeof(output));
- TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x,
- key_str->len * 8 ) == 0 );
+ TEST_ASSERT(mbedtls_aes_setkey_enc(&ctx, key_str->x,
+ key_str->len * 8) == 0);
in_buffer_len = src_str->len;
src_str_next = src_str->x;
- while( in_buffer_len > 0 )
- {
- TEST_ASSERT( mbedtls_aes_crypt_ofb( &ctx, fragment_size, &iv_offset,
- iv_str->x, src_str_next, output ) == 0 );
+ while (in_buffer_len > 0) {
+ TEST_ASSERT(mbedtls_aes_crypt_ofb(&ctx, fragment_size, &iv_offset,
+ iv_str->x, src_str_next, output) == 0);
- TEST_ASSERT( memcmp( output, expected_output->x, fragment_size ) == 0 );
+ TEST_ASSERT(memcmp(output, expected_output->x, fragment_size) == 0);
in_buffer_len -= fragment_size;
expected_output->x += fragment_size;
src_str_next += fragment_size;
- if( in_buffer_len < fragment_size )
+ if (in_buffer_len < fragment_size) {
fragment_size = in_buffer_len;
+ }
}
exit:
- mbedtls_aes_free( &ctx );
+ mbedtls_aes_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void aes_check_params( )
+void aes_check_params()
{
mbedtls_aes_context aes_ctx;
#if defined(MBEDTLS_CIPHER_MODE_XTS)
@@ -375,185 +378,185 @@
const int valid_mode = MBEDTLS_AES_ENCRYPT;
const int invalid_mode = 42;
- TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_aes_init(NULL));
#if defined(MBEDTLS_CIPHER_MODE_XTS)
- TEST_INVALID_PARAM( mbedtls_aes_xts_init( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_aes_xts_init(NULL));
#endif
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_setkey_enc( NULL, key, 128 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_setkey_enc( &aes_ctx, NULL, 128 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_setkey_enc(NULL, key, 128));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_setkey_enc(&aes_ctx, NULL, 128));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_setkey_dec( NULL, key, 128 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_setkey_dec( &aes_ctx, NULL, 128 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_setkey_dec(NULL, key, 128));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_setkey_dec(&aes_ctx, NULL, 128));
#if defined(MBEDTLS_CIPHER_MODE_XTS)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_xts_setkey_enc( NULL, key, 128 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_xts_setkey_enc( &xts_ctx, NULL, 128 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_xts_setkey_enc(NULL, key, 128));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_xts_setkey_enc(&xts_ctx, NULL, 128));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_xts_setkey_dec( NULL, key, 128 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_xts_setkey_dec( &xts_ctx, NULL, 128 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_xts_setkey_dec(NULL, key, 128));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_xts_setkey_dec(&xts_ctx, NULL, 128));
#endif
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ecb( NULL,
- valid_mode, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ecb( &aes_ctx,
- invalid_mode, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ecb( &aes_ctx,
- valid_mode, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ecb( &aes_ctx,
- valid_mode, in, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ecb(NULL,
+ valid_mode, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ecb(&aes_ctx,
+ invalid_mode, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ecb(&aes_ctx,
+ valid_mode, NULL, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ecb(&aes_ctx,
+ valid_mode, in, NULL));
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cbc( NULL,
- valid_mode, 16,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cbc( &aes_ctx,
- invalid_mode, 16,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cbc( &aes_ctx,
- valid_mode, 16,
- NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cbc( &aes_ctx,
- valid_mode, 16,
- out, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cbc( &aes_ctx,
- valid_mode, 16,
- out, in, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cbc(NULL,
+ valid_mode, 16,
+ out, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cbc(&aes_ctx,
+ invalid_mode, 16,
+ out, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cbc(&aes_ctx,
+ valid_mode, 16,
+ NULL, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cbc(&aes_ctx,
+ valid_mode, 16,
+ out, NULL, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cbc(&aes_ctx,
+ valid_mode, 16,
+ out, in, NULL));
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_xts( NULL,
- valid_mode, 16,
- in, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_xts( &xts_ctx,
- invalid_mode, 16,
- in, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_xts( &xts_ctx,
- valid_mode, 16,
- NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_xts( &xts_ctx,
- valid_mode, 16,
- in, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_xts( &xts_ctx,
- valid_mode, 16,
- in, in, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_xts(NULL,
+ valid_mode, 16,
+ in, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_xts(&xts_ctx,
+ invalid_mode, 16,
+ in, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_xts(&xts_ctx,
+ valid_mode, 16,
+ NULL, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_xts(&xts_ctx,
+ valid_mode, 16,
+ in, NULL, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_xts(&xts_ctx,
+ valid_mode, 16,
+ in, in, NULL));
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( NULL,
- valid_mode, 16,
- &size, out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( &aes_ctx,
- invalid_mode, 16,
- &size, out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( &aes_ctx,
- valid_mode, 16,
- NULL, out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( &aes_ctx,
- valid_mode, 16,
- &size, NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( &aes_ctx,
- valid_mode, 16,
- &size, out, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( &aes_ctx,
- valid_mode, 16,
- &size, out, in, NULL ) );
-
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb8( NULL,
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb128(NULL,
valid_mode, 16,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb8( &aes_ctx,
+ &size, out, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb128(&aes_ctx,
invalid_mode, 16,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb8( &aes_ctx,
+ &size, out, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb128(&aes_ctx,
valid_mode, 16,
- NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb8( &aes_ctx,
+ NULL, out, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb128(&aes_ctx,
valid_mode, 16,
- out, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb8( &aes_ctx,
+ &size, NULL, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb128(&aes_ctx,
valid_mode, 16,
- out, in, NULL ) );
+ &size, out, NULL, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb128(&aes_ctx,
+ valid_mode, 16,
+ &size, out, in, NULL));
+
+
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb8(NULL,
+ valid_mode, 16,
+ out, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb8(&aes_ctx,
+ invalid_mode, 16,
+ out, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb8(&aes_ctx,
+ valid_mode, 16,
+ NULL, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb8(&aes_ctx,
+ valid_mode, 16,
+ out, NULL, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb8(&aes_ctx,
+ valid_mode, 16,
+ out, in, NULL));
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ofb( NULL, 16,
- &size, out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ofb( &aes_ctx, 16,
- NULL, out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ofb( &aes_ctx, 16,
- &size, NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ofb( &aes_ctx, 16,
- &size, out, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ofb( &aes_ctx, 16,
- &size, out, in, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ofb(NULL, 16,
+ &size, out, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ofb(&aes_ctx, 16,
+ NULL, out, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ofb(&aes_ctx, 16,
+ &size, NULL, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ofb(&aes_ctx, 16,
+ &size, out, NULL, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ofb(&aes_ctx, 16,
+ &size, out, in, NULL));
#endif /* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( NULL, 16, &size, out,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( &aes_ctx, 16, NULL, out,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, NULL,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
- NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
- out, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
- out, in, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ctr(NULL, 16, &size, out,
+ out, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ctr(&aes_ctx, 16, NULL, out,
+ out, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ctr(&aes_ctx, 16, &size, NULL,
+ out, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ctr(&aes_ctx, 16, &size, out,
+ NULL, in, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ctr(&aes_ctx, 16, &size, out,
+ out, NULL, out));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ctr(&aes_ctx, 16, &size, out,
+ out, in, NULL));
#endif /* MBEDTLS_CIPHER_MODE_CTR */
}
/* END_CASE */
/* BEGIN_CASE */
-void aes_misc_params( )
+void aes_misc_params()
{
#if defined(MBEDTLS_CIPHER_MODE_CBC) || \
defined(MBEDTLS_CIPHER_MODE_XTS) || \
@@ -565,7 +568,7 @@
#if defined(MBEDTLS_CIPHER_MODE_CBC) || \
defined(MBEDTLS_CIPHER_MODE_CFB) || \
defined(MBEDTLS_CIPHER_MODE_OFB)
-mbedtls_aes_context aes_ctx;
+ mbedtls_aes_context aes_ctx;
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
mbedtls_aes_xts_context xts_ctx;
@@ -576,51 +579,51 @@
#endif
/* These calls accept NULL */
- TEST_VALID_PARAM( mbedtls_aes_free( NULL ) );
+ TEST_VALID_PARAM(mbedtls_aes_free(NULL));
#if defined(MBEDTLS_CIPHER_MODE_XTS)
- TEST_VALID_PARAM( mbedtls_aes_xts_free( NULL ) );
+ TEST_VALID_PARAM(mbedtls_aes_xts_free(NULL));
#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT,
- 15,
- out, in, out )
- == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
- TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT,
- 17,
- out, in, out )
- == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
+ TEST_ASSERT(mbedtls_aes_crypt_cbc(&aes_ctx, MBEDTLS_AES_ENCRYPT,
+ 15,
+ out, in, out)
+ == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH);
+ TEST_ASSERT(mbedtls_aes_crypt_cbc(&aes_ctx, MBEDTLS_AES_ENCRYPT,
+ 17,
+ out, in, out)
+ == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH);
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
- TEST_ASSERT( mbedtls_aes_crypt_xts( &xts_ctx, MBEDTLS_AES_ENCRYPT,
- 15,
- in, in, out )
- == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
- TEST_ASSERT( mbedtls_aes_crypt_xts( &xts_ctx, MBEDTLS_AES_ENCRYPT,
- (1 << 24) + 1,
- in, in, out )
- == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
+ TEST_ASSERT(mbedtls_aes_crypt_xts(&xts_ctx, MBEDTLS_AES_ENCRYPT,
+ 15,
+ in, in, out)
+ == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH);
+ TEST_ASSERT(mbedtls_aes_crypt_xts(&xts_ctx, MBEDTLS_AES_ENCRYPT,
+ (1 << 24) + 1,
+ in, in, out)
+ == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH);
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
size = 16;
- TEST_ASSERT( mbedtls_aes_crypt_cfb128( &aes_ctx, MBEDTLS_AES_ENCRYPT, 16,
- &size, out, in, out )
- == MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_aes_crypt_cfb128(&aes_ctx, MBEDTLS_AES_ENCRYPT, 16,
+ &size, out, in, out)
+ == MBEDTLS_ERR_AES_BAD_INPUT_DATA);
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
size = 16;
- TEST_ASSERT( mbedtls_aes_crypt_ofb( &aes_ctx, 16, &size, out, in, out )
- == MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_aes_crypt_ofb(&aes_ctx, 16, &size, out, in, out)
+ == MBEDTLS_ERR_AES_BAD_INPUT_DATA);
#endif
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void aes_selftest( )
+void aes_selftest()
{
- TEST_ASSERT( mbedtls_aes_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_aes_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function
index c1e2386..c1b19d5 100644
--- a/tests/suites/test_suite_arc4.function
+++ b/tests/suites/test_suite_arc4.function
@@ -8,30 +8,30 @@
*/
/* BEGIN_CASE */
-void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str, data_t * dst )
+void mbedtls_arc4_crypt(data_t *src_str, data_t *key_str, data_t *dst)
{
unsigned char dst_str[1000];
mbedtls_arc4_context ctx;
memset(dst_str, 0x00, 1000);
- mbedtls_arc4_init( &ctx );
+ mbedtls_arc4_init(&ctx);
mbedtls_arc4_setup(&ctx, key_str->x, key_str->len);
- TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len,
- src_str->x, dst_str ) == 0 );
+ TEST_ASSERT(mbedtls_arc4_crypt(&ctx, src_str->len,
+ src_str->x, dst_str) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( dst_str, dst->x,
- src_str->len, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(dst_str, dst->x,
+ src_str->len, dst->len) == 0);
exit:
- mbedtls_arc4_free( &ctx );
+ mbedtls_arc4_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void arc4_selftest( )
+void arc4_selftest()
{
- TEST_ASSERT( mbedtls_arc4_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_arc4_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function
index 11af9a3..ed33389 100644
--- a/tests/suites/test_suite_aria.function
+++ b/tests/suites/test_suite_aria.function
@@ -6,9 +6,9 @@
#define ARIA_MAX_DATASIZE 160
/* Maximum sizes of hexified things */
-#define ARIA_MAX_KEY_STR ( 2 * MBEDTLS_ARIA_MAX_KEYSIZE + 1 )
-#define ARIA_BLOCK_STR ( 2 * MBEDTLS_ARIA_BLOCKSIZE + 1 )
-#define ARIA_MAX_DATA_STR ( 2 * ARIA_MAX_DATASIZE + 1 )
+#define ARIA_MAX_KEY_STR (2 * MBEDTLS_ARIA_MAX_KEYSIZE + 1)
+#define ARIA_BLOCK_STR (2 * MBEDTLS_ARIA_BLOCKSIZE + 1)
+#define ARIA_MAX_DATA_STR (2 * ARIA_MAX_DATASIZE + 1)
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -17,14 +17,14 @@
*/
/* BEGIN_CASE */
-void aria_valid_param( )
+void aria_valid_param()
{
- TEST_VALID_PARAM( mbedtls_aria_free( NULL ) );
+ TEST_VALID_PARAM(mbedtls_aria_free(NULL));
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void aria_invalid_param( )
+void aria_invalid_param()
{
mbedtls_aria_context ctx;
unsigned char key[128 / 8] = { 0 };
@@ -36,167 +36,167 @@
((void) iv_off);
((void) iv);
- TEST_INVALID_PARAM( mbedtls_aria_init( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_aria_init(NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_setkey_enc( NULL, key,
- sizeof( key ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_setkey_enc( &ctx, NULL,
- sizeof( key ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_setkey_enc(NULL, key,
+ sizeof(key)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_setkey_enc(&ctx, NULL,
+ sizeof(key)));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_setkey_dec( NULL, key,
- sizeof( key ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_setkey_dec( &ctx, NULL,
- sizeof( key ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_setkey_dec(NULL, key,
+ sizeof(key)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_setkey_dec(&ctx, NULL,
+ sizeof(key)));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ecb( NULL, input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ecb( &ctx, NULL, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ecb( &ctx, input, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ecb(NULL, input, output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ecb(&ctx, NULL, output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ecb(&ctx, input, NULL));
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cbc( NULL,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cbc( &ctx,
- 42 /* invalid mode */,
- sizeof( input ),
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cbc( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- NULL,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cbc( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- iv,
- NULL,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cbc( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- iv,
- input,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cbc(NULL,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof(input),
+ iv,
+ input,
+ output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cbc(&ctx,
+ 42 /* invalid mode */,
+ sizeof(input),
+ iv,
+ input,
+ output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cbc(&ctx,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof(input),
+ NULL,
+ input,
+ output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cbc(&ctx,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof(input),
+ iv,
+ NULL,
+ output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cbc(&ctx,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof(input),
+ iv,
+ input,
+ NULL));
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cfb128( NULL,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- &iv_off,
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cfb128( &ctx,
- 42, /* invalid mode */
- sizeof( input ),
- &iv_off,
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cfb128( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- NULL,
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cfb128( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- &iv_off,
- NULL,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cfb128( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- &iv_off,
- iv,
- NULL,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cfb128( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- &iv_off,
- iv,
- input,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cfb128(NULL,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof(input),
+ &iv_off,
+ iv,
+ input,
+ output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cfb128(&ctx,
+ 42, /* invalid mode */
+ sizeof(input),
+ &iv_off,
+ iv,
+ input,
+ output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cfb128(&ctx,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof(input),
+ NULL,
+ iv,
+ input,
+ output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cfb128(&ctx,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof(input),
+ &iv_off,
+ NULL,
+ input,
+ output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cfb128(&ctx,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof(input),
+ &iv_off,
+ iv,
+ NULL,
+ output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cfb128(&ctx,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof(input),
+ &iv_off,
+ iv,
+ input,
+ NULL));
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( NULL,
- sizeof( input ),
- &iv_off,
- iv,
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( &ctx,
- sizeof( input ),
- NULL,
- iv,
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( &ctx,
- sizeof( input ),
- &iv_off,
- NULL,
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( &ctx,
- sizeof( input ),
- &iv_off,
- iv,
- NULL,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( &ctx,
- sizeof( input ),
- &iv_off,
- iv,
- iv,
- NULL,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( &ctx,
- sizeof( input ),
- &iv_off,
- iv,
- iv,
- input,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ctr(NULL,
+ sizeof(input),
+ &iv_off,
+ iv,
+ iv,
+ input,
+ output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ctr(&ctx,
+ sizeof(input),
+ NULL,
+ iv,
+ iv,
+ input,
+ output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ctr(&ctx,
+ sizeof(input),
+ &iv_off,
+ NULL,
+ iv,
+ input,
+ output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ctr(&ctx,
+ sizeof(input),
+ &iv_off,
+ iv,
+ NULL,
+ input,
+ output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ctr(&ctx,
+ sizeof(input),
+ &iv_off,
+ iv,
+ iv,
+ NULL,
+ output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ctr(&ctx,
+ sizeof(input),
+ &iv_off,
+ iv,
+ iv,
+ input,
+ NULL));
#endif /* MBEDTLS_CIPHER_MODE_CTR */
exit:
@@ -206,224 +206,218 @@
/* END_CASE */
/* BEGIN_CASE */
-void aria_encrypt_ecb( data_t *key_str, data_t *src_str,
- data_t *expected_output, int setkey_result )
+void aria_encrypt_ecb(data_t *key_str, data_t *src_str,
+ data_t *expected_output, int setkey_result)
{
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
size_t i;
- memset( output, 0x00, sizeof( output ) );
- mbedtls_aria_init( &ctx );
+ memset(output, 0x00, sizeof(output));
+ mbedtls_aria_init(&ctx);
- TEST_ASSERT( mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 )
- == setkey_result );
- if( setkey_result == 0 )
- {
- for( i = 0; i < src_str->len; i += MBEDTLS_ARIA_BLOCKSIZE )
- {
- TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str->x + i,
- output + i ) == 0 );
+ TEST_ASSERT(mbedtls_aria_setkey_enc(&ctx, key_str->x, key_str->len * 8)
+ == setkey_result);
+ if (setkey_result == 0) {
+ for (i = 0; i < src_str->len; i += MBEDTLS_ARIA_BLOCKSIZE) {
+ TEST_ASSERT(mbedtls_aria_crypt_ecb(&ctx, src_str->x + i,
+ output + i) == 0);
}
- ASSERT_COMPARE( output, expected_output->len,
- expected_output->x, expected_output->len );
+ ASSERT_COMPARE(output, expected_output->len,
+ expected_output->x, expected_output->len);
}
exit:
- mbedtls_aria_free( &ctx );
+ mbedtls_aria_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void aria_decrypt_ecb( data_t *key_str, data_t *src_str,
- data_t *expected_output, int setkey_result )
+void aria_decrypt_ecb(data_t *key_str, data_t *src_str,
+ data_t *expected_output, int setkey_result)
{
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
size_t i;
- memset( output, 0x00, sizeof( output ) );
- mbedtls_aria_init( &ctx );
+ memset(output, 0x00, sizeof(output));
+ mbedtls_aria_init(&ctx);
- TEST_ASSERT( mbedtls_aria_setkey_dec( &ctx, key_str->x, key_str->len * 8 )
- == setkey_result );
- if( setkey_result == 0 )
- {
- for( i = 0; i < src_str->len; i += MBEDTLS_ARIA_BLOCKSIZE )
- {
- TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str->x + i,
- output + i ) == 0 );
+ TEST_ASSERT(mbedtls_aria_setkey_dec(&ctx, key_str->x, key_str->len * 8)
+ == setkey_result);
+ if (setkey_result == 0) {
+ for (i = 0; i < src_str->len; i += MBEDTLS_ARIA_BLOCKSIZE) {
+ TEST_ASSERT(mbedtls_aria_crypt_ecb(&ctx, src_str->x + i,
+ output + i) == 0);
}
- ASSERT_COMPARE( output, expected_output->len,
- expected_output->x, expected_output->len );
+ ASSERT_COMPARE(output, expected_output->len,
+ expected_output->x, expected_output->len);
}
exit:
- mbedtls_aria_free( &ctx );
+ mbedtls_aria_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void aria_encrypt_cbc( data_t *key_str, data_t *iv_str,
- data_t *src_str, data_t *expected_output,
- int cbc_result )
+void aria_encrypt_cbc(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *expected_output,
+ int cbc_result)
{
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
- memset( output, 0x00, sizeof( output ) );
- mbedtls_aria_init( &ctx );
+ memset(output, 0x00, sizeof(output));
+ mbedtls_aria_init(&ctx);
- mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT,
- src_str->len, iv_str->x, src_str->x,
- output ) == cbc_result );
- if( cbc_result == 0 )
- {
- ASSERT_COMPARE( output, expected_output->len,
- expected_output->x, expected_output->len );
+ mbedtls_aria_setkey_enc(&ctx, key_str->x, key_str->len * 8);
+ TEST_ASSERT(mbedtls_aria_crypt_cbc(&ctx, MBEDTLS_ARIA_ENCRYPT,
+ src_str->len, iv_str->x, src_str->x,
+ output) == cbc_result);
+ if (cbc_result == 0) {
+ ASSERT_COMPARE(output, expected_output->len,
+ expected_output->x, expected_output->len);
}
exit:
- mbedtls_aria_free( &ctx );
+ mbedtls_aria_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void aria_decrypt_cbc( data_t *key_str, data_t *iv_str,
- data_t *src_str, data_t *expected_output,
- int cbc_result )
+void aria_decrypt_cbc(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *expected_output,
+ int cbc_result)
{
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
- memset( output, 0x00, sizeof( output ) );
- mbedtls_aria_init( &ctx );
+ memset(output, 0x00, sizeof(output));
+ mbedtls_aria_init(&ctx);
- mbedtls_aria_setkey_dec( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT,
- src_str->len, iv_str->x, src_str->x,
- output ) == cbc_result );
- if( cbc_result == 0 )
- {
- ASSERT_COMPARE( output, expected_output->len,
- expected_output->x, expected_output->len );
+ mbedtls_aria_setkey_dec(&ctx, key_str->x, key_str->len * 8);
+ TEST_ASSERT(mbedtls_aria_crypt_cbc(&ctx, MBEDTLS_ARIA_DECRYPT,
+ src_str->len, iv_str->x, src_str->x,
+ output) == cbc_result);
+ if (cbc_result == 0) {
+ ASSERT_COMPARE(output, expected_output->len,
+ expected_output->x, expected_output->len);
}
exit:
- mbedtls_aria_free( &ctx );
+ mbedtls_aria_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aria_encrypt_cfb128( data_t *key_str, data_t *iv_str,
- data_t *src_str, data_t *expected_output,
- int result )
+void aria_encrypt_cfb128(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *expected_output,
+ int result)
{
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
size_t iv_offset = 0;
- memset( output, 0x00, sizeof( output ) );
- mbedtls_aria_init( &ctx );
+ memset(output, 0x00, sizeof(output));
+ mbedtls_aria_init(&ctx);
- mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT,
- src_str->len, &iv_offset,
- iv_str->x, src_str->x, output )
- == result );
+ mbedtls_aria_setkey_enc(&ctx, key_str->x, key_str->len * 8);
+ TEST_ASSERT(mbedtls_aria_crypt_cfb128(&ctx, MBEDTLS_ARIA_ENCRYPT,
+ src_str->len, &iv_offset,
+ iv_str->x, src_str->x, output)
+ == result);
- ASSERT_COMPARE( output, expected_output->len,
- expected_output->x, expected_output->len );
+ ASSERT_COMPARE(output, expected_output->len,
+ expected_output->x, expected_output->len);
exit:
- mbedtls_aria_free( &ctx );
+ mbedtls_aria_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aria_decrypt_cfb128( data_t *key_str, data_t *iv_str,
- data_t *src_str, data_t *expected_output,
- int result )
+void aria_decrypt_cfb128(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *expected_output,
+ int result)
{
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
size_t iv_offset = 0;
- memset( output, 0x00, sizeof( output ) );
- mbedtls_aria_init( &ctx );
+ memset(output, 0x00, sizeof(output));
+ mbedtls_aria_init(&ctx);
- mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT,
- src_str->len, &iv_offset,
- iv_str->x, src_str->x, output )
- == result );
+ mbedtls_aria_setkey_enc(&ctx, key_str->x, key_str->len * 8);
+ TEST_ASSERT(mbedtls_aria_crypt_cfb128(&ctx, MBEDTLS_ARIA_DECRYPT,
+ src_str->len, &iv_offset,
+ iv_str->x, src_str->x, output)
+ == result);
- ASSERT_COMPARE( output, expected_output->len,
- expected_output->x, expected_output->len );
+ ASSERT_COMPARE(output, expected_output->len,
+ expected_output->x, expected_output->len);
exit:
- mbedtls_aria_free( &ctx );
+ mbedtls_aria_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */
-void aria_encrypt_ctr( data_t *key_str, data_t *iv_str,
- data_t *src_str, data_t *expected_output,
- int result )
+void aria_encrypt_ctr(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *expected_output,
+ int result)
{
unsigned char output[ARIA_MAX_DATASIZE];
unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE];
mbedtls_aria_context ctx;
size_t iv_offset = 0;
- memset( output, 0x00, sizeof( output ) );
- mbedtls_aria_init( &ctx );
+ memset(output, 0x00, sizeof(output));
+ mbedtls_aria_init(&ctx);
- mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str->len, &iv_offset,
- iv_str->x, blk, src_str->x, output )
- == result );
+ mbedtls_aria_setkey_enc(&ctx, key_str->x, key_str->len * 8);
+ TEST_ASSERT(mbedtls_aria_crypt_ctr(&ctx, src_str->len, &iv_offset,
+ iv_str->x, blk, src_str->x, output)
+ == result);
- ASSERT_COMPARE( output, expected_output->len,
- expected_output->x, expected_output->len );
+ ASSERT_COMPARE(output, expected_output->len,
+ expected_output->x, expected_output->len);
exit:
- mbedtls_aria_free( &ctx );
+ mbedtls_aria_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */
-void aria_decrypt_ctr( data_t *key_str, data_t *iv_str,
- data_t *src_str, data_t *expected_output,
- int result )
+void aria_decrypt_ctr(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *expected_output,
+ int result)
{
unsigned char output[ARIA_MAX_DATASIZE];
unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE];
mbedtls_aria_context ctx;
size_t iv_offset = 0;
- memset( output, 0x00, sizeof( output ) );
- mbedtls_aria_init( &ctx );
+ memset(output, 0x00, sizeof(output));
+ mbedtls_aria_init(&ctx);
- mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str->len, &iv_offset,
- iv_str->x, blk, src_str->x, output )
- == result );
+ mbedtls_aria_setkey_enc(&ctx, key_str->x, key_str->len * 8);
+ TEST_ASSERT(mbedtls_aria_crypt_ctr(&ctx, src_str->len, &iv_offset,
+ iv_str->x, blk, src_str->x, output)
+ == result);
- ASSERT_COMPARE( output, expected_output->len,
- expected_output->x, expected_output->len );
+ ASSERT_COMPARE(output, expected_output->len,
+ expected_output->x, expected_output->len);
exit:
- mbedtls_aria_free( &ctx );
+ mbedtls_aria_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void aria_selftest()
{
- TEST_ASSERT( mbedtls_aria_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_aria_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_asn1parse.function b/tests/suites/test_suite_asn1parse.function
index 4cc0f17..7c546c1 100644
--- a/tests/suites/test_suite_asn1parse.function
+++ b/tests/suites/test_suite_asn1parse.function
@@ -16,8 +16,8 @@
* should not be checked. */
#define UNPREDICTABLE_RESULT 0x5552
-static int nested_parse( unsigned char **const p,
- const unsigned char *const end )
+static int nested_parse(unsigned char **const p,
+ const unsigned char *const end)
{
int ret;
size_t len = 0;
@@ -28,31 +28,32 @@
/* First get the length, skipping over the tag. */
content_start = start + 1;
- ret = mbedtls_asn1_get_len( &content_start, end, &len );
- TEST_ASSERT( content_start <= end );
- if( ret != 0 )
- return( ret );
+ ret = mbedtls_asn1_get_len(&content_start, end, &len);
+ TEST_ASSERT(content_start <= end);
+ if (ret != 0) {
+ return ret;
+ }
/* Since we have a valid element start (tag and length), retrieve and
* check the tag. */
tag = start[0];
- TEST_EQUAL( mbedtls_asn1_get_tag( p, end, &len2, tag ^ 1 ),
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+ TEST_EQUAL(mbedtls_asn1_get_tag(p, end, &len2, tag ^ 1),
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
*p = start;
- TEST_EQUAL( mbedtls_asn1_get_tag( p, end, &len2, tag ), 0 );
- TEST_EQUAL( len, len2 );
- TEST_ASSERT( *p == content_start );
+ TEST_EQUAL(mbedtls_asn1_get_tag(p, end, &len2, tag), 0);
+ TEST_EQUAL(len, len2);
+ TEST_ASSERT(*p == content_start);
*p = content_start;
- switch( tag & 0x1f )
- {
+ switch (tag & 0x1f) {
case MBEDTLS_ASN1_BOOLEAN:
{
int val = -257;
*p = start;
- ret = mbedtls_asn1_get_bool( p, end, &val );
- if( ret == 0 )
- TEST_ASSERT( val == 0 || val == 1 );
+ ret = mbedtls_asn1_get_bool(p, end, &val);
+ if (ret == 0) {
+ TEST_ASSERT(val == 0 || val == 1);
+ }
break;
}
@@ -60,23 +61,22 @@
{
#if defined(MBEDTLS_BIGNUM_C)
mbedtls_mpi mpi;
- mbedtls_mpi_init( &mpi );
+ mbedtls_mpi_init(&mpi);
*p = start;
- ret = mbedtls_asn1_get_mpi( p, end, &mpi );
- mbedtls_mpi_free( &mpi );
+ ret = mbedtls_asn1_get_mpi(p, end, &mpi);
+ mbedtls_mpi_free(&mpi);
#else
*p = start + 1;
- ret = mbedtls_asn1_get_len( p, end, &len );
+ ret = mbedtls_asn1_get_len(p, end, &len);
*p += len;
#endif
/* If we're sure that the number fits in an int, also
* call mbedtls_asn1_get_int(). */
- if( ret == 0 && len < sizeof( int ) )
- {
+ if (ret == 0 && len < sizeof(int)) {
int val = -257;
unsigned char *q = start;
- ret = mbedtls_asn1_get_int( &q, end, &val );
- TEST_ASSERT( *p == q );
+ ret = mbedtls_asn1_get_int(&q, end, &val);
+ TEST_ASSERT(*p == q);
}
break;
}
@@ -85,14 +85,15 @@
{
mbedtls_asn1_bitstring bs;
*p = start;
- ret = mbedtls_asn1_get_bitstring( p, end, &bs );
+ ret = mbedtls_asn1_get_bitstring(p, end, &bs);
break;
}
case MBEDTLS_ASN1_SEQUENCE:
{
- while( *p <= end && *p < content_start + len && ret == 0 )
- ret = nested_parse( p, content_start + len );
+ while (*p <= end && *p < content_start + len && ret == 0) {
+ ret = nested_parse(p, content_start + len);
+ }
break;
}
@@ -111,18 +112,18 @@
default:
/* No further testing implemented for this tag. */
*p += len;
- return( 0 );
+ return 0;
}
- TEST_ASSERT( *p <= end );
- return( ret );
+ TEST_ASSERT(*p <= end);
+ return ret;
exit:
- return( ERR_PARSE_INCONSISTENCY );
+ return ERR_PARSE_INCONSISTENCY;
}
-int get_len_step( const data_t *input, size_t buffer_size,
- size_t actual_length )
+int get_len_step(const data_t *input, size_t buffer_size,
+ size_t actual_length)
{
unsigned char *buf = NULL;
unsigned char *p = NULL;
@@ -130,53 +131,43 @@
size_t parsed_length;
int ret;
- mbedtls_test_set_step( buffer_size );
+ mbedtls_test_set_step(buffer_size);
/* Allocate a new buffer of exactly the length to parse each time.
* This gives memory sanitizers a chance to catch buffer overreads. */
- if( buffer_size == 0 )
- {
- ASSERT_ALLOC( buf, 1 );
+ if (buffer_size == 0) {
+ ASSERT_ALLOC(buf, 1);
end = buf + 1;
p = end;
- }
- else
- {
- ASSERT_ALLOC_WEAK( buf, buffer_size );
- if( buffer_size > input->len )
- {
- memcpy( buf, input->x, input->len );
- memset( buf + input->len, 'A', buffer_size - input->len );
- }
- else
- {
- memcpy( buf, input->x, buffer_size );
+ } else {
+ ASSERT_ALLOC_WEAK(buf, buffer_size);
+ if (buffer_size > input->len) {
+ memcpy(buf, input->x, input->len);
+ memset(buf + input->len, 'A', buffer_size - input->len);
+ } else {
+ memcpy(buf, input->x, buffer_size);
}
p = buf;
end = buf + buffer_size;
}
- ret = mbedtls_asn1_get_len( &p, end, &parsed_length );
+ ret = mbedtls_asn1_get_len(&p, end, &parsed_length);
- if( buffer_size >= input->len + actual_length )
- {
- TEST_EQUAL( ret, 0 );
- TEST_ASSERT( p == buf + input->len );
- TEST_EQUAL( parsed_length, actual_length );
+ if (buffer_size >= input->len + actual_length) {
+ TEST_EQUAL(ret, 0);
+ TEST_ASSERT(p == buf + input->len);
+ TEST_EQUAL(parsed_length, actual_length);
+ } else {
+ TEST_EQUAL(ret, MBEDTLS_ERR_ASN1_OUT_OF_DATA);
}
- else
- {
- TEST_EQUAL( ret, MBEDTLS_ERR_ASN1_OUT_OF_DATA );
- }
- mbedtls_free( buf );
- return( 1 );
+ mbedtls_free(buf);
+ return 1;
exit:
- mbedtls_free( buf );
- return( 0 );
+ mbedtls_free(buf);
+ return 0;
}
-typedef struct
-{
+typedef struct {
const unsigned char *input_start;
const char *description;
} traverse_state_t;
@@ -188,38 +179,40 @@
#define RET_TRAVERSE_ERROR 2
-static int traverse_callback( void *ctx, int tag,
- unsigned char *content, size_t len )
+static int traverse_callback(void *ctx, int tag,
+ unsigned char *content, size_t len)
{
traverse_state_t *state = ctx;
size_t offset;
const char *rest = state->description;
unsigned long n;
- TEST_ASSERT( content > state->input_start );
+ TEST_ASSERT(content > state->input_start);
offset = content - state->input_start;
- mbedtls_test_set_step( offset );
+ mbedtls_test_set_step(offset);
- if( *rest == 0 )
- return( RET_TRAVERSE_STOP );
- n = strtoul( rest, (char **) &rest, 0 );
- TEST_EQUAL( n, offset );
- TEST_EQUAL( *rest, ',' );
+ if (*rest == 0) {
+ return RET_TRAVERSE_STOP;
+ }
+ n = strtoul(rest, (char **) &rest, 0);
+ TEST_EQUAL(n, offset);
+ TEST_EQUAL(*rest, ',');
++rest;
- n = strtoul( rest, (char **) &rest, 0 );
- TEST_EQUAL( n, (unsigned) tag );
- TEST_EQUAL( *rest, ',' );
+ n = strtoul(rest, (char **) &rest, 0);
+ TEST_EQUAL(n, (unsigned) tag);
+ TEST_EQUAL(*rest, ',');
++rest;
- n = strtoul( rest, (char **) &rest, 0 );
- TEST_EQUAL( n, len );
- if( *rest == ',' )
+ n = strtoul(rest, (char **) &rest, 0);
+ TEST_EQUAL(n, len);
+ if (*rest == ',') {
++rest;
+ }
state->description = rest;
- return( 0 );
+ return 0;
exit:
- return( RET_TRAVERSE_ERROR );
+ return RET_TRAVERSE_ERROR;
}
/* END_HEADER */
@@ -230,9 +223,9 @@
*/
/* BEGIN_CASE */
-void parse_prefixes( const data_t *input,
- int full_result,
- int overfull_result )
+void parse_prefixes(const data_t *input,
+ int full_result,
+ int overfull_result)
{
/* full_result: expected result from parsing the given string. */
/* overfull_result: expected_result from parsing the given string plus
@@ -250,45 +243,42 @@
* we wouldn't know what to parse the input as.
* Also test the input followed by an extra byte.
*/
- for( buffer_size = 1; buffer_size <= input->len + 1; buffer_size++ )
- {
- mbedtls_test_set_step( buffer_size );
+ for (buffer_size = 1; buffer_size <= input->len + 1; buffer_size++) {
+ mbedtls_test_set_step(buffer_size);
/* Allocate a new buffer of exactly the length to parse each time.
* This gives memory sanitizers a chance to catch buffer overreads. */
- ASSERT_ALLOC( buf, buffer_size );
- memcpy( buf, input->x, buffer_size );
+ ASSERT_ALLOC(buf, buffer_size);
+ memcpy(buf, input->x, buffer_size);
p = buf;
- ret = nested_parse( &p, buf + buffer_size );
+ ret = nested_parse(&p, buf + buffer_size);
- if( ret == ERR_PARSE_INCONSISTENCY )
+ if (ret == ERR_PARSE_INCONSISTENCY) {
goto exit;
- if( buffer_size < input->len )
- {
- TEST_EQUAL( ret, MBEDTLS_ERR_ASN1_OUT_OF_DATA );
}
- else if( buffer_size == input->len )
- {
- TEST_EQUAL( ret, full_result );
+ if (buffer_size < input->len) {
+ TEST_EQUAL(ret, MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+ } else if (buffer_size == input->len) {
+ TEST_EQUAL(ret, full_result);
+ } else { /* ( buffer_size > input->len ) */
+ if (overfull_result != UNPREDICTABLE_RESULT) {
+ TEST_EQUAL(ret, overfull_result);
+ }
}
- else /* ( buffer_size > input->len ) */
- {
- if( overfull_result != UNPREDICTABLE_RESULT )
- TEST_EQUAL( ret, overfull_result );
+ if (ret == 0) {
+ TEST_ASSERT(p == buf + input->len);
}
- if( ret == 0 )
- TEST_ASSERT( p == buf + input->len );
- mbedtls_free( buf );
+ mbedtls_free(buf);
buf = NULL;
}
exit:
- mbedtls_free( buf );
+ mbedtls_free(buf);
}
/* END_CASE */
/* BEGIN_CASE */
-void get_len( const data_t *input, int actual_length_arg )
+void get_len(const data_t *input, int actual_length_arg)
{
size_t actual_length = actual_length_arg;
size_t buffer_size;
@@ -299,37 +289,38 @@
* the payload is truncated more than one byte away from either end,
* and we only test the empty string on a 1-byte input.
*/
- for( buffer_size = 1; buffer_size <= input->len + 1; buffer_size++ )
- {
- if( ! get_len_step( input, buffer_size, actual_length ) )
+ for (buffer_size = 1; buffer_size <= input->len + 1; buffer_size++) {
+ if (!get_len_step(input, buffer_size, actual_length)) {
goto exit;
+ }
}
- if( ! get_len_step( input, input->len + actual_length - 1, actual_length ) )
+ if (!get_len_step(input, input->len + actual_length - 1, actual_length)) {
goto exit;
- if( ! get_len_step( input, input->len + actual_length, actual_length ) )
+ }
+ if (!get_len_step(input, input->len + actual_length, actual_length)) {
goto exit;
+ }
}
/* END_CASE */
/* BEGIN_CASE */
-void get_boolean( const data_t *input,
- int expected_value, int expected_result )
+void get_boolean(const data_t *input,
+ int expected_value, int expected_result)
{
unsigned char *p = input->x;
int val;
int ret;
- ret = mbedtls_asn1_get_bool( &p, input->x + input->len, &val );
- TEST_EQUAL( ret, expected_result );
- if( expected_result == 0 )
- {
- TEST_EQUAL( val, expected_value );
- TEST_ASSERT( p == input->x + input->len );
+ ret = mbedtls_asn1_get_bool(&p, input->x + input->len, &val);
+ TEST_EQUAL(ret, expected_result);
+ if (expected_result == 0) {
+ TEST_EQUAL(val, expected_value);
+ TEST_ASSERT(p == input->x + input->len);
}
}
/* END_CASE */
/* BEGIN_CASE */
-void empty_integer( const data_t *input )
+void empty_integer(const data_t *input)
{
unsigned char *p;
#if defined(MBEDTLS_BIGNUM_C)
@@ -338,34 +329,34 @@
int val;
#if defined(MBEDTLS_BIGNUM_C)
- mbedtls_mpi_init( & actual_mpi );
+ mbedtls_mpi_init(&actual_mpi);
#endif
/* An INTEGER with no content is not valid. */
p = input->x;
- TEST_EQUAL( mbedtls_asn1_get_int( &p, input->x + input->len, &val ),
- MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+ TEST_EQUAL(mbedtls_asn1_get_int(&p, input->x + input->len, &val),
+ MBEDTLS_ERR_ASN1_INVALID_LENGTH);
#if defined(MBEDTLS_BIGNUM_C)
/* INTEGERs are sometimes abused as bitstrings, so the library accepts
* an INTEGER with empty content and gives it the value 0. */
p = input->x;
- TEST_EQUAL( mbedtls_asn1_get_mpi( &p, input->x + input->len, &actual_mpi ),
- 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &actual_mpi, 0 ), 0 );
+ TEST_EQUAL(mbedtls_asn1_get_mpi(&p, input->x + input->len, &actual_mpi),
+ 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&actual_mpi, 0), 0);
#endif
exit:
#if defined(MBEDTLS_BIGNUM_C)
- mbedtls_mpi_free( &actual_mpi );
+ mbedtls_mpi_free(&actual_mpi);
#endif
- /*empty cleanup in some configurations*/ ;
+ /*empty cleanup in some configurations*/;
}
/* END_CASE */
/* BEGIN_CASE */
-void get_integer( const data_t *input,
- const char *expected_hex, int expected_result )
+void get_integer(const data_t *input,
+ const char *expected_hex, int expected_result)
{
unsigned char *p;
#if defined(MBEDTLS_BIGNUM_C)
@@ -380,26 +371,24 @@
int ret;
#if defined(MBEDTLS_BIGNUM_C)
- mbedtls_mpi_init( &expected_mpi );
- mbedtls_mpi_init( &actual_mpi );
- mbedtls_mpi_init( &complement );
+ mbedtls_mpi_init(&expected_mpi);
+ mbedtls_mpi_init(&actual_mpi);
+ mbedtls_mpi_init(&complement);
#endif
errno = 0;
- expected_value = strtol( expected_hex, NULL, 16 );
- if( expected_result == 0 &&
- ( errno == ERANGE
+ expected_value = strtol(expected_hex, NULL, 16);
+ if (expected_result == 0 &&
+ (errno == ERANGE
#if LONG_MAX > INT_MAX
- || expected_value > INT_MAX || expected_value < INT_MIN
+ || expected_value > INT_MAX || expected_value < INT_MIN
#endif
- ) )
- {
+ )) {
/* The library returns the dubious error code INVALID_LENGTH
* for integers that are out of range. */
expected_result_for_int = MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
- if( expected_result == 0 && expected_value < 0 )
- {
+ if (expected_result == 0 && expected_value < 0) {
/* The library does not support negative INTEGERs and
* returns the dubious error code INVALID_LENGTH.
* Test that we preserve the historical behavior. If we
@@ -408,34 +397,28 @@
}
p = input->x;
- ret = mbedtls_asn1_get_int( &p, input->x + input->len, &val );
- TEST_EQUAL( ret, expected_result_for_int );
- if( ret == 0 )
- {
- TEST_EQUAL( val, expected_value );
- TEST_ASSERT( p == input->x + input->len );
+ ret = mbedtls_asn1_get_int(&p, input->x + input->len, &val);
+ TEST_EQUAL(ret, expected_result_for_int);
+ if (ret == 0) {
+ TEST_EQUAL(val, expected_value);
+ TEST_ASSERT(p == input->x + input->len);
}
#if defined(MBEDTLS_BIGNUM_C)
- ret = mbedtls_test_read_mpi( &expected_mpi, expected_hex );
- TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
- if( ret == MBEDTLS_ERR_MPI_BAD_INPUT_DATA )
- {
+ ret = mbedtls_test_read_mpi(&expected_mpi, expected_hex);
+ TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_MPI_BAD_INPUT_DATA);
+ if (ret == MBEDTLS_ERR_MPI_BAD_INPUT_DATA) {
/* The data overflows the maximum MPI size. */
expected_result_for_mpi = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
p = input->x;
- ret = mbedtls_asn1_get_mpi( &p, input->x + input->len, &actual_mpi );
- TEST_EQUAL( ret, expected_result_for_mpi );
- if( ret == 0 )
- {
- if( expected_value >= 0 )
- {
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &actual_mpi,
- &expected_mpi ) == 0 );
- }
- else
- {
+ ret = mbedtls_asn1_get_mpi(&p, input->x + input->len, &actual_mpi);
+ TEST_EQUAL(ret, expected_result_for_mpi);
+ if (ret == 0) {
+ if (expected_value >= 0) {
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&actual_mpi,
+ &expected_mpi) == 0);
+ } else {
/* The library ignores the sign bit in ASN.1 INTEGERs
* (which makes sense insofar as INTEGERs are sometimes
* abused as bit strings), so the result of parsing them
@@ -448,32 +431,32 @@
* negative INTEGERs, we'll fix this test code. */
unsigned char *q = input->x + 1;
size_t len;
- TEST_ASSERT( mbedtls_asn1_get_len( &q, input->x + input->len,
- &len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_lset( &complement, 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_shift_l( &complement, len * 8 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_add_mpi( &complement, &complement,
- &expected_mpi ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &complement,
- &actual_mpi ) == 0 );
+ TEST_ASSERT(mbedtls_asn1_get_len(&q, input->x + input->len,
+ &len) == 0);
+ TEST_ASSERT(mbedtls_mpi_lset(&complement, 1) == 0);
+ TEST_ASSERT(mbedtls_mpi_shift_l(&complement, len * 8) == 0);
+ TEST_ASSERT(mbedtls_mpi_add_mpi(&complement, &complement,
+ &expected_mpi) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&complement,
+ &actual_mpi) == 0);
}
- TEST_ASSERT( p == input->x + input->len );
+ TEST_ASSERT(p == input->x + input->len);
}
#endif
exit:
#if defined(MBEDTLS_BIGNUM_C)
- mbedtls_mpi_free( &expected_mpi );
- mbedtls_mpi_free( &actual_mpi );
- mbedtls_mpi_free( &complement );
+ mbedtls_mpi_free(&expected_mpi);
+ mbedtls_mpi_free(&actual_mpi);
+ mbedtls_mpi_free(&complement);
#endif
- /*empty cleanup in some configurations*/ ;
+ /*empty cleanup in some configurations*/;
}
/* END_CASE */
/* BEGIN_CASE */
-void get_enum( const data_t *input,
- const char *expected_hex, int expected_result )
+void get_enum(const data_t *input,
+ const char *expected_hex, int expected_result)
{
unsigned char *p;
long expected_value;
@@ -482,20 +465,18 @@
int ret;
errno = 0;
- expected_value = strtol( expected_hex, NULL, 16 );
- if( expected_result == 0 &&
- ( errno == ERANGE
+ expected_value = strtol(expected_hex, NULL, 16);
+ if (expected_result == 0 &&
+ (errno == ERANGE
#if LONG_MAX > INT_MAX
- || expected_value > INT_MAX || expected_value < INT_MIN
+ || expected_value > INT_MAX || expected_value < INT_MIN
#endif
- ) )
- {
+ )) {
/* The library returns the dubious error code INVALID_LENGTH
* for integers that are out of range. */
expected_result_for_enum = MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
- if( expected_result == 0 && expected_value < 0 )
- {
+ if (expected_result == 0 && expected_value < 0) {
/* The library does not support negative INTEGERs and
* returns the dubious error code INVALID_LENGTH.
* Test that we preserve the historical behavior. If we
@@ -504,18 +485,17 @@
}
p = input->x;
- ret = mbedtls_asn1_get_enum( &p, input->x + input->len, &val );
- TEST_EQUAL( ret, expected_result_for_enum );
- if( ret == 0 )
- {
- TEST_EQUAL( val, expected_value );
- TEST_ASSERT( p == input->x + input->len );
+ ret = mbedtls_asn1_get_enum(&p, input->x + input->len, &val);
+ TEST_EQUAL(ret, expected_result_for_enum);
+ if (ret == 0) {
+ TEST_EQUAL(val, expected_value);
+ TEST_ASSERT(p == input->x + input->len);
}
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_BIGNUM_C */
-void get_mpi_too_large( )
+void get_mpi_too_large()
{
unsigned char *buf = NULL;
unsigned char *p;
@@ -524,63 +504,62 @@
MBEDTLS_MPI_MAX_LIMBS * sizeof(mbedtls_mpi_uint) + 1;
size_t size = too_many_octets + 6;
- mbedtls_mpi_init( &actual_mpi );
+ mbedtls_mpi_init(&actual_mpi);
- ASSERT_ALLOC( buf, size );
+ ASSERT_ALLOC(buf, size);
buf[0] = 0x02; /* tag: INTEGER */
buf[1] = 0x84; /* 4-octet length */
- buf[2] = ( too_many_octets >> 24 ) & 0xff;
- buf[3] = ( too_many_octets >> 16 ) & 0xff;
- buf[4] = ( too_many_octets >> 8 ) & 0xff;
+ buf[2] = (too_many_octets >> 24) & 0xff;
+ buf[3] = (too_many_octets >> 16) & 0xff;
+ buf[4] = (too_many_octets >> 8) & 0xff;
buf[5] = too_many_octets & 0xff;
buf[6] = 0x01; /* most significant octet */
p = buf;
- TEST_EQUAL( mbedtls_asn1_get_mpi( &p, buf + size, &actual_mpi ),
- MBEDTLS_ERR_MPI_ALLOC_FAILED );
+ TEST_EQUAL(mbedtls_asn1_get_mpi(&p, buf + size, &actual_mpi),
+ MBEDTLS_ERR_MPI_ALLOC_FAILED);
exit:
- mbedtls_mpi_free( &actual_mpi );
- mbedtls_free( buf );
+ mbedtls_mpi_free(&actual_mpi);
+ mbedtls_free(buf);
}
/* END_CASE */
/* BEGIN_CASE */
-void get_bitstring( const data_t *input,
- int expected_length, int expected_unused_bits,
- int expected_result, int expected_result_null )
+void get_bitstring(const data_t *input,
+ int expected_length, int expected_unused_bits,
+ int expected_result, int expected_result_null)
{
mbedtls_asn1_bitstring bs = { 0xdead, 0x21, NULL };
unsigned char *p = input->x;
- TEST_EQUAL( mbedtls_asn1_get_bitstring( &p, input->x + input->len, &bs ),
- expected_result );
- if( expected_result == 0 )
- {
- TEST_EQUAL( bs.len, (size_t) expected_length );
- TEST_EQUAL( bs.unused_bits, expected_unused_bits );
- TEST_ASSERT( bs.p != NULL );
- TEST_EQUAL( bs.p - input->x + bs.len, input->len );
- TEST_ASSERT( p == input->x + input->len );
+ TEST_EQUAL(mbedtls_asn1_get_bitstring(&p, input->x + input->len, &bs),
+ expected_result);
+ if (expected_result == 0) {
+ TEST_EQUAL(bs.len, (size_t) expected_length);
+ TEST_EQUAL(bs.unused_bits, expected_unused_bits);
+ TEST_ASSERT(bs.p != NULL);
+ TEST_EQUAL(bs.p - input->x + bs.len, input->len);
+ TEST_ASSERT(p == input->x + input->len);
}
p = input->x;
- TEST_EQUAL( mbedtls_asn1_get_bitstring_null( &p, input->x + input->len,
- &bs.len ),
- expected_result_null );
- if( expected_result_null == 0 )
- {
- TEST_EQUAL( bs.len, (size_t) expected_length );
- if( expected_result == 0 )
- TEST_ASSERT( p == input->x + input->len - bs.len );
+ TEST_EQUAL(mbedtls_asn1_get_bitstring_null(&p, input->x + input->len,
+ &bs.len),
+ expected_result_null);
+ if (expected_result_null == 0) {
+ TEST_EQUAL(bs.len, (size_t) expected_length);
+ if (expected_result == 0) {
+ TEST_ASSERT(p == input->x + input->len - bs.len);
+ }
}
}
/* END_CASE */
/* BEGIN_CASE */
-void get_sequence_of( const data_t *input, int tag,
- const char *description,
- int expected_result )
+void get_sequence_of(const data_t *input, int tag,
+ const char *description,
+ int expected_result)
{
/* The description string is a comma-separated list of integers.
* For each element in the SEQUENCE in input, description contains
@@ -596,53 +575,49 @@
unsigned long n;
unsigned int step = 0;
- TEST_EQUAL( mbedtls_asn1_get_sequence_of( &p, input->x + input->len,
- &head, tag ),
- expected_result );
- if( expected_result == 0 )
- {
- TEST_ASSERT( p == input->x + input->len );
+ TEST_EQUAL(mbedtls_asn1_get_sequence_of(&p, input->x + input->len,
+ &head, tag),
+ expected_result);
+ if (expected_result == 0) {
+ TEST_ASSERT(p == input->x + input->len);
- if( ! *rest )
- {
- TEST_EQUAL( head.buf.tag, 0 );
- TEST_ASSERT( head.buf.p == NULL );
- TEST_EQUAL( head.buf.len, 0 );
- TEST_ASSERT( head.next == NULL );
- }
- else
- {
+ if (!*rest) {
+ TEST_EQUAL(head.buf.tag, 0);
+ TEST_ASSERT(head.buf.p == NULL);
+ TEST_EQUAL(head.buf.len, 0);
+ TEST_ASSERT(head.next == NULL);
+ } else {
cur = &head;
- while( *rest )
- {
- mbedtls_test_set_step( step );
- TEST_ASSERT( cur != NULL );
- TEST_EQUAL( cur->buf.tag, tag );
- n = strtoul( rest, (char **) &rest, 0 );
- TEST_EQUAL( n, (size_t)( cur->buf.p - input->x ) );
+ while (*rest) {
+ mbedtls_test_set_step(step);
+ TEST_ASSERT(cur != NULL);
+ TEST_EQUAL(cur->buf.tag, tag);
+ n = strtoul(rest, (char **) &rest, 0);
+ TEST_EQUAL(n, (size_t) (cur->buf.p - input->x));
++rest;
- n = strtoul( rest, (char **) &rest, 0 );
- TEST_EQUAL( n, cur->buf.len );
- if( *rest )
+ n = strtoul(rest, (char **) &rest, 0);
+ TEST_EQUAL(n, cur->buf.len);
+ if (*rest) {
++rest;
+ }
cur = cur->next;
++step;
}
- TEST_ASSERT( cur == NULL );
+ TEST_ASSERT(cur == NULL);
}
}
exit:
- mbedtls_asn1_sequence_free( head.next );
+ mbedtls_asn1_sequence_free(head.next);
}
/* END_CASE */
/* BEGIN_CASE */
-void traverse_sequence_of( const data_t *input,
- int tag_must_mask, int tag_must_val,
- int tag_may_mask, int tag_may_val,
- const char *description,
- int expected_result )
+void traverse_sequence_of(const data_t *input,
+ int tag_must_mask, int tag_must_val,
+ int tag_may_mask, int tag_may_val,
+ const char *description,
+ int expected_result)
{
/* The description string is a comma-separated list of integers.
* For each element in the SEQUENCE in input, description contains
@@ -652,144 +627,148 @@
* "offset1,tag1,length1,..." */
unsigned char *p = input->x;
- traverse_state_t traverse_state = {input->x, description};
+ traverse_state_t traverse_state = { input->x, description };
int ret;
- ret = mbedtls_asn1_traverse_sequence_of( &p, input->x + input->len,
- (uint8_t) tag_must_mask, (uint8_t) tag_must_val,
- (uint8_t) tag_may_mask, (uint8_t) tag_may_val,
- traverse_callback, &traverse_state );
- if( ret == RET_TRAVERSE_ERROR )
+ ret = mbedtls_asn1_traverse_sequence_of(&p, input->x + input->len,
+ (uint8_t) tag_must_mask, (uint8_t) tag_must_val,
+ (uint8_t) tag_may_mask, (uint8_t) tag_may_val,
+ traverse_callback, &traverse_state);
+ if (ret == RET_TRAVERSE_ERROR) {
goto exit;
- TEST_EQUAL( ret, expected_result );
- TEST_EQUAL( *traverse_state.description, 0 );
+ }
+ TEST_EQUAL(ret, expected_result);
+ TEST_EQUAL(*traverse_state.description, 0);
}
/* END_CASE */
/* BEGIN_CASE */
-void get_alg( const data_t *input,
- int oid_offset, int oid_length,
- int params_tag, int params_offset, int params_length,
- int total_length,
- int expected_result )
+void get_alg(const data_t *input,
+ int oid_offset, int oid_length,
+ int params_tag, int params_offset, int params_length,
+ int total_length,
+ int expected_result)
{
mbedtls_asn1_buf oid = { -1, 0, NULL };
mbedtls_asn1_buf params = { -1, 0, NULL };
unsigned char *p = input->x;
int ret;
- TEST_EQUAL( mbedtls_asn1_get_alg( &p, input->x + input->len,
- &oid, ¶ms ),
- expected_result );
- if( expected_result == 0 )
- {
- TEST_EQUAL( oid.tag, MBEDTLS_ASN1_OID );
- TEST_EQUAL( oid.p - input->x, oid_offset );
- TEST_EQUAL( oid.len, (size_t) oid_length );
- TEST_EQUAL( params.tag, params_tag );
- if( params_offset != 0 )
- TEST_EQUAL( params.p - input->x, params_offset );
- else
- TEST_ASSERT( params.p == NULL );
- TEST_EQUAL( params.len, (size_t) params_length );
- TEST_EQUAL( p - input->x, total_length );
+ TEST_EQUAL(mbedtls_asn1_get_alg(&p, input->x + input->len,
+ &oid, ¶ms),
+ expected_result);
+ if (expected_result == 0) {
+ TEST_EQUAL(oid.tag, MBEDTLS_ASN1_OID);
+ TEST_EQUAL(oid.p - input->x, oid_offset);
+ TEST_EQUAL(oid.len, (size_t) oid_length);
+ TEST_EQUAL(params.tag, params_tag);
+ if (params_offset != 0) {
+ TEST_EQUAL(params.p - input->x, params_offset);
+ } else {
+ TEST_ASSERT(params.p == NULL);
+ }
+ TEST_EQUAL(params.len, (size_t) params_length);
+ TEST_EQUAL(p - input->x, total_length);
}
- ret = mbedtls_asn1_get_alg_null( &p, input->x + input->len, &oid );
- if( expected_result == 0 && params_offset == 0 )
- {
- TEST_EQUAL( oid.tag, MBEDTLS_ASN1_OID );
- TEST_EQUAL( oid.p - input->x, oid_offset );
- TEST_EQUAL( oid.len, (size_t) oid_length );
- TEST_EQUAL( p - input->x, total_length );
+ ret = mbedtls_asn1_get_alg_null(&p, input->x + input->len, &oid);
+ if (expected_result == 0 && params_offset == 0) {
+ TEST_EQUAL(oid.tag, MBEDTLS_ASN1_OID);
+ TEST_EQUAL(oid.p - input->x, oid_offset);
+ TEST_EQUAL(oid.len, (size_t) oid_length);
+ TEST_EQUAL(p - input->x, total_length);
+ } else {
+ TEST_ASSERT(ret != 0);
}
- else
- TEST_ASSERT( ret != 0 );
}
/* END_CASE */
/* BEGIN_CASE */
-void find_named_data( data_t *oid0, data_t *oid1, data_t *oid2, data_t *oid3,
- data_t *needle, int from, int position )
+void find_named_data(data_t *oid0, data_t *oid1, data_t *oid2, data_t *oid3,
+ data_t *needle, int from, int position)
{
- mbedtls_asn1_named_data nd[] ={
- { {0x06, oid0->len, oid0->x}, {0, 0, NULL}, NULL, 0 },
- { {0x06, oid1->len, oid1->x}, {0, 0, NULL}, NULL, 0 },
- { {0x06, oid2->len, oid2->x}, {0, 0, NULL}, NULL, 0 },
- { {0x06, oid3->len, oid3->x}, {0, 0, NULL}, NULL, 0 },
+ mbedtls_asn1_named_data nd[] = {
+ { { 0x06, oid0->len, oid0->x }, { 0, 0, NULL }, NULL, 0 },
+ { { 0x06, oid1->len, oid1->x }, { 0, 0, NULL }, NULL, 0 },
+ { { 0x06, oid2->len, oid2->x }, { 0, 0, NULL }, NULL, 0 },
+ { { 0x06, oid3->len, oid3->x }, { 0, 0, NULL }, NULL, 0 },
};
- mbedtls_asn1_named_data *pointers[ARRAY_LENGTH( nd ) + 1];
+ mbedtls_asn1_named_data *pointers[ARRAY_LENGTH(nd) + 1];
size_t i;
mbedtls_asn1_named_data *found;
- for( i = 0; i < ARRAY_LENGTH( nd ); i++ )
+ for (i = 0; i < ARRAY_LENGTH(nd); i++) {
pointers[i] = &nd[i];
- pointers[ARRAY_LENGTH( nd )] = NULL;
- for( i = 0; i < ARRAY_LENGTH( nd ); i++ )
+ }
+ pointers[ARRAY_LENGTH(nd)] = NULL;
+ for (i = 0; i < ARRAY_LENGTH(nd); i++) {
nd[i].next = pointers[i+1];
+ }
- found = mbedtls_asn1_find_named_data( pointers[from],
- (const char *) needle->x,
- needle->len );
- TEST_ASSERT( found == pointers[position] );
+ found = mbedtls_asn1_find_named_data(pointers[from],
+ (const char *) needle->x,
+ needle->len);
+ TEST_ASSERT(found == pointers[position]);
}
/* END_CASE */
/* BEGIN_CASE */
-void free_named_data_null( )
+void free_named_data_null()
{
- mbedtls_asn1_free_named_data( NULL );
+ mbedtls_asn1_free_named_data(NULL);
goto exit; /* Silence unused label warning */
}
/* END_CASE */
/* BEGIN_CASE */
-void free_named_data( int with_oid, int with_val, int with_next )
+void free_named_data(int with_oid, int with_val, int with_next)
{
mbedtls_asn1_named_data next =
- { {0x06, 0, NULL}, {0, 0xcafe, NULL}, NULL, 0 };
+ { { 0x06, 0, NULL }, { 0, 0xcafe, NULL }, NULL, 0 };
mbedtls_asn1_named_data head =
- { {0x06, 0, NULL}, {0, 0, NULL}, NULL, 0 };
+ { { 0x06, 0, NULL }, { 0, 0, NULL }, NULL, 0 };
- if( with_oid )
- ASSERT_ALLOC( head.oid.p, 1 );
- if( with_val )
- ASSERT_ALLOC( head.val.p, 1 );
- if( with_next )
+ if (with_oid) {
+ ASSERT_ALLOC(head.oid.p, 1);
+ }
+ if (with_val) {
+ ASSERT_ALLOC(head.val.p, 1);
+ }
+ if (with_next) {
head.next = &next;
+ }
- mbedtls_asn1_free_named_data( &head );
- TEST_ASSERT( head.oid.p == NULL );
- TEST_ASSERT( head.val.p == NULL );
- TEST_ASSERT( head.next == NULL );
- TEST_ASSERT( next.val.len == 0xcafe );
+ mbedtls_asn1_free_named_data(&head);
+ TEST_ASSERT(head.oid.p == NULL);
+ TEST_ASSERT(head.val.p == NULL);
+ TEST_ASSERT(head.next == NULL);
+ TEST_ASSERT(next.val.len == 0xcafe);
exit:
- mbedtls_free( head.oid.p );
- mbedtls_free( head.val.p );
+ mbedtls_free(head.oid.p);
+ mbedtls_free(head.val.p);
}
/* END_CASE */
/* BEGIN_CASE */
-void free_named_data_list( int length )
+void free_named_data_list(int length)
{
mbedtls_asn1_named_data *head = NULL;
int i;
- for( i = 0; i < length; i++ )
- {
+ for (i = 0; i < length; i++) {
mbedtls_asn1_named_data *new = NULL;
- ASSERT_ALLOC( new, 1 );
+ ASSERT_ALLOC(new, 1);
new->next = head;
head = new;
}
- mbedtls_asn1_free_named_data_list( &head );
- TEST_ASSERT( head == NULL );
+ mbedtls_asn1_free_named_data_list(&head);
+ TEST_ASSERT(head == NULL);
/* Most of the point of the test is that it doesn't leak memory.
* So this test is only really useful under a memory leak detection
* framework. */
exit:
- mbedtls_asn1_free_named_data_list( &head );
+ mbedtls_asn1_free_named_data_list(&head);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function
index 5aa4cbe..06b9edf 100644
--- a/tests/suites/test_suite_asn1write.function
+++ b/tests/suites/test_suite_asn1write.function
@@ -4,8 +4,7 @@
#define GUARD_LEN 4
#define GUARD_VAL 0x2a
-typedef struct
-{
+typedef struct {
unsigned char *output;
unsigned char *start;
unsigned char *end;
@@ -13,41 +12,38 @@
size_t size;
} generic_write_data_t;
-int generic_write_start_step( generic_write_data_t *data )
+int generic_write_start_step(generic_write_data_t *data)
{
- mbedtls_test_set_step( data->size );
- mbedtls_free( data->output );
+ mbedtls_test_set_step(data->size);
+ mbedtls_free(data->output);
data->output = NULL;
- ASSERT_ALLOC( data->output, data->size == 0 ? 1 : data->size );
+ ASSERT_ALLOC(data->output, data->size == 0 ? 1 : data->size);
data->end = data->output + data->size;
data->p = data->end;
data->start = data->end - data->size;
- return( 1 );
+ return 1;
exit:
- return( 0 );
+ return 0;
}
-int generic_write_finish_step( generic_write_data_t *data,
- const data_t *expected, int ret )
+int generic_write_finish_step(generic_write_data_t *data,
+ const data_t *expected, int ret)
{
int ok = 0;
- if( data->size < expected->len )
- {
- TEST_EQUAL( ret, MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
- }
- else
- {
- TEST_EQUAL( ret, data->end - data->p );
- TEST_ASSERT( data->p >= data->start );
- TEST_ASSERT( data->p <= data->end );
- ASSERT_COMPARE( data->p, (size_t)( data->end - data->p ),
- expected->x, expected->len );
+ if (data->size < expected->len) {
+ TEST_EQUAL(ret, MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
+ } else {
+ TEST_EQUAL(ret, data->end - data->p);
+ TEST_ASSERT(data->p >= data->start);
+ TEST_ASSERT(data->p <= data->end);
+ ASSERT_COMPARE(data->p, (size_t) (data->end - data->p),
+ expected->x, expected->len);
}
ok = 1;
exit:
- return( ok );
+ return ok;
}
/* END_HEADER */
@@ -58,206 +54,209 @@
*/
/* BEGIN_CASE */
-void mbedtls_asn1_write_null( data_t *expected )
+void mbedtls_asn1_write_null(data_t *expected)
{
generic_write_data_t data = { NULL, NULL, NULL, NULL, 0 };
int ret;
- for( data.size = 0; data.size <= expected->len + 1; data.size++ )
- {
- if( ! generic_write_start_step( &data ) )
+ for (data.size = 0; data.size <= expected->len + 1; data.size++) {
+ if (!generic_write_start_step(&data)) {
goto exit;
- ret = mbedtls_asn1_write_null( &data.p, data.start );
- if( ! generic_write_finish_step( &data, expected, ret ) )
+ }
+ ret = mbedtls_asn1_write_null(&data.p, data.start);
+ if (!generic_write_finish_step(&data, expected, ret)) {
goto exit;
+ }
/* There's no parsing function for NULL. */
}
exit:
- mbedtls_free( data.output );
+ mbedtls_free(data.output);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_asn1_write_bool( int val, data_t *expected )
+void mbedtls_asn1_write_bool(int val, data_t *expected)
{
generic_write_data_t data = { NULL, NULL, NULL, NULL, 0 };
int ret;
- for( data.size = 0; data.size <= expected->len + 1; data.size++ )
- {
- if( ! generic_write_start_step( &data ) )
+ for (data.size = 0; data.size <= expected->len + 1; data.size++) {
+ if (!generic_write_start_step(&data)) {
goto exit;
- ret = mbedtls_asn1_write_bool( &data.p, data.start, val );
- if( ! generic_write_finish_step( &data, expected, ret ) )
+ }
+ ret = mbedtls_asn1_write_bool(&data.p, data.start, val);
+ if (!generic_write_finish_step(&data, expected, ret)) {
goto exit;
+ }
#if defined(MBEDTLS_ASN1_PARSE_C)
- if( ret >= 0 )
- {
+ if (ret >= 0) {
int read = 0xdeadbeef;
- TEST_EQUAL( mbedtls_asn1_get_bool( &data.p, data.end, &read ), 0 );
- TEST_EQUAL( val, read );
+ TEST_EQUAL(mbedtls_asn1_get_bool(&data.p, data.end, &read), 0);
+ TEST_EQUAL(val, read);
}
#endif /* MBEDTLS_ASN1_PARSE_C */
}
exit:
- mbedtls_free( data.output );
+ mbedtls_free(data.output);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_asn1_write_int( int val, data_t *expected )
+void mbedtls_asn1_write_int(int val, data_t *expected)
{
generic_write_data_t data = { NULL, NULL, NULL, NULL, 0 };
int ret;
- for( data.size = 0; data.size <= expected->len + 1; data.size++ )
- {
- if( ! generic_write_start_step( &data ) )
+ for (data.size = 0; data.size <= expected->len + 1; data.size++) {
+ if (!generic_write_start_step(&data)) {
goto exit;
- ret = mbedtls_asn1_write_int( &data.p, data.start, val );
- if( ! generic_write_finish_step( &data, expected, ret ) )
+ }
+ ret = mbedtls_asn1_write_int(&data.p, data.start, val);
+ if (!generic_write_finish_step(&data, expected, ret)) {
goto exit;
+ }
#if defined(MBEDTLS_ASN1_PARSE_C)
- if( ret >= 0 )
- {
+ if (ret >= 0) {
int read = 0xdeadbeef;
- TEST_EQUAL( mbedtls_asn1_get_int( &data.p, data.end, &read ), 0 );
- TEST_EQUAL( val, read );
+ TEST_EQUAL(mbedtls_asn1_get_int(&data.p, data.end, &read), 0);
+ TEST_EQUAL(val, read);
}
#endif /* MBEDTLS_ASN1_PARSE_C */
}
exit:
- mbedtls_free( data.output );
+ mbedtls_free(data.output);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_asn1_write_enum( int val, data_t *expected )
+void mbedtls_asn1_write_enum(int val, data_t *expected)
{
generic_write_data_t data = { NULL, NULL, NULL, NULL, 0 };
int ret;
- for( data.size = 0; data.size <= expected->len + 1; data.size++ )
- {
- if( ! generic_write_start_step( &data ) )
+ for (data.size = 0; data.size <= expected->len + 1; data.size++) {
+ if (!generic_write_start_step(&data)) {
goto exit;
- ret = mbedtls_asn1_write_enum( &data.p, data.start, val );
- if( ! generic_write_finish_step( &data, expected, ret ) )
+ }
+ ret = mbedtls_asn1_write_enum(&data.p, data.start, val);
+ if (!generic_write_finish_step(&data, expected, ret)) {
goto exit;
+ }
#if defined(MBEDTLS_ASN1_PARSE_C)
- if( ret >= 0 )
- {
+ if (ret >= 0) {
int read = 0xdeadbeef;
- TEST_EQUAL( mbedtls_asn1_get_enum( &data.p, data.end, &read ), 0 );
- TEST_EQUAL( val, read );
+ TEST_EQUAL(mbedtls_asn1_get_enum(&data.p, data.end, &read), 0);
+ TEST_EQUAL(val, read);
}
#endif /* MBEDTLS_ASN1_PARSE_C */
}
exit:
- mbedtls_free( data.output );
+ mbedtls_free(data.output);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_BIGNUM_C */
-void mbedtls_asn1_write_mpi( data_t *val, data_t *expected )
+void mbedtls_asn1_write_mpi(data_t *val, data_t *expected)
{
generic_write_data_t data = { NULL, NULL, NULL, NULL, 0 };
mbedtls_mpi mpi, read;
int ret;
- mbedtls_mpi_init( &mpi );
- mbedtls_mpi_init( &read );
- TEST_ASSERT( mbedtls_mpi_read_binary( &mpi, val->x, val->len ) == 0 );
+ mbedtls_mpi_init(&mpi);
+ mbedtls_mpi_init(&read);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&mpi, val->x, val->len) == 0);
- for( data.size = 0; data.size <= expected->len + 1; data.size++ )
- {
- if( ! generic_write_start_step( &data ) )
+ for (data.size = 0; data.size <= expected->len + 1; data.size++) {
+ if (!generic_write_start_step(&data)) {
goto exit;
- ret = mbedtls_asn1_write_mpi( &data.p, data.start, &mpi );
- if( ! generic_write_finish_step( &data, expected, ret ) )
+ }
+ ret = mbedtls_asn1_write_mpi(&data.p, data.start, &mpi);
+ if (!generic_write_finish_step(&data, expected, ret)) {
goto exit;
+ }
#if defined(MBEDTLS_ASN1_PARSE_C)
- if( ret >= 0 )
- {
- TEST_EQUAL( mbedtls_asn1_get_mpi( &data.p, data.end, &read ), 0 );
- TEST_EQUAL( 0, mbedtls_mpi_cmp_mpi( &mpi, &read ) );
+ if (ret >= 0) {
+ TEST_EQUAL(mbedtls_asn1_get_mpi(&data.p, data.end, &read), 0);
+ TEST_EQUAL(0, mbedtls_mpi_cmp_mpi(&mpi, &read));
}
#endif /* MBEDTLS_ASN1_PARSE_C */
/* Skip some intermediate lengths, they're boring. */
- if( expected->len > 10 && data.size == 8 )
+ if (expected->len > 10 && data.size == 8) {
data.size = expected->len - 2;
+ }
}
exit:
- mbedtls_mpi_free( &mpi );
- mbedtls_mpi_free( &read );
- mbedtls_free( data.output );
+ mbedtls_mpi_free(&mpi);
+ mbedtls_mpi_free(&read);
+ mbedtls_free(data.output);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_asn1_write_string( int tag, data_t *content, data_t *expected )
+void mbedtls_asn1_write_string(int tag, data_t *content, data_t *expected)
{
generic_write_data_t data = { NULL, NULL, NULL, NULL, 0 };
int ret;
- for( data.size = 0; data.size <= expected->len + 1; data.size++ )
- {
- if( ! generic_write_start_step( &data ) )
+ for (data.size = 0; data.size <= expected->len + 1; data.size++) {
+ if (!generic_write_start_step(&data)) {
goto exit;
- switch( tag )
- {
+ }
+ switch (tag) {
case MBEDTLS_ASN1_OCTET_STRING:
ret = mbedtls_asn1_write_octet_string(
- &data.p, data.start, content->x, content->len );
+ &data.p, data.start, content->x, content->len);
break;
case MBEDTLS_ASN1_OID:
ret = mbedtls_asn1_write_oid(
&data.p, data.start,
- (const char *) content->x, content->len );
+ (const char *) content->x, content->len);
break;
case MBEDTLS_ASN1_UTF8_STRING:
ret = mbedtls_asn1_write_utf8_string(
&data.p, data.start,
- (const char *) content->x, content->len );
+ (const char *) content->x, content->len);
break;
case MBEDTLS_ASN1_PRINTABLE_STRING:
ret = mbedtls_asn1_write_printable_string(
&data.p, data.start,
- (const char *) content->x, content->len );
+ (const char *) content->x, content->len);
break;
case MBEDTLS_ASN1_IA5_STRING:
ret = mbedtls_asn1_write_ia5_string(
&data.p, data.start,
- (const char *) content->x, content->len );
+ (const char *) content->x, content->len);
break;
default:
ret = mbedtls_asn1_write_tagged_string(
&data.p, data.start, tag,
- (const char *) content->x, content->len );
+ (const char *) content->x, content->len);
}
- if( ! generic_write_finish_step( &data, expected, ret ) )
+ if (!generic_write_finish_step(&data, expected, ret)) {
goto exit;
+ }
/* There's no parsing function for octet or character strings. */
/* Skip some intermediate lengths, they're boring. */
- if( expected->len > 10 && data.size == 8 )
+ if (expected->len > 10 && data.size == 8) {
data.size = expected->len - 2;
+ }
}
exit:
- mbedtls_free( data.output );
+ mbedtls_free(data.output);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_asn1_write_algorithm_identifier( data_t *oid,
- int par_len,
- data_t *expected )
+void mbedtls_asn1_write_algorithm_identifier(data_t *oid,
+ int par_len,
+ data_t *expected)
{
generic_write_data_t data = { NULL, NULL, NULL, NULL, 0 };
int ret;
@@ -265,29 +264,30 @@
unsigned char *buf_complete = NULL;
#endif /* MBEDTLS_ASN1_PARSE_C */
- for( data.size = 0; data.size <= expected->len + 1; data.size++ )
- {
- if( ! generic_write_start_step( &data ) )
+ for (data.size = 0; data.size <= expected->len + 1; data.size++) {
+ if (!generic_write_start_step(&data)) {
goto exit;
+ }
ret = mbedtls_asn1_write_algorithm_identifier(
&data.p, data.start,
- (const char *) oid->x, oid->len, par_len );
+ (const char *) oid->x, oid->len, par_len);
/* If params_len != 0, mbedtls_asn1_write_algorithm_identifier()
* assumes that the parameters are already present in the buffer
* and returns a length that accounts for this, but our test
* data omits the parameters. */
- if( ret >= 0 )
+ if (ret >= 0) {
ret -= par_len;
- if( ! generic_write_finish_step( &data, expected, ret ) )
+ }
+ if (!generic_write_finish_step(&data, expected, ret)) {
goto exit;
+ }
#if defined(MBEDTLS_ASN1_PARSE_C)
/* Only do a parse-back test if the parameters aren't too large for
* a small-heap environment. The boundary is somewhat arbitrary. */
- if( ret >= 0 && par_len <= 1234 )
- {
- mbedtls_asn1_buf alg = {0, 0, NULL};
- mbedtls_asn1_buf params = {0, 0, NULL};
+ if (ret >= 0 && par_len <= 1234) {
+ mbedtls_asn1_buf alg = { 0, 0, NULL };
+ mbedtls_asn1_buf params = { 0, 0, NULL };
/* The writing function doesn't write the parameters unless
* they're null: it only takes their length as input. But the
* parsing function requires the parameters to be present.
@@ -296,59 +296,52 @@
size_t len_complete = data_len + par_len;
unsigned char expected_params_tag;
size_t expected_params_len;
- ASSERT_ALLOC( buf_complete, len_complete );
+ ASSERT_ALLOC(buf_complete, len_complete);
unsigned char *end_complete = buf_complete + len_complete;
- memcpy( buf_complete, data.p, data_len );
- if( par_len == 0 )
- {
+ memcpy(buf_complete, data.p, data_len);
+ if (par_len == 0) {
/* mbedtls_asn1_write_algorithm_identifier() wrote a NULL */
expected_params_tag = 0x05;
expected_params_len = 0;
- }
- else if( par_len >= 2 && par_len < 2 + 128 )
- {
+ } else if (par_len >= 2 && par_len < 2 + 128) {
/* Write an OCTET STRING with a short length encoding */
expected_params_tag = buf_complete[data_len] = 0x04;
expected_params_len = par_len - 2;
buf_complete[data_len + 1] = (unsigned char) expected_params_len;
- }
- else if( par_len >= 4 + 128 && par_len < 3 + 256 * 256 )
- {
+ } else if (par_len >= 4 + 128 && par_len < 3 + 256 * 256) {
/* Write an OCTET STRING with a two-byte length encoding */
expected_params_tag = buf_complete[data_len] = 0x04;
expected_params_len = par_len - 4;
buf_complete[data_len + 1] = 0x82;
- buf_complete[data_len + 2] = (unsigned char) ( expected_params_len >> 8 );
- buf_complete[data_len + 3] = (unsigned char) ( expected_params_len );
- }
- else
- {
- TEST_ASSERT( ! "Bad test data: invalid length of ASN.1 element" );
+ buf_complete[data_len + 2] = (unsigned char) (expected_params_len >> 8);
+ buf_complete[data_len + 3] = (unsigned char) (expected_params_len);
+ } else {
+ TEST_ASSERT(!"Bad test data: invalid length of ASN.1 element");
}
unsigned char *p = buf_complete;
- TEST_EQUAL( mbedtls_asn1_get_alg( &p, end_complete,
- &alg, ¶ms ), 0 );
- TEST_EQUAL( alg.tag, MBEDTLS_ASN1_OID );
- ASSERT_COMPARE( alg.p, alg.len, oid->x, oid->len );
- TEST_EQUAL( params.tag, expected_params_tag );
- TEST_EQUAL( params.len, expected_params_len );
- mbedtls_free( buf_complete );
+ TEST_EQUAL(mbedtls_asn1_get_alg(&p, end_complete,
+ &alg, ¶ms), 0);
+ TEST_EQUAL(alg.tag, MBEDTLS_ASN1_OID);
+ ASSERT_COMPARE(alg.p, alg.len, oid->x, oid->len);
+ TEST_EQUAL(params.tag, expected_params_tag);
+ TEST_EQUAL(params.len, expected_params_len);
+ mbedtls_free(buf_complete);
buf_complete = NULL;
}
#endif /* MBEDTLS_ASN1_PARSE_C */
}
exit:
- mbedtls_free( data.output );
+ mbedtls_free(data.output);
#if defined(MBEDTLS_ASN1_PARSE_C)
- mbedtls_free( buf_complete );
+ mbedtls_free(buf_complete);
#endif /* MBEDTLS_ASN1_PARSE_C */
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
-void mbedtls_asn1_write_len( int len, data_t * asn1, int buf_len,
- int result )
+void mbedtls_asn1_write_len(int len, data_t *asn1, int buf_len,
+ int result)
{
int ret;
unsigned char buf[150];
@@ -356,260 +349,253 @@
size_t i;
size_t read_len;
- memset( buf, GUARD_VAL, sizeof( buf ) );
+ memset(buf, GUARD_VAL, sizeof(buf));
p = buf + GUARD_LEN + buf_len;
- ret = mbedtls_asn1_write_len( &p, buf + GUARD_LEN, (size_t) len );
+ ret = mbedtls_asn1_write_len(&p, buf + GUARD_LEN, (size_t) len);
- TEST_ASSERT( ret == result );
+ TEST_ASSERT(ret == result);
/* Check for buffer overwrite on both sides */
- for( i = 0; i < GUARD_LEN; i++ )
- {
- TEST_ASSERT( buf[i] == GUARD_VAL );
- TEST_ASSERT( buf[GUARD_LEN + buf_len + i] == GUARD_VAL );
+ for (i = 0; i < GUARD_LEN; i++) {
+ TEST_ASSERT(buf[i] == GUARD_VAL);
+ TEST_ASSERT(buf[GUARD_LEN + buf_len + i] == GUARD_VAL);
}
- if( result >= 0 )
- {
- TEST_ASSERT( p + asn1->len == buf + GUARD_LEN + buf_len );
+ if (result >= 0) {
+ TEST_ASSERT(p + asn1->len == buf + GUARD_LEN + buf_len);
- TEST_ASSERT( memcmp( p, asn1->x, asn1->len ) == 0 );
+ TEST_ASSERT(memcmp(p, asn1->x, asn1->len) == 0);
/* Read back with mbedtls_asn1_get_len() to check */
- ret = mbedtls_asn1_get_len( &p, buf + GUARD_LEN + buf_len, &read_len );
+ ret = mbedtls_asn1_get_len(&p, buf + GUARD_LEN + buf_len, &read_len);
- if( len == 0 )
- {
- TEST_ASSERT( ret == 0 );
- }
- else
- {
+ if (len == 0) {
+ TEST_ASSERT(ret == 0);
+ } else {
/* Return will be MBEDTLS_ERR_ASN1_OUT_OF_DATA because the rest of
* the buffer is missing
*/
- TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+ TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_OUT_OF_DATA);
}
- TEST_ASSERT( read_len == (size_t) len );
- TEST_ASSERT( p == buf + GUARD_LEN + buf_len );
+ TEST_ASSERT(read_len == (size_t) len);
+ TEST_ASSERT(p == buf + GUARD_LEN + buf_len);
}
}
/* END_CASE */
/* BEGIN_CASE */
-void test_asn1_write_bitstrings( data_t *bitstring, int bits,
- data_t *expected, int is_named )
+void test_asn1_write_bitstrings(data_t *bitstring, int bits,
+ data_t *expected, int is_named)
{
generic_write_data_t data = { NULL, NULL, NULL, NULL, 0 };
int ret;
- int ( *func )( unsigned char **p, unsigned char *start,
- const unsigned char *buf, size_t bits ) =
- ( is_named ? mbedtls_asn1_write_named_bitstring :
- mbedtls_asn1_write_bitstring );
+ int (*func)(unsigned char **p, unsigned char *start,
+ const unsigned char *buf, size_t bits) =
+ (is_named ? mbedtls_asn1_write_named_bitstring :
+ mbedtls_asn1_write_bitstring);
#if defined(MBEDTLS_ASN1_PARSE_C)
unsigned char *masked_bitstring = NULL;
#endif /* MBEDTLS_ASN1_PARSE_C */
/* The API expects `bitstring->x` to contain `bits` bits. */
- size_t byte_length = ( bits + 7 ) / 8;
- TEST_ASSERT( bitstring->len >= byte_length );
+ size_t byte_length = (bits + 7) / 8;
+ TEST_ASSERT(bitstring->len >= byte_length);
#if defined(MBEDTLS_ASN1_PARSE_C)
- ASSERT_ALLOC( masked_bitstring, byte_length );
- if( byte_length != 0 )
- {
- memcpy( masked_bitstring, bitstring->x, byte_length );
- if( bits % 8 != 0 )
- masked_bitstring[byte_length - 1] &= ~( 0xff >> ( bits % 8 ) );
+ ASSERT_ALLOC(masked_bitstring, byte_length);
+ if (byte_length != 0) {
+ memcpy(masked_bitstring, bitstring->x, byte_length);
+ if (bits % 8 != 0) {
+ masked_bitstring[byte_length - 1] &= ~(0xff >> (bits % 8));
+ }
}
size_t value_bits = bits;
- if( is_named )
- {
+ if (is_named) {
/* In a named bit string, all trailing 0 bits are removed. */
- while( byte_length > 0 && masked_bitstring[byte_length - 1] == 0 )
+ while (byte_length > 0 && masked_bitstring[byte_length - 1] == 0) {
--byte_length;
+ }
value_bits = 8 * byte_length;
- if( byte_length > 0 )
- {
+ if (byte_length > 0) {
unsigned char last_byte = masked_bitstring[byte_length - 1];
- for( unsigned b = 1; b < 0xff && ( last_byte & b ) == 0; b <<= 1 )
+ for (unsigned b = 1; b < 0xff && (last_byte & b) == 0; b <<= 1) {
--value_bits;
+ }
}
}
#endif /* MBEDTLS_ASN1_PARSE_C */
- for( data.size = 0; data.size <= expected->len + 1; data.size++ )
- {
- if( ! generic_write_start_step( &data ) )
+ for (data.size = 0; data.size <= expected->len + 1; data.size++) {
+ if (!generic_write_start_step(&data)) {
goto exit;
- ret = ( *func )( &data.p, data.start, bitstring->x, bits );
- if( ! generic_write_finish_step( &data, expected, ret ) )
+ }
+ ret = (*func)(&data.p, data.start, bitstring->x, bits);
+ if (!generic_write_finish_step(&data, expected, ret)) {
goto exit;
+ }
#if defined(MBEDTLS_ASN1_PARSE_C)
- if( ret >= 0 )
- {
- mbedtls_asn1_bitstring read = {0, 0, NULL};
- TEST_EQUAL( mbedtls_asn1_get_bitstring( &data.p, data.end,
- &read ), 0 );
- ASSERT_COMPARE( read.p, read.len,
- masked_bitstring, byte_length );
- TEST_EQUAL( read.unused_bits, 8 * byte_length - value_bits );
+ if (ret >= 0) {
+ mbedtls_asn1_bitstring read = { 0, 0, NULL };
+ TEST_EQUAL(mbedtls_asn1_get_bitstring(&data.p, data.end,
+ &read), 0);
+ ASSERT_COMPARE(read.p, read.len,
+ masked_bitstring, byte_length);
+ TEST_EQUAL(read.unused_bits, 8 * byte_length - value_bits);
}
#endif /* MBEDTLS_ASN1_PARSE_C */
}
exit:
- mbedtls_free( data.output );
+ mbedtls_free(data.output);
#if defined(MBEDTLS_ASN1_PARSE_C)
- mbedtls_free( masked_bitstring );
+ mbedtls_free(masked_bitstring);
#endif /* MBEDTLS_ASN1_PARSE_C */
}
/* END_CASE */
/* BEGIN_CASE */
-void store_named_data_find( data_t *oid0, data_t *oid1,
- data_t *oid2, data_t *oid3,
- data_t *needle, int from, int position )
+void store_named_data_find(data_t *oid0, data_t *oid1,
+ data_t *oid2, data_t *oid3,
+ data_t *needle, int from, int position)
{
- data_t *oid[4] = {oid0, oid1, oid2, oid3};
- mbedtls_asn1_named_data nd[] ={
- { {0x06, 0, NULL}, {0, 0, NULL}, NULL, 0 },
- { {0x06, 0, NULL}, {0, 0, NULL}, NULL, 0 },
- { {0x06, 0, NULL}, {0, 0, NULL}, NULL, 0 },
- { {0x06, 0, NULL}, {0, 0, NULL}, NULL, 0 },
+ data_t *oid[4] = { oid0, oid1, oid2, oid3 };
+ mbedtls_asn1_named_data nd[] = {
+ { { 0x06, 0, NULL }, { 0, 0, NULL }, NULL, 0 },
+ { { 0x06, 0, NULL }, { 0, 0, NULL }, NULL, 0 },
+ { { 0x06, 0, NULL }, { 0, 0, NULL }, NULL, 0 },
+ { { 0x06, 0, NULL }, { 0, 0, NULL }, NULL, 0 },
};
- mbedtls_asn1_named_data *pointers[ARRAY_LENGTH( nd ) + 1];
+ mbedtls_asn1_named_data *pointers[ARRAY_LENGTH(nd) + 1];
size_t i;
mbedtls_asn1_named_data *head = NULL;
mbedtls_asn1_named_data *found = NULL;
- for( i = 0; i < ARRAY_LENGTH( nd ); i++ )
+ for (i = 0; i < ARRAY_LENGTH(nd); i++) {
pointers[i] = &nd[i];
- pointers[ARRAY_LENGTH( nd )] = NULL;
- for( i = 0; i < ARRAY_LENGTH( nd ); i++ )
- {
- ASSERT_ALLOC( nd[i].oid.p, oid[i]->len );
- memcpy( nd[i].oid.p, oid[i]->x, oid[i]->len );
+ }
+ pointers[ARRAY_LENGTH(nd)] = NULL;
+ for (i = 0; i < ARRAY_LENGTH(nd); i++) {
+ ASSERT_ALLOC(nd[i].oid.p, oid[i]->len);
+ memcpy(nd[i].oid.p, oid[i]->x, oid[i]->len);
nd[i].oid.len = oid[i]->len;
nd[i].next = pointers[i+1];
}
head = pointers[from];
- found = mbedtls_asn1_store_named_data( &head,
- (const char *) needle->x,
- needle->len,
- NULL, 0 );
+ found = mbedtls_asn1_store_named_data(&head,
+ (const char *) needle->x,
+ needle->len,
+ NULL, 0);
/* In any case, the existing list structure must be unchanged. */
- for( i = 0; i < ARRAY_LENGTH( nd ); i++ )
- TEST_ASSERT( nd[i].next == pointers[i+1] );
-
- if( position >= 0 )
- {
- /* position should have been found and modified. */
- TEST_ASSERT( head == pointers[from] );
- TEST_ASSERT( found == pointers[position] );
+ for (i = 0; i < ARRAY_LENGTH(nd); i++) {
+ TEST_ASSERT(nd[i].next == pointers[i+1]);
}
- else
- {
+
+ if (position >= 0) {
+ /* position should have been found and modified. */
+ TEST_ASSERT(head == pointers[from]);
+ TEST_ASSERT(found == pointers[position]);
+ } else {
/* A new entry should have been created. */
- TEST_ASSERT( found == head );
- TEST_ASSERT( head->next == pointers[from] );
- for( i = 0; i < ARRAY_LENGTH( nd ); i++ )
- TEST_ASSERT( found != &nd[i] );
+ TEST_ASSERT(found == head);
+ TEST_ASSERT(head->next == pointers[from]);
+ for (i = 0; i < ARRAY_LENGTH(nd); i++) {
+ TEST_ASSERT(found != &nd[i]);
+ }
}
exit:
- if( found != NULL && found == head && found != pointers[from] )
- {
- mbedtls_free( found->oid.p );
- mbedtls_free( found );
+ if (found != NULL && found == head && found != pointers[from]) {
+ mbedtls_free(found->oid.p);
+ mbedtls_free(found);
}
- for( i = 0; i < ARRAY_LENGTH( nd ); i++ )
- mbedtls_free( nd[i].oid.p );
+ for (i = 0; i < ARRAY_LENGTH(nd); i++) {
+ mbedtls_free(nd[i].oid.p);
+ }
}
/* END_CASE */
/* BEGIN_CASE */
-void store_named_data_val_found( int old_len, int new_len )
+void store_named_data_val_found(int old_len, int new_len)
{
mbedtls_asn1_named_data nd =
- { {0x06, 3, (unsigned char *) "OID"}, {0, 0, NULL}, NULL, 0 };
+ { { 0x06, 3, (unsigned char *) "OID" }, { 0, 0, NULL }, NULL, 0 };
mbedtls_asn1_named_data *head = &nd;
mbedtls_asn1_named_data *found = NULL;
unsigned char *old_val = NULL;
unsigned char *new_val = (unsigned char *) "new value";
- if( old_len != 0 )
- {
- ASSERT_ALLOC( nd.val.p, (size_t) old_len );
+ if (old_len != 0) {
+ ASSERT_ALLOC(nd.val.p, (size_t) old_len);
old_val = nd.val.p;
nd.val.len = old_len;
- memset( old_val, 'x', old_len );
+ memset(old_val, 'x', old_len);
}
- if( new_len <= 0 )
- {
- new_len = - new_len;
+ if (new_len <= 0) {
+ new_len = -new_len;
new_val = NULL;
}
- found = mbedtls_asn1_store_named_data( &head, "OID", 3,
- new_val, new_len );
- TEST_ASSERT( head == &nd );
- TEST_ASSERT( found == head );
+ found = mbedtls_asn1_store_named_data(&head, "OID", 3,
+ new_val, new_len);
+ TEST_ASSERT(head == &nd);
+ TEST_ASSERT(found == head);
- if( new_val != NULL)
- ASSERT_COMPARE( found->val.p, found->val.len,
- new_val, (size_t) new_len );
- if( new_len == 0)
- TEST_ASSERT( found->val.p == NULL );
- else if( new_len == old_len )
- TEST_ASSERT( found->val.p == old_val );
- else
- TEST_ASSERT( found->val.p != old_val );
+ if (new_val != NULL) {
+ ASSERT_COMPARE(found->val.p, found->val.len,
+ new_val, (size_t) new_len);
+ }
+ if (new_len == 0) {
+ TEST_ASSERT(found->val.p == NULL);
+ } else if (new_len == old_len) {
+ TEST_ASSERT(found->val.p == old_val);
+ } else {
+ TEST_ASSERT(found->val.p != old_val);
+ }
exit:
- mbedtls_free( nd.val.p );
+ mbedtls_free(nd.val.p);
}
/* END_CASE */
/* BEGIN_CASE */
-void store_named_data_val_new( int new_len, int set_new_val )
+void store_named_data_val_new(int new_len, int set_new_val)
{
mbedtls_asn1_named_data *head = NULL;
mbedtls_asn1_named_data *found = NULL;
const unsigned char *oid = (unsigned char *) "OID";
- size_t oid_len = strlen( (const char *) oid );
+ size_t oid_len = strlen((const char *) oid);
const unsigned char *new_val = (unsigned char *) "new value";
- if( set_new_val == 0 )
+ if (set_new_val == 0) {
new_val = NULL;
+ }
- found = mbedtls_asn1_store_named_data( &head,
- (const char *) oid, oid_len,
- new_val, (size_t) new_len );
- TEST_ASSERT( found != NULL );
- TEST_ASSERT( found == head );
- TEST_ASSERT( found->oid.p != oid );
- ASSERT_COMPARE( found->oid.p, found->oid.len, oid, oid_len );
- if( new_len == 0 )
- TEST_ASSERT( found->val.p == NULL );
- else if( new_val == NULL )
- TEST_ASSERT( found->val.p != NULL );
- else
- {
- TEST_ASSERT( found->val.p != new_val );
- ASSERT_COMPARE( found->val.p, found->val.len,
- new_val, (size_t) new_len );
+ found = mbedtls_asn1_store_named_data(&head,
+ (const char *) oid, oid_len,
+ new_val, (size_t) new_len);
+ TEST_ASSERT(found != NULL);
+ TEST_ASSERT(found == head);
+ TEST_ASSERT(found->oid.p != oid);
+ ASSERT_COMPARE(found->oid.p, found->oid.len, oid, oid_len);
+ if (new_len == 0) {
+ TEST_ASSERT(found->val.p == NULL);
+ } else if (new_val == NULL) {
+ TEST_ASSERT(found->val.p != NULL);
+ } else {
+ TEST_ASSERT(found->val.p != new_val);
+ ASSERT_COMPARE(found->val.p, found->val.len,
+ new_val, (size_t) new_len);
}
exit:
- if( found != NULL )
- {
- mbedtls_free( found->oid.p );
- mbedtls_free( found->val.p );
+ if (found != NULL) {
+ mbedtls_free(found->oid.p);
+ mbedtls_free(found->val.p);
}
- mbedtls_free( found );
+ mbedtls_free(found);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index 7baa3d5..ce6bd42 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -17,67 +17,66 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
-void mask_of_range( int low_arg, int high_arg )
+void mask_of_range(int low_arg, int high_arg)
{
unsigned char low = low_arg, high = high_arg;
unsigned c;
- for( c = 0; c <= 0xff; c++ )
- {
- mbedtls_test_set_step( c );
- TEST_CF_SECRET( &c, sizeof( c ) );
- unsigned char m = mbedtls_ct_uchar_mask_of_range( low, high, c );
- TEST_CF_PUBLIC( &c, sizeof( c ) );
- TEST_CF_PUBLIC( &m, sizeof( m ) );
- if( low <= c && c <= high )
- TEST_EQUAL( m, 0xff );
- else
- TEST_EQUAL( m, 0 );
+ for (c = 0; c <= 0xff; c++) {
+ mbedtls_test_set_step(c);
+ TEST_CF_SECRET(&c, sizeof(c));
+ unsigned char m = mbedtls_ct_uchar_mask_of_range(low, high, c);
+ TEST_CF_PUBLIC(&c, sizeof(c));
+ TEST_CF_PUBLIC(&m, sizeof(m));
+ if (low <= c && c <= high) {
+ TEST_EQUAL(m, 0xff);
+ } else {
+ TEST_EQUAL(m, 0);
+ }
}
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
-void enc_chars( )
+void enc_chars()
{
- for( unsigned value = 0; value < 64; value++ )
- {
- mbedtls_test_set_step( value );
- TEST_CF_SECRET( &value, sizeof( value ) );
- unsigned char digit = mbedtls_ct_base64_enc_char( value );
- TEST_CF_PUBLIC( &value, sizeof( value ) );
- TEST_CF_PUBLIC( &digit, sizeof( digit ) );
- TEST_EQUAL( digit, base64_digits[value] );
+ for (unsigned value = 0; value < 64; value++) {
+ mbedtls_test_set_step(value);
+ TEST_CF_SECRET(&value, sizeof(value));
+ unsigned char digit = mbedtls_ct_base64_enc_char(value);
+ TEST_CF_PUBLIC(&value, sizeof(value));
+ TEST_CF_PUBLIC(&digit, sizeof(digit));
+ TEST_EQUAL(digit, base64_digits[value]);
}
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
-void dec_chars( )
+void dec_chars()
{
char *p;
signed char expected;
- for( unsigned c = 0; c <= 0xff; c++ )
- {
- mbedtls_test_set_step( c );
+ for (unsigned c = 0; c <= 0xff; c++) {
+ mbedtls_test_set_step(c);
/* base64_digits is 0-terminated. sizeof()-1 excludes the trailing 0. */
- p = memchr( base64_digits, c, sizeof( base64_digits ) - 1 );
- if( p == NULL )
+ p = memchr(base64_digits, c, sizeof(base64_digits) - 1);
+ if (p == NULL) {
expected = -1;
- else
+ } else {
expected = p - base64_digits;
- TEST_CF_SECRET( &c, sizeof( c ) );
- signed char actual = mbedtls_ct_base64_dec_value( c );
- TEST_CF_PUBLIC( &c, sizeof( c ) );
- TEST_CF_PUBLIC( &actual, sizeof( actual ) );
- TEST_EQUAL( actual, expected );
+ }
+ TEST_CF_SECRET(&c, sizeof(c));
+ signed char actual = mbedtls_ct_base64_dec_value(c);
+ TEST_CF_PUBLIC(&c, sizeof(c));
+ TEST_CF_PUBLIC(&actual, sizeof(actual));
+ TEST_EQUAL(actual, expected);
}
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_base64_encode( char * src_string, char * dst_string,
- int dst_buf_size, int result )
+void mbedtls_base64_encode(char *src_string, char *dst_string,
+ int dst_buf_size, int result)
{
unsigned char src_str[1000];
unsigned char dst_str[1000];
@@ -86,26 +85,25 @@
memset(src_str, 0x00, 1000);
memset(dst_str, 0x00, 1000);
- strncpy( (char *) src_str, src_string, sizeof(src_str) - 1 );
- src_len = strlen( (char *) src_str );
+ strncpy((char *) src_str, src_string, sizeof(src_str) - 1);
+ src_len = strlen((char *) src_str);
- TEST_CF_SECRET( src_str, sizeof( src_str ) );
- TEST_ASSERT( mbedtls_base64_encode( dst_str, dst_buf_size, &len, src_str, src_len) == result );
- TEST_CF_PUBLIC( src_str, sizeof( src_str ) );
+ TEST_CF_SECRET(src_str, sizeof(src_str));
+ TEST_ASSERT(mbedtls_base64_encode(dst_str, dst_buf_size, &len, src_str, src_len) == result);
+ TEST_CF_PUBLIC(src_str, sizeof(src_str));
/* dest_str will have had tainted data copied to it, prevent the TEST_ASSERT below from triggering
CF failures by unmarking it. */
- TEST_CF_PUBLIC( dst_str, len );
+ TEST_CF_PUBLIC(dst_str, len);
- if( result == 0 )
- {
- TEST_ASSERT( strcmp( (char *) dst_str, dst_string ) == 0 );
+ if (result == 0) {
+ TEST_ASSERT(strcmp((char *) dst_str, dst_string) == 0);
}
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_base64_decode( char * src_string, char * dst_string, int result )
+void mbedtls_base64_decode(char *src_string, char *dst_string, int result)
{
unsigned char src_str[1000];
unsigned char dst_str[1000];
@@ -115,77 +113,73 @@
memset(src_str, 0x00, 1000);
memset(dst_str, 0x00, 1000);
- strncpy( (char *) src_str, src_string, sizeof(src_str) - 1 );
- res = mbedtls_base64_decode( dst_str, sizeof( dst_str ), &len, src_str, strlen( (char *) src_str ) );
- TEST_ASSERT( res == result );
- if( result == 0 )
- {
- TEST_ASSERT( strcmp( (char *) dst_str, dst_string ) == 0 );
+ strncpy((char *) src_str, src_string, sizeof(src_str) - 1);
+ res = mbedtls_base64_decode(dst_str, sizeof(dst_str), &len, src_str, strlen((char *) src_str));
+ TEST_ASSERT(res == result);
+ if (result == 0) {
+ TEST_ASSERT(strcmp((char *) dst_str, dst_string) == 0);
}
}
/* END_CASE */
/* BEGIN_CASE */
-void base64_encode_hex( data_t * src, char * dst, int dst_buf_size,
- int result )
+void base64_encode_hex(data_t *src, char *dst, int dst_buf_size,
+ int result)
{
unsigned char *res = NULL;
size_t len;
- res = mbedtls_test_zero_alloc( dst_buf_size );
+ res = mbedtls_test_zero_alloc(dst_buf_size);
- TEST_CF_SECRET( src->x, src->len );
- TEST_ASSERT( mbedtls_base64_encode( res, dst_buf_size, &len, src->x, src->len ) == result );
- TEST_CF_PUBLIC( src->x, src->len );
+ TEST_CF_SECRET(src->x, src->len);
+ TEST_ASSERT(mbedtls_base64_encode(res, dst_buf_size, &len, src->x, src->len) == result);
+ TEST_CF_PUBLIC(src->x, src->len);
/* res will have had tainted data copied to it, prevent the TEST_ASSERT below from triggering
CF failures by unmarking it. */
- TEST_CF_PUBLIC( res, len );
+ TEST_CF_PUBLIC(res, len);
- if( result == 0 )
- {
- TEST_ASSERT( len == strlen( dst ) );
- TEST_ASSERT( memcmp( dst, res, len ) == 0 );
+ if (result == 0) {
+ TEST_ASSERT(len == strlen(dst));
+ TEST_ASSERT(memcmp(dst, res, len) == 0);
}
exit:
- mbedtls_free( res );
+ mbedtls_free(res);
}
/* END_CASE */
/* BEGIN_CASE */
-void base64_decode_hex( char * src, data_t * dst, int dst_buf_size,
- int result )
+void base64_decode_hex(char *src, data_t *dst, int dst_buf_size,
+ int result)
{
unsigned char *res = NULL;
size_t len;
- res = mbedtls_test_zero_alloc( dst_buf_size );
+ res = mbedtls_test_zero_alloc(dst_buf_size);
- TEST_ASSERT( mbedtls_base64_decode( res, dst_buf_size, &len, (unsigned char *) src,
- strlen( src ) ) == result );
- if( result == 0 )
- {
- TEST_ASSERT( len == dst->len );
- TEST_ASSERT( memcmp( dst->x, res, len ) == 0 );
+ TEST_ASSERT(mbedtls_base64_decode(res, dst_buf_size, &len, (unsigned char *) src,
+ strlen(src)) == result);
+ if (result == 0) {
+ TEST_ASSERT(len == dst->len);
+ TEST_ASSERT(memcmp(dst->x, res, len) == 0);
}
exit:
- mbedtls_free( res );
+ mbedtls_free(res);
}
/* END_CASE */
/* BEGIN_CASE */
-void base64_decode_hex_src( data_t * src, char * dst_ref, int result )
+void base64_decode_hex_src(data_t *src, char *dst_ref, int result)
{
unsigned char dst[1000] = { 0 };
size_t len;
- TEST_ASSERT( mbedtls_base64_decode( dst, sizeof( dst ), &len, src->x, src->len ) == result );
- if( result == 0 )
- {
- TEST_ASSERT( len == strlen( dst_ref ) );
- TEST_ASSERT( memcmp( dst, dst_ref, len ) == 0 );
+ TEST_ASSERT(mbedtls_base64_decode(dst, sizeof(dst), &len, src->x, src->len) == result);
+ if (result == 0) {
+ TEST_ASSERT(len == strlen(dst_ref));
+ TEST_ASSERT(memcmp(dst, dst_ref, len) == 0);
}
exit:
@@ -194,8 +188,8 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void base64_selftest( )
+void base64_selftest()
{
- TEST_ASSERT( mbedtls_base64_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_base64_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function
index 35952f0..9afebba 100644
--- a/tests/suites/test_suite_bignum.function
+++ b/tests/suites/test_suite_bignum.function
@@ -9,28 +9,27 @@
/* Check the validity of the sign bit in an MPI object. Reject representations
* that are not supported by the rest of the library and indicate a bug when
* constructing the value. */
-static int sign_is_valid( const mbedtls_mpi *X )
+static int sign_is_valid(const mbedtls_mpi *X)
{
/* Only +1 and -1 are valid sign bits, not e.g. 0 */
- if( X->s != 1 && X->s != -1 )
- return( 0 );
+ if (X->s != 1 && X->s != -1) {
+ return 0;
+ }
/* The value 0 must be represented with the sign +1. A "negative zero"
* with s=-1 is an invalid representation. Forbid that. As an exception,
* we sometimes test the robustness of library functions when given
* a negative zero input. If a test case has a negative zero as input,
* we don't mind if the function has a negative zero output. */
- if( ! mbedtls_test_case_uses_negative_0 &&
- mbedtls_mpi_bitlen( X ) == 0 && X->s != 1 )
- {
- return( 0 );
+ if (!mbedtls_test_case_uses_negative_0 &&
+ mbedtls_mpi_bitlen(X) == 0 && X->s != 1) {
+ return 0;
}
- return( 1 );
+ return 1;
}
-typedef struct mbedtls_test_mpi_random
-{
+typedef struct mbedtls_test_mpi_random {
data_t *data;
size_t pos;
size_t chunk_len;
@@ -42,49 +41,49 @@
* test) are stored in the data member of the state structure. Each number is in
* the format that mbedtls_mpi_read_string understands and is chunk_len long.
*/
-int mbedtls_test_mpi_miller_rabin_determinizer( void* state,
- unsigned char* buf,
- size_t len )
+int mbedtls_test_mpi_miller_rabin_determinizer(void *state,
+ unsigned char *buf,
+ size_t len)
{
- mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random*) state;
+ mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random *) state;
- if( random == NULL || random->data->x == NULL || buf == NULL )
- return( -1 );
-
- if( random->pos + random->chunk_len > random->data->len
- || random->chunk_len > len )
- {
- return( -1 );
+ if (random == NULL || random->data->x == NULL || buf == NULL) {
+ return -1;
}
- memset( buf, 0, len );
+ if (random->pos + random->chunk_len > random->data->len
+ || random->chunk_len > len) {
+ return -1;
+ }
+
+ memset(buf, 0, len);
/* The witness is written to the end of the buffer, since the buffer is
* used as big endian, unsigned binary data in mbedtls_mpi_read_binary.
* Writing the witness to the start of the buffer would result in the
* buffer being 'witness 000...000', which would be treated as
* witness * 2^n for some n. */
- memcpy( buf + len - random->chunk_len, &random->data->x[random->pos],
- random->chunk_len );
+ memcpy(buf + len - random->chunk_len, &random->data->x[random->pos],
+ random->chunk_len);
random->pos += random->chunk_len;
- return( 0 );
+ return 0;
}
/* Random generator that is told how many bytes to return. */
-static int f_rng_bytes_left( void *state, unsigned char *buf, size_t len )
+static int f_rng_bytes_left(void *state, unsigned char *buf, size_t len)
{
size_t *bytes_left = state;
size_t i;
- for( i = 0; i < len; i++ )
- {
- if( *bytes_left == 0 )
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ for (i = 0; i < len; i++) {
+ if (*bytes_left == 0) {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ }
buf[i] = *bytes_left & 0xff;
- --( *bytes_left );
+ --(*bytes_left);
}
- return( 0 );
+ return 0;
}
/* Test whether bytes represents (in big-endian base 256) a number b that
@@ -98,37 +97,39 @@
* number is above some threshold A. The threshold value is heuristic and
* based on the needs of mpi_random_many().
*/
-static int is_significantly_above_a_power_of_2( data_t *bytes )
+static int is_significantly_above_a_power_of_2(data_t *bytes)
{
const uint8_t *p = bytes->x;
size_t len = bytes->len;
unsigned x;
/* Skip leading null bytes */
- while( len > 0 && p[0] == 0 )
- {
+ while (len > 0 && p[0] == 0) {
++p;
--len;
}
/* 0 is not significantly above a power of 2 */
- if( len == 0 )
- return( 0 );
+ if (len == 0) {
+ return 0;
+ }
/* Extract the (up to) 2 most significant bytes */
- if( len == 1 )
+ if (len == 1) {
x = p[0];
- else
- x = ( p[0] << 8 ) | p[1];
+ } else {
+ x = (p[0] << 8) | p[1];
+ }
/* Shift the most significant bit of x to position 8 and mask it out */
- while( ( x & 0xfe00 ) != 0 )
+ while ((x & 0xfe00) != 0) {
x >>= 1;
+ }
x &= 0x00ff;
/* At this point, x = floor((b - 2^n) / 2^(n-8)). b is significantly above
* a power of 2 iff x is significantly above 0 compared to 2^8.
* Testing x >= 2^4 amounts to picking A = 1/16 in the function
* description above. */
- return( x >= 0x10 );
+ return x >= 0x10;
}
/* END_HEADER */
@@ -139,14 +140,14 @@
*/
/* BEGIN_CASE */
-void mpi_valid_param( )
+void mpi_valid_param()
{
- TEST_VALID_PARAM( mbedtls_mpi_free( NULL ) );
+ TEST_VALID_PARAM(mbedtls_mpi_free(NULL));
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void mpi_invalid_param( )
+void mpi_invalid_param()
{
mbedtls_mpi X;
const char *s_in = "00101000101010";
@@ -156,197 +157,197 @@
size_t olen;
mbedtls_mpi_uint mpi_uint;
- TEST_INVALID_PARAM( mbedtls_mpi_init( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_mpi_init(NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_grow( NULL, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_copy( NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_copy( &X, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_grow(NULL, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_copy(NULL, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_copy(&X, NULL));
- TEST_INVALID_PARAM( mbedtls_mpi_swap( NULL, &X ) );
- TEST_INVALID_PARAM( mbedtls_mpi_swap( &X, NULL ) );
+ TEST_INVALID_PARAM(mbedtls_mpi_swap(NULL, &X));
+ TEST_INVALID_PARAM(mbedtls_mpi_swap(&X, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_safe_cond_assign( NULL, &X, 0 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_safe_cond_assign( &X, NULL, 0 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_safe_cond_assign(NULL, &X, 0));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_safe_cond_assign(&X, NULL, 0));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_safe_cond_swap( NULL, &X, 0 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_safe_cond_swap( &X, NULL, 0 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_safe_cond_swap(NULL, &X, 0));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_safe_cond_swap(&X, NULL, 0));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_lset( NULL, 42 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_lset(NULL, 42));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_get_bit( NULL, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_set_bit( NULL, 42, 0 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_get_bit(NULL, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_set_bit(NULL, 42, 0));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_string( NULL, 2, s_in ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_string( &X, 2, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_read_string(NULL, 2, s_in));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_read_string(&X, 2, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_string( NULL, 2,
- s_out, sizeof( s_out ),
- &olen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_string( &X, 2,
- NULL, sizeof( s_out ),
- &olen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_string( &X, 2,
- s_out, sizeof( s_out ),
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_write_string(NULL, 2,
+ s_out, sizeof(s_out),
+ &olen));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_write_string(&X, 2,
+ NULL, sizeof(s_out),
+ &olen));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_write_string(&X, 2,
+ s_out, sizeof(s_out),
+ NULL));
#if defined(MBEDTLS_FS_IO)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_file( NULL, 2, stdin ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_file( &X, 2, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_read_file(NULL, 2, stdin));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_read_file(&X, 2, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_file( "", NULL, 2, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_write_file("", NULL, 2, NULL));
#endif /* MBEDTLS_FS_IO */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_binary( NULL, u_in,
- sizeof( u_in ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_binary( &X, NULL,
- sizeof( u_in ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_read_binary(NULL, u_in,
+ sizeof(u_in)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_read_binary(&X, NULL,
+ sizeof(u_in)));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_binary( NULL, u_out,
- sizeof( u_out ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_binary( &X, NULL,
- sizeof( u_out ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_write_binary(NULL, u_out,
+ sizeof(u_out)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_write_binary(&X, NULL,
+ sizeof(u_out)));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_shift_l( NULL, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_shift_r( NULL, 42 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_shift_l(NULL, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_shift_r(NULL, 42));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_cmp_abs( NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_cmp_abs( &X, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_cmp_abs(NULL, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_cmp_abs(&X, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_cmp_mpi( NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_cmp_mpi( &X, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_cmp_mpi(NULL, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_cmp_mpi(&X, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_cmp_int( NULL, 42 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_cmp_int(NULL, 42));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_abs( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_abs( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_abs( &X, &X, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_add_abs(NULL, &X, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_add_abs(&X, NULL, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_add_abs(&X, &X, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_abs( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_abs( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_abs( &X, &X, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_sub_abs(NULL, &X, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_sub_abs(&X, NULL, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_sub_abs(&X, &X, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_mpi( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_mpi( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_mpi( &X, &X, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_add_mpi(NULL, &X, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_add_mpi(&X, NULL, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_add_mpi(&X, &X, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_mpi( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_mpi( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_mpi( &X, &X, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_sub_mpi(NULL, &X, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_sub_mpi(&X, NULL, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_sub_mpi(&X, &X, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_int( NULL, &X, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_int( &X, NULL, 42 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_add_int(NULL, &X, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_add_int(&X, NULL, 42));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_int( NULL, &X, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_int( &X, NULL, 42 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_sub_int(NULL, &X, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_sub_int(&X, NULL, 42));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mul_mpi( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mul_mpi( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mul_mpi( &X, &X, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mul_mpi(NULL, &X, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mul_mpi(&X, NULL, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mul_mpi(&X, &X, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mul_int( NULL, &X, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mul_int( &X, NULL, 42 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mul_int(NULL, &X, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mul_int(&X, NULL, 42));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_div_mpi( &X, &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_div_mpi( &X, &X, &X, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_div_mpi(&X, &X, NULL, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_div_mpi(&X, &X, &X, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_div_int( &X, &X, NULL, 42 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_div_int(&X, &X, NULL, 42));
- TEST_INVALID_PARAM_RET( 0, mbedtls_mpi_lsb( NULL ) );
+ TEST_INVALID_PARAM_RET(0, mbedtls_mpi_lsb(NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mod_mpi( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mod_mpi( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mod_mpi( &X, &X, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mod_mpi(NULL, &X, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mod_mpi(&X, NULL, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mod_mpi(&X, &X, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mod_int( NULL, &X, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mod_int( &mpi_uint, NULL, 42 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mod_int(NULL, &X, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mod_int(&mpi_uint, NULL, 42));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_exp_mod( NULL, &X, &X, &X, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_exp_mod( &X, NULL, &X, &X, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_exp_mod( &X, &X, NULL, &X, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_exp_mod( &X, &X, &X, NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_exp_mod(NULL, &X, &X, &X, NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_exp_mod(&X, NULL, &X, &X, NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_exp_mod(&X, &X, NULL, &X, NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_exp_mod(&X, &X, &X, NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_fill_random( NULL, 42,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_fill_random( &X, 42, NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_fill_random(NULL, 42,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_fill_random(&X, 42, NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_gcd( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_gcd( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_gcd( &X, &X, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_gcd(NULL, &X, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_gcd(&X, NULL, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_gcd(&X, &X, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_inv_mod( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_inv_mod( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_inv_mod( &X, &X, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_inv_mod(NULL, &X, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_inv_mod(&X, NULL, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_inv_mod(&X, &X, NULL));
exit:
return;
@@ -354,158 +355,156 @@
/* END_CASE */
/* BEGIN_CASE */
-void mpi_null( )
+void mpi_null()
{
mbedtls_mpi X, Y, Z;
- mbedtls_mpi_init( &X );
- mbedtls_mpi_init( &Y );
- mbedtls_mpi_init( &Z );
+ mbedtls_mpi_init(&X);
+ mbedtls_mpi_init(&Y);
+ mbedtls_mpi_init(&Z);
- TEST_ASSERT( mbedtls_mpi_get_bit( &X, 42 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_lsb( &X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_bitlen( &X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_size( &X ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_get_bit(&X, 42) == 0);
+ TEST_ASSERT(mbedtls_mpi_lsb(&X) == 0);
+ TEST_ASSERT(mbedtls_mpi_bitlen(&X) == 0);
+ TEST_ASSERT(mbedtls_mpi_size(&X) == 0);
exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE */
-void mpi_read_write_string( int radix_X, char * input_X, int radix_A,
- char * input_A, int output_size, int result_read,
- int result_write )
+void mpi_read_write_string(int radix_X, char *input_X, int radix_A,
+ char *input_A, int output_size, int result_read,
+ int result_write)
{
mbedtls_mpi X;
char str[1000];
size_t len;
- mbedtls_mpi_init( &X );
+ mbedtls_mpi_init(&X);
- memset( str, '!', sizeof( str ) );
+ memset(str, '!', sizeof(str));
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read );
- if( result_read == 0 )
- {
- TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, output_size, &len ) == result_write );
- if( result_write == 0 )
- {
- TEST_ASSERT( strcasecmp( str, input_A ) == 0 );
- TEST_ASSERT( str[len] == '!' );
+ TEST_ASSERT(mbedtls_mpi_read_string(&X, radix_X, input_X) == result_read);
+ if (result_read == 0) {
+ TEST_ASSERT(sign_is_valid(&X));
+ TEST_ASSERT(mbedtls_mpi_write_string(&X, radix_A, str, output_size, &len) == result_write);
+ if (result_write == 0) {
+ TEST_ASSERT(strcasecmp(str, input_A) == 0);
+ TEST_ASSERT(str[len] == '!');
}
}
exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_read_binary( data_t * buf, char * input_A )
+void mbedtls_mpi_read_binary(data_t *buf, char *input_A)
{
mbedtls_mpi X;
char str[1000];
size_t len;
- mbedtls_mpi_init( &X );
+ mbedtls_mpi_init(&X);
- TEST_ASSERT( mbedtls_mpi_read_binary( &X, buf->x, buf->len ) == 0 );
- TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( mbedtls_mpi_write_string( &X, 16, str, sizeof( str ), &len ) == 0 );
- TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_read_binary(&X, buf->x, buf->len) == 0);
+ TEST_ASSERT(sign_is_valid(&X));
+ TEST_ASSERT(mbedtls_mpi_write_string(&X, 16, str, sizeof(str), &len) == 0);
+ TEST_ASSERT(strcmp((char *) str, input_A) == 0);
exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_read_binary_le( data_t * buf, char * input_A )
+void mbedtls_mpi_read_binary_le(data_t *buf, char *input_A)
{
mbedtls_mpi X;
char str[1000];
size_t len;
- mbedtls_mpi_init( &X );
+ mbedtls_mpi_init(&X);
- TEST_ASSERT( mbedtls_mpi_read_binary_le( &X, buf->x, buf->len ) == 0 );
- TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( mbedtls_mpi_write_string( &X, 16, str, sizeof( str ), &len ) == 0 );
- TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_read_binary_le(&X, buf->x, buf->len) == 0);
+ TEST_ASSERT(sign_is_valid(&X));
+ TEST_ASSERT(mbedtls_mpi_write_string(&X, 16, str, sizeof(str), &len) == 0);
+ TEST_ASSERT(strcmp((char *) str, input_A) == 0);
exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_write_binary( char * input_X, data_t * input_A,
- int output_size, int result )
+void mbedtls_mpi_write_binary(char *input_X, data_t *input_A,
+ int output_size, int result)
{
mbedtls_mpi X;
unsigned char buf[1000];
size_t buflen;
- memset( buf, 0x00, 1000 );
+ memset(buf, 0x00, 1000);
- mbedtls_mpi_init( &X );
+ mbedtls_mpi_init(&X);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
- buflen = mbedtls_mpi_size( &X );
- if( buflen > (size_t) output_size )
+ buflen = mbedtls_mpi_size(&X);
+ if (buflen > (size_t) output_size) {
buflen = (size_t) output_size;
+ }
- TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == result );
- if( result == 0)
- {
+ TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, buflen) == result);
+ if (result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x,
- buflen, input_A->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x,
+ buflen, input_A->len) == 0);
}
exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_write_binary_le( char * input_X, data_t * input_A,
- int output_size, int result )
+void mbedtls_mpi_write_binary_le(char *input_X, data_t *input_A,
+ int output_size, int result)
{
mbedtls_mpi X;
unsigned char buf[1000];
size_t buflen;
- memset( buf, 0x00, 1000 );
+ memset(buf, 0x00, 1000);
- mbedtls_mpi_init( &X );
+ mbedtls_mpi_init(&X);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
- buflen = mbedtls_mpi_size( &X );
- if( buflen > (size_t) output_size )
+ buflen = mbedtls_mpi_size(&X);
+ if (buflen > (size_t) output_size) {
buflen = (size_t) output_size;
+ }
- TEST_ASSERT( mbedtls_mpi_write_binary_le( &X, buf, buflen ) == result );
- if( result == 0)
- {
+ TEST_ASSERT(mbedtls_mpi_write_binary_le(&X, buf, buflen) == result);
+ if (result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x,
- buflen, input_A->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x,
+ buflen, input_A->len) == 0);
}
exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void mbedtls_mpi_read_file( char * input_file, data_t * input_A, int result )
+void mbedtls_mpi_read_file(char *input_file, data_t *input_A, int result)
{
mbedtls_mpi X;
unsigned char buf[1000];
@@ -513,678 +512,677 @@
FILE *file;
int ret;
- memset( buf, 0x00, 1000 );
+ memset(buf, 0x00, 1000);
- mbedtls_mpi_init( &X );
+ mbedtls_mpi_init(&X);
- file = fopen( input_file, "r" );
- TEST_ASSERT( file != NULL );
- ret = mbedtls_mpi_read_file( &X, 16, file );
+ file = fopen(input_file, "r");
+ TEST_ASSERT(file != NULL);
+ ret = mbedtls_mpi_read_file(&X, 16, file);
fclose(file);
- TEST_ASSERT( ret == result );
+ TEST_ASSERT(ret == result);
- if( result == 0 )
- {
- TEST_ASSERT( sign_is_valid( &X ) );
- buflen = mbedtls_mpi_size( &X );
- TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 );
+ if (result == 0) {
+ TEST_ASSERT(sign_is_valid(&X));
+ buflen = mbedtls_mpi_size(&X);
+ TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, buflen) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x,
- buflen, input_A->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x,
+ buflen, input_A->len) == 0);
}
exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void mbedtls_mpi_write_file( char * input_X, char * output_file )
+void mbedtls_mpi_write_file(char *input_X, char *output_file)
{
mbedtls_mpi X, Y;
FILE *file_out, *file_in;
int ret;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
- file_out = fopen( output_file, "w" );
- TEST_ASSERT( file_out != NULL );
- ret = mbedtls_mpi_write_file( NULL, &X, 16, file_out );
+ file_out = fopen(output_file, "w");
+ TEST_ASSERT(file_out != NULL);
+ ret = mbedtls_mpi_write_file(NULL, &X, 16, file_out);
fclose(file_out);
- TEST_ASSERT( ret == 0 );
+ TEST_ASSERT(ret == 0);
- file_in = fopen( output_file, "r" );
- TEST_ASSERT( file_in != NULL );
- ret = mbedtls_mpi_read_file( &Y, 16, file_in );
+ file_in = fopen(output_file, "r");
+ TEST_ASSERT(file_in != NULL);
+ ret = mbedtls_mpi_read_file(&Y, 16, file_in);
fclose(file_in);
- TEST_ASSERT( ret == 0 );
+ TEST_ASSERT(ret == 0);
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == 0);
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_get_bit( char * input_X, int pos, int val )
+void mbedtls_mpi_get_bit(char *input_X, int pos, int val)
{
mbedtls_mpi X;
- mbedtls_mpi_init( &X );
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_get_bit( &X, pos ) == val );
+ mbedtls_mpi_init(&X);
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_mpi_get_bit(&X, pos) == val);
exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_set_bit( char * input_X, int pos, int val,
- char * output_Y, int result )
+void mbedtls_mpi_set_bit(char *input_X, int pos, int val,
+ char *output_Y, int result)
{
mbedtls_mpi X, Y;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, output_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_set_bit( &X, pos, val ) == result );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, output_Y) == 0);
+ TEST_ASSERT(mbedtls_mpi_set_bit(&X, pos, val) == result);
- if( result == 0 )
- {
- TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 );
+ if (result == 0) {
+ TEST_ASSERT(sign_is_valid(&X));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == 0);
}
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_lsb( char * input_X, int nr_bits )
+void mbedtls_mpi_lsb(char *input_X, int nr_bits)
{
mbedtls_mpi X;
- mbedtls_mpi_init( &X );
+ mbedtls_mpi_init(&X);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_lsb( &X ) == (size_t) nr_bits );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_mpi_lsb(&X) == (size_t) nr_bits);
exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_bitlen( char * input_X, int nr_bits )
+void mbedtls_mpi_bitlen(char *input_X, int nr_bits)
{
mbedtls_mpi X;
- mbedtls_mpi_init( &X );
+ mbedtls_mpi_init(&X);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_bitlen( &X ) == (size_t) nr_bits );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_mpi_bitlen(&X) == (size_t) nr_bits);
exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_gcd( char * input_X, char * input_Y,
- char * input_A )
+void mbedtls_mpi_gcd(char *input_X, char *input_Y,
+ char *input_A)
{
mbedtls_mpi A, X, Y, Z;
- mbedtls_mpi_init( &A ); mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
+ mbedtls_mpi_init(&A); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_gcd( &Z, &X, &Y ) == 0 );
- TEST_ASSERT( sign_is_valid( &Z ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
+ TEST_ASSERT(mbedtls_mpi_gcd(&Z, &X, &Y) == 0);
+ TEST_ASSERT(sign_is_valid(&Z));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
exit:
- mbedtls_mpi_free( &A ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
+ mbedtls_mpi_free(&A); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_cmp_int( int input_X, int input_A, int result_CMP )
+void mbedtls_mpi_cmp_int(int input_X, int input_A, int result_CMP)
{
mbedtls_mpi X;
- mbedtls_mpi_init( &X );
+ mbedtls_mpi_init(&X);
- TEST_ASSERT( mbedtls_mpi_lset( &X, input_X ) == 0);
- TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_A ) == result_CMP);
+ TEST_ASSERT(mbedtls_mpi_lset(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_int(&X, input_A) == result_CMP);
exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_cmp_mpi( char * input_X, char * input_Y,
- int input_A )
+void mbedtls_mpi_cmp_mpi(char *input_X, char *input_Y,
+ int input_A)
{
mbedtls_mpi X, Y;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == input_A );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == input_A);
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_lt_mpi_ct( int size_X, char * input_X,
- int size_Y, char * input_Y,
- int input_ret, int input_err )
+void mbedtls_mpi_lt_mpi_ct(int size_X, char *input_X,
+ int size_Y, char *input_Y,
+ int input_ret, int input_err)
{
unsigned ret = -1;
unsigned input_uret = input_ret;
mbedtls_mpi X, Y;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
- TEST_ASSERT( mbedtls_mpi_grow( &X, size_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_grow( &Y, size_Y ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_grow(&X, size_X) == 0);
+ TEST_ASSERT(mbedtls_mpi_grow(&Y, size_Y) == 0);
- TEST_ASSERT( mbedtls_mpi_lt_mpi_ct( &X, &Y, &ret ) == input_err );
- if( input_err == 0 )
- TEST_ASSERT( ret == input_uret );
+ TEST_ASSERT(mbedtls_mpi_lt_mpi_ct(&X, &Y, &ret) == input_err);
+ if (input_err == 0) {
+ TEST_ASSERT(ret == input_uret);
+ }
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_cmp_abs( char * input_X, char * input_Y,
- int input_A )
+void mbedtls_mpi_cmp_abs(char *input_X, char *input_Y,
+ int input_A)
{
mbedtls_mpi X, Y;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_abs( &X, &Y ) == input_A );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_abs(&X, &Y) == input_A);
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_copy( char *src_hex, char *dst_hex )
+void mbedtls_mpi_copy(char *src_hex, char *dst_hex)
{
mbedtls_mpi src, dst, ref;
- mbedtls_mpi_init( &src );
- mbedtls_mpi_init( &dst );
- mbedtls_mpi_init( &ref );
+ mbedtls_mpi_init(&src);
+ mbedtls_mpi_init(&dst);
+ mbedtls_mpi_init(&ref);
- TEST_ASSERT( mbedtls_test_read_mpi( &src, src_hex ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &ref, dst_hex ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&src, src_hex) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&ref, dst_hex) == 0);
/* mbedtls_mpi_copy() */
- TEST_ASSERT( mbedtls_test_read_mpi( &dst, dst_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_copy( &dst, &src ) == 0 );
- TEST_ASSERT( sign_is_valid( &dst ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0);
+ TEST_ASSERT(mbedtls_mpi_copy(&dst, &src) == 0);
+ TEST_ASSERT(sign_is_valid(&dst));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &src) == 0);
/* mbedtls_mpi_safe_cond_assign(), assignment done */
- mbedtls_mpi_free( &dst );
- TEST_ASSERT( mbedtls_test_read_mpi( &dst, dst_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 1 ) == 0 );
- TEST_ASSERT( sign_is_valid( &dst ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 );
+ mbedtls_mpi_free(&dst);
+ TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0);
+ TEST_ASSERT(mbedtls_mpi_safe_cond_assign(&dst, &src, 1) == 0);
+ TEST_ASSERT(sign_is_valid(&dst));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &src) == 0);
/* mbedtls_mpi_safe_cond_assign(), assignment not done */
- mbedtls_mpi_free( &dst );
- TEST_ASSERT( mbedtls_test_read_mpi( &dst, dst_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 0 ) == 0 );
- TEST_ASSERT( sign_is_valid( &dst ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &ref ) == 0 );
+ mbedtls_mpi_free(&dst);
+ TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0);
+ TEST_ASSERT(mbedtls_mpi_safe_cond_assign(&dst, &src, 0) == 0);
+ TEST_ASSERT(sign_is_valid(&dst));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &ref) == 0);
exit:
- mbedtls_mpi_free( &src );
- mbedtls_mpi_free( &dst );
- mbedtls_mpi_free( &ref );
+ mbedtls_mpi_free(&src);
+ mbedtls_mpi_free(&dst);
+ mbedtls_mpi_free(&ref);
}
/* END_CASE */
/* BEGIN_CASE */
-void mpi_copy_self( char *input_X )
+void mpi_copy_self(char *input_X)
{
mbedtls_mpi X, A;
- mbedtls_mpi_init( &A );
- mbedtls_mpi_init( &X );
+ mbedtls_mpi_init(&A);
+ mbedtls_mpi_init(&X);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_copy( &X, &X ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_mpi_copy(&X, &X) == 0);
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_X ) == 0 );
- TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_X) == 0);
+ TEST_ASSERT(sign_is_valid(&X));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
exit:
- mbedtls_mpi_free( &A );
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&A);
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_swap( char *X_hex, char *Y_hex )
+void mbedtls_mpi_swap(char *X_hex, char *Y_hex)
{
mbedtls_mpi X, Y, X0, Y0;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
- mbedtls_mpi_init( &X0 ); mbedtls_mpi_init( &Y0 );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
+ mbedtls_mpi_init(&X0); mbedtls_mpi_init(&Y0);
- TEST_ASSERT( mbedtls_test_read_mpi( &X0, X_hex ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y0, Y_hex ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X0, X_hex) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y0, Y_hex) == 0);
/* mbedtls_mpi_swap() */
- TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, Y_hex ) == 0 );
- mbedtls_mpi_swap( &X, &Y );
- TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( sign_is_valid( &Y ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0);
+ mbedtls_mpi_swap(&X, &Y);
+ TEST_ASSERT(sign_is_valid(&X));
+ TEST_ASSERT(sign_is_valid(&Y));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y0) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &X0) == 0);
/* mbedtls_mpi_safe_cond_swap(), swap done */
- mbedtls_mpi_free( &X );
- mbedtls_mpi_free( &Y );
- TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, Y_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 1 ) == 0 );
- TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( sign_is_valid( &Y ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 );
+ mbedtls_mpi_free(&X);
+ mbedtls_mpi_free(&Y);
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0);
+ TEST_ASSERT(mbedtls_mpi_safe_cond_swap(&X, &Y, 1) == 0);
+ TEST_ASSERT(sign_is_valid(&X));
+ TEST_ASSERT(sign_is_valid(&Y));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y0) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &X0) == 0);
/* mbedtls_mpi_safe_cond_swap(), swap not done */
- mbedtls_mpi_free( &X );
- mbedtls_mpi_free( &Y );
- TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, Y_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 0 ) == 0 );
- TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( sign_is_valid( &Y ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &Y0 ) == 0 );
+ mbedtls_mpi_free(&X);
+ mbedtls_mpi_free(&Y);
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0);
+ TEST_ASSERT(mbedtls_mpi_safe_cond_swap(&X, &Y, 0) == 0);
+ TEST_ASSERT(sign_is_valid(&X));
+ TEST_ASSERT(sign_is_valid(&Y));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &X0) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &Y0) == 0);
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
- mbedtls_mpi_free( &X0 ); mbedtls_mpi_free( &Y0 );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
+ mbedtls_mpi_free(&X0); mbedtls_mpi_free(&Y0);
}
/* END_CASE */
/* BEGIN_CASE */
-void mpi_swap_self( char *X_hex )
+void mpi_swap_self(char *X_hex)
{
mbedtls_mpi X, X0;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &X0 );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&X0);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &X0, X_hex ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&X0, X_hex) == 0);
- mbedtls_mpi_swap( &X, &X );
- TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 );
+ mbedtls_mpi_swap(&X, &X);
+ TEST_ASSERT(sign_is_valid(&X));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &X0) == 0);
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &X0 );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&X0);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_shrink( int before, int used, int min, int after )
+void mbedtls_mpi_shrink(int before, int used, int min, int after)
{
mbedtls_mpi X;
- mbedtls_mpi_init( &X );
+ mbedtls_mpi_init(&X);
- TEST_ASSERT( mbedtls_mpi_grow( &X, before ) == 0 );
- if( used > 0 )
- {
- size_t used_bit_count = used * 8 * sizeof( mbedtls_mpi_uint );
- TEST_ASSERT( mbedtls_mpi_set_bit( &X, used_bit_count - 1, 1 ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_grow(&X, before) == 0);
+ if (used > 0) {
+ size_t used_bit_count = used * 8 * sizeof(mbedtls_mpi_uint);
+ TEST_ASSERT(mbedtls_mpi_set_bit(&X, used_bit_count - 1, 1) == 0);
}
- TEST_EQUAL( X.n, (size_t) before );
- TEST_ASSERT( mbedtls_mpi_shrink( &X, min ) == 0 );
- TEST_EQUAL( X.n, (size_t) after );
+ TEST_EQUAL(X.n, (size_t) before);
+ TEST_ASSERT(mbedtls_mpi_shrink(&X, min) == 0);
+ TEST_EQUAL(X.n, (size_t) after);
exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_add_mpi( char * input_X, char * input_Y,
- char * input_A )
+void mbedtls_mpi_add_mpi(char *input_X, char *input_Y,
+ char *input_A)
{
mbedtls_mpi X, Y, Z, A;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_add_mpi( &Z, &X, &Y ) == 0 );
- TEST_ASSERT( sign_is_valid( &Z ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
+ TEST_ASSERT(mbedtls_mpi_add_mpi(&Z, &X, &Y) == 0);
+ TEST_ASSERT(sign_is_valid(&Z));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
/* result == first operand */
- TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &Y ) == 0 );
- TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_add_mpi(&X, &X, &Y) == 0);
+ TEST_ASSERT(sign_is_valid(&X));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
/* result == second operand */
- TEST_ASSERT( mbedtls_mpi_add_mpi( &Y, &X, &Y ) == 0 );
- TEST_ASSERT( sign_is_valid( &Y ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_add_mpi(&Y, &X, &Y) == 0);
+ TEST_ASSERT(sign_is_valid(&Y));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0);
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_add_mpi_inplace( char * input_X, char * input_A )
+void mbedtls_mpi_add_mpi_inplace(char *input_X, char *input_A)
{
mbedtls_mpi X, A;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&A);
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &X, 0 ) == 0 );
- TEST_ASSERT( sign_is_valid( &X ) );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_mpi_sub_abs(&X, &X, &X) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_int(&X, 0) == 0);
+ TEST_ASSERT(sign_is_valid(&X));
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &X ) == 0 );
- TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_mpi_add_abs(&X, &X, &X) == 0);
+ TEST_ASSERT(sign_is_valid(&X));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &X ) == 0 );
- TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_mpi_add_mpi(&X, &X, &X) == 0);
+ TEST_ASSERT(sign_is_valid(&X));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&A);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_add_abs( char * input_X, char * input_Y,
- char * input_A )
+void mbedtls_mpi_add_abs(char *input_X, char *input_Y,
+ char *input_A)
{
mbedtls_mpi X, Y, Z, A;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_add_abs( &Z, &X, &Y ) == 0 );
- TEST_ASSERT( sign_is_valid( &Z ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
+ TEST_ASSERT(mbedtls_mpi_add_abs(&Z, &X, &Y) == 0);
+ TEST_ASSERT(sign_is_valid(&Z));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
/* result == first operand */
- TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &Y ) == 0 );
- TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_add_abs(&X, &X, &Y) == 0);
+ TEST_ASSERT(sign_is_valid(&X));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
/* result == second operand */
- TEST_ASSERT( mbedtls_mpi_add_abs( &Y, &X, &Y ) == 0 );
- TEST_ASSERT( sign_is_valid( &Y ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_add_abs(&Y, &X, &Y) == 0);
+ TEST_ASSERT(sign_is_valid(&Y));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0);
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_add_int( char * input_X, int input_Y,
- char * input_A )
+void mbedtls_mpi_add_int(char *input_X, int input_Y,
+ char *input_A)
{
mbedtls_mpi X, Z, A;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_add_int( &Z, &X, input_Y ) == 0 );
- TEST_ASSERT( sign_is_valid( &Z ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
+ TEST_ASSERT(mbedtls_mpi_add_int(&Z, &X, input_Y) == 0);
+ TEST_ASSERT(sign_is_valid(&Z));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_sub_mpi( char * input_X, char * input_Y,
- char * input_A )
+void mbedtls_mpi_sub_mpi(char *input_X, char *input_Y,
+ char *input_A)
{
mbedtls_mpi X, Y, Z, A;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_sub_mpi( &Z, &X, &Y ) == 0 );
- TEST_ASSERT( sign_is_valid( &Z ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
+ TEST_ASSERT(mbedtls_mpi_sub_mpi(&Z, &X, &Y) == 0);
+ TEST_ASSERT(sign_is_valid(&Z));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
/* result == first operand */
- TEST_ASSERT( mbedtls_mpi_sub_mpi( &X, &X, &Y ) == 0 );
- TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_sub_mpi(&X, &X, &Y) == 0);
+ TEST_ASSERT(sign_is_valid(&X));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
/* result == second operand */
- TEST_ASSERT( mbedtls_mpi_sub_mpi( &Y, &X, &Y ) == 0 );
- TEST_ASSERT( sign_is_valid( &Y ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_sub_mpi(&Y, &X, &Y) == 0);
+ TEST_ASSERT(sign_is_valid(&Y));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0);
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_sub_abs( char * input_X, char * input_Y,
- char * input_A, int sub_result )
+void mbedtls_mpi_sub_abs(char *input_X, char *input_Y,
+ char *input_A, int sub_result)
{
mbedtls_mpi X, Y, Z, A;
int res;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
- res = mbedtls_mpi_sub_abs( &Z, &X, &Y );
- TEST_ASSERT( res == sub_result );
- TEST_ASSERT( sign_is_valid( &Z ) );
- if( res == 0 )
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
+ res = mbedtls_mpi_sub_abs(&Z, &X, &Y);
+ TEST_ASSERT(res == sub_result);
+ TEST_ASSERT(sign_is_valid(&Z));
+ if (res == 0) {
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
+ }
/* result == first operand */
- TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &Y ) == sub_result );
- TEST_ASSERT( sign_is_valid( &X ) );
- if( sub_result == 0 )
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_sub_abs(&X, &X, &Y) == sub_result);
+ TEST_ASSERT(sign_is_valid(&X));
+ if (sub_result == 0) {
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
+ }
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
/* result == second operand */
- TEST_ASSERT( mbedtls_mpi_sub_abs( &Y, &X, &Y ) == sub_result );
- TEST_ASSERT( sign_is_valid( &Y ) );
- if( sub_result == 0 )
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_sub_abs(&Y, &X, &Y) == sub_result);
+ TEST_ASSERT(sign_is_valid(&Y));
+ if (sub_result == 0) {
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0);
+ }
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_sub_int( char * input_X, int input_Y,
- char * input_A )
+void mbedtls_mpi_sub_int(char *input_X, int input_Y,
+ char *input_A)
{
mbedtls_mpi X, Z, A;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_sub_int( &Z, &X, input_Y ) == 0 );
- TEST_ASSERT( sign_is_valid( &Z ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
+ TEST_ASSERT(mbedtls_mpi_sub_int(&Z, &X, input_Y) == 0);
+ TEST_ASSERT(sign_is_valid(&Z));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_mul_mpi( char * input_X, char * input_Y,
- char * input_A )
+void mbedtls_mpi_mul_mpi(char *input_X, char *input_Y,
+ char *input_A)
{
mbedtls_mpi X, Y, Z, A;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_mul_mpi( &Z, &X, &Y ) == 0 );
- TEST_ASSERT( sign_is_valid( &Z ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
+ TEST_ASSERT(mbedtls_mpi_mul_mpi(&Z, &X, &Y) == 0);
+ TEST_ASSERT(sign_is_valid(&Z));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_mul_int( char * input_X, int input_Y,
- char * input_A, char * result_comparison )
+void mbedtls_mpi_mul_int(char *input_X, int input_Y,
+ char *input_A, char *result_comparison)
{
mbedtls_mpi X, Z, A;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_mul_int( &Z, &X, input_Y ) == 0 );
- TEST_ASSERT( sign_is_valid( &Z ) );
- if( strcmp( result_comparison, "==" ) == 0 )
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
- else if( strcmp( result_comparison, "!=" ) == 0 )
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) != 0 );
- else
- TEST_ASSERT( "unknown operator" == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
+ TEST_ASSERT(mbedtls_mpi_mul_int(&Z, &X, input_Y) == 0);
+ TEST_ASSERT(sign_is_valid(&Z));
+ if (strcmp(result_comparison, "==") == 0) {
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
+ } else if (strcmp(result_comparison, "!=") == 0) {
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) != 0);
+ } else {
+ TEST_ASSERT("unknown operator" == 0);
+ }
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_div_mpi( char * input_X, char * input_Y,
- char * input_A, char * input_B,
- int div_result )
+void mbedtls_mpi_div_mpi(char *input_X, char *input_Y,
+ char *input_A, char *input_B,
+ int div_result)
{
mbedtls_mpi X, Y, Q, R, A, B;
int res;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R );
- mbedtls_mpi_init( &A ); mbedtls_mpi_init( &B );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&R);
+ mbedtls_mpi_init(&A); mbedtls_mpi_init(&B);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &B, input_B ) == 0 );
- res = mbedtls_mpi_div_mpi( &Q, &R, &X, &Y );
- TEST_ASSERT( res == div_result );
- if( res == 0 )
- {
- TEST_ASSERT( sign_is_valid( &Q ) );
- TEST_ASSERT( sign_is_valid( &R ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&B, input_B) == 0);
+ res = mbedtls_mpi_div_mpi(&Q, &R, &X, &Y);
+ TEST_ASSERT(res == div_result);
+ if (res == 0) {
+ TEST_ASSERT(sign_is_valid(&Q));
+ TEST_ASSERT(sign_is_valid(&R));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &A) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &B) == 0);
}
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &R );
- mbedtls_mpi_free( &A ); mbedtls_mpi_free( &B );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&R);
+ mbedtls_mpi_free(&A); mbedtls_mpi_free(&B);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_div_int( char * input_X, int input_Y,
- char * input_A, char * input_B,
- int div_result )
+void mbedtls_mpi_div_int(char *input_X, int input_Y,
+ char *input_A, char *input_B,
+ int div_result)
{
mbedtls_mpi X, Q, R, A, B;
int res;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &A );
- mbedtls_mpi_init( &B );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&R); mbedtls_mpi_init(&A);
+ mbedtls_mpi_init(&B);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &B, input_B ) == 0 );
- res = mbedtls_mpi_div_int( &Q, &R, &X, input_Y );
- TEST_ASSERT( res == div_result );
- if( res == 0 )
- {
- TEST_ASSERT( sign_is_valid( &Q ) );
- TEST_ASSERT( sign_is_valid( &R ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&B, input_B) == 0);
+ res = mbedtls_mpi_div_int(&Q, &R, &X, input_Y);
+ TEST_ASSERT(res == div_result);
+ if (res == 0) {
+ TEST_ASSERT(sign_is_valid(&Q));
+ TEST_ASSERT(sign_is_valid(&R));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &A) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &B) == 0);
}
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &R ); mbedtls_mpi_free( &A );
- mbedtls_mpi_free( &B );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&R); mbedtls_mpi_free(&A);
+ mbedtls_mpi_free(&B);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_mod_mpi( char * input_X, char * input_Y,
- char * input_A, int div_result )
+void mbedtls_mpi_mod_mpi(char *input_X, char *input_Y,
+ char *input_A, int div_result)
{
mbedtls_mpi X, Y, A;
int res;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &A );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&A);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
- res = mbedtls_mpi_mod_mpi( &X, &X, &Y );
- TEST_ASSERT( res == div_result );
- if( res == 0 )
- {
- TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
+ res = mbedtls_mpi_mod_mpi(&X, &X, &Y);
+ TEST_ASSERT(res == div_result);
+ if (res == 0) {
+ TEST_ASSERT(sign_is_valid(&X));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
}
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &A );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&A);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_mod_int( char * input_X, char * input_Y,
- char * input_A, int mod_result )
+void mbedtls_mpi_mod_int(char *input_X, char *input_Y,
+ char *input_A, int mod_result)
{
mbedtls_mpi X;
mbedtls_mpi Y;
@@ -1192,18 +1190,18 @@
int res;
mbedtls_mpi_uint r;
- mbedtls_mpi_init( &X );
- mbedtls_mpi_init( &Y );
- mbedtls_mpi_init( &A );
+ mbedtls_mpi_init(&X);
+ mbedtls_mpi_init(&Y);
+ mbedtls_mpi_init(&A);
/* We use MPIs to read Y and A since the test framework limits us to
* ints, so we can't have 64-bit values */
- TEST_EQUAL( mbedtls_test_read_mpi( &X, input_X ), 0 );
- TEST_EQUAL( mbedtls_test_read_mpi( &Y, input_Y ), 0 );
- TEST_EQUAL( mbedtls_test_read_mpi( &A, input_A ), 0 );
+ TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&Y, input_Y), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&A, input_A), 0);
- TEST_EQUAL( Y.n, 1 );
- TEST_EQUAL( A.n, 1 );
+ TEST_EQUAL(Y.n, 1);
+ TEST_EQUAL(A.n, 1);
/* Convert the MPIs for Y and A to (signed) mbedtls_mpi_sints */
@@ -1214,301 +1212,297 @@
* easy to test for, and this helps guard against human error. */
mbedtls_mpi_sint y = (mbedtls_mpi_sint) Y.p[0];
- TEST_ASSERT( y >= 0 ); /* If y < 0 here, we can't make negative y */
- if( Y.s == -1 )
+ TEST_ASSERT(y >= 0); /* If y < 0 here, we can't make negative y */
+ if (Y.s == -1) {
y = -y;
+ }
mbedtls_mpi_sint a = (mbedtls_mpi_sint) A.p[0];
- TEST_ASSERT( a >= 0 ); /* Same goes for a */
- if( A.s == -1 )
+ TEST_ASSERT(a >= 0); /* Same goes for a */
+ if (A.s == -1) {
a = -a;
+ }
- res = mbedtls_mpi_mod_int( &r, &X, y );
- TEST_EQUAL( res, mod_result );
- if( res == 0 )
- {
- TEST_EQUAL( r, a );
+ res = mbedtls_mpi_mod_int(&r, &X, y);
+ TEST_EQUAL(res, mod_result);
+ if (res == 0) {
+ TEST_EQUAL(r, a);
}
exit:
- mbedtls_mpi_free( &X );
- mbedtls_mpi_free( &Y );
- mbedtls_mpi_free( &A );
+ mbedtls_mpi_free(&X);
+ mbedtls_mpi_free(&Y);
+ mbedtls_mpi_free(&A);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_exp_mod( char * input_A, char * input_E,
- char * input_N, char * input_X,
- int exp_result )
+void mbedtls_mpi_exp_mod(char *input_A, char *input_E,
+ char *input_N, char *input_X,
+ int exp_result)
{
mbedtls_mpi A, E, N, RR, Z, X;
int res;
- mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N );
- mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &X );
+ mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N);
+ mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&X);
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
- res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, NULL );
- TEST_ASSERT( res == exp_result );
- if( res == 0 )
- {
- TEST_ASSERT( sign_is_valid( &Z ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
+ res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, NULL);
+ TEST_ASSERT(res == exp_result);
+ if (res == 0) {
+ TEST_ASSERT(sign_is_valid(&Z));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0);
}
/* Now test again with the speed-up parameter supplied as an output. */
- res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR );
- TEST_ASSERT( res == exp_result );
- if( res == 0 )
- {
- TEST_ASSERT( sign_is_valid( &Z ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
+ res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR);
+ TEST_ASSERT(res == exp_result);
+ if (res == 0) {
+ TEST_ASSERT(sign_is_valid(&Z));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0);
}
/* Now test again with the speed-up parameter supplied in calculated form. */
- res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR );
- TEST_ASSERT( res == exp_result );
- if( res == 0 )
- {
- TEST_ASSERT( sign_is_valid( &Z ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
+ res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR);
+ TEST_ASSERT(res == exp_result);
+ if (res == 0) {
+ TEST_ASSERT(sign_is_valid(&Z));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0);
}
exit:
- mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N );
- mbedtls_mpi_free( &RR ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N);
+ mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_exp_mod_size( int A_bytes, int E_bytes, int N_bytes,
- char * input_RR, int exp_result )
+void mbedtls_mpi_exp_mod_size(int A_bytes, int E_bytes, int N_bytes,
+ char *input_RR, int exp_result)
{
mbedtls_mpi A, E, N, RR, Z;
- mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N );
- mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &Z );
+ mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N);
+ mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z);
/* Set A to 2^(A_bytes - 1) + 1 */
- TEST_ASSERT( mbedtls_mpi_lset( &A, 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_shift_l( &A, ( A_bytes * 8 ) - 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_set_bit( &A, 0, 1 ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_lset(&A, 1) == 0);
+ TEST_ASSERT(mbedtls_mpi_shift_l(&A, (A_bytes * 8) - 1) == 0);
+ TEST_ASSERT(mbedtls_mpi_set_bit(&A, 0, 1) == 0);
/* Set E to 2^(E_bytes - 1) + 1 */
- TEST_ASSERT( mbedtls_mpi_lset( &E, 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_shift_l( &E, ( E_bytes * 8 ) - 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 1 ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_lset(&E, 1) == 0);
+ TEST_ASSERT(mbedtls_mpi_shift_l(&E, (E_bytes * 8) - 1) == 0);
+ TEST_ASSERT(mbedtls_mpi_set_bit(&E, 0, 1) == 0);
/* Set N to 2^(N_bytes - 1) + 1 */
- TEST_ASSERT( mbedtls_mpi_lset( &N, 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_shift_l( &N, ( N_bytes * 8 ) - 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_set_bit( &N, 0, 1 ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_lset(&N, 1) == 0);
+ TEST_ASSERT(mbedtls_mpi_shift_l(&N, (N_bytes * 8) - 1) == 0);
+ TEST_ASSERT(mbedtls_mpi_set_bit(&N, 0, 1) == 0);
- if( strlen( input_RR ) )
- TEST_ASSERT( mbedtls_test_read_mpi( &RR, input_RR ) == 0 );
+ if (strlen(input_RR)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&RR, input_RR) == 0);
+ }
- TEST_ASSERT( mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ) == exp_result );
+ TEST_ASSERT(mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR) == exp_result);
exit:
- mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N );
- mbedtls_mpi_free( &RR ); mbedtls_mpi_free( &Z );
+ mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N);
+ mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_inv_mod( char * input_X, char * input_Y,
- char * input_A, int div_result )
+void mbedtls_mpi_inv_mod(char *input_X, char *input_Y,
+ char *input_A, int div_result)
{
mbedtls_mpi X, Y, Z, A;
int res;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
- res = mbedtls_mpi_inv_mod( &Z, &X, &Y );
- TEST_ASSERT( res == div_result );
- if( res == 0 )
- {
- TEST_ASSERT( sign_is_valid( &Z ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
+ res = mbedtls_mpi_inv_mod(&Z, &X, &Y);
+ TEST_ASSERT(res == div_result);
+ if (res == 0) {
+ TEST_ASSERT(sign_is_valid(&Z));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
}
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
-void mbedtls_mpi_is_prime( char * input_X, int div_result )
+void mbedtls_mpi_is_prime(char *input_X, int div_result)
{
mbedtls_mpi X;
int res;
- mbedtls_mpi_init( &X );
+ mbedtls_mpi_init(&X);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- res = mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL );
- TEST_ASSERT( res == div_result );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ res = mbedtls_mpi_is_prime_ext(&X, 40, mbedtls_test_rnd_std_rand, NULL);
+ TEST_ASSERT(res == div_result);
exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
-void mbedtls_mpi_is_prime_det( data_t * input_X, data_t * witnesses,
- int chunk_len, int rounds )
+void mbedtls_mpi_is_prime_det(data_t *input_X, data_t *witnesses,
+ int chunk_len, int rounds)
{
mbedtls_mpi X;
int res;
mbedtls_test_mpi_random rand;
- mbedtls_mpi_init( &X );
+ mbedtls_mpi_init(&X);
rand.data = witnesses;
rand.pos = 0;
rand.chunk_len = chunk_len;
- TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 );
- res = mbedtls_mpi_is_prime_ext( &X, rounds - 1,
- mbedtls_test_mpi_miller_rabin_determinizer,
- &rand );
- TEST_ASSERT( res == 0 );
+ TEST_ASSERT(mbedtls_mpi_read_binary(&X, input_X->x, input_X->len) == 0);
+ res = mbedtls_mpi_is_prime_ext(&X, rounds - 1,
+ mbedtls_test_mpi_miller_rabin_determinizer,
+ &rand);
+ TEST_ASSERT(res == 0);
rand.data = witnesses;
rand.pos = 0;
rand.chunk_len = chunk_len;
- res = mbedtls_mpi_is_prime_ext( &X, rounds,
- mbedtls_test_mpi_miller_rabin_determinizer,
- &rand );
- TEST_ASSERT( res == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
+ res = mbedtls_mpi_is_prime_ext(&X, rounds,
+ mbedtls_test_mpi_miller_rabin_determinizer,
+ &rand);
+ TEST_ASSERT(res == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE);
exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
-void mbedtls_mpi_gen_prime( int bits, int flags, int ref_ret )
+void mbedtls_mpi_gen_prime(int bits, int flags, int ref_ret)
{
mbedtls_mpi X;
int my_ret;
- mbedtls_mpi_init( &X );
+ mbedtls_mpi_init(&X);
- my_ret = mbedtls_mpi_gen_prime( &X, bits, flags,
- mbedtls_test_rnd_std_rand, NULL );
- TEST_ASSERT( my_ret == ref_ret );
+ my_ret = mbedtls_mpi_gen_prime(&X, bits, flags,
+ mbedtls_test_rnd_std_rand, NULL);
+ TEST_ASSERT(my_ret == ref_ret);
- if( ref_ret == 0 )
- {
- size_t actual_bits = mbedtls_mpi_bitlen( &X );
+ if (ref_ret == 0) {
+ size_t actual_bits = mbedtls_mpi_bitlen(&X);
- TEST_ASSERT( actual_bits >= (size_t) bits );
- TEST_ASSERT( actual_bits <= (size_t) bits + 1 );
- TEST_ASSERT( sign_is_valid( &X ) );
+ TEST_ASSERT(actual_bits >= (size_t) bits);
+ TEST_ASSERT(actual_bits <= (size_t) bits + 1);
+ TEST_ASSERT(sign_is_valid(&X));
- TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40,
- mbedtls_test_rnd_std_rand,
- NULL ) == 0 );
- if( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH )
- {
+ TEST_ASSERT(mbedtls_mpi_is_prime_ext(&X, 40,
+ mbedtls_test_rnd_std_rand,
+ NULL) == 0);
+ if (flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH) {
/* X = ( X - 1 ) / 2 */
- TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40,
- mbedtls_test_rnd_std_rand,
- NULL ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_shift_r(&X, 1) == 0);
+ TEST_ASSERT(mbedtls_mpi_is_prime_ext(&X, 40,
+ mbedtls_test_rnd_std_rand,
+ NULL) == 0);
}
}
exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_shift_l( char * input_X, int shift_X,
- char * input_A )
+void mbedtls_mpi_shift_l(char *input_X, int shift_X,
+ char *input_A)
{
mbedtls_mpi X, A;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&A);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_shift_l( &X, shift_X ) == 0 );
- TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
+ TEST_ASSERT(mbedtls_mpi_shift_l(&X, shift_X) == 0);
+ TEST_ASSERT(sign_is_valid(&X));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&A);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_shift_r( char * input_X, int shift_X,
- char * input_A )
+void mbedtls_mpi_shift_r(char *input_X, int shift_X,
+ char *input_A)
{
mbedtls_mpi X, A;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&A);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_shift_r( &X, shift_X ) == 0 );
- TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
+ TEST_ASSERT(mbedtls_mpi_shift_r(&X, shift_X) == 0);
+ TEST_ASSERT(sign_is_valid(&X));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A );
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&A);
}
/* END_CASE */
/* BEGIN_CASE */
-void mpi_fill_random( int wanted_bytes, int rng_bytes,
- int before, int expected_ret )
+void mpi_fill_random(int wanted_bytes, int rng_bytes,
+ int before, int expected_ret)
{
mbedtls_mpi X;
int ret;
size_t bytes_left = rng_bytes;
- mbedtls_mpi_init( &X );
+ mbedtls_mpi_init(&X);
- if( before != 0 )
- {
+ if (before != 0) {
/* Set X to sign(before) * 2^(|before|-1) */
- TEST_ASSERT( mbedtls_mpi_lset( &X, before > 0 ? 1 : -1 ) == 0 );
- if( before < 0 )
- before = - before;
- TEST_ASSERT( mbedtls_mpi_shift_l( &X, before - 1 ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_lset(&X, before > 0 ? 1 : -1) == 0);
+ if (before < 0) {
+ before = -before;
+ }
+ TEST_ASSERT(mbedtls_mpi_shift_l(&X, before - 1) == 0);
}
- ret = mbedtls_mpi_fill_random( &X, wanted_bytes,
- f_rng_bytes_left, &bytes_left );
- TEST_ASSERT( ret == expected_ret );
+ ret = mbedtls_mpi_fill_random(&X, wanted_bytes,
+ f_rng_bytes_left, &bytes_left);
+ TEST_ASSERT(ret == expected_ret);
- if( expected_ret == 0 )
- {
+ if (expected_ret == 0) {
/* mbedtls_mpi_fill_random is documented to use bytes from the RNG
* as a big-endian representation of the number. We know when
* our RNG function returns null bytes, so we know how many
* leading zero bytes the number has. */
size_t leading_zeros = 0;
- if( wanted_bytes > 0 && rng_bytes % 256 == 0 )
+ if (wanted_bytes > 0 && rng_bytes % 256 == 0) {
leading_zeros = 1;
- TEST_ASSERT( mbedtls_mpi_size( &X ) + leading_zeros ==
- (size_t) wanted_bytes );
- TEST_ASSERT( (int) bytes_left == rng_bytes - wanted_bytes );
- TEST_ASSERT( sign_is_valid( &X ) );
+ }
+ TEST_ASSERT(mbedtls_mpi_size(&X) + leading_zeros ==
+ (size_t) wanted_bytes);
+ TEST_ASSERT((int) bytes_left == rng_bytes - wanted_bytes);
+ TEST_ASSERT(sign_is_valid(&X));
}
exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE */
-void mpi_random_many( int min, data_t *bound_bytes, int iterations )
+void mpi_random_many(int min, data_t *bound_bytes, int iterations)
{
/* Generate numbers in the range 1..bound-1. Do it iterations times.
* This function assumes that the value of bound is at least 2 and
@@ -1528,71 +1522,60 @@
int full_stats;
size_t i;
- mbedtls_mpi_init( &upper_bound );
- mbedtls_mpi_init( &result );
+ mbedtls_mpi_init(&upper_bound);
+ mbedtls_mpi_init(&result);
- TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound,
- bound_bytes->x, bound_bytes->len ) );
- n_bits = mbedtls_mpi_bitlen( &upper_bound );
+ TEST_EQUAL(0, mbedtls_mpi_read_binary(&upper_bound,
+ bound_bytes->x, bound_bytes->len));
+ n_bits = mbedtls_mpi_bitlen(&upper_bound);
/* Consider a bound "small" if it's less than 2^5. This value is chosen
* to be small enough that the probability of missing one value is
* negligible given the number of iterations. It must be less than
* 256 because some of the code below assumes that "small" values
* fit in a byte. */
- if( n_bits <= 5 )
- {
+ if (n_bits <= 5) {
full_stats = 1;
stats_len = bound_bytes->x[bound_bytes->len - 1];
- }
- else
- {
+ } else {
full_stats = 0;
stats_len = n_bits;
}
- ASSERT_ALLOC( stats, stats_len );
+ ASSERT_ALLOC(stats, stats_len);
- for( i = 0; i < (size_t) iterations; i++ )
- {
- mbedtls_test_set_step( i );
- TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound,
- mbedtls_test_rnd_std_rand, NULL ) );
+ for (i = 0; i < (size_t) iterations; i++) {
+ mbedtls_test_set_step(i);
+ TEST_EQUAL(0, mbedtls_mpi_random(&result, min, &upper_bound,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_ASSERT( sign_is_valid( &result ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 );
- if( full_stats )
- {
+ TEST_ASSERT(sign_is_valid(&result));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&result, &upper_bound) < 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_int(&result, min) >= 0);
+ if (full_stats) {
uint8_t value;
- TEST_EQUAL( 0, mbedtls_mpi_write_binary( &result, &value, 1 ) );
- TEST_ASSERT( value < stats_len );
+ TEST_EQUAL(0, mbedtls_mpi_write_binary(&result, &value, 1));
+ TEST_ASSERT(value < stats_len);
++stats[value];
- }
- else
- {
- for( b = 0; b < n_bits; b++ )
- stats[b] += mbedtls_mpi_get_bit( &result, b );
+ } else {
+ for (b = 0; b < n_bits; b++) {
+ stats[b] += mbedtls_mpi_get_bit(&result, b);
+ }
}
}
- if( full_stats )
- {
- for( b = min; b < stats_len; b++ )
- {
- mbedtls_test_set_step( 1000000 + b );
+ if (full_stats) {
+ for (b = min; b < stats_len; b++) {
+ mbedtls_test_set_step(1000000 + b);
/* Assert that each value has been reached at least once.
* This is almost guaranteed if the iteration count is large
* enough. This is a very crude way of checking the distribution.
*/
- TEST_ASSERT( stats[b] > 0 );
+ TEST_ASSERT(stats[b] > 0);
}
- }
- else
- {
+ } else {
int statistically_safe_all_the_way =
- is_significantly_above_a_power_of_2( bound_bytes );
- for( b = 0; b < n_bits; b++ )
- {
- mbedtls_test_set_step( 1000000 + b );
+ is_significantly_above_a_power_of_2(bound_bytes);
+ for (b = 0; b < n_bits; b++) {
+ mbedtls_test_set_step(1000000 + b);
/* Assert that each bit has been set in at least one result and
* clear in at least one result. Provided that iterations is not
* too small, it would be extremely unlikely for this not to be
@@ -1601,78 +1584,77 @@
* As an exception, the top bit may legitimately never be set
* if bound is a power of 2 or only slightly above.
*/
- if( statistically_safe_all_the_way || b != n_bits - 1 )
- {
- TEST_ASSERT( stats[b] > 0 );
+ if (statistically_safe_all_the_way || b != n_bits - 1) {
+ TEST_ASSERT(stats[b] > 0);
}
- TEST_ASSERT( stats[b] < (size_t) iterations );
+ TEST_ASSERT(stats[b] < (size_t) iterations);
}
}
exit:
- mbedtls_mpi_free( &upper_bound );
- mbedtls_mpi_free( &result );
- mbedtls_free( stats );
+ mbedtls_mpi_free(&upper_bound);
+ mbedtls_mpi_free(&result);
+ mbedtls_free(stats);
}
/* END_CASE */
/* BEGIN_CASE */
-void mpi_random_sizes( int min, data_t *bound_bytes, int nlimbs, int before )
+void mpi_random_sizes(int min, data_t *bound_bytes, int nlimbs, int before)
{
mbedtls_mpi upper_bound;
mbedtls_mpi result;
- mbedtls_mpi_init( &upper_bound );
- mbedtls_mpi_init( &result );
+ mbedtls_mpi_init(&upper_bound);
+ mbedtls_mpi_init(&result);
- if( before != 0 )
- {
+ if (before != 0) {
/* Set result to sign(before) * 2^(|before|-1) */
- TEST_ASSERT( mbedtls_mpi_lset( &result, before > 0 ? 1 : -1 ) == 0 );
- if( before < 0 )
- before = - before;
- TEST_ASSERT( mbedtls_mpi_shift_l( &result, before - 1 ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_lset(&result, before > 0 ? 1 : -1) == 0);
+ if (before < 0) {
+ before = -before;
+ }
+ TEST_ASSERT(mbedtls_mpi_shift_l(&result, before - 1) == 0);
}
- TEST_EQUAL( 0, mbedtls_mpi_grow( &result, nlimbs ) );
- TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound,
- bound_bytes->x, bound_bytes->len ) );
- TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound,
- mbedtls_test_rnd_std_rand, NULL ) );
- TEST_ASSERT( sign_is_valid( &result ) );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 );
+ TEST_EQUAL(0, mbedtls_mpi_grow(&result, nlimbs));
+ TEST_EQUAL(0, mbedtls_mpi_read_binary(&upper_bound,
+ bound_bytes->x, bound_bytes->len));
+ TEST_EQUAL(0, mbedtls_mpi_random(&result, min, &upper_bound,
+ mbedtls_test_rnd_std_rand, NULL));
+ TEST_ASSERT(sign_is_valid(&result));
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&result, &upper_bound) < 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_int(&result, min) >= 0);
exit:
- mbedtls_mpi_free( &upper_bound );
- mbedtls_mpi_free( &result );
+ mbedtls_mpi_free(&upper_bound);
+ mbedtls_mpi_free(&result);
}
/* END_CASE */
/* BEGIN_CASE */
-void mpi_random_fail( int min, data_t *bound_bytes, int expected_ret )
+void mpi_random_fail(int min, data_t *bound_bytes, int expected_ret)
{
mbedtls_mpi upper_bound;
mbedtls_mpi result;
int actual_ret;
- mbedtls_mpi_init( &upper_bound );
- mbedtls_mpi_init( &result );
+ mbedtls_mpi_init(&upper_bound);
+ mbedtls_mpi_init(&result);
- TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound,
- bound_bytes->x, bound_bytes->len ) );
- actual_ret = mbedtls_mpi_random( &result, min, &upper_bound,
- mbedtls_test_rnd_std_rand, NULL );
- TEST_EQUAL( expected_ret, actual_ret );
+ TEST_EQUAL(0, mbedtls_mpi_read_binary(&upper_bound,
+ bound_bytes->x, bound_bytes->len));
+ actual_ret = mbedtls_mpi_random(&result, min, &upper_bound,
+ mbedtls_test_rnd_std_rand, NULL);
+ TEST_EQUAL(expected_ret, actual_ret);
exit:
- mbedtls_mpi_free( &upper_bound );
- mbedtls_mpi_free( &result );
+ mbedtls_mpi_free(&upper_bound);
+ mbedtls_mpi_free(&result);
}
/* END_CASE */
/* BEGIN_CASE */
-void most_negative_mpi_sint( )
+void most_negative_mpi_sint()
{
/* Ad hoc tests for n = -p = -2^(biL-1) as a mbedtls_mpi_sint. We
* guarantee that mbedtls_mpi_sint is a two's complement type, so this
@@ -1690,134 +1672,134 @@
*/
mbedtls_mpi A, R, X;
- mbedtls_mpi_init( &A );
- mbedtls_mpi_init( &R );
- mbedtls_mpi_init( &X );
+ mbedtls_mpi_init(&A);
+ mbedtls_mpi_init(&R);
+ mbedtls_mpi_init(&X);
- const size_t biL = 8 * sizeof( mbedtls_mpi_sint );
- mbedtls_mpi_uint most_positive_plus_1 = (mbedtls_mpi_uint) 1 << ( biL - 1 );
+ const size_t biL = 8 * sizeof(mbedtls_mpi_sint);
+ mbedtls_mpi_uint most_positive_plus_1 = (mbedtls_mpi_uint) 1 << (biL - 1);
const mbedtls_mpi_sint most_positive = most_positive_plus_1 - 1;
- const mbedtls_mpi_sint most_negative = - most_positive - 1;
- TEST_EQUAL( (mbedtls_mpi_uint) most_negative,
- (mbedtls_mpi_uint) 1 << ( biL - 1 ) );
- TEST_EQUAL( (mbedtls_mpi_uint) most_negative << 1, 0 );
+ const mbedtls_mpi_sint most_negative = -most_positive - 1;
+ TEST_EQUAL((mbedtls_mpi_uint) most_negative,
+ (mbedtls_mpi_uint) 1 << (biL - 1));
+ TEST_EQUAL((mbedtls_mpi_uint) most_negative << 1, 0);
/* Test mbedtls_mpi_lset() */
- TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 );
- TEST_EQUAL( A.s, -1 );
- TEST_EQUAL( A.n, 1 );
- TEST_EQUAL( A.p[0], most_positive_plus_1 );
+ TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0);
+ TEST_EQUAL(A.s, -1);
+ TEST_EQUAL(A.n, 1);
+ TEST_EQUAL(A.p[0], most_positive_plus_1);
/* Test mbedtls_mpi_cmp_int(): -p == -p */
- TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), 0 );
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), 0);
/* Test mbedtls_mpi_cmp_int(): -(p+1) < -p */
A.p[0] = most_positive_plus_1 + 1;
- TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), -1 );
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), -1);
/* Test mbedtls_mpi_cmp_int(): -(p-1) > -p */
A.p[0] = most_positive_plus_1 - 1;
- TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), 1 );
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), 1);
/* Test mbedtls_mpi_add_int(): (p-1) + (-p) */
- TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 );
- TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -1 ), 0 );
+ TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0);
+ TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -1), 0);
/* Test mbedtls_mpi_add_int(): (0) + (-p) */
- TEST_EQUAL( mbedtls_mpi_lset( &A, 0 ), 0 );
- TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &X, most_negative ), 0 );
+ TEST_EQUAL(mbedtls_mpi_lset(&A, 0), 0);
+ TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&X, most_negative), 0);
/* Test mbedtls_mpi_add_int(): (-p) + (-p) */
- TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 );
- TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 );
- TEST_EQUAL( X.s, -1 );
- TEST_EQUAL( X.n, 2 );
- TEST_EQUAL( X.p[0], 0 );
- TEST_EQUAL( X.p[1], 1 );
+ TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0);
+ TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0);
+ TEST_EQUAL(X.s, -1);
+ TEST_EQUAL(X.n, 2);
+ TEST_EQUAL(X.p[0], 0);
+ TEST_EQUAL(X.p[1], 1);
/* Test mbedtls_mpi_sub_int(): (p) - (-p) */
- mbedtls_mpi_free( &X );
- TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 );
- TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 );
- TEST_EQUAL( X.s, 1 );
- TEST_EQUAL( X.n, 1 );
- TEST_EQUAL( X.p[0], ~(mbedtls_mpi_uint)0 );
+ mbedtls_mpi_free(&X);
+ TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0);
+ TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0);
+ TEST_EQUAL(X.s, 1);
+ TEST_EQUAL(X.n, 1);
+ TEST_EQUAL(X.p[0], ~(mbedtls_mpi_uint) 0);
/* Test mbedtls_mpi_sub_int(): (0) - (-p) */
- TEST_EQUAL( mbedtls_mpi_lset( &A, 0 ), 0 );
- TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 );
- TEST_EQUAL( X.s, 1 );
- TEST_EQUAL( X.n, 1 );
- TEST_EQUAL( X.p[0], most_positive_plus_1 );
+ TEST_EQUAL(mbedtls_mpi_lset(&A, 0), 0);
+ TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0);
+ TEST_EQUAL(X.s, 1);
+ TEST_EQUAL(X.n, 1);
+ TEST_EQUAL(X.p[0], most_positive_plus_1);
/* Test mbedtls_mpi_sub_int(): (-p) - (-p) */
- TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 );
- TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 );
+ TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0);
+ TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0);
/* Test mbedtls_mpi_div_int(): (-p+1) / (-p) */
- TEST_EQUAL( mbedtls_mpi_lset( &A, -most_positive ), 0 );
- TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &R, -most_positive ), 0 );
+ TEST_EQUAL(mbedtls_mpi_lset(&A, -most_positive), 0);
+ TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&R, -most_positive), 0);
/* Test mbedtls_mpi_div_int(): (-p) / (-p) */
- TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 );
- TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 1 ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 );
+ TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0);
+ TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 1), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0);
/* Test mbedtls_mpi_div_int(): (-2*p) / (-p) */
- TEST_EQUAL( mbedtls_mpi_shift_l( &A, 1 ), 0 );
- TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 2 ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 );
+ TEST_EQUAL(mbedtls_mpi_shift_l(&A, 1), 0);
+ TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 2), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0);
/* Test mbedtls_mpi_div_int(): (-2*p+1) / (-p) */
- TEST_EQUAL( mbedtls_mpi_add_int( &A, &A, 1 ), 0 );
- TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 1 ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &R, -most_positive ), 0 );
+ TEST_EQUAL(mbedtls_mpi_add_int(&A, &A, 1), 0);
+ TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 1), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&R, -most_positive), 0);
/* Test mbedtls_mpi_div_int(): (p-1) / (-p) */
- TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 );
- TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &R, most_positive ), 0 );
+ TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0);
+ TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&R, most_positive), 0);
/* Test mbedtls_mpi_div_int(): (p) / (-p) */
- TEST_EQUAL( mbedtls_mpi_add_int( &A, &A, 1 ), 0 );
- TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -1 ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 );
+ TEST_EQUAL(mbedtls_mpi_add_int(&A, &A, 1), 0);
+ TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -1), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0);
/* Test mbedtls_mpi_div_int(): (2*p) / (-p) */
- TEST_EQUAL( mbedtls_mpi_shift_l( &A, 1 ), 0 );
- TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -2 ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 );
+ TEST_EQUAL(mbedtls_mpi_shift_l(&A, 1), 0);
+ TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -2), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0);
/* Test mbedtls_mpi_mod_int(): never valid */
- TEST_EQUAL( mbedtls_mpi_mod_int( X.p, &A, most_negative ),
- MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
+ TEST_EQUAL(mbedtls_mpi_mod_int(X.p, &A, most_negative),
+ MBEDTLS_ERR_MPI_NEGATIVE_VALUE);
/* Test mbedtls_mpi_random(): never valid */
- TEST_EQUAL( mbedtls_mpi_random( &X, most_negative, &A,
- mbedtls_test_rnd_std_rand, NULL ),
- MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ TEST_EQUAL(mbedtls_mpi_random(&X, most_negative, &A,
+ mbedtls_test_rnd_std_rand, NULL),
+ MBEDTLS_ERR_MPI_BAD_INPUT_DATA);
exit:
- mbedtls_mpi_free( &A );
- mbedtls_mpi_free( &R );
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free(&A);
+ mbedtls_mpi_free(&R);
+ mbedtls_mpi_free(&X);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void mpi_selftest( )
+void mpi_selftest()
{
- TEST_ASSERT( mbedtls_mpi_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function
index f89353c..9541711 100644
--- a/tests/suites/test_suite_blowfish.function
+++ b/tests/suites/test_suite_blowfish.function
@@ -8,156 +8,156 @@
*/
/* BEGIN_CASE */
-void blowfish_valid_param( )
+void blowfish_valid_param()
{
- TEST_VALID_PARAM( mbedtls_blowfish_free( NULL ) );
+ TEST_VALID_PARAM(mbedtls_blowfish_free(NULL));
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void blowfish_invalid_param( )
+void blowfish_invalid_param()
{
mbedtls_blowfish_context ctx;
unsigned char buf[16] = { 0 };
- size_t const valid_keylength = sizeof( buf ) * 8;
+ size_t const valid_keylength = sizeof(buf) * 8;
size_t valid_mode = MBEDTLS_BLOWFISH_ENCRYPT;
size_t invalid_mode = 42;
size_t off;
((void) off);
- TEST_INVALID_PARAM( mbedtls_blowfish_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_blowfish_free( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_blowfish_init(NULL));
+ TEST_VALID_PARAM(mbedtls_blowfish_free(NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_setkey( NULL,
- buf,
- valid_keylength ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_setkey( &ctx,
- NULL,
- valid_keylength ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_setkey(NULL,
+ buf,
+ valid_keylength));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_setkey(&ctx,
+ NULL,
+ valid_keylength));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ecb( NULL,
- valid_mode,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ecb( &ctx,
- invalid_mode,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ecb( &ctx,
- valid_mode,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ecb( &ctx,
- valid_mode,
- buf, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ecb(NULL,
+ valid_mode,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ecb(&ctx,
+ invalid_mode,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ecb(&ctx,
+ valid_mode,
+ NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ecb(&ctx,
+ valid_mode,
+ buf, NULL));
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cbc( NULL,
- valid_mode,
- sizeof( buf ),
- buf, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cbc( &ctx,
- invalid_mode,
- sizeof( buf ),
- buf, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- NULL, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- buf, NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- buf, buf, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cbc(NULL,
+ valid_mode,
+ sizeof(buf),
+ buf, buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cbc(&ctx,
+ invalid_mode,
+ sizeof(buf),
+ buf, buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cbc(&ctx,
+ valid_mode,
+ sizeof(buf),
+ NULL, buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cbc(&ctx,
+ valid_mode,
+ sizeof(buf),
+ buf, NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cbc(&ctx,
+ valid_mode,
+ sizeof(buf),
+ buf, buf, NULL));
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cfb64( NULL,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cfb64( &ctx,
- invalid_mode,
- sizeof( buf ),
- &off, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cfb64( &ctx,
- valid_mode,
- sizeof( buf ),
- NULL, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cfb64( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, NULL,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cfb64( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cfb64( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- buf, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cfb64(NULL,
+ valid_mode,
+ sizeof(buf),
+ &off, buf,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cfb64(&ctx,
+ invalid_mode,
+ sizeof(buf),
+ &off, buf,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cfb64(&ctx,
+ valid_mode,
+ sizeof(buf),
+ NULL, buf,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cfb64(&ctx,
+ valid_mode,
+ sizeof(buf),
+ &off, NULL,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cfb64(&ctx,
+ valid_mode,
+ sizeof(buf),
+ &off, buf,
+ NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cfb64(&ctx,
+ valid_mode,
+ sizeof(buf),
+ &off, buf,
+ buf, NULL));
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( NULL,
- sizeof( buf ),
- &off,
- buf, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( &ctx,
- sizeof( buf ),
- NULL,
- buf, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- NULL, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, NULL,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, buf,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, buf,
- buf, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ctr(NULL,
+ sizeof(buf),
+ &off,
+ buf, buf,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ctr(&ctx,
+ sizeof(buf),
+ NULL,
+ buf, buf,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ctr(&ctx,
+ sizeof(buf),
+ &off,
+ NULL, buf,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ctr(&ctx,
+ sizeof(buf),
+ &off,
+ buf, NULL,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ctr(&ctx,
+ sizeof(buf),
+ &off,
+ buf, buf,
+ NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ctr(&ctx,
+ sizeof(buf),
+ &off,
+ buf, buf,
+ buf, NULL));
#endif /* MBEDTLS_CIPHER_MODE_CTR */
exit:
@@ -166,155 +166,157 @@
/* END_CASE */
/* BEGIN_CASE */
-void blowfish_encrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * dst, int setkey_result )
+void blowfish_encrypt_ecb(data_t *key_str, data_t *src_str,
+ data_t *dst, int setkey_result)
{
unsigned char output[100];
mbedtls_blowfish_context ctx;
memset(output, 0x00, 100);
- mbedtls_blowfish_init( &ctx );
+ mbedtls_blowfish_init(&ctx);
- TEST_ASSERT( mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
- if( setkey_result == 0 )
- {
- TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->x, output ) == 0 );
+ TEST_ASSERT(mbedtls_blowfish_setkey(&ctx, key_str->x, key_str->len * 8) == setkey_result);
+ if (setkey_result == 0) {
+ TEST_ASSERT(mbedtls_blowfish_crypt_ecb(&ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->x,
+ output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, 8, dst->len) == 0);
}
exit:
- mbedtls_blowfish_free( &ctx );
+ mbedtls_blowfish_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void blowfish_decrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * dst, int setkey_result )
+void blowfish_decrypt_ecb(data_t *key_str, data_t *src_str,
+ data_t *dst, int setkey_result)
{
unsigned char output[100];
mbedtls_blowfish_context ctx;
memset(output, 0x00, 100);
- mbedtls_blowfish_init( &ctx );
+ mbedtls_blowfish_init(&ctx);
- TEST_ASSERT( mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
- if( setkey_result == 0 )
- {
- TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->x, output ) == 0 );
+ TEST_ASSERT(mbedtls_blowfish_setkey(&ctx, key_str->x, key_str->len * 8) == setkey_result);
+ if (setkey_result == 0) {
+ TEST_ASSERT(mbedtls_blowfish_crypt_ecb(&ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->x,
+ output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, 8, dst->len) == 0);
}
exit:
- mbedtls_blowfish_free( &ctx );
+ mbedtls_blowfish_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void blowfish_encrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst,
- int cbc_result )
+void blowfish_encrypt_cbc(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst,
+ int cbc_result)
{
unsigned char output[100];
mbedtls_blowfish_context ctx;
memset(output, 0x00, 100);
- mbedtls_blowfish_init( &ctx );
+ mbedtls_blowfish_init(&ctx);
- mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
+ mbedtls_blowfish_setkey(&ctx, key_str->x, key_str->len * 8);
- TEST_ASSERT( mbedtls_blowfish_crypt_cbc( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len , iv_str->x, src_str->x, output ) == cbc_result );
- if( cbc_result == 0 )
- {
+ TEST_ASSERT(mbedtls_blowfish_crypt_cbc(&ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len, iv_str->x,
+ src_str->x, output) == cbc_result);
+ if (cbc_result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
- src_str->len, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x,
+ src_str->len, dst->len) == 0);
}
exit:
- mbedtls_blowfish_free( &ctx );
+ mbedtls_blowfish_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void blowfish_decrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst,
- int cbc_result )
+void blowfish_decrypt_cbc(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst,
+ int cbc_result)
{
unsigned char output[100];
mbedtls_blowfish_context ctx;
memset(output, 0x00, 100);
- mbedtls_blowfish_init( &ctx );
+ mbedtls_blowfish_init(&ctx);
- mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_blowfish_crypt_cbc( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len , iv_str->x, src_str->x, output ) == cbc_result );
- if( cbc_result == 0)
- {
+ mbedtls_blowfish_setkey(&ctx, key_str->x, key_str->len * 8);
+ TEST_ASSERT(mbedtls_blowfish_crypt_cbc(&ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len, iv_str->x,
+ src_str->x, output) == cbc_result);
+ if (cbc_result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
- dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, src_str->len,
+ dst->len) == 0);
}
exit:
- mbedtls_blowfish_free( &ctx );
+ mbedtls_blowfish_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void blowfish_encrypt_cfb64( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst )
+void blowfish_encrypt_cfb64(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst)
{
unsigned char output[100];
mbedtls_blowfish_context ctx;
size_t iv_offset = 0;
memset(output, 0x00, 100);
- mbedtls_blowfish_init( &ctx );
+ mbedtls_blowfish_init(&ctx);
- mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
+ mbedtls_blowfish_setkey(&ctx, key_str->x, key_str->len * 8);
+ TEST_ASSERT(mbedtls_blowfish_crypt_cfb64(&ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len,
+ &iv_offset, iv_str->x, src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
- dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, src_str->len,
+ dst->len) == 0);
exit:
- mbedtls_blowfish_free( &ctx );
+ mbedtls_blowfish_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void blowfish_decrypt_cfb64( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst )
+void blowfish_decrypt_cfb64(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst)
{
unsigned char output[100];
mbedtls_blowfish_context ctx;
size_t iv_offset = 0;
memset(output, 0x00, 100);
- mbedtls_blowfish_init( &ctx );
+ mbedtls_blowfish_init(&ctx);
- mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
+ mbedtls_blowfish_setkey(&ctx, key_str->x, key_str->len * 8);
+ TEST_ASSERT(mbedtls_blowfish_crypt_cfb64(&ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len,
+ &iv_offset, iv_str->x, src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
- dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, src_str->len,
+ dst->len) == 0);
exit:
- mbedtls_blowfish_free( &ctx );
+ mbedtls_blowfish_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */
-void blowfish_encrypt_ctr( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst )
+void blowfish_encrypt_ctr(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst)
{
unsigned char stream_str[100];
unsigned char output[100];
@@ -323,16 +325,17 @@
memset(stream_str, 0x00, 100);
memset(output, 0x00, 100);
- mbedtls_blowfish_init( &ctx );
+ mbedtls_blowfish_init(&ctx);
- mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_blowfish_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, stream_str, src_str->x, output ) == 0 );
+ mbedtls_blowfish_setkey(&ctx, key_str->x, key_str->len * 8);
+ TEST_ASSERT(mbedtls_blowfish_crypt_ctr(&ctx, src_str->len, &iv_offset, iv_str->x, stream_str,
+ src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
- dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, src_str->len,
+ dst->len) == 0);
exit:
- mbedtls_blowfish_free( &ctx );
+ mbedtls_blowfish_free(&ctx);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index 312495c..da4276a 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function
@@ -8,14 +8,14 @@
*/
/* BEGIN_CASE */
-void camellia_valid_param( )
+void camellia_valid_param()
{
- TEST_VALID_PARAM( mbedtls_camellia_free( NULL ) );
+ TEST_VALID_PARAM(mbedtls_camellia_free(NULL));
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void camellia_invalid_param( )
+void camellia_invalid_param()
{
mbedtls_camellia_context ctx;
unsigned char buf[16] = { 0 };
@@ -25,147 +25,147 @@
size_t off;
((void) off);
- TEST_INVALID_PARAM( mbedtls_camellia_init( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_camellia_init(NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_setkey_enc( NULL,
- buf,
- valid_keybits ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_setkey_enc( &ctx,
- NULL,
- valid_keybits ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_setkey_enc(NULL,
+ buf,
+ valid_keybits));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_setkey_enc(&ctx,
+ NULL,
+ valid_keybits));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_setkey_dec( NULL,
- buf,
- valid_keybits ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_setkey_dec( &ctx,
- NULL,
- valid_keybits ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_setkey_dec(NULL,
+ buf,
+ valid_keybits));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_setkey_dec(&ctx,
+ NULL,
+ valid_keybits));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ecb( NULL,
- valid_mode,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ecb( &ctx,
- invalid_mode,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ecb( &ctx,
- valid_mode,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ecb( &ctx,
- valid_mode,
- buf, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ecb(NULL,
+ valid_mode,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ecb(&ctx,
+ invalid_mode,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ecb(&ctx,
+ valid_mode,
+ NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ecb(&ctx,
+ valid_mode,
+ buf, NULL));
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cbc( NULL,
- valid_mode,
- sizeof( buf ),
- buf, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cbc( &ctx,
- invalid_mode,
- sizeof( buf ),
- buf, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- NULL, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- buf, NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- buf, buf, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cbc(NULL,
+ valid_mode,
+ sizeof(buf),
+ buf, buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cbc(&ctx,
+ invalid_mode,
+ sizeof(buf),
+ buf, buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cbc(&ctx,
+ valid_mode,
+ sizeof(buf),
+ NULL, buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cbc(&ctx,
+ valid_mode,
+ sizeof(buf),
+ buf, NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cbc(&ctx,
+ valid_mode,
+ sizeof(buf),
+ buf, buf, NULL));
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cfb128( NULL,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cfb128( &ctx,
- invalid_mode,
- sizeof( buf ),
- &off, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cfb128( &ctx,
- valid_mode,
- sizeof( buf ),
- NULL, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cfb128( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, NULL,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cfb128( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cfb128( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- buf, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cfb128(NULL,
+ valid_mode,
+ sizeof(buf),
+ &off, buf,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cfb128(&ctx,
+ invalid_mode,
+ sizeof(buf),
+ &off, buf,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cfb128(&ctx,
+ valid_mode,
+ sizeof(buf),
+ NULL, buf,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cfb128(&ctx,
+ valid_mode,
+ sizeof(buf),
+ &off, NULL,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cfb128(&ctx,
+ valid_mode,
+ sizeof(buf),
+ &off, buf,
+ NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cfb128(&ctx,
+ valid_mode,
+ sizeof(buf),
+ &off, buf,
+ buf, NULL));
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( NULL,
- sizeof( buf ),
- &off,
- buf, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( &ctx,
- sizeof( buf ),
- NULL,
- buf, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- NULL, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, NULL,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, buf,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, buf,
- buf, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ctr(NULL,
+ sizeof(buf),
+ &off,
+ buf, buf,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ctr(&ctx,
+ sizeof(buf),
+ NULL,
+ buf, buf,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ctr(&ctx,
+ sizeof(buf),
+ &off,
+ NULL, buf,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ctr(&ctx,
+ sizeof(buf),
+ &off,
+ buf, NULL,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ctr(&ctx,
+ sizeof(buf),
+ &off,
+ buf, buf,
+ NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ctr(&ctx,
+ sizeof(buf),
+ &off,
+ buf, buf,
+ buf, NULL));
#endif /* MBEDTLS_CIPHER_MODE_CTR */
exit:
@@ -174,152 +174,154 @@
/* END_CASE */
/* BEGIN_CASE */
-void camellia_encrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * dst, int setkey_result )
+void camellia_encrypt_ecb(data_t *key_str, data_t *src_str,
+ data_t *dst, int setkey_result)
{
unsigned char output[100];
mbedtls_camellia_context ctx;
memset(output, 0x00, 100);
- mbedtls_camellia_init( &ctx );
+ mbedtls_camellia_init(&ctx);
- TEST_ASSERT( mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
- if( setkey_result == 0 )
- {
- TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str->x, output ) == 0 );
+ TEST_ASSERT(mbedtls_camellia_setkey_enc(&ctx, key_str->x, key_str->len * 8) == setkey_result);
+ if (setkey_result == 0) {
+ TEST_ASSERT(mbedtls_camellia_crypt_ecb(&ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str->x,
+ output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, 16, dst->len) == 0);
}
exit:
- mbedtls_camellia_free( &ctx );
+ mbedtls_camellia_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void camellia_decrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * dst, int setkey_result )
+void camellia_decrypt_ecb(data_t *key_str, data_t *src_str,
+ data_t *dst, int setkey_result)
{
unsigned char output[100];
mbedtls_camellia_context ctx;
memset(output, 0x00, 100);
- mbedtls_camellia_init( &ctx );
+ mbedtls_camellia_init(&ctx);
- TEST_ASSERT( mbedtls_camellia_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
- if( setkey_result == 0 )
- {
- TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str->x, output ) == 0 );
+ TEST_ASSERT(mbedtls_camellia_setkey_dec(&ctx, key_str->x, key_str->len * 8) == setkey_result);
+ if (setkey_result == 0) {
+ TEST_ASSERT(mbedtls_camellia_crypt_ecb(&ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str->x,
+ output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, 16, dst->len) == 0);
}
exit:
- mbedtls_camellia_free( &ctx );
+ mbedtls_camellia_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void camellia_encrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst, int cbc_result )
+void camellia_encrypt_cbc(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst, int cbc_result)
{
unsigned char output[100];
mbedtls_camellia_context ctx;
memset(output, 0x00, 100);
- mbedtls_camellia_init( &ctx );
+ mbedtls_camellia_init(&ctx);
- mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_camellia_crypt_cbc( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str->len, iv_str->x, src_str->x, output) == cbc_result );
- if( cbc_result == 0 )
- {
+ mbedtls_camellia_setkey_enc(&ctx, key_str->x, key_str->len * 8);
+ TEST_ASSERT(mbedtls_camellia_crypt_cbc(&ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str->len, iv_str->x,
+ src_str->x, output) == cbc_result);
+ if (cbc_result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
- dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, src_str->len,
+ dst->len) == 0);
}
exit:
- mbedtls_camellia_free( &ctx );
+ mbedtls_camellia_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void camellia_decrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst,
- int cbc_result )
+void camellia_decrypt_cbc(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst,
+ int cbc_result)
{
unsigned char output[100];
mbedtls_camellia_context ctx;
memset(output, 0x00, 100);
- mbedtls_camellia_init( &ctx );
+ mbedtls_camellia_init(&ctx);
- mbedtls_camellia_setkey_dec( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_camellia_crypt_cbc( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
- if( cbc_result == 0 )
- {
+ mbedtls_camellia_setkey_dec(&ctx, key_str->x, key_str->len * 8);
+ TEST_ASSERT(mbedtls_camellia_crypt_cbc(&ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str->len, iv_str->x,
+ src_str->x, output) == cbc_result);
+ if (cbc_result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
- dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, src_str->len,
+ dst->len) == 0);
}
exit:
- mbedtls_camellia_free( &ctx );
+ mbedtls_camellia_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void camellia_encrypt_cfb128( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst )
+void camellia_encrypt_cfb128(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst)
{
unsigned char output[100];
mbedtls_camellia_context ctx;
size_t iv_offset = 0;
memset(output, 0x00, 100);
- mbedtls_camellia_init( &ctx );
+ mbedtls_camellia_init(&ctx);
- mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
+ mbedtls_camellia_setkey_enc(&ctx, key_str->x, key_str->len * 8);
+ TEST_ASSERT(mbedtls_camellia_crypt_cfb128(&ctx, MBEDTLS_CAMELLIA_ENCRYPT, 16, &iv_offset,
+ iv_str->x, src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, 16, dst->len) == 0);
exit:
- mbedtls_camellia_free( &ctx );
+ mbedtls_camellia_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void camellia_decrypt_cfb128( data_t * key_str, data_t * iv_str,
- data_t * src_str,
- data_t * dst )
+void camellia_decrypt_cfb128(data_t *key_str, data_t *iv_str,
+ data_t *src_str,
+ data_t *dst)
{
unsigned char output[100];
mbedtls_camellia_context ctx;
size_t iv_offset = 0;
memset(output, 0x00, 100);
- mbedtls_camellia_init( &ctx );
+ mbedtls_camellia_init(&ctx);
- mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
+ mbedtls_camellia_setkey_enc(&ctx, key_str->x, key_str->len * 8);
+ TEST_ASSERT(mbedtls_camellia_crypt_cfb128(&ctx, MBEDTLS_CAMELLIA_DECRYPT, 16, &iv_offset,
+ iv_str->x, src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, 16, dst->len) == 0);
exit:
- mbedtls_camellia_free( &ctx );
+ mbedtls_camellia_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void camellia_selftest( )
+void camellia_selftest()
{
- TEST_ASSERT( mbedtls_camellia_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_camellia_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 5a3726e..735c9aa 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -8,34 +8,34 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */
-void mbedtls_ccm_self_test( )
+void mbedtls_ccm_self_test()
{
- TEST_ASSERT( mbedtls_ccm_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_ccm_self_test(1) == 0);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ccm_setkey( int cipher_id, int key_size, int result )
+void mbedtls_ccm_setkey(int cipher_id, int key_size, int result)
{
mbedtls_ccm_context ctx;
unsigned char key[32];
int ret;
- mbedtls_ccm_init( &ctx );
+ mbedtls_ccm_init(&ctx);
- memset( key, 0x2A, sizeof( key ) );
- TEST_ASSERT( (unsigned) key_size <= 8 * sizeof( key ) );
+ memset(key, 0x2A, sizeof(key));
+ TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key));
- ret = mbedtls_ccm_setkey( &ctx, cipher_id, key, key_size );
- TEST_ASSERT( ret == result );
+ ret = mbedtls_ccm_setkey(&ctx, cipher_id, key, key_size);
+ TEST_ASSERT(ret == result);
exit:
- mbedtls_ccm_free( &ctx );
+ mbedtls_ccm_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
-void ccm_lengths( int msg_len, int iv_len, int add_len, int tag_len, int res )
+void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res)
{
mbedtls_ccm_context ctx;
unsigned char key[16];
@@ -46,38 +46,39 @@
unsigned char tag[18];
int decrypt_ret;
- mbedtls_ccm_init( &ctx );
+ mbedtls_ccm_init(&ctx);
- ASSERT_ALLOC_WEAK( add, add_len );
- memset( key, 0, sizeof( key ) );
- memset( msg, 0, sizeof( msg ) );
- memset( iv, 0, sizeof( iv ) );
- memset( out, 0, sizeof( out ) );
- memset( tag, 0, sizeof( tag ) );
+ ASSERT_ALLOC_WEAK(add, add_len);
+ memset(key, 0, sizeof(key));
+ memset(msg, 0, sizeof(msg));
+ memset(iv, 0, sizeof(iv));
+ memset(out, 0, sizeof(out));
+ memset(tag, 0, sizeof(tag));
- TEST_ASSERT( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
- key, 8 * sizeof( key ) ) == 0 );
+ TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
+ key, 8 * sizeof(key)) == 0);
- TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len,
- msg, out, tag, tag_len ) == res );
+ TEST_ASSERT(mbedtls_ccm_encrypt_and_tag(&ctx, msg_len, iv, iv_len, add, add_len,
+ msg, out, tag, tag_len) == res);
- decrypt_ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len, iv, iv_len, add, add_len,
- msg, out, tag, tag_len );
+ decrypt_ret = mbedtls_ccm_auth_decrypt(&ctx, msg_len, iv, iv_len, add, add_len,
+ msg, out, tag, tag_len);
- if( res == 0 )
- TEST_ASSERT( decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED );
- else
- TEST_ASSERT( decrypt_ret == res );
+ if (res == 0) {
+ TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED);
+ } else {
+ TEST_ASSERT(decrypt_ret == res);
+ }
exit:
- mbedtls_free( add );
- mbedtls_ccm_free( &ctx );
+ mbedtls_free(add);
+ mbedtls_ccm_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
-void ccm_star_lengths( int msg_len, int iv_len, int add_len, int tag_len,
- int res )
+void ccm_star_lengths(int msg_len, int iv_len, int add_len, int tag_len,
+ int res)
{
mbedtls_ccm_context ctx;
unsigned char key[16];
@@ -88,115 +89,115 @@
unsigned char tag[18];
int decrypt_ret;
- mbedtls_ccm_init( &ctx );
+ mbedtls_ccm_init(&ctx);
- memset( key, 0, sizeof( key ) );
- memset( msg, 0, sizeof( msg ) );
- memset( iv, 0, sizeof( iv ) );
- memset( add, 0, sizeof( add ) );
- memset( out, 0, sizeof( out ) );
- memset( tag, 0, sizeof( tag ) );
+ memset(key, 0, sizeof(key));
+ memset(msg, 0, sizeof(msg));
+ memset(iv, 0, sizeof(iv));
+ memset(add, 0, sizeof(add));
+ memset(out, 0, sizeof(out));
+ memset(tag, 0, sizeof(tag));
- TEST_ASSERT( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
- key, 8 * sizeof( key ) ) == 0 );
+ TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
+ key, 8 * sizeof(key)) == 0);
- TEST_ASSERT( mbedtls_ccm_star_encrypt_and_tag( &ctx, msg_len, iv, iv_len,
- add, add_len, msg, out, tag, tag_len ) == res );
+ TEST_ASSERT(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg_len, iv, iv_len,
+ add, add_len, msg, out, tag, tag_len) == res);
- decrypt_ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg_len, iv, iv_len, add,
- add_len, msg, out, tag, tag_len );
+ decrypt_ret = mbedtls_ccm_star_auth_decrypt(&ctx, msg_len, iv, iv_len, add,
+ add_len, msg, out, tag, tag_len);
- if( res == 0 && tag_len != 0 )
- TEST_ASSERT( decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED );
- else
- TEST_ASSERT( decrypt_ret == res );
+ if (res == 0 && tag_len != 0) {
+ TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED);
+ } else {
+ TEST_ASSERT(decrypt_ret == res);
+ }
exit:
- mbedtls_ccm_free( &ctx );
+ mbedtls_ccm_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ccm_encrypt_and_tag( int cipher_id, data_t * key,
- data_t * msg, data_t * iv,
- data_t * add, data_t * result )
+void mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key,
+ data_t *msg, data_t *iv,
+ data_t *add, data_t *result)
{
mbedtls_ccm_context ctx;
size_t tag_len;
- uint8_t * msg_n_tag = (uint8_t *)malloc( result->len + 2 );
+ uint8_t *msg_n_tag = (uint8_t *) malloc(result->len + 2);
- mbedtls_ccm_init( &ctx );
+ mbedtls_ccm_init(&ctx);
- memset( msg_n_tag, 0, result->len + 2 );
- memcpy( msg_n_tag, msg->x, msg->len );
+ memset(msg_n_tag, 0, result->len + 2);
+ memcpy(msg_n_tag, msg->x, msg->len);
tag_len = result->len - msg->len;
- TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 );
+ TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8) == 0);
/* Test with input == output */
- TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg->len, iv->x, iv->len, add->x, add->len,
- msg_n_tag, msg_n_tag, msg_n_tag + msg->len, tag_len ) == 0 );
+ TEST_ASSERT(mbedtls_ccm_encrypt_and_tag(&ctx, msg->len, iv->x, iv->len, add->x, add->len,
+ msg_n_tag, msg_n_tag, msg_n_tag + msg->len,
+ tag_len) == 0);
- TEST_ASSERT( memcmp( msg_n_tag, result->x, result->len ) == 0 );
+ TEST_ASSERT(memcmp(msg_n_tag, result->x, result->len) == 0);
/* Check we didn't write past the end */
- TEST_ASSERT( msg_n_tag[result->len] == 0 && msg_n_tag[result->len + 1] == 0 );
+ TEST_ASSERT(msg_n_tag[result->len] == 0 && msg_n_tag[result->len + 1] == 0);
exit:
- mbedtls_ccm_free( &ctx );
- free( msg_n_tag );
+ mbedtls_ccm_free(&ctx);
+ free(msg_n_tag);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key,
- data_t * msg, data_t * iv,
- data_t * add, int tag_len, int result,
- data_t * expected_msg )
+void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key,
+ data_t *msg, data_t *iv,
+ data_t *add, int tag_len, int result,
+ data_t *expected_msg)
{
unsigned char tag[16];
mbedtls_ccm_context ctx;
- mbedtls_ccm_init( &ctx );
+ mbedtls_ccm_init(&ctx);
- memset( tag, 0x00, sizeof( tag ) );
+ memset(tag, 0x00, sizeof(tag));
msg->len -= tag_len;
- memcpy( tag, msg->x + msg->len, tag_len );
+ memcpy(tag, msg->x + msg->len, tag_len);
- TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 );
+ TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8) == 0);
/* Test with input == output */
- TEST_ASSERT( mbedtls_ccm_auth_decrypt( &ctx, msg->len, iv->x, iv->len, add->x, add->len,
- msg->x, msg->x, msg->x + msg->len, tag_len ) == result );
+ TEST_ASSERT(mbedtls_ccm_auth_decrypt(&ctx, msg->len, iv->x, iv->len, add->x, add->len,
+ msg->x, msg->x, msg->x + msg->len, tag_len) == result);
- if( result == 0 )
- {
- TEST_ASSERT( memcmp( msg->x, expected_msg->x, expected_msg->len ) == 0 );
- }
- else
- {
+ if (result == 0) {
+ TEST_ASSERT(memcmp(msg->x, expected_msg->x, expected_msg->len) == 0);
+ } else {
size_t i;
- for( i = 0; i < msg->len; i++ )
- TEST_ASSERT( msg->x[i] == 0 );
+ for (i = 0; i < msg->len; i++) {
+ TEST_ASSERT(msg->x[i] == 0);
+ }
}
/* Check we didn't write past the end (where the original tag is) */
- TEST_ASSERT( memcmp( msg->x + msg->len, tag, tag_len ) == 0 );
+ TEST_ASSERT(memcmp(msg->x + msg->len, tag, tag_len) == 0);
exit:
- mbedtls_ccm_free( &ctx );
+ mbedtls_ccm_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ccm_star_encrypt_and_tag( int cipher_id,
- data_t *key, data_t *msg,
- data_t *source_address, data_t *frame_counter,
- int sec_level, data_t *add,
- data_t *expected_result, int output_ret )
+void mbedtls_ccm_star_encrypt_and_tag(int cipher_id,
+ data_t *key, data_t *msg,
+ data_t *source_address, data_t *frame_counter,
+ int sec_level, data_t *add,
+ data_t *expected_result, int output_ret)
{
unsigned char iv[13];
unsigned char result[50];
@@ -204,49 +205,50 @@
size_t iv_len, tag_len;
int ret;
- mbedtls_ccm_init( &ctx );
+ mbedtls_ccm_init(&ctx);
- memset( result, 0x00, sizeof( result ) );
+ memset(result, 0x00, sizeof(result));
- if( sec_level % 4 == 0)
+ if (sec_level % 4 == 0) {
tag_len = 0;
- else
- tag_len = 1 << ( sec_level % 4 + 1);
+ } else {
+ tag_len = 1 << (sec_level % 4 + 1);
+ }
- TEST_ASSERT( source_address->len == 8 );
- TEST_ASSERT( frame_counter->len == 4 );
- memcpy( iv, source_address->x, source_address->len );
- memcpy( iv + source_address->len, frame_counter->x, frame_counter->len );
+ TEST_ASSERT(source_address->len == 8);
+ TEST_ASSERT(frame_counter->len == 4);
+ memcpy(iv, source_address->x, source_address->len);
+ memcpy(iv + source_address->len, frame_counter->x, frame_counter->len);
iv[source_address->len + frame_counter->len] = sec_level;
- iv_len = sizeof( iv );
+ iv_len = sizeof(iv);
- TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id,
- key->x, key->len * 8 ) == 0 );
+ TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id,
+ key->x, key->len * 8) == 0);
- ret = mbedtls_ccm_star_encrypt_and_tag( &ctx, msg->len, iv, iv_len,
- add->x, add->len, msg->x,
- result, result + msg->len, tag_len );
+ ret = mbedtls_ccm_star_encrypt_and_tag(&ctx, msg->len, iv, iv_len,
+ add->x, add->len, msg->x,
+ result, result + msg->len, tag_len);
- TEST_ASSERT( ret == output_ret );
+ TEST_ASSERT(ret == output_ret);
- TEST_ASSERT( memcmp( result,
- expected_result->x, expected_result->len ) == 0 );
+ TEST_ASSERT(memcmp(result,
+ expected_result->x, expected_result->len) == 0);
/* Check we didn't write past the end */
- TEST_ASSERT( result[expected_result->len] == 0 &&
- result[expected_result->len + 1] == 0 );
+ TEST_ASSERT(result[expected_result->len] == 0 &&
+ result[expected_result->len + 1] == 0);
exit:
- mbedtls_ccm_free( &ctx );
+ mbedtls_ccm_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ccm_star_auth_decrypt( int cipher_id,
- data_t *key, data_t *msg,
- data_t *source_address, data_t *frame_counter,
- int sec_level, data_t *add,
- data_t *expected_result, int output_ret )
+void mbedtls_ccm_star_auth_decrypt(int cipher_id,
+ data_t *key, data_t *msg,
+ data_t *source_address, data_t *frame_counter,
+ int sec_level, data_t *add,
+ data_t *expected_result, int output_ret)
{
unsigned char iv[13];
unsigned char result[50];
@@ -254,46 +256,47 @@
size_t iv_len, tag_len;
int ret;
- mbedtls_ccm_init( &ctx );
+ mbedtls_ccm_init(&ctx);
- memset( iv, 0x00, sizeof( iv ) );
- memset( result, '+', sizeof( result ) );
+ memset(iv, 0x00, sizeof(iv));
+ memset(result, '+', sizeof(result));
- if( sec_level % 4 == 0)
+ if (sec_level % 4 == 0) {
tag_len = 0;
- else
- tag_len = 1 << ( sec_level % 4 + 1);
+ } else {
+ tag_len = 1 << (sec_level % 4 + 1);
+ }
- TEST_ASSERT( source_address->len == 8 );
- TEST_ASSERT( frame_counter->len == 4 );
- memcpy( iv, source_address->x, source_address->len );
- memcpy( iv + source_address->len, frame_counter->x, frame_counter->len );
+ TEST_ASSERT(source_address->len == 8);
+ TEST_ASSERT(frame_counter->len == 4);
+ memcpy(iv, source_address->x, source_address->len);
+ memcpy(iv + source_address->len, frame_counter->x, frame_counter->len);
iv[source_address->len + frame_counter->len] = sec_level;
- iv_len = sizeof( iv );
+ iv_len = sizeof(iv);
- TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 );
+ TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8) == 0);
- ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg->len - tag_len, iv, iv_len,
- add->x, add->len, msg->x, result,
- msg->x + msg->len - tag_len, tag_len );
+ ret = mbedtls_ccm_star_auth_decrypt(&ctx, msg->len - tag_len, iv, iv_len,
+ add->x, add->len, msg->x, result,
+ msg->x + msg->len - tag_len, tag_len);
- TEST_ASSERT( ret == output_ret );
+ TEST_ASSERT(ret == output_ret);
- TEST_ASSERT( memcmp( result, expected_result->x,
- expected_result->len ) == 0 );
+ TEST_ASSERT(memcmp(result, expected_result->x,
+ expected_result->len) == 0);
/* Check we didn't write past the end (where the original tag is) */
- TEST_ASSERT( ( msg->len + 2 ) <= sizeof( result ) );
- TEST_EQUAL( result[msg->len], '+' );
- TEST_EQUAL( result[msg->len + 1], '+' );
+ TEST_ASSERT((msg->len + 2) <= sizeof(result));
+ TEST_EQUAL(result[msg->len], '+');
+ TEST_EQUAL(result[msg->len + 1], '+');
exit:
- mbedtls_ccm_free( &ctx );
+ mbedtls_ccm_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void ccm_invalid_param( )
+void ccm_invalid_param()
{
struct mbedtls_ccm_context ctx;
unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
@@ -301,205 +304,205 @@
int valid_len = sizeof(valid_buffer);
int valid_bitlen = valid_len * 8;
- mbedtls_ccm_init( &ctx );
+ mbedtls_ccm_init(&ctx);
/* mbedtls_ccm_init() */
- TEST_INVALID_PARAM( mbedtls_ccm_init( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_ccm_init(NULL));
/* mbedtls_ccm_setkey() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) );
+ mbedtls_ccm_setkey(NULL, valid_cipher, valid_buffer, valid_bitlen));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) );
+ mbedtls_ccm_setkey(&ctx, valid_cipher, NULL, valid_bitlen));
/* mbedtls_ccm_encrypt_and_tag() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_encrypt_and_tag(NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_encrypt_and_tag(&ctx, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_encrypt_and_tag(&ctx, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_encrypt_and_tag(&ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_buffer,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_encrypt_and_tag(&ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, NULL,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- NULL, valid_len ) );
+ mbedtls_ccm_encrypt_and_tag(&ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ NULL, valid_len));
/* mbedtls_ccm_star_encrypt_and_tag() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len) );
+ mbedtls_ccm_star_encrypt_and_tag(NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_star_encrypt_and_tag(&ctx, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_star_encrypt_and_tag(&ctx, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_star_encrypt_and_tag(&ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_buffer,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_star_encrypt_and_tag(&ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, NULL,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- NULL, valid_len ) );
+ mbedtls_ccm_star_encrypt_and_tag(&ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ NULL, valid_len));
/* mbedtls_ccm_auth_decrypt() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_auth_decrypt(NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( &ctx, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_auth_decrypt(&ctx, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_auth_decrypt(&ctx, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_auth_decrypt(&ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_buffer,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_auth_decrypt(&ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, NULL,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- NULL, valid_len ) );
+ mbedtls_ccm_auth_decrypt(&ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ NULL, valid_len));
/* mbedtls_ccm_star_auth_decrypt() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_star_auth_decrypt(NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_star_auth_decrypt(&ctx, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_star_auth_decrypt(&ctx, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_star_auth_decrypt(&ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_buffer,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL,
- valid_buffer, valid_len ) );
+ mbedtls_ccm_star_auth_decrypt(&ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, NULL,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- NULL, valid_len ) );
+ mbedtls_ccm_star_auth_decrypt(&ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ NULL, valid_len));
exit:
- mbedtls_ccm_free( &ctx );
+ mbedtls_ccm_free(&ctx);
return;
}
/* END_CASE */
/* BEGIN_CASE */
-void ccm_valid_param( )
+void ccm_valid_param()
{
- TEST_VALID_PARAM( mbedtls_ccm_free( NULL ) );
+ TEST_VALID_PARAM(mbedtls_ccm_free(NULL));
exit:
return;
}
diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function
index 67c8de2..7f49561 100644
--- a/tests/suites/test_suite_chacha20.function
+++ b/tests/suites/test_suite_chacha20.function
@@ -8,43 +8,44 @@
*/
/* BEGIN_CASE */
-void chacha20_crypt( data_t *key_str,
- data_t *nonce_str,
- int counter,
- data_t *src_str,
- data_t *expected_output_str )
+void chacha20_crypt(data_t *key_str,
+ data_t *nonce_str,
+ int counter,
+ data_t *src_str,
+ data_t *expected_output_str)
{
unsigned char output[375];
mbedtls_chacha20_context ctx;
- memset( output, 0x00, sizeof( output ) );
+ memset(output, 0x00, sizeof(output));
- TEST_ASSERT( src_str->len == expected_output_str->len );
- TEST_ASSERT( key_str->len == 32U );
- TEST_ASSERT( nonce_str->len == 12U );
+ TEST_ASSERT(src_str->len == expected_output_str->len);
+ TEST_ASSERT(key_str->len == 32U);
+ TEST_ASSERT(nonce_str->len == 12U);
/*
* Test the integrated API
*/
- TEST_ASSERT( mbedtls_chacha20_crypt( key_str->x, nonce_str->x, counter, src_str->len, src_str->x, output ) == 0 );
+ TEST_ASSERT(mbedtls_chacha20_crypt(key_str->x, nonce_str->x, counter, src_str->len, src_str->x,
+ output) == 0);
- ASSERT_COMPARE( output, expected_output_str->len,
- expected_output_str->x, expected_output_str->len );
+ ASSERT_COMPARE(output, expected_output_str->len,
+ expected_output_str->x, expected_output_str->len);
/*
* Test the streaming API
*/
- mbedtls_chacha20_init( &ctx );
+ mbedtls_chacha20_init(&ctx);
- TEST_ASSERT( mbedtls_chacha20_setkey( &ctx, key_str->x ) == 0 );
+ TEST_ASSERT(mbedtls_chacha20_setkey(&ctx, key_str->x) == 0);
- TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str->x, counter ) == 0 );
+ TEST_ASSERT(mbedtls_chacha20_starts(&ctx, nonce_str->x, counter) == 0);
- memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_str->len, src_str->x, output ) == 0 );
+ memset(output, 0x00, sizeof(output));
+ TEST_ASSERT(mbedtls_chacha20_update(&ctx, src_str->len, src_str->x, output) == 0);
- ASSERT_COMPARE( output, expected_output_str->len,
- expected_output_str->x, expected_output_str->len );
+ ASSERT_COMPARE(output, expected_output_str->len,
+ expected_output_str->x, expected_output_str->len);
/*
* Test the streaming API again, piecewise
@@ -52,17 +53,17 @@
/* Don't free/init the context nor set the key again,
* in order to test that starts() does the right thing. */
- TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str->x, counter ) == 0 );
+ TEST_ASSERT(mbedtls_chacha20_starts(&ctx, nonce_str->x, counter) == 0);
- memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_chacha20_update( &ctx, 1, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_str->len - 1,
- src_str->x + 1, output + 1 ) == 0 );
+ memset(output, 0x00, sizeof(output));
+ TEST_ASSERT(mbedtls_chacha20_update(&ctx, 1, src_str->x, output) == 0);
+ TEST_ASSERT(mbedtls_chacha20_update(&ctx, src_str->len - 1,
+ src_str->x + 1, output + 1) == 0);
- ASSERT_COMPARE( output, expected_output_str->len,
- expected_output_str->x, expected_output_str->len );
+ ASSERT_COMPARE(output, expected_output_str->len,
+ expected_output_str->x, expected_output_str->len);
- mbedtls_chacha20_free( &ctx );
+ mbedtls_chacha20_free(&ctx);
}
/* END_CASE */
@@ -74,37 +75,37 @@
unsigned char src[1];
unsigned char dst[1];
uint32_t counter = 0;
- size_t len = sizeof( src );
+ size_t len = sizeof(src);
mbedtls_chacha20_context ctx;
- TEST_INVALID_PARAM( mbedtls_chacha20_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_chacha20_free( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_chacha20_init(NULL));
+ TEST_VALID_PARAM(mbedtls_chacha20_free(NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_setkey( NULL, key ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_setkey( &ctx, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_setkey(NULL, key));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_setkey(&ctx, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_starts( NULL, nonce, counter ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_starts( &ctx, NULL, counter ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_starts(NULL, nonce, counter));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_starts(&ctx, NULL, counter));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_update( NULL, 0, src, dst ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_update( &ctx, len, NULL, dst ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_update( &ctx, len, src, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_update(NULL, 0, src, dst));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_update(&ctx, len, NULL, dst));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_update(&ctx, len, src, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_crypt( NULL, nonce, counter, 0, src, dst ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_crypt( key, NULL, counter, 0, src, dst ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_crypt( key, nonce, counter, len, NULL, dst ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_crypt( key, nonce, counter, len, src, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_crypt(NULL, nonce, counter, 0, src, dst));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_crypt(key, NULL, counter, 0, src, dst));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_crypt(key, nonce, counter, len, NULL, dst));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_crypt(key, nonce, counter, len, src, NULL));
exit:
return;
@@ -115,6 +116,6 @@
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void chacha20_self_test()
{
- TEST_ASSERT( mbedtls_chacha20_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_chacha20_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function
index 96128e4..906e3f5 100644
--- a/tests/suites/test_suite_chachapoly.function
+++ b/tests/suites/test_suite_chachapoly.function
@@ -8,61 +8,71 @@
*/
/* BEGIN_CASE */
-void mbedtls_chachapoly_enc( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str )
+void mbedtls_chachapoly_enc(data_t *key_str,
+ data_t *nonce_str,
+ data_t *aad_str,
+ data_t *input_str,
+ data_t *output_str,
+ data_t *mac_str)
{
unsigned char output[265];
unsigned char mac[16]; /* size set by the standard */
mbedtls_chachapoly_context ctx;
- TEST_ASSERT( key_str->len == 32 );
- TEST_ASSERT( nonce_str->len == 12 );
- TEST_ASSERT( mac_str->len == 16 );
+ TEST_ASSERT(key_str->len == 32);
+ TEST_ASSERT(nonce_str->len == 12);
+ TEST_ASSERT(mac_str->len == 16);
- mbedtls_chachapoly_init( &ctx );
+ mbedtls_chachapoly_init(&ctx);
- TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 );
+ TEST_ASSERT(mbedtls_chachapoly_setkey(&ctx, key_str->x) == 0);
- TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
- input_str->len, nonce_str->x,
- aad_str->x, aad_str->len,
- input_str->x, output, mac ) == 0 );
+ TEST_ASSERT(mbedtls_chachapoly_encrypt_and_tag(&ctx,
+ input_str->len, nonce_str->x,
+ aad_str->x, aad_str->len,
+ input_str->x, output, mac) == 0);
- TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 );
- TEST_ASSERT( memcmp( mac_str->x, mac, 16U ) == 0 );
+ TEST_ASSERT(memcmp(output_str->x, output, output_str->len) == 0);
+ TEST_ASSERT(memcmp(mac_str->x, mac, 16U) == 0);
exit:
- mbedtls_chachapoly_free( &ctx );
+ mbedtls_chachapoly_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_chachapoly_dec( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str, int ret_exp )
+void mbedtls_chachapoly_dec(data_t *key_str,
+ data_t *nonce_str,
+ data_t *aad_str,
+ data_t *input_str,
+ data_t *output_str,
+ data_t *mac_str,
+ int ret_exp)
{
unsigned char output[265];
int ret;
mbedtls_chachapoly_context ctx;
- TEST_ASSERT( key_str->len == 32 );
- TEST_ASSERT( nonce_str->len == 12 );
- TEST_ASSERT( mac_str->len == 16 );
+ TEST_ASSERT(key_str->len == 32);
+ TEST_ASSERT(nonce_str->len == 12);
+ TEST_ASSERT(mac_str->len == 16);
- mbedtls_chachapoly_init( &ctx );
+ mbedtls_chachapoly_init(&ctx);
- TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 );
+ TEST_ASSERT(mbedtls_chachapoly_setkey(&ctx, key_str->x) == 0);
- ret = mbedtls_chachapoly_auth_decrypt( &ctx,
- input_str->len, nonce_str->x,
- aad_str->x, aad_str->len,
- mac_str->x, input_str->x, output );
+ ret = mbedtls_chachapoly_auth_decrypt(&ctx,
+ input_str->len, nonce_str->x,
+ aad_str->x, aad_str->len,
+ mac_str->x, input_str->x, output);
- TEST_ASSERT( ret == ret_exp );
- if( ret_exp == 0 )
- {
- TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 );
+ TEST_ASSERT(ret == ret_exp);
+ if (ret_exp == 0) {
+ TEST_ASSERT(memcmp(output_str->x, output, output_str->len) == 0);
}
exit:
- mbedtls_chachapoly_free( &ctx );
+ mbedtls_chachapoly_free(&ctx);
}
/* END_CASE */
@@ -75,122 +85,122 @@
unsigned char input[1];
unsigned char output[1];
unsigned char mac[16];
- size_t input_len = sizeof( input );
- size_t aad_len = sizeof( aad );
+ size_t input_len = sizeof(input);
+ size_t aad_len = sizeof(aad);
mbedtls_chachapoly_context ctx;
- memset( key, 0x00, sizeof( key ) );
- memset( nonce, 0x00, sizeof( nonce ) );
- memset( aad, 0x00, sizeof( aad ) );
- memset( input, 0x00, sizeof( input ) );
- memset( output, 0x00, sizeof( output ) );
- memset( mac, 0x00, sizeof( mac ) );
+ memset(key, 0x00, sizeof(key));
+ memset(nonce, 0x00, sizeof(nonce));
+ memset(aad, 0x00, sizeof(aad));
+ memset(input, 0x00, sizeof(input));
+ memset(output, 0x00, sizeof(output));
+ memset(mac, 0x00, sizeof(mac));
- TEST_INVALID_PARAM( mbedtls_chachapoly_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_chachapoly_free( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_chachapoly_init(NULL));
+ TEST_VALID_PARAM(mbedtls_chachapoly_free(NULL));
/* setkey */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_setkey( NULL, key ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_setkey( &ctx, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_setkey(NULL, key));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_setkey(&ctx, NULL));
/* encrypt_and_tag */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( NULL,
- 0, nonce,
- aad, 0,
- input, output, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( &ctx,
- 0, NULL,
- aad, 0,
- input, output, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( &ctx,
- 0, nonce,
- NULL, aad_len,
- input, output, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( &ctx,
- input_len, nonce,
- aad, 0,
- NULL, output, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( &ctx,
- input_len, nonce,
- aad, 0,
- input, NULL, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( &ctx,
- 0, nonce,
- aad, 0,
- input, output, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_encrypt_and_tag(NULL,
+ 0, nonce,
+ aad, 0,
+ input, output, mac));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_encrypt_and_tag(&ctx,
+ 0, NULL,
+ aad, 0,
+ input, output, mac));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_encrypt_and_tag(&ctx,
+ 0, nonce,
+ NULL, aad_len,
+ input, output, mac));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_encrypt_and_tag(&ctx,
+ input_len, nonce,
+ aad, 0,
+ NULL, output, mac));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_encrypt_and_tag(&ctx,
+ input_len, nonce,
+ aad, 0,
+ input, NULL, mac));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_encrypt_and_tag(&ctx,
+ 0, nonce,
+ aad, 0,
+ input, output, NULL));
/* auth_decrypt */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( NULL,
- 0, nonce,
- aad, 0,
- mac, input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( &ctx,
- 0, NULL,
- aad, 0,
- mac, input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( &ctx,
- 0, nonce,
- NULL, aad_len,
- mac, input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( &ctx,
- 0, nonce,
- aad, 0,
- NULL, input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( &ctx,
- input_len, nonce,
- aad, 0,
- mac, NULL, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( &ctx,
- input_len, nonce,
- aad, 0,
- mac, input, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_auth_decrypt(NULL,
+ 0, nonce,
+ aad, 0,
+ mac, input, output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_auth_decrypt(&ctx,
+ 0, NULL,
+ aad, 0,
+ mac, input, output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_auth_decrypt(&ctx,
+ 0, nonce,
+ NULL, aad_len,
+ mac, input, output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_auth_decrypt(&ctx,
+ 0, nonce,
+ aad, 0,
+ NULL, input, output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_auth_decrypt(&ctx,
+ input_len, nonce,
+ aad, 0,
+ mac, NULL, output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_auth_decrypt(&ctx,
+ input_len, nonce,
+ aad, 0,
+ mac, input, NULL));
/* starts */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_starts( NULL, nonce,
- MBEDTLS_CHACHAPOLY_ENCRYPT ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_starts( &ctx, NULL,
- MBEDTLS_CHACHAPOLY_ENCRYPT ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_starts(NULL, nonce,
+ MBEDTLS_CHACHAPOLY_ENCRYPT));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_starts(&ctx, NULL,
+ MBEDTLS_CHACHAPOLY_ENCRYPT));
/* update_aad */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_update_aad( NULL, aad,
- aad_len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_update_aad( &ctx, NULL,
- aad_len ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_update_aad(NULL, aad,
+ aad_len));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_update_aad(&ctx, NULL,
+ aad_len));
/* update */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_update( NULL, input_len,
- input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_update( &ctx, input_len,
- NULL, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_update( &ctx, input_len,
- input, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_update(NULL, input_len,
+ input, output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_update(&ctx, input_len,
+ NULL, output));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_update(&ctx, input_len,
+ input, NULL));
/* finish */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_finish( NULL, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_finish( &ctx, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_finish(NULL, mac));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_finish(&ctx, NULL));
exit:
return;
@@ -206,80 +216,80 @@
unsigned char input[1];
unsigned char output[1];
unsigned char mac[16];
- size_t input_len = sizeof( input );
- size_t aad_len = sizeof( aad );
+ size_t input_len = sizeof(input);
+ size_t aad_len = sizeof(aad);
mbedtls_chachapoly_context ctx;
- memset( key, 0x00, sizeof( key ) );
- memset( nonce, 0x00, sizeof( nonce ) );
- memset( aad, 0x00, sizeof( aad ) );
- memset( input, 0x00, sizeof( input ) );
- memset( output, 0x00, sizeof( output ) );
- memset( mac, 0x00, sizeof( mac ) );
+ memset(key, 0x00, sizeof(key));
+ memset(nonce, 0x00, sizeof(nonce));
+ memset(aad, 0x00, sizeof(aad));
+ memset(input, 0x00, sizeof(input));
+ memset(output, 0x00, sizeof(output));
+ memset(mac, 0x00, sizeof(mac));
/* Initial state: finish, update, update_aad forbidden */
- mbedtls_chachapoly_init( &ctx );
+ mbedtls_chachapoly_init(&ctx);
- TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
- == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
- TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
- == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
- TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
- == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+ TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac)
+ == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
+ TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output)
+ == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
+ TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len)
+ == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
/* Still initial state: finish, update, update_aad forbidden */
- TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key )
- == 0 );
+ TEST_ASSERT(mbedtls_chachapoly_setkey(&ctx, key)
+ == 0);
- TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
- == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
- TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
- == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
- TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
- == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+ TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac)
+ == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
+ TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output)
+ == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
+ TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len)
+ == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
/* Starts -> finish OK */
- TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
- == 0 );
- TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
- == 0 );
+ TEST_ASSERT(mbedtls_chachapoly_starts(&ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT)
+ == 0);
+ TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac)
+ == 0);
/* After finish: update, update_aad forbidden */
- TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
- == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
- TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
- == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+ TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output)
+ == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
+ TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len)
+ == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
/* Starts -> update* OK */
- TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
- == 0 );
- TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
- == 0 );
- TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
- == 0 );
+ TEST_ASSERT(mbedtls_chachapoly_starts(&ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT)
+ == 0);
+ TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output)
+ == 0);
+ TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output)
+ == 0);
/* After update: update_aad forbidden */
- TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
- == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+ TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len)
+ == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
/* Starts -> update_aad* -> finish OK */
- TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
- == 0 );
- TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
- == 0 );
- TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
- == 0 );
- TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
- == 0 );
+ TEST_ASSERT(mbedtls_chachapoly_starts(&ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT)
+ == 0);
+ TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len)
+ == 0);
+ TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len)
+ == 0);
+ TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac)
+ == 0);
exit:
- mbedtls_chachapoly_free( &ctx );
+ mbedtls_chachapoly_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void chachapoly_selftest()
{
- TEST_ASSERT( mbedtls_chachapoly_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_chachapoly_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 4fe54c0..ef9ff0a 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -20,35 +20,33 @@
* individual ciphers, and it doesn't work with the PSA wrappers. So don't do
* it, and instead start with a fresh context.
*/
-static int cipher_reset_key( mbedtls_cipher_context_t *ctx, int cipher_id,
- int use_psa, size_t tag_len, const data_t *key, int direction )
+static int cipher_reset_key(mbedtls_cipher_context_t *ctx, int cipher_id,
+ int use_psa, size_t tag_len, const data_t *key, int direction)
{
- mbedtls_cipher_free( ctx );
- mbedtls_cipher_init( ctx );
+ mbedtls_cipher_free(ctx);
+ mbedtls_cipher_init(ctx);
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
(void) use_psa;
(void) tag_len;
#else
- if( use_psa == 1 )
- {
- TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( ctx,
- mbedtls_cipher_info_from_type( cipher_id ),
- tag_len ) );
- }
- else
+ if (use_psa == 1) {
+ TEST_ASSERT(0 == mbedtls_cipher_setup_psa(ctx,
+ mbedtls_cipher_info_from_type(cipher_id),
+ tag_len));
+ } else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
- TEST_ASSERT( 0 == mbedtls_cipher_setup( ctx,
- mbedtls_cipher_info_from_type( cipher_id ) ) );
+ TEST_ASSERT(0 == mbedtls_cipher_setup(ctx,
+ mbedtls_cipher_info_from_type(cipher_id)));
}
- TEST_ASSERT( 0 == mbedtls_cipher_setkey( ctx, key->x, 8 * key->len,
- direction ) );
- return( 1 );
+ TEST_ASSERT(0 == mbedtls_cipher_setkey(ctx, key->x, 8 * key->len,
+ direction));
+ return 1;
exit:
- return( 0 );
+ return 0;
}
/*
@@ -56,11 +54,13 @@
* return 1 if it is,
* 0 if it isn't.
*/
-int buffer_is_all_zero( const uint8_t *buf, size_t size )
+int buffer_is_all_zero(const uint8_t *buf, size_t size)
{
- for( size_t i = 0; i < size; i++ )
- if( buf[i] != 0 )
+ for (size_t i = 0; i < size; i++) {
+ if (buf[i] != 0) {
return 0;
+ }
+ }
return 1;
}
#endif /* MBEDTLS_CIPHER_AUTH_CRYPT */
@@ -73,17 +73,18 @@
*/
/* BEGIN_CASE */
-void mbedtls_cipher_list( )
+void mbedtls_cipher_list()
{
const int *cipher_type;
- for( cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++ )
- TEST_ASSERT( mbedtls_cipher_info_from_type( *cipher_type ) != NULL );
+ for (cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++) {
+ TEST_ASSERT(mbedtls_cipher_info_from_type(*cipher_type) != NULL);
+ }
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_invalid_param_unconditional( )
+void cipher_invalid_param_unconditional()
{
mbedtls_cipher_context_t valid_ctx;
mbedtls_cipher_context_t invalid_ctx;
@@ -93,120 +94,120 @@
int valid_size = sizeof(valid_buffer);
int valid_bitlen = valid_size * 8;
const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
- *( mbedtls_cipher_list() ) );
+ *(mbedtls_cipher_list()));
size_t size_t_var;
- (void)valid_mode; /* In some configurations this is unused */
+ (void) valid_mode; /* In some configurations this is unused */
- mbedtls_cipher_init( &valid_ctx );
- mbedtls_cipher_init( &invalid_ctx );
+ mbedtls_cipher_init(&valid_ctx);
+ mbedtls_cipher_init(&invalid_ctx);
- TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, valid_info ) == 0 );
+ TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, valid_info) == 0);
/* mbedtls_cipher_setup() */
- TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, NULL ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, NULL) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
/* mbedtls_cipher_get_block_size() */
- TEST_ASSERT( mbedtls_cipher_get_block_size( &invalid_ctx ) == 0 );
+ TEST_ASSERT(mbedtls_cipher_get_block_size(&invalid_ctx) == 0);
/* mbedtls_cipher_get_cipher_mode() */
- TEST_ASSERT( mbedtls_cipher_get_cipher_mode( &invalid_ctx ) ==
- MBEDTLS_MODE_NONE );
+ TEST_ASSERT(mbedtls_cipher_get_cipher_mode(&invalid_ctx) ==
+ MBEDTLS_MODE_NONE);
/* mbedtls_cipher_get_iv_size() */
- TEST_ASSERT( mbedtls_cipher_get_iv_size( &invalid_ctx ) == 0 );
+ TEST_ASSERT(mbedtls_cipher_get_iv_size(&invalid_ctx) == 0);
/* mbedtls_cipher_get_type() */
TEST_ASSERT(
- mbedtls_cipher_get_type( &invalid_ctx ) ==
+ mbedtls_cipher_get_type(&invalid_ctx) ==
MBEDTLS_CIPHER_NONE);
/* mbedtls_cipher_get_name() */
- TEST_ASSERT( mbedtls_cipher_get_name( &invalid_ctx ) == 0 );
+ TEST_ASSERT(mbedtls_cipher_get_name(&invalid_ctx) == 0);
/* mbedtls_cipher_get_key_bitlen() */
- TEST_ASSERT( mbedtls_cipher_get_key_bitlen( &invalid_ctx ) ==
- MBEDTLS_KEY_LENGTH_NONE );
+ TEST_ASSERT(mbedtls_cipher_get_key_bitlen(&invalid_ctx) ==
+ MBEDTLS_KEY_LENGTH_NONE);
/* mbedtls_cipher_get_operation() */
- TEST_ASSERT( mbedtls_cipher_get_operation( &invalid_ctx ) ==
- MBEDTLS_OPERATION_NONE );
+ TEST_ASSERT(mbedtls_cipher_get_operation(&invalid_ctx) ==
+ MBEDTLS_OPERATION_NONE);
/* mbedtls_cipher_setkey() */
TEST_ASSERT(
- mbedtls_cipher_setkey( &invalid_ctx,
- valid_buffer,
- valid_bitlen,
- valid_operation ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ mbedtls_cipher_setkey(&invalid_ctx,
+ valid_buffer,
+ valid_bitlen,
+ valid_operation) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
/* mbedtls_cipher_set_iv() */
TEST_ASSERT(
- mbedtls_cipher_set_iv( &invalid_ctx,
- valid_buffer,
- valid_size ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ mbedtls_cipher_set_iv(&invalid_ctx,
+ valid_buffer,
+ valid_size) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
/* mbedtls_cipher_reset() */
- TEST_ASSERT( mbedtls_cipher_reset( &invalid_ctx ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_cipher_reset(&invalid_ctx) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/* mbedtls_cipher_update_ad() */
TEST_ASSERT(
- mbedtls_cipher_update_ad( &invalid_ctx,
- valid_buffer,
- valid_size ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ mbedtls_cipher_update_ad(&invalid_ctx,
+ valid_buffer,
+ valid_size) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/* mbedtls_cipher_set_padding_mode() */
- TEST_ASSERT( mbedtls_cipher_set_padding_mode( &invalid_ctx, valid_mode ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_cipher_set_padding_mode(&invalid_ctx, valid_mode) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
#endif
/* mbedtls_cipher_update() */
TEST_ASSERT(
- mbedtls_cipher_update( &invalid_ctx,
- valid_buffer,
- valid_size,
- valid_buffer,
- &size_t_var ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ mbedtls_cipher_update(&invalid_ctx,
+ valid_buffer,
+ valid_size,
+ valid_buffer,
+ &size_t_var) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
/* mbedtls_cipher_finish() */
TEST_ASSERT(
- mbedtls_cipher_finish( &invalid_ctx,
- valid_buffer,
- &size_t_var ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ mbedtls_cipher_finish(&invalid_ctx,
+ valid_buffer,
+ &size_t_var) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/* mbedtls_cipher_write_tag() */
TEST_ASSERT(
- mbedtls_cipher_write_tag( &invalid_ctx,
- valid_buffer,
- valid_size ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ mbedtls_cipher_write_tag(&invalid_ctx,
+ valid_buffer,
+ valid_size) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
/* mbedtls_cipher_check_tag() */
TEST_ASSERT(
- mbedtls_cipher_check_tag( &invalid_ctx,
- valid_buffer,
- valid_size ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ mbedtls_cipher_check_tag(&invalid_ctx,
+ valid_buffer,
+ valid_size) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
exit:
- mbedtls_cipher_free( &invalid_ctx );
- mbedtls_cipher_free( &valid_ctx );
+ mbedtls_cipher_free(&invalid_ctx);
+ mbedtls_cipher_free(&valid_ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void cipher_invalid_param_conditional( )
+void cipher_invalid_param_conditional()
{
mbedtls_cipher_context_t valid_ctx;
@@ -217,488 +218,488 @@
int valid_size = sizeof(valid_buffer);
int valid_bitlen = valid_size * 8;
const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
- *( mbedtls_cipher_list() ) );
+ *(mbedtls_cipher_list()));
size_t size_t_var;
- (void)valid_mode; /* In some configurations this is unused */
+ (void) valid_mode; /* In some configurations this is unused */
/* mbedtls_cipher_init() */
- TEST_VALID_PARAM( mbedtls_cipher_init( &valid_ctx ) );
- TEST_INVALID_PARAM( mbedtls_cipher_init( NULL ) );
+ TEST_VALID_PARAM(mbedtls_cipher_init(&valid_ctx));
+ TEST_INVALID_PARAM(mbedtls_cipher_init(NULL));
/* mbedtls_cipher_setup() */
- TEST_VALID_PARAM( mbedtls_cipher_setup( &valid_ctx, valid_info ) );
+ TEST_VALID_PARAM(mbedtls_cipher_setup(&valid_ctx, valid_info));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_setup( NULL, valid_info ) );
+ mbedtls_cipher_setup(NULL, valid_info));
/* mbedtls_cipher_get_block_size() */
- TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_block_size( NULL ) );
+ TEST_INVALID_PARAM_RET(0, mbedtls_cipher_get_block_size(NULL));
/* mbedtls_cipher_get_cipher_mode() */
TEST_INVALID_PARAM_RET(
MBEDTLS_MODE_NONE,
- mbedtls_cipher_get_cipher_mode( NULL ) );
+ mbedtls_cipher_get_cipher_mode(NULL));
/* mbedtls_cipher_get_iv_size() */
- TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_iv_size( NULL ) );
+ TEST_INVALID_PARAM_RET(0, mbedtls_cipher_get_iv_size(NULL));
/* mbedtls_cipher_get_type() */
TEST_INVALID_PARAM_RET(
MBEDTLS_CIPHER_NONE,
- mbedtls_cipher_get_type( NULL ) );
+ mbedtls_cipher_get_type(NULL));
/* mbedtls_cipher_get_name() */
- TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_name( NULL ) );
+ TEST_INVALID_PARAM_RET(0, mbedtls_cipher_get_name(NULL));
/* mbedtls_cipher_get_key_bitlen() */
TEST_INVALID_PARAM_RET(
MBEDTLS_KEY_LENGTH_NONE,
- mbedtls_cipher_get_key_bitlen( NULL ) );
+ mbedtls_cipher_get_key_bitlen(NULL));
/* mbedtls_cipher_get_operation() */
TEST_INVALID_PARAM_RET(
MBEDTLS_OPERATION_NONE,
- mbedtls_cipher_get_operation( NULL ) );
+ mbedtls_cipher_get_operation(NULL));
/* mbedtls_cipher_setkey() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_setkey( NULL,
- valid_buffer,
- valid_bitlen,
- valid_operation ) );
+ mbedtls_cipher_setkey(NULL,
+ valid_buffer,
+ valid_bitlen,
+ valid_operation));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_setkey( &valid_ctx,
- NULL,
- valid_bitlen,
- valid_operation ) );
+ mbedtls_cipher_setkey(&valid_ctx,
+ NULL,
+ valid_bitlen,
+ valid_operation));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_setkey( &valid_ctx,
- valid_buffer,
- valid_bitlen,
- invalid_operation ) );
+ mbedtls_cipher_setkey(&valid_ctx,
+ valid_buffer,
+ valid_bitlen,
+ invalid_operation));
/* mbedtls_cipher_set_iv() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_set_iv( NULL,
- valid_buffer,
- valid_size ) );
+ mbedtls_cipher_set_iv(NULL,
+ valid_buffer,
+ valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_set_iv( &valid_ctx,
- NULL,
- valid_size ) );
+ mbedtls_cipher_set_iv(&valid_ctx,
+ NULL,
+ valid_size));
/* mbedtls_cipher_reset() */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_reset( NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_reset(NULL));
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/* mbedtls_cipher_update_ad() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update_ad( NULL,
- valid_buffer,
- valid_size ) );
+ mbedtls_cipher_update_ad(NULL,
+ valid_buffer,
+ valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update_ad( &valid_ctx,
- NULL,
- valid_size ) );
+ mbedtls_cipher_update_ad(&valid_ctx,
+ NULL,
+ valid_size));
#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/* mbedtls_cipher_set_padding_mode() */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_set_padding_mode( NULL, valid_mode ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_set_padding_mode(NULL, valid_mode));
#endif
/* mbedtls_cipher_update() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update( NULL,
- valid_buffer,
- valid_size,
- valid_buffer,
- &size_t_var ) );
+ mbedtls_cipher_update(NULL,
+ valid_buffer,
+ valid_size,
+ valid_buffer,
+ &size_t_var));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update( &valid_ctx,
- NULL, valid_size,
- valid_buffer,
- &size_t_var ) );
+ mbedtls_cipher_update(&valid_ctx,
+ NULL, valid_size,
+ valid_buffer,
+ &size_t_var));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update( &valid_ctx,
- valid_buffer, valid_size,
- NULL,
- &size_t_var ) );
+ mbedtls_cipher_update(&valid_ctx,
+ valid_buffer, valid_size,
+ NULL,
+ &size_t_var));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer,
- NULL ) );
+ mbedtls_cipher_update(&valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer,
+ NULL));
/* mbedtls_cipher_finish() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_finish( NULL,
- valid_buffer,
- &size_t_var ) );
+ mbedtls_cipher_finish(NULL,
+ valid_buffer,
+ &size_t_var));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_finish( &valid_ctx,
- NULL,
- &size_t_var ) );
+ mbedtls_cipher_finish(&valid_ctx,
+ NULL,
+ &size_t_var));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_finish( &valid_ctx,
- valid_buffer,
- NULL ) );
+ mbedtls_cipher_finish(&valid_ctx,
+ valid_buffer,
+ NULL));
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/* mbedtls_cipher_write_tag() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_write_tag( NULL,
- valid_buffer,
- valid_size ) );
+ mbedtls_cipher_write_tag(NULL,
+ valid_buffer,
+ valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_write_tag( &valid_ctx,
- NULL,
- valid_size ) );
+ mbedtls_cipher_write_tag(&valid_ctx,
+ NULL,
+ valid_size));
/* mbedtls_cipher_check_tag() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_check_tag( NULL,
- valid_buffer,
- valid_size ) );
+ mbedtls_cipher_check_tag(NULL,
+ valid_buffer,
+ valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_check_tag( &valid_ctx,
- NULL,
- valid_size ) );
+ mbedtls_cipher_check_tag(&valid_ctx,
+ NULL,
+ valid_size));
#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
/* mbedtls_cipher_crypt() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_crypt( NULL,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var ) );
+ mbedtls_cipher_crypt(NULL,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_crypt( &valid_ctx,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var ) );
+ mbedtls_cipher_crypt(&valid_ctx,
+ NULL, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_crypt( &valid_ctx,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, &size_t_var ) );
+ mbedtls_cipher_crypt(&valid_ctx,
+ valid_buffer, valid_size,
+ NULL, valid_size,
+ valid_buffer, &size_t_var));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_crypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, &size_t_var ) );
+ mbedtls_cipher_crypt(&valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ NULL, &size_t_var));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_crypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, NULL ) );
+ mbedtls_cipher_crypt(&valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, NULL));
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
/* mbedtls_cipher_auth_encrypt() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt( NULL,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var,
- valid_buffer, valid_size ) );
+ mbedtls_cipher_auth_encrypt(NULL,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var,
+ valid_buffer, valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt( &valid_ctx,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var,
- valid_buffer, valid_size ) );
+ mbedtls_cipher_auth_encrypt(&valid_ctx,
+ NULL, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var,
+ valid_buffer, valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt( &valid_ctx,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var,
- valid_buffer, valid_size ) );
+ mbedtls_cipher_auth_encrypt(&valid_ctx,
+ valid_buffer, valid_size,
+ NULL, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var,
+ valid_buffer, valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, &size_t_var,
- valid_buffer, valid_size ) );
+ mbedtls_cipher_auth_encrypt(&valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ NULL, valid_size,
+ valid_buffer, &size_t_var,
+ valid_buffer, valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, &size_t_var,
- valid_buffer, valid_size ) );
+ mbedtls_cipher_auth_encrypt(&valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ NULL, &size_t_var,
+ valid_buffer, valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, NULL,
- valid_buffer, valid_size ) );
+ mbedtls_cipher_auth_encrypt(&valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, NULL,
+ valid_buffer, valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var,
- NULL, valid_size ) );
+ mbedtls_cipher_auth_encrypt(&valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var,
+ NULL, valid_size));
/* mbedtls_cipher_auth_decrypt() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt( NULL,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var,
- valid_buffer, valid_size ) );
+ mbedtls_cipher_auth_decrypt(NULL,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var,
+ valid_buffer, valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt( &valid_ctx,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var,
- valid_buffer, valid_size ) );
+ mbedtls_cipher_auth_decrypt(&valid_ctx,
+ NULL, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var,
+ valid_buffer, valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt( &valid_ctx,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var,
- valid_buffer, valid_size ) );
+ mbedtls_cipher_auth_decrypt(&valid_ctx,
+ valid_buffer, valid_size,
+ NULL, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var,
+ valid_buffer, valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, &size_t_var,
- valid_buffer, valid_size ) );
+ mbedtls_cipher_auth_decrypt(&valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ NULL, valid_size,
+ valid_buffer, &size_t_var,
+ valid_buffer, valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, &size_t_var,
- valid_buffer, valid_size ) );
+ mbedtls_cipher_auth_decrypt(&valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ NULL, &size_t_var,
+ valid_buffer, valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, NULL,
- valid_buffer, valid_size ) );
+ mbedtls_cipher_auth_decrypt(&valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, NULL,
+ valid_buffer, valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var,
- NULL, valid_size ) );
+ mbedtls_cipher_auth_decrypt(&valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var,
+ NULL, valid_size));
#endif /* defined(MBEDTLS_CIPHER_MODE_AEAD) */
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
/* mbedtls_cipher_auth_encrypt_ext */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( NULL,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
+ mbedtls_cipher_auth_encrypt_ext(NULL,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size, &size_t_var,
+ valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
+ mbedtls_cipher_auth_encrypt_ext(&valid_ctx,
+ NULL, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size, &size_t_var,
+ valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
+ mbedtls_cipher_auth_encrypt_ext(&valid_ctx,
+ valid_buffer, valid_size,
+ NULL, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size, &size_t_var,
+ valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
+ mbedtls_cipher_auth_encrypt_ext(&valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ NULL, valid_size,
+ valid_buffer, valid_size, &size_t_var,
+ valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, valid_size, &size_t_var,
- valid_size ) );
+ mbedtls_cipher_auth_encrypt_ext(&valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ NULL, valid_size, &size_t_var,
+ valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, NULL,
- valid_size ) );
+ mbedtls_cipher_auth_encrypt_ext(&valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size, NULL,
+ valid_size));
/* mbedtls_cipher_auth_decrypt_ext */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( NULL,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
+ mbedtls_cipher_auth_decrypt_ext(NULL,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size, &size_t_var,
+ valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
+ mbedtls_cipher_auth_decrypt_ext(&valid_ctx,
+ NULL, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size, &size_t_var,
+ valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
+ mbedtls_cipher_auth_decrypt_ext(&valid_ctx,
+ valid_buffer, valid_size,
+ NULL, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size, &size_t_var,
+ valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
+ mbedtls_cipher_auth_decrypt_ext(&valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ NULL, valid_size,
+ valid_buffer, valid_size, &size_t_var,
+ valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, valid_size, &size_t_var,
- valid_size ) );
+ mbedtls_cipher_auth_decrypt_ext(&valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ NULL, valid_size, &size_t_var,
+ valid_size));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, NULL,
- valid_size ) );
+ mbedtls_cipher_auth_decrypt_ext(&valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size, NULL,
+ valid_size));
#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */
/* mbedtls_cipher_free() */
- TEST_VALID_PARAM( mbedtls_cipher_free( NULL ) );
+ TEST_VALID_PARAM(mbedtls_cipher_free(NULL));
exit:
- TEST_VALID_PARAM( mbedtls_cipher_free( &valid_ctx ) );
+ TEST_VALID_PARAM(mbedtls_cipher_free(&valid_ctx));
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
-void cipher_special_behaviours( )
+void cipher_special_behaviours()
{
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t ctx;
unsigned char input[32];
unsigned char output[32];
-#if defined (MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
unsigned char iv[32];
#endif
size_t olen = 0;
- mbedtls_cipher_init( &ctx );
- memset( input, 0, sizeof( input ) );
- memset( output, 0, sizeof( output ) );
+ mbedtls_cipher_init(&ctx);
+ memset(input, 0, sizeof(input));
+ memset(output, 0, sizeof(output));
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- memset( iv, 0, sizeof( iv ) );
+ memset(iv, 0, sizeof(iv));
/* Check and get info structures */
- cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_CBC );
- TEST_ASSERT( NULL != cipher_info );
+ cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CBC);
+ TEST_ASSERT(NULL != cipher_info);
- TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) );
+ TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info));
/* IV too big */
- TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1 )
- == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1)
+ == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE);
/* IV too small */
- TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, 0 )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, 0)
+ == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
- mbedtls_cipher_free( &ctx );
- mbedtls_cipher_init( &ctx );
+ mbedtls_cipher_free(&ctx);
+ mbedtls_cipher_init(&ctx);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
- cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB );
- TEST_ASSERT( NULL != cipher_info );
+ cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB);
+ TEST_ASSERT(NULL != cipher_info);
- TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) );
+ TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info));
/* Update ECB with partial block */
- TEST_ASSERT( mbedtls_cipher_update( &ctx, input, 1, output, &olen )
- == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
+ TEST_ASSERT(mbedtls_cipher_update(&ctx, input, 1, output, &olen)
+ == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED);
exit:
- mbedtls_cipher_free( &ctx );
+ mbedtls_cipher_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void enc_dec_buf( int cipher_id, char * cipher_string, int key_len,
- int length_val, int pad_mode )
+void enc_dec_buf(int cipher_id, char *cipher_string, int key_len,
+ int length_val, int pad_mode)
{
size_t length = length_val, outlen, total_len, i, block_size, iv_len;
unsigned char key[64];
@@ -716,28 +717,27 @@
/*
* Prepare contexts
*/
- mbedtls_cipher_init( &ctx_dec );
- mbedtls_cipher_init( &ctx_enc );
+ mbedtls_cipher_init(&ctx_dec);
+ mbedtls_cipher_init(&ctx_enc);
- memset( key, 0x2a, sizeof( key ) );
+ memset(key, 0x2a, sizeof(key));
/* Check and get info structures */
- cipher_info = mbedtls_cipher_info_from_type( cipher_id );
- TEST_ASSERT( NULL != cipher_info );
- TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info );
+ cipher_info = mbedtls_cipher_info_from_type(cipher_id);
+ TEST_ASSERT(NULL != cipher_info);
+ TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info);
/* Initialise enc and dec contexts */
- TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
- TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) );
+ TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info));
+ TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info));
- TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, key_len, MBEDTLS_DECRYPT ) );
- TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_enc, key, key_len, MBEDTLS_ENCRYPT ) );
+ TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT));
+ TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT));
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
- if( -1 != pad_mode )
- {
- TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_dec, pad_mode ) );
- TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_enc, pad_mode ) );
+ if (-1 != pad_mode) {
+ TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode));
+ TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode));
}
#else
(void) pad_mode;
@@ -746,90 +746,90 @@
/*
* Do a few encode/decode cycles
*/
- for( i = 0; i < 3; i++ )
- {
- memset( iv , 0x00 + i, sizeof( iv ) );
- memset( ad, 0x10 + i, sizeof( ad ) );
- memset( inbuf, 0x20 + i, sizeof( inbuf ) );
+ for (i = 0; i < 3; i++) {
+ memset(iv, 0x00 + i, sizeof(iv));
+ memset(ad, 0x10 + i, sizeof(ad));
+ memset(inbuf, 0x20 + i, sizeof(inbuf));
- memset( encbuf, 0, sizeof( encbuf ) );
- memset( decbuf, 0, sizeof( decbuf ) );
- memset( tag, 0, sizeof( tag ) );
+ memset(encbuf, 0, sizeof(encbuf));
+ memset(decbuf, 0, sizeof(decbuf));
+ memset(tag, 0, sizeof(tag));
- if( cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ||
- cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
- iv_len = 12;
- else
- iv_len = sizeof(iv);
+ if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ||
+ cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) {
+ iv_len = 12;
+ } else {
+ iv_len = sizeof(iv);
+ }
- TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) );
- TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) );
+ TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len));
+ TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len));
- TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
- TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) );
+ TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec));
+ TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc));
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, ad, sizeof( ad ) - i ) );
- TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, ad, sizeof( ad ) - i ) );
+ TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx_dec, ad, sizeof(ad) - i));
+ TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx_enc, ad, sizeof(ad) - i));
#endif
- block_size = mbedtls_cipher_get_block_size( &ctx_enc );
- TEST_ASSERT( block_size != 0 );
+ block_size = mbedtls_cipher_get_block_size(&ctx_enc);
+ TEST_ASSERT(block_size != 0);
- /* encode length number of bytes from inbuf */
- TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf, length, encbuf, &outlen ) );
- total_len = outlen;
+ /* encode length number of bytes from inbuf */
+ TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, length, encbuf, &outlen));
+ total_len = outlen;
- TEST_ASSERT( total_len == length ||
- ( total_len % block_size == 0 &&
- total_len < length &&
- total_len + block_size > length ) );
+ TEST_ASSERT(total_len == length ||
+ (total_len % block_size == 0 &&
+ total_len < length &&
+ total_len + block_size > length));
- TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_enc, encbuf + outlen, &outlen ) );
- total_len += outlen;
+ TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + outlen, &outlen));
+ total_len += outlen;
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- TEST_ASSERT( 0 == mbedtls_cipher_write_tag( &ctx_enc, tag, sizeof( tag ) ) );
+ TEST_ASSERT(0 == mbedtls_cipher_write_tag(&ctx_enc, tag, sizeof(tag)));
#endif
- TEST_ASSERT( total_len == length ||
- ( total_len % block_size == 0 &&
- total_len > length &&
- total_len <= length + block_size ) );
+ TEST_ASSERT(total_len == length ||
+ (total_len % block_size == 0 &&
+ total_len > length &&
+ total_len <= length + block_size));
- /* decode the previously encoded string */
- TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, total_len, decbuf, &outlen ) );
- total_len = outlen;
+ /* decode the previously encoded string */
+ TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, total_len, decbuf, &outlen));
+ total_len = outlen;
- TEST_ASSERT( total_len == length ||
- ( total_len % block_size == 0 &&
- total_len < length &&
- total_len + block_size >= length ) );
+ TEST_ASSERT(total_len == length ||
+ (total_len % block_size == 0 &&
+ total_len < length &&
+ total_len + block_size >= length));
- TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + outlen, &outlen ) );
- total_len += outlen;
+ TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + outlen, &outlen));
+ total_len += outlen;
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- TEST_ASSERT( 0 == mbedtls_cipher_check_tag( &ctx_dec, tag, sizeof( tag ) ) );
+ TEST_ASSERT(0 == mbedtls_cipher_check_tag(&ctx_dec, tag, sizeof(tag)));
#endif
- /* check result */
- TEST_ASSERT( total_len == length );
- TEST_ASSERT( 0 == memcmp(inbuf, decbuf, length) );
+ /* check result */
+ TEST_ASSERT(total_len == length);
+ TEST_ASSERT(0 == memcmp(inbuf, decbuf, length));
}
/*
* Done
*/
exit:
- mbedtls_cipher_free( &ctx_dec );
- mbedtls_cipher_free( &ctx_enc );
+ mbedtls_cipher_free(&ctx_dec);
+ mbedtls_cipher_free(&ctx_enc);
}
/* END_CASE */
/* BEGIN_CASE */
-void enc_fail( int cipher_id, int pad_mode, int key_len, int length_val,
- int ret )
+void enc_fail(int cipher_id, int pad_mode, int key_len, int length_val,
+ int ret)
{
size_t length = length_val;
unsigned char key[32];
@@ -843,46 +843,46 @@
size_t outlen = 0;
- memset( key, 0, 32 );
- memset( iv , 0, 16 );
+ memset(key, 0, 32);
+ memset(iv, 0, 16);
- mbedtls_cipher_init( &ctx );
+ mbedtls_cipher_init(&ctx);
- memset( inbuf, 5, 64 );
- memset( encbuf, 0, 64 );
+ memset(inbuf, 5, 64);
+ memset(encbuf, 0, 64);
/* Check and get info structures */
- cipher_info = mbedtls_cipher_info_from_type( cipher_id );
- TEST_ASSERT( NULL != cipher_info );
+ cipher_info = mbedtls_cipher_info_from_type(cipher_id);
+ TEST_ASSERT(NULL != cipher_info);
/* Initialise context */
- TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) );
- TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, key_len, MBEDTLS_ENCRYPT ) );
+ TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info));
+ TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key, key_len, MBEDTLS_ENCRYPT));
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
- TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
+ TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode));
#else
(void) pad_mode;
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
- TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv, 16 ) );
- TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) );
+ TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv, 16));
+ TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx));
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, NULL, 0 ) );
+ TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx, NULL, 0));
#endif
/* encode length number of bytes from inbuf */
- TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, inbuf, length, encbuf, &outlen ) );
- TEST_ASSERT( ret == mbedtls_cipher_finish( &ctx, encbuf + outlen, &outlen ) );
+ TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, inbuf, length, encbuf, &outlen));
+ TEST_ASSERT(ret == mbedtls_cipher_finish(&ctx, encbuf + outlen, &outlen));
/* done */
exit:
- mbedtls_cipher_free( &ctx );
+ mbedtls_cipher_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void dec_empty_buf( int cipher,
- int expected_update_ret,
- int expected_finish_ret )
+void dec_empty_buf(int cipher,
+ int expected_update_ret,
+ int expected_finish_ret)
{
unsigned char key[32];
unsigned char iv[16];
@@ -896,47 +896,47 @@
size_t outlen = 0;
- memset( key, 0, 32 );
- memset( iv , 0, 16 );
+ memset(key, 0, 32);
+ memset(iv, 0, 16);
- mbedtls_cipher_init( &ctx_dec );
+ mbedtls_cipher_init(&ctx_dec);
- memset( encbuf, 0, 64 );
- memset( decbuf, 0, 64 );
+ memset(encbuf, 0, 64);
+ memset(decbuf, 0, 64);
/* Initialise context */
- cipher_info = mbedtls_cipher_info_from_type( cipher );
- TEST_ASSERT( NULL != cipher_info);
+ cipher_info = mbedtls_cipher_info_from_type(cipher);
+ TEST_ASSERT(NULL != cipher_info);
- if( cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ||
- cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
+ if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ||
+ cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) {
iv_len = 12;
+ }
- TEST_ASSERT( sizeof(key) * 8 >= cipher_info->key_bitlen );
+ TEST_ASSERT(sizeof(key) * 8 >= cipher_info->key_bitlen);
- TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
+ TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info));
- TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec,
- key, cipher_info->key_bitlen,
- MBEDTLS_DECRYPT ) );
+ TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec,
+ key, cipher_info->key_bitlen,
+ MBEDTLS_DECRYPT));
- TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) );
+ TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len));
- TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
+ TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec));
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) );
+ TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx_dec, NULL, 0));
#endif
/* decode 0-byte string */
- TEST_ASSERT( expected_update_ret ==
- mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
- TEST_ASSERT( 0 == outlen );
+ TEST_ASSERT(expected_update_ret ==
+ mbedtls_cipher_update(&ctx_dec, encbuf, 0, decbuf, &outlen));
+ TEST_ASSERT(0 == outlen);
- if ( expected_finish_ret == 0 &&
- ( cipher_info->mode == MBEDTLS_MODE_CBC ||
- cipher_info->mode == MBEDTLS_MODE_ECB ) )
- {
+ if (expected_finish_ret == 0 &&
+ (cipher_info->mode == MBEDTLS_MODE_CBC ||
+ cipher_info->mode == MBEDTLS_MODE_ECB)) {
/* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and
* return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when
* decrypting an empty buffer.
@@ -945,20 +945,20 @@
expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
}
- TEST_ASSERT( expected_finish_ret == mbedtls_cipher_finish(
- &ctx_dec, decbuf + outlen, &outlen ) );
- TEST_ASSERT( 0 == outlen );
+ TEST_ASSERT(expected_finish_ret == mbedtls_cipher_finish(
+ &ctx_dec, decbuf + outlen, &outlen));
+ TEST_ASSERT(0 == outlen);
exit:
- mbedtls_cipher_free( &ctx_dec );
+ mbedtls_cipher_free(&ctx_dec);
}
/* END_CASE */
/* BEGIN_CASE */
-void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val,
- int second_length_val, int pad_mode,
- int first_encrypt_output_len, int second_encrypt_output_len,
- int first_decrypt_output_len, int second_decrypt_output_len )
+void enc_dec_buf_multipart(int cipher_id, int key_len, int first_length_val,
+ int second_length_val, int pad_mode,
+ int first_encrypt_output_len, int second_encrypt_output_len,
+ int first_decrypt_output_len, int second_decrypt_output_len)
{
size_t first_length = first_length_val;
size_t second_length = second_length_val;
@@ -978,115 +978,121 @@
size_t outlen = 0;
size_t totaloutlen = 0;
- memset( key, 0, 32 );
- memset( iv , 0, 16 );
+ memset(key, 0, 32);
+ memset(iv, 0, 16);
- mbedtls_cipher_init( &ctx_dec );
- mbedtls_cipher_init( &ctx_enc );
+ mbedtls_cipher_init(&ctx_dec);
+ mbedtls_cipher_init(&ctx_enc);
- memset( inbuf, 5, 64 );
- memset( encbuf, 0, 64 );
- memset( decbuf, 0, 64 );
+ memset(inbuf, 5, 64);
+ memset(encbuf, 0, 64);
+ memset(decbuf, 0, 64);
/* Initialise enc and dec contexts */
- cipher_info = mbedtls_cipher_info_from_type( cipher_id );
- TEST_ASSERT( NULL != cipher_info);
+ cipher_info = mbedtls_cipher_info_from_type(cipher_id);
+ TEST_ASSERT(NULL != cipher_info);
- TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
- TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) );
+ TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info));
+ TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info));
- TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, key_len, MBEDTLS_DECRYPT ) );
- TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_enc, key, key_len, MBEDTLS_ENCRYPT ) );
+ TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT));
+ TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT));
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
- if( -1 != pad_mode )
- {
- TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_dec, pad_mode ) );
- TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_enc, pad_mode ) );
+ if (-1 != pad_mode) {
+ TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode));
+ TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode));
}
#else
(void) pad_mode;
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
- if( cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ||
- cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
+ if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ||
+ cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) {
iv_len = 12;
- else
+ } else {
iv_len = sizeof(iv);
+ }
- TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) );
- TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) );
+ TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len));
+ TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len));
- TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
- TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) );
+ TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec));
+ TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc));
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) );
- TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, NULL, 0 ) );
+ TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx_dec, NULL, 0));
+ TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx_enc, NULL, 0));
#endif
- block_size = mbedtls_cipher_get_block_size( &ctx_enc );
- TEST_ASSERT( block_size != 0 );
+ block_size = mbedtls_cipher_get_block_size(&ctx_enc);
+ TEST_ASSERT(block_size != 0);
/* encode length number of bytes from inbuf */
- TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf, first_length, encbuf, &outlen ) );
- TEST_ASSERT( (size_t)first_encrypt_output_len == outlen );
+ TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, first_length, encbuf, &outlen));
+ TEST_ASSERT((size_t) first_encrypt_output_len == outlen);
totaloutlen = outlen;
- TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf + first_length, second_length, encbuf + totaloutlen, &outlen ) );
- TEST_ASSERT( (size_t)second_encrypt_output_len == outlen );
+ TEST_ASSERT(0 ==
+ mbedtls_cipher_update(&ctx_enc, inbuf + first_length, second_length,
+ encbuf + totaloutlen,
+ &outlen));
+ TEST_ASSERT((size_t) second_encrypt_output_len == outlen);
totaloutlen += outlen;
- TEST_ASSERT( totaloutlen == length ||
- ( totaloutlen % block_size == 0 &&
- totaloutlen < length &&
- totaloutlen + block_size > length ) );
+ TEST_ASSERT(totaloutlen == length ||
+ (totaloutlen % block_size == 0 &&
+ totaloutlen < length &&
+ totaloutlen + block_size > length));
- TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_enc, encbuf + totaloutlen, &outlen ) );
+ TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + totaloutlen, &outlen));
totaloutlen += outlen;
- TEST_ASSERT( totaloutlen == length ||
- ( totaloutlen % block_size == 0 &&
- totaloutlen > length &&
- totaloutlen <= length + block_size ) );
+ TEST_ASSERT(totaloutlen == length ||
+ (totaloutlen % block_size == 0 &&
+ totaloutlen > length &&
+ totaloutlen <= length + block_size));
/* decode the previously encoded string */
second_length = totaloutlen - first_length;
- TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, first_length, decbuf, &outlen ) );
- TEST_ASSERT( (size_t)first_decrypt_output_len == outlen );
+ TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, first_length, decbuf, &outlen));
+ TEST_ASSERT((size_t) first_decrypt_output_len == outlen);
totaloutlen = outlen;
- TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf + first_length, second_length, decbuf + totaloutlen, &outlen ) );
- TEST_ASSERT( (size_t)second_decrypt_output_len == outlen );
+ TEST_ASSERT(0 ==
+ mbedtls_cipher_update(&ctx_dec, encbuf + first_length, second_length,
+ decbuf + totaloutlen,
+ &outlen));
+ TEST_ASSERT((size_t) second_decrypt_output_len == outlen);
totaloutlen += outlen;
- TEST_ASSERT( totaloutlen == length ||
- ( totaloutlen % block_size == 0 &&
- totaloutlen < length &&
- totaloutlen + block_size >= length ) );
+ TEST_ASSERT(totaloutlen == length ||
+ (totaloutlen % block_size == 0 &&
+ totaloutlen < length &&
+ totaloutlen + block_size >= length));
- TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + totaloutlen, &outlen ) );
+ TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + totaloutlen, &outlen));
totaloutlen += outlen;
- TEST_ASSERT( totaloutlen == length );
+ TEST_ASSERT(totaloutlen == length);
- TEST_ASSERT( 0 == memcmp(inbuf, decbuf, length) );
+ TEST_ASSERT(0 == memcmp(inbuf, decbuf, length));
exit:
- mbedtls_cipher_free( &ctx_dec );
- mbedtls_cipher_free( &ctx_enc );
+ mbedtls_cipher_free(&ctx_dec);
+ mbedtls_cipher_free(&ctx_enc);
}
/* END_CASE */
/* BEGIN_CASE */
-void decrypt_test_vec( int cipher_id, int pad_mode, data_t * key,
- data_t * iv, data_t * cipher,
- data_t * clear, data_t * ad, data_t * tag,
- int finish_result, int tag_result )
+void decrypt_test_vec(int cipher_id, int pad_mode, data_t *key,
+ data_t *iv, data_t *cipher,
+ data_t *clear, data_t *ad, data_t *tag,
+ int finish_result, int tag_result)
{
unsigned char output[265];
mbedtls_cipher_context_t ctx;
size_t outlen, total_len;
- mbedtls_cipher_init( &ctx );
+ mbedtls_cipher_init(&ctx);
- memset( output, 0x00, sizeof( output ) );
+ memset(output, 0x00, sizeof(output));
#if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C)
((void) ad);
@@ -1094,48 +1100,48 @@
#endif
/* Prepare context */
- TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
- mbedtls_cipher_info_from_type( cipher_id ) ) );
- TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT ) );
+ TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx,
+ mbedtls_cipher_info_from_type(cipher_id)));
+ TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT));
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
- if( pad_mode != -1 )
- TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
+ if (pad_mode != -1) {
+ TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode));
+ }
#else
(void) pad_mode;
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
- TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv->x, iv->len ) );
- TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) );
+ TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv->x, iv->len));
+ TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx));
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, ad->x, ad->len ) );
+ TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx, ad->x, ad->len));
#endif
/* decode buffer and check tag->x */
total_len = 0;
- TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, cipher->x, cipher->len, output, &outlen ) );
+ TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, cipher->x, cipher->len, output, &outlen));
total_len += outlen;
- TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen,
- &outlen ) );
+ TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen,
+ &outlen));
total_len += outlen;
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- TEST_ASSERT( tag_result == mbedtls_cipher_check_tag( &ctx, tag->x, tag->len ) );
+ TEST_ASSERT(tag_result == mbedtls_cipher_check_tag(&ctx, tag->x, tag->len));
#endif
/* check plaintext only if everything went fine */
- if( 0 == finish_result && 0 == tag_result )
- {
- TEST_ASSERT( total_len == clear->len );
- TEST_ASSERT( 0 == memcmp( output, clear->x, clear->len ) );
+ if (0 == finish_result && 0 == tag_result) {
+ TEST_ASSERT(total_len == clear->len);
+ TEST_ASSERT(0 == memcmp(output, clear->x, clear->len));
}
exit:
- mbedtls_cipher_free( &ctx );
+ mbedtls_cipher_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_AUTH_CRYPT */
-void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
- data_t * ad, data_t * cipher, data_t * tag,
- char * result, data_t * clear, int use_psa )
+void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv,
+ data_t *ad, data_t *cipher, data_t *tag,
+ char *result, data_t *clear, int use_psa)
{
/*
* Take an AEAD ciphertext + tag and perform a pair
@@ -1172,19 +1178,23 @@
/* Null pointers are documented as valid for inputs of length 0.
* The test framework passes non-null pointers, so set them to NULL.
* key, cipher and tag can't be empty. */
- if( iv->len == 0 )
+ if (iv->len == 0) {
iv->x = NULL;
- if( ad->len == 0 )
+ }
+ if (ad->len == 0) {
ad->x = NULL;
- if( clear->len == 0 )
+ }
+ if (clear->len == 0) {
clear->x = NULL;
+ }
- mbedtls_cipher_init( &ctx );
+ mbedtls_cipher_init(&ctx);
/* Initialize PSA Crypto */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( use_psa == 1 )
- PSA_ASSERT( psa_crypto_init( ) );
+ if (use_psa == 1) {
+ PSA_ASSERT(psa_crypto_init());
+ }
#else
(void) use_psa;
#endif
@@ -1209,125 +1219,121 @@
/*
* Prepare context for decryption
*/
- if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key,
- MBEDTLS_DECRYPT ) )
+ if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key,
+ MBEDTLS_DECRYPT)) {
goto exit;
+ }
/*
* prepare buffer for decryption
* (we need the tag appended to the ciphertext)
*/
cipher_plus_tag_len = cipher->len + tag->len;
- ASSERT_ALLOC( cipher_plus_tag, cipher_plus_tag_len );
- memcpy( cipher_plus_tag, cipher->x, cipher->len );
- memcpy( cipher_plus_tag + cipher->len, tag->x, tag->len );
+ ASSERT_ALLOC(cipher_plus_tag, cipher_plus_tag_len);
+ memcpy(cipher_plus_tag, cipher->x, cipher->len);
+ memcpy(cipher_plus_tag + cipher->len, tag->x, tag->len);
/*
* Compute length of output buffer according to the documentation
*/
- if( using_nist_kw )
+ if (using_nist_kw) {
decrypt_buf_len = cipher_plus_tag_len - 8;
- else
+ } else {
decrypt_buf_len = cipher_plus_tag_len - tag->len;
+ }
/*
* Try decrypting to a buffer that's 1B too small
*/
- if( decrypt_buf_len != 0 )
- {
- ASSERT_ALLOC( decrypt_buf, decrypt_buf_len - 1 );
+ if (decrypt_buf_len != 0) {
+ ASSERT_ALLOC(decrypt_buf, decrypt_buf_len - 1);
outlen = 0;
- ret = mbedtls_cipher_auth_decrypt_ext( &ctx, iv->x, iv->len,
- ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len,
- decrypt_buf, decrypt_buf_len - 1, &outlen, tag->len );
- TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len,
+ ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len,
+ decrypt_buf, decrypt_buf_len - 1, &outlen, tag->len);
+ TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
- mbedtls_free( decrypt_buf );
+ mbedtls_free(decrypt_buf);
decrypt_buf = NULL;
}
/*
* Authenticate and decrypt, and check result
*/
- ASSERT_ALLOC( decrypt_buf, decrypt_buf_len );
+ ASSERT_ALLOC(decrypt_buf, decrypt_buf_len);
outlen = 0;
- ret = mbedtls_cipher_auth_decrypt_ext( &ctx, iv->x, iv->len,
- ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len,
- decrypt_buf, decrypt_buf_len, &outlen, tag->len );
+ ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len,
+ ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len,
+ decrypt_buf, decrypt_buf_len, &outlen, tag->len);
- if( strcmp( result, "FAIL" ) == 0 )
- {
- TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED );
- TEST_ASSERT( buffer_is_all_zero( decrypt_buf, decrypt_buf_len ) );
- }
- else
- {
- TEST_ASSERT( ret == 0 );
- ASSERT_COMPARE( decrypt_buf, outlen, clear->x, clear->len );
+ if (strcmp(result, "FAIL") == 0) {
+ TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED);
+ TEST_ASSERT(buffer_is_all_zero(decrypt_buf, decrypt_buf_len));
+ } else {
+ TEST_ASSERT(ret == 0);
+ ASSERT_COMPARE(decrypt_buf, outlen, clear->x, clear->len);
}
/* Free this, but keep cipher_plus_tag for deprecated function with PSA */
- mbedtls_free( decrypt_buf );
+ mbedtls_free(decrypt_buf);
decrypt_buf = NULL;
/*
* Encrypt back if test data was authentic
*/
- if( strcmp( result, "FAIL" ) != 0 )
- {
+ if (strcmp(result, "FAIL") != 0) {
/* prepare context for encryption */
- if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key,
- MBEDTLS_ENCRYPT ) )
+ if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key,
+ MBEDTLS_ENCRYPT)) {
goto exit;
+ }
/*
* Compute size of output buffer according to documentation
*/
- if( using_nist_kw )
- {
+ if (using_nist_kw) {
encrypt_buf_len = clear->len + 8;
- if( using_nist_kw_padding && encrypt_buf_len % 8 != 0 )
+ if (using_nist_kw_padding && encrypt_buf_len % 8 != 0) {
encrypt_buf_len += 8 - encrypt_buf_len % 8;
- }
- else
- {
+ }
+ } else {
encrypt_buf_len = clear->len + tag->len;
}
/*
* Try encrypting with an output buffer that's 1B too small
*/
- ASSERT_ALLOC( encrypt_buf, encrypt_buf_len - 1 );
+ ASSERT_ALLOC(encrypt_buf, encrypt_buf_len - 1);
outlen = 0;
- ret = mbedtls_cipher_auth_encrypt_ext( &ctx, iv->x, iv->len,
- ad->x, ad->len, clear->x, clear->len,
- encrypt_buf, encrypt_buf_len - 1, &outlen, tag->len );
- TEST_ASSERT( ret != 0 );
+ ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len,
+ ad->x, ad->len, clear->x, clear->len,
+ encrypt_buf, encrypt_buf_len - 1, &outlen, tag->len);
+ TEST_ASSERT(ret != 0);
- mbedtls_free( encrypt_buf );
+ mbedtls_free(encrypt_buf);
encrypt_buf = NULL;
/*
* Encrypt and check the result
*/
- ASSERT_ALLOC( encrypt_buf, encrypt_buf_len );
+ ASSERT_ALLOC(encrypt_buf, encrypt_buf_len);
outlen = 0;
- ret = mbedtls_cipher_auth_encrypt_ext( &ctx, iv->x, iv->len,
- ad->x, ad->len, clear->x, clear->len,
- encrypt_buf, encrypt_buf_len, &outlen, tag->len );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len,
+ ad->x, ad->len, clear->x, clear->len,
+ encrypt_buf, encrypt_buf_len, &outlen, tag->len);
+ TEST_ASSERT(ret == 0);
- TEST_ASSERT( outlen == cipher->len + tag->len );
- TEST_ASSERT( memcmp( encrypt_buf, cipher->x, cipher->len ) == 0 );
- TEST_ASSERT( memcmp( encrypt_buf + cipher->len,
- tag->x, tag->len ) == 0 );
+ TEST_ASSERT(outlen == cipher->len + tag->len);
+ TEST_ASSERT(memcmp(encrypt_buf, cipher->x, cipher->len) == 0);
+ TEST_ASSERT(memcmp(encrypt_buf + cipher->len,
+ tag->x, tag->len) == 0);
- mbedtls_free( encrypt_buf );
+ mbedtls_free(encrypt_buf);
encrypt_buf = NULL;
}
@@ -1343,22 +1349,21 @@
/*
* Prepare context for decryption
*/
- if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key,
- MBEDTLS_DECRYPT ) )
+ if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key,
+ MBEDTLS_DECRYPT)) {
goto exit;
+ }
/*
* Prepare pointers for decryption
*/
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( use_psa == 1 )
- {
+ if (use_psa == 1) {
/* PSA requires that the tag immediately follows the ciphertext.
* Fortunately, we already have that from testing the new API. */
tmp_cipher = cipher_plus_tag;
tmp_tag = tmp_cipher + cipher->len;
- }
- else
+ } else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
tmp_cipher = cipher->x;
@@ -1369,58 +1374,51 @@
* Authenticate and decrypt, and check result
*/
- ASSERT_ALLOC( decrypt_buf, cipher->len );
+ ASSERT_ALLOC(decrypt_buf, cipher->len);
outlen = 0;
- ret = mbedtls_cipher_auth_decrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
- tmp_cipher, cipher->len, decrypt_buf, &outlen,
- tmp_tag, tag->len );
+ ret = mbedtls_cipher_auth_decrypt(&ctx, iv->x, iv->len, ad->x, ad->len,
+ tmp_cipher, cipher->len, decrypt_buf, &outlen,
+ tmp_tag, tag->len);
- if( using_nist_kw )
- {
+ if (using_nist_kw) {
/* NIST_KW with legacy API */
- TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
- }
- else if( strcmp( result, "FAIL" ) == 0 )
- {
+ TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE);
+ } else if (strcmp(result, "FAIL") == 0) {
/* unauthentic message */
- TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED );
- TEST_ASSERT( buffer_is_all_zero( decrypt_buf, cipher->len ) );
- }
- else
- {
+ TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED);
+ TEST_ASSERT(buffer_is_all_zero(decrypt_buf, cipher->len));
+ } else {
/* authentic message: is the plaintext correct? */
- TEST_ASSERT( ret == 0 );
- ASSERT_COMPARE( decrypt_buf, outlen, clear->x, clear->len );
+ TEST_ASSERT(ret == 0);
+ ASSERT_COMPARE(decrypt_buf, outlen, clear->x, clear->len);
}
- mbedtls_free( decrypt_buf );
+ mbedtls_free(decrypt_buf);
decrypt_buf = NULL;
- mbedtls_free( cipher_plus_tag );
+ mbedtls_free(cipher_plus_tag);
cipher_plus_tag = NULL;
/*
* Encrypt back if test data was authentic
*/
- if( strcmp( result, "FAIL" ) != 0 )
- {
+ if (strcmp(result, "FAIL") != 0) {
/* prepare context for encryption */
- if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key,
- MBEDTLS_ENCRYPT ) )
+ if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key,
+ MBEDTLS_ENCRYPT)) {
goto exit;
+ }
/* prepare buffers for encryption */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( use_psa )
- {
- ASSERT_ALLOC( cipher_plus_tag, cipher->len + tag->len );
+ if (use_psa) {
+ ASSERT_ALLOC(cipher_plus_tag, cipher->len + tag->len);
tmp_cipher = cipher_plus_tag;
tmp_tag = cipher_plus_tag + cipher->len;
- }
- else
+ } else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
- ASSERT_ALLOC( encrypt_buf, cipher->len );
- ASSERT_ALLOC( tag_buf, tag->len );
+ ASSERT_ALLOC(encrypt_buf, cipher->len);
+ ASSERT_ALLOC(tag_buf, tag->len);
tmp_cipher = encrypt_buf;
tmp_tag = tag_buf;
}
@@ -1429,22 +1427,20 @@
* Encrypt and check the result
*/
outlen = 0;
- ret = mbedtls_cipher_auth_encrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
- clear->x, clear->len, tmp_cipher, &outlen,
- tmp_tag, tag->len );
+ ret = mbedtls_cipher_auth_encrypt(&ctx, iv->x, iv->len, ad->x, ad->len,
+ clear->x, clear->len, tmp_cipher, &outlen,
+ tmp_tag, tag->len);
- if( using_nist_kw )
- {
- TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
- }
- else
- {
- TEST_ASSERT( ret == 0 );
+ if (using_nist_kw) {
+ TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE);
+ } else {
+ TEST_ASSERT(ret == 0);
- TEST_ASSERT( outlen == cipher->len );
- if( cipher->len != 0 )
- TEST_ASSERT( memcmp( tmp_cipher, cipher->x, cipher->len ) == 0 );
- TEST_ASSERT( memcmp( tmp_tag, tag->x, tag->len ) == 0 );
+ TEST_ASSERT(outlen == cipher->len);
+ if (cipher->len != 0) {
+ TEST_ASSERT(memcmp(tmp_cipher, cipher->x, cipher->len) == 0);
+ }
+ TEST_ASSERT(memcmp(tmp_tag, tag->x, tag->len) == 0);
}
}
@@ -1452,158 +1448,161 @@
exit:
- mbedtls_cipher_free( &ctx );
- mbedtls_free( decrypt_buf );
- mbedtls_free( encrypt_buf );
- mbedtls_free( cipher_plus_tag );
+ mbedtls_cipher_free(&ctx);
+ mbedtls_free(decrypt_buf);
+ mbedtls_free(encrypt_buf);
+ mbedtls_free(cipher_plus_tag);
#if !defined(MBEDTLS_DEPRECATED_WARNING) && \
!defined(MBEDTLS_DEPRECATED_REMOVED)
- mbedtls_free( tag_buf );
+ mbedtls_free(tag_buf);
#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( use_psa == 1 )
- PSA_DONE( );
+ if (use_psa == 1) {
+ PSA_DONE();
+ }
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
/* END_CASE */
/* BEGIN_CASE */
-void test_vec_ecb( int cipher_id, int operation, data_t * key,
- data_t * input, data_t * result, int finish_result
- )
+void test_vec_ecb(int cipher_id, int operation, data_t *key,
+ data_t *input, data_t *result, int finish_result
+ )
{
mbedtls_cipher_context_t ctx;
unsigned char output[32];
size_t outlen;
- mbedtls_cipher_init( &ctx );
+ mbedtls_cipher_init(&ctx);
- memset( output, 0x00, sizeof( output ) );
+ memset(output, 0x00, sizeof(output));
/* Prepare context */
- TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
- mbedtls_cipher_info_from_type( cipher_id ) ) );
+ TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx,
+ mbedtls_cipher_info_from_type(cipher_id)));
- TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, operation ) );
+ TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation));
- TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, input->x,
- mbedtls_cipher_get_block_size( &ctx ),
- output, &outlen ) );
- TEST_ASSERT( outlen == mbedtls_cipher_get_block_size( &ctx ) );
- TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen,
- &outlen ) );
- TEST_ASSERT( 0 == outlen );
+ TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, input->x,
+ mbedtls_cipher_get_block_size(&ctx),
+ output, &outlen));
+ TEST_ASSERT(outlen == mbedtls_cipher_get_block_size(&ctx));
+ TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen,
+ &outlen));
+ TEST_ASSERT(0 == outlen);
/* check plaintext only if everything went fine */
- if( 0 == finish_result )
- TEST_ASSERT( 0 == memcmp( output, result->x,
- mbedtls_cipher_get_block_size( &ctx ) ) );
+ if (0 == finish_result) {
+ TEST_ASSERT(0 == memcmp(output, result->x,
+ mbedtls_cipher_get_block_size(&ctx)));
+ }
exit:
- mbedtls_cipher_free( &ctx );
+ mbedtls_cipher_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */
-void test_vec_crypt( int cipher_id, int operation, data_t *key,
- data_t *iv, data_t *input, data_t *result,
- int finish_result, int use_psa )
+void test_vec_crypt(int cipher_id, int operation, data_t *key,
+ data_t *iv, data_t *input, data_t *result,
+ int finish_result, int use_psa)
{
mbedtls_cipher_context_t ctx;
unsigned char output[32];
size_t outlen;
- mbedtls_cipher_init( &ctx );
+ mbedtls_cipher_init(&ctx);
- memset( output, 0x00, sizeof( output ) );
+ memset(output, 0x00, sizeof(output));
/* Prepare context */
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
(void) use_psa;
#else
- if( use_psa == 1 )
- {
- PSA_ASSERT( psa_crypto_init( ) );
- TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx,
- mbedtls_cipher_info_from_type( cipher_id ), 0 ) );
- }
- else
+ if (use_psa == 1) {
+ PSA_ASSERT(psa_crypto_init());
+ TEST_ASSERT(0 == mbedtls_cipher_setup_psa(&ctx,
+ mbedtls_cipher_info_from_type(cipher_id), 0));
+ } else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
- mbedtls_cipher_info_from_type( cipher_id ) ) );
+ TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx,
+ mbedtls_cipher_info_from_type(cipher_id)));
- TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, operation ) );
- if( MBEDTLS_MODE_CBC == ctx.cipher_info->mode )
- TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, MBEDTLS_PADDING_NONE ) );
+ TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation));
+ if (MBEDTLS_MODE_CBC == ctx.cipher_info->mode) {
+ TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE));
+ }
- TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv->len ? iv->x : NULL,
- iv->len, input->x, input->len,
- output, &outlen ) );
- TEST_ASSERT( result->len == outlen );
+ TEST_ASSERT(finish_result == mbedtls_cipher_crypt(&ctx, iv->len ? iv->x : NULL,
+ iv->len, input->x, input->len,
+ output, &outlen));
+ TEST_ASSERT(result->len == outlen);
/* check plaintext only if everything went fine */
- if( 0 == finish_result )
- TEST_ASSERT( 0 == memcmp( output, result->x, outlen ) );
+ if (0 == finish_result) {
+ TEST_ASSERT(0 == memcmp(output, result->x, outlen));
+ }
exit:
- mbedtls_cipher_free( &ctx );
+ mbedtls_cipher_free(&ctx);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- PSA_DONE( );
+ PSA_DONE();
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */
-void set_padding( int cipher_id, int pad_mode, int ret )
+void set_padding(int cipher_id, int pad_mode, int ret)
{
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t ctx;
- mbedtls_cipher_init( &ctx );
+ mbedtls_cipher_init(&ctx);
- cipher_info = mbedtls_cipher_info_from_type( cipher_id );
- TEST_ASSERT( NULL != cipher_info );
- TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) );
+ cipher_info = mbedtls_cipher_info_from_type(cipher_id);
+ TEST_ASSERT(NULL != cipher_info);
+ TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info));
- TEST_ASSERT( ret == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
+ TEST_ASSERT(ret == mbedtls_cipher_set_padding_mode(&ctx, pad_mode));
exit:
- mbedtls_cipher_free( &ctx );
+ mbedtls_cipher_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void check_padding( int pad_mode, data_t * input, int ret, int dlen_check
- )
+void check_padding(int pad_mode, data_t *input, int ret, int dlen_check
+ )
{
mbedtls_cipher_info_t cipher_info;
mbedtls_cipher_context_t ctx;
size_t dlen;
/* build a fake context just for getting access to get_padding */
- mbedtls_cipher_init( &ctx );
+ mbedtls_cipher_init(&ctx);
cipher_info.mode = MBEDTLS_MODE_CBC;
ctx.cipher_info = &cipher_info;
- TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
+ TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode));
- TEST_ASSERT( ret == ctx.get_padding( input->x, input->len, &dlen ) );
- if( 0 == ret )
- TEST_ASSERT( dlen == (size_t) dlen_check );
+ TEST_ASSERT(ret == ctx.get_padding(input->x, input->len, &dlen));
+ if (0 == ret) {
+ TEST_ASSERT(dlen == (size_t) dlen_check);
+ }
}
/* END_CASE */
/* BEGIN_CASE */
-void iv_len_validity( int cipher_id, char * cipher_string,
- int iv_len_val, int ret )
+void iv_len_validity(int cipher_id, char *cipher_string,
+ int iv_len_val, int ret)
{
size_t iv_len = iv_len_val;
unsigned char iv[16];
/* Initialise iv buffer */
- memset( iv, 0, sizeof( iv ) );
+ memset(iv, 0, sizeof(iv));
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t ctx_dec;
@@ -1612,23 +1611,23 @@
/*
* Prepare contexts
*/
- mbedtls_cipher_init( &ctx_dec );
- mbedtls_cipher_init( &ctx_enc );
+ mbedtls_cipher_init(&ctx_dec);
+ mbedtls_cipher_init(&ctx_enc);
/* Check and get info structures */
- cipher_info = mbedtls_cipher_info_from_type( cipher_id );
- TEST_ASSERT( NULL != cipher_info );
- TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info );
+ cipher_info = mbedtls_cipher_info_from_type(cipher_id);
+ TEST_ASSERT(NULL != cipher_info);
+ TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info);
/* Initialise enc and dec contexts */
- TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
- TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) );
+ TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info));
+ TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info));
- TEST_ASSERT( ret == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) );
- TEST_ASSERT( ret == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) );
+ TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len));
+ TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len));
exit:
- mbedtls_cipher_free( &ctx_dec );
- mbedtls_cipher_free( &ctx_enc );
+ mbedtls_cipher_free(&ctx_dec);
+ mbedtls_cipher_free(&ctx_enc);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function
index c3d7da4..9624e8f 100644
--- a/tests/suites/test_suite_cmac.function
+++ b/tests/suites/test_suite_cmac.function
@@ -9,14 +9,14 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void mbedtls_cmac_self_test( )
+void mbedtls_cmac_self_test()
{
- TEST_ASSERT( mbedtls_cmac_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_cmac_self_test(1) == 0);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_cmac_null_args( )
+void mbedtls_cmac_null_args()
{
mbedtls_cipher_context_t ctx;
const mbedtls_cipher_info_t *cipher_info;
@@ -24,108 +24,108 @@
unsigned char test_data[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char test_output[MBEDTLS_CIPHER_BLKSIZE_MAX];
- mbedtls_cipher_init( &ctx );
+ mbedtls_cipher_init(&ctx);
/* Test NULL cipher info */
- TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, test_data, 16 ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx, test_data, 16) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
- cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB );
- TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 );
+ cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB);
+ TEST_ASSERT(mbedtls_cipher_setup(&ctx, cipher_info) == 0);
- TEST_ASSERT( mbedtls_cipher_cmac_starts( NULL, test_key, 128 ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_cipher_cmac_starts(NULL, test_key, 128) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx, NULL, 128 ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_cipher_cmac_starts(&ctx, NULL, 128) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_cipher_cmac_update( NULL, test_data, 16 ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_cipher_cmac_update(NULL, test_data, 16) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, NULL, 16 ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx, NULL, 16) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_cipher_cmac_finish( NULL, test_output ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_cipher_cmac_finish(NULL, test_output) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, NULL ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_cipher_cmac_finish(&ctx, NULL) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_cipher_cmac_reset( NULL ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_cipher_cmac_reset(NULL) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_cipher_cmac( NULL,
- test_key, 128,
- test_data, 16,
- test_output ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_cipher_cmac(NULL,
+ test_key, 128,
+ test_data, 16,
+ test_output) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_cipher_cmac( cipher_info,
- NULL, 128,
- test_data, 16,
- test_output ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_cipher_cmac(cipher_info,
+ NULL, 128,
+ test_data, 16,
+ test_output) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_cipher_cmac( cipher_info,
- test_key, 128,
- NULL, 16,
- test_output ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_cipher_cmac(cipher_info,
+ test_key, 128,
+ NULL, 16,
+ test_output) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_cipher_cmac( cipher_info,
- test_key, 128,
- test_data, 16,
- NULL ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_cipher_cmac(cipher_info,
+ test_key, 128,
+ test_data, 16,
+ NULL) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
#if defined(MBEDTLS_AES_C)
- TEST_ASSERT( mbedtls_aes_cmac_prf_128( NULL, 16,
- test_data, 16,
- test_output ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_aes_cmac_prf_128(NULL, 16,
+ test_data, 16,
+ test_output) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_aes_cmac_prf_128( test_key, 16,
- NULL, 16,
- test_output ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_aes_cmac_prf_128(test_key, 16,
+ NULL, 16,
+ test_output) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_aes_cmac_prf_128( test_key, 16,
- test_data, 16,
- NULL ) ==
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_aes_cmac_prf_128(test_key, 16,
+ test_data, 16,
+ NULL) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
#endif
exit:
- mbedtls_cipher_free( &ctx );
+ mbedtls_cipher_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_cmac_setkey( int cipher_type, int key_size, int result )
+void mbedtls_cmac_setkey(int cipher_type, int key_size, int result)
{
const mbedtls_cipher_info_t *cipher_info;
unsigned char key[32];
unsigned char buf[16];
unsigned char tmp[16];
- memset( key, 0x2A, sizeof( key ) );
- TEST_ASSERT( (unsigned) key_size <= 8 * sizeof( key ) );
+ memset(key, 0x2A, sizeof(key));
+ TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key));
- TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) )
- != NULL );
+ TEST_ASSERT((cipher_info = mbedtls_cipher_info_from_type(cipher_type))
+ != NULL);
- memset( buf, 0x2A, sizeof( buf ) );
- TEST_ASSERT( ( result == mbedtls_cipher_cmac( cipher_info, key, key_size,
- buf, 16, tmp ) ) != 0 );
+ memset(buf, 0x2A, sizeof(buf));
+ TEST_ASSERT((result == mbedtls_cipher_cmac(cipher_info, key, key_size,
+ buf, 16, tmp)) != 0);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_cmac_multiple_blocks( int cipher_type, data_t * key,
- int keybits, int block_size,
- data_t * block1, int block1_len,
- data_t * block2, int block2_len,
- data_t * block3, int block3_len,
- data_t * block4, int block4_len,
- data_t * expected_result )
+void mbedtls_cmac_multiple_blocks(int cipher_type, data_t *key,
+ int keybits, int block_size,
+ data_t *block1, int block1_len,
+ data_t *block2, int block2_len,
+ data_t *block3, int block3_len,
+ data_t *block4, int block4_len,
+ data_t *expected_result)
{
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t ctx;
@@ -133,74 +133,78 @@
/* Convert the test parameters to binary data */
- mbedtls_cipher_init( &ctx );
+ mbedtls_cipher_init(&ctx);
/* Validate the test inputs */
- TEST_ASSERT( block1_len <= 100 );
- TEST_ASSERT( block2_len <= 100 );
- TEST_ASSERT( block3_len <= 100 );
- TEST_ASSERT( block4_len <= 100 );
+ TEST_ASSERT(block1_len <= 100);
+ TEST_ASSERT(block2_len <= 100);
+ TEST_ASSERT(block3_len <= 100);
+ TEST_ASSERT(block4_len <= 100);
/* Set up */
- TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) )
- != NULL );
+ TEST_ASSERT((cipher_info = mbedtls_cipher_info_from_type(cipher_type))
+ != NULL);
- TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 );
+ TEST_ASSERT(mbedtls_cipher_setup(&ctx, cipher_info) == 0);
- TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx,
- (const unsigned char*)key->x,
- keybits ) == 0 );
+ TEST_ASSERT(mbedtls_cipher_cmac_starts(&ctx,
+ (const unsigned char *) key->x,
+ keybits) == 0);
/* Multiple partial and complete blocks. A negative length means skip the
* update operation */
- if( block1_len >= 0)
- TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block1->x,
- block1_len ) == 0);
+ if (block1_len >= 0) {
+ TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
+ (unsigned char *) block1->x,
+ block1_len) == 0);
+ }
- if( block2_len >= 0 )
- TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block2->x,
- block2_len ) == 0);
+ if (block2_len >= 0) {
+ TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
+ (unsigned char *) block2->x,
+ block2_len) == 0);
+ }
- if( block3_len >= 0 )
- TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block3->x,
- block3_len ) == 0);
+ if (block3_len >= 0) {
+ TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
+ (unsigned char *) block3->x,
+ block3_len) == 0);
+ }
- if( block4_len >= 0 )
- TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block4->x,
- block4_len ) == 0);
+ if (block4_len >= 0) {
+ TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
+ (unsigned char *) block4->x,
+ block4_len) == 0);
+ }
- TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, output ) == 0 );
+ TEST_ASSERT(mbedtls_cipher_cmac_finish(&ctx, output) == 0);
- TEST_ASSERT( memcmp( output, expected_result->x, block_size ) == 0 );
+ TEST_ASSERT(memcmp(output, expected_result->x, block_size) == 0);
exit:
- mbedtls_cipher_free( &ctx );
+ mbedtls_cipher_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_cmac_multiple_operations_same_key( int cipher_type,
- data_t * key, int keybits,
- int block_size,
- data_t * block_a1,
- int block_a1_len,
- data_t * block_a2,
- int block_a2_len,
- data_t * block_a3,
- int block_a3_len,
- data_t * expected_result_a,
- data_t * block_b1,
- int block_b1_len,
- data_t * block_b2,
- int block_b2_len,
- data_t * block_b3,
- int block_b3_len,
- data_t * expected_result_b
- )
+void mbedtls_cmac_multiple_operations_same_key(int cipher_type,
+ data_t *key, int keybits,
+ int block_size,
+ data_t *block_a1,
+ int block_a1_len,
+ data_t *block_a2,
+ int block_a2_len,
+ data_t *block_a3,
+ int block_a3_len,
+ data_t *expected_result_a,
+ data_t *block_b1,
+ int block_b1_len,
+ data_t *block_b2,
+ int block_b2_len,
+ data_t *block_b3,
+ int block_b3_len,
+ data_t *expected_result_b
+ )
{
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t ctx;
@@ -210,77 +214,82 @@
- mbedtls_cipher_init( &ctx );
+ mbedtls_cipher_init(&ctx);
/* Validate the test inputs */
- TEST_ASSERT( block_a1_len <= 100 );
- TEST_ASSERT( block_a2_len <= 100 );
- TEST_ASSERT( block_a3_len <= 100 );
+ TEST_ASSERT(block_a1_len <= 100);
+ TEST_ASSERT(block_a2_len <= 100);
+ TEST_ASSERT(block_a3_len <= 100);
- TEST_ASSERT( block_b1_len <= 100 );
- TEST_ASSERT( block_b2_len <= 100 );
- TEST_ASSERT( block_b3_len <= 100 );
+ TEST_ASSERT(block_b1_len <= 100);
+ TEST_ASSERT(block_b2_len <= 100);
+ TEST_ASSERT(block_b3_len <= 100);
/* Set up */
- TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) )
- != NULL );
+ TEST_ASSERT((cipher_info = mbedtls_cipher_info_from_type(cipher_type))
+ != NULL);
- TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 );
+ TEST_ASSERT(mbedtls_cipher_setup(&ctx, cipher_info) == 0);
- TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx,
- (const unsigned char*)key->x,
- keybits ) == 0 );
+ TEST_ASSERT(mbedtls_cipher_cmac_starts(&ctx,
+ (const unsigned char *) key->x,
+ keybits) == 0);
/* Sequence A */
/* Multiple partial and complete blocks. A negative length means skip the
* update operation */
- if( block_a1_len >= 0 )
- TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block_a1->x,
- block_a1_len ) == 0);
+ if (block_a1_len >= 0) {
+ TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
+ (unsigned char *) block_a1->x,
+ block_a1_len) == 0);
+ }
- if( block_a2_len >= 0 )
- TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block_a2->x,
- block_a2_len ) == 0);
+ if (block_a2_len >= 0) {
+ TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
+ (unsigned char *) block_a2->x,
+ block_a2_len) == 0);
+ }
- if( block_a3_len >= 0 )
- TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block_a3->x,
- block_a3_len ) == 0);
+ if (block_a3_len >= 0) {
+ TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
+ (unsigned char *) block_a3->x,
+ block_a3_len) == 0);
+ }
- TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, output ) == 0 );
+ TEST_ASSERT(mbedtls_cipher_cmac_finish(&ctx, output) == 0);
- TEST_ASSERT( memcmp( output, expected_result_a->x, block_size ) == 0 );
+ TEST_ASSERT(memcmp(output, expected_result_a->x, block_size) == 0);
- TEST_ASSERT( mbedtls_cipher_cmac_reset( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_cipher_cmac_reset(&ctx) == 0);
/* Sequence B */
/* Multiple partial and complete blocks. A negative length means skip the
* update operation */
- if( block_b1_len >= 0)
- TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block_b1->x,
- block_b1_len ) == 0);
+ if (block_b1_len >= 0) {
+ TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
+ (unsigned char *) block_b1->x,
+ block_b1_len) == 0);
+ }
- if( block_b2_len >= 0 )
- TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block_b2->x,
- block_b2_len ) == 0);
+ if (block_b2_len >= 0) {
+ TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
+ (unsigned char *) block_b2->x,
+ block_b2_len) == 0);
+ }
- if( block_b3_len >= 0 )
- TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block_b3->x,
- block_b3_len ) == 0);
+ if (block_b3_len >= 0) {
+ TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
+ (unsigned char *) block_b3->x,
+ block_b3_len) == 0);
+ }
- TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, output ) == 0 );
+ TEST_ASSERT(mbedtls_cipher_cmac_finish(&ctx, output) == 0);
- TEST_ASSERT( memcmp( output, expected_result_b->x, block_size ) == 0 );
+ TEST_ASSERT(memcmp(output, expected_result_b->x, block_size) == 0);
exit:
- mbedtls_cipher_free( &ctx );
+ mbedtls_cipher_free(&ctx);
}
/* END_CASE */
-
diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function
index a3673b7..a40149a 100644
--- a/tests/suites/test_suite_constant_time.function
+++ b/tests/suites/test_suite_constant_time.function
@@ -16,34 +16,33 @@
/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
-void ssl_cf_memcpy_offset( int offset_min, int offset_max, int len )
+void ssl_cf_memcpy_offset(int offset_min, int offset_max, int len)
{
unsigned char *dst = NULL;
unsigned char *src = NULL;
size_t src_len = offset_max + len;
size_t secret;
- ASSERT_ALLOC( dst, len );
- ASSERT_ALLOC( src, src_len );
+ ASSERT_ALLOC(dst, len);
+ ASSERT_ALLOC(src, src_len);
/* Fill src in a way that we can detect if we copied the right bytes */
- mbedtls_test_rnd_std_rand( NULL, src, src_len );
+ mbedtls_test_rnd_std_rand(NULL, src, src_len);
- for( secret = offset_min; secret <= (size_t) offset_max; secret++ )
- {
- mbedtls_test_set_step( (int) secret );
+ for (secret = offset_min; secret <= (size_t) offset_max; secret++) {
+ mbedtls_test_set_step((int) secret);
- TEST_CF_SECRET( &secret, sizeof( secret ) );
- mbedtls_ct_memcpy_offset( dst, src, secret,
- offset_min, offset_max, len );
- TEST_CF_PUBLIC( &secret, sizeof( secret ) );
- TEST_CF_PUBLIC( dst, len );
+ TEST_CF_SECRET(&secret, sizeof(secret));
+ mbedtls_ct_memcpy_offset(dst, src, secret,
+ offset_min, offset_max, len);
+ TEST_CF_PUBLIC(&secret, sizeof(secret));
+ TEST_CF_PUBLIC(dst, len);
- ASSERT_COMPARE( dst, len, src + secret, len );
+ ASSERT_COMPARE(dst, len, src + secret, len);
}
exit:
- mbedtls_free( dst );
- mbedtls_free( src );
+ mbedtls_free(dst);
+ mbedtls_free(src);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function
index c19cde9..57d5a4e 100644
--- a/tests/suites/test_suite_constant_time_hmac.function
+++ b/tests/suites/test_suite_constant_time_hmac.function
@@ -8,7 +8,7 @@
/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
-void ssl_cf_hmac( int hash )
+void ssl_cf_hmac(int hash)
{
/*
* Test the function mbedtls_ct_hmac() against a reference
@@ -25,78 +25,77 @@
unsigned char *out = NULL;
unsigned char rec_num = 0;
- mbedtls_md_init( &ctx );
- mbedtls_md_init( &ref_ctx );
+ mbedtls_md_init(&ctx);
+ mbedtls_md_init(&ref_ctx);
- md_info = mbedtls_md_info_from_type( hash );
- TEST_ASSERT( md_info != NULL );
- out_len = mbedtls_md_get_size( md_info );
- TEST_ASSERT( out_len != 0 );
+ md_info = mbedtls_md_info_from_type(hash);
+ TEST_ASSERT(md_info != NULL);
+ out_len = mbedtls_md_get_size(md_info);
+ TEST_ASSERT(out_len != 0);
block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64;
/* Use allocated out buffer to catch overwrites */
- ASSERT_ALLOC( out, out_len );
+ ASSERT_ALLOC(out, out_len);
/* Set up contexts with the given hash and a dummy key */
- TEST_EQUAL( 0, mbedtls_md_setup( &ctx, md_info, 1 ) );
- TEST_EQUAL( 0, mbedtls_md_setup( &ref_ctx, md_info, 1 ) );
- memset( ref_out, 42, sizeof( ref_out ) );
- TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ctx, ref_out, out_len ) );
- TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ref_ctx, ref_out, out_len ) );
- memset( ref_out, 0, sizeof( ref_out ) );
+ TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 1));
+ TEST_EQUAL(0, mbedtls_md_setup(&ref_ctx, md_info, 1));
+ memset(ref_out, 42, sizeof(ref_out));
+ TEST_EQUAL(0, mbedtls_md_hmac_starts(&ctx, ref_out, out_len));
+ TEST_EQUAL(0, mbedtls_md_hmac_starts(&ref_ctx, ref_out, out_len));
+ memset(ref_out, 0, sizeof(ref_out));
/*
* Test all possible lengths up to a point. The difference between
* max_in_len and min_in_len is at most 255, and make sure they both vary
* by at least one block size.
*/
- for( max_in_len = 0; max_in_len <= 255 + block_size; max_in_len++ )
- {
- mbedtls_test_set_step( max_in_len * 10000 );
+ for (max_in_len = 0; max_in_len <= 255 + block_size; max_in_len++) {
+ mbedtls_test_set_step(max_in_len * 10000);
/* Use allocated in buffer to catch overreads */
- ASSERT_ALLOC( data, max_in_len );
+ ASSERT_ALLOC(data, max_in_len);
min_in_len = max_in_len > 255 ? max_in_len - 255 : 0;
- for( in_len = min_in_len; in_len <= max_in_len; in_len++ )
- {
- mbedtls_test_set_step( max_in_len * 10000 + in_len );
+ for (in_len = min_in_len; in_len <= max_in_len; in_len++) {
+ mbedtls_test_set_step(max_in_len * 10000 + in_len);
/* Set up dummy data and add_data */
rec_num++;
- memset( add_data, rec_num, sizeof( add_data ) );
- for( i = 0; i < in_len; i++ )
- data[i] = ( i & 0xff ) ^ rec_num;
+ memset(add_data, rec_num, sizeof(add_data));
+ for (i = 0; i < in_len; i++) {
+ data[i] = (i & 0xff) ^ rec_num;
+ }
/* Get the function's result */
- TEST_CF_SECRET( &in_len, sizeof( in_len ) );
- TEST_EQUAL( 0, mbedtls_ct_hmac( &ctx, add_data, sizeof( add_data ),
- data, in_len,
- min_in_len, max_in_len,
- out ) );
- TEST_CF_PUBLIC( &in_len, sizeof( in_len ) );
- TEST_CF_PUBLIC( out, out_len );
+ TEST_CF_SECRET(&in_len, sizeof(in_len));
+ TEST_EQUAL(0, mbedtls_ct_hmac(&ctx, add_data, sizeof(add_data),
+ data, in_len,
+ min_in_len, max_in_len,
+ out));
+ TEST_CF_PUBLIC(&in_len, sizeof(in_len));
+ TEST_CF_PUBLIC(out, out_len);
/* Compute the reference result */
- TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, add_data,
- sizeof( add_data ) ) );
- TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, data, in_len ) );
- TEST_EQUAL( 0, mbedtls_md_hmac_finish( &ref_ctx, ref_out ) );
- TEST_EQUAL( 0, mbedtls_md_hmac_reset( &ref_ctx ) );
+ TEST_EQUAL(0, mbedtls_md_hmac_update(&ref_ctx, add_data,
+ sizeof(add_data)));
+ TEST_EQUAL(0, mbedtls_md_hmac_update(&ref_ctx, data, in_len));
+ TEST_EQUAL(0, mbedtls_md_hmac_finish(&ref_ctx, ref_out));
+ TEST_EQUAL(0, mbedtls_md_hmac_reset(&ref_ctx));
/* Compare */
- ASSERT_COMPARE( out, out_len, ref_out, out_len );
+ ASSERT_COMPARE(out, out_len, ref_out, out_len);
}
- mbedtls_free( data );
+ mbedtls_free(data);
data = NULL;
}
exit:
- mbedtls_md_free( &ref_ctx );
- mbedtls_md_free( &ctx );
+ mbedtls_md_free(&ref_ctx);
+ mbedtls_md_free(&ctx);
- mbedtls_free( data );
- mbedtls_free( out );
+ mbedtls_free(data);
+ mbedtls_free(out);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index c3ffe3b..29753ff 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -4,8 +4,7 @@
#include "string.h"
/* Modes for ctr_drbg_validate */
-enum reseed_mode
-{
+enum reseed_mode {
RESEED_NEVER, /* never reseed */
RESEED_FIRST, /* instantiate, reseed, generate, generate */
RESEED_SECOND, /* instantiate, generate, reseed, generate */
@@ -14,83 +13,83 @@
static size_t test_offset_idx = 0;
static size_t test_max_idx = 0;
-static int mbedtls_test_entropy_func( void *data, unsigned char *buf, size_t len )
+static int mbedtls_test_entropy_func(void *data, unsigned char *buf, size_t len)
{
const unsigned char *p = (unsigned char *) data;
- if( test_offset_idx + len > test_max_idx )
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
- memcpy( buf, p + test_offset_idx, len );
+ if (test_offset_idx + len > test_max_idx) {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ }
+ memcpy(buf, p + test_offset_idx, len);
test_offset_idx += len;
- return( 0 );
+ return 0;
}
-static void ctr_drbg_validate_internal( int reseed_mode, data_t * nonce,
- int entropy_len_arg, data_t * entropy,
- data_t * reseed,
- data_t * add1, data_t * add2,
- data_t * result )
+static void ctr_drbg_validate_internal(int reseed_mode, data_t *nonce,
+ int entropy_len_arg, data_t *entropy,
+ data_t *reseed,
+ data_t *add1, data_t *add2,
+ data_t *result)
{
mbedtls_ctr_drbg_context ctx;
unsigned char buf[64];
size_t entropy_chunk_len = (size_t) entropy_len_arg;
- TEST_ASSERT( entropy_chunk_len <= sizeof( buf ) );
+ TEST_ASSERT(entropy_chunk_len <= sizeof(buf));
test_offset_idx = 0;
- mbedtls_ctr_drbg_init( &ctx );
+ mbedtls_ctr_drbg_init(&ctx);
test_max_idx = entropy->len;
/* CTR_DRBG_Instantiate(entropy[:entropy->len], nonce, perso, <ignored>)
* where nonce||perso = nonce[nonce->len] */
- mbedtls_ctr_drbg_set_entropy_len( &ctx, entropy_chunk_len );
- mbedtls_ctr_drbg_set_nonce_len( &ctx, 0 );
- TEST_ASSERT( mbedtls_ctr_drbg_seed(
- &ctx,
- mbedtls_test_entropy_func, entropy->x,
- nonce->x, nonce->len ) == 0 );
- if( reseed_mode == RESEED_ALWAYS )
+ mbedtls_ctr_drbg_set_entropy_len(&ctx, entropy_chunk_len);
+ mbedtls_ctr_drbg_set_nonce_len(&ctx, 0);
+ TEST_ASSERT(mbedtls_ctr_drbg_seed(
+ &ctx,
+ mbedtls_test_entropy_func, entropy->x,
+ nonce->x, nonce->len) == 0);
+ if (reseed_mode == RESEED_ALWAYS) {
mbedtls_ctr_drbg_set_prediction_resistance(
&ctx,
- MBEDTLS_CTR_DRBG_PR_ON );
+ MBEDTLS_CTR_DRBG_PR_ON);
+ }
- if( reseed_mode == RESEED_FIRST )
- {
+ if (reseed_mode == RESEED_FIRST) {
/* CTR_DRBG_Reseed(entropy[idx:idx+entropy->len],
* reseed[:reseed->len]) */
- TEST_ASSERT( mbedtls_ctr_drbg_reseed(
- &ctx,
- reseed->x, reseed->len ) == 0 );
+ TEST_ASSERT(mbedtls_ctr_drbg_reseed(
+ &ctx,
+ reseed->x, reseed->len) == 0);
}
/* CTR_DRBG_Generate(result->len * 8 bits, add1[:add1->len]) -> buf */
/* Then reseed if prediction resistance is enabled. */
- TEST_ASSERT( mbedtls_ctr_drbg_random_with_add(
- &ctx,
- buf, result->len,
- add1->x, add1->len ) == 0 );
+ TEST_ASSERT(mbedtls_ctr_drbg_random_with_add(
+ &ctx,
+ buf, result->len,
+ add1->x, add1->len) == 0);
- if( reseed_mode == RESEED_SECOND )
- {
+ if (reseed_mode == RESEED_SECOND) {
/* CTR_DRBG_Reseed(entropy[idx:idx+entropy->len],
* reseed[:reseed->len]) */
- TEST_ASSERT( mbedtls_ctr_drbg_reseed(
- &ctx,
- reseed->x, reseed->len ) == 0 );
+ TEST_ASSERT(mbedtls_ctr_drbg_reseed(
+ &ctx,
+ reseed->x, reseed->len) == 0);
}
/* CTR_DRBG_Generate(result->len * 8 bits, add2->x[:add2->len]) -> buf */
/* Then reseed if prediction resistance is enabled. */
- TEST_ASSERT( mbedtls_ctr_drbg_random_with_add(
- &ctx,
- buf, result->len,
- add2->x, add2->len ) == 0 );
- TEST_ASSERT( memcmp( buf, result->x, result->len ) == 0 );
+ TEST_ASSERT(mbedtls_ctr_drbg_random_with_add(
+ &ctx,
+ buf, result->len,
+ add2->x, add2->len) == 0);
+ TEST_ASSERT(memcmp(buf, result->x, result->len) == 0);
exit:
- mbedtls_ctr_drbg_free( &ctx );
+ mbedtls_ctr_drbg_free(&ctx);
}
/* END_HEADER */
@@ -101,127 +100,127 @@
*/
/* BEGIN_CASE */
-void ctr_drbg_special_behaviours( )
+void ctr_drbg_special_behaviours()
{
mbedtls_ctr_drbg_context ctx;
unsigned char output[512];
unsigned char additional[512];
- mbedtls_ctr_drbg_init( &ctx );
- memset( output, 0, sizeof( output ) );
- memset( additional, 0, sizeof( additional ) );
+ mbedtls_ctr_drbg_init(&ctx);
+ memset(output, 0, sizeof(output));
+ memset(additional, 0, sizeof(additional));
- TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx,
- output, MBEDTLS_CTR_DRBG_MAX_REQUEST + 1,
- additional, 16 ) ==
- MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG );
- TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx,
- output, 16,
- additional, MBEDTLS_CTR_DRBG_MAX_INPUT + 1 ) ==
- MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+ TEST_ASSERT(mbedtls_ctr_drbg_random_with_add(&ctx,
+ output, MBEDTLS_CTR_DRBG_MAX_REQUEST + 1,
+ additional, 16) ==
+ MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG);
+ TEST_ASSERT(mbedtls_ctr_drbg_random_with_add(&ctx,
+ output, 16,
+ additional, MBEDTLS_CTR_DRBG_MAX_INPUT + 1) ==
+ MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG);
- TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional,
- MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + 1 ) ==
- MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+ TEST_ASSERT(mbedtls_ctr_drbg_reseed(&ctx, additional,
+ MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + 1) ==
+ MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG);
- mbedtls_ctr_drbg_set_entropy_len( &ctx, ~0 );
- TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional,
- MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) ==
- MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+ mbedtls_ctr_drbg_set_entropy_len(&ctx, ~0);
+ TEST_ASSERT(mbedtls_ctr_drbg_reseed(&ctx, additional,
+ MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) ==
+ MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG);
exit:
- mbedtls_ctr_drbg_free( &ctx );
+ mbedtls_ctr_drbg_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void ctr_drbg_validate_no_reseed( data_t * add_init, data_t * entropy,
- data_t * add1, data_t * add2,
- data_t * result_string )
+void ctr_drbg_validate_no_reseed(data_t *add_init, data_t *entropy,
+ data_t *add1, data_t *add2,
+ data_t *result_string)
{
data_t empty = { 0, 0 };
- ctr_drbg_validate_internal( RESEED_NEVER, add_init,
- entropy->len, entropy,
- &empty, add1, add2,
- result_string );
+ ctr_drbg_validate_internal(RESEED_NEVER, add_init,
+ entropy->len, entropy,
+ &empty, add1, add2,
+ result_string);
goto exit; // goto is needed to avoid warning ( no test assertions in func)
}
/* END_CASE */
/* BEGIN_CASE */
-void ctr_drbg_validate_pr( data_t * add_init, data_t * entropy,
- data_t * add1, data_t * add2,
- data_t * result_string )
+void ctr_drbg_validate_pr(data_t *add_init, data_t *entropy,
+ data_t *add1, data_t *add2,
+ data_t *result_string)
{
data_t empty = { 0, 0 };
- ctr_drbg_validate_internal( RESEED_ALWAYS, add_init,
- entropy->len / 3, entropy,
- &empty, add1, add2,
- result_string );
+ ctr_drbg_validate_internal(RESEED_ALWAYS, add_init,
+ entropy->len / 3, entropy,
+ &empty, add1, add2,
+ result_string);
goto exit; // goto is needed to avoid warning ( no test assertions in func)
}
/* END_CASE */
/* BEGIN_CASE */
-void ctr_drbg_validate_reseed_between( data_t * add_init, data_t * entropy,
- data_t * add1, data_t * add_reseed,
- data_t * add2, data_t * result_string )
+void ctr_drbg_validate_reseed_between(data_t *add_init, data_t *entropy,
+ data_t *add1, data_t *add_reseed,
+ data_t *add2, data_t *result_string)
{
- ctr_drbg_validate_internal( RESEED_SECOND, add_init,
- entropy->len / 2, entropy,
- add_reseed, add1, add2,
- result_string );
+ ctr_drbg_validate_internal(RESEED_SECOND, add_init,
+ entropy->len / 2, entropy,
+ add_reseed, add1, add2,
+ result_string);
goto exit; // goto is needed to avoid warning ( no test assertions in func)
}
/* END_CASE */
/* BEGIN_CASE */
-void ctr_drbg_validate_reseed_first( data_t * add_init, data_t * entropy,
- data_t * add1, data_t * add_reseed,
- data_t * add2, data_t * result_string )
+void ctr_drbg_validate_reseed_first(data_t *add_init, data_t *entropy,
+ data_t *add1, data_t *add_reseed,
+ data_t *add2, data_t *result_string)
{
- ctr_drbg_validate_internal( RESEED_FIRST, add_init,
- entropy->len / 2, entropy,
- add_reseed, add1, add2,
- result_string );
+ ctr_drbg_validate_internal(RESEED_FIRST, add_init,
+ entropy->len / 2, entropy,
+ add_reseed, add1, add2,
+ result_string);
goto exit; // goto is needed to avoid warning ( no test assertions in func)
}
/* END_CASE */
/* BEGIN_CASE */
-void ctr_drbg_entropy_strength( int expected_bit_strength )
+void ctr_drbg_entropy_strength(int expected_bit_strength)
{
unsigned char entropy[/*initial entropy*/ MBEDTLS_CTR_DRBG_ENTROPY_LEN +
- /*nonce*/ MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN +
- /*reseed*/ MBEDTLS_CTR_DRBG_ENTROPY_LEN];
+ /*nonce*/ MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN +
+ /*reseed*/ MBEDTLS_CTR_DRBG_ENTROPY_LEN];
mbedtls_ctr_drbg_context ctx;
size_t last_idx;
size_t byte_strength = expected_bit_strength / 8;
- mbedtls_ctr_drbg_init( &ctx );
+ mbedtls_ctr_drbg_init(&ctx);
test_offset_idx = 0;
- test_max_idx = sizeof( entropy );
- memset( entropy, 0, sizeof( entropy ) );
+ test_max_idx = sizeof(entropy);
+ memset(entropy, 0, sizeof(entropy));
/* The initial seeding must grab at least byte_strength bytes of entropy
* for the entropy input and byte_strength/2 bytes for a nonce. */
- TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx,
- mbedtls_test_entropy_func, entropy,
- NULL, 0 ) == 0 );
- TEST_ASSERT( test_offset_idx >= ( byte_strength * 3 + 1 ) / 2 );
+ TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctx,
+ mbedtls_test_entropy_func, entropy,
+ NULL, 0) == 0);
+ TEST_ASSERT(test_offset_idx >= (byte_strength * 3 + 1) / 2);
last_idx = test_offset_idx;
/* A reseed must grab at least byte_strength bytes of entropy. */
- TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) == 0 );
- TEST_ASSERT( test_offset_idx - last_idx >= byte_strength );
+ TEST_ASSERT(mbedtls_ctr_drbg_reseed(&ctx, NULL, 0) == 0);
+ TEST_ASSERT(test_offset_idx - last_idx >= byte_strength);
exit:
- mbedtls_ctr_drbg_free( &ctx );
+ mbedtls_ctr_drbg_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void ctr_drbg_entropy_usage( int entropy_nonce_len )
+void ctr_drbg_entropy_usage(int entropy_nonce_len)
{
unsigned char out[16];
unsigned char add[16];
@@ -230,109 +229,109 @@
size_t i, reps = 10;
size_t expected_idx = 0;
- mbedtls_ctr_drbg_init( &ctx );
+ mbedtls_ctr_drbg_init(&ctx);
test_offset_idx = 0;
- test_max_idx = sizeof( entropy );
- memset( entropy, 0, sizeof( entropy ) );
- memset( out, 0, sizeof( out ) );
- memset( add, 0, sizeof( add ) );
+ test_max_idx = sizeof(entropy);
+ memset(entropy, 0, sizeof(entropy));
+ memset(out, 0, sizeof(out));
+ memset(add, 0, sizeof(add));
- if( entropy_nonce_len >= 0 )
- TEST_ASSERT( mbedtls_ctr_drbg_set_nonce_len( &ctx, entropy_nonce_len ) == 0 );
+ if (entropy_nonce_len >= 0) {
+ TEST_ASSERT(mbedtls_ctr_drbg_set_nonce_len(&ctx, entropy_nonce_len) == 0);
+ }
/* Set reseed interval before seed */
- mbedtls_ctr_drbg_set_reseed_interval( &ctx, 2 * reps );
+ mbedtls_ctr_drbg_set_reseed_interval(&ctx, 2 * reps);
/* Init must use entropy */
- TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, mbedtls_test_entropy_func, entropy, NULL, 0 ) == 0 );
+ TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctx, mbedtls_test_entropy_func, entropy, NULL, 0) == 0);
expected_idx += MBEDTLS_CTR_DRBG_ENTROPY_LEN;
- if( entropy_nonce_len >= 0 )
+ if (entropy_nonce_len >= 0) {
expected_idx += entropy_nonce_len;
- else
+ } else {
expected_idx += MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN;
- TEST_EQUAL( test_offset_idx, expected_idx );
+ }
+ TEST_EQUAL(test_offset_idx, expected_idx);
/* By default, PR is off, and reseed interval was set to
* 2 * reps so the next few calls should not use entropy */
- for( i = 0; i < reps; i++ )
- {
- TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) - 4 ) == 0 );
- TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, out, sizeof( out ) - 4,
- add, sizeof( add ) ) == 0 );
+ for (i = 0; i < reps; i++) {
+ TEST_ASSERT(mbedtls_ctr_drbg_random(&ctx, out, sizeof(out) - 4) == 0);
+ TEST_ASSERT(mbedtls_ctr_drbg_random_with_add(&ctx, out, sizeof(out) - 4,
+ add, sizeof(add)) == 0);
}
- TEST_EQUAL( test_offset_idx, expected_idx );
+ TEST_EQUAL(test_offset_idx, expected_idx);
/* While at it, make sure we didn't write past the requested length */
- TEST_ASSERT( out[sizeof( out ) - 4] == 0 );
- TEST_ASSERT( out[sizeof( out ) - 3] == 0 );
- TEST_ASSERT( out[sizeof( out ) - 2] == 0 );
- TEST_ASSERT( out[sizeof( out ) - 1] == 0 );
+ TEST_ASSERT(out[sizeof(out) - 4] == 0);
+ TEST_ASSERT(out[sizeof(out) - 3] == 0);
+ TEST_ASSERT(out[sizeof(out) - 2] == 0);
+ TEST_ASSERT(out[sizeof(out) - 1] == 0);
/* There have been 2 * reps calls to random. The next call should reseed */
- TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
+ TEST_ASSERT(mbedtls_ctr_drbg_random(&ctx, out, sizeof(out)) == 0);
expected_idx += MBEDTLS_CTR_DRBG_ENTROPY_LEN;
- TEST_EQUAL( test_offset_idx, expected_idx );
+ TEST_EQUAL(test_offset_idx, expected_idx);
/* Set reseed interval after seed */
- mbedtls_ctr_drbg_set_reseed_interval( &ctx, 4 * reps + 1 );
+ mbedtls_ctr_drbg_set_reseed_interval(&ctx, 4 * reps + 1);
/* The next few calls should not reseed */
- for( i = 0; i < (2 * reps); i++ )
- {
- TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
- TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, out, sizeof( out ) ,
- add, sizeof( add ) ) == 0 );
+ for (i = 0; i < (2 * reps); i++) {
+ TEST_ASSERT(mbedtls_ctr_drbg_random(&ctx, out, sizeof(out)) == 0);
+ TEST_ASSERT(mbedtls_ctr_drbg_random_with_add(&ctx, out, sizeof(out),
+ add, sizeof(add)) == 0);
}
- TEST_EQUAL( test_offset_idx, expected_idx );
+ TEST_EQUAL(test_offset_idx, expected_idx);
/* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT).
* Make sure it's detected as an error and doesn't cause memory
* corruption. */
- TEST_ASSERT( mbedtls_ctr_drbg_update_ret(
- &ctx, entropy, sizeof( entropy ) ) != 0 );
+ TEST_ASSERT(mbedtls_ctr_drbg_update_ret(
+ &ctx, entropy, sizeof(entropy)) != 0);
/* Now enable PR, so the next few calls should all reseed */
- mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
- TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
+ mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_ON);
+ TEST_ASSERT(mbedtls_ctr_drbg_random(&ctx, out, sizeof(out)) == 0);
expected_idx += MBEDTLS_CTR_DRBG_ENTROPY_LEN;
- TEST_EQUAL( test_offset_idx, expected_idx );
+ TEST_EQUAL(test_offset_idx, expected_idx);
/* Finally, check setting entropy_len */
- mbedtls_ctr_drbg_set_entropy_len( &ctx, 42 );
- TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
+ mbedtls_ctr_drbg_set_entropy_len(&ctx, 42);
+ TEST_ASSERT(mbedtls_ctr_drbg_random(&ctx, out, sizeof(out)) == 0);
expected_idx += 42;
- TEST_EQUAL( test_offset_idx, expected_idx );
+ TEST_EQUAL(test_offset_idx, expected_idx);
- mbedtls_ctr_drbg_set_entropy_len( &ctx, 13 );
- TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
+ mbedtls_ctr_drbg_set_entropy_len(&ctx, 13);
+ TEST_ASSERT(mbedtls_ctr_drbg_random(&ctx, out, sizeof(out)) == 0);
expected_idx += 13;
- TEST_EQUAL( test_offset_idx, expected_idx );
+ TEST_EQUAL(test_offset_idx, expected_idx);
exit:
- mbedtls_ctr_drbg_free( &ctx );
+ mbedtls_ctr_drbg_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void ctr_drbg_seed_file( char * path, int ret )
+void ctr_drbg_seed_file(char *path, int ret)
{
mbedtls_ctr_drbg_context ctx;
- mbedtls_ctr_drbg_init( &ctx );
+ mbedtls_ctr_drbg_init(&ctx);
- TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, mbedtls_test_rnd_std_rand,
- NULL, NULL, 0 ) == 0 );
- TEST_ASSERT( mbedtls_ctr_drbg_write_seed_file( &ctx, path ) == ret );
- TEST_ASSERT( mbedtls_ctr_drbg_update_seed_file( &ctx, path ) == ret );
+ TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctx, mbedtls_test_rnd_std_rand,
+ NULL, NULL, 0) == 0);
+ TEST_ASSERT(mbedtls_ctr_drbg_write_seed_file(&ctx, path) == ret);
+ TEST_ASSERT(mbedtls_ctr_drbg_update_seed_file(&ctx, path) == ret);
exit:
- mbedtls_ctr_drbg_free( &ctx );
+ mbedtls_ctr_drbg_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void ctr_drbg_selftest( )
+void ctr_drbg_selftest()
{
- TEST_ASSERT( mbedtls_ctr_drbg_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_ctr_drbg_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index cadc947..cbb3a63 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -2,8 +2,7 @@
#include "mbedtls/debug.h"
#include "string.h"
-struct buffer_data
-{
+struct buffer_data {
char buf[2000];
char *ptr;
};
@@ -14,29 +13,32 @@
char *p = buffer->ptr;
((void) level);
- memcpy( p, file, strlen( file ) );
- p += strlen( file );
+ memcpy(p, file, strlen(file));
+ p += strlen(file);
*p++ = '(';
- *p++ = '0' + ( line / 1000 ) % 10;
- *p++ = '0' + ( line / 100 ) % 10;
- *p++ = '0' + ( line / 10 ) % 10;
- *p++ = '0' + ( line / 1 ) % 10;
+ *p++ = '0' + (line / 1000) % 10;
+ *p++ = '0' + (line / 100) % 10;
+ *p++ = '0' + (line / 10) % 10;
+ *p++ = '0' + (line / 1) % 10;
*p++ = ')';
*p++ = ':';
*p++ = ' ';
#if defined(MBEDTLS_THREADING_C)
/* Skip "thread ID" (up to the first space) as it is not predictable */
- while( *str++ != ' ' );
+ while (*str++ != ' ') {
+ ;
+ }
#endif
- memcpy( p, str, strlen( str ) );
- p += strlen( str );
+ memcpy(p, str, strlen(str));
+ p += strlen(str);
/* Detect if debug messages output partial lines and mark them */
- if( p[-1] != '\n' )
+ if (p[-1] != '\n') {
*p++ = '*';
+ }
buffer->ptr = p;
}
@@ -48,148 +50,148 @@
*/
/* BEGIN_CASE */
-void debug_print_msg_threshold( int threshold, int level, char * file,
- int line, char * result_str )
+void debug_print_msg_threshold(int threshold, int level, char *file,
+ int line, char *result_str)
{
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
struct buffer_data buffer;
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- memset( buffer.buf, 0, 2000 );
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ memset(buffer.buf, 0, 2000);
buffer.ptr = buffer.buf;
- TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
- mbedtls_debug_set_threshold( threshold );
- mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
+ mbedtls_debug_set_threshold(threshold);
+ mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
- mbedtls_debug_print_msg( &ssl, level, file, line,
- "Text message, 2 == %d", 2 );
+ mbedtls_debug_print_msg(&ssl, level, file, line,
+ "Text message, 2 == %d", 2);
- TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
+ TEST_ASSERT(strcmp(buffer.buf, result_str) == 0);
exit:
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_debug_print_ret( char * file, int line, char * text, int value,
- char * result_str )
+void mbedtls_debug_print_ret(char *file, int line, char *text, int value,
+ char *result_str)
{
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
struct buffer_data buffer;
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- memset( buffer.buf, 0, 2000 );
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ memset(buffer.buf, 0, 2000);
buffer.ptr = buffer.buf;
- TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
- mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
+ mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
- mbedtls_debug_print_ret( &ssl, 0, file, line, text, value);
+ mbedtls_debug_print_ret(&ssl, 0, file, line, text, value);
- TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
+ TEST_ASSERT(strcmp(buffer.buf, result_str) == 0);
exit:
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_debug_print_buf( char * file, int line, char * text,
- data_t * data, char * result_str )
+void mbedtls_debug_print_buf(char *file, int line, char *text,
+ data_t *data, char *result_str)
{
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
struct buffer_data buffer;
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- memset( buffer.buf, 0, 2000 );
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ memset(buffer.buf, 0, 2000);
buffer.ptr = buffer.buf;
- TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
- mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
+ mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
- mbedtls_debug_print_buf( &ssl, 0, file, line, text, data->x, data->len );
+ mbedtls_debug_print_buf(&ssl, 0, file, line, text, data->x, data->len);
- TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
+ TEST_ASSERT(strcmp(buffer.buf, result_str) == 0);
exit:
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_debug_print_crt( char * crt_file, char * file, int line,
- char * prefix, char * result_str )
+void mbedtls_debug_print_crt(char *crt_file, char *file, int line,
+ char *prefix, char *result_str)
{
mbedtls_x509_crt crt;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
struct buffer_data buffer;
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- mbedtls_x509_crt_init( &crt );
- memset( buffer.buf, 0, 2000 );
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_x509_crt_init(&crt);
+ memset(buffer.buf, 0, 2000);
buffer.ptr = buffer.buf;
- TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
- mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
+ mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
- mbedtls_debug_print_crt( &ssl, 0, file, line, prefix, &crt);
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ mbedtls_debug_print_crt(&ssl, 0, file, line, prefix, &crt);
- TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
+ TEST_ASSERT(strcmp(buffer.buf, result_str) == 0);
exit:
- mbedtls_x509_crt_free( &crt );
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
+ mbedtls_x509_crt_free(&crt);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_BIGNUM_C */
-void mbedtls_debug_print_mpi( char * value, char * file, int line,
- char * prefix, char * result_str )
+void mbedtls_debug_print_mpi(char *value, char *file, int line,
+ char *prefix, char *result_str)
{
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
struct buffer_data buffer;
mbedtls_mpi val;
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- mbedtls_mpi_init( &val );
- memset( buffer.buf, 0, 2000 );
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_mpi_init(&val);
+ memset(buffer.buf, 0, 2000);
buffer.ptr = buffer.buf;
- TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
- TEST_ASSERT( mbedtls_test_read_mpi( &val, value ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&val, value) == 0);
- mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
+ mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
- mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val);
+ mbedtls_debug_print_mpi(&ssl, 0, file, line, prefix, &val);
- TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
+ TEST_ASSERT(strcmp(buffer.buf, result_str) == 0);
exit:
- mbedtls_mpi_free( &val );
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
+ mbedtls_mpi_free(&val);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function
index 7256fb5..b846d77 100644
--- a/tests/suites/test_suite_des.function
+++ b/tests/suites/test_suite_des.function
@@ -8,269 +8,273 @@
*/
/* BEGIN_CASE */
-void des_check_weak( data_t * key, int ret )
+void des_check_weak(data_t *key, int ret)
{
- TEST_ASSERT( mbedtls_des_key_check_weak( key->x ) == ret );
+ TEST_ASSERT(mbedtls_des_key_check_weak(key->x) == ret);
}
/* END_CASE */
/* BEGIN_CASE */
-void des_encrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst )
+void des_encrypt_ecb(data_t *key_str, data_t *src_str, data_t *dst)
{
unsigned char output[100];
mbedtls_des_context ctx;
memset(output, 0x00, 100);
- mbedtls_des_init( &ctx );
+ mbedtls_des_init(&ctx);
- TEST_ASSERT( mbedtls_des_setkey_enc( &ctx, key_str->x ) == 0 );
- TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
+ TEST_ASSERT(mbedtls_des_setkey_enc(&ctx, key_str->x) == 0);
+ TEST_ASSERT(mbedtls_des_crypt_ecb(&ctx, src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, 8, dst->len) == 0);
exit:
- mbedtls_des_free( &ctx );
+ mbedtls_des_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void des_decrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst )
+void des_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *dst)
{
unsigned char output[100];
mbedtls_des_context ctx;
memset(output, 0x00, 100);
- mbedtls_des_init( &ctx );
+ mbedtls_des_init(&ctx);
- TEST_ASSERT( mbedtls_des_setkey_dec( &ctx, key_str->x ) == 0 );
- TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
+ TEST_ASSERT(mbedtls_des_setkey_dec(&ctx, key_str->x) == 0);
+ TEST_ASSERT(mbedtls_des_crypt_ecb(&ctx, src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, 8, dst->len) == 0);
exit:
- mbedtls_des_free( &ctx );
+ mbedtls_des_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des_encrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst, int cbc_result )
+void des_encrypt_cbc(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst, int cbc_result)
{
unsigned char output[100];
mbedtls_des_context ctx;
memset(output, 0x00, 100);
- mbedtls_des_init( &ctx );
+ mbedtls_des_init(&ctx);
- TEST_ASSERT( mbedtls_des_setkey_enc( &ctx, key_str->x ) == 0 );
- TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
- if( cbc_result == 0 )
- {
+ TEST_ASSERT(mbedtls_des_setkey_enc(&ctx, key_str->x) == 0);
+ TEST_ASSERT(mbedtls_des_crypt_cbc(&ctx, MBEDTLS_DES_ENCRYPT, src_str->len, iv_str->x,
+ src_str->x, output) == cbc_result);
+ if (cbc_result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
- dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, src_str->len,
+ dst->len) == 0);
}
exit:
- mbedtls_des_free( &ctx );
+ mbedtls_des_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des_decrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst,
- int cbc_result )
+void des_decrypt_cbc(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst,
+ int cbc_result)
{
unsigned char output[100];
mbedtls_des_context ctx;
memset(output, 0x00, 100);
- mbedtls_des_init( &ctx );
+ mbedtls_des_init(&ctx);
- TEST_ASSERT( mbedtls_des_setkey_dec( &ctx, key_str->x ) == 0 );
- TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
- if( cbc_result == 0 )
- {
+ TEST_ASSERT(mbedtls_des_setkey_dec(&ctx, key_str->x) == 0);
+ TEST_ASSERT(mbedtls_des_crypt_cbc(&ctx, MBEDTLS_DES_DECRYPT, src_str->len, iv_str->x,
+ src_str->x, output) == cbc_result);
+ if (cbc_result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
- dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, src_str->len,
+ dst->len) == 0);
}
exit:
- mbedtls_des_free( &ctx );
+ mbedtls_des_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void des3_encrypt_ecb( int key_count, data_t * key_str,
- data_t * src_str, data_t * dst )
+void des3_encrypt_ecb(int key_count, data_t *key_str,
+ data_t *src_str, data_t *dst)
{
unsigned char output[100];
mbedtls_des3_context ctx;
memset(output, 0x00, 100);
- mbedtls_des3_init( &ctx );
+ mbedtls_des3_init(&ctx);
- if( key_count == 2 )
- TEST_ASSERT( mbedtls_des3_set2key_enc( &ctx, key_str->x ) == 0 );
- else if( key_count == 3 )
- TEST_ASSERT( mbedtls_des3_set3key_enc( &ctx, key_str->x ) == 0 );
- else
- TEST_ASSERT( 0 );
+ if (key_count == 2) {
+ TEST_ASSERT(mbedtls_des3_set2key_enc(&ctx, key_str->x) == 0);
+ } else if (key_count == 3) {
+ TEST_ASSERT(mbedtls_des3_set3key_enc(&ctx, key_str->x) == 0);
+ } else {
+ TEST_ASSERT(0);
+ }
- TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 );
+ TEST_ASSERT(mbedtls_des3_crypt_ecb(&ctx, src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, 8, dst->len) == 0);
exit:
- mbedtls_des3_free( &ctx );
+ mbedtls_des3_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void des3_decrypt_ecb( int key_count, data_t * key_str,
- data_t * src_str, data_t * dst )
+void des3_decrypt_ecb(int key_count, data_t *key_str,
+ data_t *src_str, data_t *dst)
{
unsigned char output[100];
mbedtls_des3_context ctx;
memset(output, 0x00, 100);
- mbedtls_des3_init( &ctx );
+ mbedtls_des3_init(&ctx);
- if( key_count == 2 )
- TEST_ASSERT( mbedtls_des3_set2key_dec( &ctx, key_str->x ) == 0 );
- else if( key_count == 3 )
- TEST_ASSERT( mbedtls_des3_set3key_dec( &ctx, key_str->x ) == 0 );
- else
- TEST_ASSERT( 0 );
+ if (key_count == 2) {
+ TEST_ASSERT(mbedtls_des3_set2key_dec(&ctx, key_str->x) == 0);
+ } else if (key_count == 3) {
+ TEST_ASSERT(mbedtls_des3_set3key_dec(&ctx, key_str->x) == 0);
+ } else {
+ TEST_ASSERT(0);
+ }
- TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 );
+ TEST_ASSERT(mbedtls_des3_crypt_ecb(&ctx, src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, 8, dst->len) == 0);
exit:
- mbedtls_des3_free( &ctx );
+ mbedtls_des3_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des3_encrypt_cbc( int key_count, data_t * key_str,
- data_t * iv_str, data_t * src_str,
- data_t * dst, int cbc_result )
+void des3_encrypt_cbc(int key_count, data_t *key_str,
+ data_t *iv_str, data_t *src_str,
+ data_t *dst, int cbc_result)
{
unsigned char output[100];
mbedtls_des3_context ctx;
memset(output, 0x00, 100);
- mbedtls_des3_init( &ctx );
+ mbedtls_des3_init(&ctx);
- if( key_count == 2 )
- TEST_ASSERT( mbedtls_des3_set2key_enc( &ctx, key_str->x ) == 0 );
- else if( key_count == 3 )
- TEST_ASSERT( mbedtls_des3_set3key_enc( &ctx, key_str->x ) == 0 );
- else
- TEST_ASSERT( 0 );
+ if (key_count == 2) {
+ TEST_ASSERT(mbedtls_des3_set2key_enc(&ctx, key_str->x) == 0);
+ } else if (key_count == 3) {
+ TEST_ASSERT(mbedtls_des3_set3key_enc(&ctx, key_str->x) == 0);
+ } else {
+ TEST_ASSERT(0);
+ }
- TEST_ASSERT( mbedtls_des3_crypt_cbc( &ctx, MBEDTLS_DES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
+ TEST_ASSERT(mbedtls_des3_crypt_cbc(&ctx, MBEDTLS_DES_ENCRYPT, src_str->len, iv_str->x,
+ src_str->x, output) == cbc_result);
- if( cbc_result == 0 )
- {
+ if (cbc_result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
- src_str->len, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x,
+ src_str->len, dst->len) == 0);
}
exit:
- mbedtls_des3_free( &ctx );
+ mbedtls_des3_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des3_decrypt_cbc( int key_count, data_t * key_str,
- data_t * iv_str, data_t * src_str,
- data_t * dst, int cbc_result )
+void des3_decrypt_cbc(int key_count, data_t *key_str,
+ data_t *iv_str, data_t *src_str,
+ data_t *dst, int cbc_result)
{
unsigned char output[100];
mbedtls_des3_context ctx;
memset(output, 0x00, 100);
- mbedtls_des3_init( &ctx );
+ mbedtls_des3_init(&ctx);
- if( key_count == 2 )
- TEST_ASSERT( mbedtls_des3_set2key_dec( &ctx, key_str->x ) == 0 );
- else if( key_count == 3 )
- TEST_ASSERT( mbedtls_des3_set3key_dec( &ctx, key_str->x ) == 0 );
- else
- TEST_ASSERT( 0 );
+ if (key_count == 2) {
+ TEST_ASSERT(mbedtls_des3_set2key_dec(&ctx, key_str->x) == 0);
+ } else if (key_count == 3) {
+ TEST_ASSERT(mbedtls_des3_set3key_dec(&ctx, key_str->x) == 0);
+ } else {
+ TEST_ASSERT(0);
+ }
- TEST_ASSERT( mbedtls_des3_crypt_cbc( &ctx, MBEDTLS_DES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
+ TEST_ASSERT(mbedtls_des3_crypt_cbc(&ctx, MBEDTLS_DES_DECRYPT, src_str->len, iv_str->x,
+ src_str->x, output) == cbc_result);
- if( cbc_result == 0 )
- {
+ if (cbc_result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
- dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, src_str->len,
+ dst->len) == 0);
}
exit:
- mbedtls_des3_free( &ctx );
+ mbedtls_des3_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void des_key_parity_run( )
+void des_key_parity_run()
{
int i, j, cnt;
unsigned char key[MBEDTLS_DES_KEY_SIZE];
unsigned int parity;
- memset( key, 0, MBEDTLS_DES_KEY_SIZE );
+ memset(key, 0, MBEDTLS_DES_KEY_SIZE);
cnt = 0;
// Iterate through all possible byte values
//
- for( i = 0; i < 32; i++ )
- {
- for( j = 0; j < 8; j++ )
+ for (i = 0; i < 32; i++) {
+ for (j = 0; j < 8; j++) {
key[j] = cnt++;
+ }
// Set the key parity according to the table
//
- mbedtls_des_key_set_parity( key );
+ mbedtls_des_key_set_parity(key);
// Check the parity with a function
//
- for( j = 0; j < 8; j++ )
- {
- parity = key[j] ^ ( key[j] >> 4 );
+ for (j = 0; j < 8; j++) {
+ parity = key[j] ^ (key[j] >> 4);
parity = parity ^
- ( parity >> 1 ) ^
- ( parity >> 2 ) ^
- ( parity >> 3 );
+ (parity >> 1) ^
+ (parity >> 2) ^
+ (parity >> 3);
parity &= 1;
- if( parity != 1 )
- TEST_ASSERT( 0 );
+ if (parity != 1) {
+ TEST_ASSERT(0);
+ }
}
// Check the parity with the table
//
- TEST_ASSERT( mbedtls_des_key_check_key_parity( key ) == 0 );
+ TEST_ASSERT(mbedtls_des_key_check_key_parity(key) == 0);
}
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void des_selftest( )
+void des_selftest()
{
- TEST_ASSERT( mbedtls_des_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_des_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function
index 5d82fe6..1251723 100644
--- a/tests/suites/test_suite_dhm.function
+++ b/tests/suites/test_suite_dhm.function
@@ -4,63 +4,66 @@
/* Sanity checks on a Diffie-Hellman parameter: check the length-value
* syntax and check that the value is the expected one (taken from the
* DHM context by the caller). */
-static int check_dhm_param_output( const mbedtls_mpi *expected,
- const unsigned char *buffer,
- size_t size,
- size_t *offset )
+static int check_dhm_param_output(const mbedtls_mpi *expected,
+ const unsigned char *buffer,
+ size_t size,
+ size_t *offset)
{
size_t n;
mbedtls_mpi actual;
int ok = 0;
- mbedtls_mpi_init( &actual );
+ mbedtls_mpi_init(&actual);
++mbedtls_test_info.step;
- TEST_ASSERT( size >= *offset + 2 );
- n = ( buffer[*offset] << 8 ) | buffer[*offset + 1];
+ TEST_ASSERT(size >= *offset + 2);
+ n = (buffer[*offset] << 8) | buffer[*offset + 1];
*offset += 2;
/* The DHM param output from Mbed TLS has leading zeros stripped, as
* permitted but not required by RFC 5246 \S4.4. */
- TEST_EQUAL( n, mbedtls_mpi_size( expected ) );
- TEST_ASSERT( size >= *offset + n );
- TEST_EQUAL( 0, mbedtls_mpi_read_binary( &actual, buffer + *offset, n ) );
- TEST_EQUAL( 0, mbedtls_mpi_cmp_mpi( expected, &actual ) );
+ TEST_EQUAL(n, mbedtls_mpi_size(expected));
+ TEST_ASSERT(size >= *offset + n);
+ TEST_EQUAL(0, mbedtls_mpi_read_binary(&actual, buffer + *offset, n));
+ TEST_EQUAL(0, mbedtls_mpi_cmp_mpi(expected, &actual));
*offset += n;
ok = 1;
exit:
- mbedtls_mpi_free( &actual );
- return( ok );
+ mbedtls_mpi_free(&actual);
+ return ok;
}
/* Sanity checks on Diffie-Hellman parameters: syntax, range, and comparison
* against the context. */
-static int check_dhm_params( const mbedtls_dhm_context *ctx,
- size_t x_size,
- const unsigned char *ske, size_t ske_len )
+static int check_dhm_params(const mbedtls_dhm_context *ctx,
+ size_t x_size,
+ const unsigned char *ske, size_t ske_len)
{
size_t offset = 0;
/* Check that ctx->X and ctx->GX are within range. */
- TEST_ASSERT( mbedtls_mpi_cmp_int( &ctx->X, 1 ) > 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) < 0 );
- TEST_ASSERT( mbedtls_mpi_size( &ctx->X ) <= x_size );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &ctx->GX, 1 ) > 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx->GX, &ctx->P ) < 0 );
+ TEST_ASSERT(mbedtls_mpi_cmp_int(&ctx->X, 1) > 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&ctx->X, &ctx->P) < 0);
+ TEST_ASSERT(mbedtls_mpi_size(&ctx->X) <= x_size);
+ TEST_ASSERT(mbedtls_mpi_cmp_int(&ctx->GX, 1) > 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&ctx->GX, &ctx->P) < 0);
/* Check ske: it must contain P, G and G^X, each prefixed with a
* 2-byte size. */
- if( !check_dhm_param_output( &ctx->P, ske, ske_len, &offset ) )
+ if (!check_dhm_param_output(&ctx->P, ske, ske_len, &offset)) {
goto exit;
- if( !check_dhm_param_output( &ctx->G, ske, ske_len, &offset ) )
+ }
+ if (!check_dhm_param_output(&ctx->G, ske, ske_len, &offset)) {
goto exit;
- if( !check_dhm_param_output( &ctx->GX, ske, ske_len, &offset ) )
+ }
+ if (!check_dhm_param_output(&ctx->GX, ske, ske_len, &offset)) {
goto exit;
- TEST_EQUAL( offset, ske_len );
+ }
+ TEST_EQUAL(offset, ske_len);
- return( 1 );
+ return 1;
exit:
- return( 0 );
+ return 0;
}
/* END_HEADER */
@@ -71,104 +74,104 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void dhm_invalid_params( )
+void dhm_invalid_params()
{
mbedtls_dhm_context ctx;
unsigned char buf[42] = { 0 };
unsigned char *buf_null = NULL;
mbedtls_mpi X;
- size_t const buflen = sizeof( buf );
+ size_t const buflen = sizeof(buf);
size_t len;
- TEST_INVALID_PARAM( mbedtls_dhm_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_dhm_free( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_dhm_init(NULL));
+ TEST_VALID_PARAM(mbedtls_dhm_free(NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_params( NULL,
- (unsigned char**) &buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_params( &ctx, &buf_null, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_params( &ctx, NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_params( &ctx,
- (unsigned char**) &buf,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_read_params(NULL,
+ (unsigned char **) &buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_read_params(&ctx, &buf_null, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_read_params(&ctx, NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_read_params(&ctx,
+ (unsigned char **) &buf,
+ NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_params( NULL, buflen,
- buf, &len,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_params( &ctx, buflen,
- NULL, &len,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_params( &ctx, buflen,
- buf, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_params( &ctx, buflen,
- buf, &len,
- NULL,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_make_params(NULL, buflen,
+ buf, &len,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_make_params(&ctx, buflen,
+ NULL, &len,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_make_params(&ctx, buflen,
+ buf, NULL,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_make_params(&ctx, buflen,
+ buf, &len,
+ NULL,
+ NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_set_group( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_set_group( &ctx, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_set_group( &ctx, &X, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_set_group(NULL, &X, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_set_group(&ctx, NULL, &X));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_set_group(&ctx, &X, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_public( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_public( &ctx, NULL, buflen ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_read_public(NULL, buf, buflen));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_read_public(&ctx, NULL, buflen));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_public( NULL, buflen,
- buf, buflen,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_public( &ctx, buflen,
- NULL, buflen,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_public( &ctx, buflen,
- buf, buflen,
- NULL,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_make_public(NULL, buflen,
+ buf, buflen,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_make_public(&ctx, buflen,
+ NULL, buflen,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_make_public(&ctx, buflen,
+ buf, buflen,
+ NULL,
+ NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_calc_secret( NULL, buf, buflen, &len,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_calc_secret( &ctx, NULL, buflen, &len,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_calc_secret( &ctx, buf, buflen, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_calc_secret(NULL, buf, buflen, &len,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_calc_secret(&ctx, NULL, buflen, &len,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_calc_secret(&ctx, buf, buflen, NULL,
+ mbedtls_test_rnd_std_rand,
+ NULL));
#if defined(MBEDTLS_ASN1_PARSE_C)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_parse_dhm( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_parse_dhm( &ctx, NULL, buflen ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_parse_dhm(NULL, buf, buflen));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_parse_dhm(&ctx, NULL, buflen));
#if defined(MBEDTLS_FS_IO)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_parse_dhmfile( NULL, "" ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_parse_dhmfile( &ctx, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_parse_dhmfile(NULL, ""));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_parse_dhmfile(&ctx, NULL));
#endif /* MBEDTLS_FS_IO */
#endif /* MBEDTLS_ASN1_PARSE_C */
@@ -178,8 +181,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void dhm_do_dhm( char *input_P, int x_size,
- char *input_G, int result )
+void dhm_do_dhm(char *input_P, int x_size,
+ char *input_G, int result)
{
mbedtls_dhm_context ctx_srv;
mbedtls_dhm_context ctx_cli;
@@ -195,65 +198,67 @@
int i;
mbedtls_test_rnd_pseudo_info rnd_info;
- mbedtls_dhm_init( &ctx_srv );
- mbedtls_dhm_init( &ctx_cli );
- memset( ske, 0x00, 1000 );
- memset( pub_cli, 0x00, 1000 );
- memset( sec_srv, 0x00, 1000 );
- memset( sec_cli, 0x00, 1000 );
- memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ mbedtls_dhm_init(&ctx_srv);
+ mbedtls_dhm_init(&ctx_cli);
+ memset(ske, 0x00, 1000);
+ memset(pub_cli, 0x00, 1000);
+ memset(sec_srv, 0x00, 1000);
+ memset(sec_cli, 0x00, 1000);
+ memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
/*
* Set params
*/
- TEST_ASSERT( mbedtls_test_read_mpi( &ctx_srv.P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &ctx_srv.G, input_G ) == 0 );
- pub_cli_len = mbedtls_mpi_size( &ctx_srv.P );
+ TEST_ASSERT(mbedtls_test_read_mpi(&ctx_srv.P, input_P) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&ctx_srv.G, input_G) == 0);
+ pub_cli_len = mbedtls_mpi_size(&ctx_srv.P);
/*
* First key exchange
*/
- mbedtls_test_set_step( 10 );
- TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == result );
- if ( result != 0 )
+ mbedtls_test_set_step(10);
+ TEST_ASSERT(mbedtls_dhm_make_params(&ctx_srv, x_size, ske, &ske_len,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == result);
+ if (result != 0) {
goto exit;
- if( !check_dhm_params( &ctx_srv, x_size, ske, ske_len ) )
+ }
+ if (!check_dhm_params(&ctx_srv, x_size, ske, ske_len)) {
goto exit;
+ }
ske[ske_len++] = 0;
ske[ske_len++] = 0;
- TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 );
+ TEST_ASSERT(mbedtls_dhm_read_params(&ctx_cli, &p, ske + ske_len) == 0);
- TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 );
+ TEST_ASSERT(mbedtls_dhm_make_public(&ctx_cli, x_size, pub_cli, pub_cli_len,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_dhm_read_public(&ctx_srv, pub_cli, pub_cli_len) == 0);
- TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ),
- &sec_srv_len,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_dhm_calc_secret(&ctx_srv, sec_srv, sizeof(sec_srv),
+ &sec_srv_len,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_dhm_calc_secret(&ctx_cli, sec_cli, sizeof(sec_cli), &sec_cli_len, NULL,
+ NULL) == 0);
- TEST_ASSERT( sec_srv_len == sec_cli_len );
- TEST_ASSERT( sec_srv_len != 0 );
- TEST_ASSERT( memcmp( sec_srv, sec_cli, sec_srv_len ) == 0 );
+ TEST_ASSERT(sec_srv_len == sec_cli_len);
+ TEST_ASSERT(sec_srv_len != 0);
+ TEST_ASSERT(memcmp(sec_srv, sec_cli, sec_srv_len) == 0);
/* Re-do calc_secret on server a few times to test update of blinding values */
- for( i = 0; i < 3; i++ )
- {
- mbedtls_test_set_step( 20 + i );
+ for (i = 0; i < 3; i++) {
+ mbedtls_test_set_step(20 + i);
sec_srv_len = 1000;
- TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv,
- sizeof( sec_srv ), &sec_srv_len,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
+ TEST_ASSERT(mbedtls_dhm_calc_secret(&ctx_srv, sec_srv,
+ sizeof(sec_srv), &sec_srv_len,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
- TEST_ASSERT( sec_srv_len == sec_cli_len );
- TEST_ASSERT( sec_srv_len != 0 );
- TEST_ASSERT( memcmp( sec_srv, sec_cli, sec_srv_len ) == 0 );
+ TEST_ASSERT(sec_srv_len == sec_cli_len);
+ TEST_ASSERT(sec_srv_len != 0);
+ TEST_ASSERT(memcmp(sec_srv, sec_cli, sec_srv_len) == 0);
}
/*
@@ -261,94 +266,96 @@
*/
p = ske;
- mbedtls_test_set_step( 30 );
- TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- if( !check_dhm_params( &ctx_srv, x_size, ske, ske_len ) )
+ mbedtls_test_set_step(30);
+ TEST_ASSERT(mbedtls_dhm_make_params(&ctx_srv, x_size, ske, &ske_len,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ if (!check_dhm_params(&ctx_srv, x_size, ske, ske_len)) {
goto exit;
+ }
ske[ske_len++] = 0;
ske[ske_len++] = 0;
- TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 );
+ TEST_ASSERT(mbedtls_dhm_read_params(&ctx_cli, &p, ske + ske_len) == 0);
- TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 );
+ TEST_ASSERT(mbedtls_dhm_make_public(&ctx_cli, x_size, pub_cli, pub_cli_len,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_dhm_read_public(&ctx_srv, pub_cli, pub_cli_len) == 0);
- TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ),
- &sec_srv_len,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_dhm_calc_secret(&ctx_srv, sec_srv, sizeof(sec_srv),
+ &sec_srv_len,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_dhm_calc_secret(&ctx_cli, sec_cli, sizeof(sec_cli), &sec_cli_len, NULL,
+ NULL) == 0);
- TEST_ASSERT( sec_srv_len == sec_cli_len );
- TEST_ASSERT( sec_srv_len != 0 );
- TEST_ASSERT( memcmp( sec_srv, sec_cli, sec_srv_len ) == 0 );
+ TEST_ASSERT(sec_srv_len == sec_cli_len);
+ TEST_ASSERT(sec_srv_len != 0);
+ TEST_ASSERT(memcmp(sec_srv, sec_cli, sec_srv_len) == 0);
exit:
- mbedtls_dhm_free( &ctx_srv );
- mbedtls_dhm_free( &ctx_cli );
+ mbedtls_dhm_free(&ctx_srv);
+ mbedtls_dhm_free(&ctx_cli);
}
/* END_CASE */
/* BEGIN_CASE */
-void dhm_make_public( int P_bytes, char *input_G, int result )
+void dhm_make_public(int P_bytes, char *input_G, int result)
{
mbedtls_mpi P, G;
mbedtls_dhm_context ctx;
unsigned char output[MBEDTLS_MPI_MAX_SIZE];
- mbedtls_mpi_init( &P );
- mbedtls_mpi_init( &G );
- mbedtls_dhm_init( &ctx );
+ mbedtls_mpi_init(&P);
+ mbedtls_mpi_init(&G);
+ mbedtls_dhm_init(&ctx);
- TEST_ASSERT( mbedtls_mpi_lset( &P, 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_shift_l( &P, ( P_bytes * 8 ) - 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_set_bit( &P, 0, 1 ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_lset(&P, 1) == 0);
+ TEST_ASSERT(mbedtls_mpi_shift_l(&P, (P_bytes * 8) - 1) == 0);
+ TEST_ASSERT(mbedtls_mpi_set_bit(&P, 0, 1) == 0);
- TEST_ASSERT( mbedtls_test_read_mpi( &G, input_G ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&G, input_G) == 0);
- TEST_ASSERT( mbedtls_dhm_set_group( &ctx, &P, &G ) == 0 );
- TEST_ASSERT( mbedtls_dhm_make_public( &ctx, (int) mbedtls_mpi_size( &P ),
- output, sizeof(output),
- &mbedtls_test_rnd_pseudo_rand,
- NULL ) == result );
+ TEST_ASSERT(mbedtls_dhm_set_group(&ctx, &P, &G) == 0);
+ TEST_ASSERT(mbedtls_dhm_make_public(&ctx, (int) mbedtls_mpi_size(&P),
+ output, sizeof(output),
+ &mbedtls_test_rnd_pseudo_rand,
+ NULL) == result);
exit:
- mbedtls_mpi_free( &P );
- mbedtls_mpi_free( &G );
- mbedtls_dhm_free( &ctx );
+ mbedtls_mpi_free(&P);
+ mbedtls_mpi_free(&G);
+ mbedtls_dhm_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void dhm_file( char * filename, char * p, char * g, int len )
+void dhm_file(char *filename, char *p, char *g, int len)
{
mbedtls_dhm_context ctx;
mbedtls_mpi P, G;
- mbedtls_dhm_init( &ctx );
- mbedtls_mpi_init( &P ); mbedtls_mpi_init( &G );
+ mbedtls_dhm_init(&ctx);
+ mbedtls_mpi_init(&P); mbedtls_mpi_init(&G);
- TEST_ASSERT( mbedtls_test_read_mpi( &P, p ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &G, g ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&P, p) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&G, g) == 0);
- TEST_ASSERT( mbedtls_dhm_parse_dhmfile( &ctx, filename ) == 0 );
+ TEST_ASSERT(mbedtls_dhm_parse_dhmfile(&ctx, filename) == 0);
- TEST_ASSERT( ctx.len == (size_t) len );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.G, &G ) == 0 );
+ TEST_ASSERT(ctx.len == (size_t) len);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&ctx.P, &P) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&ctx.G, &G) == 0);
exit:
- mbedtls_mpi_free( &P ); mbedtls_mpi_free( &G );
- mbedtls_dhm_free( &ctx );
+ mbedtls_mpi_free(&P); mbedtls_mpi_free(&G);
+ mbedtls_dhm_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void dhm_selftest( )
+void dhm_selftest()
{
- TEST_ASSERT( mbedtls_dhm_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_dhm_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index cd1b368..0de7c08 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -1,39 +1,39 @@
/* BEGIN_HEADER */
#include "mbedtls/ecdh.h"
-static int load_public_key( int grp_id, data_t *point,
- mbedtls_ecp_keypair *ecp )
+static int load_public_key(int grp_id, data_t *point,
+ mbedtls_ecp_keypair *ecp)
{
int ok = 0;
- TEST_ASSERT( mbedtls_ecp_group_load( &ecp->grp, grp_id ) == 0 );
- TEST_ASSERT( mbedtls_ecp_point_read_binary( &ecp->grp,
- &ecp->Q,
- point->x,
- point->len ) == 0 );
- TEST_ASSERT( mbedtls_ecp_check_pubkey( &ecp->grp,
- &ecp->Q ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&ecp->grp, grp_id) == 0);
+ TEST_ASSERT(mbedtls_ecp_point_read_binary(&ecp->grp,
+ &ecp->Q,
+ point->x,
+ point->len) == 0);
+ TEST_ASSERT(mbedtls_ecp_check_pubkey(&ecp->grp,
+ &ecp->Q) == 0);
ok = 1;
exit:
- return( ok );
+ return ok;
}
-static int load_private_key( int grp_id, data_t *private_key,
- mbedtls_ecp_keypair *ecp,
- mbedtls_test_rnd_pseudo_info *rnd_info )
+static int load_private_key(int grp_id, data_t *private_key,
+ mbedtls_ecp_keypair *ecp,
+ mbedtls_test_rnd_pseudo_info *rnd_info)
{
int ok = 0;
- TEST_ASSERT( mbedtls_ecp_read_key( grp_id, ecp,
- private_key->x,
- private_key->len ) == 0 );
- TEST_ASSERT( mbedtls_ecp_check_privkey( &ecp->grp, &ecp->d ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_read_key(grp_id, ecp,
+ private_key->x,
+ private_key->len) == 0);
+ TEST_ASSERT(mbedtls_ecp_check_privkey(&ecp->grp, &ecp->d) == 0);
/* Calculate the public key from the private key. */
- TEST_ASSERT( mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d,
- &ecp->grp.G,
- &mbedtls_test_rnd_pseudo_rand,
- rnd_info ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_mul(&ecp->grp, &ecp->Q, &ecp->d,
+ &ecp->grp.G,
+ &mbedtls_test_rnd_pseudo_rand,
+ rnd_info) == 0);
ok = 1;
exit:
- return( ok );
+ return ok;
}
/* END_HEADER */
@@ -44,14 +44,14 @@
*/
/* BEGIN_CASE */
-void ecdh_valid_param( )
+void ecdh_valid_param()
{
- TEST_VALID_PARAM( mbedtls_ecdh_free( NULL ) );
+ TEST_VALID_PARAM(mbedtls_ecdh_free(NULL));
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void ecdh_invalid_param( )
+void ecdh_invalid_param()
{
mbedtls_ecp_group grp;
mbedtls_ecdh_context ctx;
@@ -61,124 +61,124 @@
size_t olen;
unsigned char buf[42] = { 0 };
const unsigned char *buf_null = NULL;
- size_t const buflen = sizeof( buf );
+ size_t const buflen = sizeof(buf);
int invalid_side = 42;
mbedtls_ecp_group_id valid_grp = MBEDTLS_ECP_DP_SECP192R1;
- mbedtls_ecp_keypair_init( &kp );
- mbedtls_ecdh_init( &ctx );
- TEST_INVALID_PARAM( mbedtls_ecdh_init( NULL ) );
+ mbedtls_ecp_keypair_init(&kp);
+ mbedtls_ecdh_init(&ctx);
+ TEST_INVALID_PARAM(mbedtls_ecdh_init(NULL));
#if defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_INVALID_PARAM( mbedtls_ecdh_enable_restart( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_ecdh_enable_restart(NULL));
#endif /* MBEDTLS_ECP_RESTARTABLE */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_gen_public( NULL, &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_gen_public( &grp, NULL, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_gen_public( &grp, &m, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_gen_public( &grp, &m, &P,
- NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_gen_public(NULL, &m, &P,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_gen_public(&grp, NULL, &P,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_gen_public(&grp, &m, NULL,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_gen_public(&grp, &m, &P,
+ NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_compute_shared( NULL, &m, &P, &m,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_compute_shared( &grp, NULL, &P, &m,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_compute_shared( &grp, &m, NULL, &m,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_compute_shared( &grp, &m, &P, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_compute_shared(NULL, &m, &P, &m,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_compute_shared(&grp, NULL, &P, &m,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_compute_shared(&grp, &m, NULL, &m,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_compute_shared(&grp, &m, &P, NULL,
+ mbedtls_test_rnd_std_rand,
+ NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_setup( NULL, valid_grp ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_setup(NULL, valid_grp));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_params( NULL, &olen, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_make_params(NULL, &olen, buf, buflen,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_params( &ctx, NULL, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_make_params(&ctx, NULL, buf, buflen,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_params( &ctx, &olen, NULL, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_make_params(&ctx, &olen, NULL, buflen,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_params( &ctx, &olen, buf, buflen, NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_make_params(&ctx, &olen, buf, buflen, NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_params( NULL,
- (const unsigned char**) &buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_params( &ctx, &buf_null,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_params( &ctx, NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_params( &ctx,
- (const unsigned char**) &buf,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_read_params(NULL,
+ (const unsigned char **) &buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_read_params(&ctx, &buf_null,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_read_params(&ctx, NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_read_params(&ctx,
+ (const unsigned char **) &buf,
+ NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_get_params( NULL, &kp,
- MBEDTLS_ECDH_OURS ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_get_params( &ctx, NULL,
- MBEDTLS_ECDH_OURS ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_get_params( &ctx, &kp,
- invalid_side ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_get_params(NULL, &kp,
+ MBEDTLS_ECDH_OURS));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_get_params(&ctx, NULL,
+ MBEDTLS_ECDH_OURS));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_get_params(&ctx, &kp,
+ invalid_side));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_public( NULL, &olen, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_make_public(NULL, &olen, buf, buflen,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_public( &ctx, NULL, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_make_public(&ctx, NULL, buf, buflen,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_public( &ctx, &olen, NULL, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_make_public(&ctx, &olen, NULL, buflen,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_public( &ctx, &olen, buf, buflen, NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_make_public(&ctx, &olen, buf, buflen, NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_public( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_public( &ctx, NULL, buflen ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_read_public(NULL, buf, buflen));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_read_public(&ctx, NULL, buflen));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_calc_secret(NULL, &olen, buf, buflen,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_calc_secret(&ctx, NULL, buf, buflen,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_calc_secret(&ctx, &olen, NULL, buflen,
+ mbedtls_test_rnd_std_rand, NULL));
exit:
return;
@@ -186,59 +186,59 @@
/* END_CASE */
/* BEGIN_CASE */
-void ecdh_primitive_random( int id )
+void ecdh_primitive_random(int id)
{
mbedtls_ecp_group grp;
mbedtls_ecp_point qA, qB;
mbedtls_mpi dA, dB, zA, zB;
mbedtls_test_rnd_pseudo_info rnd_info;
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB );
- mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &dB );
- mbedtls_mpi_init( &zA ); mbedtls_mpi_init( &zB );
- memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point_init(&qA); mbedtls_ecp_point_init(&qB);
+ mbedtls_mpi_init(&dA); mbedtls_mpi_init(&dB);
+ mbedtls_mpi_init(&zA); mbedtls_mpi_init(&zB);
+ memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
- TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB,
- NULL, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dA, &qA,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dB, &qB,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zA, &qB, &dA,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zB, &qA, &dB,
+ NULL, NULL) == 0);
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &zB ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&zA, &zB) == 0);
exit:
- mbedtls_ecp_group_free( &grp );
- mbedtls_ecp_point_free( &qA ); mbedtls_ecp_point_free( &qB );
- mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &dB );
- mbedtls_mpi_free( &zA ); mbedtls_mpi_free( &zB );
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&qA); mbedtls_ecp_point_free(&qB);
+ mbedtls_mpi_free(&dA); mbedtls_mpi_free(&dB);
+ mbedtls_mpi_free(&zA); mbedtls_mpi_free(&zB);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str,
- char * yA_str, data_t * rnd_buf_B,
- char * xB_str, char * yB_str, char * z_str )
+void ecdh_primitive_testvec(int id, data_t *rnd_buf_A, char *xA_str,
+ char *yA_str, data_t *rnd_buf_B,
+ char *xB_str, char *yB_str, char *z_str)
{
mbedtls_ecp_group grp;
mbedtls_ecp_point qA, qB;
mbedtls_mpi dA, dB, zA, zB, check;
mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B;
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB );
- mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &dB );
- mbedtls_mpi_init( &zA ); mbedtls_mpi_init( &zB ); mbedtls_mpi_init( &check );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point_init(&qA); mbedtls_ecp_point_init(&qB);
+ mbedtls_mpi_init(&dA); mbedtls_mpi_init(&dB);
+ mbedtls_mpi_init(&zA); mbedtls_mpi_init(&zB); mbedtls_mpi_init(&check);
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
rnd_info_A.buf = rnd_buf_A->x;
rnd_info_A.length = rnd_buf_A->len;
@@ -246,14 +246,14 @@
rnd_info_A.fallback_p_rng = NULL;
/* Fix rnd_buf_A->x by shifting it left if necessary */
- if( grp.nbits % 8 != 0 )
- {
- unsigned char shift = 8 - ( grp.nbits % 8 );
+ if (grp.nbits % 8 != 0) {
+ unsigned char shift = 8 - (grp.nbits % 8);
size_t i;
- for( i = 0; i < rnd_info_A.length - 1; i++ )
+ for (i = 0; i < rnd_info_A.length - 1; i++) {
rnd_buf_A->x[i] = rnd_buf_A->x[i] << shift
- | rnd_buf_A->x[i+1] >> ( 8 - shift );
+ | rnd_buf_A->x[i+1] >> (8 - shift);
+ }
rnd_buf_A->x[rnd_info_A.length-1] <<= shift;
}
@@ -264,52 +264,52 @@
rnd_info_B.fallback_p_rng = NULL;
/* Fix rnd_buf_B->x by shifting it left if necessary */
- if( grp.nbits % 8 != 0 )
- {
- unsigned char shift = 8 - ( grp.nbits % 8 );
+ if (grp.nbits % 8 != 0) {
+ unsigned char shift = 8 - (grp.nbits % 8);
size_t i;
- for( i = 0; i < rnd_info_B.length - 1; i++ )
+ for (i = 0; i < rnd_info_B.length - 1; i++) {
rnd_buf_B->x[i] = rnd_buf_B->x[i] << shift
- | rnd_buf_B->x[i+1] >> ( 8 - shift );
+ | rnd_buf_B->x[i+1] >> (8 - shift);
+ }
rnd_buf_B->x[rnd_info_B.length-1] <<= shift;
}
- TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA,
- mbedtls_test_rnd_buffer_rand,
- &rnd_info_A ) == 0 );
- TEST_ASSERT( ! mbedtls_ecp_is_zero( &qA ) );
- TEST_ASSERT( mbedtls_test_read_mpi( &check, xA_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.X, &check ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &check, yA_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.Y, &check ) == 0 );
+ TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dA, &qA,
+ mbedtls_test_rnd_buffer_rand,
+ &rnd_info_A) == 0);
+ TEST_ASSERT(!mbedtls_ecp_is_zero(&qA));
+ TEST_ASSERT(mbedtls_test_read_mpi(&check, xA_str) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qA.X, &check) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&check, yA_str) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qA.Y, &check) == 0);
- TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB,
- mbedtls_test_rnd_buffer_rand,
- &rnd_info_B ) == 0 );
- TEST_ASSERT( ! mbedtls_ecp_is_zero( &qB ) );
- TEST_ASSERT( mbedtls_test_read_mpi( &check, xB_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.X, &check ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &check, yB_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.Y, &check ) == 0 );
+ TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dB, &qB,
+ mbedtls_test_rnd_buffer_rand,
+ &rnd_info_B) == 0);
+ TEST_ASSERT(!mbedtls_ecp_is_zero(&qB));
+ TEST_ASSERT(mbedtls_test_read_mpi(&check, xB_str) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qB.X, &check) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&check, yB_str) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qB.Y, &check) == 0);
- TEST_ASSERT( mbedtls_test_read_mpi( &check, z_str ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA, NULL, NULL ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &check ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, NULL, NULL ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zB, &check ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&check, z_str) == 0);
+ TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zA, &qB, &dA, NULL, NULL) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&zA, &check) == 0);
+ TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zB, &qA, &dB, NULL, NULL) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&zB, &check) == 0);
exit:
- mbedtls_ecp_group_free( &grp );
- mbedtls_ecp_point_free( &qA ); mbedtls_ecp_point_free( &qB );
- mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &dB );
- mbedtls_mpi_free( &zA ); mbedtls_mpi_free( &zB ); mbedtls_mpi_free( &check );
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&qA); mbedtls_ecp_point_free(&qB);
+ mbedtls_mpi_free(&dA); mbedtls_mpi_free(&dB);
+ mbedtls_mpi_free(&zA); mbedtls_mpi_free(&zB); mbedtls_mpi_free(&check);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecdh_exchange( int id )
+void ecdh_exchange(int id)
{
mbedtls_ecdh_context srv, cli;
unsigned char buf[1000];
@@ -319,41 +319,41 @@
unsigned char res_buf[1000];
size_t res_len;
- mbedtls_ecdh_init( &srv );
- mbedtls_ecdh_init( &cli );
- memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ mbedtls_ecdh_init(&srv);
+ mbedtls_ecdh_init(&cli);
+ memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
- TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecdh_setup(&srv, id) == 0);
- memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
- TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
+ memset(buf, 0x00, sizeof(buf)); vbuf = buf;
+ TEST_ASSERT(mbedtls_ecdh_make_params(&srv, &len, buf, 1000,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_ecdh_read_params(&cli, &vbuf, buf + len) == 0);
- memset( buf, 0x00, sizeof( buf ) );
- TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
+ memset(buf, 0x00, sizeof(buf));
+ TEST_ASSERT(mbedtls_ecdh_make_public(&cli, &len, buf, 1000,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_ecdh_read_public(&srv, buf, len) == 0);
- TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &res_len, res_buf, 1000,
- NULL, NULL ) == 0 );
- TEST_ASSERT( len == res_len );
- TEST_ASSERT( memcmp( buf, res_buf, len ) == 0 );
+ TEST_ASSERT(mbedtls_ecdh_calc_secret(&srv, &len, buf, 1000,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_ecdh_calc_secret(&cli, &res_len, res_buf, 1000,
+ NULL, NULL) == 0);
+ TEST_ASSERT(len == res_len);
+ TEST_ASSERT(memcmp(buf, res_buf, len) == 0);
exit:
- mbedtls_ecdh_free( &srv );
- mbedtls_ecdh_free( &cli );
+ mbedtls_ecdh_free(&srv);
+ mbedtls_ecdh_free(&cli);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
-void ecdh_restart( int id, data_t *dA, data_t *dB, data_t *z,
- int enable, int max_ops, int min_restart, int max_restart )
+void ecdh_restart(int id, data_t *dA, data_t *dB, data_t *z,
+ int enable, int max_ops, int min_restart, int max_restart)
{
int ret;
mbedtls_ecdh_context srv, cli;
@@ -364,9 +364,9 @@
int cnt_restart;
mbedtls_ecp_group grp;
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecdh_init( &srv );
- mbedtls_ecdh_init( &cli );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecdh_init(&srv);
+ mbedtls_ecdh_init(&cli);
rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand;
rnd_info_A.fallback_p_rng = NULL;
@@ -380,103 +380,102 @@
/* The ECDH context is not guaranteed to have an mbedtls_ecp_group structure
* in every configuration, therefore we load it separately. */
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
/* Otherwise we would have to fix the random buffer,
* as in ecdh_primitive_testvec. */
- TEST_ASSERT( grp.nbits % 8 == 0 );
+ TEST_ASSERT(grp.nbits % 8 == 0);
- TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecdh_setup(&srv, id) == 0);
/* set up restart parameters */
- mbedtls_ecp_set_max_ops( max_ops );
+ mbedtls_ecp_set_max_ops(max_ops);
- if( enable )
- {
- mbedtls_ecdh_enable_restart( &srv );
- mbedtls_ecdh_enable_restart( &cli );
+ if (enable) {
+ mbedtls_ecdh_enable_restart(&srv);
+ mbedtls_ecdh_enable_restart(&cli);
}
/* server writes its parameters */
- memset( buf, 0x00, sizeof( buf ) );
+ memset(buf, 0x00, sizeof(buf));
len = 0;
cnt_restart = 0;
do {
- ret = mbedtls_ecdh_make_params( &srv, &len, buf, sizeof( buf ),
- mbedtls_test_rnd_buffer_rand,
- &rnd_info_A );
- } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+ ret = mbedtls_ecdh_make_params(&srv, &len, buf, sizeof(buf),
+ mbedtls_test_rnd_buffer_rand,
+ &rnd_info_A);
+ } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( cnt_restart >= min_restart );
- TEST_ASSERT( cnt_restart <= max_restart );
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(cnt_restart >= min_restart);
+ TEST_ASSERT(cnt_restart <= max_restart);
/* client read server params */
vbuf = buf;
- TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
+ TEST_ASSERT(mbedtls_ecdh_read_params(&cli, &vbuf, buf + len) == 0);
/* client writes its key share */
- memset( buf, 0x00, sizeof( buf ) );
+ memset(buf, 0x00, sizeof(buf));
len = 0;
cnt_restart = 0;
do {
- ret = mbedtls_ecdh_make_public( &cli, &len, buf, sizeof( buf ),
- mbedtls_test_rnd_buffer_rand,
- &rnd_info_B );
- } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+ ret = mbedtls_ecdh_make_public(&cli, &len, buf, sizeof(buf),
+ mbedtls_test_rnd_buffer_rand,
+ &rnd_info_B);
+ } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( cnt_restart >= min_restart );
- TEST_ASSERT( cnt_restart <= max_restart );
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(cnt_restart >= min_restart);
+ TEST_ASSERT(cnt_restart <= max_restart);
/* server reads client key share */
- TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
+ TEST_ASSERT(mbedtls_ecdh_read_public(&srv, buf, len) == 0);
/* server computes shared secret */
- memset( buf, 0, sizeof( buf ) );
+ memset(buf, 0, sizeof(buf));
len = 0;
cnt_restart = 0;
do {
- ret = mbedtls_ecdh_calc_secret( &srv, &len, buf, sizeof( buf ),
- NULL, NULL );
- } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+ ret = mbedtls_ecdh_calc_secret(&srv, &len, buf, sizeof(buf),
+ NULL, NULL);
+ } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( cnt_restart >= min_restart );
- TEST_ASSERT( cnt_restart <= max_restart );
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(cnt_restart >= min_restart);
+ TEST_ASSERT(cnt_restart <= max_restart);
- TEST_ASSERT( len == z->len );
- TEST_ASSERT( memcmp( buf, z->x, len ) == 0 );
+ TEST_ASSERT(len == z->len);
+ TEST_ASSERT(memcmp(buf, z->x, len) == 0);
/* client computes shared secret */
- memset( buf, 0, sizeof( buf ) );
+ memset(buf, 0, sizeof(buf));
len = 0;
cnt_restart = 0;
do {
- ret = mbedtls_ecdh_calc_secret( &cli, &len, buf, sizeof( buf ),
- NULL, NULL );
- } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+ ret = mbedtls_ecdh_calc_secret(&cli, &len, buf, sizeof(buf),
+ NULL, NULL);
+ } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( cnt_restart >= min_restart );
- TEST_ASSERT( cnt_restart <= max_restart );
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(cnt_restart >= min_restart);
+ TEST_ASSERT(cnt_restart <= max_restart);
- TEST_ASSERT( len == z->len );
- TEST_ASSERT( memcmp( buf, z->x, len ) == 0 );
+ TEST_ASSERT(len == z->len);
+ TEST_ASSERT(memcmp(buf, z->x, len) == 0);
exit:
- mbedtls_ecp_group_free( &grp );
- mbedtls_ecdh_free( &srv );
- mbedtls_ecdh_free( &cli );
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecdh_free(&srv);
+ mbedtls_ecdh_free(&cli);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECDH_LEGACY_CONTEXT */
-void ecdh_exchange_legacy( int id )
+void ecdh_exchange_legacy(int id)
{
mbedtls_ecdh_context srv, cli;
unsigned char buf[1000];
@@ -485,43 +484,43 @@
mbedtls_test_rnd_pseudo_info rnd_info;
- mbedtls_ecdh_init( &srv );
- mbedtls_ecdh_init( &cli );
- memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ mbedtls_ecdh_init(&srv);
+ mbedtls_ecdh_init(&cli);
+ memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
- TEST_ASSERT( mbedtls_ecp_group_load( &srv.grp, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&srv.grp, id) == 0);
- memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
- TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
+ memset(buf, 0x00, sizeof(buf)); vbuf = buf;
+ TEST_ASSERT(mbedtls_ecdh_make_params(&srv, &len, buf, 1000,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_ecdh_read_params(&cli, &vbuf, buf + len) == 0);
- memset( buf, 0x00, sizeof( buf ) );
- TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
+ memset(buf, 0x00, sizeof(buf));
+ TEST_ASSERT(mbedtls_ecdh_make_public(&cli, &len, buf, 1000,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_ecdh_read_public(&srv, buf, len) == 0);
- TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &len, buf, 1000, NULL,
- NULL ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &srv.z, &cli.z ) == 0 );
+ TEST_ASSERT(mbedtls_ecdh_calc_secret(&srv, &len, buf, 1000,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_ecdh_calc_secret(&cli, &len, buf, 1000, NULL,
+ NULL) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&srv.z, &cli.z) == 0);
exit:
- mbedtls_ecdh_free( &srv );
- mbedtls_ecdh_free( &cli );
+ mbedtls_ecdh_free(&srv);
+ mbedtls_ecdh_free(&cli);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecdh_exchange_calc_secret( int grp_id,
- data_t *our_private_key,
- data_t *their_point,
- int ours_first,
- data_t *expected )
+void ecdh_exchange_calc_secret(int grp_id,
+ data_t *our_private_key,
+ data_t *their_point,
+ int ours_first,
+ data_t *expected)
{
mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_ecp_keypair our_key;
@@ -530,92 +529,90 @@
unsigned char shared_secret[MBEDTLS_ECP_MAX_BYTES];
size_t shared_secret_length = 0;
- memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
- mbedtls_ecdh_init( &ecdh );
- mbedtls_ecp_keypair_init( &our_key );
- mbedtls_ecp_keypair_init( &their_key );
+ memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
+ mbedtls_ecdh_init(&ecdh);
+ mbedtls_ecp_keypair_init(&our_key);
+ mbedtls_ecp_keypair_init(&their_key);
- if( ! load_private_key( grp_id, our_private_key, &our_key, &rnd_info ) )
+ if (!load_private_key(grp_id, our_private_key, &our_key, &rnd_info)) {
goto exit;
- if( ! load_public_key( grp_id, their_point, &their_key ) )
+ }
+ if (!load_public_key(grp_id, their_point, &their_key)) {
goto exit;
+ }
/* Import the keys to the ECDH calculation. */
- if( ours_first )
- {
- TEST_ASSERT( mbedtls_ecdh_get_params(
- &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_get_params(
- &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
- }
- else
- {
- TEST_ASSERT( mbedtls_ecdh_get_params(
- &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_get_params(
- &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
+ if (ours_first) {
+ TEST_ASSERT(mbedtls_ecdh_get_params(
+ &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 0);
+ TEST_ASSERT(mbedtls_ecdh_get_params(
+ &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 0);
+ } else {
+ TEST_ASSERT(mbedtls_ecdh_get_params(
+ &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 0);
+ TEST_ASSERT(mbedtls_ecdh_get_params(
+ &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 0);
}
/* Perform the ECDH calculation. */
- TEST_ASSERT( mbedtls_ecdh_calc_secret(
- &ecdh,
- &shared_secret_length,
- shared_secret, sizeof( shared_secret ),
- &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
- TEST_ASSERT( shared_secret_length == expected->len );
- TEST_ASSERT( memcmp( expected->x, shared_secret,
- shared_secret_length ) == 0 );
+ TEST_ASSERT(mbedtls_ecdh_calc_secret(
+ &ecdh,
+ &shared_secret_length,
+ shared_secret, sizeof(shared_secret),
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0);
+ TEST_ASSERT(shared_secret_length == expected->len);
+ TEST_ASSERT(memcmp(expected->x, shared_secret,
+ shared_secret_length) == 0);
exit:
- mbedtls_ecdh_free( &ecdh );
- mbedtls_ecp_keypair_free( &our_key );
- mbedtls_ecp_keypair_free( &their_key );
+ mbedtls_ecdh_free(&ecdh);
+ mbedtls_ecp_keypair_free(&our_key);
+ mbedtls_ecp_keypair_free(&their_key);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecdh_exchange_get_params_fail( int our_grp_id,
- data_t *our_private_key,
- int their_grp_id,
- data_t *their_point,
- int ours_first,
- int expected_ret )
+void ecdh_exchange_get_params_fail(int our_grp_id,
+ data_t *our_private_key,
+ int their_grp_id,
+ data_t *their_point,
+ int ours_first,
+ int expected_ret)
{
mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_ecp_keypair our_key;
mbedtls_ecp_keypair their_key;
mbedtls_ecdh_context ecdh;
- memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
- mbedtls_ecdh_init( &ecdh );
- mbedtls_ecp_keypair_init( &our_key );
- mbedtls_ecp_keypair_init( &their_key );
+ memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
+ mbedtls_ecdh_init(&ecdh);
+ mbedtls_ecp_keypair_init(&our_key);
+ mbedtls_ecp_keypair_init(&their_key);
- if( ! load_private_key( our_grp_id, our_private_key, &our_key, &rnd_info ) )
+ if (!load_private_key(our_grp_id, our_private_key, &our_key, &rnd_info)) {
goto exit;
- if( ! load_public_key( their_grp_id, their_point, &their_key ) )
- goto exit;
-
- if( ours_first )
- {
- TEST_ASSERT( mbedtls_ecdh_get_params(
- &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_get_params(
- &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) ==
- expected_ret );
}
- else
- {
- TEST_ASSERT( mbedtls_ecdh_get_params(
- &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_get_params(
- &ecdh, &our_key, MBEDTLS_ECDH_OURS ) ==
- expected_ret );
+ if (!load_public_key(their_grp_id, their_point, &their_key)) {
+ goto exit;
+ }
+
+ if (ours_first) {
+ TEST_ASSERT(mbedtls_ecdh_get_params(
+ &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 0);
+ TEST_ASSERT(mbedtls_ecdh_get_params(
+ &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) ==
+ expected_ret);
+ } else {
+ TEST_ASSERT(mbedtls_ecdh_get_params(
+ &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 0);
+ TEST_ASSERT(mbedtls_ecdh_get_params(
+ &ecdh, &our_key, MBEDTLS_ECDH_OURS) ==
+ expected_ret);
}
exit:
- mbedtls_ecdh_free( &ecdh );
- mbedtls_ecp_keypair_free( &our_key );
- mbedtls_ecp_keypair_free( &their_key );
+ mbedtls_ecdh_free(&ecdh);
+ mbedtls_ecp_keypair_free(&our_key);
+ mbedtls_ecp_keypair_free(&their_key);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 1ca7c39..470495d 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -8,7 +8,7 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void ecdsa_invalid_param( )
+void ecdsa_invalid_param()
{
mbedtls_ecdsa_context ctx;
mbedtls_ecp_keypair key;
@@ -20,204 +20,204 @@
size_t slen;
unsigned char buf[42] = { 0 };
- mbedtls_ecdsa_init( &ctx );
- mbedtls_ecp_keypair_init( &key );
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecp_point_init( &P );
- mbedtls_mpi_init( &m );
+ mbedtls_ecdsa_init(&ctx);
+ mbedtls_ecp_keypair_init(&key);
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point_init(&P);
+ mbedtls_mpi_init(&m);
- TEST_INVALID_PARAM( mbedtls_ecdsa_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_ecdsa_free( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_ecdsa_init(NULL));
+ TEST_VALID_PARAM(mbedtls_ecdsa_free(NULL));
#if defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_INVALID_PARAM( mbedtls_ecdsa_restart_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_ecdsa_restart_free( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_ecdsa_restart_init(NULL));
+ TEST_VALID_PARAM(mbedtls_ecdsa_restart_free(NULL));
#endif /* MBEDTLS_ECP_RESTARTABLE */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( NULL, &m, &m, &m,
- buf, sizeof( buf ),
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( &grp, NULL, &m, &m,
- buf, sizeof( buf ),
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( &grp, &m, NULL, &m,
- buf, sizeof( buf ),
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( &grp, &m, &m, NULL,
- buf, sizeof( buf ),
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( &grp, &m, &m, &m,
- NULL, sizeof( buf ),
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( &grp, &m, &m, &m,
- buf, sizeof( buf ),
- NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign(NULL, &m, &m, &m,
+ buf, sizeof(buf),
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign(&grp, NULL, &m, &m,
+ buf, sizeof(buf),
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign(&grp, &m, NULL, &m,
+ buf, sizeof(buf),
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign(&grp, &m, &m, NULL,
+ buf, sizeof(buf),
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign(&grp, &m, &m, &m,
+ NULL, sizeof(buf),
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign(&grp, &m, &m, &m,
+ buf, sizeof(buf),
+ NULL, NULL));
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign_det_ext( NULL, &m, &m, &m,
- buf, sizeof( buf ),
- valid_md,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign_det_ext( &grp, NULL, &m, &m,
- buf, sizeof( buf ),
- valid_md,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign_det_ext( &grp, &m, NULL, &m,
- buf, sizeof( buf ),
- valid_md,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, NULL,
- buf, sizeof( buf ),
- valid_md,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, &m,
- NULL, sizeof( buf ),
- valid_md,
- mbedtls_test_rnd_std_rand,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign_det_ext(NULL, &m, &m, &m,
+ buf, sizeof(buf),
+ valid_md,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign_det_ext(&grp, NULL, &m, &m,
+ buf, sizeof(buf),
+ valid_md,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign_det_ext(&grp, &m, NULL, &m,
+ buf, sizeof(buf),
+ valid_md,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign_det_ext(&grp, &m, &m, NULL,
+ buf, sizeof(buf),
+ valid_md,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign_det_ext(&grp, &m, &m, &m,
+ NULL, sizeof(buf),
+ valid_md,
+ mbedtls_test_rnd_std_rand,
+ NULL));
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_verify( NULL,
- buf, sizeof( buf ),
- &P, &m, &m ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_verify( &grp,
- NULL, sizeof( buf ),
- &P, &m, &m ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_verify( &grp,
- buf, sizeof( buf ),
- NULL, &m, &m ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_verify( &grp,
- buf, sizeof( buf ),
- &P, NULL, &m ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_verify( &grp,
- buf, sizeof( buf ),
- &P, &m, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_verify(NULL,
+ buf, sizeof(buf),
+ &P, &m, &m));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_verify(&grp,
+ NULL, sizeof(buf),
+ &P, &m, &m));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_verify(&grp,
+ buf, sizeof(buf),
+ NULL, &m, &m));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_verify(&grp,
+ buf, sizeof(buf),
+ &P, NULL, &m));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_verify(&grp,
+ buf, sizeof(buf),
+ &P, &m, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature( NULL, valid_md, buf, sizeof( buf ),
- buf, &slen, mbedtls_test_rnd_std_rand,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature(NULL, valid_md, buf, sizeof(buf),
+ buf, &slen, mbedtls_test_rnd_std_rand,
+ NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature( &ctx, valid_md, NULL, sizeof( buf ),
- buf, &slen, mbedtls_test_rnd_std_rand,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature(&ctx, valid_md, NULL, sizeof(buf),
+ buf, &slen, mbedtls_test_rnd_std_rand,
+ NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ),
- NULL, &slen, mbedtls_test_rnd_std_rand,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature(&ctx, valid_md, buf, sizeof(buf),
+ NULL, &slen, mbedtls_test_rnd_std_rand,
+ NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ),
- buf, NULL, mbedtls_test_rnd_std_rand,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature(&ctx, valid_md, buf, sizeof(buf),
+ buf, NULL, mbedtls_test_rnd_std_rand,
+ NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature_restartable( NULL, valid_md, buf,
- sizeof( buf ), buf, &slen,
- mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature_restartable(NULL, valid_md, buf,
+ sizeof(buf), buf, &slen,
+ mbedtls_test_rnd_std_rand,
+ NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, NULL,
- sizeof( buf ), buf, &slen,
- mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature_restartable(&ctx, valid_md, NULL,
+ sizeof(buf), buf, &slen,
+ mbedtls_test_rnd_std_rand,
+ NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf,
- sizeof( buf ), NULL, &slen,
- mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature_restartable(&ctx, valid_md, buf,
+ sizeof(buf), NULL, &slen,
+ mbedtls_test_rnd_std_rand,
+ NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf,
- sizeof( buf ), buf, NULL,
- mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature_restartable(&ctx, valid_md, buf,
+ sizeof(buf), buf, NULL,
+ mbedtls_test_rnd_std_rand,
+ NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature( NULL,
- buf, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature( &ctx,
- NULL, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature( &ctx,
- buf, sizeof( buf ),
- NULL, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_read_signature(NULL,
+ buf, sizeof(buf),
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_read_signature(&ctx,
+ NULL, sizeof(buf),
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_read_signature(&ctx,
+ buf, sizeof(buf),
+ NULL, sizeof(buf)));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature_restartable( NULL,
- buf, sizeof( buf ),
- buf, sizeof( buf ),
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature_restartable( &ctx,
- NULL, sizeof( buf ),
- buf, sizeof( buf ),
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature_restartable( &ctx,
- buf, sizeof( buf ),
- NULL, sizeof( buf ),
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_read_signature_restartable(NULL,
+ buf, sizeof(buf),
+ buf, sizeof(buf),
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_read_signature_restartable(&ctx,
+ NULL, sizeof(buf),
+ buf, sizeof(buf),
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_read_signature_restartable(&ctx,
+ buf, sizeof(buf),
+ NULL, sizeof(buf),
+ NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_genkey( NULL, valid_group,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_genkey( &ctx, valid_group,
- NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_genkey(NULL, valid_group,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_genkey(&ctx, valid_group,
+ NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_from_keypair( NULL, &key ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_from_keypair( &ctx, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_from_keypair(NULL, &key));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_from_keypair(&ctx, NULL));
exit:
- mbedtls_ecdsa_free( &ctx );
- mbedtls_ecp_keypair_free( &key );
- mbedtls_ecp_group_free( &grp );
- mbedtls_ecp_point_free( &P );
- mbedtls_mpi_free( &m );
+ mbedtls_ecdsa_free(&ctx);
+ mbedtls_ecp_keypair_free(&key);
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&P);
+ mbedtls_mpi_free(&m);
return;
}
/* END_CASE */
/* BEGIN_CASE */
-void ecdsa_prim_zero( int id )
+void ecdsa_prim_zero(int id)
{
mbedtls_ecp_group grp;
mbedtls_ecp_point Q;
@@ -225,31 +225,31 @@
mbedtls_test_rnd_pseudo_info rnd_info;
unsigned char buf[MBEDTLS_MD_MAX_SIZE];
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecp_point_init( &Q );
- mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
- memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
- memset( buf, 0, sizeof( buf ) );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point_init(&Q);
+ mbedtls_mpi_init(&d); mbedtls_mpi_init(&r); mbedtls_mpi_init(&s);
+ memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
+ memset(buf, 0, sizeof(buf));
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
+ TEST_ASSERT(mbedtls_ecp_gen_keypair(&grp, &d, &Q,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
- TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
+ TEST_ASSERT(mbedtls_ecdsa_sign(&grp, &r, &s, &d, buf, sizeof(buf),
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_ecdsa_verify(&grp, buf, sizeof(buf), &Q, &r, &s) == 0);
exit:
- mbedtls_ecp_group_free( &grp );
- mbedtls_ecp_point_free( &Q );
- mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&Q);
+ mbedtls_mpi_free(&d); mbedtls_mpi_free(&r); mbedtls_mpi_free(&s);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecdsa_prim_random( int id )
+void ecdsa_prim_random(int id)
{
mbedtls_ecp_group grp;
mbedtls_ecp_point Q;
@@ -257,152 +257,151 @@
mbedtls_test_rnd_pseudo_info rnd_info;
unsigned char buf[MBEDTLS_MD_MAX_SIZE];
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecp_point_init( &Q );
- mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
- memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
- memset( buf, 0, sizeof( buf ) );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point_init(&Q);
+ mbedtls_mpi_init(&d); mbedtls_mpi_init(&r); mbedtls_mpi_init(&s);
+ memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
+ memset(buf, 0, sizeof(buf));
/* prepare material for signature */
- TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
- buf, sizeof( buf ) ) == 0 );
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
+ TEST_ASSERT(mbedtls_test_rnd_pseudo_rand(&rnd_info,
+ buf, sizeof(buf)) == 0);
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
+ TEST_ASSERT(mbedtls_ecp_gen_keypair(&grp, &d, &Q,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
- TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
+ TEST_ASSERT(mbedtls_ecdsa_sign(&grp, &r, &s, &d, buf, sizeof(buf),
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_ecdsa_verify(&grp, buf, sizeof(buf), &Q, &r, &s) == 0);
exit:
- mbedtls_ecp_group_free( &grp );
- mbedtls_ecp_point_free( &Q );
- mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&Q);
+ mbedtls_mpi_free(&d); mbedtls_mpi_free(&r); mbedtls_mpi_free(&s);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str,
- char * yQ_str, data_t * rnd_buf,
- data_t * hash, char * r_str, char * s_str,
- int result )
+void ecdsa_prim_test_vectors(int id, char *d_str, char *xQ_str,
+ char *yQ_str, data_t *rnd_buf,
+ data_t *hash, char *r_str, char *s_str,
+ int result)
{
mbedtls_ecp_group grp;
mbedtls_ecp_point Q;
mbedtls_mpi d, r, s, r_check, s_check, zero;
mbedtls_test_rnd_buf_info rnd_info;
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecp_point_init( &Q );
- mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
- mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
- mbedtls_mpi_init( &zero );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point_init(&Q);
+ mbedtls_mpi_init(&d); mbedtls_mpi_init(&r); mbedtls_mpi_init(&s);
+ mbedtls_mpi_init(&r_check); mbedtls_mpi_init(&s_check);
+ mbedtls_mpi_init(&zero);
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &d, d_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &r_check, r_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &s_check, s_str ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
+ TEST_ASSERT(mbedtls_ecp_point_read_string(&Q, 16, xQ_str, yQ_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&d, d_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&r_check, r_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&s_check, s_str) == 0);
rnd_info.fallback_f_rng = mbedtls_test_rnd_std_rand;
rnd_info.fallback_p_rng = NULL;
rnd_info.buf = rnd_buf->x;
rnd_info.length = rnd_buf->len;
/* Fix rnd_buf->x by shifting it left if necessary */
- if( grp.nbits % 8 != 0 )
- {
- unsigned char shift = 8 - ( grp.nbits % 8 );
+ if (grp.nbits % 8 != 0) {
+ unsigned char shift = 8 - (grp.nbits % 8);
size_t i;
- for( i = 0; i < rnd_info.length - 1; i++ )
- rnd_buf->x[i] = rnd_buf->x[i] << shift | rnd_buf->x[i+1] >> ( 8 - shift );
+ for (i = 0; i < rnd_info.length - 1; i++) {
+ rnd_buf->x[i] = rnd_buf->x[i] << shift | rnd_buf->x[i+1] >> (8 - shift);
+ }
rnd_buf->x[rnd_info.length-1] <<= shift;
}
- TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash->x, hash->len,
- mbedtls_test_rnd_buffer_rand, &rnd_info ) == result );
+ TEST_ASSERT(mbedtls_ecdsa_sign(&grp, &r, &s, &d, hash->x, hash->len,
+ mbedtls_test_rnd_buffer_rand, &rnd_info) == result);
- if ( result == 0)
- {
+ if (result == 0) {
/* Check we generated the expected values */
- TEST_EQUAL( mbedtls_mpi_cmp_mpi( &r, &r_check ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_mpi( &s, &s_check ), 0 );
+ TEST_EQUAL(mbedtls_mpi_cmp_mpi(&r, &r_check), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_mpi(&s, &s_check), 0);
/* Valid signature */
- TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
- &Q, &r_check, &s_check ), 0 );
+ TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len,
+ &Q, &r_check, &s_check), 0);
/* Invalid signature: wrong public key (G instead of Q) */
- TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
- &grp.G, &r_check, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len,
+ &grp.G, &r_check, &s_check), MBEDTLS_ERR_ECP_VERIFY_FAILED);
/* Invalid signatures: r or s or both one off */
- TEST_EQUAL( mbedtls_mpi_sub_int( &r, &r_check, 1 ), 0 );
- TEST_EQUAL( mbedtls_mpi_add_int( &s, &s_check, 1 ), 0 );
+ TEST_EQUAL(mbedtls_mpi_sub_int(&r, &r_check, 1), 0);
+ TEST_EQUAL(mbedtls_mpi_add_int(&s, &s_check, 1), 0);
- TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
- &r, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
- TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
- &r_check, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
- TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
- &r, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
+ &r, &s_check), MBEDTLS_ERR_ECP_VERIFY_FAILED);
+ TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
+ &r_check, &s), MBEDTLS_ERR_ECP_VERIFY_FAILED);
+ TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
+ &r, &s), MBEDTLS_ERR_ECP_VERIFY_FAILED);
/* Invalid signatures: r, s or both (CVE-2022-21449) are zero */
- TEST_EQUAL( mbedtls_mpi_lset( &zero, 0 ), 0 );
+ TEST_EQUAL(mbedtls_mpi_lset(&zero, 0), 0);
- TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
- &zero, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
- TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
- &r_check, &zero ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
- TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
- &zero, &zero ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
+ &zero, &s_check), MBEDTLS_ERR_ECP_VERIFY_FAILED);
+ TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
+ &r_check, &zero), MBEDTLS_ERR_ECP_VERIFY_FAILED);
+ TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
+ &zero, &zero), MBEDTLS_ERR_ECP_VERIFY_FAILED);
/* Invalid signatures: r, s or both are == N */
- TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
- &grp.N, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
- TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
- &r_check, &grp.N ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
- TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
- &grp.N, &grp.N ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
+ &grp.N, &s_check), MBEDTLS_ERR_ECP_VERIFY_FAILED);
+ TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
+ &r_check, &grp.N), MBEDTLS_ERR_ECP_VERIFY_FAILED);
+ TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
+ &grp.N, &grp.N), MBEDTLS_ERR_ECP_VERIFY_FAILED);
/* Invalid signatures: r, s or both are negative */
- TEST_EQUAL( mbedtls_mpi_sub_mpi( &r, &r_check, &grp.N ), 0 );
- TEST_EQUAL( mbedtls_mpi_sub_mpi( &s, &s_check, &grp.N ), 0 );
+ TEST_EQUAL(mbedtls_mpi_sub_mpi(&r, &r_check, &grp.N), 0);
+ TEST_EQUAL(mbedtls_mpi_sub_mpi(&s, &s_check, &grp.N), 0);
- TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
- &r, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
- TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
- &r_check, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
- TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
- &r, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
+ &r, &s_check), MBEDTLS_ERR_ECP_VERIFY_FAILED);
+ TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
+ &r_check, &s), MBEDTLS_ERR_ECP_VERIFY_FAILED);
+ TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
+ &r, &s), MBEDTLS_ERR_ECP_VERIFY_FAILED);
/* Invalid signatures: r or s or both are > N */
- TEST_EQUAL( mbedtls_mpi_add_mpi( &r, &r_check, &grp.N ), 0 );
- TEST_EQUAL( mbedtls_mpi_add_mpi( &s, &s_check, &grp.N ), 0 );
+ TEST_EQUAL(mbedtls_mpi_add_mpi(&r, &r_check, &grp.N), 0);
+ TEST_EQUAL(mbedtls_mpi_add_mpi(&s, &s_check, &grp.N), 0);
- TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
- &r, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
- TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
- &r_check, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
- TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
- &r, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
+ &r, &s_check), MBEDTLS_ERR_ECP_VERIFY_FAILED);
+ TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
+ &r_check, &s), MBEDTLS_ERR_ECP_VERIFY_FAILED);
+ TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
+ &r, &s), MBEDTLS_ERR_ECP_VERIFY_FAILED);
}
exit:
- mbedtls_ecp_group_free( &grp );
- mbedtls_ecp_point_free( &Q );
- mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
- mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
- mbedtls_mpi_free( &zero );
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&Q);
+ mbedtls_mpi_free(&d); mbedtls_mpi_free(&r); mbedtls_mpi_free(&s);
+ mbedtls_mpi_free(&r_check); mbedtls_mpi_free(&s_check);
+ mbedtls_mpi_free(&zero);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_DETERMINISTIC */
-void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg,
- char * r_str, char * s_str )
+void ecdsa_det_test_vectors(int id, char *d_str, int md_alg, char *msg,
+ char *r_str, char *s_str)
{
mbedtls_ecp_group grp;
mbedtls_mpi d, r, s, r_check, s_check;
@@ -410,40 +409,40 @@
size_t hlen;
const mbedtls_md_info_t *md_info;
- mbedtls_ecp_group_init( &grp );
- mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
- mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
- memset( hash, 0, sizeof( hash ) );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_mpi_init(&d); mbedtls_mpi_init(&r); mbedtls_mpi_init(&s);
+ mbedtls_mpi_init(&r_check); mbedtls_mpi_init(&s_check);
+ memset(hash, 0, sizeof(hash));
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &d, d_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &r_check, r_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &s_check, s_str ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&d, d_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&r_check, r_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&s_check, s_str) == 0);
- md_info = mbedtls_md_info_from_type( md_alg );
- TEST_ASSERT( md_info != NULL );
- hlen = mbedtls_md_get_size( md_info );
- TEST_ASSERT( mbedtls_md( md_info, (const unsigned char *) msg,
- strlen( msg ), hash ) == 0 );
+ md_info = mbedtls_md_info_from_type(md_alg);
+ TEST_ASSERT(md_info != NULL);
+ hlen = mbedtls_md_get_size(md_info);
+ TEST_ASSERT(mbedtls_md(md_info, (const unsigned char *) msg,
+ strlen(msg), hash) == 0);
TEST_ASSERT(
- mbedtls_ecdsa_sign_det_ext( &grp, &r, &s, &d, hash, hlen,
- md_alg, mbedtls_test_rnd_std_rand,
- NULL )
- == 0 );
+ mbedtls_ecdsa_sign_det_ext(&grp, &r, &s, &d, hash, hlen,
+ md_alg, mbedtls_test_rnd_std_rand,
+ NULL)
+ == 0);
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&r, &r_check) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&s, &s_check) == 0);
exit:
- mbedtls_ecp_group_free( &grp );
- mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
- mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_mpi_free(&d); mbedtls_mpi_free(&r); mbedtls_mpi_free(&s);
+ mbedtls_mpi_free(&r_check); mbedtls_mpi_free(&s_check);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void ecdsa_write_read_zero( int id )
+void ecdsa_write_read_zero(int id)
{
mbedtls_ecdsa_context ctx;
mbedtls_test_rnd_pseudo_info rnd_info;
@@ -451,59 +450,60 @@
unsigned char sig[200];
size_t sig_len, i;
- mbedtls_ecdsa_init( &ctx );
- memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
- memset( hash, 0, sizeof( hash ) );
- memset( sig, 0x2a, sizeof( sig ) );
+ mbedtls_ecdsa_init(&ctx);
+ memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
+ memset(hash, 0, sizeof(hash));
+ memset(sig, 0x2a, sizeof(sig));
/* generate signing key */
- TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
+ TEST_ASSERT(mbedtls_ecdsa_genkey(&ctx, id,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
/* generate and write signature, then read and verify it */
- TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
- hash, sizeof( hash ),
- sig, &sig_len, &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len ) == 0 );
+ TEST_ASSERT(mbedtls_ecdsa_write_signature(&ctx, MBEDTLS_MD_SHA256,
+ hash, sizeof(hash),
+ sig, &sig_len, &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
+ sig, sig_len) == 0);
/* check we didn't write past the announced length */
- for( i = sig_len; i < sizeof( sig ); i++ )
- TEST_ASSERT( sig[i] == 0x2a );
+ for (i = sig_len; i < sizeof(sig); i++) {
+ TEST_ASSERT(sig[i] == 0x2a);
+ }
/* try verification with invalid length */
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len - 1 ) != 0 );
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len + 1 ) != 0 );
+ TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
+ sig, sig_len - 1) != 0);
+ TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
+ sig, sig_len + 1) != 0);
/* try invalid sequence tag */
sig[0]++;
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len ) != 0 );
+ TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
+ sig, sig_len) != 0);
sig[0]--;
/* try modifying r */
sig[10]++;
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
+ sig, sig_len) == MBEDTLS_ERR_ECP_VERIFY_FAILED);
sig[10]--;
/* try modifying s */
sig[sig_len - 1]++;
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
+ sig, sig_len) == MBEDTLS_ERR_ECP_VERIFY_FAILED);
sig[sig_len - 1]--;
exit:
- mbedtls_ecdsa_free( &ctx );
+ mbedtls_ecdsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void ecdsa_write_read_random( int id )
+void ecdsa_write_read_random(int id)
{
mbedtls_ecdsa_context ctx;
mbedtls_test_rnd_pseudo_info rnd_info;
@@ -511,127 +511,131 @@
unsigned char sig[200];
size_t sig_len, i;
- mbedtls_ecdsa_init( &ctx );
- memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
- memset( hash, 0, sizeof( hash ) );
- memset( sig, 0x2a, sizeof( sig ) );
+ mbedtls_ecdsa_init(&ctx);
+ memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
+ memset(hash, 0, sizeof(hash));
+ memset(sig, 0x2a, sizeof(sig));
/* prepare material for signature */
- TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
- hash, sizeof( hash ) ) == 0 );
+ TEST_ASSERT(mbedtls_test_rnd_pseudo_rand(&rnd_info,
+ hash, sizeof(hash)) == 0);
/* generate signing key */
- TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
+ TEST_ASSERT(mbedtls_ecdsa_genkey(&ctx, id,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
/* generate and write signature, then read and verify it */
- TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
- hash, sizeof( hash ),
- sig, &sig_len, &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len ) == 0 );
+ TEST_ASSERT(mbedtls_ecdsa_write_signature(&ctx, MBEDTLS_MD_SHA256,
+ hash, sizeof(hash),
+ sig, &sig_len, &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
+ sig, sig_len) == 0);
/* check we didn't write past the announced length */
- for( i = sig_len; i < sizeof( sig ); i++ )
- TEST_ASSERT( sig[i] == 0x2a );
+ for (i = sig_len; i < sizeof(sig); i++) {
+ TEST_ASSERT(sig[i] == 0x2a);
+ }
/* try verification with invalid length */
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len - 1 ) != 0 );
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len + 1 ) != 0 );
+ TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
+ sig, sig_len - 1) != 0);
+ TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
+ sig, sig_len + 1) != 0);
/* try invalid sequence tag */
sig[0]++;
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len ) != 0 );
+ TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
+ sig, sig_len) != 0);
sig[0]--;
/* try modifying r */
sig[10]++;
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
+ sig, sig_len) == MBEDTLS_ERR_ECP_VERIFY_FAILED);
sig[10]--;
/* try modifying s */
sig[sig_len - 1]++;
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
+ sig, sig_len) == MBEDTLS_ERR_ECP_VERIFY_FAILED);
sig[sig_len - 1]--;
exit:
- mbedtls_ecdsa_free( &ctx );
+ mbedtls_ecdsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
-void ecdsa_read_restart( int id, data_t *pk, data_t *hash, data_t *sig,
- int max_ops, int min_restart, int max_restart )
+void ecdsa_read_restart(int id, data_t *pk, data_t *hash, data_t *sig,
+ int max_ops, int min_restart, int max_restart)
{
mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_restart_ctx rs_ctx;
int ret, cnt_restart;
- mbedtls_ecdsa_init( &ctx );
- mbedtls_ecdsa_restart_init( &rs_ctx );
+ mbedtls_ecdsa_init(&ctx);
+ mbedtls_ecdsa_restart_init(&rs_ctx);
- TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
- TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q,
- pk->x, pk->len ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&ctx.grp, id) == 0);
+ TEST_ASSERT(mbedtls_ecp_point_read_binary(&ctx.grp, &ctx.Q,
+ pk->x, pk->len) == 0);
- mbedtls_ecp_set_max_ops( max_ops );
+ mbedtls_ecp_set_max_ops(max_ops);
cnt_restart = 0;
do {
- ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
- hash->x, hash->len, sig->x, sig->len, &rs_ctx );
- } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+ ret = mbedtls_ecdsa_read_signature_restartable(&ctx,
+ hash->x, hash->len, sig->x, sig->len,
+ &rs_ctx);
+ } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( cnt_restart >= min_restart );
- TEST_ASSERT( cnt_restart <= max_restart );
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(cnt_restart >= min_restart);
+ TEST_ASSERT(cnt_restart <= max_restart);
/* try modifying r */
- TEST_ASSERT( sig->len > 10 );
+ TEST_ASSERT(sig->len > 10);
sig->x[10]++;
do {
- ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
- hash->x, hash->len, sig->x, sig->len, &rs_ctx );
- } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
- TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ ret = mbedtls_ecdsa_read_signature_restartable(&ctx,
+ hash->x, hash->len, sig->x, sig->len,
+ &rs_ctx);
+ } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
+ TEST_ASSERT(ret == MBEDTLS_ERR_ECP_VERIFY_FAILED);
sig->x[10]--;
/* try modifying s */
sig->x[sig->len - 1]++;
do {
- ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
- hash->x, hash->len, sig->x, sig->len, &rs_ctx );
- } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
- TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ ret = mbedtls_ecdsa_read_signature_restartable(&ctx,
+ hash->x, hash->len, sig->x, sig->len,
+ &rs_ctx);
+ } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
+ TEST_ASSERT(ret == MBEDTLS_ERR_ECP_VERIFY_FAILED);
sig->x[sig->len - 1]--;
/* Do we leak memory when aborting an operation?
* This test only makes sense when we actually restart */
- if( min_restart > 0 )
- {
- ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
- hash->x, hash->len, sig->x, sig->len, &rs_ctx );
- TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+ if (min_restart > 0) {
+ ret = mbedtls_ecdsa_read_signature_restartable(&ctx,
+ hash->x, hash->len, sig->x, sig->len,
+ &rs_ctx);
+ TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
}
exit:
- mbedtls_ecdsa_free( &ctx );
- mbedtls_ecdsa_restart_free( &rs_ctx );
+ mbedtls_ecdsa_free(&ctx);
+ mbedtls_ecdsa_restart_free(&rs_ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_DETERMINISTIC */
-void ecdsa_write_restart( int id, char *d_str, int md_alg,
- char *msg, data_t *sig_check,
- int max_ops, int min_restart, int max_restart )
+void ecdsa_write_restart(int id, char *d_str, int md_alg,
+ char *msg, data_t *sig_check,
+ int max_ops, int min_restart, int max_restart)
{
int ret, cnt_restart;
mbedtls_ecdsa_restart_ctx rs_ctx;
@@ -641,86 +645,99 @@
size_t hlen, slen;
const mbedtls_md_info_t *md_info;
- mbedtls_ecdsa_restart_init( &rs_ctx );
- mbedtls_ecdsa_init( &ctx );
- memset( hash, 0, sizeof( hash ) );
- memset( sig, 0, sizeof( sig ) );
+ mbedtls_ecdsa_restart_init(&rs_ctx);
+ mbedtls_ecdsa_init(&ctx);
+ memset(hash, 0, sizeof(hash));
+ memset(sig, 0, sizeof(sig));
- TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &ctx.d, d_str ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&ctx.grp, id) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&ctx.d, d_str) == 0);
- md_info = mbedtls_md_info_from_type( md_alg );
- TEST_ASSERT( md_info != NULL );
+ md_info = mbedtls_md_info_from_type(md_alg);
+ TEST_ASSERT(md_info != NULL);
- hlen = mbedtls_md_get_size( md_info );
- TEST_ASSERT( mbedtls_md( md_info,
- (const unsigned char *) msg, strlen( msg ),
- hash ) == 0 );
+ hlen = mbedtls_md_get_size(md_info);
+ TEST_ASSERT(mbedtls_md(md_info,
+ (const unsigned char *) msg, strlen(msg),
+ hash) == 0);
- mbedtls_ecp_set_max_ops( max_ops );
+ mbedtls_ecp_set_max_ops(max_ops);
- slen = sizeof( sig );
+ slen = sizeof(sig);
cnt_restart = 0;
do {
- ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
- md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
- } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+ ret = mbedtls_ecdsa_write_signature_restartable(&ctx,
+ md_alg,
+ hash,
+ hlen,
+ sig,
+ &slen,
+ NULL,
+ NULL,
+ &rs_ctx);
+ } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( slen == sig_check->len );
- TEST_ASSERT( memcmp( sig, sig_check->x, slen ) == 0 );
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(slen == sig_check->len);
+ TEST_ASSERT(memcmp(sig, sig_check->x, slen) == 0);
- TEST_ASSERT( cnt_restart >= min_restart );
- TEST_ASSERT( cnt_restart <= max_restart );
+ TEST_ASSERT(cnt_restart >= min_restart);
+ TEST_ASSERT(cnt_restart <= max_restart);
/* Do we leak memory when aborting an operation?
* This test only makes sense when we actually restart */
- if( min_restart > 0 )
- {
- ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
- md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
- TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+ if (min_restart > 0) {
+ ret = mbedtls_ecdsa_write_signature_restartable(&ctx,
+ md_alg,
+ hash,
+ hlen,
+ sig,
+ &slen,
+ NULL,
+ NULL,
+ &rs_ctx);
+ TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
}
exit:
- mbedtls_ecdsa_restart_free( &rs_ctx );
- mbedtls_ecdsa_free( &ctx );
+ mbedtls_ecdsa_restart_free(&rs_ctx);
+ mbedtls_ecdsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecdsa_verify( int grp_id, char * x, char * y, char * r, char * s, data_t * content, int expected )
+void ecdsa_verify(int grp_id, char *x, char *y, char *r, char *s, data_t *content, int expected)
{
mbedtls_ecdsa_context ctx;
mbedtls_mpi sig_r, sig_s;
- mbedtls_ecdsa_init( &ctx );
- mbedtls_mpi_init( &sig_r );
- mbedtls_mpi_init( &sig_s );
+ mbedtls_ecdsa_init(&ctx);
+ mbedtls_mpi_init(&sig_r);
+ mbedtls_mpi_init(&sig_s);
/* Prepare ECP group context */
- TEST_EQUAL( mbedtls_ecp_group_load( &ctx.grp, grp_id ), 0 );
+ TEST_EQUAL(mbedtls_ecp_group_load(&ctx.grp, grp_id), 0);
/* Prepare public key */
- TEST_EQUAL( mbedtls_test_read_mpi( &ctx.Q.X, x ), 0 );
- TEST_EQUAL( mbedtls_test_read_mpi( &ctx.Q.Y, y ), 0 );
- TEST_EQUAL( mbedtls_mpi_lset( &ctx.Q.Z, 1 ), 0 );
+ TEST_EQUAL(mbedtls_test_read_mpi(&ctx.Q.X, x), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&ctx.Q.Y, y), 0);
+ TEST_EQUAL(mbedtls_mpi_lset(&ctx.Q.Z, 1), 0);
/* Prepare signature R & S */
- TEST_EQUAL( mbedtls_test_read_mpi( &sig_r, r ), 0 );
- TEST_EQUAL( mbedtls_test_read_mpi( &sig_s, s ), 0 );
+ TEST_EQUAL(mbedtls_test_read_mpi(&sig_r, r), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&sig_s, s), 0);
/* Test whether public key has expected validity */
- TEST_EQUAL( mbedtls_ecp_check_pubkey( &ctx.grp, &ctx.Q ),
- expected == MBEDTLS_ERR_ECP_INVALID_KEY ? MBEDTLS_ERR_ECP_INVALID_KEY : 0 );
+ TEST_EQUAL(mbedtls_ecp_check_pubkey(&ctx.grp, &ctx.Q),
+ expected == MBEDTLS_ERR_ECP_INVALID_KEY ? MBEDTLS_ERR_ECP_INVALID_KEY : 0);
/* Verification */
- int result = mbedtls_ecdsa_verify( &ctx.grp, content->x, content->len, &ctx.Q, &sig_r, &sig_s );
+ int result = mbedtls_ecdsa_verify(&ctx.grp, content->x, content->len, &ctx.Q, &sig_r, &sig_s);
- TEST_EQUAL( result, expected );
+ TEST_EQUAL(result, expected);
exit:
- mbedtls_ecdsa_free( &ctx );
- mbedtls_mpi_free( &sig_r );
- mbedtls_mpi_free( &sig_s );
+ mbedtls_ecdsa_free(&ctx);
+ mbedtls_mpi_free(&sig_r);
+ mbedtls_mpi_free(&sig_s);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function
index 2246f2d..16f52b2 100644
--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@@ -63,33 +63,33 @@
};
/* Load my private and public keys, and peer's public keys */
-static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
- const unsigned char *xm1, size_t len_xm1,
- const unsigned char *xm2, size_t len_xm2,
- const unsigned char *Xm1, size_t len_Xm1,
- const unsigned char *Xm2, size_t len_Xm2,
- const unsigned char *Xp1, size_t len_Xp1,
- const unsigned char *Xp2, size_t len_Xp2 )
+static int ecjpake_test_load(mbedtls_ecjpake_context *ctx,
+ const unsigned char *xm1, size_t len_xm1,
+ const unsigned char *xm2, size_t len_xm2,
+ const unsigned char *Xm1, size_t len_Xm1,
+ const unsigned char *Xm2, size_t len_Xm2,
+ const unsigned char *Xp1, size_t len_Xp1,
+ const unsigned char *Xp2, size_t len_Xp2)
{
int ret;
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm1, xm1, len_xm1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm2, xm2, len_xm2 ) );
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->xm1, xm1, len_xm1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->xm2, xm2, len_xm2));
- MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ctx->grp,
- &ctx->Xm1, Xm1, len_Xm1 ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ctx->grp,
- &ctx->Xm2, Xm2, len_Xm2 ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ctx->grp,
- &ctx->Xp1, Xp1, len_Xp1 ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ctx->grp,
- &ctx->Xp2, Xp2, len_Xp2 ) );
+ MBEDTLS_MPI_CHK(mbedtls_ecp_point_read_binary(&ctx->grp,
+ &ctx->Xm1, Xm1, len_Xm1));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_point_read_binary(&ctx->grp,
+ &ctx->Xm2, Xm2, len_Xm2));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_point_read_binary(&ctx->grp,
+ &ctx->Xp1, Xp1, len_Xp1));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_point_read_binary(&ctx->grp,
+ &ctx->Xp2, Xp2, len_Xp2));
cleanup:
- return( ret );
+ return ret;
}
-#define ADD_SIZE( x ) x, sizeof( x )
+#define ADD_SIZE(x) x, sizeof(x)
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED && MBEDTLS_SHA256_C */
/* END_HEADER */
@@ -99,101 +99,101 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void ecjpake_invalid_param( )
+void ecjpake_invalid_param()
{
mbedtls_ecjpake_context ctx;
unsigned char buf[42] = { 0 };
size_t olen;
- size_t const len = sizeof( buf );
+ size_t const len = sizeof(buf);
mbedtls_ecjpake_role valid_role = MBEDTLS_ECJPAKE_SERVER;
mbedtls_ecjpake_role invalid_role = (mbedtls_ecjpake_role) 42;
mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP256R1;
- mbedtls_ecjpake_init( &ctx );
+ mbedtls_ecjpake_init(&ctx);
- TEST_INVALID_PARAM( mbedtls_ecjpake_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_ecjpake_free( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_ecjpake_init(NULL));
+ TEST_VALID_PARAM(mbedtls_ecjpake_free(NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_setup( NULL,
- valid_role,
- valid_md,
- valid_group,
- buf, len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_setup( &ctx,
- invalid_role,
- valid_md,
- valid_group,
- buf, len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_setup( &ctx,
- valid_role,
- valid_md,
- valid_group,
- NULL, len ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_setup(NULL,
+ valid_role,
+ valid_md,
+ valid_group,
+ buf, len));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_setup(&ctx,
+ invalid_role,
+ valid_md,
+ valid_group,
+ buf, len));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_setup(&ctx,
+ valid_role,
+ valid_md,
+ valid_group,
+ NULL, len));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_check( NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_check(NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_one( NULL, buf, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_one(NULL, buf, len, &olen,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_one( &ctx, NULL, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_one(&ctx, NULL, len, &olen,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_one( &ctx, buf, len, NULL,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_one(&ctx, buf, len, NULL,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_one( &ctx, buf, len, &olen, NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_one(&ctx, buf, len, &olen, NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_two( NULL, buf, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_two(NULL, buf, len, &olen,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_two( &ctx, NULL, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_two(&ctx, NULL, len, &olen,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_two( &ctx, buf, len, NULL,
- mbedtls_test_rnd_std_rand, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_two( &ctx, buf, len, &olen, NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_two(&ctx, buf, len, NULL,
+ mbedtls_test_rnd_std_rand, NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_two(&ctx, buf, len, &olen, NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_read_round_one( NULL,
- buf, len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_read_round_one( &ctx,
- NULL, len ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_read_round_one(NULL,
+ buf, len));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_read_round_one(&ctx,
+ NULL, len));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_read_round_two( NULL,
- buf, len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_read_round_two( &ctx,
- NULL, len ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_read_round_two(NULL,
+ buf, len));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_read_round_two(&ctx,
+ NULL, len));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_derive_secret( NULL, buf, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_derive_secret(NULL, buf, len, &olen,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_derive_secret( &ctx, NULL, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_derive_secret(&ctx, NULL, len, &olen,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_derive_secret( &ctx, buf, len, NULL,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_derive_secret(&ctx, buf, len, NULL,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_derive_secret( &ctx, buf, len, &olen, NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_derive_secret(&ctx, buf, len, &olen, NULL, NULL));
exit:
return;
@@ -201,98 +201,102 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void ecjpake_selftest( )
+void ecjpake_selftest()
{
- TEST_ASSERT( mbedtls_ecjpake_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_self_test(1) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void read_bad_md( data_t *msg )
+void read_bad_md(data_t *msg)
{
mbedtls_ecjpake_context corrupt_ctx;
- const unsigned char * pw = NULL;
+ const unsigned char *pw = NULL;
const size_t pw_len = 0;
int any_role = MBEDTLS_ECJPAKE_CLIENT;
- mbedtls_ecjpake_init( &corrupt_ctx );
- TEST_ASSERT( mbedtls_ecjpake_setup( &corrupt_ctx, any_role,
- MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, pw_len ) == 0 );
+ mbedtls_ecjpake_init(&corrupt_ctx);
+ TEST_ASSERT(mbedtls_ecjpake_setup(&corrupt_ctx, any_role,
+ MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw,
+ pw_len) == 0);
corrupt_ctx.md_info = NULL;
- TEST_ASSERT( mbedtls_ecjpake_read_round_one( &corrupt_ctx, msg->x,
- msg->len ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_ecjpake_read_round_one(&corrupt_ctx, msg->x,
+ msg->len) == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
exit:
- mbedtls_ecjpake_free( &corrupt_ctx );
+ mbedtls_ecjpake_free(&corrupt_ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void read_round_one( int role, data_t * msg, int ref_ret )
+void read_round_one(int role, data_t *msg, int ref_ret)
{
mbedtls_ecjpake_context ctx;
- const unsigned char * pw = NULL;
+ const unsigned char *pw = NULL;
const size_t pw_len = 0;
- mbedtls_ecjpake_init( &ctx );
+ mbedtls_ecjpake_init(&ctx);
- TEST_ASSERT( mbedtls_ecjpake_setup( &ctx, role,
- MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, pw_len ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_setup(&ctx, role,
+ MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw,
+ pw_len) == 0);
- TEST_ASSERT( mbedtls_ecjpake_read_round_one( &ctx, msg->x, msg->len ) == ref_ret );
+ TEST_ASSERT(mbedtls_ecjpake_read_round_one(&ctx, msg->x, msg->len) == ref_ret);
exit:
- mbedtls_ecjpake_free( &ctx );
+ mbedtls_ecjpake_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void read_round_two_cli( data_t * msg, int ref_ret )
+void read_round_two_cli(data_t *msg, int ref_ret)
{
mbedtls_ecjpake_context ctx;
- const unsigned char * pw = NULL;
+ const unsigned char *pw = NULL;
const size_t pw_len = 0;
- mbedtls_ecjpake_init( &ctx );
+ mbedtls_ecjpake_init(&ctx);
- TEST_ASSERT( mbedtls_ecjpake_setup( &ctx, MBEDTLS_ECJPAKE_CLIENT,
- MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, pw_len ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_setup(&ctx, MBEDTLS_ECJPAKE_CLIENT,
+ MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw,
+ pw_len) == 0);
- TEST_ASSERT( ecjpake_test_load( &ctx,
- ADD_SIZE( ecjpake_test_x1 ), ADD_SIZE( ecjpake_test_x2 ),
- ADD_SIZE( ecjpake_test_X1 ), ADD_SIZE( ecjpake_test_X2 ),
- ADD_SIZE( ecjpake_test_X3 ), ADD_SIZE( ecjpake_test_X4 ) )
- == 0 );
+ TEST_ASSERT(ecjpake_test_load(&ctx,
+ ADD_SIZE(ecjpake_test_x1), ADD_SIZE(ecjpake_test_x2),
+ ADD_SIZE(ecjpake_test_X1), ADD_SIZE(ecjpake_test_X2),
+ ADD_SIZE(ecjpake_test_X3), ADD_SIZE(ecjpake_test_X4))
+ == 0);
- TEST_ASSERT( mbedtls_ecjpake_read_round_two( &ctx, msg->x, msg->len ) == ref_ret );
+ TEST_ASSERT(mbedtls_ecjpake_read_round_two(&ctx, msg->x, msg->len) == ref_ret);
exit:
- mbedtls_ecjpake_free( &ctx );
+ mbedtls_ecjpake_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void read_round_two_srv( data_t * msg, int ref_ret )
+void read_round_two_srv(data_t *msg, int ref_ret)
{
mbedtls_ecjpake_context ctx;
- const unsigned char * pw = NULL;
+ const unsigned char *pw = NULL;
const size_t pw_len = 0;
- mbedtls_ecjpake_init( &ctx );
+ mbedtls_ecjpake_init(&ctx);
- TEST_ASSERT( mbedtls_ecjpake_setup( &ctx, MBEDTLS_ECJPAKE_SERVER,
- MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, pw_len ) == 0 );
+ TEST_ASSERT(mbedtls_ecjpake_setup(&ctx, MBEDTLS_ECJPAKE_SERVER,
+ MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw,
+ pw_len) == 0);
- TEST_ASSERT( ecjpake_test_load( &ctx,
- ADD_SIZE( ecjpake_test_x3 ), ADD_SIZE( ecjpake_test_x4 ),
- ADD_SIZE( ecjpake_test_X3 ), ADD_SIZE( ecjpake_test_X4 ),
- ADD_SIZE( ecjpake_test_X1 ), ADD_SIZE( ecjpake_test_X2 ) )
- == 0 );
+ TEST_ASSERT(ecjpake_test_load(&ctx,
+ ADD_SIZE(ecjpake_test_x3), ADD_SIZE(ecjpake_test_x4),
+ ADD_SIZE(ecjpake_test_X3), ADD_SIZE(ecjpake_test_X4),
+ ADD_SIZE(ecjpake_test_X1), ADD_SIZE(ecjpake_test_X2))
+ == 0);
- TEST_ASSERT( mbedtls_ecjpake_read_round_two( &ctx, msg->x, msg->len ) == ref_ret );
+ TEST_ASSERT(mbedtls_ecjpake_read_round_two(&ctx, msg->x, msg->len) == ref_ret);
exit:
- mbedtls_ecjpake_free( &ctx );
+ mbedtls_ecjpake_free(&ctx);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 0bce782..6110a78 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -6,52 +6,67 @@
#include "ecp_invasive.h"
#if defined(MBEDTLS_TEST_HOOKS) && \
- ( defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) )
+ (defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED))
#define HAVE_FIX_NEGATIVE
#endif
#define ECP_PF_UNKNOWN -1
-#define ECP_PT_RESET( x ) \
- mbedtls_ecp_point_free( x ); \
- mbedtls_ecp_point_init( x );
+#define ECP_PT_RESET(x) \
+ mbedtls_ecp_point_free(x); \
+ mbedtls_ecp_point_init(x);
/* Auxiliary function to compare two mbedtls_ecp_group objects. */
-inline static int mbedtls_ecp_group_cmp( mbedtls_ecp_group *grp1,
- mbedtls_ecp_group *grp2 )
+inline static int mbedtls_ecp_group_cmp(mbedtls_ecp_group *grp1,
+ mbedtls_ecp_group *grp2)
{
- if( mbedtls_mpi_cmp_mpi( &grp1->P, &grp2->P ) != 0 )
+ if (mbedtls_mpi_cmp_mpi(&grp1->P, &grp2->P) != 0) {
return 1;
- if( mbedtls_mpi_cmp_mpi( &grp1->A, &grp2->A ) != 0 )
+ }
+ if (mbedtls_mpi_cmp_mpi(&grp1->A, &grp2->A) != 0) {
return 1;
- if( mbedtls_mpi_cmp_mpi( &grp1->B, &grp2->B ) != 0 )
+ }
+ if (mbedtls_mpi_cmp_mpi(&grp1->B, &grp2->B) != 0) {
return 1;
- if( mbedtls_mpi_cmp_mpi( &grp1->N, &grp2->N ) != 0 )
+ }
+ if (mbedtls_mpi_cmp_mpi(&grp1->N, &grp2->N) != 0) {
return 1;
- if( mbedtls_ecp_point_cmp( &grp1->G, &grp2->G ) != 0 )
+ }
+ if (mbedtls_ecp_point_cmp(&grp1->G, &grp2->G) != 0) {
return 1;
- if( grp1->id != grp2->id )
+ }
+ if (grp1->id != grp2->id) {
return 1;
- if( grp1->pbits != grp2->pbits )
+ }
+ if (grp1->pbits != grp2->pbits) {
return 1;
- if( grp1->nbits != grp2->nbits )
+ }
+ if (grp1->nbits != grp2->nbits) {
return 1;
- if( grp1->h != grp2->h )
+ }
+ if (grp1->h != grp2->h) {
return 1;
- if( grp1->modp != grp2->modp )
+ }
+ if (grp1->modp != grp2->modp) {
return 1;
- if( grp1->t_pre != grp2->t_pre )
+ }
+ if (grp1->t_pre != grp2->t_pre) {
return 1;
- if( grp1->t_post != grp2->t_post )
+ }
+ if (grp1->t_post != grp2->t_post) {
return 1;
- if( grp1->t_data != grp2->t_data )
+ }
+ if (grp1->t_data != grp2->t_data) {
return 1;
- if( grp1->T_size != grp2->T_size )
+ }
+ if (grp1->T_size != grp2->T_size) {
return 1;
- if( grp1->T != grp2->T )
+ }
+ if (grp1->T != grp2->T) {
return 1;
+ }
return 0;
}
@@ -64,14 +79,14 @@
*/
/* BEGIN_CASE */
-void ecp_valid_param( )
+void ecp_valid_param()
{
- TEST_VALID_PARAM( mbedtls_ecp_group_free( NULL ) );
- TEST_VALID_PARAM( mbedtls_ecp_keypair_free( NULL ) );
- TEST_VALID_PARAM( mbedtls_ecp_point_free( NULL ) );
+ TEST_VALID_PARAM(mbedtls_ecp_group_free(NULL));
+ TEST_VALID_PARAM(mbedtls_ecp_keypair_free(NULL));
+ TEST_VALID_PARAM(mbedtls_ecp_point_free(NULL));
#if defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_VALID_PARAM( mbedtls_ecp_restart_free( NULL ) );
+ TEST_VALID_PARAM(mbedtls_ecp_restart_free(NULL));
#endif /* MBEDTLS_ECP_RESTARTABLE */
exit:
@@ -80,7 +95,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void ecp_invalid_param( )
+void ecp_invalid_param()
{
mbedtls_ecp_group grp;
mbedtls_ecp_keypair kp;
@@ -97,316 +112,316 @@
mbedtls_ecp_restart_ctx restart_ctx;
#endif /* MBEDTLS_ECP_RESTARTABLE */
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecp_point_init( &P );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point_init(&P);
- TEST_INVALID_PARAM( mbedtls_ecp_point_init( NULL ) );
- TEST_INVALID_PARAM( mbedtls_ecp_keypair_init( NULL ) );
- TEST_INVALID_PARAM( mbedtls_ecp_group_init( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_ecp_point_init(NULL));
+ TEST_INVALID_PARAM(mbedtls_ecp_keypair_init(NULL));
+ TEST_INVALID_PARAM(mbedtls_ecp_group_init(NULL));
#if defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_INVALID_PARAM( mbedtls_ecp_restart_init( NULL ) );
- TEST_INVALID_PARAM( mbedtls_ecp_check_budget( NULL, &restart_ctx, 42 ) );
+ TEST_INVALID_PARAM(mbedtls_ecp_restart_init(NULL));
+ TEST_INVALID_PARAM(mbedtls_ecp_check_budget(NULL, &restart_ctx, 42));
#endif /* MBEDTLS_ECP_RESTARTABLE */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_copy( NULL, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_copy( &P, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_copy(NULL, &P));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_copy(&P, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_group_copy( NULL, &grp ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_group_copy( &grp, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_group_copy(NULL, &grp));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_group_copy(&grp, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_privkey( NULL,
- &m,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_privkey( &grp,
- NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_privkey( &grp,
- &m,
- NULL,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_privkey(NULL,
+ &m,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_privkey(&grp,
+ NULL,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_privkey(&grp,
+ &m,
+ NULL,
+ NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_set_zero( NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_is_zero( NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_set_zero(NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_is_zero(NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_cmp( NULL, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_cmp( &P, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_cmp(NULL, &P));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_cmp(&P, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_string( NULL, 2,
- x, x ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_string( &P, 2,
- NULL, x ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_string( &P, 2,
- x, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_read_string(NULL, 2,
+ x, x));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_read_string(&P, 2,
+ NULL, x));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_read_string(&P, 2,
+ x, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_write_binary( NULL, &P,
- valid_fmt,
- &olen,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_write_binary( &grp, NULL,
- valid_fmt,
- &olen,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_write_binary( &grp, &P,
- invalid_fmt,
- &olen,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_write_binary( &grp, &P,
- valid_fmt,
- NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_write_binary( &grp, &P,
- valid_fmt,
- &olen,
- NULL, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_write_binary(NULL, &P,
+ valid_fmt,
+ &olen,
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_write_binary(&grp, NULL,
+ valid_fmt,
+ &olen,
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_write_binary(&grp, &P,
+ invalid_fmt,
+ &olen,
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_write_binary(&grp, &P,
+ valid_fmt,
+ NULL,
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_write_binary(&grp, &P,
+ valid_fmt,
+ &olen,
+ NULL, sizeof(buf)));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_binary( NULL, &P, buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_binary( &grp, NULL, buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_binary( &grp, &P, NULL,
- sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_read_binary(NULL, &P, buf,
+ sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_read_binary(&grp, NULL, buf,
+ sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_read_binary(&grp, &P, NULL,
+ sizeof(buf)));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_point( NULL, &P,
- (const unsigned char **) &buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_point( &grp, NULL,
- (const unsigned char **) &buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_point( &grp, &P, &null_buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_point( &grp, &P, NULL,
- sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_point(NULL, &P,
+ (const unsigned char **) &buf,
+ sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_point(&grp, NULL,
+ (const unsigned char **) &buf,
+ sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_point(&grp, &P, &null_buf,
+ sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_point(&grp, &P, NULL,
+ sizeof(buf)));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_point( NULL, &P,
- valid_fmt,
- &olen,
- buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_point( &grp, NULL,
- valid_fmt,
- &olen,
- buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_point( &grp, &P,
- invalid_fmt,
- &olen,
- buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_point( &grp, &P,
- valid_fmt,
- NULL,
- buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_point( &grp, &P,
- valid_fmt,
- &olen,
- NULL,
- sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_write_point(NULL, &P,
+ valid_fmt,
+ &olen,
+ buf,
+ sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_write_point(&grp, NULL,
+ valid_fmt,
+ &olen,
+ buf,
+ sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_write_point(&grp, &P,
+ invalid_fmt,
+ &olen,
+ buf,
+ sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_write_point(&grp, &P,
+ valid_fmt,
+ NULL,
+ buf,
+ sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_write_point(&grp, &P,
+ valid_fmt,
+ &olen,
+ NULL,
+ sizeof(buf)));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_group_load( NULL, valid_group ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_group_load(NULL, valid_group));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group( NULL,
- (const unsigned char **) &buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group( &grp, NULL,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group( &grp, &null_buf,
- sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_group(NULL,
+ (const unsigned char **) &buf,
+ sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_group(&grp, NULL,
+ sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_group(&grp, &null_buf,
+ sizeof(buf)));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group_id( NULL,
- (const unsigned char **) &buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group_id( &valid_group, NULL,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group_id( &valid_group,
- &null_buf,
- sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_group_id(NULL,
+ (const unsigned char **) &buf,
+ sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_group_id(&valid_group, NULL,
+ sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_group_id(&valid_group,
+ &null_buf,
+ sizeof(buf)));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_group( NULL, &olen,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_group( &grp, NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_group( &grp, &olen,
- NULL, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_write_group(NULL, &olen,
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_write_group(&grp, NULL,
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_write_group(&grp, &olen,
+ NULL, sizeof(buf)));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul( NULL, &P, &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul( &grp, NULL, &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul( &grp, &P, NULL, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul( &grp, &P, &m, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_mul(NULL, &P, &m, &P,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_mul(&grp, NULL, &m, &P,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_mul(&grp, &P, NULL, &P,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_mul(&grp, &P, &m, NULL,
+ mbedtls_test_rnd_std_rand,
+ NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul_restartable( NULL, &P, &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL , NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul_restartable( &grp, NULL, &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL , NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul_restartable( &grp, &P, NULL, &P,
- mbedtls_test_rnd_std_rand,
- NULL , NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul_restartable( &grp, &P, &m, NULL,
- mbedtls_test_rnd_std_rand,
- NULL , NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_mul_restartable(NULL, &P, &m, &P,
+ mbedtls_test_rnd_std_rand,
+ NULL, NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_mul_restartable(&grp, NULL, &m, &P,
+ mbedtls_test_rnd_std_rand,
+ NULL, NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_mul_restartable(&grp, &P, NULL, &P,
+ mbedtls_test_rnd_std_rand,
+ NULL, NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_mul_restartable(&grp, &P, &m, NULL,
+ mbedtls_test_rnd_std_rand,
+ NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( NULL, &P, &m, &P,
- &m, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( &grp, NULL, &m, &P,
- &m, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( &grp, &P, NULL, &P,
- &m, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( &grp, &P, &m, NULL,
- &m, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( &grp, &P, &m, &P,
- NULL, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( &grp, &P, &m, &P,
- &m, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd(NULL, &P, &m, &P,
+ &m, &P));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd(&grp, NULL, &m, &P,
+ &m, &P));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd(&grp, &P, NULL, &P,
+ &m, &P));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd(&grp, &P, &m, NULL,
+ &m, &P));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd(&grp, &P, &m, &P,
+ NULL, &P));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd(&grp, &P, &m, &P,
+ &m, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( NULL, &P, &m, &P,
- &m, &P, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( &grp, NULL, &m, &P,
- &m, &P, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( &grp, &P, NULL, &P,
- &m, &P, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( &grp, &P, &m, NULL,
- &m, &P, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( &grp, &P, &m, &P,
- NULL, &P, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( &grp, &P, &m, &P,
- &m, NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd_restartable(NULL, &P, &m, &P,
+ &m, &P, NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd_restartable(&grp, NULL, &m, &P,
+ &m, &P, NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd_restartable(&grp, &P, NULL, &P,
+ &m, &P, NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd_restartable(&grp, &P, &m, NULL,
+ &m, &P, NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd_restartable(&grp, &P, &m, &P,
+ NULL, &P, NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd_restartable(&grp, &P, &m, &P,
+ &m, NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_pubkey( NULL, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_pubkey( &grp, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_check_pubkey(NULL, &P));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_check_pubkey(&grp, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_pub_priv( NULL, &kp ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_pub_priv( &kp, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_check_pub_priv(NULL, &kp));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_check_pub_priv(&kp, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_privkey( NULL, &m ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_privkey( &grp, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_check_privkey(NULL, &m));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_check_privkey(&grp, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( NULL, &P, &m, &P,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair_base(NULL, &P, &m, &P,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( &grp, NULL, &m, &P,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair_base(&grp, NULL, &m, &P,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( &grp, &P, NULL, &P,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair_base(&grp, &P, NULL, &P,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( &grp, &P, &m, NULL,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair_base(&grp, &P, &m, NULL,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( &grp, &P, &m, &P, NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair_base(&grp, &P, &m, &P, NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair( NULL,
- &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair( &grp,
- NULL, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair( &grp,
- &m, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair( &grp,
- &m, &P,
- NULL,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair(NULL,
+ &m, &P,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair(&grp,
+ NULL, &P,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair(&grp,
+ &m, NULL,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair(&grp,
+ &m, &P,
+ NULL,
+ NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_key( valid_group, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_key( valid_group, &kp,
- NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_key(valid_group, NULL,
+ mbedtls_test_rnd_std_rand,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_key(valid_group, &kp,
+ NULL, NULL));
exit:
return;
@@ -414,55 +429,55 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ecp_curve_info( int id, int tls_id, int size, char * name )
+void mbedtls_ecp_curve_info(int id, int tls_id, int size, char *name)
{
const mbedtls_ecp_curve_info *by_id, *by_tls, *by_name;
- by_id = mbedtls_ecp_curve_info_from_grp_id( id );
- by_tls = mbedtls_ecp_curve_info_from_tls_id( tls_id );
- by_name = mbedtls_ecp_curve_info_from_name( name );
- TEST_ASSERT( by_id != NULL );
- TEST_ASSERT( by_tls != NULL );
- TEST_ASSERT( by_name != NULL );
+ by_id = mbedtls_ecp_curve_info_from_grp_id(id);
+ by_tls = mbedtls_ecp_curve_info_from_tls_id(tls_id);
+ by_name = mbedtls_ecp_curve_info_from_name(name);
+ TEST_ASSERT(by_id != NULL);
+ TEST_ASSERT(by_tls != NULL);
+ TEST_ASSERT(by_name != NULL);
- TEST_ASSERT( by_id == by_tls );
- TEST_ASSERT( by_id == by_name );
+ TEST_ASSERT(by_id == by_tls);
+ TEST_ASSERT(by_id == by_name);
- TEST_ASSERT( by_id->bit_size == size );
- TEST_ASSERT( size <= MBEDTLS_ECP_MAX_BITS );
- TEST_ASSERT( size <= MBEDTLS_ECP_MAX_BYTES * 8 );
+ TEST_ASSERT(by_id->bit_size == size);
+ TEST_ASSERT(size <= MBEDTLS_ECP_MAX_BITS);
+ TEST_ASSERT(size <= MBEDTLS_ECP_MAX_BYTES * 8);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecp_check_pub( int grp_id, char * x_hex, char * y_hex, char * z_hex,
- int ret )
+void ecp_check_pub(int grp_id, char *x_hex, char *y_hex, char *z_hex,
+ int ret)
{
mbedtls_ecp_group grp;
mbedtls_ecp_point P;
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecp_point_init( &P );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point_init(&P);
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, grp_id ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, grp_id) == 0);
- TEST_ASSERT( mbedtls_test_read_mpi( &P.X, x_hex ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &P.Y, y_hex ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &P.Z, z_hex ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&P.X, x_hex) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&P.Y, y_hex) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&P.Z, z_hex) == 0);
- TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &P ) == ret );
+ TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &P) == ret);
exit:
- mbedtls_ecp_group_free( &grp );
- mbedtls_ecp_point_free( &P );
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&P);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
-void ecp_test_vect_restart( int id,
- char *dA_str, char *xA_str, char *yA_str,
- char *dB_str, char *xZ_str, char *yZ_str,
- int max_ops, int min_restarts, int max_restarts )
+void ecp_test_vect_restart(int id,
+ char *dA_str, char *xA_str, char *yA_str,
+ char *dB_str, char *xZ_str, char *yZ_str,
+ int max_ops, int min_restarts, int max_restarts)
{
/*
* Test for early restart. Based on test vectors like ecp_test_vect(),
@@ -489,75 +504,74 @@
int cnt_restarts;
int ret;
- mbedtls_ecp_restart_init( &ctx );
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecp_point_init( &R ); mbedtls_ecp_point_init( &P );
- mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &yA );
- mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xZ ); mbedtls_mpi_init( &yZ );
+ mbedtls_ecp_restart_init(&ctx);
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point_init(&R); mbedtls_ecp_point_init(&P);
+ mbedtls_mpi_init(&dA); mbedtls_mpi_init(&xA); mbedtls_mpi_init(&yA);
+ mbedtls_mpi_init(&dB); mbedtls_mpi_init(&xZ); mbedtls_mpi_init(&yZ);
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
- TEST_ASSERT( mbedtls_test_read_mpi( &dA, dA_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &xA, xA_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &yA, yA_str ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&dA, dA_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&xA, xA_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&yA, yA_str) == 0);
- TEST_ASSERT( mbedtls_test_read_mpi( &dB, dB_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &xZ, xZ_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &yZ, yZ_str ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&dB, dB_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&xZ, xZ_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&yZ, yZ_str) == 0);
- mbedtls_ecp_set_max_ops( (unsigned) max_ops );
+ mbedtls_ecp_set_max_ops((unsigned) max_ops);
/* Base point case */
cnt_restarts = 0;
do {
- ECP_PT_RESET( &R );
- ret = mbedtls_ecp_mul_restartable( &grp, &R, &dA, &grp.G, NULL, NULL, &ctx );
- } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts );
+ ECP_PT_RESET(&R);
+ ret = mbedtls_ecp_mul_restartable(&grp, &R, &dA, &grp.G, NULL, NULL, &ctx);
+ } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts);
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yA ) == 0 );
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xA) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.Y, &yA) == 0);
- TEST_ASSERT( cnt_restarts >= min_restarts );
- TEST_ASSERT( cnt_restarts <= max_restarts );
+ TEST_ASSERT(cnt_restarts >= min_restarts);
+ TEST_ASSERT(cnt_restarts <= max_restarts);
/* Non-base point case */
- mbedtls_ecp_copy( &P, &R );
+ mbedtls_ecp_copy(&P, &R);
cnt_restarts = 0;
do {
- ECP_PT_RESET( &R );
- ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P, NULL, NULL, &ctx );
- } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts );
+ ECP_PT_RESET(&R);
+ ret = mbedtls_ecp_mul_restartable(&grp, &R, &dB, &P, NULL, NULL, &ctx);
+ } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts);
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 );
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xZ) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.Y, &yZ) == 0);
- TEST_ASSERT( cnt_restarts >= min_restarts );
- TEST_ASSERT( cnt_restarts <= max_restarts );
+ TEST_ASSERT(cnt_restarts >= min_restarts);
+ TEST_ASSERT(cnt_restarts <= max_restarts);
/* Do we leak memory when aborting an operation?
* This test only makes sense when we actually restart */
- if( min_restarts > 0 )
- {
- ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P, NULL, NULL, &ctx );
- TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+ if (min_restarts > 0) {
+ ret = mbedtls_ecp_mul_restartable(&grp, &R, &dB, &P, NULL, NULL, &ctx);
+ TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
}
exit:
- mbedtls_ecp_restart_free( &ctx );
- mbedtls_ecp_group_free( &grp );
- mbedtls_ecp_point_free( &R ); mbedtls_ecp_point_free( &P );
- mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &xA ); mbedtls_mpi_free( &yA );
- mbedtls_mpi_free( &dB ); mbedtls_mpi_free( &xZ ); mbedtls_mpi_free( &yZ );
+ mbedtls_ecp_restart_free(&ctx);
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&R); mbedtls_ecp_point_free(&P);
+ mbedtls_mpi_free(&dA); mbedtls_mpi_free(&xA); mbedtls_mpi_free(&yA);
+ mbedtls_mpi_free(&dB); mbedtls_mpi_free(&xZ); mbedtls_mpi_free(&yZ);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
-void ecp_muladd_restart( int id, char *xR_str, char *yR_str,
- char *u1_str, char *u2_str,
- char *xQ_str, char *yQ_str,
- int max_ops, int min_restarts, int max_restarts )
+void ecp_muladd_restart(int id, char *xR_str, char *yR_str,
+ char *u1_str, char *u2_str,
+ char *xQ_str, char *yQ_str,
+ int max_ops, int min_restarts, int max_restarts)
{
/*
* Compute R = u1 * G + u2 * Q
@@ -572,246 +586,244 @@
int cnt_restarts;
int ret;
- mbedtls_ecp_restart_init( &ctx );
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecp_point_init( &R );
- mbedtls_ecp_point_init( &Q );
- mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 );
- mbedtls_mpi_init( &xR ); mbedtls_mpi_init( &yR );
+ mbedtls_ecp_restart_init(&ctx);
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point_init(&R);
+ mbedtls_ecp_point_init(&Q);
+ mbedtls_mpi_init(&u1); mbedtls_mpi_init(&u2);
+ mbedtls_mpi_init(&xR); mbedtls_mpi_init(&yR);
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
- TEST_ASSERT( mbedtls_test_read_mpi( &u1, u1_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &u2, u2_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &xR, xR_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &yR, yR_str ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&u1, u1_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&u2, u2_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&xR, xR_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&yR, yR_str) == 0);
- TEST_ASSERT( mbedtls_test_read_mpi( &Q.X, xQ_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Q.Y, yQ_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_lset( &Q.Z, 1 ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&Q.X, xQ_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Q.Y, yQ_str) == 0);
+ TEST_ASSERT(mbedtls_mpi_lset(&Q.Z, 1) == 0);
- mbedtls_ecp_set_max_ops( (unsigned) max_ops );
+ mbedtls_ecp_set_max_ops((unsigned) max_ops);
cnt_restarts = 0;
do {
- ECP_PT_RESET( &R );
- ret = mbedtls_ecp_muladd_restartable( &grp, &R,
- &u1, &grp.G, &u2, &Q, &ctx );
- } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts );
+ ECP_PT_RESET(&R);
+ ret = mbedtls_ecp_muladd_restartable(&grp, &R,
+ &u1, &grp.G, &u2, &Q, &ctx);
+ } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts);
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xR ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yR ) == 0 );
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xR) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.Y, &yR) == 0);
- TEST_ASSERT( cnt_restarts >= min_restarts );
- TEST_ASSERT( cnt_restarts <= max_restarts );
+ TEST_ASSERT(cnt_restarts >= min_restarts);
+ TEST_ASSERT(cnt_restarts <= max_restarts);
/* Do we leak memory when aborting an operation?
* This test only makes sense when we actually restart */
- if( min_restarts > 0 )
- {
- ret = mbedtls_ecp_muladd_restartable( &grp, &R,
- &u1, &grp.G, &u2, &Q, &ctx );
- TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+ if (min_restarts > 0) {
+ ret = mbedtls_ecp_muladd_restartable(&grp, &R,
+ &u1, &grp.G, &u2, &Q, &ctx);
+ TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
}
exit:
- mbedtls_ecp_restart_free( &ctx );
- mbedtls_ecp_group_free( &grp );
- mbedtls_ecp_point_free( &R );
- mbedtls_ecp_point_free( &Q );
- mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 );
- mbedtls_mpi_free( &xR ); mbedtls_mpi_free( &yR );
+ mbedtls_ecp_restart_free(&ctx);
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&R);
+ mbedtls_ecp_point_free(&Q);
+ mbedtls_mpi_free(&u1); mbedtls_mpi_free(&u2);
+ mbedtls_mpi_free(&xR); mbedtls_mpi_free(&yR);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecp_test_vect( int id, char * dA_str, char * xA_str, char * yA_str,
- char * dB_str, char * xB_str, char * yB_str,
- char * xZ_str, char * yZ_str )
+void ecp_test_vect(int id, char *dA_str, char *xA_str, char *yA_str,
+ char *dB_str, char *xB_str, char *yB_str,
+ char *xZ_str, char *yZ_str)
{
mbedtls_ecp_group grp;
mbedtls_ecp_point R;
mbedtls_mpi dA, xA, yA, dB, xB, yB, xZ, yZ;
mbedtls_test_rnd_pseudo_info rnd_info;
- mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R );
- mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &yA ); mbedtls_mpi_init( &dB );
- mbedtls_mpi_init( &xB ); mbedtls_mpi_init( &yB ); mbedtls_mpi_init( &xZ ); mbedtls_mpi_init( &yZ );
- memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&R);
+ mbedtls_mpi_init(&dA); mbedtls_mpi_init(&xA); mbedtls_mpi_init(&yA); mbedtls_mpi_init(&dB);
+ mbedtls_mpi_init(&xB); mbedtls_mpi_init(&yB); mbedtls_mpi_init(&xZ); mbedtls_mpi_init(&yZ);
+ memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
- TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &grp.G) == 0);
- TEST_ASSERT( mbedtls_test_read_mpi( &dA, dA_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &xA, xA_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &yA, yA_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &dB, dB_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &xB, xB_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &yB, yB_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &xZ, xZ_str ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &yZ, yZ_str ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&dA, dA_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&xA, xA_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&yA, yA_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&dB, dB_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&xB, xB_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&yB, yB_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&xZ, xZ_str) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&yZ, yZ_str) == 0);
- TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G,
- &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yA ) == 0 );
- TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
- TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &R, NULL, NULL ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 );
- TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &dA, &grp.G,
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xA) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.Y, &yA) == 0);
+ TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &R) == 0);
+ TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &dB, &R, NULL, NULL) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xZ) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.Y, &yZ) == 0);
+ TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &R) == 0);
- TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &grp.G, NULL, NULL ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xB ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yB ) == 0 );
- TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
- TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &R,
- &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 );
- TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &dB, &grp.G, NULL, NULL) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xB) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.Y, &yB) == 0);
+ TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &R) == 0);
+ TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &dA, &R,
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xZ) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.Y, &yZ) == 0);
+ TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &R) == 0);
exit:
- mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &R );
- mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &xA ); mbedtls_mpi_free( &yA ); mbedtls_mpi_free( &dB );
- mbedtls_mpi_free( &xB ); mbedtls_mpi_free( &yB ); mbedtls_mpi_free( &xZ ); mbedtls_mpi_free( &yZ );
+ mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&R);
+ mbedtls_mpi_free(&dA); mbedtls_mpi_free(&xA); mbedtls_mpi_free(&yA); mbedtls_mpi_free(&dB);
+ mbedtls_mpi_free(&xB); mbedtls_mpi_free(&yB); mbedtls_mpi_free(&xZ); mbedtls_mpi_free(&yZ);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecp_test_vec_x( int id, char * dA_hex, char * xA_hex, char * dB_hex,
- char * xB_hex, char * xS_hex )
+void ecp_test_vec_x(int id, char *dA_hex, char *xA_hex, char *dB_hex,
+ char *xB_hex, char *xS_hex)
{
mbedtls_ecp_group grp;
mbedtls_ecp_point R;
mbedtls_mpi dA, xA, dB, xB, xS;
mbedtls_test_rnd_pseudo_info rnd_info;
- mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R );
- mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA );
- mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xB );
- mbedtls_mpi_init( &xS );
- memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&R);
+ mbedtls_mpi_init(&dA); mbedtls_mpi_init(&xA);
+ mbedtls_mpi_init(&dB); mbedtls_mpi_init(&xB);
+ mbedtls_mpi_init(&xS);
+ memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
- TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &grp.G) == 0);
- TEST_ASSERT( mbedtls_test_read_mpi( &dA, dA_hex ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &dB, dB_hex ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &xA, xA_hex ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &xB, xB_hex ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &xS, xS_hex ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&dA, dA_hex) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&dB, dB_hex) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&xA, xA_hex) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&xB, xB_hex) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&xS, xS_hex) == 0);
- TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G,
- &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &dA, &grp.G,
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &R) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xA) == 0);
- TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &R,
- &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xS ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &dB, &R,
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0);
+ TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &R) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xS) == 0);
- TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &grp.G, NULL, NULL ) == 0 );
- TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xB ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &dB, &grp.G, NULL, NULL) == 0);
+ TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &R) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xB) == 0);
- TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &R, NULL, NULL ) == 0 );
- TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xS ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &dA, &R, NULL, NULL) == 0);
+ TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &R) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xS) == 0);
exit:
- mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &R );
- mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &xA );
- mbedtls_mpi_free( &dB ); mbedtls_mpi_free( &xB );
- mbedtls_mpi_free( &xS );
+ mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&R);
+ mbedtls_mpi_free(&dA); mbedtls_mpi_free(&xA);
+ mbedtls_mpi_free(&dB); mbedtls_mpi_free(&xB);
+ mbedtls_mpi_free(&xS);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecp_test_mul( int id, data_t * n_hex,
- data_t * Px_hex, data_t * Py_hex, data_t * Pz_hex,
- data_t * nPx_hex, data_t * nPy_hex, data_t * nPz_hex,
- int expected_ret )
+void ecp_test_mul(int id, data_t *n_hex,
+ data_t *Px_hex, data_t *Py_hex, data_t *Pz_hex,
+ data_t *nPx_hex, data_t *nPy_hex, data_t *nPz_hex,
+ int expected_ret)
{
mbedtls_ecp_group grp;
mbedtls_ecp_point P, nP, R;
mbedtls_mpi n;
mbedtls_test_rnd_pseudo_info rnd_info;
- mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R );
- mbedtls_ecp_point_init( &P ); mbedtls_ecp_point_init( &nP );
- mbedtls_mpi_init( &n );
- memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&R);
+ mbedtls_ecp_point_init(&P); mbedtls_ecp_point_init(&nP);
+ mbedtls_mpi_init(&n);
+ memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
- TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &grp.G) == 0);
- TEST_ASSERT( mbedtls_mpi_read_binary( &n, n_hex->x, n_hex->len ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_read_binary(&n, n_hex->x, n_hex->len) == 0);
- TEST_ASSERT( mbedtls_mpi_read_binary( &P.X, Px_hex->x, Px_hex->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &P.Y, Py_hex->x, Py_hex->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &P.Z, Pz_hex->x, Pz_hex->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &nP.X, nPx_hex->x, nPx_hex->len )
- == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &nP.Y, nPy_hex->x, nPy_hex->len )
- == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &nP.Z, nPz_hex->x, nPz_hex->len )
- == 0 );
+ TEST_ASSERT(mbedtls_mpi_read_binary(&P.X, Px_hex->x, Px_hex->len) == 0);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&P.Y, Py_hex->x, Py_hex->len) == 0);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&P.Z, Pz_hex->x, Pz_hex->len) == 0);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&nP.X, nPx_hex->x, nPx_hex->len)
+ == 0);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&nP.Y, nPy_hex->x, nPy_hex->len)
+ == 0);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&nP.Z, nPz_hex->x, nPz_hex->len)
+ == 0);
- TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &n, &P,
- &mbedtls_test_rnd_pseudo_rand, &rnd_info )
- == expected_ret );
+ TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &n, &P,
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info)
+ == expected_ret);
- if( expected_ret == 0 )
- {
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &nP.X, &R.X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &nP.Y, &R.Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &nP.Z, &R.Z ) == 0 );
+ if (expected_ret == 0) {
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&nP.X, &R.X) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&nP.Y, &R.Y) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&nP.Z, &R.Z) == 0);
}
exit:
- mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &R );
- mbedtls_ecp_point_free( &P ); mbedtls_ecp_point_free( &nP );
- mbedtls_mpi_free( &n );
+ mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&R);
+ mbedtls_ecp_point_free(&P); mbedtls_ecp_point_free(&nP);
+ mbedtls_mpi_free(&n);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecp_test_mul_rng( int id, data_t * d_hex)
+void ecp_test_mul_rng(int id, data_t *d_hex)
{
mbedtls_ecp_group grp;
mbedtls_mpi d;
mbedtls_ecp_point Q;
- mbedtls_ecp_group_init( &grp ); mbedtls_mpi_init( &d );
- mbedtls_ecp_point_init( &Q );
+ mbedtls_ecp_group_init(&grp); mbedtls_mpi_init(&d);
+ mbedtls_ecp_point_init(&Q);
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
- TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &grp.G) == 0);
- TEST_ASSERT( mbedtls_mpi_read_binary( &d, d_hex->x, d_hex->len ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_read_binary(&d, d_hex->x, d_hex->len) == 0);
- TEST_ASSERT( mbedtls_ecp_mul( &grp, &Q, &d, &grp.G,
- &mbedtls_test_rnd_zero_rand, NULL )
- == MBEDTLS_ERR_ECP_RANDOM_FAILED );
+ TEST_ASSERT(mbedtls_ecp_mul(&grp, &Q, &d, &grp.G,
+ &mbedtls_test_rnd_zero_rand, NULL)
+ == MBEDTLS_ERR_ECP_RANDOM_FAILED);
exit:
- mbedtls_ecp_group_free( &grp ); mbedtls_mpi_free( &d );
- mbedtls_ecp_point_free( &Q );
+ mbedtls_ecp_group_free(&grp); mbedtls_mpi_free(&d);
+ mbedtls_ecp_point_free(&Q);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
-void ecp_muladd( int id,
- data_t *u1_bin, data_t *P1_bin,
- data_t *u2_bin, data_t *P2_bin,
- data_t *expected_result )
+void ecp_muladd(int id,
+ data_t *u1_bin, data_t *P1_bin,
+ data_t *u2_bin, data_t *P2_bin,
+ data_t *expected_result)
{
/* Compute R = u1 * P1 + u2 * P2 */
mbedtls_ecp_group grp;
@@ -820,152 +832,147 @@
uint8_t actual_result[MBEDTLS_ECP_MAX_PT_LEN];
size_t len;
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecp_point_init( &P1 );
- mbedtls_ecp_point_init( &P2 );
- mbedtls_ecp_point_init( &R );
- mbedtls_mpi_init( &u1 );
- mbedtls_mpi_init( &u2 );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point_init(&P1);
+ mbedtls_ecp_point_init(&P2);
+ mbedtls_ecp_point_init(&R);
+ mbedtls_mpi_init(&u1);
+ mbedtls_mpi_init(&u2);
- TEST_EQUAL( 0, mbedtls_ecp_group_load( &grp, id ) );
- TEST_EQUAL( 0, mbedtls_mpi_read_binary( &u1, u1_bin->x, u1_bin->len ) );
- TEST_EQUAL( 0, mbedtls_mpi_read_binary( &u2, u2_bin->x, u2_bin->len ) );
- TEST_EQUAL( 0, mbedtls_ecp_point_read_binary( &grp, &P1,
- P1_bin->x, P1_bin->len ) );
- TEST_EQUAL( 0, mbedtls_ecp_point_read_binary( &grp, &P2,
- P2_bin->x, P2_bin->len ) );
+ TEST_EQUAL(0, mbedtls_ecp_group_load(&grp, id));
+ TEST_EQUAL(0, mbedtls_mpi_read_binary(&u1, u1_bin->x, u1_bin->len));
+ TEST_EQUAL(0, mbedtls_mpi_read_binary(&u2, u2_bin->x, u2_bin->len));
+ TEST_EQUAL(0, mbedtls_ecp_point_read_binary(&grp, &P1,
+ P1_bin->x, P1_bin->len));
+ TEST_EQUAL(0, mbedtls_ecp_point_read_binary(&grp, &P2,
+ P2_bin->x, P2_bin->len));
- TEST_EQUAL( 0, mbedtls_ecp_muladd( &grp, &R, &u1, &P1, &u2, &P2 ) );
- TEST_EQUAL( 0, mbedtls_ecp_point_write_binary(
- &grp, &R, MBEDTLS_ECP_PF_UNCOMPRESSED,
- &len, actual_result, sizeof( actual_result ) ) );
- TEST_ASSERT( len <= MBEDTLS_ECP_MAX_PT_LEN );
+ TEST_EQUAL(0, mbedtls_ecp_muladd(&grp, &R, &u1, &P1, &u2, &P2));
+ TEST_EQUAL(0, mbedtls_ecp_point_write_binary(
+ &grp, &R, MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &len, actual_result, sizeof(actual_result)));
+ TEST_ASSERT(len <= MBEDTLS_ECP_MAX_PT_LEN);
- ASSERT_COMPARE( expected_result->x, expected_result->len,
- actual_result, len );
+ ASSERT_COMPARE(expected_result->x, expected_result->len,
+ actual_result, len);
exit:
- mbedtls_ecp_group_free( &grp );
- mbedtls_ecp_point_free( &P1 );
- mbedtls_ecp_point_free( &P2 );
- mbedtls_ecp_point_free( &R );
- mbedtls_mpi_free( &u1 );
- mbedtls_mpi_free( &u2 );
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&P1);
+ mbedtls_ecp_point_free(&P2);
+ mbedtls_ecp_point_free(&R);
+ mbedtls_mpi_free(&u1);
+ mbedtls_mpi_free(&u2);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecp_fast_mod( int id, char * N_str )
+void ecp_fast_mod(int id, char *N_str)
{
mbedtls_ecp_group grp;
mbedtls_mpi N, R;
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &R );
- mbedtls_ecp_group_init( &grp );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&R);
+ mbedtls_ecp_group_init(&grp);
- TEST_ASSERT( mbedtls_test_read_mpi( &N, N_str ) == 0 );
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( grp.modp != NULL );
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, N_str) == 0);
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
+ TEST_ASSERT(grp.modp != NULL);
/*
* Store correct result before we touch N
*/
- TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &N, &grp.P ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &N, &grp.P) == 0);
- TEST_ASSERT( grp.modp( &N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_bitlen( &N ) <= grp.pbits + 3 );
+ TEST_ASSERT(grp.modp(&N) == 0);
+ TEST_ASSERT(mbedtls_mpi_bitlen(&N) <= grp.pbits + 3);
/*
* Use mod rather than addition/subtraction in case previous test fails
*/
- TEST_ASSERT( mbedtls_mpi_mod_mpi( &N, &N, &grp.P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &R ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_mod_mpi(&N, &N, &grp.P) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&N, &R) == 0);
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &R );
- mbedtls_ecp_group_free( &grp );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&R);
+ mbedtls_ecp_group_free(&grp);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecp_write_binary( int id, char * x, char * y, char * z, int format,
- data_t * out, int blen, int ret )
+void ecp_write_binary(int id, char *x, char *y, char *z, int format,
+ data_t *out, int blen, int ret)
{
mbedtls_ecp_group grp;
mbedtls_ecp_point P;
unsigned char buf[256];
size_t olen;
- memset( buf, 0, sizeof( buf ) );
+ memset(buf, 0, sizeof(buf));
- mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &P );
+ mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&P);
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
- TEST_ASSERT( mbedtls_test_read_mpi( &P.X, x ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &P.Y, y ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &P.Z, z ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&P.X, x) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&P.Y, y) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&P.Z, z) == 0);
- TEST_ASSERT( mbedtls_ecp_point_write_binary( &grp, &P, format,
- &olen, buf, blen ) == ret );
+ TEST_ASSERT(mbedtls_ecp_point_write_binary(&grp, &P, format,
+ &olen, buf, blen) == ret);
- if( ret == 0 )
- {
- TEST_ASSERT( olen <= MBEDTLS_ECP_MAX_PT_LEN );
- TEST_ASSERT( mbedtls_test_hexcmp( buf, out->x, olen, out->len ) == 0 );
+ if (ret == 0) {
+ TEST_ASSERT(olen <= MBEDTLS_ECP_MAX_PT_LEN);
+ TEST_ASSERT(mbedtls_test_hexcmp(buf, out->x, olen, out->len) == 0);
}
exit:
- mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &P );
+ mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&P);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecp_read_binary( int id, data_t * buf, char * x, char * y, char * z,
- int ret )
+void ecp_read_binary(int id, data_t *buf, char *x, char *y, char *z,
+ int ret)
{
mbedtls_ecp_group grp;
mbedtls_ecp_point P;
mbedtls_mpi X, Y, Z;
- mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &P );
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
+ mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&P);
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z);
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, x ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, y ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Z, z ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, x) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, y) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Z, z) == 0);
- TEST_ASSERT( mbedtls_ecp_point_read_binary( &grp, &P, buf->x, buf->len ) == ret );
+ TEST_ASSERT(mbedtls_ecp_point_read_binary(&grp, &P, buf->x, buf->len) == ret);
- if( ret == 0 )
- {
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.X, &X ) == 0 );
- if( mbedtls_ecp_get_type( &grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
- {
- TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, 0 ) == 0 );
- TEST_ASSERT( P.Y.p == NULL );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &Z, 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &P.Z, 1 ) == 0 );
- }
- else
- {
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Y, &Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Z, &Z ) == 0 );
+ if (ret == 0) {
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P.X, &X) == 0);
+ if (mbedtls_ecp_get_type(&grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+ TEST_ASSERT(mbedtls_mpi_cmp_int(&Y, 0) == 0);
+ TEST_ASSERT(P.Y.p == NULL);
+ TEST_ASSERT(mbedtls_mpi_cmp_int(&Z, 1) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_int(&P.Z, 1) == 0);
+ } else {
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P.Y, &Y) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P.Z, &Z) == 0);
}
}
exit:
- mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &P );
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
+ mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&P);
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ecp_tls_read_point( int id, data_t * buf, char * x, char * y,
- char * z, int ret )
+void mbedtls_ecp_tls_read_point(int id, data_t *buf, char *x, char *y,
+ char *z, int ret)
{
mbedtls_ecp_group grp;
mbedtls_ecp_point P;
@@ -973,33 +980,32 @@
const unsigned char *vbuf = buf->x;
- mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &P );
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
+ mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&P);
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z);
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
- TEST_ASSERT( mbedtls_test_read_mpi( &X, x ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Y, y ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Z, z ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&X, x) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Y, y) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Z, z) == 0);
- TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &P, &vbuf, buf->len ) == ret );
+ TEST_ASSERT(mbedtls_ecp_tls_read_point(&grp, &P, &vbuf, buf->len) == ret);
- if( ret == 0 )
- {
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.X, &X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Y, &Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Z, &Z ) == 0 );
- TEST_ASSERT( (uint32_t)( vbuf - buf->x ) == buf->len );
+ if (ret == 0) {
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P.X, &X) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P.Y, &Y) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P.Z, &Z) == 0);
+ TEST_ASSERT((uint32_t) (vbuf - buf->x) == buf->len);
}
exit:
- mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &P );
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
+ mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&P);
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecp_tls_write_read_point( int id )
+void ecp_tls_write_read_point(int id)
{
mbedtls_ecp_group grp;
mbedtls_ecp_point pt;
@@ -1007,75 +1013,74 @@
const unsigned char *vbuf;
size_t olen;
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecp_point_init( &pt );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point_init(&pt);
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
- memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
- TEST_ASSERT( mbedtls_ecp_tls_write_point( &grp, &grp.G,
- MBEDTLS_ECP_PF_COMPRESSED, &olen, buf, 256 ) == 0 );
- TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &pt, &vbuf, olen )
- == MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
- TEST_ASSERT( vbuf == buf + olen );
+ memset(buf, 0x00, sizeof(buf)); vbuf = buf;
+ TEST_ASSERT(mbedtls_ecp_tls_write_point(&grp, &grp.G,
+ MBEDTLS_ECP_PF_COMPRESSED, &olen, buf, 256) == 0);
+ TEST_ASSERT(mbedtls_ecp_tls_read_point(&grp, &pt, &vbuf, olen)
+ == MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE);
+ TEST_ASSERT(vbuf == buf + olen);
- memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
- TEST_ASSERT( mbedtls_ecp_tls_write_point( &grp, &grp.G,
- MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, buf, 256 ) == 0 );
- TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &pt, &vbuf, olen ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &grp.G.X, &pt.X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &grp.G.Y, &pt.Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &grp.G.Z, &pt.Z ) == 0 );
- TEST_ASSERT( vbuf == buf + olen );
+ memset(buf, 0x00, sizeof(buf)); vbuf = buf;
+ TEST_ASSERT(mbedtls_ecp_tls_write_point(&grp, &grp.G,
+ MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, buf, 256) == 0);
+ TEST_ASSERT(mbedtls_ecp_tls_read_point(&grp, &pt, &vbuf, olen) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&grp.G.X, &pt.X) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&grp.G.Y, &pt.Y) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&grp.G.Z, &pt.Z) == 0);
+ TEST_ASSERT(vbuf == buf + olen);
- memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
- TEST_ASSERT( mbedtls_ecp_set_zero( &pt ) == 0 );
- TEST_ASSERT( mbedtls_ecp_tls_write_point( &grp, &pt,
- MBEDTLS_ECP_PF_COMPRESSED, &olen, buf, 256 ) == 0 );
- TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &pt, &vbuf, olen ) == 0 );
- TEST_ASSERT( mbedtls_ecp_is_zero( &pt ) );
- TEST_ASSERT( vbuf == buf + olen );
+ memset(buf, 0x00, sizeof(buf)); vbuf = buf;
+ TEST_ASSERT(mbedtls_ecp_set_zero(&pt) == 0);
+ TEST_ASSERT(mbedtls_ecp_tls_write_point(&grp, &pt,
+ MBEDTLS_ECP_PF_COMPRESSED, &olen, buf, 256) == 0);
+ TEST_ASSERT(mbedtls_ecp_tls_read_point(&grp, &pt, &vbuf, olen) == 0);
+ TEST_ASSERT(mbedtls_ecp_is_zero(&pt));
+ TEST_ASSERT(vbuf == buf + olen);
- memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
- TEST_ASSERT( mbedtls_ecp_set_zero( &pt ) == 0 );
- TEST_ASSERT( mbedtls_ecp_tls_write_point( &grp, &pt,
- MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, buf, 256 ) == 0 );
- TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &pt, &vbuf, olen ) == 0 );
- TEST_ASSERT( mbedtls_ecp_is_zero( &pt ) );
- TEST_ASSERT( vbuf == buf + olen );
+ memset(buf, 0x00, sizeof(buf)); vbuf = buf;
+ TEST_ASSERT(mbedtls_ecp_set_zero(&pt) == 0);
+ TEST_ASSERT(mbedtls_ecp_tls_write_point(&grp, &pt,
+ MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, buf, 256) == 0);
+ TEST_ASSERT(mbedtls_ecp_tls_read_point(&grp, &pt, &vbuf, olen) == 0);
+ TEST_ASSERT(mbedtls_ecp_is_zero(&pt));
+ TEST_ASSERT(vbuf == buf + olen);
exit:
- mbedtls_ecp_group_free( &grp );
- mbedtls_ecp_point_free( &pt );
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&pt);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ecp_tls_read_group( data_t * buf, int result, int bits,
- int record_len )
+void mbedtls_ecp_tls_read_group(data_t *buf, int result, int bits,
+ int record_len)
{
mbedtls_ecp_group grp;
const unsigned char *vbuf = buf->x;
int ret;
- mbedtls_ecp_group_init( &grp );
+ mbedtls_ecp_group_init(&grp);
- ret = mbedtls_ecp_tls_read_group( &grp, &vbuf, buf->len );
+ ret = mbedtls_ecp_tls_read_group(&grp, &vbuf, buf->len);
- TEST_ASSERT( ret == result );
- if( ret == 0)
- {
- TEST_ASSERT( mbedtls_mpi_bitlen( &grp.P ) == (size_t) bits );
- TEST_ASSERT( vbuf - buf->x == record_len);
+ TEST_ASSERT(ret == result);
+ if (ret == 0) {
+ TEST_ASSERT(mbedtls_mpi_bitlen(&grp.P) == (size_t) bits);
+ TEST_ASSERT(vbuf - buf->x == record_len);
}
exit:
- mbedtls_ecp_group_free( &grp );
+ mbedtls_ecp_group_free(&grp);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecp_tls_write_read_group( int id )
+void ecp_tls_write_read_group(int id)
{
mbedtls_ecp_group grp1, grp2;
unsigned char buf[10];
@@ -1083,33 +1088,32 @@
size_t len;
int ret;
- mbedtls_ecp_group_init( &grp1 );
- mbedtls_ecp_group_init( &grp2 );
- memset( buf, 0x00, sizeof( buf ) );
+ mbedtls_ecp_group_init(&grp1);
+ mbedtls_ecp_group_init(&grp2);
+ memset(buf, 0x00, sizeof(buf));
- TEST_ASSERT( mbedtls_ecp_group_load( &grp1, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp1, id) == 0);
- TEST_ASSERT( mbedtls_ecp_tls_write_group( &grp1, &len, buf, 10 ) == 0 );
- ret = mbedtls_ecp_tls_read_group( &grp2, &vbuf, len );
- TEST_ASSERT( ret == 0 );
+ TEST_ASSERT(mbedtls_ecp_tls_write_group(&grp1, &len, buf, 10) == 0);
+ ret = mbedtls_ecp_tls_read_group(&grp2, &vbuf, len);
+ TEST_ASSERT(ret == 0);
- if( ret == 0 )
- {
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &grp1.N, &grp2.N ) == 0 );
- TEST_ASSERT( grp1.id == grp2.id );
+ if (ret == 0) {
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&grp1.N, &grp2.N) == 0);
+ TEST_ASSERT(grp1.id == grp2.id);
}
exit:
- mbedtls_ecp_group_free( &grp1 );
- mbedtls_ecp_group_free( &grp2 );
+ mbedtls_ecp_group_free(&grp1);
+ mbedtls_ecp_group_free(&grp2);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECDH_C:MBEDTLS_ECDSA_C */
-void mbedtls_ecp_group_metadata( int id, int bit_size, int crv_type,
- char* P, char* A, char* B,
- char* G_x, char* G_y, char* N,
- int tls_id )
+void mbedtls_ecp_group_metadata(int id, int bit_size, int crv_type,
+ char *P, char *A, char *B,
+ char *G_x, char *G_y, char *N,
+ int tls_id)
{
mbedtls_ecp_group grp, grp_read, grp_cpy;
const mbedtls_ecp_group_id *g_id;
@@ -1122,316 +1126,317 @@
const unsigned char *vbuf = buf;
size_t olen;
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecp_group_init( &grp_read );
- mbedtls_ecp_group_init( &grp_cpy );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_group_init(&grp_read);
+ mbedtls_ecp_group_init(&grp_cpy);
- mbedtls_mpi_init( &exp_P );
- mbedtls_mpi_init( &exp_A );
- mbedtls_mpi_init( &exp_B );
- mbedtls_mpi_init( &exp_G_x );
- mbedtls_mpi_init( &exp_G_y );
- mbedtls_mpi_init( &exp_N );
+ mbedtls_mpi_init(&exp_P);
+ mbedtls_mpi_init(&exp_A);
+ mbedtls_mpi_init(&exp_B);
+ mbedtls_mpi_init(&exp_G_x);
+ mbedtls_mpi_init(&exp_G_y);
+ mbedtls_mpi_init(&exp_N);
// Read expected parameters
- TEST_EQUAL( mbedtls_test_read_mpi( &exp_P, P ), 0 );
- TEST_EQUAL( mbedtls_test_read_mpi( &exp_A, A ), 0 );
- TEST_EQUAL( mbedtls_test_read_mpi( &exp_G_x, G_x ), 0 );
- TEST_EQUAL( mbedtls_test_read_mpi( &exp_N, N ), 0 );
- TEST_EQUAL( mbedtls_test_read_mpi( &exp_B, B ), 0 );
- TEST_EQUAL( mbedtls_test_read_mpi( &exp_G_y, G_y ), 0 );
+ TEST_EQUAL(mbedtls_test_read_mpi(&exp_P, P), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&exp_A, A), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&exp_G_x, G_x), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&exp_N, N), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&exp_B, B), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&exp_G_y, G_y), 0);
// Convert exp_A to internal representation (A+2)/4
- if( crv_type == MBEDTLS_ECP_TYPE_MONTGOMERY )
- {
- TEST_EQUAL( mbedtls_mpi_add_int( &exp_A, &exp_A, 2 ), 0 );
- TEST_EQUAL( mbedtls_mpi_div_int( &exp_A, NULL, &exp_A, 4 ), 0 );
+ if (crv_type == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+ TEST_EQUAL(mbedtls_mpi_add_int(&exp_A, &exp_A, 2), 0);
+ TEST_EQUAL(mbedtls_mpi_div_int(&exp_A, NULL, &exp_A, 4), 0);
}
// Load group
- TEST_EQUAL( mbedtls_ecp_group_load( &grp, id ), 0 );
+ TEST_EQUAL(mbedtls_ecp_group_load(&grp, id), 0);
// Compare group with expected parameters
// A is NULL for SECPxxxR1 curves
// B and G_y are NULL for curve25519 and curve448
- TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_P, &grp.P ), 0 );
- if( *A != 0 )
- TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_A, &grp.A ), 0 );
- if( *B != 0 )
- TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_B, &grp.B ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_G_x, &grp.G.X ), 0 );
- if( *G_y != 0 )
- TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_G_y, &grp.G.Y ), 0 );
- TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_N, &grp.N ), 0 );
+ TEST_EQUAL(mbedtls_mpi_cmp_mpi(&exp_P, &grp.P), 0);
+ if (*A != 0) {
+ TEST_EQUAL(mbedtls_mpi_cmp_mpi(&exp_A, &grp.A), 0);
+ }
+ if (*B != 0) {
+ TEST_EQUAL(mbedtls_mpi_cmp_mpi(&exp_B, &grp.B), 0);
+ }
+ TEST_EQUAL(mbedtls_mpi_cmp_mpi(&exp_G_x, &grp.G.X), 0);
+ if (*G_y != 0) {
+ TEST_EQUAL(mbedtls_mpi_cmp_mpi(&exp_G_y, &grp.G.Y), 0);
+ }
+ TEST_EQUAL(mbedtls_mpi_cmp_mpi(&exp_N, &grp.N), 0);
// Load curve info and compare with known values
- crv = mbedtls_ecp_curve_info_from_grp_id( id );
- TEST_EQUAL( crv->grp_id, id );
- TEST_EQUAL( crv->bit_size, bit_size );
- TEST_EQUAL( crv->tls_id, tls_id );
+ crv = mbedtls_ecp_curve_info_from_grp_id(id);
+ TEST_EQUAL(crv->grp_id, id);
+ TEST_EQUAL(crv->bit_size, bit_size);
+ TEST_EQUAL(crv->tls_id, tls_id);
// Load curve from TLS ID and name, and compare IDs
- crv_tls_id = mbedtls_ecp_curve_info_from_tls_id( crv->tls_id );
- crv_name = mbedtls_ecp_curve_info_from_name( crv->name );
- TEST_EQUAL( crv_tls_id->grp_id, id );
- TEST_EQUAL( crv_name->grp_id, id );
+ crv_tls_id = mbedtls_ecp_curve_info_from_tls_id(crv->tls_id);
+ crv_name = mbedtls_ecp_curve_info_from_name(crv->name);
+ TEST_EQUAL(crv_tls_id->grp_id, id);
+ TEST_EQUAL(crv_name->grp_id, id);
// Validate write_group against test data
- TEST_EQUAL( mbedtls_ecp_tls_write_group( &grp, &olen,
- buf, sizeof( buf ) ),
- 0 );
- TEST_EQUAL( mbedtls_test_hexcmp( buf, ecparameters, olen,
- sizeof( ecparameters ) ),
- 0 );
+ TEST_EQUAL(mbedtls_ecp_tls_write_group(&grp, &olen,
+ buf, sizeof(buf)),
+ 0);
+ TEST_EQUAL(mbedtls_test_hexcmp(buf, ecparameters, olen,
+ sizeof(ecparameters)),
+ 0);
// Read group from buffer and compare with expected ID
- TEST_EQUAL( mbedtls_ecp_tls_read_group_id( &read_g_id, &vbuf, olen ),
- 0 );
- TEST_EQUAL( read_g_id, id );
+ TEST_EQUAL(mbedtls_ecp_tls_read_group_id(&read_g_id, &vbuf, olen),
+ 0);
+ TEST_EQUAL(read_g_id, id);
vbuf = buf;
- TEST_EQUAL( mbedtls_ecp_tls_read_group( &grp_read, &vbuf, olen ),
- 0 );
- TEST_EQUAL( grp_read.id, id );
+ TEST_EQUAL(mbedtls_ecp_tls_read_group(&grp_read, &vbuf, olen),
+ 0);
+ TEST_EQUAL(grp_read.id, id);
// Check curve type, and if it can be used for ECDH/ECDSA
- TEST_EQUAL( mbedtls_ecp_get_type( &grp ), crv_type );
- TEST_EQUAL( mbedtls_ecdh_can_do( id ), 1 );
- TEST_EQUAL( mbedtls_ecdsa_can_do( id ),
- crv_type == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS );
+ TEST_EQUAL(mbedtls_ecp_get_type(&grp), crv_type);
+ TEST_EQUAL(mbedtls_ecdh_can_do(id), 1);
+ TEST_EQUAL(mbedtls_ecdsa_can_do(id),
+ crv_type == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS);
// Copy group and compare with original
- TEST_EQUAL( mbedtls_ecp_group_copy( &grp_cpy, &grp ), 0 );
- TEST_EQUAL( mbedtls_ecp_group_cmp( &grp, &grp_cpy ), 0 );
+ TEST_EQUAL(mbedtls_ecp_group_copy(&grp_cpy, &grp), 0);
+ TEST_EQUAL(mbedtls_ecp_group_cmp(&grp, &grp_cpy), 0);
// Check curve is in curve list and group ID list
- for( crv = mbedtls_ecp_curve_list( );
- crv->grp_id != MBEDTLS_ECP_DP_NONE &&
- crv->grp_id != (unsigned) id;
- crv++ );
- TEST_EQUAL( crv->grp_id, id );
- for( g_id = mbedtls_ecp_grp_id_list( );
+ for (crv = mbedtls_ecp_curve_list();
+ crv->grp_id != MBEDTLS_ECP_DP_NONE &&
+ crv->grp_id != (unsigned) id;
+ crv++) {
+ ;
+ }
+ TEST_EQUAL(crv->grp_id, id);
+ for (g_id = mbedtls_ecp_grp_id_list();
*g_id != MBEDTLS_ECP_DP_NONE && *g_id != (unsigned) id;
- g_id++ );
- TEST_EQUAL( *g_id, (unsigned) id );
+ g_id++) {
+ ;
+ }
+ TEST_EQUAL(*g_id, (unsigned) id);
exit:
- mbedtls_ecp_group_free( &grp ); mbedtls_ecp_group_free( &grp_cpy );
- mbedtls_ecp_group_free( &grp_read );
- mbedtls_mpi_free( &exp_P ); mbedtls_mpi_free( &exp_A );
- mbedtls_mpi_free( &exp_B ); mbedtls_mpi_free( &exp_G_x );
- mbedtls_mpi_free( &exp_G_y ); mbedtls_mpi_free( &exp_N );
+ mbedtls_ecp_group_free(&grp); mbedtls_ecp_group_free(&grp_cpy);
+ mbedtls_ecp_group_free(&grp_read);
+ mbedtls_mpi_free(&exp_P); mbedtls_mpi_free(&exp_A);
+ mbedtls_mpi_free(&exp_B); mbedtls_mpi_free(&exp_G_x);
+ mbedtls_mpi_free(&exp_G_y); mbedtls_mpi_free(&exp_N);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ecp_check_privkey( int id, char * key_hex, int ret )
+void mbedtls_ecp_check_privkey(int id, char *key_hex, int ret)
{
mbedtls_ecp_group grp;
mbedtls_mpi d;
- mbedtls_ecp_group_init( &grp );
- mbedtls_mpi_init( &d );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_mpi_init(&d);
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &d, key_hex ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&d, key_hex) == 0);
- TEST_ASSERT( mbedtls_ecp_check_privkey( &grp, &d ) == ret );
+ TEST_ASSERT(mbedtls_ecp_check_privkey(&grp, &d) == ret);
exit:
- mbedtls_ecp_group_free( &grp );
- mbedtls_mpi_free( &d );
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_mpi_free(&d);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ecp_check_pub_priv( int id_pub, char * Qx_pub, char * Qy_pub,
- int id, char * d, char * Qx, char * Qy,
- int ret )
+void mbedtls_ecp_check_pub_priv(int id_pub, char *Qx_pub, char *Qy_pub,
+ int id, char *d, char *Qx, char *Qy,
+ int ret)
{
mbedtls_ecp_keypair pub, prv;
- mbedtls_ecp_keypair_init( &pub );
- mbedtls_ecp_keypair_init( &prv );
+ mbedtls_ecp_keypair_init(&pub);
+ mbedtls_ecp_keypair_init(&prv);
- if( id_pub != MBEDTLS_ECP_DP_NONE )
- TEST_ASSERT( mbedtls_ecp_group_load( &pub.grp, id_pub ) == 0 );
- TEST_ASSERT( mbedtls_ecp_point_read_string( &pub.Q, 16, Qx_pub, Qy_pub ) == 0 );
+ if (id_pub != MBEDTLS_ECP_DP_NONE) {
+ TEST_ASSERT(mbedtls_ecp_group_load(&pub.grp, id_pub) == 0);
+ }
+ TEST_ASSERT(mbedtls_ecp_point_read_string(&pub.Q, 16, Qx_pub, Qy_pub) == 0);
- if( id != MBEDTLS_ECP_DP_NONE )
- TEST_ASSERT( mbedtls_ecp_group_load( &prv.grp, id ) == 0 );
- TEST_ASSERT( mbedtls_ecp_point_read_string( &prv.Q, 16, Qx, Qy ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &prv.d, d ) == 0 );
+ if (id != MBEDTLS_ECP_DP_NONE) {
+ TEST_ASSERT(mbedtls_ecp_group_load(&prv.grp, id) == 0);
+ }
+ TEST_ASSERT(mbedtls_ecp_point_read_string(&prv.Q, 16, Qx, Qy) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&prv.d, d) == 0);
- TEST_ASSERT( mbedtls_ecp_check_pub_priv( &pub, &prv ) == ret );
+ TEST_ASSERT(mbedtls_ecp_check_pub_priv(&pub, &prv) == ret);
exit:
- mbedtls_ecp_keypair_free( &pub );
- mbedtls_ecp_keypair_free( &prv );
+ mbedtls_ecp_keypair_free(&pub);
+ mbedtls_ecp_keypair_free(&prv);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ecp_gen_keypair( int id )
+void mbedtls_ecp_gen_keypair(int id)
{
mbedtls_ecp_group grp;
mbedtls_ecp_point Q;
mbedtls_mpi d;
mbedtls_test_rnd_pseudo_info rnd_info;
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecp_point_init( &Q );
- mbedtls_mpi_init( &d );
- memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point_init(&Q);
+ mbedtls_mpi_init(&d);
+ memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
- TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_gen_keypair(&grp, &d, &Q,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
- TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &Q ) == 0 );
- TEST_ASSERT( mbedtls_ecp_check_privkey( &grp, &d ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &Q) == 0);
+ TEST_ASSERT(mbedtls_ecp_check_privkey(&grp, &d) == 0);
exit:
- mbedtls_ecp_group_free( &grp );
- mbedtls_ecp_point_free( &Q );
- mbedtls_mpi_free( &d );
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&Q);
+ mbedtls_mpi_free(&d);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ecp_gen_key( int id )
+void mbedtls_ecp_gen_key(int id)
{
mbedtls_ecp_keypair key;
mbedtls_test_rnd_pseudo_info rnd_info;
- mbedtls_ecp_keypair_init( &key );
- memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ mbedtls_ecp_keypair_init(&key);
+ memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
- TEST_ASSERT( mbedtls_ecp_gen_key( id, &key,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_gen_key(id, &key,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info) == 0);
- TEST_ASSERT( mbedtls_ecp_check_pubkey( &key.grp, &key.Q ) == 0 );
- TEST_ASSERT( mbedtls_ecp_check_privkey( &key.grp, &key.d ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_check_pubkey(&key.grp, &key.Q) == 0);
+ TEST_ASSERT(mbedtls_ecp_check_privkey(&key.grp, &key.d) == 0);
exit:
- mbedtls_ecp_keypair_free( &key );
+ mbedtls_ecp_keypair_free(&key);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ecp_read_key( int grp_id, data_t* in_key, int expected, int canonical )
+void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonical)
{
int ret = 0;
mbedtls_ecp_keypair key;
mbedtls_ecp_keypair key2;
- mbedtls_ecp_keypair_init( &key );
- mbedtls_ecp_keypair_init( &key2 );
+ mbedtls_ecp_keypair_init(&key);
+ mbedtls_ecp_keypair_init(&key2);
- ret = mbedtls_ecp_read_key( grp_id, &key, in_key->x, in_key->len );
- TEST_ASSERT( ret == expected );
+ ret = mbedtls_ecp_read_key(grp_id, &key, in_key->x, in_key->len);
+ TEST_ASSERT(ret == expected);
- if( expected == 0 )
- {
- ret = mbedtls_ecp_check_privkey( &key.grp, &key.d );
- TEST_ASSERT( ret == 0 );
+ if (expected == 0) {
+ ret = mbedtls_ecp_check_privkey(&key.grp, &key.d);
+ TEST_ASSERT(ret == 0);
- if( canonical )
- {
+ if (canonical) {
unsigned char buf[MBEDTLS_ECP_MAX_BYTES];
- ret = mbedtls_ecp_write_key( &key, buf, in_key->len );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_ecp_write_key(&key, buf, in_key->len);
+ TEST_ASSERT(ret == 0);
- ASSERT_COMPARE( in_key->x, in_key->len,
- buf, in_key->len );
- }
- else
- {
+ ASSERT_COMPARE(in_key->x, in_key->len,
+ buf, in_key->len);
+ } else {
unsigned char export1[MBEDTLS_ECP_MAX_BYTES];
unsigned char export2[MBEDTLS_ECP_MAX_BYTES];
- ret = mbedtls_ecp_write_key( &key, export1, in_key->len );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_ecp_write_key(&key, export1, in_key->len);
+ TEST_ASSERT(ret == 0);
- ret = mbedtls_ecp_read_key( grp_id, &key2, export1, in_key->len );
- TEST_ASSERT( ret == expected );
+ ret = mbedtls_ecp_read_key(grp_id, &key2, export1, in_key->len);
+ TEST_ASSERT(ret == expected);
- ret = mbedtls_ecp_write_key( &key2, export2, in_key->len );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_ecp_write_key(&key2, export2, in_key->len);
+ TEST_ASSERT(ret == 0);
- ASSERT_COMPARE( export1, in_key->len,
- export2, in_key->len );
+ ASSERT_COMPARE(export1, in_key->len,
+ export2, in_key->len);
}
}
exit:
- mbedtls_ecp_keypair_free( &key );
- mbedtls_ecp_keypair_free( &key2 );
+ mbedtls_ecp_keypair_free(&key);
+ mbedtls_ecp_keypair_free(&key2);
}
/* END_CASE */
/* BEGIN_CASE depends_on:HAVE_FIX_NEGATIVE */
-void fix_negative( data_t *N_bin, int c, int bits )
+void fix_negative(data_t *N_bin, int c, int bits)
{
mbedtls_mpi C, M, N;
- mbedtls_mpi_init( &C );
- mbedtls_mpi_init( &M );
- mbedtls_mpi_init( &N );
+ mbedtls_mpi_init(&C);
+ mbedtls_mpi_init(&M);
+ mbedtls_mpi_init(&N);
/* C = - c * 2^bits (positive since c is negative) */
- TEST_EQUAL( 0, mbedtls_mpi_lset( &C, -c ) );
- TEST_EQUAL( 0, mbedtls_mpi_shift_l( &C, bits ) );
+ TEST_EQUAL(0, mbedtls_mpi_lset(&C, -c));
+ TEST_EQUAL(0, mbedtls_mpi_shift_l(&C, bits));
- TEST_EQUAL( 0, mbedtls_mpi_read_binary( &N, N_bin->x, N_bin->len ) );
- TEST_EQUAL( 0, mbedtls_mpi_grow( &N, C.n ) );
+ TEST_EQUAL(0, mbedtls_mpi_read_binary(&N, N_bin->x, N_bin->len));
+ TEST_EQUAL(0, mbedtls_mpi_grow(&N, C.n));
/* M = N - C = - ( C - N ) (expected result of fix_negative) */
- TEST_EQUAL( 0, mbedtls_mpi_sub_mpi( &M, &N, &C ) );
+ TEST_EQUAL(0, mbedtls_mpi_sub_mpi(&M, &N, &C));
- mbedtls_ecp_fix_negative( &N, c, bits );
+ mbedtls_ecp_fix_negative(&N, c, bits);
- TEST_EQUAL( 0, mbedtls_mpi_cmp_mpi( &N, &M ) );
+ TEST_EQUAL(0, mbedtls_mpi_cmp_mpi(&N, &M));
exit:
- mbedtls_mpi_free( &C );
- mbedtls_mpi_free( &M );
- mbedtls_mpi_free( &N );
+ mbedtls_mpi_free(&C);
+ mbedtls_mpi_free(&M);
+ mbedtls_mpi_free(&N);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_MONTGOMERY_ENABLED */
-void genkey_mx_known_answer( int bits, data_t *seed, data_t *expected )
+void genkey_mx_known_answer(int bits, data_t *seed, data_t *expected)
{
mbedtls_test_rnd_buf_info rnd_info;
mbedtls_mpi d;
int ret;
uint8_t *actual = NULL;
- mbedtls_mpi_init( &d );
+ mbedtls_mpi_init(&d);
rnd_info.buf = seed->x;
rnd_info.length = seed->len;
rnd_info.fallback_f_rng = NULL;
rnd_info.fallback_p_rng = NULL;
- ASSERT_ALLOC( actual, expected->len );
+ ASSERT_ALLOC(actual, expected->len);
- ret = mbedtls_ecp_gen_privkey_mx( bits, &d,
- mbedtls_test_rnd_buffer_rand, &rnd_info );
+ ret = mbedtls_ecp_gen_privkey_mx(bits, &d,
+ mbedtls_test_rnd_buffer_rand, &rnd_info);
- if( expected->len == 0 )
- {
+ if (expected->len == 0) {
/* Expecting an error (happens if there isn't enough randomness) */
- TEST_ASSERT( ret != 0 );
- }
- else
- {
- TEST_EQUAL( ret, 0 );
- TEST_EQUAL( (size_t) bits + 1, mbedtls_mpi_bitlen( &d ) );
- TEST_EQUAL( 0, mbedtls_mpi_write_binary( &d, actual, expected->len ) );
+ TEST_ASSERT(ret != 0);
+ } else {
+ TEST_EQUAL(ret, 0);
+ TEST_EQUAL((size_t) bits + 1, mbedtls_mpi_bitlen(&d));
+ TEST_EQUAL(0, mbedtls_mpi_write_binary(&d, actual, expected->len));
/* Test the exact result. This assumes that the output of the
* RNG is used in a specific way, which is overly constraining.
* The advantage is that it's easier to test the expected properties
@@ -1442,109 +1447,109 @@
* (can be enforced by checking these bits).
* - Other bits must be random (by testing with different RNG outputs,
* we validate that those bits are indeed influenced by the RNG). */
- ASSERT_COMPARE( expected->x, expected->len,
- actual, expected->len );
+ ASSERT_COMPARE(expected->x, expected->len,
+ actual, expected->len);
}
exit:
- mbedtls_free( actual );
- mbedtls_mpi_free( &d );
+ mbedtls_free(actual);
+ mbedtls_mpi_free(&d);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecp_set_zero( int id, data_t * P_bin )
+void ecp_set_zero(int id, data_t *P_bin)
{
mbedtls_ecp_group grp;
mbedtls_ecp_point pt, zero_pt, nonzero_pt;
- mbedtls_ecp_group_init( &grp );
- mbedtls_ecp_point_init( &pt );
- mbedtls_ecp_point_init( &zero_pt );
- mbedtls_ecp_point_init( &nonzero_pt );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point_init(&pt);
+ mbedtls_ecp_point_init(&zero_pt);
+ mbedtls_ecp_point_init(&nonzero_pt);
// Set zero and non-zero points for comparison
- TEST_EQUAL( mbedtls_ecp_set_zero( &zero_pt ), 0 );
- TEST_EQUAL( mbedtls_ecp_group_load( &grp, id ), 0 );
- TEST_EQUAL( mbedtls_ecp_point_read_binary( &grp, &nonzero_pt,
- P_bin->x, P_bin->len ), 0 );
- TEST_EQUAL( mbedtls_ecp_is_zero( &zero_pt ), 1 );
- TEST_EQUAL( mbedtls_ecp_is_zero( &nonzero_pt ), 0 );
+ TEST_EQUAL(mbedtls_ecp_set_zero(&zero_pt), 0);
+ TEST_EQUAL(mbedtls_ecp_group_load(&grp, id), 0);
+ TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &nonzero_pt,
+ P_bin->x, P_bin->len), 0);
+ TEST_EQUAL(mbedtls_ecp_is_zero(&zero_pt), 1);
+ TEST_EQUAL(mbedtls_ecp_is_zero(&nonzero_pt), 0);
// Test initialized point
- TEST_EQUAL( mbedtls_ecp_set_zero( &pt ), 0 );
- TEST_EQUAL( mbedtls_ecp_is_zero( &pt ), 1 );
- TEST_EQUAL( mbedtls_ecp_point_cmp( &zero_pt, &pt ), 0 );
- TEST_EQUAL( mbedtls_ecp_point_cmp( &nonzero_pt, &zero_pt ),
- MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ TEST_EQUAL(mbedtls_ecp_set_zero(&pt), 0);
+ TEST_EQUAL(mbedtls_ecp_is_zero(&pt), 1);
+ TEST_EQUAL(mbedtls_ecp_point_cmp(&zero_pt, &pt), 0);
+ TEST_EQUAL(mbedtls_ecp_point_cmp(&nonzero_pt, &zero_pt),
+ MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
// Test zeroed point
- TEST_EQUAL( mbedtls_ecp_set_zero( &pt ), 0 );
- TEST_EQUAL( mbedtls_ecp_is_zero( &pt ), 1 );
- TEST_EQUAL( mbedtls_ecp_point_cmp( &zero_pt, &pt ), 0 );
- TEST_EQUAL( mbedtls_ecp_point_cmp( &nonzero_pt, &pt ),
- MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ TEST_EQUAL(mbedtls_ecp_set_zero(&pt), 0);
+ TEST_EQUAL(mbedtls_ecp_is_zero(&pt), 1);
+ TEST_EQUAL(mbedtls_ecp_point_cmp(&zero_pt, &pt), 0);
+ TEST_EQUAL(mbedtls_ecp_point_cmp(&nonzero_pt, &pt),
+ MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
// Set point to non-zero value
- TEST_EQUAL( mbedtls_ecp_point_read_binary( &grp, &pt,
- P_bin->x, P_bin->len ), 0 );
- TEST_EQUAL( mbedtls_ecp_is_zero( &pt ), 0 );
- TEST_EQUAL( mbedtls_ecp_point_cmp( &zero_pt, &pt ),
- MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
- TEST_EQUAL( mbedtls_ecp_point_cmp( &nonzero_pt, &pt), 0 );
+ TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &pt,
+ P_bin->x, P_bin->len), 0);
+ TEST_EQUAL(mbedtls_ecp_is_zero(&pt), 0);
+ TEST_EQUAL(mbedtls_ecp_point_cmp(&zero_pt, &pt),
+ MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
+ TEST_EQUAL(mbedtls_ecp_point_cmp(&nonzero_pt, &pt), 0);
// Test non-zero point
- TEST_EQUAL( mbedtls_ecp_set_zero( &pt ), 0 );
- TEST_EQUAL( mbedtls_ecp_is_zero( &pt ), 1 );
- TEST_EQUAL( mbedtls_ecp_point_cmp( &zero_pt, &pt ), 0 );
- TEST_EQUAL( mbedtls_ecp_point_cmp( &nonzero_pt, &pt ),
- MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ TEST_EQUAL(mbedtls_ecp_set_zero(&pt), 0);
+ TEST_EQUAL(mbedtls_ecp_is_zero(&pt), 1);
+ TEST_EQUAL(mbedtls_ecp_point_cmp(&zero_pt, &pt), 0);
+ TEST_EQUAL(mbedtls_ecp_point_cmp(&nonzero_pt, &pt),
+ MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
// Test freed non-zero point
- TEST_EQUAL( mbedtls_ecp_point_read_binary( &grp, &pt,
- P_bin->x, P_bin->len ), 0 );
- mbedtls_ecp_point_free( &pt );
- TEST_EQUAL( mbedtls_ecp_set_zero( &pt ), 0 );
- TEST_EQUAL( mbedtls_ecp_is_zero( &pt ), 1 );
- TEST_EQUAL( mbedtls_ecp_point_cmp( &zero_pt, &pt ), 0 );
- TEST_EQUAL( mbedtls_ecp_point_cmp( &nonzero_pt, &pt),
- MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &pt,
+ P_bin->x, P_bin->len), 0);
+ mbedtls_ecp_point_free(&pt);
+ TEST_EQUAL(mbedtls_ecp_set_zero(&pt), 0);
+ TEST_EQUAL(mbedtls_ecp_is_zero(&pt), 1);
+ TEST_EQUAL(mbedtls_ecp_point_cmp(&zero_pt, &pt), 0);
+ TEST_EQUAL(mbedtls_ecp_point_cmp(&nonzero_pt, &pt),
+ MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
exit:
- mbedtls_ecp_group_free( &grp );
- mbedtls_ecp_point_free( &pt );
- mbedtls_ecp_point_free( &zero_pt );
- mbedtls_ecp_point_free( &nonzero_pt );
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&pt);
+ mbedtls_ecp_point_free(&zero_pt);
+ mbedtls_ecp_point_free(&nonzero_pt);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void ecp_selftest( )
+void ecp_selftest()
{
- TEST_ASSERT( mbedtls_ecp_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_self_test(1) == 0);
}
/* END_CASE */
/* BEGIN_CASE */
-void ecp_check_order( int id, char * expected_order_hex )
+void ecp_check_order(int id, char *expected_order_hex)
{
mbedtls_ecp_group grp;
mbedtls_mpi expected_n;
- mbedtls_ecp_group_init( &grp );
- mbedtls_mpi_init( &expected_n );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_mpi_init(&expected_n);
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &expected_n, expected_order_hex ) == 0);
+ TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&expected_n, expected_order_hex) == 0);
// check sign bits are well-formed (i.e. 1 or -1) - see #5810
- TEST_ASSERT( grp.N.s == -1 || grp.N.s == 1);
- TEST_ASSERT( expected_n.s == -1 || expected_n.s == 1);
+ TEST_ASSERT(grp.N.s == -1 || grp.N.s == 1);
+ TEST_ASSERT(expected_n.s == -1 || expected_n.s == 1);
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &grp.N, &expected_n ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&grp.N, &expected_n) == 0);
exit:
- mbedtls_ecp_group_free( &grp );
- mbedtls_mpi_free( &expected_n );
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_mpi_free(&expected_n);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index e5e88bb..b04ed54 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -4,15 +4,13 @@
#include "mbedtls/md.h"
#include "string.h"
-typedef enum
-{
+typedef enum {
DUMMY_CONSTANT_LENGTH, /* Output context->length bytes */
DUMMY_REQUESTED_LENGTH, /* Output whatever length was requested */
DUMMY_FAIL, /* Return an error code */
} entropy_dummy_instruction;
-typedef struct
-{
+typedef struct {
entropy_dummy_instruction instruction;
size_t length; /* Length to return for DUMMY_CONSTANT_LENGTH */
size_t calls; /* Incremented at each call */
@@ -24,14 +22,13 @@
* If data is NULL, write exactly the requested length.
* Otherwise, write the length indicated by data or error if negative
*/
-static int entropy_dummy_source( void *arg, unsigned char *output,
- size_t len, size_t *olen )
+static int entropy_dummy_source(void *arg, unsigned char *output,
+ size_t len, size_t *olen)
{
entropy_dummy_context *context = arg;
++context->calls;
- switch( context->instruction )
- {
+ switch (context->instruction) {
case DUMMY_CONSTANT_LENGTH:
*olen = context->length;
break;
@@ -39,11 +36,11 @@
*olen = len;
break;
case DUMMY_FAIL:
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
- memset( output, 0x2a, *olen );
- return( 0 );
+ memset(output, 0x2a, *olen);
+ return 0;
}
/*
@@ -57,7 +54,7 @@
* This might break memory checks in the future if sources need 'free-ing' then
* as well.
*/
-static void entropy_clear_sources( mbedtls_entropy_context *ctx )
+static void entropy_clear_sources(mbedtls_entropy_context *ctx)
{
ctx->source_count = 0;
}
@@ -68,63 +65,71 @@
*/
static unsigned char buffer_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
-int buffer_nv_seed_read( unsigned char *buf, size_t buf_len )
+int buffer_nv_seed_read(unsigned char *buf, size_t buf_len)
{
- if( buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE )
- return( -1 );
+ if (buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE) {
+ return -1;
+ }
- memcpy( buf, buffer_seed, MBEDTLS_ENTROPY_BLOCK_SIZE );
- return( 0 );
+ memcpy(buf, buffer_seed, MBEDTLS_ENTROPY_BLOCK_SIZE);
+ return 0;
}
-int buffer_nv_seed_write( unsigned char *buf, size_t buf_len )
+int buffer_nv_seed_write(unsigned char *buf, size_t buf_len)
{
- if( buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE )
- return( -1 );
+ if (buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE) {
+ return -1;
+ }
- memcpy( buffer_seed, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
- return( 0 );
+ memcpy(buffer_seed, buf, MBEDTLS_ENTROPY_BLOCK_SIZE);
+ return 0;
}
/*
* NV seed read/write helpers that fill the base seedfile
*/
-static int write_nv_seed( unsigned char *buf, size_t buf_len )
+static int write_nv_seed(unsigned char *buf, size_t buf_len)
{
FILE *f;
- if( buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE )
- return( -1 );
+ if (buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE) {
+ return -1;
+ }
- if( ( f = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL )
- return( -1 );
+ if ((f = fopen(MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w")) == NULL) {
+ return -1;
+ }
- if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) !=
- MBEDTLS_ENTROPY_BLOCK_SIZE )
- return( -1 );
+ if (fwrite(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) !=
+ MBEDTLS_ENTROPY_BLOCK_SIZE) {
+ return -1;
+ }
- fclose( f );
+ fclose(f);
- return( 0 );
+ return 0;
}
-int read_nv_seed( unsigned char *buf, size_t buf_len )
+int read_nv_seed(unsigned char *buf, size_t buf_len)
{
FILE *f;
- if( buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE )
- return( -1 );
+ if (buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE) {
+ return -1;
+ }
- if( ( f = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL )
- return( -1 );
+ if ((f = fopen(MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb")) == NULL) {
+ return -1;
+ }
- if( fread( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) !=
- MBEDTLS_ENTROPY_BLOCK_SIZE )
- return( -1 );
+ if (fread(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) !=
+ MBEDTLS_ENTROPY_BLOCK_SIZE) {
+ return -1;
+ }
- fclose( f );
+ fclose(f);
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_ENTROPY_NV_SEED */
/* END_HEADER */
@@ -135,7 +140,7 @@
*/
/* BEGIN_CASE */
-void entropy_init_free( int reinit )
+void entropy_init_free(int reinit)
{
mbedtls_entropy_context ctx;
@@ -143,12 +148,13 @@
* to call mbedtls_entropy_free() unconditionally on an error path without
* checking whether it has already been called in the success path. */
- mbedtls_entropy_init( &ctx );
- mbedtls_entropy_free( &ctx );
+ mbedtls_entropy_init(&ctx);
+ mbedtls_entropy_free(&ctx);
- if( reinit )
- mbedtls_entropy_init( &ctx );
- mbedtls_entropy_free( &ctx );
+ if (reinit) {
+ mbedtls_entropy_init(&ctx);
+ }
+ mbedtls_entropy_free(&ctx);
/* This test case always succeeds, functionally speaking. A plausible
* bug might trigger an invalid pointer dereference or a memory leak. */
@@ -157,189 +163,190 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
-void entropy_seed_file( char * path, int ret )
+void entropy_seed_file(char *path, int ret)
{
mbedtls_entropy_context ctx;
- mbedtls_entropy_init( &ctx );
+ mbedtls_entropy_init(&ctx);
- TEST_ASSERT( mbedtls_entropy_write_seed_file( &ctx, path ) == ret );
- TEST_ASSERT( mbedtls_entropy_update_seed_file( &ctx, path ) == ret );
+ TEST_ASSERT(mbedtls_entropy_write_seed_file(&ctx, path) == ret);
+ TEST_ASSERT(mbedtls_entropy_update_seed_file(&ctx, path) == ret);
exit:
- mbedtls_entropy_free( &ctx );
+ mbedtls_entropy_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
-void entropy_write_base_seed_file( int ret )
+void entropy_write_base_seed_file(int ret)
{
mbedtls_entropy_context ctx;
- mbedtls_entropy_init( &ctx );
+ mbedtls_entropy_init(&ctx);
- TEST_ASSERT( mbedtls_entropy_write_seed_file( &ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE ) == ret );
- TEST_ASSERT( mbedtls_entropy_update_seed_file( &ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE ) == ret );
+ TEST_ASSERT(mbedtls_entropy_write_seed_file(&ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE) == ret);
+ TEST_ASSERT(mbedtls_entropy_update_seed_file(&ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE) == ret);
exit:
- mbedtls_entropy_free( &ctx );
+ mbedtls_entropy_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void entropy_no_sources( )
+void entropy_no_sources()
{
mbedtls_entropy_context ctx;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
- mbedtls_entropy_init( &ctx );
- entropy_clear_sources( &ctx );
- TEST_EQUAL( mbedtls_entropy_func( &ctx, buf, sizeof( buf ) ),
- MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED );
+ mbedtls_entropy_init(&ctx);
+ entropy_clear_sources(&ctx);
+ TEST_EQUAL(mbedtls_entropy_func(&ctx, buf, sizeof(buf)),
+ MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED);
exit:
- mbedtls_entropy_free( &ctx );
+ mbedtls_entropy_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void entropy_too_many_sources( )
+void entropy_too_many_sources()
{
mbedtls_entropy_context ctx;
size_t i;
- entropy_dummy_context dummy = {DUMMY_REQUESTED_LENGTH, 0, 0};
+ entropy_dummy_context dummy = { DUMMY_REQUESTED_LENGTH, 0, 0 };
- mbedtls_entropy_init( &ctx );
+ mbedtls_entropy_init(&ctx);
/*
* It's hard to tell precisely when the error will occur,
* since we don't know how many sources were automatically added.
*/
- for( i = 0; i < MBEDTLS_ENTROPY_MAX_SOURCES; i++ )
- (void) mbedtls_entropy_add_source( &ctx, entropy_dummy_source, &dummy,
- 16, MBEDTLS_ENTROPY_SOURCE_WEAK );
+ for (i = 0; i < MBEDTLS_ENTROPY_MAX_SOURCES; i++) {
+ (void) mbedtls_entropy_add_source(&ctx, entropy_dummy_source, &dummy,
+ 16, MBEDTLS_ENTROPY_SOURCE_WEAK);
+ }
- TEST_ASSERT( mbedtls_entropy_add_source( &ctx, entropy_dummy_source, &dummy,
- 16, MBEDTLS_ENTROPY_SOURCE_WEAK )
- == MBEDTLS_ERR_ENTROPY_MAX_SOURCES );
+ TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source, &dummy,
+ 16, MBEDTLS_ENTROPY_SOURCE_WEAK)
+ == MBEDTLS_ERR_ENTROPY_MAX_SOURCES);
exit:
- mbedtls_entropy_free( &ctx );
+ mbedtls_entropy_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:ENTROPY_HAVE_STRONG */
-void entropy_func_len( int len, int ret )
+void entropy_func_len(int len, int ret)
{
mbedtls_entropy_context ctx;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE + 10] = { 0 };
unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE + 10] = { 0 };
size_t i, j;
- mbedtls_entropy_init( &ctx );
+ mbedtls_entropy_init(&ctx);
/*
* See comments in mbedtls_entropy_self_test()
*/
- for( i = 0; i < 8; i++ )
- {
- TEST_ASSERT( mbedtls_entropy_func( &ctx, buf, len ) == ret );
- for( j = 0; j < sizeof( buf ); j++ )
+ for (i = 0; i < 8; i++) {
+ TEST_ASSERT(mbedtls_entropy_func(&ctx, buf, len) == ret);
+ for (j = 0; j < sizeof(buf); j++) {
acc[j] |= buf[j];
+ }
}
- if( ret == 0 )
- for( j = 0; j < (size_t) len; j++ )
- TEST_ASSERT( acc[j] != 0 );
+ if (ret == 0) {
+ for (j = 0; j < (size_t) len; j++) {
+ TEST_ASSERT(acc[j] != 0);
+ }
+ }
- for( j = len; j < sizeof( buf ); j++ )
- TEST_ASSERT( acc[j] == 0 );
+ for (j = len; j < sizeof(buf); j++) {
+ TEST_ASSERT(acc[j] == 0);
+ }
exit:
- mbedtls_entropy_free( &ctx );
+ mbedtls_entropy_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void entropy_source_fail( char * path )
+void entropy_source_fail(char *path)
{
mbedtls_entropy_context ctx;
unsigned char buf[16];
- entropy_dummy_context dummy = {DUMMY_FAIL, 0, 0};
+ entropy_dummy_context dummy = { DUMMY_FAIL, 0, 0 };
- mbedtls_entropy_init( &ctx );
+ mbedtls_entropy_init(&ctx);
- TEST_ASSERT( mbedtls_entropy_add_source( &ctx, entropy_dummy_source,
- &dummy, 16,
- MBEDTLS_ENTROPY_SOURCE_WEAK )
- == 0 );
+ TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source,
+ &dummy, 16,
+ MBEDTLS_ENTROPY_SOURCE_WEAK)
+ == 0);
- TEST_ASSERT( mbedtls_entropy_func( &ctx, buf, sizeof( buf ) )
- == MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
- TEST_ASSERT( mbedtls_entropy_gather( &ctx )
- == MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ TEST_ASSERT(mbedtls_entropy_func(&ctx, buf, sizeof(buf))
+ == MBEDTLS_ERR_ENTROPY_SOURCE_FAILED);
+ TEST_ASSERT(mbedtls_entropy_gather(&ctx)
+ == MBEDTLS_ERR_ENTROPY_SOURCE_FAILED);
#if defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_NV_SEED)
- TEST_ASSERT( mbedtls_entropy_write_seed_file( &ctx, path )
- == MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
- TEST_ASSERT( mbedtls_entropy_update_seed_file( &ctx, path )
- == MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ TEST_ASSERT(mbedtls_entropy_write_seed_file(&ctx, path)
+ == MBEDTLS_ERR_ENTROPY_SOURCE_FAILED);
+ TEST_ASSERT(mbedtls_entropy_update_seed_file(&ctx, path)
+ == MBEDTLS_ERR_ENTROPY_SOURCE_FAILED);
#else
((void) path);
#endif
exit:
- mbedtls_entropy_free( &ctx );
+ mbedtls_entropy_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void entropy_threshold( int threshold, int chunk_size, int result )
+void entropy_threshold(int threshold, int chunk_size, int result)
{
mbedtls_entropy_context ctx;
entropy_dummy_context strong =
- {DUMMY_CONSTANT_LENGTH, MBEDTLS_ENTROPY_BLOCK_SIZE, 0};
- entropy_dummy_context weak = {DUMMY_CONSTANT_LENGTH, chunk_size, 0};
+ { DUMMY_CONSTANT_LENGTH, MBEDTLS_ENTROPY_BLOCK_SIZE, 0 };
+ entropy_dummy_context weak = { DUMMY_CONSTANT_LENGTH, chunk_size, 0 };
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
int ret;
- mbedtls_entropy_init( &ctx );
- entropy_clear_sources( &ctx );
+ mbedtls_entropy_init(&ctx);
+ entropy_clear_sources(&ctx);
/* Set strong source that reaches its threshold immediately and
* a weak source whose threshold is a test parameter. */
- TEST_ASSERT( mbedtls_entropy_add_source( &ctx, entropy_dummy_source,
- &strong, 1,
- MBEDTLS_ENTROPY_SOURCE_STRONG ) == 0 );
- TEST_ASSERT( mbedtls_entropy_add_source( &ctx, entropy_dummy_source,
- &weak, threshold,
- MBEDTLS_ENTROPY_SOURCE_WEAK ) == 0 );
+ TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source,
+ &strong, 1,
+ MBEDTLS_ENTROPY_SOURCE_STRONG) == 0);
+ TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source,
+ &weak, threshold,
+ MBEDTLS_ENTROPY_SOURCE_WEAK) == 0);
- ret = mbedtls_entropy_func( &ctx, buf, sizeof( buf ) );
+ ret = mbedtls_entropy_func(&ctx, buf, sizeof(buf));
- if( result >= 0 )
- {
- TEST_ASSERT( ret == 0 );
+ if (result >= 0) {
+ TEST_ASSERT(ret == 0);
#if defined(MBEDTLS_ENTROPY_NV_SEED)
/* If the NV seed functionality is enabled, there are two entropy
* updates: before and after updating the NV seed. */
result *= 2;
#endif
- TEST_ASSERT( weak.calls == (size_t) result );
- }
- else
- {
- TEST_ASSERT( ret == result );
+ TEST_ASSERT(weak.calls == (size_t) result);
+ } else {
+ TEST_ASSERT(ret == result);
}
exit:
- mbedtls_entropy_free( &ctx );
+ mbedtls_entropy_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void entropy_calls( int strength1, int strength2,
- int threshold, int chunk_size,
- int result )
+void entropy_calls(int strength1, int strength2,
+ int threshold, int chunk_size,
+ int result)
{
/*
* if result >= 0: result = expected number of calls to source 1
@@ -347,101 +354,98 @@
*/
mbedtls_entropy_context ctx;
- entropy_dummy_context dummy1 = {DUMMY_CONSTANT_LENGTH, chunk_size, 0};
- entropy_dummy_context dummy2 = {DUMMY_CONSTANT_LENGTH, chunk_size, 0};
+ entropy_dummy_context dummy1 = { DUMMY_CONSTANT_LENGTH, chunk_size, 0 };
+ entropy_dummy_context dummy2 = { DUMMY_CONSTANT_LENGTH, chunk_size, 0 };
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
int ret;
- mbedtls_entropy_init( &ctx );
- entropy_clear_sources( &ctx );
+ mbedtls_entropy_init(&ctx);
+ entropy_clear_sources(&ctx);
- TEST_ASSERT( mbedtls_entropy_add_source( &ctx, entropy_dummy_source,
- &dummy1, threshold,
- strength1 ) == 0 );
- TEST_ASSERT( mbedtls_entropy_add_source( &ctx, entropy_dummy_source,
- &dummy2, threshold,
- strength2 ) == 0 );
+ TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source,
+ &dummy1, threshold,
+ strength1) == 0);
+ TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source,
+ &dummy2, threshold,
+ strength2) == 0);
- ret = mbedtls_entropy_func( &ctx, buf, sizeof( buf ) );
+ ret = mbedtls_entropy_func(&ctx, buf, sizeof(buf));
- if( result >= 0 )
- {
- TEST_ASSERT( ret == 0 );
+ if (result >= 0) {
+ TEST_ASSERT(ret == 0);
#if defined(MBEDTLS_ENTROPY_NV_SEED)
/* If the NV seed functionality is enabled, there are two entropy
* updates: before and after updating the NV seed. */
result *= 2;
#endif
- TEST_ASSERT( dummy1.calls == (size_t) result );
- }
- else
- {
- TEST_ASSERT( ret == result );
+ TEST_ASSERT(dummy1.calls == (size_t) result);
+ } else {
+ TEST_ASSERT(ret == result);
}
exit:
- mbedtls_entropy_free( &ctx );
+ mbedtls_entropy_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
-void nv_seed_file_create( )
+void nv_seed_file_create()
{
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
- memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
+ memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
- TEST_ASSERT( write_nv_seed( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
+ TEST_ASSERT(write_nv_seed(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO:MBEDTLS_PLATFORM_NV_SEED_ALT */
-void entropy_nv_seed_std_io( )
+void entropy_nv_seed_std_io()
{
unsigned char io_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
unsigned char check_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
- memset( io_seed, 1, MBEDTLS_ENTROPY_BLOCK_SIZE );
- memset( check_seed, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
+ memset(io_seed, 1, MBEDTLS_ENTROPY_BLOCK_SIZE);
+ memset(check_seed, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
- mbedtls_platform_set_nv_seed( mbedtls_platform_std_nv_seed_read,
- mbedtls_platform_std_nv_seed_write );
+ mbedtls_platform_set_nv_seed(mbedtls_platform_std_nv_seed_read,
+ mbedtls_platform_std_nv_seed_write);
/* Check if platform NV read and write manipulate the same data */
- TEST_ASSERT( write_nv_seed( io_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
- TEST_ASSERT( mbedtls_nv_seed_read( check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) ==
- MBEDTLS_ENTROPY_BLOCK_SIZE );
+ TEST_ASSERT(write_nv_seed(io_seed, MBEDTLS_ENTROPY_BLOCK_SIZE) == 0);
+ TEST_ASSERT(mbedtls_nv_seed_read(check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE) ==
+ MBEDTLS_ENTROPY_BLOCK_SIZE);
- TEST_ASSERT( memcmp( io_seed, check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
+ TEST_ASSERT(memcmp(io_seed, check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE) == 0);
- memset( check_seed, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
+ memset(check_seed, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
/* Check if platform NV write and raw read manipulate the same data */
- TEST_ASSERT( mbedtls_nv_seed_write( io_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) ==
- MBEDTLS_ENTROPY_BLOCK_SIZE );
- TEST_ASSERT( read_nv_seed( check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
+ TEST_ASSERT(mbedtls_nv_seed_write(io_seed, MBEDTLS_ENTROPY_BLOCK_SIZE) ==
+ MBEDTLS_ENTROPY_BLOCK_SIZE);
+ TEST_ASSERT(read_nv_seed(check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE) == 0);
- TEST_ASSERT( memcmp( io_seed, check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
+ TEST_ASSERT(memcmp(io_seed, check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MD_C:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT */
-void entropy_nv_seed( data_t * read_seed )
+void entropy_nv_seed(data_t *read_seed)
{
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
const mbedtls_md_info_t *md_info =
- mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 );
+ mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
#elif defined(MBEDTLS_ENTROPY_SHA256_ACCUMULATOR)
const mbedtls_md_info_t *md_info =
- mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 );
+ mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
#else
#error "Unsupported entropy accumulator"
#endif
mbedtls_md_context_t accumulator;
mbedtls_entropy_context ctx;
- int (*original_mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) =
+ int (*original_mbedtls_nv_seed_read)(unsigned char *buf, size_t buf_len) =
mbedtls_nv_seed_read;
- int (*original_mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ) =
+ int (*original_mbedtls_nv_seed_write)(unsigned char *buf, size_t buf_len) =
mbedtls_nv_seed_write;
unsigned char header[2];
@@ -451,80 +455,80 @@
unsigned char check_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
unsigned char check_entropy[MBEDTLS_ENTROPY_BLOCK_SIZE];
- memset( entropy, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
- memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
- memset( empty, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
- memset( check_seed, 2, MBEDTLS_ENTROPY_BLOCK_SIZE );
- memset( check_entropy, 3, MBEDTLS_ENTROPY_BLOCK_SIZE );
+ memset(entropy, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
+ memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
+ memset(empty, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
+ memset(check_seed, 2, MBEDTLS_ENTROPY_BLOCK_SIZE);
+ memset(check_entropy, 3, MBEDTLS_ENTROPY_BLOCK_SIZE);
// Make sure we read/write NV seed from our buffers
- mbedtls_platform_set_nv_seed( buffer_nv_seed_read, buffer_nv_seed_write );
+ mbedtls_platform_set_nv_seed(buffer_nv_seed_read, buffer_nv_seed_write);
- mbedtls_md_init( &accumulator );
- mbedtls_entropy_init( &ctx );
- entropy_clear_sources( &ctx );
+ mbedtls_md_init(&accumulator);
+ mbedtls_entropy_init(&ctx);
+ entropy_clear_sources(&ctx);
- TEST_ASSERT( mbedtls_entropy_add_source( &ctx, mbedtls_nv_seed_poll, NULL,
- MBEDTLS_ENTROPY_BLOCK_SIZE,
- MBEDTLS_ENTROPY_SOURCE_STRONG ) == 0 );
+ TEST_ASSERT(mbedtls_entropy_add_source(&ctx, mbedtls_nv_seed_poll, NULL,
+ MBEDTLS_ENTROPY_BLOCK_SIZE,
+ MBEDTLS_ENTROPY_SOURCE_STRONG) == 0);
// Set the initial NV seed to read
- TEST_ASSERT( read_seed->len >= MBEDTLS_ENTROPY_BLOCK_SIZE );
- memcpy( buffer_seed, read_seed->x, MBEDTLS_ENTROPY_BLOCK_SIZE );
+ TEST_ASSERT(read_seed->len >= MBEDTLS_ENTROPY_BLOCK_SIZE);
+ memcpy(buffer_seed, read_seed->x, MBEDTLS_ENTROPY_BLOCK_SIZE);
// Do an entropy run
- TEST_ASSERT( mbedtls_entropy_func( &ctx, entropy, sizeof( entropy ) ) == 0 );
+ TEST_ASSERT(mbedtls_entropy_func(&ctx, entropy, sizeof(entropy)) == 0);
// Determine what should have happened with manual entropy internal logic
// Init accumulator
header[1] = MBEDTLS_ENTROPY_BLOCK_SIZE;
- TEST_ASSERT( mbedtls_md_setup( &accumulator, md_info, 0 ) == 0 );
+ TEST_ASSERT(mbedtls_md_setup(&accumulator, md_info, 0) == 0);
// First run for updating write_seed
header[0] = 0;
- TEST_ASSERT( mbedtls_md_starts( &accumulator ) == 0 );
- TEST_ASSERT( mbedtls_md_update( &accumulator, header, 2 ) == 0 );
- TEST_ASSERT( mbedtls_md_update( &accumulator,
- read_seed->x, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
- TEST_ASSERT( mbedtls_md_finish( &accumulator, buf ) == 0 );
+ TEST_ASSERT(mbedtls_md_starts(&accumulator) == 0);
+ TEST_ASSERT(mbedtls_md_update(&accumulator, header, 2) == 0);
+ TEST_ASSERT(mbedtls_md_update(&accumulator,
+ read_seed->x, MBEDTLS_ENTROPY_BLOCK_SIZE) == 0);
+ TEST_ASSERT(mbedtls_md_finish(&accumulator, buf) == 0);
- TEST_ASSERT( mbedtls_md_starts( &accumulator ) == 0 );
- TEST_ASSERT( mbedtls_md_update( &accumulator,
- buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
+ TEST_ASSERT(mbedtls_md_starts(&accumulator) == 0);
+ TEST_ASSERT(mbedtls_md_update(&accumulator,
+ buf, MBEDTLS_ENTROPY_BLOCK_SIZE) == 0);
- TEST_ASSERT( mbedtls_md( md_info, buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
- check_seed ) == 0 );
+ TEST_ASSERT(mbedtls_md(md_info, buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
+ check_seed) == 0);
// Second run for actual entropy (triggers mbedtls_entropy_update_nv_seed)
header[0] = MBEDTLS_ENTROPY_SOURCE_MANUAL;
- TEST_ASSERT( mbedtls_md_update( &accumulator, header, 2 ) == 0 );
- TEST_ASSERT( mbedtls_md_update( &accumulator,
- empty, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
+ TEST_ASSERT(mbedtls_md_update(&accumulator, header, 2) == 0);
+ TEST_ASSERT(mbedtls_md_update(&accumulator,
+ empty, MBEDTLS_ENTROPY_BLOCK_SIZE) == 0);
header[0] = 0;
- TEST_ASSERT( mbedtls_md_update( &accumulator, header, 2 ) == 0 );
- TEST_ASSERT( mbedtls_md_update( &accumulator,
- check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
- TEST_ASSERT( mbedtls_md_finish( &accumulator, buf ) == 0 );
+ TEST_ASSERT(mbedtls_md_update(&accumulator, header, 2) == 0);
+ TEST_ASSERT(mbedtls_md_update(&accumulator,
+ check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE) == 0);
+ TEST_ASSERT(mbedtls_md_finish(&accumulator, buf) == 0);
- TEST_ASSERT( mbedtls_md( md_info, buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
- check_entropy ) == 0 );
+ TEST_ASSERT(mbedtls_md(md_info, buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
+ check_entropy) == 0);
// Check result of both NV file and entropy received with the manual calculations
- TEST_ASSERT( memcmp( check_seed, buffer_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
- TEST_ASSERT( memcmp( check_entropy, entropy, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
+ TEST_ASSERT(memcmp(check_seed, buffer_seed, MBEDTLS_ENTROPY_BLOCK_SIZE) == 0);
+ TEST_ASSERT(memcmp(check_entropy, entropy, MBEDTLS_ENTROPY_BLOCK_SIZE) == 0);
exit:
- mbedtls_md_free( &accumulator );
- mbedtls_entropy_free( &ctx );
+ mbedtls_md_free(&accumulator);
+ mbedtls_entropy_free(&ctx);
mbedtls_nv_seed_read = original_mbedtls_nv_seed_read;
mbedtls_nv_seed_write = original_mbedtls_nv_seed_write;
}
/* END_CASE */
/* BEGIN_CASE depends_on:ENTROPY_HAVE_STRONG:MBEDTLS_SELF_TEST */
-void entropy_selftest( int result )
+void entropy_selftest(int result)
{
- TEST_ASSERT( mbedtls_entropy_self_test( 1 ) == result );
+ TEST_ASSERT(mbedtls_entropy_self_test(1) == result);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_error.function b/tests/suites/test_suite_error.function
index 68831ce..4c38ab0 100644
--- a/tests/suites/test_suite_error.function
+++ b/tests/suites/test_suite_error.function
@@ -8,14 +8,14 @@
*/
/* BEGIN_CASE */
-void error_strerror( int code, char * result_str )
+void error_strerror(int code, char *result_str)
{
char buf[500];
- memset( buf, 0, sizeof( buf ) );
+ memset(buf, 0, sizeof(buf));
- mbedtls_strerror( code, buf, 500 );
+ mbedtls_strerror(code, buf, 500);
- TEST_ASSERT( strcmp( buf, result_str ) == 0 );
+ TEST_ASSERT(strcmp(buf, result_str) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index afe862d..b0c7bbc 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -8,107 +8,114 @@
*/
/* BEGIN_CASE */
-void gcm_bad_parameters( int cipher_id, int direction,
- data_t *key_str, data_t *src_str,
- data_t *iv_str, data_t *add_str,
- int tag_len_bits, int gcm_result )
+void gcm_bad_parameters(int cipher_id, int direction,
+ data_t *key_str, data_t *src_str,
+ data_t *iv_str, data_t *add_str,
+ int tag_len_bits, int gcm_result)
{
unsigned char output[128];
unsigned char tag_output[16];
mbedtls_gcm_context ctx;
size_t tag_len = tag_len_bits / 8;
- mbedtls_gcm_init( &ctx );
+ mbedtls_gcm_init(&ctx);
- memset( output, 0x00, sizeof( output ) );
- memset( tag_output, 0x00, sizeof( tag_output ) );
+ memset(output, 0x00, sizeof(output));
+ memset(tag_output, 0x00, sizeof(tag_output));
- TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 );
- TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, direction, src_str->len, iv_str->x, iv_str->len,
- add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == gcm_result );
+ TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0);
+ TEST_ASSERT(mbedtls_gcm_crypt_and_tag(&ctx, direction, src_str->len, iv_str->x, iv_str->len,
+ add_str->x, add_str->len, src_str->x, output, tag_len,
+ tag_output) == gcm_result);
exit:
- mbedtls_gcm_free( &ctx );
+ mbedtls_gcm_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void gcm_encrypt_and_tag( int cipher_id, data_t * key_str,
- data_t * src_str, data_t * iv_str,
- data_t * add_str, data_t * dst,
- int tag_len_bits, data_t * tag,
- int init_result )
+void gcm_encrypt_and_tag(int cipher_id, data_t *key_str,
+ data_t *src_str, data_t *iv_str,
+ data_t *add_str, data_t *dst,
+ int tag_len_bits, data_t *tag,
+ int init_result)
{
unsigned char output[128];
unsigned char tag_output[16];
mbedtls_gcm_context ctx;
size_t tag_len = tag_len_bits / 8;
- mbedtls_gcm_init( &ctx );
+ mbedtls_gcm_init(&ctx);
memset(output, 0x00, 128);
memset(tag_output, 0x00, 16);
- TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == init_result );
- if( init_result == 0 )
- {
- TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == 0 );
+ TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == init_result);
+ if (init_result == 0) {
+ TEST_ASSERT(mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x,
+ iv_str->len, add_str->x, add_str->len, src_str->x,
+ output, tag_len, tag_output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
- src_str->len, dst->len ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( tag_output, tag->x,
- tag_len, tag->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x,
+ src_str->len, dst->len) == 0);
+ TEST_ASSERT(mbedtls_test_hexcmp(tag_output, tag->x,
+ tag_len, tag->len) == 0);
}
exit:
- mbedtls_gcm_free( &ctx );
+ mbedtls_gcm_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void gcm_decrypt_and_verify( int cipher_id, data_t * key_str,
- data_t * src_str, data_t * iv_str,
- data_t * add_str, int tag_len_bits,
- data_t * tag_str, char * result,
- data_t * pt_result, int init_result )
+void gcm_decrypt_and_verify(int cipher_id, data_t *key_str,
+ data_t *src_str, data_t *iv_str,
+ data_t *add_str, int tag_len_bits,
+ data_t *tag_str, char *result,
+ data_t *pt_result, int init_result)
{
unsigned char output[128];
mbedtls_gcm_context ctx;
int ret;
size_t tag_len = tag_len_bits / 8;
- mbedtls_gcm_init( &ctx );
+ mbedtls_gcm_init(&ctx);
memset(output, 0x00, 128);
- TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == init_result );
- if( init_result == 0 )
- {
- ret = mbedtls_gcm_auth_decrypt( &ctx, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, tag_str->x, tag_len, src_str->x, output );
+ TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == init_result);
+ if (init_result == 0) {
+ ret = mbedtls_gcm_auth_decrypt(&ctx,
+ src_str->len,
+ iv_str->x,
+ iv_str->len,
+ add_str->x,
+ add_str->len,
+ tag_str->x,
+ tag_len,
+ src_str->x,
+ output);
- if( strcmp( "FAIL", result ) == 0 )
- {
- TEST_ASSERT( ret == MBEDTLS_ERR_GCM_AUTH_FAILED );
- }
- else
- {
- TEST_ASSERT( ret == 0 );
+ if (strcmp("FAIL", result) == 0) {
+ TEST_ASSERT(ret == MBEDTLS_ERR_GCM_AUTH_FAILED);
+ } else {
+ TEST_ASSERT(ret == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, pt_result->x,
- src_str->len,
- pt_result->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, pt_result->x,
+ src_str->len,
+ pt_result->len) == 0);
}
}
exit:
- mbedtls_gcm_free( &ctx );
+ mbedtls_gcm_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void gcm_invalid_param( )
+void gcm_invalid_param()
{
mbedtls_gcm_context ctx;
unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
@@ -117,168 +124,168 @@
int valid_len = sizeof(valid_buffer);
int valid_bitlen = 128, invalid_bitlen = 1;
- mbedtls_gcm_init( &ctx );
+ mbedtls_gcm_init(&ctx);
/* mbedtls_gcm_init() */
- TEST_INVALID_PARAM( mbedtls_gcm_init( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_gcm_init(NULL));
/* mbedtls_gcm_setkey */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) );
+ mbedtls_gcm_setkey(NULL, valid_cipher, valid_buffer, valid_bitlen));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) );
+ mbedtls_gcm_setkey(&ctx, valid_cipher, NULL, valid_bitlen));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_setkey( &ctx, valid_cipher, valid_buffer, invalid_bitlen ) );
+ mbedtls_gcm_setkey(&ctx, valid_cipher, valid_buffer, invalid_bitlen));
/* mbedtls_gcm_crypt_and_tag() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( NULL, valid_mode, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_len, valid_buffer ) );
+ mbedtls_gcm_crypt_and_tag(NULL, valid_mode, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_len, valid_buffer));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_len, valid_buffer ) );
+ mbedtls_gcm_crypt_and_tag(&ctx, valid_mode, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_len, valid_buffer));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer,
- valid_len, valid_buffer ) );
+ mbedtls_gcm_crypt_and_tag(&ctx, valid_mode, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_buffer,
+ valid_len, valid_buffer));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer,
- valid_len, valid_buffer ) );
+ mbedtls_gcm_crypt_and_tag(&ctx, valid_mode, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_buffer,
+ valid_len, valid_buffer));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL,
- valid_len, valid_buffer ) );
+ mbedtls_gcm_crypt_and_tag(&ctx, valid_mode, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, NULL,
+ valid_len, valid_buffer));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_len, NULL ) );
+ mbedtls_gcm_crypt_and_tag(&ctx, valid_mode, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_len, NULL));
/* mbedtls_gcm_auth_decrypt() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer) );
+ mbedtls_gcm_auth_decrypt(NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( &ctx, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer) );
+ mbedtls_gcm_auth_decrypt(&ctx, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer) );
+ mbedtls_gcm_auth_decrypt(&ctx, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer) );
+ mbedtls_gcm_auth_decrypt(&ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_buffer));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer) );
+ mbedtls_gcm_auth_decrypt(&ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_buffer));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL) );
+ mbedtls_gcm_auth_decrypt(&ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, NULL));
/* mbedtls_gcm_starts() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_starts( NULL, valid_mode,
- valid_buffer, valid_len,
- valid_buffer, valid_len ) );
+ mbedtls_gcm_starts(NULL, valid_mode,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_starts( &ctx, valid_mode,
- NULL, valid_len,
- valid_buffer, valid_len ) );
+ mbedtls_gcm_starts(&ctx, valid_mode,
+ NULL, valid_len,
+ valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_starts( &ctx, valid_mode,
- valid_buffer, valid_len,
- NULL, valid_len ) );
+ mbedtls_gcm_starts(&ctx, valid_mode,
+ valid_buffer, valid_len,
+ NULL, valid_len));
/* mbedtls_gcm_update() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_update( NULL, valid_len,
- valid_buffer, valid_buffer ) );
+ mbedtls_gcm_update(NULL, valid_len,
+ valid_buffer, valid_buffer));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_update( &ctx, valid_len,
- NULL, valid_buffer ) );
+ mbedtls_gcm_update(&ctx, valid_len,
+ NULL, valid_buffer));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_update( &ctx, valid_len,
- valid_buffer, NULL ) );
+ mbedtls_gcm_update(&ctx, valid_len,
+ valid_buffer, NULL));
/* mbedtls_gcm_finish() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_finish( NULL, valid_buffer, valid_len ) );
+ mbedtls_gcm_finish(NULL, valid_buffer, valid_len));
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_finish( &ctx, NULL, valid_len ) );
+ mbedtls_gcm_finish(&ctx, NULL, valid_len));
exit:
- mbedtls_gcm_free( &ctx );
+ mbedtls_gcm_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void gcm_valid_param( )
+void gcm_valid_param()
{
- TEST_VALID_PARAM( mbedtls_gcm_free( NULL ) );
+ TEST_VALID_PARAM(mbedtls_gcm_free(NULL));
exit:
return;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */
-void gcm_selftest( )
+void gcm_selftest()
{
- TEST_ASSERT( mbedtls_gcm_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_gcm_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function
index 4c597c3..2bfbf3c 100644
--- a/tests/suites/test_suite_hkdf.function
+++ b/tests/suites/test_suite_hkdf.function
@@ -9,29 +9,29 @@
*/
/* BEGIN_CASE */
-void test_hkdf( int md_alg, data_t *ikm, data_t *salt, data_t *info,
- data_t *expected_okm )
+void test_hkdf(int md_alg, data_t *ikm, data_t *salt, data_t *info,
+ data_t *expected_okm)
{
int ret;
unsigned char okm[128] = { '\0' };
- const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg );
- TEST_ASSERT( md != NULL );
+ const mbedtls_md_info_t *md = mbedtls_md_info_from_type(md_alg);
+ TEST_ASSERT(md != NULL);
- TEST_ASSERT( expected_okm->len <= sizeof( okm ) );
+ TEST_ASSERT(expected_okm->len <= sizeof(okm));
- ret = mbedtls_hkdf( md, salt->x, salt->len, ikm->x, ikm->len,
- info->x, info->len, okm, expected_okm->len );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_hkdf(md, salt->x, salt->len, ikm->x, ikm->len,
+ info->x, info->len, okm, expected_okm->len);
+ TEST_ASSERT(ret == 0);
- ASSERT_COMPARE( okm , expected_okm->len,
- expected_okm->x, expected_okm->len );
+ ASSERT_COMPARE(okm, expected_okm->len,
+ expected_okm->x, expected_okm->len);
}
/* END_CASE */
/* BEGIN_CASE */
-void test_hkdf_extract( int md_alg, char *hex_ikm_string,
- char *hex_salt_string, char *hex_prk_string )
+void test_hkdf_extract(int md_alg, char *hex_ikm_string,
+ char *hex_salt_string, char *hex_prk_string)
{
int ret;
unsigned char *ikm = NULL;
@@ -40,20 +40,20 @@
unsigned char *output_prk = NULL;
size_t ikm_len, salt_len, prk_len, output_prk_len;
- const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg );
- TEST_ASSERT( md != NULL );
+ const mbedtls_md_info_t *md = mbedtls_md_info_from_type(md_alg);
+ TEST_ASSERT(md != NULL);
- output_prk_len = mbedtls_md_get_size( md );
- output_prk = mbedtls_calloc( 1, output_prk_len );
+ output_prk_len = mbedtls_md_get_size(md);
+ output_prk = mbedtls_calloc(1, output_prk_len);
- ikm = mbedtls_test_unhexify_alloc( hex_ikm_string, &ikm_len );
- salt = mbedtls_test_unhexify_alloc( hex_salt_string, &salt_len );
- prk = mbedtls_test_unhexify_alloc( hex_prk_string, &prk_len );
+ ikm = mbedtls_test_unhexify_alloc(hex_ikm_string, &ikm_len);
+ salt = mbedtls_test_unhexify_alloc(hex_salt_string, &salt_len);
+ prk = mbedtls_test_unhexify_alloc(hex_prk_string, &prk_len);
- ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, output_prk );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_hkdf_extract(md, salt, salt_len, ikm, ikm_len, output_prk);
+ TEST_ASSERT(ret == 0);
- ASSERT_COMPARE( output_prk, output_prk_len, prk, prk_len );
+ ASSERT_COMPARE(output_prk, output_prk_len, prk, prk_len);
exit:
mbedtls_free(ikm);
@@ -64,8 +64,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void test_hkdf_expand( int md_alg, char *hex_info_string,
- char *hex_prk_string, char *hex_okm_string )
+void test_hkdf_expand(int md_alg, char *hex_info_string,
+ char *hex_prk_string, char *hex_okm_string)
{
enum { OKM_LEN = 1024 };
int ret;
@@ -75,21 +75,21 @@
unsigned char *output_okm = NULL;
size_t info_len, prk_len, okm_len;
- const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg );
- TEST_ASSERT( md != NULL );
+ const mbedtls_md_info_t *md = mbedtls_md_info_from_type(md_alg);
+ TEST_ASSERT(md != NULL);
- output_okm = mbedtls_calloc( OKM_LEN, 1 );
+ output_okm = mbedtls_calloc(OKM_LEN, 1);
- prk = mbedtls_test_unhexify_alloc( hex_prk_string, &prk_len );
- info = mbedtls_test_unhexify_alloc( hex_info_string, &info_len );
- okm = mbedtls_test_unhexify_alloc( hex_okm_string, &okm_len );
- TEST_ASSERT( prk_len == mbedtls_md_get_size( md ) );
- TEST_ASSERT( okm_len < OKM_LEN );
+ prk = mbedtls_test_unhexify_alloc(hex_prk_string, &prk_len);
+ info = mbedtls_test_unhexify_alloc(hex_info_string, &info_len);
+ okm = mbedtls_test_unhexify_alloc(hex_okm_string, &okm_len);
+ TEST_ASSERT(prk_len == mbedtls_md_get_size(md));
+ TEST_ASSERT(okm_len < OKM_LEN);
- ret = mbedtls_hkdf_expand( md, prk, prk_len, info, info_len,
- output_okm, OKM_LEN );
- TEST_ASSERT( ret == 0 );
- ASSERT_COMPARE( output_okm, okm_len, okm, okm_len );
+ ret = mbedtls_hkdf_expand(md, prk, prk_len, info, info_len,
+ output_okm, OKM_LEN);
+ TEST_ASSERT(ret == 0);
+ ASSERT_COMPARE(output_okm, okm_len, okm, okm_len);
exit:
mbedtls_free(info);
@@ -100,7 +100,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void test_hkdf_extract_ret( int hash_len, int ret )
+void test_hkdf_extract_ret(int hash_len, int ret)
{
int output_ret;
unsigned char *salt = NULL;
@@ -109,17 +109,17 @@
size_t salt_len, ikm_len;
struct mbedtls_md_info_t fake_md_info;
- memset( &fake_md_info, 0, sizeof( fake_md_info ) );
+ memset(&fake_md_info, 0, sizeof(fake_md_info));
fake_md_info.type = MBEDTLS_MD_NONE;
fake_md_info.size = hash_len;
- prk = mbedtls_calloc( MBEDTLS_MD_MAX_SIZE, 1 );
+ prk = mbedtls_calloc(MBEDTLS_MD_MAX_SIZE, 1);
salt_len = 0;
ikm_len = 0;
- output_ret = mbedtls_hkdf_extract( &fake_md_info, salt, salt_len,
- ikm, ikm_len, prk );
- TEST_ASSERT( output_ret == ret );
+ output_ret = mbedtls_hkdf_extract(&fake_md_info, salt, salt_len,
+ ikm, ikm_len, prk);
+ TEST_ASSERT(output_ret == ret);
exit:
mbedtls_free(prk);
@@ -127,7 +127,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void test_hkdf_expand_ret( int hash_len, int prk_len, int okm_len, int ret )
+void test_hkdf_expand_ret(int hash_len, int prk_len, int okm_len, int ret)
{
int output_ret;
unsigned char *info = NULL;
@@ -136,21 +136,23 @@
size_t info_len;
struct mbedtls_md_info_t fake_md_info;
- memset( &fake_md_info, 0, sizeof( fake_md_info ) );
+ memset(&fake_md_info, 0, sizeof(fake_md_info));
fake_md_info.type = MBEDTLS_MD_NONE;
fake_md_info.size = hash_len;
info_len = 0;
- if (prk_len > 0)
- prk = mbedtls_calloc( prk_len, 1 );
+ if (prk_len > 0) {
+ prk = mbedtls_calloc(prk_len, 1);
+ }
- if (okm_len > 0)
- okm = mbedtls_calloc( okm_len, 1 );
+ if (okm_len > 0) {
+ okm = mbedtls_calloc(okm_len, 1);
+ }
- output_ret = mbedtls_hkdf_expand( &fake_md_info, prk, prk_len,
- info, info_len, okm, okm_len );
- TEST_ASSERT( output_ret == ret );
+ output_ret = mbedtls_hkdf_expand(&fake_md_info, prk, prk_len,
+ info, info_len, okm, okm_len);
+ TEST_ASSERT(output_ret == ret);
exit:
mbedtls_free(prk);
diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function
index b83d760..830155a 100644
--- a/tests/suites/test_suite_hmac_drbg.function
+++ b/tests/suites/test_suite_hmac_drbg.function
@@ -2,25 +2,25 @@
#include "mbedtls/hmac_drbg.h"
#include "string.h"
-typedef struct
-{
+typedef struct {
unsigned char *p;
size_t len;
} entropy_ctx;
-static int mbedtls_test_entropy_func( void *data, unsigned char *buf, size_t len )
+static int mbedtls_test_entropy_func(void *data, unsigned char *buf, size_t len)
{
entropy_ctx *ctx = (entropy_ctx *) data;
- if( len > ctx->len )
- return( -1 );
+ if (len > ctx->len) {
+ return -1;
+ }
- memcpy( buf, ctx->p, len );
+ memcpy(buf, ctx->p, len);
ctx->p += len;
ctx->len -= len;
- return( 0 );
+ return 0;
}
/* END_HEADER */
@@ -30,7 +30,7 @@
*/
/* BEGIN_CASE */
-void hmac_drbg_entropy_usage( int md_alg )
+void hmac_drbg_entropy_usage(int md_alg)
{
unsigned char out[16];
unsigned char buf[1024];
@@ -41,112 +41,111 @@
size_t default_entropy_len;
size_t expected_consumed_entropy = 0;
- mbedtls_hmac_drbg_init( &ctx );
- memset( buf, 0, sizeof( buf ) );
- memset( out, 0, sizeof( out ) );
+ mbedtls_hmac_drbg_init(&ctx);
+ memset(buf, 0, sizeof(buf));
+ memset(out, 0, sizeof(out));
- entropy.len = sizeof( buf );
+ entropy.len = sizeof(buf);
entropy.p = buf;
- md_info = mbedtls_md_info_from_type( md_alg );
- TEST_ASSERT( md_info != NULL );
- if( mbedtls_md_get_size( md_info ) <= 20 )
+ md_info = mbedtls_md_info_from_type(md_alg);
+ TEST_ASSERT(md_info != NULL);
+ if (mbedtls_md_get_size(md_info) <= 20) {
default_entropy_len = 16;
- else if( mbedtls_md_get_size( md_info ) <= 28 )
+ } else if (mbedtls_md_get_size(md_info) <= 28) {
default_entropy_len = 24;
- else
+ } else {
default_entropy_len = 32;
+ }
/* Set reseed interval before seed */
- mbedtls_hmac_drbg_set_reseed_interval( &ctx, 2 * reps );
+ mbedtls_hmac_drbg_set_reseed_interval(&ctx, 2 * reps);
/* Init must use entropy */
- TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &entropy,
- NULL, 0 ) == 0 );
+ TEST_ASSERT(mbedtls_hmac_drbg_seed(&ctx, md_info, mbedtls_test_entropy_func, &entropy,
+ NULL, 0) == 0);
/* default_entropy_len of entropy, plus half as much for the nonce */
expected_consumed_entropy += default_entropy_len * 3 / 2;
- TEST_EQUAL( sizeof( buf ) - entropy.len, expected_consumed_entropy );
+ TEST_EQUAL(sizeof(buf) - entropy.len, expected_consumed_entropy);
/* By default, PR is off, and reseed interval was set to
* 2 * reps so the next few calls should not use entropy */
- for( i = 0; i < reps; i++ )
- {
- TEST_ASSERT( mbedtls_hmac_drbg_random( &ctx, out, sizeof( out ) - 4 ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, out, sizeof( out ) - 4,
- buf, 16 ) == 0 );
+ for (i = 0; i < reps; i++) {
+ TEST_ASSERT(mbedtls_hmac_drbg_random(&ctx, out, sizeof(out) - 4) == 0);
+ TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, out, sizeof(out) - 4,
+ buf, 16) == 0);
}
- TEST_EQUAL( sizeof( buf ) - entropy.len, expected_consumed_entropy );
+ TEST_EQUAL(sizeof(buf) - entropy.len, expected_consumed_entropy);
/* While at it, make sure we didn't write past the requested length */
- TEST_ASSERT( out[sizeof( out ) - 4] == 0 );
- TEST_ASSERT( out[sizeof( out ) - 3] == 0 );
- TEST_ASSERT( out[sizeof( out ) - 2] == 0 );
- TEST_ASSERT( out[sizeof( out ) - 1] == 0 );
+ TEST_ASSERT(out[sizeof(out) - 4] == 0);
+ TEST_ASSERT(out[sizeof(out) - 3] == 0);
+ TEST_ASSERT(out[sizeof(out) - 2] == 0);
+ TEST_ASSERT(out[sizeof(out) - 1] == 0);
/* There have been 2 * reps calls to random. The next call should reseed */
- TEST_ASSERT( mbedtls_hmac_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
+ TEST_ASSERT(mbedtls_hmac_drbg_random(&ctx, out, sizeof(out)) == 0);
expected_consumed_entropy += default_entropy_len;
- TEST_EQUAL( sizeof( buf ) - entropy.len, expected_consumed_entropy );
+ TEST_EQUAL(sizeof(buf) - entropy.len, expected_consumed_entropy);
/* Set reseed interval after seed */
- mbedtls_hmac_drbg_set_reseed_interval( &ctx, 4 * reps + 1);
+ mbedtls_hmac_drbg_set_reseed_interval(&ctx, 4 * reps + 1);
/* The new few calls should not reseed */
- for( i = 0; i < (2 * reps); i++ )
- {
- TEST_ASSERT( mbedtls_hmac_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, out, sizeof( out ) ,
- buf, 16 ) == 0 );
+ for (i = 0; i < (2 * reps); i++) {
+ TEST_ASSERT(mbedtls_hmac_drbg_random(&ctx, out, sizeof(out)) == 0);
+ TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, out, sizeof(out),
+ buf, 16) == 0);
}
- TEST_EQUAL( sizeof( buf ) - entropy.len, expected_consumed_entropy );
+ TEST_EQUAL(sizeof(buf) - entropy.len, expected_consumed_entropy);
/* Now enable PR, so the next few calls should all reseed */
- mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON );
- TEST_ASSERT( mbedtls_hmac_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
+ mbedtls_hmac_drbg_set_prediction_resistance(&ctx, MBEDTLS_HMAC_DRBG_PR_ON);
+ TEST_ASSERT(mbedtls_hmac_drbg_random(&ctx, out, sizeof(out)) == 0);
expected_consumed_entropy += default_entropy_len;
- TEST_EQUAL( sizeof( buf ) - entropy.len, expected_consumed_entropy );
+ TEST_EQUAL(sizeof(buf) - entropy.len, expected_consumed_entropy);
/* Finally, check setting entropy_len */
- mbedtls_hmac_drbg_set_entropy_len( &ctx, 42 );
- TEST_ASSERT( mbedtls_hmac_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
+ mbedtls_hmac_drbg_set_entropy_len(&ctx, 42);
+ TEST_ASSERT(mbedtls_hmac_drbg_random(&ctx, out, sizeof(out)) == 0);
expected_consumed_entropy += 42;
- TEST_EQUAL( sizeof( buf ) - entropy.len, expected_consumed_entropy );
+ TEST_EQUAL(sizeof(buf) - entropy.len, expected_consumed_entropy);
- mbedtls_hmac_drbg_set_entropy_len( &ctx, 13 );
- TEST_ASSERT( mbedtls_hmac_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
+ mbedtls_hmac_drbg_set_entropy_len(&ctx, 13);
+ TEST_ASSERT(mbedtls_hmac_drbg_random(&ctx, out, sizeof(out)) == 0);
expected_consumed_entropy += 13;
- TEST_EQUAL( sizeof( buf ) - entropy.len, expected_consumed_entropy );
+ TEST_EQUAL(sizeof(buf) - entropy.len, expected_consumed_entropy);
exit:
- mbedtls_hmac_drbg_free( &ctx );
+ mbedtls_hmac_drbg_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void hmac_drbg_seed_file( int md_alg, char * path, int ret )
+void hmac_drbg_seed_file(int md_alg, char *path, int ret)
{
const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx;
- mbedtls_hmac_drbg_init( &ctx );
+ mbedtls_hmac_drbg_init(&ctx);
- md_info = mbedtls_md_info_from_type( md_alg );
- TEST_ASSERT( md_info != NULL );
+ md_info = mbedtls_md_info_from_type(md_alg);
+ TEST_ASSERT(md_info != NULL);
- TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info,
- mbedtls_test_rnd_std_rand, NULL,
- NULL, 0 ) == 0 );
+ TEST_ASSERT(mbedtls_hmac_drbg_seed(&ctx, md_info,
+ mbedtls_test_rnd_std_rand, NULL,
+ NULL, 0) == 0);
- TEST_ASSERT( mbedtls_hmac_drbg_write_seed_file( &ctx, path ) == ret );
- TEST_ASSERT( mbedtls_hmac_drbg_update_seed_file( &ctx, path ) == ret );
+ TEST_ASSERT(mbedtls_hmac_drbg_write_seed_file(&ctx, path) == ret);
+ TEST_ASSERT(mbedtls_hmac_drbg_update_seed_file(&ctx, path) == ret);
exit:
- mbedtls_hmac_drbg_free( &ctx );
+ mbedtls_hmac_drbg_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void hmac_drbg_buf( int md_alg )
+void hmac_drbg_buf(int md_alg)
{
unsigned char out[16];
unsigned char buf[100];
@@ -154,30 +153,31 @@
mbedtls_hmac_drbg_context ctx;
size_t i;
- mbedtls_hmac_drbg_init( &ctx );
- memset( buf, 0, sizeof( buf ) );
- memset( out, 0, sizeof( out ) );
+ mbedtls_hmac_drbg_init(&ctx);
+ memset(buf, 0, sizeof(buf));
+ memset(out, 0, sizeof(out));
- md_info = mbedtls_md_info_from_type( md_alg );
- TEST_ASSERT( md_info != NULL );
- TEST_ASSERT( mbedtls_hmac_drbg_seed_buf( &ctx, md_info, buf, sizeof( buf ) ) == 0 );
+ md_info = mbedtls_md_info_from_type(md_alg);
+ TEST_ASSERT(md_info != NULL);
+ TEST_ASSERT(mbedtls_hmac_drbg_seed_buf(&ctx, md_info, buf, sizeof(buf)) == 0);
/* Make sure it never tries to reseed (would segfault otherwise) */
- mbedtls_hmac_drbg_set_reseed_interval( &ctx, 3 );
- mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON );
+ mbedtls_hmac_drbg_set_reseed_interval(&ctx, 3);
+ mbedtls_hmac_drbg_set_prediction_resistance(&ctx, MBEDTLS_HMAC_DRBG_PR_ON);
- for( i = 0; i < 30; i++ )
- TEST_ASSERT( mbedtls_hmac_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
+ for (i = 0; i < 30; i++) {
+ TEST_ASSERT(mbedtls_hmac_drbg_random(&ctx, out, sizeof(out)) == 0);
+ }
exit:
- mbedtls_hmac_drbg_free( &ctx );
+ mbedtls_hmac_drbg_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void hmac_drbg_no_reseed( int md_alg, data_t * entropy,
- data_t * custom, data_t * add1,
- data_t * add2, data_t * output )
+void hmac_drbg_no_reseed(int md_alg, data_t *entropy,
+ data_t *custom, data_t *add1,
+ data_t *add2, data_t *output)
{
unsigned char data[1024];
unsigned char my_output[512];
@@ -185,111 +185,111 @@
const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx;
- mbedtls_hmac_drbg_init( &ctx );
+ mbedtls_hmac_drbg_init(&ctx);
p_entropy.p = entropy->x;
p_entropy.len = entropy->len;
- md_info = mbedtls_md_info_from_type( md_alg );
- TEST_ASSERT( md_info != NULL );
+ md_info = mbedtls_md_info_from_type(md_alg);
+ TEST_ASSERT(md_info != NULL);
/* Test the simplified buffer-based variant */
- memcpy( data, entropy->x, p_entropy.len );
- memcpy( data + p_entropy.len, custom->x, custom->len );
- TEST_ASSERT( mbedtls_hmac_drbg_seed_buf( &ctx, md_info,
- data, p_entropy.len + custom->len ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
- add1->x, add1->len ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
- add2->x, add2->len ) == 0 );
+ memcpy(data, entropy->x, p_entropy.len);
+ memcpy(data + p_entropy.len, custom->x, custom->len);
+ TEST_ASSERT(mbedtls_hmac_drbg_seed_buf(&ctx, md_info,
+ data, p_entropy.len + custom->len) == 0);
+ TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, my_output, output->len,
+ add1->x, add1->len) == 0);
+ TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, my_output, output->len,
+ add2->x, add2->len) == 0);
/* Reset context for second run */
- mbedtls_hmac_drbg_free( &ctx );
+ mbedtls_hmac_drbg_free(&ctx);
- TEST_ASSERT( memcmp( my_output, output->x, output->len ) == 0 );
+ TEST_ASSERT(memcmp(my_output, output->x, output->len) == 0);
/* And now the normal entropy-based variant */
- TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &p_entropy,
- custom->x, custom->len ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
- add1->x, add1->len ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
- add2->x, add2->len ) == 0 );
- TEST_ASSERT( memcmp( my_output, output->x, output->len ) == 0 );
+ TEST_ASSERT(mbedtls_hmac_drbg_seed(&ctx, md_info, mbedtls_test_entropy_func, &p_entropy,
+ custom->x, custom->len) == 0);
+ TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, my_output, output->len,
+ add1->x, add1->len) == 0);
+ TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, my_output, output->len,
+ add2->x, add2->len) == 0);
+ TEST_ASSERT(memcmp(my_output, output->x, output->len) == 0);
exit:
- mbedtls_hmac_drbg_free( &ctx );
+ mbedtls_hmac_drbg_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void hmac_drbg_nopr( int md_alg, data_t * entropy, data_t * custom,
- data_t * add1, data_t * add2, data_t * add3,
- data_t * output )
+void hmac_drbg_nopr(int md_alg, data_t *entropy, data_t *custom,
+ data_t *add1, data_t *add2, data_t *add3,
+ data_t *output)
{
unsigned char my_output[512];
entropy_ctx p_entropy;
const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx;
- mbedtls_hmac_drbg_init( &ctx );
+ mbedtls_hmac_drbg_init(&ctx);
p_entropy.p = entropy->x;
p_entropy.len = entropy->len;
- md_info = mbedtls_md_info_from_type( md_alg );
- TEST_ASSERT( md_info != NULL );
+ md_info = mbedtls_md_info_from_type(md_alg);
+ TEST_ASSERT(md_info != NULL);
- TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &p_entropy,
- custom->x, custom->len ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_reseed( &ctx, add1->x, add1->len ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
- add2->x, add2->len ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
- add3->x, add3->len ) == 0 );
+ TEST_ASSERT(mbedtls_hmac_drbg_seed(&ctx, md_info, mbedtls_test_entropy_func, &p_entropy,
+ custom->x, custom->len) == 0);
+ TEST_ASSERT(mbedtls_hmac_drbg_reseed(&ctx, add1->x, add1->len) == 0);
+ TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, my_output, output->len,
+ add2->x, add2->len) == 0);
+ TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, my_output, output->len,
+ add3->x, add3->len) == 0);
- TEST_ASSERT( memcmp( my_output, output->x, output->len ) == 0 );
+ TEST_ASSERT(memcmp(my_output, output->x, output->len) == 0);
exit:
- mbedtls_hmac_drbg_free( &ctx );
+ mbedtls_hmac_drbg_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void hmac_drbg_pr( int md_alg, data_t * entropy, data_t * custom,
- data_t * add1, data_t * add2, data_t * output )
+void hmac_drbg_pr(int md_alg, data_t *entropy, data_t *custom,
+ data_t *add1, data_t *add2, data_t *output)
{
unsigned char my_output[512];
entropy_ctx p_entropy;
const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx;
- mbedtls_hmac_drbg_init( &ctx );
+ mbedtls_hmac_drbg_init(&ctx);
p_entropy.p = entropy->x;
p_entropy.len = entropy->len;
- md_info = mbedtls_md_info_from_type( md_alg );
- TEST_ASSERT( md_info != NULL );
+ md_info = mbedtls_md_info_from_type(md_alg);
+ TEST_ASSERT(md_info != NULL);
- TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &p_entropy,
- custom->x, custom->len ) == 0 );
- mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
- add1->x, add1->len ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
- add2->x, add2->len ) == 0 );
+ TEST_ASSERT(mbedtls_hmac_drbg_seed(&ctx, md_info, mbedtls_test_entropy_func, &p_entropy,
+ custom->x, custom->len) == 0);
+ mbedtls_hmac_drbg_set_prediction_resistance(&ctx, MBEDTLS_HMAC_DRBG_PR_ON);
+ TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, my_output, output->len,
+ add1->x, add1->len) == 0);
+ TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, my_output, output->len,
+ add2->x, add2->len) == 0);
- TEST_ASSERT( memcmp( my_output, output->x, output->len ) == 0 );
+ TEST_ASSERT(memcmp(my_output, output->x, output->len) == 0);
exit:
- mbedtls_hmac_drbg_free( &ctx );
+ mbedtls_hmac_drbg_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void hmac_drbg_selftest( )
+void hmac_drbg_selftest()
{
- TEST_ASSERT( mbedtls_hmac_drbg_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_hmac_drbg_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index da3e852..c875389 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -8,15 +8,15 @@
*/
/* BEGIN_CASE */
-void mbedtls_md_process( )
+void mbedtls_md_process()
{
const int *md_type_ptr;
const mbedtls_md_info_t *info;
mbedtls_md_context_t ctx;
unsigned char buf[150];
- mbedtls_md_init( &ctx );
- memset( buf, 0, sizeof( buf ) );
+ mbedtls_md_init(&ctx);
+ memset(buf, 0, sizeof(buf));
/*
* Very minimal testing of mbedtls_md_process, just make sure the various
@@ -26,159 +26,160 @@
*
* Also tests that mbedtls_md_list() only returns valid MDs.
*/
- for( md_type_ptr = mbedtls_md_list(); *md_type_ptr != 0; md_type_ptr++ )
- {
- info = mbedtls_md_info_from_type( *md_type_ptr );
- TEST_ASSERT( info != NULL );
- TEST_ASSERT( mbedtls_md_setup( &ctx, info, 0 ) == 0 );
- TEST_ASSERT( mbedtls_md_starts( &ctx ) == 0 );
- TEST_ASSERT( mbedtls_md_process( &ctx, buf ) == 0 );
- mbedtls_md_free( &ctx );
+ for (md_type_ptr = mbedtls_md_list(); *md_type_ptr != 0; md_type_ptr++) {
+ info = mbedtls_md_info_from_type(*md_type_ptr);
+ TEST_ASSERT(info != NULL);
+ TEST_ASSERT(mbedtls_md_setup(&ctx, info, 0) == 0);
+ TEST_ASSERT(mbedtls_md_starts(&ctx) == 0);
+ TEST_ASSERT(mbedtls_md_process(&ctx, buf) == 0);
+ mbedtls_md_free(&ctx);
}
exit:
- mbedtls_md_free( &ctx );
+ mbedtls_md_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void md_null_args( )
+void md_null_args()
{
mbedtls_md_context_t ctx;
- const mbedtls_md_info_t *info = mbedtls_md_info_from_type( *( mbedtls_md_list() ) );
+ const mbedtls_md_info_t *info = mbedtls_md_info_from_type(*(mbedtls_md_list()));
unsigned char buf[1] = { 0 };
- mbedtls_md_init( &ctx );
+ mbedtls_md_init(&ctx);
- TEST_ASSERT( mbedtls_md_get_size( NULL ) == 0 );
- TEST_ASSERT( mbedtls_md_get_type( NULL ) == MBEDTLS_MD_NONE );
- TEST_ASSERT( mbedtls_md_get_name( NULL ) == NULL );
+ TEST_ASSERT(mbedtls_md_get_size(NULL) == 0);
+ TEST_ASSERT(mbedtls_md_get_type(NULL) == MBEDTLS_MD_NONE);
+ TEST_ASSERT(mbedtls_md_get_name(NULL) == NULL);
- TEST_ASSERT( mbedtls_md_info_from_string( NULL ) == NULL );
+ TEST_ASSERT(mbedtls_md_info_from_string(NULL) == NULL);
- TEST_ASSERT( mbedtls_md_setup( &ctx, NULL, 0 ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_md_setup( NULL, info, 0 ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_md_setup(&ctx, NULL, 0) == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
+ TEST_ASSERT(mbedtls_md_setup(NULL, info, 0) == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_md_starts( NULL ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_md_starts( &ctx ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_md_starts(NULL) == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
+ TEST_ASSERT(mbedtls_md_starts(&ctx) == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_md_update( NULL, buf, 1 ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_md_update( &ctx, buf, 1 ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_md_update(NULL, buf, 1) == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
+ TEST_ASSERT(mbedtls_md_update(&ctx, buf, 1) == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_md_finish( NULL, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_md_finish( &ctx, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_md_finish(NULL, buf) == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
+ TEST_ASSERT(mbedtls_md_finish(&ctx, buf) == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_md( NULL, buf, 1, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_md(NULL, buf, 1, buf) == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
#if defined(MBEDTLS_FS_IO)
- TEST_ASSERT( mbedtls_md_file( NULL, "", buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_md_file(NULL, "", buf) == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
#endif
- TEST_ASSERT( mbedtls_md_hmac_starts( NULL, buf, 1 )
- == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_md_hmac_starts( &ctx, buf, 1 )
- == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_md_hmac_starts(NULL, buf, 1)
+ == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
+ TEST_ASSERT(mbedtls_md_hmac_starts(&ctx, buf, 1)
+ == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_md_hmac_update( NULL, buf, 1 )
- == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_md_hmac_update( &ctx, buf, 1 )
- == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_md_hmac_update(NULL, buf, 1)
+ == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
+ TEST_ASSERT(mbedtls_md_hmac_update(&ctx, buf, 1)
+ == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_md_hmac_finish( NULL, buf )
- == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_md_hmac_finish( &ctx, buf )
- == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_md_hmac_finish(NULL, buf)
+ == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
+ TEST_ASSERT(mbedtls_md_hmac_finish(&ctx, buf)
+ == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_md_hmac_reset( NULL ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_md_hmac_reset( &ctx ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_md_hmac_reset(NULL) == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
+ TEST_ASSERT(mbedtls_md_hmac_reset(&ctx) == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_md_hmac( NULL, buf, 1, buf, 1, buf )
- == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_md_hmac(NULL, buf, 1, buf, 1, buf)
+ == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_md_process( NULL, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_md_process( &ctx, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_md_process(NULL, buf) == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
+ TEST_ASSERT(mbedtls_md_process(&ctx, buf) == MBEDTLS_ERR_MD_BAD_INPUT_DATA);
/* Ok, this is not NULL arg but NULL return... */
- TEST_ASSERT( mbedtls_md_info_from_type( MBEDTLS_MD_NONE ) == NULL );
- TEST_ASSERT( mbedtls_md_info_from_string( "no such md" ) == NULL );
+ TEST_ASSERT(mbedtls_md_info_from_type(MBEDTLS_MD_NONE) == NULL);
+ TEST_ASSERT(mbedtls_md_info_from_string("no such md") == NULL);
}
/* END_CASE */
/* BEGIN_CASE */
-void md_info( int md_type, char * md_name, int md_size )
+void md_info(int md_type, char *md_name, int md_size)
{
const mbedtls_md_info_t *md_info;
const int *md_type_ptr;
int found;
- md_info = mbedtls_md_info_from_type( md_type );
- TEST_ASSERT( md_info != NULL );
- TEST_ASSERT( md_info == mbedtls_md_info_from_string( md_name ) );
+ md_info = mbedtls_md_info_from_type(md_type);
+ TEST_ASSERT(md_info != NULL);
+ TEST_ASSERT(md_info == mbedtls_md_info_from_string(md_name));
- TEST_ASSERT( mbedtls_md_get_type( md_info ) == (mbedtls_md_type_t) md_type );
- TEST_ASSERT( mbedtls_md_get_size( md_info ) == (unsigned char) md_size );
- TEST_ASSERT( strcmp( mbedtls_md_get_name( md_info ), md_name ) == 0 );
+ TEST_ASSERT(mbedtls_md_get_type(md_info) == (mbedtls_md_type_t) md_type);
+ TEST_ASSERT(mbedtls_md_get_size(md_info) == (unsigned char) md_size);
+ TEST_ASSERT(strcmp(mbedtls_md_get_name(md_info), md_name) == 0);
found = 0;
- for( md_type_ptr = mbedtls_md_list(); *md_type_ptr != 0; md_type_ptr++ )
- if( *md_type_ptr == md_type )
+ for (md_type_ptr = mbedtls_md_list(); *md_type_ptr != 0; md_type_ptr++) {
+ if (*md_type_ptr == md_type) {
found = 1;
- TEST_ASSERT( found == 1 );
+ }
+ }
+ TEST_ASSERT(found == 1);
}
/* END_CASE */
/* BEGIN_CASE */
-void md_text( char * text_md_name, char * text_src_string,
- data_t * hash )
+void md_text(char *text_md_name, char *text_src_string,
+ data_t *hash)
{
char md_name[100];
unsigned char src_str[1000];
unsigned char output[100];
const mbedtls_md_info_t *md_info = NULL;
- memset( md_name, 0x00, 100 );
- memset( src_str, 0x00, 1000 );
- memset( output, 0x00, 100 );
+ memset(md_name, 0x00, 100);
+ memset(src_str, 0x00, 1000);
+ memset(output, 0x00, 100);
- strncpy( (char *) src_str, text_src_string, sizeof( src_str ) - 1 );
- strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 );
+ strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
+ strncpy((char *) md_name, text_md_name, sizeof(md_name) - 1);
md_info = mbedtls_md_info_from_string(md_name);
- TEST_ASSERT( md_info != NULL );
+ TEST_ASSERT(md_info != NULL);
- TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, strlen( (char *) src_str ), output ) );
+ TEST_ASSERT(0 == mbedtls_md(md_info, src_str, strlen((char *) src_str), output));
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
- mbedtls_md_get_size( md_info ),
- hash->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
+ mbedtls_md_get_size(md_info),
+ hash->len) == 0);
}
/* END_CASE */
/* BEGIN_CASE */
-void md_hex( char * text_md_name, data_t * src_str, data_t * hash )
+void md_hex(char *text_md_name, data_t *src_str, data_t *hash)
{
char md_name[100];
unsigned char output[100];
const mbedtls_md_info_t *md_info = NULL;
- memset( md_name, 0x00, 100 );
- memset( output, 0x00, 100 );
+ memset(md_name, 0x00, 100);
+ memset(output, 0x00, 100);
- strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 );
- md_info = mbedtls_md_info_from_string( md_name );
- TEST_ASSERT( md_info != NULL );
+ strncpy((char *) md_name, text_md_name, sizeof(md_name) - 1);
+ md_info = mbedtls_md_info_from_string(md_name);
+ TEST_ASSERT(md_info != NULL);
- TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str->x, src_str->len, output ) );
+ TEST_ASSERT(0 == mbedtls_md(md_info, src_str->x, src_str->len, output));
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
- mbedtls_md_get_size( md_info ),
- hash->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
+ mbedtls_md_get_size(md_info),
+ hash->len) == 0);
}
/* END_CASE */
/* BEGIN_CASE */
-void md_text_multi( char * text_md_name, char * text_src_string,
- data_t * hash )
+void md_text_multi(char *text_md_name, char *text_src_string,
+ data_t *hash)
{
char md_name[100];
unsigned char src_str[1000];
@@ -188,51 +189,51 @@
const mbedtls_md_info_t *md_info = NULL;
mbedtls_md_context_t ctx, ctx_copy;
- mbedtls_md_init( &ctx );
- mbedtls_md_init( &ctx_copy );
+ mbedtls_md_init(&ctx);
+ mbedtls_md_init(&ctx_copy);
- memset( md_name, 0x00, 100 );
- memset( src_str, 0x00, 1000 );
- memset( output, 0x00, 100 );
+ memset(md_name, 0x00, 100);
+ memset(src_str, 0x00, 1000);
+ memset(output, 0x00, 100);
- strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
- strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 );
- len = strlen( (char *) src_str );
+ strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
+ strncpy((char *) md_name, text_md_name, sizeof(md_name) - 1);
+ len = strlen((char *) src_str);
halfway = len / 2;
md_info = mbedtls_md_info_from_string(md_name);
- TEST_ASSERT( md_info != NULL );
- TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 0 ) );
- TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx_copy, md_info, 0 ) );
+ TEST_ASSERT(md_info != NULL);
+ TEST_ASSERT(0 == mbedtls_md_setup(&ctx, md_info, 0));
+ TEST_ASSERT(0 == mbedtls_md_setup(&ctx_copy, md_info, 0));
- TEST_ASSERT ( 0 == mbedtls_md_starts( &ctx ) );
- TEST_ASSERT ( ctx.md_ctx != NULL );
- TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str, halfway ) );
- TEST_ASSERT ( 0 == mbedtls_md_clone( &ctx_copy, &ctx ) );
+ TEST_ASSERT(0 == mbedtls_md_starts(&ctx));
+ TEST_ASSERT(ctx.md_ctx != NULL);
+ TEST_ASSERT(0 == mbedtls_md_update(&ctx, src_str, halfway));
+ TEST_ASSERT(0 == mbedtls_md_clone(&ctx_copy, &ctx));
- TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, len - halfway ) );
- TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
- mbedtls_md_get_size( md_info ),
- hash->len) == 0 );
+ TEST_ASSERT(0 == mbedtls_md_update(&ctx, src_str + halfway, len - halfway));
+ TEST_ASSERT(0 == mbedtls_md_finish(&ctx, output));
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
+ mbedtls_md_get_size(md_info),
+ hash->len) == 0);
/* Test clone */
- memset( output, 0x00, 100 );
+ memset(output, 0x00, 100);
- TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, len - halfway ) );
- TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
- mbedtls_md_get_size( md_info ),
- hash->len ) == 0 );
+ TEST_ASSERT(0 == mbedtls_md_update(&ctx_copy, src_str + halfway, len - halfway));
+ TEST_ASSERT(0 == mbedtls_md_finish(&ctx_copy, output));
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
+ mbedtls_md_get_size(md_info),
+ hash->len) == 0);
exit:
- mbedtls_md_free( &ctx );
- mbedtls_md_free( &ctx_copy );
+ mbedtls_md_free(&ctx);
+ mbedtls_md_free(&ctx_copy);
}
/* END_CASE */
/* BEGIN_CASE */
-void md_hex_multi( char * text_md_name, data_t * src_str, data_t * hash )
+void md_hex_multi(char *text_md_name, data_t *src_str, data_t *hash)
{
char md_name[100];
unsigned char output[100];
@@ -240,73 +241,74 @@
mbedtls_md_context_t ctx, ctx_copy;
int halfway;
- mbedtls_md_init( &ctx );
- mbedtls_md_init( &ctx_copy );
+ mbedtls_md_init(&ctx);
+ mbedtls_md_init(&ctx_copy);
- memset( md_name, 0x00, 100 );
- memset( output, 0x00, 100 );
+ memset(md_name, 0x00, 100);
+ memset(output, 0x00, 100);
- strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 );
+ strncpy((char *) md_name, text_md_name, sizeof(md_name) - 1);
md_info = mbedtls_md_info_from_string(md_name);
- TEST_ASSERT( md_info != NULL );
- TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 0 ) );
- TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx_copy, md_info, 0 ) );
+ TEST_ASSERT(md_info != NULL);
+ TEST_ASSERT(0 == mbedtls_md_setup(&ctx, md_info, 0));
+ TEST_ASSERT(0 == mbedtls_md_setup(&ctx_copy, md_info, 0));
halfway = src_str->len / 2;
- TEST_ASSERT ( 0 == mbedtls_md_starts( &ctx ) );
- TEST_ASSERT ( ctx.md_ctx != NULL );
- TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str->x, halfway ) );
- TEST_ASSERT ( 0 == mbedtls_md_clone( &ctx_copy, &ctx ) );
+ TEST_ASSERT(0 == mbedtls_md_starts(&ctx));
+ TEST_ASSERT(ctx.md_ctx != NULL);
+ TEST_ASSERT(0 == mbedtls_md_update(&ctx, src_str->x, halfway));
+ TEST_ASSERT(0 == mbedtls_md_clone(&ctx_copy, &ctx));
- TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str->x + halfway, src_str->len - halfway) );
- TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
- mbedtls_md_get_size( md_info ),
- hash->len ) == 0 );
+ TEST_ASSERT(0 == mbedtls_md_update(&ctx, src_str->x + halfway, src_str->len - halfway));
+ TEST_ASSERT(0 == mbedtls_md_finish(&ctx, output));
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
+ mbedtls_md_get_size(md_info),
+ hash->len) == 0);
/* Test clone */
- memset( output, 0x00, 100 );
+ memset(output, 0x00, 100);
- TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str->x + halfway, src_str->len - halfway ) );
- TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
- mbedtls_md_get_size( md_info ),
- hash->len ) == 0 );
+ TEST_ASSERT(0 == mbedtls_md_update(&ctx_copy, src_str->x + halfway, src_str->len - halfway));
+ TEST_ASSERT(0 == mbedtls_md_finish(&ctx_copy, output));
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
+ mbedtls_md_get_size(md_info),
+ hash->len) == 0);
exit:
- mbedtls_md_free( &ctx );
- mbedtls_md_free( &ctx_copy );
+ mbedtls_md_free(&ctx);
+ mbedtls_md_free(&ctx_copy);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_md_hmac( char * text_md_name, int trunc_size,
- data_t * key_str, data_t * src_str,
- data_t * hash )
+void mbedtls_md_hmac(char *text_md_name, int trunc_size,
+ data_t *key_str, data_t *src_str,
+ data_t *hash)
{
char md_name[100];
unsigned char output[100];
const mbedtls_md_info_t *md_info = NULL;
- memset( md_name, 0x00, 100 );
- memset( output, 0x00, 100 );
+ memset(md_name, 0x00, 100);
+ memset(output, 0x00, 100);
- strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 );
- md_info = mbedtls_md_info_from_string( md_name );
- TEST_ASSERT( md_info != NULL );
+ strncpy((char *) md_name, text_md_name, sizeof(md_name) - 1);
+ md_info = mbedtls_md_info_from_string(md_name);
+ TEST_ASSERT(md_info != NULL);
- TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str->x, key_str->len, src_str->x, src_str->len, output ) == 0 );
+ TEST_ASSERT(mbedtls_md_hmac(md_info, key_str->x, key_str->len, src_str->x, src_str->len,
+ output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
- trunc_size, hash->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
+ trunc_size, hash->len) == 0);
}
/* END_CASE */
/* BEGIN_CASE */
-void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str,
- data_t * src_str, data_t * hash )
+void md_hmac_multi(char *text_md_name, int trunc_size, data_t *key_str,
+ data_t *src_str, data_t *hash)
{
char md_name[100];
unsigned char output[100];
@@ -314,62 +316,62 @@
mbedtls_md_context_t ctx;
int halfway;
- mbedtls_md_init( &ctx );
+ mbedtls_md_init(&ctx);
- memset( md_name, 0x00, 100 );
- memset( output, 0x00, 100 );
+ memset(md_name, 0x00, 100);
+ memset(output, 0x00, 100);
- strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 );
- md_info = mbedtls_md_info_from_string( md_name );
- TEST_ASSERT( md_info != NULL );
- TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 1 ) );
+ strncpy((char *) md_name, text_md_name, sizeof(md_name) - 1);
+ md_info = mbedtls_md_info_from_string(md_name);
+ TEST_ASSERT(md_info != NULL);
+ TEST_ASSERT(0 == mbedtls_md_setup(&ctx, md_info, 1));
halfway = src_str->len / 2;
- TEST_ASSERT ( 0 == mbedtls_md_hmac_starts( &ctx, key_str->x, key_str->len ) );
- TEST_ASSERT ( ctx.md_ctx != NULL );
- TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x, halfway ) );
- TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) );
- TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) );
+ TEST_ASSERT(0 == mbedtls_md_hmac_starts(&ctx, key_str->x, key_str->len));
+ TEST_ASSERT(ctx.md_ctx != NULL);
+ TEST_ASSERT(0 == mbedtls_md_hmac_update(&ctx, src_str->x, halfway));
+ TEST_ASSERT(0 == mbedtls_md_hmac_update(&ctx, src_str->x + halfway, src_str->len - halfway));
+ TEST_ASSERT(0 == mbedtls_md_hmac_finish(&ctx, output));
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
- trunc_size, hash->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
+ trunc_size, hash->len) == 0);
/* Test again, for reset() */
- memset( output, 0x00, 100 );
+ memset(output, 0x00, 100);
- TEST_ASSERT ( 0 == mbedtls_md_hmac_reset( &ctx ) );
- TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x, halfway ) );
- TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) );
- TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) );
+ TEST_ASSERT(0 == mbedtls_md_hmac_reset(&ctx));
+ TEST_ASSERT(0 == mbedtls_md_hmac_update(&ctx, src_str->x, halfway));
+ TEST_ASSERT(0 == mbedtls_md_hmac_update(&ctx, src_str->x + halfway, src_str->len - halfway));
+ TEST_ASSERT(0 == mbedtls_md_hmac_finish(&ctx, output));
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
- trunc_size, hash->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
+ trunc_size, hash->len) == 0);
exit:
- mbedtls_md_free( &ctx );
+ mbedtls_md_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void mbedtls_md_file( char * text_md_name, char * filename,
- data_t * hash )
+void mbedtls_md_file(char *text_md_name, char *filename,
+ data_t *hash)
{
char md_name[100];
unsigned char output[100];
const mbedtls_md_info_t *md_info = NULL;
- memset( md_name, 0x00, 100 );
- memset( output, 0x00, 100 );
+ memset(md_name, 0x00, 100);
+ memset(output, 0x00, 100);
- strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 );
- md_info = mbedtls_md_info_from_string( md_name );
- TEST_ASSERT( md_info != NULL );
+ strncpy((char *) md_name, text_md_name, sizeof(md_name) - 1);
+ md_info = mbedtls_md_info_from_string(md_name);
+ TEST_ASSERT(md_info != NULL);
- TEST_ASSERT( mbedtls_md_file( md_info, filename, output ) == 0 );
+ TEST_ASSERT(mbedtls_md_file(md_info, filename, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
- mbedtls_md_get_size( md_info ),
- hash->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
+ mbedtls_md_get_size(md_info),
+ hash->len) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function
index aa35c58..452acf5 100644
--- a/tests/suites/test_suite_mdx.function
+++ b/tests/suites/test_suite_mdx.function
@@ -6,67 +6,67 @@
/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_MD2_C */
-void md2_text( char * text_src_string, data_t * hash )
+void md2_text(char *text_src_string, data_t *hash)
{
int ret;
unsigned char src_str[100];
unsigned char output[16];
- memset( src_str, 0x00, sizeof src_str );
- memset( output, 0x00, sizeof output );
+ memset(src_str, 0x00, sizeof src_str);
+ memset(output, 0x00, sizeof output);
- strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
+ strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
- ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output );
- TEST_ASSERT( ret == 0 ) ;
+ ret = mbedtls_md2_ret(src_str, strlen((char *) src_str), output);
+ TEST_ASSERT(ret == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
- sizeof output, hash->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
+ sizeof output, hash->len) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MD4_C */
-void md4_text( char * text_src_string, data_t * hash )
+void md4_text(char *text_src_string, data_t *hash)
{
int ret;
unsigned char src_str[100];
unsigned char output[16];
- memset( src_str, 0x00, sizeof src_str );
- memset( output, 0x00, sizeof output );
+ memset(src_str, 0x00, sizeof src_str);
+ memset(output, 0x00, sizeof output);
- strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
+ strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
- ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_md4_ret(src_str, strlen((char *) src_str), output);
+ TEST_ASSERT(ret == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
- sizeof output, hash->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
+ sizeof output, hash->len) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MD5_C */
-void md5_text( char * text_src_string, data_t * hash )
+void md5_text(char *text_src_string, data_t *hash)
{
int ret;
unsigned char src_str[100];
unsigned char output[16];
- memset( src_str, 0x00, sizeof src_str );
- memset( output, 0x00, sizeof output );
+ memset(src_str, 0x00, sizeof src_str);
+ memset(output, 0x00, sizeof output);
- strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
+ strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
- ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_md5_ret(src_str, strlen((char *) src_str), output);
+ TEST_ASSERT(ret == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
- sizeof output, hash->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
+ sizeof output, hash->len) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RIPEMD160_C */
-void ripemd160_text( char * text_src_string, data_t * hash )
+void ripemd160_text(char *text_src_string, data_t *hash)
{
int ret;
unsigned char src_str[100];
@@ -75,40 +75,40 @@
memset(src_str, 0x00, sizeof src_str);
memset(output, 0x00, sizeof output);
- strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
+ strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
- ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_ripemd160_ret(src_str, strlen((char *) src_str), output);
+ TEST_ASSERT(ret == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
- sizeof output, hash->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
+ sizeof output, hash->len) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MD2_C:MBEDTLS_SELF_TEST */
-void md2_selftest( )
+void md2_selftest()
{
- TEST_ASSERT( mbedtls_md2_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_md2_self_test(1) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MD4_C:MBEDTLS_SELF_TEST */
-void md4_selftest( )
+void md4_selftest()
{
- TEST_ASSERT( mbedtls_md4_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_md4_self_test(1) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MD5_C:MBEDTLS_SELF_TEST */
-void md5_selftest( )
+void md5_selftest()
{
- TEST_ASSERT( mbedtls_md5_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_md5_self_test(1) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RIPEMD160_C:MBEDTLS_SELF_TEST */
-void ripemd160_selftest( )
+void ripemd160_selftest()
{
- TEST_ASSERT( mbedtls_ripemd160_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_ripemd160_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function
index cc884c2..2b81097 100644
--- a/tests/suites/test_suite_memory_buffer_alloc.function
+++ b/tests/suites/test_suite_memory_buffer_alloc.function
@@ -10,34 +10,36 @@
*/
/* BEGIN_SUITE_HELPERS */
-static int check_pointer( void *p )
+static int check_pointer(void *p)
{
- if( p == NULL )
- return( -1 );
+ if (p == NULL) {
+ return -1;
+ }
- if( (size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0 )
- return( -1 );
+ if ((size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0) {
+ return -1;
+ }
- return( 0 );
+ return 0;
}
/* END_SUITE_HELPERS */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void mbedtls_memory_buffer_alloc_self_test( )
+void mbedtls_memory_buffer_alloc_self_test()
{
- TEST_ASSERT( mbedtls_memory_buffer_alloc_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_memory_buffer_alloc_self_test(1) == 0);
}
/* END_CASE */
/* BEGIN_CASE */
-void memory_buffer_alloc_free_alloc( int a_bytes, int b_bytes, int c_bytes,
- int d_bytes, int free_a, int free_b,
- int free_c, int free_d, int e_bytes,
- int f_bytes )
+void memory_buffer_alloc_free_alloc(int a_bytes, int b_bytes, int c_bytes,
+ int d_bytes, int free_a, int free_b,
+ int free_c, int free_d, int e_bytes,
+ int f_bytes)
{
unsigned char buf[1024];
unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL, *ptr_d = NULL,
- *ptr_e = NULL, *ptr_f = NULL;
+ *ptr_e = NULL, *ptr_f = NULL;
#if defined(MBEDTLS_MEMORY_DEBUG)
size_t reported_blocks;
@@ -45,98 +47,88 @@
#endif
size_t allocated_bytes = 0;
- mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
+ mbedtls_memory_buffer_alloc_init(buf, sizeof(buf));
- mbedtls_memory_buffer_set_verify( MBEDTLS_MEMORY_VERIFY_ALWAYS );
+ mbedtls_memory_buffer_set_verify(MBEDTLS_MEMORY_VERIFY_ALWAYS);
- if( a_bytes > 0 )
- {
- ptr_a = mbedtls_calloc( a_bytes, sizeof(char) );
- TEST_ASSERT( check_pointer( ptr_a ) == 0 );
+ if (a_bytes > 0) {
+ ptr_a = mbedtls_calloc(a_bytes, sizeof(char));
+ TEST_ASSERT(check_pointer(ptr_a) == 0);
allocated_bytes += a_bytes * sizeof(char);
}
- if( b_bytes > 0 )
- {
- ptr_b = mbedtls_calloc( b_bytes, sizeof(char) );
- TEST_ASSERT( check_pointer( ptr_b ) == 0 );
+ if (b_bytes > 0) {
+ ptr_b = mbedtls_calloc(b_bytes, sizeof(char));
+ TEST_ASSERT(check_pointer(ptr_b) == 0);
allocated_bytes += b_bytes * sizeof(char);
}
- if( c_bytes > 0 )
- {
- ptr_c = mbedtls_calloc( c_bytes, sizeof(char) );
- TEST_ASSERT( check_pointer( ptr_c ) == 0 );
+ if (c_bytes > 0) {
+ ptr_c = mbedtls_calloc(c_bytes, sizeof(char));
+ TEST_ASSERT(check_pointer(ptr_c) == 0);
allocated_bytes += c_bytes * sizeof(char);
}
- if( d_bytes > 0 )
- {
- ptr_d = mbedtls_calloc( d_bytes, sizeof(char) );
- TEST_ASSERT( check_pointer( ptr_d ) == 0 );
+ if (d_bytes > 0) {
+ ptr_d = mbedtls_calloc(d_bytes, sizeof(char));
+ TEST_ASSERT(check_pointer(ptr_d) == 0);
allocated_bytes += d_bytes * sizeof(char);
}
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks );
- TEST_ASSERT( reported_bytes == allocated_bytes );
+ mbedtls_memory_buffer_alloc_cur_get(&reported_bytes, &reported_blocks);
+ TEST_ASSERT(reported_bytes == allocated_bytes);
#endif
- if( free_a )
- {
- mbedtls_free( ptr_a );
+ if (free_a) {
+ mbedtls_free(ptr_a);
ptr_a = NULL;
- TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+ TEST_ASSERT(mbedtls_memory_buffer_alloc_verify() == 0);
allocated_bytes -= a_bytes * sizeof(char);
}
- if( free_b )
- {
- mbedtls_free( ptr_b );
+ if (free_b) {
+ mbedtls_free(ptr_b);
ptr_b = NULL;
- TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+ TEST_ASSERT(mbedtls_memory_buffer_alloc_verify() == 0);
allocated_bytes -= b_bytes * sizeof(char);
}
- if( free_c )
- {
- mbedtls_free( ptr_c );
+ if (free_c) {
+ mbedtls_free(ptr_c);
ptr_c = NULL;
- TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+ TEST_ASSERT(mbedtls_memory_buffer_alloc_verify() == 0);
allocated_bytes -= c_bytes * sizeof(char);
}
- if( free_d )
- {
- mbedtls_free( ptr_d );
+ if (free_d) {
+ mbedtls_free(ptr_d);
ptr_d = NULL;
- TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+ TEST_ASSERT(mbedtls_memory_buffer_alloc_verify() == 0);
allocated_bytes -= d_bytes * sizeof(char);
}
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks );
- TEST_ASSERT( reported_bytes == allocated_bytes );
+ mbedtls_memory_buffer_alloc_cur_get(&reported_bytes, &reported_blocks);
+ TEST_ASSERT(reported_bytes == allocated_bytes);
#endif
- if( e_bytes > 0 )
- {
- ptr_e = mbedtls_calloc( e_bytes, sizeof(char) );
- TEST_ASSERT( check_pointer( ptr_e ) == 0 );
+ if (e_bytes > 0) {
+ ptr_e = mbedtls_calloc(e_bytes, sizeof(char));
+ TEST_ASSERT(check_pointer(ptr_e) == 0);
}
- if( f_bytes > 0 )
- {
- ptr_f = mbedtls_calloc( f_bytes, sizeof(char) );
- TEST_ASSERT( check_pointer( ptr_f ) == 0 );
+ if (f_bytes > 0) {
+ ptr_f = mbedtls_calloc(f_bytes, sizeof(char));
+ TEST_ASSERT(check_pointer(ptr_f) == 0);
}
/* Once blocks are reallocated, the block allocated to the memory request
@@ -144,61 +136,55 @@
* bytes, and makes it hard to know what the reported size will be, so
* we don't check the size after blocks have been reallocated. */
- if( ptr_a != NULL )
- {
- mbedtls_free( ptr_a );
+ if (ptr_a != NULL) {
+ mbedtls_free(ptr_a);
ptr_a = NULL;
- TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+ TEST_ASSERT(mbedtls_memory_buffer_alloc_verify() == 0);
}
- if( ptr_b != NULL )
- {
- mbedtls_free( ptr_b );
+ if (ptr_b != NULL) {
+ mbedtls_free(ptr_b);
ptr_b = NULL;
- TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+ TEST_ASSERT(mbedtls_memory_buffer_alloc_verify() == 0);
}
- if( ptr_c != NULL )
- {
- mbedtls_free( ptr_c );
+ if (ptr_c != NULL) {
+ mbedtls_free(ptr_c);
ptr_c = NULL;
- TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+ TEST_ASSERT(mbedtls_memory_buffer_alloc_verify() == 0);
}
- if( ptr_d != NULL )
- {
- mbedtls_free( ptr_d );
+ if (ptr_d != NULL) {
+ mbedtls_free(ptr_d);
ptr_d = NULL;
- TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+ TEST_ASSERT(mbedtls_memory_buffer_alloc_verify() == 0);
}
- if( ptr_e != NULL )
- {
- mbedtls_free( ptr_e );
+ if (ptr_e != NULL) {
+ mbedtls_free(ptr_e);
ptr_e = NULL;
- TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+ TEST_ASSERT(mbedtls_memory_buffer_alloc_verify() == 0);
}
- if( ptr_f != NULL )
- {
- mbedtls_free( ptr_f );
+ if (ptr_f != NULL) {
+ mbedtls_free(ptr_f);
ptr_f = NULL;
}
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks );
- TEST_ASSERT( reported_bytes == 0 );
+ mbedtls_memory_buffer_alloc_cur_get(&reported_bytes, &reported_blocks);
+ TEST_ASSERT(reported_bytes == 0);
#endif
- TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+ TEST_ASSERT(mbedtls_memory_buffer_alloc_verify() == 0);
exit:
- mbedtls_memory_buffer_alloc_free( );
+ mbedtls_memory_buffer_alloc_free();
}
/* END_CASE */
/* BEGIN_CASE */
-void memory_buffer_alloc_oom_test( )
+void memory_buffer_alloc_oom_test()
{
unsigned char buf[1024];
unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL;
@@ -206,71 +192,70 @@
size_t reported_blocks, reported_bytes;
#endif
- (void)ptr_c;
+ (void) ptr_c;
- mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
+ mbedtls_memory_buffer_alloc_init(buf, sizeof(buf));
- mbedtls_memory_buffer_set_verify( MBEDTLS_MEMORY_VERIFY_ALWAYS );
+ mbedtls_memory_buffer_set_verify(MBEDTLS_MEMORY_VERIFY_ALWAYS);
- ptr_a = mbedtls_calloc( 432, sizeof(char) );
- TEST_ASSERT( check_pointer( ptr_a ) == 0 );
+ ptr_a = mbedtls_calloc(432, sizeof(char));
+ TEST_ASSERT(check_pointer(ptr_a) == 0);
- ptr_b = mbedtls_calloc( 432, sizeof(char) );
- TEST_ASSERT( check_pointer( ptr_b ) == 0 );
+ ptr_b = mbedtls_calloc(432, sizeof(char));
+ TEST_ASSERT(check_pointer(ptr_b) == 0);
- ptr_c = mbedtls_calloc( 431, sizeof(char) );
- TEST_ASSERT( ptr_c == NULL );
+ ptr_c = mbedtls_calloc(431, sizeof(char));
+ TEST_ASSERT(ptr_c == NULL);
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks );
- TEST_ASSERT( reported_bytes >= 864 && reported_bytes <= sizeof(buf) );
+ mbedtls_memory_buffer_alloc_cur_get(&reported_bytes, &reported_blocks);
+ TEST_ASSERT(reported_bytes >= 864 && reported_bytes <= sizeof(buf));
#endif
- mbedtls_free( ptr_a );
+ mbedtls_free(ptr_a);
ptr_a = NULL;
- TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+ TEST_ASSERT(mbedtls_memory_buffer_alloc_verify() == 0);
- mbedtls_free( ptr_b );
+ mbedtls_free(ptr_b);
ptr_b = NULL;
- TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+ TEST_ASSERT(mbedtls_memory_buffer_alloc_verify() == 0);
#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks );
- TEST_ASSERT( reported_bytes == 0 );
+ mbedtls_memory_buffer_alloc_cur_get(&reported_bytes, &reported_blocks);
+ TEST_ASSERT(reported_bytes == 0);
#endif
- TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+ TEST_ASSERT(mbedtls_memory_buffer_alloc_verify() == 0);
exit:
- mbedtls_memory_buffer_alloc_free( );
+ mbedtls_memory_buffer_alloc_free();
}
/* END_CASE */
/* BEGIN_CASE */
-void memory_buffer_heap_too_small( )
+void memory_buffer_heap_too_small()
{
unsigned char buf[1];
- mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
+ mbedtls_memory_buffer_alloc_init(buf, sizeof(buf));
/* With MBEDTLS_MEMORY_DEBUG enabled, this prints a message
* "FATAL: verification of first header failed".
*/
- TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() != 0 );
+ TEST_ASSERT(mbedtls_memory_buffer_alloc_verify() != 0);
}
/* END_CASE */
/* BEGIN_CASE */
-void memory_buffer_underalloc( )
+void memory_buffer_underalloc()
{
unsigned char buf[100];
size_t i;
- mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
- for( i = 1; i < MBEDTLS_MEMORY_ALIGN_MULTIPLE; i++ )
- {
- TEST_ASSERT( mbedtls_calloc( 1,
- (size_t)-( MBEDTLS_MEMORY_ALIGN_MULTIPLE - i ) ) == NULL );
- TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+ mbedtls_memory_buffer_alloc_init(buf, sizeof(buf));
+ for (i = 1; i < MBEDTLS_MEMORY_ALIGN_MULTIPLE; i++) {
+ TEST_ASSERT(mbedtls_calloc(1,
+ (size_t) -(MBEDTLS_MEMORY_ALIGN_MULTIPLE - i)) == NULL);
+ TEST_ASSERT(mbedtls_memory_buffer_alloc_verify() == 0);
}
exit:
diff --git a/tests/suites/test_suite_mps.function b/tests/suites/test_suite_mps.function
index 5ef3288..a9ccf22 100644
--- a/tests/suites/test_suite_mps.function
+++ b/tests/suites/test_suite_mps.function
@@ -25,7 +25,7 @@
*/
/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */
-void mbedtls_mps_reader_no_pausing_single_step_single_round( int with_acc )
+void mbedtls_mps_reader_no_pausing_single_step_single_round(int with_acc)
{
/* This test exercises the most basic use of the MPS reader:
* - The 'producing' layer provides a buffer
@@ -46,29 +46,31 @@
unsigned char *tmp;
int paused;
mbedtls_mps_reader rd;
- for( size_t i=0; (unsigned) i < sizeof( bufA ); i++ )
+ for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) {
bufA[i] = (unsigned char) i;
+ }
/* Preparation (lower layer) */
- if( with_acc == 0 )
- mbedtls_mps_reader_init( &rd, NULL, 0 );
- else
- mbedtls_mps_reader_init( &rd, acc, sizeof( acc ) );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufA, sizeof( bufA ) ) == 0 );
+ if (with_acc == 0) {
+ mbedtls_mps_reader_init(&rd, NULL, 0);
+ } else {
+ mbedtls_mps_reader_init(&rd, acc, sizeof(acc));
+ }
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0);
/* Consumption (upper layer) */
/* Consume exactly what's available */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 100, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 100, bufA, 100 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 100, bufA, 100);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup (lower layer) */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, &paused ) == 0 );
- TEST_ASSERT( paused == 0 );
- mbedtls_mps_reader_free( &rd );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, &paused) == 0);
+ TEST_ASSERT(paused == 0);
+ mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */
-void mbedtls_mps_reader_no_pausing_single_step_multiple_rounds( int with_acc )
+void mbedtls_mps_reader_no_pausing_single_step_multiple_rounds(int with_acc)
{
/* This test exercises multiple rounds of the basic use of the MPS reader:
* - The 'producing' layer provides a buffer
@@ -89,37 +91,40 @@
unsigned char acc[10];
unsigned char *tmp;
mbedtls_mps_reader rd;
- for( size_t i=0; (unsigned) i < sizeof( bufA ); i++ )
+ for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) {
bufA[i] = (unsigned char) i;
- for( size_t i=0; (unsigned) i < sizeof( bufB ); i++ )
- bufB[i] = ~ ((unsigned char) i);
+ }
+ for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) {
+ bufB[i] = ~((unsigned char) i);
+ }
/* Preparation (lower layer) */
- if( with_acc == 0 )
- mbedtls_mps_reader_init( &rd, NULL, 0 );
- else
- mbedtls_mps_reader_init( &rd, acc, sizeof( acc ) );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufA, sizeof( bufA ) ) == 0 );
+ if (with_acc == 0) {
+ mbedtls_mps_reader_init(&rd, NULL, 0);
+ } else {
+ mbedtls_mps_reader_init(&rd, acc, sizeof(acc));
+ }
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0);
/* Consumption (upper layer) */
/* Consume exactly what's available */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 100, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 100, bufA, 100 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 100, bufA, 100);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Preparation */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufB, sizeof( bufB ) ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0);
/* Consumption */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 100, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 100, bufB, 100 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 100, bufB, 100);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup (lower layer) */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) == 0 );
- mbedtls_mps_reader_free( &rd );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+ mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */
-void mbedtls_mps_reader_no_pausing_multiple_steps_single_round( int with_acc )
+void mbedtls_mps_reader_no_pausing_multiple_steps_single_round(int with_acc)
{
/* This test exercises one round of the following:
* - The 'producing' layer provides a buffer
@@ -144,31 +149,33 @@
unsigned char *tmp;
mbedtls_mps_size_t tmp_len;
mbedtls_mps_reader rd;
- for( size_t i=0; (unsigned) i < sizeof( buf ); i++ )
+ for (size_t i = 0; (unsigned) i < sizeof(buf); i++) {
buf[i] = (unsigned char) i;
+ }
/* Preparation (lower layer) */
- if( with_acc == 0 )
- mbedtls_mps_reader_init( &rd, NULL, 0 );
- else
- mbedtls_mps_reader_init( &rd, acc, sizeof( acc ) );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, buf, sizeof( buf ) ) == 0 );
+ if (with_acc == 0) {
+ mbedtls_mps_reader_init(&rd, NULL, 0);
+ } else {
+ mbedtls_mps_reader_init(&rd, acc, sizeof(acc));
+ }
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0);
/* Consumption (upper layer) */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 10, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, buf, 10 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 70, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 70, buf + 10, 70 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 30, &tmp, &tmp_len ) == 0 );
- ASSERT_COMPARE( tmp, tmp_len, buf + 80, 20 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, buf, 10);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 70, buf + 10, 70);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, &tmp_len) == 0);
+ ASSERT_COMPARE(tmp, tmp_len, buf + 80, 20);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup (lower layer) */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) == 0 );
- mbedtls_mps_reader_free( &rd );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+ mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */
-void mbedtls_mps_reader_no_pausing_multiple_steps_multiple_rounds( int with_acc )
+void mbedtls_mps_reader_no_pausing_multiple_steps_multiple_rounds(int with_acc)
{
/* This test exercises one round of fetching a buffer in multiple chunks
* and passing it back to the producer afterwards, followed by another
@@ -179,35 +186,38 @@
unsigned char *tmp;
mbedtls_mps_size_t tmp_len;
mbedtls_mps_reader rd;
- for( size_t i=0; (unsigned) i < sizeof( bufA ); i++ )
+ for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) {
bufA[i] = (unsigned char) i;
- for( size_t i=0; (unsigned) i < sizeof( bufB ); i++ )
- bufB[i] = ~ ((unsigned char) i);
+ }
+ for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) {
+ bufB[i] = ~((unsigned char) i);
+ }
/* Preparation (lower layer) */
- if( with_acc == 0 )
- mbedtls_mps_reader_init( &rd, NULL, 0 );
- else
- mbedtls_mps_reader_init( &rd, acc, sizeof( acc ) );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufA, sizeof( bufA ) ) == 0 );
+ if (with_acc == 0) {
+ mbedtls_mps_reader_init(&rd, NULL, 0);
+ } else {
+ mbedtls_mps_reader_init(&rd, acc, sizeof(acc));
+ }
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0);
/* Consumption (upper layer) */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 10, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA, 10 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 70, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 70, bufA + 10, 70 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 30, &tmp, &tmp_len ) == 0 );
- ASSERT_COMPARE( tmp, tmp_len, bufA + 80, 20 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA, 10);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 70, bufA + 10, 70);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, &tmp_len) == 0);
+ ASSERT_COMPARE(tmp, tmp_len, bufA + 80, 20);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Preparation */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufB, sizeof( bufB ) ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0);
/* Consumption */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 100, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 100, bufB, 100 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 100, bufB, 100);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) == 0 );
- mbedtls_mps_reader_free( &rd );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+ mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -224,22 +234,23 @@
unsigned char buf[100];
unsigned char *tmp;
mbedtls_mps_reader rd;
- for( size_t i=0; (unsigned) i < sizeof( buf ); i++ )
+ for (size_t i = 0; (unsigned) i < sizeof(buf); i++) {
buf[i] = (unsigned char) i;
+ }
/* Preparation (lower layer) */
- mbedtls_mps_reader_init( &rd, NULL, 0 );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, buf, sizeof( buf ) ) == 0 );
+ mbedtls_mps_reader_init(&rd, NULL, 0);
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0);
/* Consumption (upper layer) */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 50, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 50, buf, 50 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 100, &tmp, NULL ) ==
- MBEDTLS_ERR_MPS_READER_OUT_OF_DATA );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 50, buf, 50);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) ==
+ MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
/* Wrapup (lower layer) */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) ==
- MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR );
- mbedtls_mps_reader_free( &rd );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) ==
+ MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR);
+ mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -264,28 +275,29 @@
mbedtls_mps_reader rd;
mbedtls_mps_size_t tmp_len;
- for( size_t i=0; (unsigned) i < sizeof( buf ); i++ )
+ for (size_t i = 0; (unsigned) i < sizeof(buf); i++) {
buf[i] = (unsigned char) i;
+ }
/* Preparation (lower layer) */
- mbedtls_mps_reader_init( &rd, acc, sizeof( acc ) );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, buf, sizeof( buf ) ) == 0 );
+ mbedtls_mps_reader_init(&rd, acc, sizeof(acc));
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0);
/* Consumption (upper layer) */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 50, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 50, buf, 50 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 10, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, buf + 50, 10 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 100, &tmp, NULL ) ==
- MBEDTLS_ERR_MPS_READER_OUT_OF_DATA );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 50, buf, 50);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, buf + 50, 10);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) ==
+ MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
/* Wrapup (lower layer) */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) ==
- MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) ==
+ MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL);
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 50, &tmp, &tmp_len ) == 0 );
- ASSERT_COMPARE( tmp, tmp_len, buf + 50, 50 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, &tmp_len) == 0);
+ ASSERT_COMPARE(tmp, tmp_len, buf + 50, 50);
- mbedtls_mps_reader_free( &rd );
+ mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -304,28 +316,29 @@
unsigned char *tmp;
mbedtls_mps_reader rd;
- for( size_t i=0; (unsigned) i < sizeof( buf ); i++ )
+ for (size_t i = 0; (unsigned) i < sizeof(buf); i++) {
buf[i] = (unsigned char) i;
+ }
/* Preparation (lower layer) */
- mbedtls_mps_reader_init( &rd, acc, sizeof( acc ) );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, buf, sizeof( buf ) ) == 0 );
+ mbedtls_mps_reader_init(&rd, acc, sizeof(acc));
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0);
/* Consumption (upper layer) */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 50, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 50, buf, 50 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 50, buf, 50);
/* Excess request */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, (mbedtls_mps_size_t) -1, &tmp, NULL ) ==
- MBEDTLS_ERR_MPS_READER_OUT_OF_DATA );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, (mbedtls_mps_size_t) -1, &tmp, NULL) ==
+ MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
/* Wrapup (lower layer) */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) ==
- MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) ==
+ MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL);
- mbedtls_mps_reader_free( &rd );
+ mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */
-void mbedtls_mps_reader_pausing( int option )
+void mbedtls_mps_reader_pausing(int option)
{
/* This test exercises the behaviour of the reader when the
* accumulator is used to fulfill a consumer's request.
@@ -349,108 +362,108 @@
unsigned char acc[40];
int paused;
mbedtls_mps_reader rd;
- for( size_t i=0; (unsigned) i < sizeof( bufA ); i++ )
+ for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) {
bufA[i] = (unsigned char) i;
- for( size_t i=0; (unsigned) i < sizeof( bufB ); i++ )
- bufB[i] = ~ ((unsigned char) i);
+ }
+ for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) {
+ bufB[i] = ~((unsigned char) i);
+ }
/* Preparation (lower layer) */
- mbedtls_mps_reader_init( &rd, acc, sizeof( acc ) );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufA, sizeof( bufA ) ) == 0 );
+ mbedtls_mps_reader_init(&rd, acc, sizeof(acc));
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0);
/* Consumption (upper layer) */
/* Ask for more than what's available. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 80, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 80, bufA, 80 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 10, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 80, 10 );
- switch( option )
- {
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 80, bufA, 80);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ switch (option) {
case 0: /* Single uncommitted fetch at pausing */
case 1:
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
break;
default: /* Multiple uncommitted fetches at pausing */
break;
}
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 20, &tmp, NULL ) ==
- MBEDTLS_ERR_MPS_READER_OUT_OF_DATA );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) ==
+ MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
/* Preparation */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, &paused ) == 0 );
- TEST_ASSERT( paused == 1 );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufB, sizeof( bufB ) ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, &paused) == 0);
+ TEST_ASSERT(paused == 1);
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0);
/* Consumption */
- switch( option )
- {
+ switch (option) {
case 0: /* Single fetch at pausing, re-fetch with commit. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 20, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 90, 10 );
- ASSERT_COMPARE( tmp + 10, 10, bufB, 10 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
+ ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
break;
case 1: /* Single fetch at pausing, re-fetch without commit. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 20, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 90, 10 );
- ASSERT_COMPARE( tmp + 10, 10, bufB, 10 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
+ ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
break;
case 2: /* Multiple fetches at pausing, repeat without commit. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 10, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 80, 10 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 20, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 90, 10 );
- ASSERT_COMPARE( tmp + 10, 10, bufB, 10 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
+ ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
break;
case 3: /* Multiple fetches at pausing, repeat with commit 1. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 10, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 80, 10 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 20, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 90, 10 );
- ASSERT_COMPARE( tmp + 10, 10, bufB, 10 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
+ ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
break;
case 4: /* Multiple fetches at pausing, repeat with commit 2. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 10, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 80, 10 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 20, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 90, 10 );
- ASSERT_COMPARE( tmp + 10, 10, bufB, 10 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
+ ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
break;
case 5: /* Multiple fetches at pausing, repeat with commit 3. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 10, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 80, 10 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 20, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 90, 10 );
- ASSERT_COMPARE( tmp + 10, 10, bufB, 10 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
+ ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
break;
default:
- TEST_ASSERT( 0 );
+ TEST_ASSERT(0);
}
/* In all cases, fetch the rest of the second buffer. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 90, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 90, bufB + 10, 90 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 90, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 90, bufB + 10, 90);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) == 0 );
- mbedtls_mps_reader_free( &rd );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+ mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */
-void mbedtls_mps_reader_pausing_multiple_feeds( int option )
+void mbedtls_mps_reader_pausing_multiple_feeds(int option)
{
/* This test exercises the behaviour of the MPS reader
* in the following situation:
@@ -471,93 +484,91 @@
unsigned char acc[70];
mbedtls_mps_reader rd;
mbedtls_mps_size_t fetch_len;
- for( size_t i=0; (unsigned) i < sizeof( bufA ); i++ )
+ for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) {
bufA[i] = (unsigned char) i;
- for( size_t i=0; (unsigned) i < sizeof( bufB ); i++ )
- bufB[i] = ~ ((unsigned char) i);
+ }
+ for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) {
+ bufB[i] = ~((unsigned char) i);
+ }
/* Preparation (lower layer) */
- mbedtls_mps_reader_init( &rd, acc, sizeof( acc ) );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufA, sizeof( bufA ) ) == 0 );
+ mbedtls_mps_reader_init(&rd, acc, sizeof(acc));
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0);
/* Consumption (upper layer) */
/* Ask for more than what's available. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 80, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 80, bufA, 80 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 80, bufA, 80);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* 20 left, ask for 70 -> 50 overhead */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 70, &tmp, NULL ) ==
- MBEDTLS_ERR_MPS_READER_OUT_OF_DATA );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) ==
+ MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
/* Preparation */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) == 0 );
- switch( option )
- {
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+ switch (option) {
case 0: /* 10 + 10 + 80 byte feed */
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufB, 10 ) ==
- MBEDTLS_ERR_MPS_READER_NEED_MORE );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufB + 10, 10 ) ==
- MBEDTLS_ERR_MPS_READER_NEED_MORE );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufB + 20, 80 ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, 10) ==
+ MBEDTLS_ERR_MPS_READER_NEED_MORE);
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + 10, 10) ==
+ MBEDTLS_ERR_MPS_READER_NEED_MORE);
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + 20, 80) == 0);
break;
case 1: /* 50 x 1byte */
- for( size_t num_feed = 0; num_feed < 49; num_feed++ )
- {
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufB + num_feed, 1 ) ==
- MBEDTLS_ERR_MPS_READER_NEED_MORE );
+ for (size_t num_feed = 0; num_feed < 49; num_feed++) {
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + num_feed, 1) ==
+ MBEDTLS_ERR_MPS_READER_NEED_MORE);
}
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufB + 49, 1 ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + 49, 1) == 0);
break;
case 2: /* 49 x 1byte + 51bytes */
- for( size_t num_feed = 0; num_feed < 49; num_feed++ )
- {
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufB + num_feed, 1 ) ==
- MBEDTLS_ERR_MPS_READER_NEED_MORE );
+ for (size_t num_feed = 0; num_feed < 49; num_feed++) {
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + num_feed, 1) ==
+ MBEDTLS_ERR_MPS_READER_NEED_MORE);
}
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufB + 49, 51 ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + 49, 51) == 0);
break;
default:
- TEST_ASSERT( 0 );
+ TEST_ASSERT(0);
break;
}
/* Consumption */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 70, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 20, bufA + 80, 20 );
- ASSERT_COMPARE( tmp + 20, 50, bufB, 50 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 1000, &tmp, &fetch_len ) == 0 );
- switch( option )
- {
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 20, bufA + 80, 20);
+ ASSERT_COMPARE(tmp + 20, 50, bufB, 50);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 1000, &tmp, &fetch_len) == 0);
+ switch (option) {
case 0:
- TEST_ASSERT( fetch_len == 50 );
+ TEST_ASSERT(fetch_len == 50);
break;
case 1:
- TEST_ASSERT( fetch_len == 0 );
+ TEST_ASSERT(fetch_len == 0);
break;
case 2:
- TEST_ASSERT( fetch_len == 50 );
+ TEST_ASSERT(fetch_len == 50);
break;
default:
- TEST_ASSERT( 0 );
+ TEST_ASSERT(0);
break;
}
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) == 0 );
- mbedtls_mps_reader_free( &rd );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+ mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */
-void mbedtls_mps_reader_reclaim_data_left( int option )
+void mbedtls_mps_reader_reclaim_data_left(int option)
{
/* This test exercises the behaviour of the MPS reader when a
* call to mbedtls_mps_reader_reclaim() is made before all data
@@ -566,53 +577,53 @@
unsigned char buf[100];
unsigned char *tmp;
mbedtls_mps_reader rd;
- for( size_t i=0; (unsigned) i < sizeof( buf ); i++ )
+ for (size_t i = 0; (unsigned) i < sizeof(buf); i++) {
buf[i] = (unsigned char) i;
+ }
/* Preparation (lower layer) */
- mbedtls_mps_reader_init( &rd, NULL, 0 );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, buf, sizeof( buf ) ) == 0 );
+ mbedtls_mps_reader_init(&rd, NULL, 0);
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0);
/* Consumption (upper layer) */
- switch( option )
- {
+ switch (option) {
case 0:
/* Fetch (but not commit) the entire buffer. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, sizeof( buf ), &tmp, NULL )
- == 0 );
- ASSERT_COMPARE( tmp, 100, buf, 100 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf), &tmp, NULL)
+ == 0);
+ ASSERT_COMPARE(tmp, 100, buf, 100);
break;
case 1:
/* Fetch (but not commit) parts of the buffer. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, sizeof( buf ) / 2,
- &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, sizeof( buf ) / 2, buf, sizeof( buf ) / 2 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2,
+ &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2);
break;
case 2:
/* Fetch and commit parts of the buffer, then
* fetch but not commit the rest of the buffer. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, sizeof( buf ) / 2,
- &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, sizeof( buf ) / 2, buf, sizeof( buf ) / 2 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, sizeof( buf ) / 2,
- &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, sizeof( buf ) / 2,
- buf + sizeof( buf ) / 2,
- sizeof( buf ) / 2 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2,
+ &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2,
+ &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, sizeof(buf) / 2,
+ buf + sizeof(buf) / 2,
+ sizeof(buf) / 2);
break;
default:
- TEST_ASSERT( 0 );
+ TEST_ASSERT(0);
break;
}
/* Wrapup */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) ==
- MBEDTLS_ERR_MPS_READER_DATA_LEFT );
- mbedtls_mps_reader_free( &rd );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) ==
+ MBEDTLS_ERR_MPS_READER_DATA_LEFT);
+ mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -626,33 +637,34 @@
unsigned char *tmp;
mbedtls_mps_reader rd;
- for( size_t i=0; (unsigned) i < sizeof( buf ); i++ )
+ for (size_t i = 0; (unsigned) i < sizeof(buf); i++) {
buf[i] = (unsigned char) i;
+ }
/* Preparation (lower layer) */
- mbedtls_mps_reader_init( &rd, NULL, 0 );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, buf, sizeof( buf ) ) == 0 );
+ mbedtls_mps_reader_init(&rd, NULL, 0);
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0);
/* Consumption (upper layer) */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 50, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 50, buf, 50 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 50, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 50, buf + 50, 50 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 50, buf, 50);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 50, buf + 50, 50);
/* Preparation */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) ==
- MBEDTLS_ERR_MPS_READER_DATA_LEFT );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) ==
+ MBEDTLS_ERR_MPS_READER_DATA_LEFT);
/* Consumption */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 50, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 50, buf + 50, 50 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 50, buf + 50, 50);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) == 0 );
- mbedtls_mps_reader_free( &rd );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+ mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */
-void mbedtls_mps_reader_multiple_pausing( int option )
+void mbedtls_mps_reader_multiple_pausing(int option)
{
/* This test exercises the behaviour of the MPS reader
* in the following situation:
@@ -670,126 +682,128 @@
unsigned char acc[50];
mbedtls_mps_size_t tmp_len;
mbedtls_mps_reader rd;
- for( size_t i=0; (unsigned) i < sizeof( bufA ); i++ )
+ for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) {
bufA[i] = (unsigned char) i;
- for( size_t i=0; (unsigned) i < sizeof( bufB ); i++ )
- bufB[i] = ~ ((unsigned char) i);
- for( size_t i=0; (unsigned) i < sizeof( bufC ); i++ )
- bufC[i] = ~ ((unsigned char) i);
+ }
+ for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) {
+ bufB[i] = ~((unsigned char) i);
+ }
+ for (size_t i = 0; (unsigned) i < sizeof(bufC); i++) {
+ bufC[i] = ~((unsigned char) i);
+ }
/* Preparation (lower layer) */
- mbedtls_mps_reader_init( &rd, acc, sizeof( acc ) );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufA, sizeof( bufA ) ) == 0 );
+ mbedtls_mps_reader_init(&rd, acc, sizeof(acc));
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0);
/* Consumption (upper layer) */
/* Ask for more than what's available. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 80, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 80, bufA, 80 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 10, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 80, 10 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 20, &tmp, NULL ) ==
- MBEDTLS_ERR_MPS_READER_OUT_OF_DATA );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 80, bufA, 80);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) ==
+ MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
/* Preparation */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufB, sizeof( bufB ) ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0);
- switch( option )
- {
+ switch (option) {
case 0: /* Fetch same chunks, commit afterwards, and
* then exceed bounds of new buffer; accumulator
* large enough. */
/* Consume */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 10, &tmp, &tmp_len ) == 0 );
- ASSERT_COMPARE( tmp, tmp_len, bufA + 80, 10 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 20, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 90, 10 );
- ASSERT_COMPARE( tmp + 10, 10, bufB, 10 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 20, &tmp, NULL ) ==
- MBEDTLS_ERR_MPS_READER_OUT_OF_DATA );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, &tmp_len) == 0);
+ ASSERT_COMPARE(tmp, tmp_len, bufA + 80, 10);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
+ ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) ==
+ MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
/* Prepare */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufC, sizeof( bufC ) ) == 0 );;
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufC, sizeof(bufC)) == 0);;
/* Consume */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 20, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufB + 10, 10 );
- ASSERT_COMPARE( tmp + 10, 10, bufC, 10 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufB + 10, 10);
+ ASSERT_COMPARE(tmp + 10, 10, bufC, 10);
break;
case 1: /* Fetch same chunks, commit afterwards, and
* then exceed bounds of new buffer; accumulator
* not large enough. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 10, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 80, 10 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 20, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 90, 10 );
- ASSERT_COMPARE( tmp + 10, 10, bufB, 10 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 51, &tmp, NULL ) ==
- MBEDTLS_ERR_MPS_READER_OUT_OF_DATA );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
+ ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 51, &tmp, NULL) ==
+ MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
/* Prepare */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) ==
- MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) ==
+ MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL);
break;
case 2: /* Fetch same chunks, don't commit afterwards, and
* then exceed bounds of new buffer; accumulator
* large enough. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 10, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 80, 10 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 20, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 90, 10 );
- ASSERT_COMPARE( tmp + 10, 10, bufB, 10 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 20, &tmp, NULL ) ==
- MBEDTLS_ERR_MPS_READER_OUT_OF_DATA );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
+ ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) ==
+ MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
/* Prepare */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufC, sizeof( bufC ) ) == 0 );;
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufC, sizeof(bufC)) == 0);;
/* Consume */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 50, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 20, bufA + 80, 20 );
- ASSERT_COMPARE( tmp + 20, 20, bufB, 20 );
- ASSERT_COMPARE( tmp + 40, 10, bufC, 10 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 20, bufA + 80, 20);
+ ASSERT_COMPARE(tmp + 20, 20, bufB, 20);
+ ASSERT_COMPARE(tmp + 40, 10, bufC, 10);
break;
case 3: /* Fetch same chunks, don't commit afterwards, and
* then exceed bounds of new buffer; accumulator
* not large enough. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 10, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 80, 10 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 20, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 10, bufA + 90, 10 );
- ASSERT_COMPARE( tmp + 10, 10, bufB, 10 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 21, &tmp, NULL ) ==
- MBEDTLS_ERR_MPS_READER_OUT_OF_DATA );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
+ ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 21, &tmp, NULL) ==
+ MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
/* Prepare */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) ==
- MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) ==
+ MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL);
break;
default:
- TEST_ASSERT( 0 );
+ TEST_ASSERT(0);
break;
}
- mbedtls_mps_reader_free( &rd );
+ mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER:MBEDTLS_MPS_STATE_VALIDATION */
-void mbedtls_mps_reader_random_usage( int num_out_chunks,
- int max_chunk_size,
- int max_request,
- int acc_size )
+void mbedtls_mps_reader_random_usage(int num_out_chunks,
+ int max_chunk_size,
+ int max_request,
+ int acc_size)
{
/* Randomly pass a reader object back and forth between lower and
@@ -829,130 +843,108 @@
* returning the reader to the upper layer. */
mbedtls_mps_reader rd;
- if( acc_size > 0 )
- {
- ASSERT_ALLOC( acc, acc_size );
+ if (acc_size > 0) {
+ ASSERT_ALLOC(acc, acc_size);
}
/* This probably needs to be changed because we want
* our tests to be deterministic. */
// srand( time( NULL ) );
- ASSERT_ALLOC( outgoing, num_out_chunks * max_chunk_size );
- ASSERT_ALLOC( incoming, num_out_chunks * max_chunk_size );
+ ASSERT_ALLOC(outgoing, num_out_chunks * max_chunk_size);
+ ASSERT_ALLOC(incoming, num_out_chunks * max_chunk_size);
- mbedtls_mps_reader_init( &rd, acc, acc_size );
+ mbedtls_mps_reader_init(&rd, acc, acc_size);
cur_out_chunk = 0;
in_commit = 0;
in_fetch = 0;
out_pos = 0;
- while( cur_out_chunk < (unsigned) num_out_chunks )
- {
- if( mode == 0 )
- {
+ while (cur_out_chunk < (unsigned) num_out_chunks) {
+ if (mode == 0) {
/* Choose randomly between reclaim and feed */
rand_op = rand() % 2;
- if( rand_op == 0 )
- {
+ if (rand_op == 0) {
/* Reclaim */
- ret = mbedtls_mps_reader_reclaim( &rd, NULL );
+ ret = mbedtls_mps_reader_reclaim(&rd, NULL);
- if( ret == 0 )
- {
- TEST_ASSERT( cur_chunk != NULL );
- mbedtls_free( cur_chunk );
+ if (ret == 0) {
+ TEST_ASSERT(cur_chunk != NULL);
+ mbedtls_free(cur_chunk);
cur_chunk = NULL;
}
reclaimed = 1;
- }
- else
- {
+ } else {
/* Feed reader with a random chunk */
unsigned char *tmp = NULL;
size_t tmp_size;
- if( cur_out_chunk == (unsigned) num_out_chunks )
+ if (cur_out_chunk == (unsigned) num_out_chunks) {
continue;
+ }
- tmp_size = ( rand() % max_chunk_size ) + 1;
- ASSERT_ALLOC( tmp, tmp_size );
+ tmp_size = (rand() % max_chunk_size) + 1;
+ ASSERT_ALLOC(tmp, tmp_size);
- TEST_ASSERT( mbedtls_test_rnd_std_rand( NULL, tmp, tmp_size ) == 0 );
- ret = mbedtls_mps_reader_feed( &rd, tmp, tmp_size );
+ TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL, tmp, tmp_size) == 0);
+ ret = mbedtls_mps_reader_feed(&rd, tmp, tmp_size);
- if( ret == 0 || ret == MBEDTLS_ERR_MPS_READER_NEED_MORE )
- {
+ if (ret == 0 || ret == MBEDTLS_ERR_MPS_READER_NEED_MORE) {
cur_out_chunk++;
- memcpy( outgoing + out_pos, tmp, tmp_size );
+ memcpy(outgoing + out_pos, tmp, tmp_size);
out_pos += tmp_size;
}
- if( ret == 0 )
- {
- TEST_ASSERT( cur_chunk == NULL );
+ if (ret == 0) {
+ TEST_ASSERT(cur_chunk == NULL);
cur_chunk = tmp;
- }
- else
- {
- mbedtls_free( tmp );
+ } else {
+ mbedtls_free(tmp);
}
}
/* Randomly switch to consumption mode if reclaim
* was called at least once. */
- if( reclaimed == 1 && rand() % 3 == 0 )
- {
+ if (reclaimed == 1 && rand() % 3 == 0) {
in_fetch = 0;
mode = 1;
}
- }
- else
- {
+ } else {
/* Choose randomly between get tolerating fewer data,
* get not tolerating fewer data, and commit. */
rand_op = rand() % 3;
- if( rand_op == 0 || rand_op == 1 )
- {
+ if (rand_op == 0 || rand_op == 1) {
mbedtls_mps_size_t get_size, real_size;
unsigned char *chunk_get;
- get_size = ( rand() % max_request ) + 1;
- if( rand_op == 0 )
- {
- ret = mbedtls_mps_reader_get( &rd, get_size, &chunk_get,
- &real_size );
- }
- else
- {
+ get_size = (rand() % max_request) + 1;
+ if (rand_op == 0) {
+ ret = mbedtls_mps_reader_get(&rd, get_size, &chunk_get,
+ &real_size);
+ } else {
real_size = get_size;
- ret = mbedtls_mps_reader_get( &rd, get_size, &chunk_get, NULL );
+ ret = mbedtls_mps_reader_get(&rd, get_size, &chunk_get, NULL);
}
/* Check if output is in accordance with what was written */
- if( ret == 0 )
- {
- memcpy( incoming + in_commit + in_fetch,
- chunk_get, real_size );
- TEST_ASSERT( memcmp( incoming + in_commit + in_fetch,
- outgoing + in_commit + in_fetch,
- real_size ) == 0 );
+ if (ret == 0) {
+ memcpy(incoming + in_commit + in_fetch,
+ chunk_get, real_size);
+ TEST_ASSERT(memcmp(incoming + in_commit + in_fetch,
+ outgoing + in_commit + in_fetch,
+ real_size) == 0);
in_fetch += real_size;
}
- }
- else if( rand_op == 2 ) /* Commit */
- {
- ret = mbedtls_mps_reader_commit( &rd );
- if( ret == 0 )
- {
+ } else if (rand_op == 2) { /* Commit */
+ ret = mbedtls_mps_reader_commit(&rd);
+ if (ret == 0) {
in_commit += in_fetch;
in_fetch = 0;
}
}
/* Randomly switch back to preparation */
- if( rand() % 3 == 0 )
- {
+ if (rand() % 3 == 0) {
reclaimed = 0;
mode = 0;
}
@@ -960,16 +952,16 @@
}
/* Cleanup */
- mbedtls_mps_reader_free( &rd );
- mbedtls_free( incoming );
- mbedtls_free( outgoing );
- mbedtls_free( acc );
- mbedtls_free( cur_chunk );
+ mbedtls_mps_reader_free(&rd);
+ mbedtls_free(incoming);
+ mbedtls_free(outgoing);
+ mbedtls_free(acc);
+ mbedtls_free(cur_chunk);
}
/* END_CASE */
/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */
-void mbedtls_reader_inconsistent_usage( int option )
+void mbedtls_reader_inconsistent_usage(int option)
{
/* This test exercises the behaviour of the MPS reader
* in the following situation:
@@ -989,130 +981,130 @@
unsigned char acc[40];
mbedtls_mps_reader rd;
int success = 0;
- for( size_t i=0; (unsigned) i < sizeof( bufA ); i++ )
+ for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) {
bufA[i] = (unsigned char) i;
- for( size_t i=0; (unsigned) i < sizeof( bufB ); i++ )
- bufB[i] = ~ ((unsigned char) i);
+ }
+ for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) {
+ bufB[i] = ~((unsigned char) i);
+ }
/* Preparation (lower layer) */
- mbedtls_mps_reader_init( &rd, acc, sizeof( acc ) );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufA, sizeof( bufA ) ) == 0 );
+ mbedtls_mps_reader_init(&rd, acc, sizeof(acc));
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0);
/* Consumption (upper layer) */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 80, &tmp, NULL ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 10, &tmp, NULL ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 20, &tmp, NULL ) ==
- MBEDTLS_ERR_MPS_READER_OUT_OF_DATA );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) ==
+ MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
/* Preparation */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, bufB, sizeof( bufB ) ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0);
/* Consumption */
- switch( option )
- {
+ switch (option) {
case 0:
/* Ask for buffered data in a single chunk, no commit */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 30, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 20, bufA + 80, 20 );
- ASSERT_COMPARE( tmp + 20, 10, bufB, 10 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 20, bufA + 80, 20);
+ ASSERT_COMPARE(tmp + 20, 10, bufB, 10);
success = 1;
break;
case 1:
/* Ask for buffered data in a single chunk, with commit */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 30, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 20, bufA + 80, 20 );
- ASSERT_COMPARE( tmp + 20, 10, bufB, 10 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 20, bufA + 80, 20);
+ ASSERT_COMPARE(tmp + 20, 10, bufB, 10);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
success = 1;
break;
case 2:
/* Ask for more than was requested when pausing, #1 */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 31, &tmp, NULL ) ==
- MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 31, &tmp, NULL) ==
+ MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS);
break;
case 3:
/* Ask for more than was requested when pausing #2 */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, (mbedtls_mps_size_t) -1, &tmp, NULL ) ==
- MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, (mbedtls_mps_size_t) -1, &tmp, NULL) ==
+ MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS);
break;
case 4:
/* Asking for buffered data in different
* chunks than before CAN fail. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 15, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 15, bufA + 80, 15 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 10, &tmp, NULL ) ==
- MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 15, bufA + 80, 15);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) ==
+ MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS);
break;
case 5:
/* Asking for buffered data different chunks
* than before NEED NOT fail - no commits */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 15, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 15, bufA + 80, 15 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 15, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 5, bufA + 95, 5 );
- ASSERT_COMPARE( tmp + 5, 10, bufB, 10 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 15, bufA + 80, 15);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 5, bufA + 95, 5);
+ ASSERT_COMPARE(tmp + 5, 10, bufB, 10);
success = 1;
break;
case 6:
/* Asking for buffered data different chunks
* than before NEED NOT fail - intermediate commit */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 15, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 15, bufA + 80, 15 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 15, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 5, bufA + 95, 5 );
- ASSERT_COMPARE( tmp + 5, 10, bufB, 10 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 15, bufA + 80, 15);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 5, bufA + 95, 5);
+ ASSERT_COMPARE(tmp + 5, 10, bufB, 10);
success = 1;
break;
case 7:
/* Asking for buffered data different chunks
* than before NEED NOT fail - end commit */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 15, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 15, bufA + 80, 15 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 15, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 5, bufA + 95, 5 );
- ASSERT_COMPARE( tmp + 5, 10, bufB, 10 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 15, bufA + 80, 15);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 5, bufA + 95, 5);
+ ASSERT_COMPARE(tmp + 5, 10, bufB, 10);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
success = 1;
break;
case 8:
/* Asking for buffered data different chunks
* than before NEED NOT fail - intermediate & end commit */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 15, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 15, bufA + 80, 15 );
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 15, &tmp, NULL ) == 0 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
- ASSERT_COMPARE( tmp, 5, bufA + 95, 5 );
- ASSERT_COMPARE( tmp + 5, 10, bufB, 10 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 15, bufA + 80, 15);
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
+ ASSERT_COMPARE(tmp, 5, bufA + 95, 5);
+ ASSERT_COMPARE(tmp + 5, 10, bufB, 10);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
success = 1;
break;
default:
- TEST_ASSERT( 0 );
+ TEST_ASSERT(0);
break;
}
- if( success == 1 )
- {
+ if (success == 1) {
/* In all succeeding cases, fetch the rest of the second buffer. */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 90, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 90, bufB + 10, 90 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 90, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 90, bufB + 10, 90);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
}
/* Wrapup */
- mbedtls_mps_reader_free( &rd );
+ mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -1124,25 +1116,26 @@
unsigned char buf[100];
unsigned char *tmp;
mbedtls_mps_reader rd;
- for( size_t i=0; (unsigned) i < sizeof( buf ); i++ )
+ for (size_t i = 0; (unsigned) i < sizeof(buf); i++) {
buf[i] = (unsigned char) i;
+ }
/* Preparation (lower layer) */
- mbedtls_mps_reader_init( &rd, NULL, 0 );
+ mbedtls_mps_reader_init(&rd, NULL, 0);
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, NULL, sizeof( buf ) ) ==
- MBEDTLS_ERR_MPS_READER_INVALID_ARG );
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, NULL, sizeof(buf)) ==
+ MBEDTLS_ERR_MPS_READER_INVALID_ARG);
/* Subsequent feed-calls should still succeed. */
- TEST_ASSERT( mbedtls_mps_reader_feed( &rd, buf, sizeof( buf ) ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0);
/* Consumption (upper layer) */
- TEST_ASSERT( mbedtls_mps_reader_get( &rd, 100, &tmp, NULL ) == 0 );
- ASSERT_COMPARE( tmp, 100, buf, 100 );
- TEST_ASSERT( mbedtls_mps_reader_commit( &rd ) == 0 );
+ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0);
+ ASSERT_COMPARE(tmp, 100, buf, 100);
+ TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup */
- TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) == 0 );
- mbedtls_mps_reader_free( &rd );
+ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+ mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_net.function b/tests/suites/test_suite_net.function
index 08d48b3..fa09f5a 100644
--- a/tests/suites/test_suite_net.function
+++ b/tests/suites/test_suite_net.function
@@ -30,19 +30,18 @@
*
* \return \c 0 on success, a negative error code on error.
*/
-static int open_file_on_fd( mbedtls_net_context *ctx, int wanted_fd )
+static int open_file_on_fd(mbedtls_net_context *ctx, int wanted_fd)
{
- int got_fd = open( "/dev/null", O_RDONLY );
- TEST_ASSERT( got_fd >= 0 );
- if( got_fd != wanted_fd )
- {
- TEST_ASSERT( dup2( got_fd, wanted_fd ) >= 0 );
- TEST_ASSERT( close( got_fd ) >= 0 );
+ int got_fd = open("/dev/null", O_RDONLY);
+ TEST_ASSERT(got_fd >= 0);
+ if (got_fd != wanted_fd) {
+ TEST_ASSERT(dup2(got_fd, wanted_fd) >= 0);
+ TEST_ASSERT(close(got_fd) >= 0);
}
ctx->fd = wanted_fd;
- return( 0 );
+ return 0;
exit:
- return( -1 );
+ return -1;
}
#endif /* MBEDTLS_PLATFORM_IS_UNIXLIKE */
@@ -54,16 +53,17 @@
*/
/* BEGIN_CASE */
-void context_init_free( int reinit )
+void context_init_free(int reinit)
{
mbedtls_net_context ctx;
- mbedtls_net_init( &ctx );
- mbedtls_net_free( &ctx );
+ mbedtls_net_init(&ctx);
+ mbedtls_net_free(&ctx);
- if( reinit )
- mbedtls_net_init( &ctx );
- mbedtls_net_free( &ctx );
+ if (reinit) {
+ mbedtls_net_init(&ctx);
+ }
+ mbedtls_net_free(&ctx);
/* This test case always succeeds, functionally speaking. A plausible
* bug might trigger an invalid pointer dereference or a memory leak. */
@@ -72,7 +72,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PLATFORM_IS_UNIXLIKE */
-void poll_beyond_fd_setsize( )
+void poll_beyond_fd_setsize()
{
/* Test that mbedtls_net_poll does not misbehave when given a file
* descriptor greater or equal to FD_SETSIZE. This code is specific to
@@ -85,7 +85,7 @@
mbedtls_net_context ctx;
uint8_t buf[1];
- mbedtls_net_init( &ctx );
+ mbedtls_net_init(&ctx);
/* On many systems, by default, the maximum permitted file descriptor
* number is less than FD_SETSIZE. If so, raise the limit if
@@ -99,17 +99,16 @@
* might do); but we don't do such things in our test code, so the unit
* test will run if it can.
*/
- TEST_ASSERT( getrlimit( RLIMIT_NOFILE, &rlim_nofile ) == 0 );
- if( rlim_nofile.rlim_cur < FD_SETSIZE + 1 )
- {
+ TEST_ASSERT(getrlimit(RLIMIT_NOFILE, &rlim_nofile) == 0);
+ if (rlim_nofile.rlim_cur < FD_SETSIZE + 1) {
rlim_t old_rlim_cur = rlim_nofile.rlim_cur;
rlim_nofile.rlim_cur = FD_SETSIZE + 1;
- TEST_ASSUME( setrlimit( RLIMIT_NOFILE, &rlim_nofile ) == 0 );
+ TEST_ASSUME(setrlimit(RLIMIT_NOFILE, &rlim_nofile) == 0);
rlim_nofile.rlim_cur = old_rlim_cur;
restore_rlim_nofile = 1;
}
- TEST_ASSERT( open_file_on_fd( &ctx, FD_SETSIZE ) == 0 );
+ TEST_ASSERT(open_file_on_fd(&ctx, FD_SETSIZE) == 0);
/* In principle, mbedtls_net_poll() with valid arguments should succeed.
* However, we know that on Unix-like platforms (and others), this function
@@ -122,16 +121,17 @@
* is problematic on the particular platform where the code is running,
* a memory sanitizer such as UBSan should catch it.
*/
- ret = mbedtls_net_poll( &ctx, MBEDTLS_NET_POLL_READ, 0 );
- TEST_EQUAL( ret, MBEDTLS_ERR_NET_POLL_FAILED );
+ ret = mbedtls_net_poll(&ctx, MBEDTLS_NET_POLL_READ, 0);
+ TEST_EQUAL(ret, MBEDTLS_ERR_NET_POLL_FAILED);
/* mbedtls_net_recv_timeout() uses select() and fd_set in the same way. */
- ret = mbedtls_net_recv_timeout( &ctx, buf, sizeof( buf ), 0 );
- TEST_EQUAL( ret, MBEDTLS_ERR_NET_POLL_FAILED );
+ ret = mbedtls_net_recv_timeout(&ctx, buf, sizeof(buf), 0);
+ TEST_EQUAL(ret, MBEDTLS_ERR_NET_POLL_FAILED);
exit:
- mbedtls_net_free( &ctx );
- if( restore_rlim_nofile )
- setrlimit( RLIMIT_NOFILE, &rlim_nofile );
+ mbedtls_net_free(&ctx);
+ if (restore_rlim_nofile) {
+ setrlimit(RLIMIT_NOFILE, &rlim_nofile);
+ }
}
/* END_CASE */
diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function
index 6a81052..f2b7944 100644
--- a/tests/suites/test_suite_nist_kw.function
+++ b/tests/suites/test_suite_nist_kw.function
@@ -8,14 +8,14 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */
-void mbedtls_nist_kw_self_test( )
+void mbedtls_nist_kw_self_test()
{
- TEST_ASSERT( mbedtls_nist_kw_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_nist_kw_self_test(1) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
-void mbedtls_nist_kw_mix_contexts( )
+void mbedtls_nist_kw_mix_contexts()
{
mbedtls_nist_kw_context ctx1, ctx2;
unsigned char key[16];
@@ -24,129 +24,126 @@
unsigned char ciphertext2[40];
size_t output_len, i;
- memset( plaintext, 0, sizeof( plaintext ) );
- memset( ciphertext1, 0, sizeof( ciphertext1 ) );
- memset( ciphertext2, 0, sizeof( ciphertext2 ) );
- memset( key, 0, sizeof( key ) );
+ memset(plaintext, 0, sizeof(plaintext));
+ memset(ciphertext1, 0, sizeof(ciphertext1));
+ memset(ciphertext2, 0, sizeof(ciphertext2));
+ memset(key, 0, sizeof(key));
/*
* 1. Check wrap and unwrap with two separate contexts
*/
- mbedtls_nist_kw_init( &ctx1 );
- mbedtls_nist_kw_init( &ctx2 );
+ mbedtls_nist_kw_init(&ctx1);
+ mbedtls_nist_kw_init(&ctx2);
- TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx1,
- MBEDTLS_CIPHER_ID_AES,
- key, sizeof( key ) * 8,
- 1 ) == 0 );
+ TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx1,
+ MBEDTLS_CIPHER_ID_AES,
+ key, sizeof(key) * 8,
+ 1) == 0);
- TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx1, MBEDTLS_KW_MODE_KW,
- plaintext, sizeof( plaintext ),
- ciphertext1, &output_len,
- sizeof( ciphertext1 ) ) == 0 );
- TEST_ASSERT( output_len == sizeof( ciphertext1 ) );
+ TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx1, MBEDTLS_KW_MODE_KW,
+ plaintext, sizeof(plaintext),
+ ciphertext1, &output_len,
+ sizeof(ciphertext1)) == 0);
+ TEST_ASSERT(output_len == sizeof(ciphertext1));
- TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx2,
- MBEDTLS_CIPHER_ID_AES,
- key, sizeof( key ) * 8,
- 0 ) == 0 );
+ TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx2,
+ MBEDTLS_CIPHER_ID_AES,
+ key, sizeof(key) * 8,
+ 0) == 0);
- TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx2, MBEDTLS_KW_MODE_KW,
- ciphertext1, output_len,
- plaintext, &output_len,
- sizeof( plaintext ) ) == 0 );
+ TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx2, MBEDTLS_KW_MODE_KW,
+ ciphertext1, output_len,
+ plaintext, &output_len,
+ sizeof(plaintext)) == 0);
- TEST_ASSERT( output_len == sizeof( plaintext ) );
- for( i = 0; i < sizeof( plaintext ); i++ )
- {
- TEST_ASSERT( plaintext[i] == 0 );
+ TEST_ASSERT(output_len == sizeof(plaintext));
+ for (i = 0; i < sizeof(plaintext); i++) {
+ TEST_ASSERT(plaintext[i] == 0);
}
- mbedtls_nist_kw_free( &ctx1 );
- mbedtls_nist_kw_free( &ctx2 );
+ mbedtls_nist_kw_free(&ctx1);
+ mbedtls_nist_kw_free(&ctx2);
/*
* 2. Check wrapping with two modes, on same context
*/
- mbedtls_nist_kw_init( &ctx1 );
- mbedtls_nist_kw_init( &ctx2 );
- output_len = sizeof( ciphertext1 );
+ mbedtls_nist_kw_init(&ctx1);
+ mbedtls_nist_kw_init(&ctx2);
+ output_len = sizeof(ciphertext1);
- TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx1,
- MBEDTLS_CIPHER_ID_AES,
- key, sizeof( key ) * 8,
- 1 ) == 0 );
+ TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx1,
+ MBEDTLS_CIPHER_ID_AES,
+ key, sizeof(key) * 8,
+ 1) == 0);
- TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx1, MBEDTLS_KW_MODE_KW,
- plaintext, sizeof( plaintext ),
- ciphertext1, &output_len,
- sizeof( ciphertext1 ) ) == 0 );
- TEST_ASSERT( output_len == sizeof( ciphertext1 ) );
+ TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx1, MBEDTLS_KW_MODE_KW,
+ plaintext, sizeof(plaintext),
+ ciphertext1, &output_len,
+ sizeof(ciphertext1)) == 0);
+ TEST_ASSERT(output_len == sizeof(ciphertext1));
- TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx1, MBEDTLS_KW_MODE_KWP,
- plaintext, sizeof( plaintext ),
- ciphertext2, &output_len,
- sizeof( ciphertext2 ) ) == 0 );
+ TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx1, MBEDTLS_KW_MODE_KWP,
+ plaintext, sizeof(plaintext),
+ ciphertext2, &output_len,
+ sizeof(ciphertext2)) == 0);
- TEST_ASSERT( output_len == sizeof( ciphertext2 ) );
+ TEST_ASSERT(output_len == sizeof(ciphertext2));
- TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx2,
- MBEDTLS_CIPHER_ID_AES,
- key, sizeof( key ) * 8,
- 0 ) == 0 );
+ TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx2,
+ MBEDTLS_CIPHER_ID_AES,
+ key, sizeof(key) * 8,
+ 0) == 0);
- TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx2, MBEDTLS_KW_MODE_KW,
- ciphertext1, sizeof( ciphertext1 ),
- plaintext, &output_len,
- sizeof( plaintext ) ) == 0 );
+ TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx2, MBEDTLS_KW_MODE_KW,
+ ciphertext1, sizeof(ciphertext1),
+ plaintext, &output_len,
+ sizeof(plaintext)) == 0);
- TEST_ASSERT( output_len == sizeof( plaintext ) );
+ TEST_ASSERT(output_len == sizeof(plaintext));
- for( i = 0; i < sizeof( plaintext ); i++ )
- {
- TEST_ASSERT( plaintext[i] == 0 );
+ for (i = 0; i < sizeof(plaintext); i++) {
+ TEST_ASSERT(plaintext[i] == 0);
}
- TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx2, MBEDTLS_KW_MODE_KWP,
- ciphertext2, sizeof( ciphertext2 ),
- plaintext, &output_len,
- sizeof( plaintext ) ) == 0 );
+ TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx2, MBEDTLS_KW_MODE_KWP,
+ ciphertext2, sizeof(ciphertext2),
+ plaintext, &output_len,
+ sizeof(plaintext)) == 0);
- TEST_ASSERT( output_len == sizeof( plaintext ) );
+ TEST_ASSERT(output_len == sizeof(plaintext));
- for( i = 0; i < sizeof( plaintext ); i++ )
- {
- TEST_ASSERT( plaintext[i] == 0 );
+ for (i = 0; i < sizeof(plaintext); i++) {
+ TEST_ASSERT(plaintext[i] == 0);
}
exit:
- mbedtls_nist_kw_free( &ctx1 );
- mbedtls_nist_kw_free( &ctx2 );
+ mbedtls_nist_kw_free(&ctx1);
+ mbedtls_nist_kw_free(&ctx2);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_nist_kw_setkey( int cipher_id, int key_size,
- int is_wrap, int result )
+void mbedtls_nist_kw_setkey(int cipher_id, int key_size,
+ int is_wrap, int result)
{
mbedtls_nist_kw_context ctx;
unsigned char key[32];
int ret;
- mbedtls_nist_kw_init( &ctx );
+ mbedtls_nist_kw_init(&ctx);
- memset( key, 0x2A, sizeof( key ) );
- TEST_ASSERT( (unsigned) key_size <= 8 * sizeof( key ) );
+ memset(key, 0x2A, sizeof(key));
+ TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key));
- ret = mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_size, is_wrap );
- TEST_ASSERT( ret == result );
+ ret = mbedtls_nist_kw_setkey(&ctx, cipher_id, key, key_size, is_wrap);
+ TEST_ASSERT(ret == result);
exit:
- mbedtls_nist_kw_free( &ctx );
+ mbedtls_nist_kw_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
-void nist_kw_plaintext_lengths( int in_len, int out_len, int mode, int res )
+void nist_kw_plaintext_lengths(int in_len, int out_len, int mode, int res)
{
mbedtls_nist_kw_context ctx;
unsigned char key[16];
@@ -154,50 +151,46 @@
unsigned char *ciphertext = NULL;
size_t output_len = out_len;
- mbedtls_nist_kw_init( &ctx );
+ mbedtls_nist_kw_init(&ctx);
- memset( key, 0, sizeof( key ) );
+ memset(key, 0, sizeof(key));
- if( in_len != 0 )
- {
- plaintext = mbedtls_calloc( 1, in_len );
- TEST_ASSERT( plaintext != NULL );
+ if (in_len != 0) {
+ plaintext = mbedtls_calloc(1, in_len);
+ TEST_ASSERT(plaintext != NULL);
}
- if( out_len != 0 )
- {
- ciphertext = mbedtls_calloc( 1, output_len );
- TEST_ASSERT( ciphertext != NULL );
+ if (out_len != 0) {
+ ciphertext = mbedtls_calloc(1, output_len);
+ TEST_ASSERT(ciphertext != NULL);
}
- TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
- key, 8 * sizeof( key ), 1 ) == 0 );
+ TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
+ key, 8 * sizeof(key), 1) == 0);
- TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx, mode, plaintext, in_len,
- ciphertext, &output_len,
- output_len ) == res );
- if( res == 0 )
- {
- if( mode == MBEDTLS_KW_MODE_KWP )
- TEST_ASSERT( output_len == (size_t) in_len + 8 -
- ( in_len % 8 ) + 8 );
- else
- TEST_ASSERT( output_len == (size_t) in_len + 8 );
- }
- else
- {
- TEST_ASSERT( output_len == 0 );
+ TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx, mode, plaintext, in_len,
+ ciphertext, &output_len,
+ output_len) == res);
+ if (res == 0) {
+ if (mode == MBEDTLS_KW_MODE_KWP) {
+ TEST_ASSERT(output_len == (size_t) in_len + 8 -
+ (in_len % 8) + 8);
+ } else {
+ TEST_ASSERT(output_len == (size_t) in_len + 8);
+ }
+ } else {
+ TEST_ASSERT(output_len == 0);
}
exit:
- mbedtls_free( ciphertext );
- mbedtls_free( plaintext );
- mbedtls_nist_kw_free( &ctx );
+ mbedtls_free(ciphertext);
+ mbedtls_free(plaintext);
+ mbedtls_nist_kw_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
-void nist_kw_ciphertext_lengths( int in_len, int out_len, int mode, int res )
+void nist_kw_ciphertext_lengths(int in_len, int out_len, int mode, int res)
{
mbedtls_nist_kw_context ctx;
unsigned char key[16];
@@ -206,111 +199,105 @@
int unwrap_ret;
size_t output_len = out_len;
- mbedtls_nist_kw_init( &ctx );
+ mbedtls_nist_kw_init(&ctx);
- memset( key, 0, sizeof( key ) );
+ memset(key, 0, sizeof(key));
- if( out_len != 0 )
- {
- plaintext = mbedtls_calloc( 1, output_len );
- TEST_ASSERT( plaintext != NULL );
+ if (out_len != 0) {
+ plaintext = mbedtls_calloc(1, output_len);
+ TEST_ASSERT(plaintext != NULL);
}
- if( in_len != 0 )
- {
- ciphertext = mbedtls_calloc( 1, in_len );
- TEST_ASSERT( ciphertext != NULL );
+ if (in_len != 0) {
+ ciphertext = mbedtls_calloc(1, in_len);
+ TEST_ASSERT(ciphertext != NULL);
}
- TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
- key, 8 * sizeof( key ), 0 ) == 0 );
- unwrap_ret = mbedtls_nist_kw_unwrap( &ctx, mode, ciphertext, in_len,
- plaintext, &output_len,
- output_len );
+ TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
+ key, 8 * sizeof(key), 0) == 0);
+ unwrap_ret = mbedtls_nist_kw_unwrap(&ctx, mode, ciphertext, in_len,
+ plaintext, &output_len,
+ output_len);
- if( res == 0 )
- TEST_ASSERT( unwrap_ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED );
- else
- TEST_ASSERT( unwrap_ret == res );
+ if (res == 0) {
+ TEST_ASSERT(unwrap_ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED);
+ } else {
+ TEST_ASSERT(unwrap_ret == res);
+ }
- TEST_ASSERT( output_len == 0 );
+ TEST_ASSERT(output_len == 0);
exit:
- mbedtls_free( ciphertext );
- mbedtls_free( plaintext );
- mbedtls_nist_kw_free( &ctx );
+ mbedtls_free(ciphertext);
+ mbedtls_free(plaintext);
+ mbedtls_nist_kw_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_nist_kw_wrap( int cipher_id, int mode, data_t *key, data_t *msg,
- data_t *expected_result )
+void mbedtls_nist_kw_wrap(int cipher_id, int mode, data_t *key, data_t *msg,
+ data_t *expected_result)
{
unsigned char result[528];
mbedtls_nist_kw_context ctx;
size_t result_len, i, padlen;
- mbedtls_nist_kw_init( &ctx );
+ mbedtls_nist_kw_init(&ctx);
- memset( result, '+', sizeof( result ) );
+ memset(result, '+', sizeof(result));
- TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id,
- key->x, key->len * 8, 1 ) == 0 );
+ TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, cipher_id,
+ key->x, key->len * 8, 1) == 0);
/* Test with input == output */
- TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx, mode, msg->x, msg->len,
- result, &result_len, sizeof( result ) ) == 0 );
+ TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx, mode, msg->x, msg->len,
+ result, &result_len, sizeof(result)) == 0);
- TEST_ASSERT( result_len == expected_result->len );
+ TEST_ASSERT(result_len == expected_result->len);
- TEST_ASSERT( memcmp( expected_result->x, result, result_len ) == 0 );
+ TEST_ASSERT(memcmp(expected_result->x, result, result_len) == 0);
- padlen = ( msg->len % 8 != 0 ) ? 8 - (msg->len % 8 ) : 0;
+ padlen = (msg->len % 8 != 0) ? 8 - (msg->len % 8) : 0;
/* Check that the function didn't write beyond the end of the buffer. */
- for( i = msg->len + 8 + padlen; i < sizeof( result ); i++ )
- {
- TEST_ASSERT( result[i] == '+' );
+ for (i = msg->len + 8 + padlen; i < sizeof(result); i++) {
+ TEST_ASSERT(result[i] == '+');
}
exit:
- mbedtls_nist_kw_free( &ctx );
+ mbedtls_nist_kw_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_nist_kw_unwrap( int cipher_id, int mode, data_t *key, data_t *msg,
- data_t *expected_result, int expected_ret )
+void mbedtls_nist_kw_unwrap(int cipher_id, int mode, data_t *key, data_t *msg,
+ data_t *expected_result, int expected_ret)
{
unsigned char result[528];
mbedtls_nist_kw_context ctx;
size_t result_len, i;
- mbedtls_nist_kw_init( &ctx );
+ mbedtls_nist_kw_init(&ctx);
- memset( result, '+', sizeof( result ) );
+ memset(result, '+', sizeof(result));
- TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id,
- key->x, key->len * 8, 0 ) == 0 );
+ TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, cipher_id,
+ key->x, key->len * 8, 0) == 0);
/* Test with input == output */
- TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx, mode, msg->x, msg->len,
- result, &result_len, sizeof( result ) ) == expected_ret );
- if( expected_ret == 0 )
- {
- TEST_ASSERT( result_len == expected_result->len );
- TEST_ASSERT( memcmp( expected_result->x, result, result_len ) == 0 );
- }
- else
- {
- TEST_ASSERT( result_len == 0 );
+ TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx, mode, msg->x, msg->len,
+ result, &result_len, sizeof(result)) == expected_ret);
+ if (expected_ret == 0) {
+ TEST_ASSERT(result_len == expected_result->len);
+ TEST_ASSERT(memcmp(expected_result->x, result, result_len) == 0);
+ } else {
+ TEST_ASSERT(result_len == 0);
}
/* Check that the function didn't write beyond the end of the buffer. */
- for( i = msg->len - 8; i < sizeof( result ); i++ )
- {
- TEST_ASSERT( result[i] == '+' );
+ for (i = msg->len - 8; i < sizeof(result); i++) {
+ TEST_ASSERT(result[i] == '+');
}
exit:
- mbedtls_nist_kw_free( &ctx );
+ mbedtls_nist_kw_free(&ctx);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function
index 9e8d437..fac5ed4 100644
--- a/tests/suites/test_suite_oid.function
+++ b/tests/suites/test_suite_oid.function
@@ -11,7 +11,7 @@
*/
/* BEGIN_CASE */
-void oid_get_certificate_policies( data_t *oid, char *result_str )
+void oid_get_certificate_policies(data_t *oid, char *result_str)
{
mbedtls_asn1_buf asn1_buf = { 0, 0, NULL };
int ret;
@@ -21,21 +21,18 @@
asn1_buf.p = oid->x;
asn1_buf.len = oid->len;
- ret = mbedtls_oid_get_certificate_policies( &asn1_buf, &desc );
- if( strlen( result_str ) == 0 )
- {
- TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND );
- }
- else
- {
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( strcmp( ( char* )desc, result_str ) == 0 );
+ ret = mbedtls_oid_get_certificate_policies(&asn1_buf, &desc);
+ if (strlen(result_str) == 0) {
+ TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
+ } else {
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(strcmp((char *) desc, result_str) == 0);
}
}
/* END_CASE */
/* BEGIN_CASE */
-void oid_get_extended_key_usage( data_t *oid, char *result_str )
+void oid_get_extended_key_usage(data_t *oid, char *result_str)
{
mbedtls_asn1_buf asn1_buf = { 0, 0, NULL };
int ret;
@@ -45,21 +42,18 @@
asn1_buf.p = oid->x;
asn1_buf.len = oid->len;
- ret = mbedtls_oid_get_extended_key_usage( &asn1_buf, &desc );
- if( strlen( result_str ) == 0 )
- {
- TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND );
- }
- else
- {
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( strcmp( ( char * )desc, result_str ) == 0 );
+ ret = mbedtls_oid_get_extended_key_usage(&asn1_buf, &desc);
+ if (strlen(result_str) == 0) {
+ TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
+ } else {
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(strcmp((char *) desc, result_str) == 0);
}
}
/* END_CASE */
/* BEGIN_CASE */
-void oid_get_x509_extension( data_t *oid, int exp_type )
+void oid_get_x509_extension(data_t *oid, int exp_type)
{
mbedtls_asn1_buf ext_oid = { 0, 0, NULL };
int ret;
@@ -69,21 +63,18 @@
ext_oid.p = oid->x;
ext_oid.len = oid->len;
- ret = mbedtls_oid_get_x509_ext_type( &ext_oid, &ext_type );
- if( exp_type == 0 )
- {
- TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND );
- }
- else
- {
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( ext_type == exp_type );
+ ret = mbedtls_oid_get_x509_ext_type(&ext_oid, &ext_type);
+ if (exp_type == 0) {
+ TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
+ } else {
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(ext_type == exp_type);
}
}
/* END_CASE */
/* BEGIN_CASE */
-void oid_get_md_alg_id( data_t *oid, int exp_md_id )
+void oid_get_md_alg_id(data_t *oid, int exp_md_id)
{
mbedtls_asn1_buf md_oid = { 0, 0, NULL };
int ret;
@@ -93,17 +84,14 @@
md_oid.p = oid->x;
md_oid.len = oid->len;
- ret = mbedtls_oid_get_md_alg( &md_oid, &md_id );
+ ret = mbedtls_oid_get_md_alg(&md_oid, &md_id);
- if( exp_md_id < 0 )
- {
- TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND );
- TEST_ASSERT( md_id == 0);
- }
- else
- {
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( (mbedtls_md_type_t)exp_md_id == md_id );
+ if (exp_md_id < 0) {
+ TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
+ TEST_ASSERT(md_id == 0);
+ } else {
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT((mbedtls_md_type_t) exp_md_id == md_id);
}
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function
index 947f1fb..8aac3cf 100644
--- a/tests/suites/test_suite_pem.function
+++ b/tests/suites/test_suite_pem.function
@@ -6,48 +6,48 @@
/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
-void mbedtls_pem_write_buffer( char * start, char * end, data_t * buf,
- char * result_str )
+void mbedtls_pem_write_buffer(char *start, char *end, data_t *buf,
+ char *result_str)
{
unsigned char *check_buf = NULL;
int ret;
size_t olen = 0, olen2 = 0;
- ret = mbedtls_pem_write_buffer( start, end, buf->x, buf->len, NULL, 0, &olen );
- TEST_ASSERT( ret == MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+ ret = mbedtls_pem_write_buffer(start, end, buf->x, buf->len, NULL, 0, &olen);
+ TEST_ASSERT(ret == MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL);
- check_buf = (unsigned char *) mbedtls_calloc( 1, olen );
- TEST_ASSERT( check_buf != NULL );
+ check_buf = (unsigned char *) mbedtls_calloc(1, olen);
+ TEST_ASSERT(check_buf != NULL);
- ret = mbedtls_pem_write_buffer( start, end, buf->x, buf->len, check_buf, olen, &olen2 );
+ ret = mbedtls_pem_write_buffer(start, end, buf->x, buf->len, check_buf, olen, &olen2);
- TEST_ASSERT( olen2 <= olen );
- TEST_ASSERT( olen > strlen( (char*) result_str ) );
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( strncmp( (char *) check_buf, (char *) result_str, olen ) == 0 );
+ TEST_ASSERT(olen2 <= olen);
+ TEST_ASSERT(olen > strlen((char *) result_str));
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(strncmp((char *) check_buf, (char *) result_str, olen) == 0);
exit:
- mbedtls_free( check_buf );
+ mbedtls_free(check_buf);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_AES_C:MBEDTLS_DES_C:MBEDTLS_MD5_C:MBEDTLS_CIPHER_MODE_CBC */
-void mbedtls_pem_read_buffer( char *header, char *footer, char *data,
- char *pwd, int res )
+void mbedtls_pem_read_buffer(char *header, char *footer, char *data,
+ char *pwd, int res)
{
mbedtls_pem_context ctx;
int ret;
size_t use_len = 0;
- size_t pwd_len = strlen( pwd );
+ size_t pwd_len = strlen(pwd);
- mbedtls_pem_init( &ctx );
+ mbedtls_pem_init(&ctx);
- ret = mbedtls_pem_read_buffer( &ctx, header, footer, (unsigned char *)data,
- (unsigned char *)pwd, pwd_len, &use_len );
- TEST_ASSERT( ret == res );
+ ret = mbedtls_pem_read_buffer(&ctx, header, footer, (unsigned char *) data,
+ (unsigned char *) pwd, pwd_len, &use_len);
+ TEST_ASSERT(ret == res);
exit:
- mbedtls_pem_free( &ctx );
+ mbedtls_pem_free(&ctx);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 9cb90aa..57e95f0 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -29,59 +29,60 @@
* generation function.
* \return -1 if the key type is not recognized.
*/
-static int pk_genkey( mbedtls_pk_context *pk, int parameter )
+static int pk_genkey(mbedtls_pk_context *pk, int parameter)
{
((void) pk);
(void) parameter;
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
- if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA )
- return mbedtls_rsa_gen_key( mbedtls_pk_rsa( *pk ),
- mbedtls_test_rnd_std_rand, NULL,
- parameter, 3 );
-#endif
-#if defined(MBEDTLS_ECP_C)
- if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY ||
- mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY_DH ||
- mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECDSA )
- {
- int ret;
- if( ( ret = mbedtls_ecp_group_load( &mbedtls_pk_ec( *pk )->grp,
- parameter ) ) != 0 )
- return( ret );
-
- return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp,
- &mbedtls_pk_ec( *pk )->d,
- &mbedtls_pk_ec( *pk )->Q,
- mbedtls_test_rnd_std_rand, NULL );
+ if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) {
+ return mbedtls_rsa_gen_key(mbedtls_pk_rsa(*pk),
+ mbedtls_test_rnd_std_rand, NULL,
+ parameter, 3);
}
#endif
- return( -1 );
+#if defined(MBEDTLS_ECP_C)
+ if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY ||
+ mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH ||
+ mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) {
+ int ret;
+ if ((ret = mbedtls_ecp_group_load(&mbedtls_pk_ec(*pk)->grp,
+ parameter)) != 0) {
+ return ret;
+ }
+
+ return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec(*pk)->grp,
+ &mbedtls_pk_ec(*pk)->d,
+ &mbedtls_pk_ec(*pk)->Q,
+ mbedtls_test_rnd_std_rand, NULL);
+ }
+#endif
+ return -1;
}
#if defined(MBEDTLS_RSA_C)
-int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
- const unsigned char *input, unsigned char *output,
- size_t output_max_len )
+int mbedtls_rsa_decrypt_func(void *ctx, int mode, size_t *olen,
+ const unsigned char *input, unsigned char *output,
+ size_t output_max_len)
{
- return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx,
- mbedtls_test_rnd_std_rand, NULL, mode,
- olen, input, output, output_max_len ) );
+ return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx,
+ mbedtls_test_rnd_std_rand, NULL, mode,
+ olen, input, output, output_max_len);
}
-int mbedtls_rsa_sign_func( void *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
- const unsigned char *hash, unsigned char *sig )
+int mbedtls_rsa_sign_func(void *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
+ const unsigned char *hash, unsigned char *sig)
{
((void) f_rng);
((void) p_rng);
- return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx,
- mbedtls_test_rnd_std_rand, NULL, mode,
- md_alg, hashlen, hash, sig ) );
+ return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx,
+ mbedtls_test_rnd_std_rand, NULL, mode,
+ md_alg, hashlen, hash, sig);
}
-size_t mbedtls_rsa_key_len_func( void *ctx )
+size_t mbedtls_rsa_key_len_func(void *ctx)
{
- return( ((const mbedtls_rsa_context *) ctx)->len );
+ return ((const mbedtls_rsa_context *) ctx)->len;
}
#endif /* MBEDTLS_RSA_C */
@@ -92,22 +93,22 @@
* or 0 if the key generation failed.
* The key uses NIST P-256 and is usable for signing with SHA-256.
*/
-mbedtls_svc_key_id_t pk_psa_genkey( void )
+mbedtls_svc_key_id_t pk_psa_genkey(void)
{
mbedtls_svc_key_id_t key;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const psa_key_type_t type =
- PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 );
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1);
const size_t bits = 256;
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
- psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256) );
- psa_set_key_type( &attributes, type );
- psa_set_key_bits( &attributes, bits );
- PSA_ASSERT( psa_generate_key( &attributes, &key ) );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
+ psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
+ psa_set_key_type(&attributes, type);
+ psa_set_key_bits(&attributes, bits);
+ PSA_ASSERT(psa_generate_key(&attributes, &key));
exit:
- return( key );
+ return key;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* END_HEADER */
@@ -118,7 +119,7 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-void pk_psa_utils( )
+void pk_psa_utils()
{
mbedtls_pk_context pk, pk2;
mbedtls_svc_key_id_t key;
@@ -132,205 +133,206 @@
size_t len;
mbedtls_pk_debug_item dbg;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- mbedtls_pk_init( &pk );
- mbedtls_pk_init( &pk2 );
+ mbedtls_pk_init(&pk);
+ mbedtls_pk_init(&pk2);
- TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
+ TEST_ASSERT(psa_crypto_init() == PSA_SUCCESS);
- TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, MBEDTLS_SVC_KEY_ID_INIT ) ==
- MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_pk_setup_opaque(&pk, MBEDTLS_SVC_KEY_ID_INIT) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA);
- mbedtls_pk_free( &pk );
- mbedtls_pk_init( &pk );
+ mbedtls_pk_free(&pk);
+ mbedtls_pk_init(&pk);
key = pk_psa_genkey();
- if( mbedtls_svc_key_id_is_null( key ) )
+ if (mbedtls_svc_key_id_is_null(key)) {
goto exit;
+ }
- TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 );
+ TEST_ASSERT(mbedtls_pk_setup_opaque(&pk, key) == 0);
- TEST_ASSERT( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_OPAQUE );
- TEST_ASSERT( strcmp( mbedtls_pk_get_name( &pk), name ) == 0 );
+ TEST_ASSERT(mbedtls_pk_get_type(&pk) == MBEDTLS_PK_OPAQUE);
+ TEST_ASSERT(strcmp(mbedtls_pk_get_name(&pk), name) == 0);
- TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == bitlen );
- TEST_ASSERT( mbedtls_pk_get_len( &pk ) == bitlen / 8 );
+ TEST_ASSERT(mbedtls_pk_get_bitlen(&pk) == bitlen);
+ TEST_ASSERT(mbedtls_pk_get_len(&pk) == bitlen / 8);
- TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 );
- TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 );
- TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 );
+ TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECKEY) == 1);
+ TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA) == 1);
+ TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA) == 0);
/* unsupported operations: verify, decrypt, encrypt */
- TEST_ASSERT( mbedtls_pk_verify( &pk, md_alg,
- b1, sizeof( b1), b2, sizeof( b2 ) )
- == MBEDTLS_ERR_PK_TYPE_MISMATCH );
- TEST_ASSERT( mbedtls_pk_decrypt( &pk, b1, sizeof( b1 ),
- b2, &len, sizeof( b2 ),
- NULL, NULL )
- == MBEDTLS_ERR_PK_TYPE_MISMATCH );
- TEST_ASSERT( mbedtls_pk_encrypt( &pk, b1, sizeof( b1 ),
- b2, &len, sizeof( b2 ),
- NULL, NULL )
- == MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ TEST_ASSERT(mbedtls_pk_verify(&pk, md_alg,
+ b1, sizeof(b1), b2, sizeof(b2))
+ == MBEDTLS_ERR_PK_TYPE_MISMATCH);
+ TEST_ASSERT(mbedtls_pk_decrypt(&pk, b1, sizeof(b1),
+ b2, &len, sizeof(b2),
+ NULL, NULL)
+ == MBEDTLS_ERR_PK_TYPE_MISMATCH);
+ TEST_ASSERT(mbedtls_pk_encrypt(&pk, b1, sizeof(b1),
+ b2, &len, sizeof(b2),
+ NULL, NULL)
+ == MBEDTLS_ERR_PK_TYPE_MISMATCH);
/* unsupported functions: check_pair, debug */
- TEST_ASSERT( mbedtls_pk_setup( &pk2,
- mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
- TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2 )
- == MBEDTLS_ERR_PK_TYPE_MISMATCH );
- TEST_ASSERT( mbedtls_pk_debug( &pk, &dbg )
- == MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ TEST_ASSERT(mbedtls_pk_setup(&pk2,
+ mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0);
+ TEST_ASSERT(mbedtls_pk_check_pair(&pk, &pk2)
+ == MBEDTLS_ERR_PK_TYPE_MISMATCH);
+ TEST_ASSERT(mbedtls_pk_debug(&pk, &dbg)
+ == MBEDTLS_ERR_PK_TYPE_MISMATCH);
/* test that freeing the context does not destroy the key */
- mbedtls_pk_free( &pk );
- TEST_ASSERT( PSA_SUCCESS == psa_get_key_attributes( key, &attributes ) );
- TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key ) );
+ mbedtls_pk_free(&pk);
+ TEST_ASSERT(PSA_SUCCESS == psa_get_key_attributes(key, &attributes));
+ TEST_ASSERT(PSA_SUCCESS == psa_destroy_key(key));
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- mbedtls_pk_free( &pk ); /* redundant except upon error */
- mbedtls_pk_free( &pk2 );
- USE_PSA_DONE( );
+ mbedtls_pk_free(&pk); /* redundant except upon error */
+ mbedtls_pk_free(&pk2);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void valid_parameters( )
+void valid_parameters()
{
mbedtls_pk_context pk;
unsigned char buf[1];
size_t len;
void *options = NULL;
- mbedtls_pk_init( &pk );
+ mbedtls_pk_init(&pk);
- TEST_VALID_PARAM( mbedtls_pk_free( NULL ) );
+ TEST_VALID_PARAM(mbedtls_pk_free(NULL));
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_VALID_PARAM( mbedtls_pk_restart_free( NULL ) );
+ TEST_VALID_PARAM(mbedtls_pk_restart_free(NULL));
#endif
- TEST_ASSERT( mbedtls_pk_setup( &pk, NULL ) ==
- MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_pk_setup(&pk, NULL) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA);
/* In informational functions, we accept NULL where a context pointer
* is expected because that's what the library has done forever.
* We do not document that NULL is accepted, so we may wish to change
* the behavior in a future version. */
- TEST_ASSERT( mbedtls_pk_get_bitlen( NULL ) == 0 );
- TEST_ASSERT( mbedtls_pk_get_len( NULL ) == 0 );
- TEST_ASSERT( mbedtls_pk_can_do( NULL, MBEDTLS_PK_NONE ) == 0 );
+ TEST_ASSERT(mbedtls_pk_get_bitlen(NULL) == 0);
+ TEST_ASSERT(mbedtls_pk_get_len(NULL) == 0);
+ TEST_ASSERT(mbedtls_pk_can_do(NULL, MBEDTLS_PK_NONE) == 0);
- TEST_ASSERT( mbedtls_pk_sign_restartable( &pk,
+ TEST_ASSERT(mbedtls_pk_sign_restartable(&pk,
+ MBEDTLS_MD_NONE,
+ NULL, 0,
+ buf, &len,
+ mbedtls_test_rnd_std_rand, NULL,
+ NULL) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA);
+
+ TEST_ASSERT(mbedtls_pk_sign_restartable(&pk,
+ MBEDTLS_MD_NONE,
+ NULL, 0,
+ buf, &len,
+ mbedtls_test_rnd_std_rand, NULL,
+ NULL) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA);
+
+ TEST_ASSERT(mbedtls_pk_sign(&pk,
+ MBEDTLS_MD_NONE,
+ NULL, 0,
+ buf, &len,
+ mbedtls_test_rnd_std_rand, NULL) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA);
+
+ TEST_ASSERT(mbedtls_pk_verify_restartable(&pk,
MBEDTLS_MD_NONE,
NULL, 0,
- buf, &len,
- mbedtls_test_rnd_std_rand, NULL,
- NULL ) ==
- MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ buf, sizeof(buf),
+ NULL) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_pk_sign_restartable( &pk,
- MBEDTLS_MD_NONE,
- NULL, 0,
- buf, &len,
- mbedtls_test_rnd_std_rand, NULL,
- NULL ) ==
- MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
- TEST_ASSERT( mbedtls_pk_sign( &pk,
+ TEST_ASSERT(mbedtls_pk_verify(&pk,
MBEDTLS_MD_NONE,
NULL, 0,
- buf, &len,
- mbedtls_test_rnd_std_rand, NULL ) ==
- MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ buf, sizeof(buf)) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_pk_verify_restartable( &pk,
- MBEDTLS_MD_NONE,
- NULL, 0,
- buf, sizeof( buf ),
- NULL ) ==
- MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_pk_verify_ext(MBEDTLS_PK_NONE, options,
+ &pk,
+ MBEDTLS_MD_NONE,
+ NULL, 0,
+ buf, sizeof(buf)) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_pk_verify( &pk,
- MBEDTLS_MD_NONE,
- NULL, 0,
- buf, sizeof( buf ) ) ==
- MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_pk_encrypt(&pk,
+ NULL, 0,
+ NULL, &len, 0,
+ mbedtls_test_rnd_std_rand, NULL) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
- &pk,
- MBEDTLS_MD_NONE,
- NULL, 0,
- buf, sizeof( buf ) ) ==
- MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
- TEST_ASSERT( mbedtls_pk_encrypt( &pk,
- NULL, 0,
- NULL, &len, 0,
- mbedtls_test_rnd_std_rand, NULL ) ==
- MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
- TEST_ASSERT( mbedtls_pk_decrypt( &pk,
- NULL, 0,
- NULL, &len, 0,
- mbedtls_test_rnd_std_rand, NULL ) ==
- MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_pk_decrypt(&pk,
+ NULL, 0,
+ NULL, &len, 0,
+ mbedtls_test_rnd_std_rand, NULL) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA);
#if defined(MBEDTLS_PK_PARSE_C)
- TEST_ASSERT( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1 ) ==
- MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+ TEST_ASSERT(mbedtls_pk_parse_key(&pk, NULL, 0, NULL, 1) ==
+ MBEDTLS_ERR_PK_KEY_INVALID_FORMAT);
- TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, NULL, 0 ) ==
- MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+ TEST_ASSERT(mbedtls_pk_parse_public_key(&pk, NULL, 0) ==
+ MBEDTLS_ERR_PK_KEY_INVALID_FORMAT);
#endif /* MBEDTLS_PK_PARSE_C */
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C */
-void valid_parameters_pkwrite( data_t *key_data )
+void valid_parameters_pkwrite(data_t *key_data)
{
mbedtls_pk_context pk;
/* For the write tests to be effective, we need a valid key pair. */
- mbedtls_pk_init( &pk );
- TEST_ASSERT( mbedtls_pk_parse_key( &pk,
- key_data->x, key_data->len,
- NULL, 0 ) == 0 );
+ mbedtls_pk_init(&pk);
+ TEST_ASSERT(mbedtls_pk_parse_key(&pk,
+ key_data->x, key_data->len,
+ NULL, 0) == 0);
- TEST_ASSERT( mbedtls_pk_write_key_der( &pk, NULL, 0 ) ==
- MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ TEST_ASSERT(mbedtls_pk_write_key_der(&pk, NULL, 0) ==
+ MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
- TEST_ASSERT( mbedtls_pk_write_pubkey_der( &pk, NULL, 0 ) ==
- MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ TEST_ASSERT(mbedtls_pk_write_pubkey_der(&pk, NULL, 0) ==
+ MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
#if defined(MBEDTLS_PEM_WRITE_C)
- TEST_ASSERT( mbedtls_pk_write_key_pem( &pk, NULL, 0 ) ==
- MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+ TEST_ASSERT(mbedtls_pk_write_key_pem(&pk, NULL, 0) ==
+ MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL);
- TEST_ASSERT( mbedtls_pk_write_pubkey_pem( &pk, NULL, 0 ) ==
- MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+ TEST_ASSERT(mbedtls_pk_write_pubkey_pem(&pk, NULL, 0) ==
+ MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL);
#endif /* MBEDTLS_PEM_WRITE_C */
exit:
- mbedtls_pk_free( &pk );
+ mbedtls_pk_free(&pk);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void invalid_parameters( )
+void invalid_parameters()
{
size_t len;
unsigned char *null_buf = NULL;
unsigned char buf[1];
unsigned char *p = buf;
- char str[1] = {0};
+ char str[1] = { 0 };
mbedtls_pk_context pk;
mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
void *options = buf;
@@ -339,253 +341,253 @@
(void) p;
(void) str;
- mbedtls_pk_init( &pk );
+ mbedtls_pk_init(&pk);
- TEST_INVALID_PARAM( mbedtls_pk_init( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_pk_init(NULL));
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_INVALID_PARAM( mbedtls_pk_restart_init( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_pk_restart_init(NULL));
#endif
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_setup( NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_setup(NULL, NULL));
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_setup_rsa_alt( NULL, buf,
- NULL, NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_setup_rsa_alt(NULL, buf,
+ NULL, NULL, NULL));
#endif
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_restartable( NULL,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- buf, sizeof( buf ),
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_restartable( &pk,
- MBEDTLS_MD_NONE,
- NULL, sizeof( buf ),
- buf, sizeof( buf ),
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_restartable( &pk,
- valid_md,
- NULL, 0,
- buf, sizeof( buf ),
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_restartable( &pk,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- NULL, sizeof( buf ),
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_restartable(NULL,
+ MBEDTLS_MD_NONE,
+ buf, sizeof(buf),
+ buf, sizeof(buf),
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_restartable(&pk,
+ MBEDTLS_MD_NONE,
+ NULL, sizeof(buf),
+ buf, sizeof(buf),
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_restartable(&pk,
+ valid_md,
+ NULL, 0,
+ buf, sizeof(buf),
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_restartable(&pk,
+ MBEDTLS_MD_NONE,
+ buf, sizeof(buf),
+ NULL, sizeof(buf),
+ NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify( NULL,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify( &pk,
- MBEDTLS_MD_NONE,
- NULL, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify( &pk,
- valid_md,
- NULL, 0,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify( &pk,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- NULL, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify(NULL,
+ MBEDTLS_MD_NONE,
+ buf, sizeof(buf),
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify(&pk,
+ MBEDTLS_MD_NONE,
+ NULL, sizeof(buf),
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify(&pk,
+ valid_md,
+ NULL, 0,
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify(&pk,
+ MBEDTLS_MD_NONE,
+ buf, sizeof(buf),
+ NULL, sizeof(buf)));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
- NULL,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
- &pk,
- MBEDTLS_MD_NONE,
- NULL, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
- &pk,
- valid_md,
- NULL, 0,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
- &pk,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- NULL, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_ext(MBEDTLS_PK_NONE, options,
+ NULL,
+ MBEDTLS_MD_NONE,
+ buf, sizeof(buf),
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_ext(MBEDTLS_PK_NONE, options,
+ &pk,
+ MBEDTLS_MD_NONE,
+ NULL, sizeof(buf),
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_ext(MBEDTLS_PK_NONE, options,
+ &pk,
+ valid_md,
+ NULL, 0,
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_ext(MBEDTLS_PK_NONE, options,
+ &pk,
+ MBEDTLS_MD_NONE,
+ buf, sizeof(buf),
+ NULL, sizeof(buf)));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign_restartable( NULL, MBEDTLS_MD_NONE, buf, sizeof( buf ),
- buf, &len, mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign_restartable(NULL, MBEDTLS_MD_NONE, buf, sizeof(buf),
+ buf, &len, mbedtls_test_rnd_std_rand,
+ NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ),
- buf, &len, mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign_restartable(&pk, MBEDTLS_MD_NONE, NULL, sizeof(buf),
+ buf, &len, mbedtls_test_rnd_std_rand,
+ NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign_restartable( &pk, valid_md, NULL, 0, buf, &len,
- mbedtls_test_rnd_std_rand, NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign_restartable(&pk, valid_md, NULL, 0, buf, &len,
+ mbedtls_test_rnd_std_rand, NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ),
- NULL, &len, mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign_restartable(&pk, MBEDTLS_MD_NONE, buf, sizeof(buf),
+ NULL, &len, mbedtls_test_rnd_std_rand,
+ NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign( NULL, MBEDTLS_MD_NONE, buf, sizeof( buf ),
- buf, &len, mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign(NULL, MBEDTLS_MD_NONE, buf, sizeof(buf),
+ buf, &len, mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ),
- buf, &len, mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign(&pk, MBEDTLS_MD_NONE, NULL, sizeof(buf),
+ buf, &len, mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign( &pk, valid_md, NULL, 0, buf, &len,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign(&pk, valid_md, NULL, 0, buf, &len,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ), NULL, &len,
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign(&pk, MBEDTLS_MD_NONE, buf, sizeof(buf), NULL, &len,
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_decrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_decrypt(NULL, buf, sizeof(buf), buf, &len, sizeof(buf),
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_decrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_decrypt(&pk, NULL, sizeof(buf), buf, &len, sizeof(buf),
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_decrypt(&pk, buf, sizeof(buf), NULL, &len, sizeof(buf),
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_decrypt(&pk, buf, sizeof(buf), buf, NULL, sizeof(buf),
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_encrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_encrypt(NULL, buf, sizeof(buf), buf, &len, sizeof(buf),
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_encrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_encrypt(&pk, NULL, sizeof(buf), buf, &len, sizeof(buf),
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_encrypt(&pk, buf, sizeof(buf), NULL, &len, sizeof(buf),
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_encrypt(&pk, buf, sizeof(buf), buf, NULL, sizeof(buf),
+ mbedtls_test_rnd_std_rand, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_check_pair( NULL, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_check_pair( &pk, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_check_pair(NULL, &pk));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_check_pair(&pk, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_debug( NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_debug(NULL, NULL));
#if defined(MBEDTLS_PK_PARSE_C)
#if defined(MBEDTLS_FS_IO)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_load_file( NULL, &p, &len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_load_file( str, NULL, &len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_load_file( str, &p, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_load_file(NULL, &p, &len));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_load_file(str, NULL, &len));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_load_file(str, &p, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_keyfile( NULL, str, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_keyfile( &pk, NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_keyfile(NULL, str, NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_keyfile(&pk, NULL, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_public_keyfile( NULL, str ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_public_keyfile( &pk, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_public_keyfile(NULL, str));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_public_keyfile(&pk, NULL));
#endif
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_subpubkey( NULL, buf, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_subpubkey( &null_buf, buf, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_subpubkey( &p, NULL, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_subpubkey( &p, buf, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_subpubkey(NULL, buf, &pk));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_subpubkey(&null_buf, buf, &pk));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_subpubkey(&p, NULL, &pk));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_subpubkey(&p, buf, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_key( NULL,
- buf, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_key( &pk,
- NULL, sizeof( buf ),
- buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_key(NULL,
+ buf, sizeof(buf),
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_key(&pk,
+ NULL, sizeof(buf),
+ buf, sizeof(buf)));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_public_key( NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_public_key( &pk,
- NULL, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_public_key(NULL,
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_public_key(&pk,
+ NULL, sizeof(buf)));
#endif /* MBEDTLS_PK_PARSE_C */
#if defined(MBEDTLS_PK_WRITE_C)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey( NULL, p, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey( &null_buf, p, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey( &p, NULL, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey( &p, p, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_pubkey(NULL, p, &pk));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_pubkey(&null_buf, p, &pk));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_pubkey(&p, NULL, &pk));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_pubkey(&p, p, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey_der( NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey_der( &pk,
- NULL, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_pubkey_der(NULL,
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_pubkey_der(&pk,
+ NULL, sizeof(buf)));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_key_der( NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_key_der( &pk,
- NULL, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_key_der(NULL,
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_key_der(&pk,
+ NULL, sizeof(buf)));
#if defined(MBEDTLS_PEM_WRITE_C)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey_pem( NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey_pem( &pk,
- NULL, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_pubkey_pem(NULL,
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_pubkey_pem(&pk,
+ NULL, sizeof(buf)));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_key_pem( NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_key_pem( &pk,
- NULL, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_key_pem(NULL,
+ buf, sizeof(buf)));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_key_pem(&pk,
+ NULL, sizeof(buf)));
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_PK_WRITE_C */
@@ -593,60 +595,59 @@
/* END_CASE */
/* BEGIN_CASE */
-void pk_utils( int type, int parameter, int bitlen, int len, char * name )
+void pk_utils(int type, int parameter, int bitlen, int len, char *name)
{
mbedtls_pk_context pk;
- mbedtls_pk_init( &pk );
+ mbedtls_pk_init(&pk);
- TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
- TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 );
+ TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
+ TEST_ASSERT(pk_genkey(&pk, parameter) == 0);
- TEST_ASSERT( (int) mbedtls_pk_get_type( &pk ) == type );
- TEST_ASSERT( mbedtls_pk_can_do( &pk, type ) );
- TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == (unsigned) bitlen );
- TEST_ASSERT( mbedtls_pk_get_len( &pk ) == (unsigned) len );
- TEST_ASSERT( strcmp( mbedtls_pk_get_name( &pk), name ) == 0 );
+ TEST_ASSERT((int) mbedtls_pk_get_type(&pk) == type);
+ TEST_ASSERT(mbedtls_pk_can_do(&pk, type));
+ TEST_ASSERT(mbedtls_pk_get_bitlen(&pk) == (unsigned) bitlen);
+ TEST_ASSERT(mbedtls_pk_get_len(&pk) == (unsigned) len);
+ TEST_ASSERT(strcmp(mbedtls_pk_get_name(&pk), name) == 0);
exit:
- mbedtls_pk_free( &pk );
+ mbedtls_pk_free(&pk);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO */
-void mbedtls_pk_check_pair( char * pub_file, char * prv_file, int ret )
+void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret)
{
mbedtls_pk_context pub, prv, alt;
- mbedtls_pk_init( &pub );
- mbedtls_pk_init( &prv );
- mbedtls_pk_init( &alt );
+ mbedtls_pk_init(&pub);
+ mbedtls_pk_init(&prv);
+ mbedtls_pk_init(&alt);
- TEST_ASSERT( mbedtls_pk_parse_public_keyfile( &pub, pub_file ) == 0 );
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&pub, pub_file) == 0);
+ TEST_ASSERT(mbedtls_pk_parse_keyfile(&prv, prv_file, NULL) == 0);
- TEST_ASSERT( mbedtls_pk_check_pair( &pub, &prv ) == ret );
+ TEST_ASSERT(mbedtls_pk_check_pair(&pub, &prv) == ret);
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
- if( mbedtls_pk_get_type( &prv ) == MBEDTLS_PK_RSA )
- {
- TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, mbedtls_pk_rsa( prv ),
- mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func,
- mbedtls_rsa_key_len_func ) == 0 );
- TEST_ASSERT( mbedtls_pk_check_pair( &pub, &alt ) == ret );
+ if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_RSA) {
+ TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&alt, mbedtls_pk_rsa(prv),
+ mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func,
+ mbedtls_rsa_key_len_func) == 0);
+ TEST_ASSERT(mbedtls_pk_check_pair(&pub, &alt) == ret);
}
#endif
- mbedtls_pk_free( &pub );
- mbedtls_pk_free( &prv );
- mbedtls_pk_free( &alt );
+ mbedtls_pk_free(&pub);
+ mbedtls_pk_free(&prv);
+ mbedtls_pk_free(&alt);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_verify_test_vec( data_t * message_str, int digest, int mod,
- char * input_N, char * input_E,
- data_t * result_str, int result )
+void pk_rsa_verify_test_vec(data_t *message_str, int digest, int mod,
+ char *input_N, char *input_E,
+ data_t *result_str, int result)
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
mbedtls_rsa_context *rsa;
@@ -656,46 +657,49 @@
mbedtls_pk_restart_ctx ctx;
rs_ctx = &ctx;
- mbedtls_pk_restart_init( rs_ctx );
+ mbedtls_pk_restart_init(rs_ctx);
// this setting would ensure restart would happen if ECC was used
- mbedtls_ecp_set_max_ops( 1 );
+ mbedtls_ecp_set_max_ops(1);
#endif
- mbedtls_pk_init( &pk );
+ mbedtls_pk_init(&pk);
- memset( hash_result, 0x00, MBEDTLS_MD_MAX_SIZE );
+ memset(hash_result, 0x00, MBEDTLS_MD_MAX_SIZE);
- TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
- rsa = mbedtls_pk_rsa( pk );
+ TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
+ rsa = mbedtls_pk_rsa(pk);
rsa->len = mod / 8;
- TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, input_E ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0);
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
+ if (mbedtls_md_info_from_type(digest) != NULL) {
+ TEST_ASSERT(mbedtls_md(mbedtls_md_info_from_type(digest), message_str->x, message_str->len,
+ hash_result) == 0);
+ }
- TEST_ASSERT( mbedtls_pk_verify( &pk, digest, hash_result, 0,
- result_str->x, mbedtls_pk_get_len( &pk ) ) == result );
+ TEST_ASSERT(mbedtls_pk_verify(&pk, digest, hash_result, 0,
+ result_str->x, mbedtls_pk_get_len(&pk)) == result);
- TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, digest, hash_result, 0,
- result_str->x, mbedtls_pk_get_len( &pk ), rs_ctx ) == result );
+ TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, digest, hash_result, 0,
+ result_str->x, mbedtls_pk_get_len(
+ &pk), rs_ctx) == result);
exit:
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- mbedtls_pk_restart_free( rs_ctx );
+ mbedtls_pk_restart_free(rs_ctx);
#endif
- mbedtls_pk_free( &pk );
+ mbedtls_pk_free(&pk);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_verify_ext_test_vec( data_t * message_str, int digest,
- int mod, char * input_N,
- char * input_E, data_t * result_str,
- int pk_type, int mgf1_hash_id,
- int salt_len, int result )
+void pk_rsa_verify_ext_test_vec(data_t *message_str, int digest,
+ int mod, char *input_N,
+ char *input_E, data_t *result_str,
+ int pk_type, int mgf1_hash_id,
+ int salt_len, int result)
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
mbedtls_rsa_context *rsa;
@@ -704,85 +708,79 @@
void *options;
size_t hash_len;
- mbedtls_pk_init( &pk );
+ mbedtls_pk_init(&pk);
- memset( hash_result, 0x00, sizeof( hash_result ) );
+ memset(hash_result, 0x00, sizeof(hash_result));
- TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
- rsa = mbedtls_pk_rsa( pk );
+ TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
+ rsa = mbedtls_pk_rsa(pk);
rsa->len = mod / 8;
- TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, input_E ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0);
- if( digest != MBEDTLS_MD_NONE )
- {
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
- message_str->x, message_str->len, hash_result ) == 0 );
+ if (digest != MBEDTLS_MD_NONE) {
+ TEST_ASSERT(mbedtls_md(mbedtls_md_info_from_type(digest),
+ message_str->x, message_str->len, hash_result) == 0);
hash_len = 0;
- }
- else
- {
- memcpy( hash_result, message_str->x, message_str->len );
+ } else {
+ memcpy(hash_result, message_str->x, message_str->len);
hash_len = message_str->len;
}
- if( mgf1_hash_id < 0 )
- {
+ if (mgf1_hash_id < 0) {
options = NULL;
- }
- else
- {
+ } else {
options = &pss_opts;
pss_opts.mgf1_hash_id = mgf1_hash_id;
pss_opts.expected_salt_len = salt_len;
}
- TEST_ASSERT( mbedtls_pk_verify_ext( pk_type, options, &pk,
- digest, hash_result, hash_len,
- result_str->x, mbedtls_pk_get_len( &pk ) ) == result );
+ TEST_ASSERT(mbedtls_pk_verify_ext(pk_type, options, &pk,
+ digest, hash_result, hash_len,
+ result_str->x, mbedtls_pk_get_len(&pk)) == result);
exit:
- mbedtls_pk_free( &pk );
+ mbedtls_pk_free(&pk);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C */
-void pk_ec_test_vec( int type, int id, data_t * key, data_t * hash,
- data_t * sig, int ret )
+void pk_ec_test_vec(int type, int id, data_t *key, data_t *hash,
+ data_t *sig, int ret)
{
mbedtls_pk_context pk;
mbedtls_ecp_keypair *eckey;
- mbedtls_pk_init( &pk );
- USE_PSA_INIT( );
+ mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
- TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
+ TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
- TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) );
- eckey = mbedtls_pk_ec( pk );
+ TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA));
+ eckey = mbedtls_pk_ec(pk);
- TEST_ASSERT( mbedtls_ecp_group_load( &eckey->grp, id ) == 0 );
- TEST_ASSERT( mbedtls_ecp_point_read_binary( &eckey->grp, &eckey->Q,
- key->x, key->len ) == 0 );
+ TEST_ASSERT(mbedtls_ecp_group_load(&eckey->grp, id) == 0);
+ TEST_ASSERT(mbedtls_ecp_point_read_binary(&eckey->grp, &eckey->Q,
+ key->x, key->len) == 0);
// MBEDTLS_MD_NONE is used since it will be ignored.
- TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE,
- hash->x, hash->len, sig->x, sig->len ) == ret );
+ TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_NONE,
+ hash->x, hash->len, sig->x, sig->len) == ret);
exit:
- mbedtls_pk_free( &pk );
- USE_PSA_DONE( );
+ mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC */
-void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str,
- char *QX_str, char *QY_str,
- int md_alg, char *msg, data_t *sig_check,
- int max_ops, int min_restart, int max_restart )
+void pk_sign_verify_restart(int pk_type, int grp_id, char *d_str,
+ char *QX_str, char *QY_str,
+ int md_alg, char *msg, data_t *sig_check,
+ int max_ops, int min_restart, int max_restart)
{
int ret, cnt_restart;
mbedtls_pk_restart_ctx rs_ctx;
@@ -792,94 +790,93 @@
size_t hlen, slen;
const mbedtls_md_info_t *md_info;
- mbedtls_pk_restart_init( &rs_ctx );
- mbedtls_pk_init( &prv );
- mbedtls_pk_init( &pub );
- memset( hash, 0, sizeof( hash ) );
- memset( sig, 0, sizeof( sig ) );
+ mbedtls_pk_restart_init(&rs_ctx);
+ mbedtls_pk_init(&prv);
+ mbedtls_pk_init(&pub);
+ memset(hash, 0, sizeof(hash));
+ memset(sig, 0, sizeof(sig));
- TEST_ASSERT( mbedtls_pk_setup( &prv, mbedtls_pk_info_from_type( pk_type ) ) == 0 );
- TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( prv )->grp, grp_id ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &mbedtls_pk_ec( prv )->d, d_str ) == 0 );
+ TEST_ASSERT(mbedtls_pk_setup(&prv, mbedtls_pk_info_from_type(pk_type)) == 0);
+ TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec(prv)->grp, grp_id) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&mbedtls_pk_ec(prv)->d, d_str) == 0);
- TEST_ASSERT( mbedtls_pk_setup( &pub, mbedtls_pk_info_from_type( pk_type ) ) == 0 );
- TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 );
- TEST_ASSERT( mbedtls_ecp_point_read_string( &mbedtls_pk_ec( pub )->Q, 16, QX_str, QY_str ) == 0 );
+ TEST_ASSERT(mbedtls_pk_setup(&pub, mbedtls_pk_info_from_type(pk_type)) == 0);
+ TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec(pub)->grp, grp_id) == 0);
+ TEST_ASSERT(mbedtls_ecp_point_read_string(&mbedtls_pk_ec(pub)->Q, 16, QX_str, QY_str) == 0);
- md_info = mbedtls_md_info_from_type( md_alg );
- TEST_ASSERT( md_info != NULL );
+ md_info = mbedtls_md_info_from_type(md_alg);
+ TEST_ASSERT(md_info != NULL);
- hlen = mbedtls_md_get_size( md_info );
- TEST_ASSERT( mbedtls_md( md_info,
- (const unsigned char *) msg, strlen( msg ),
- hash ) == 0 );
+ hlen = mbedtls_md_get_size(md_info);
+ TEST_ASSERT(mbedtls_md(md_info,
+ (const unsigned char *) msg, strlen(msg),
+ hash) == 0);
- mbedtls_ecp_set_max_ops( max_ops );
+ mbedtls_ecp_set_max_ops(max_ops);
- slen = sizeof( sig );
+ slen = sizeof(sig);
cnt_restart = 0;
do {
- ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
- sig, &slen, NULL, NULL, &rs_ctx );
- } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+ ret = mbedtls_pk_sign_restartable(&prv, md_alg, hash, hlen,
+ sig, &slen, NULL, NULL, &rs_ctx);
+ } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( slen == sig_check->len );
- TEST_ASSERT( memcmp( sig, sig_check->x, slen ) == 0 );
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(slen == sig_check->len);
+ TEST_ASSERT(memcmp(sig, sig_check->x, slen) == 0);
- TEST_ASSERT( cnt_restart >= min_restart );
- TEST_ASSERT( cnt_restart <= max_restart );
+ TEST_ASSERT(cnt_restart >= min_restart);
+ TEST_ASSERT(cnt_restart <= max_restart);
cnt_restart = 0;
do {
- ret = mbedtls_pk_verify_restartable( &pub, md_alg,
- hash, hlen, sig, slen, &rs_ctx );
- } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+ ret = mbedtls_pk_verify_restartable(&pub, md_alg,
+ hash, hlen, sig, slen, &rs_ctx);
+ } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( cnt_restart >= min_restart );
- TEST_ASSERT( cnt_restart <= max_restart );
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(cnt_restart >= min_restart);
+ TEST_ASSERT(cnt_restart <= max_restart);
hash[0]++;
do {
- ret = mbedtls_pk_verify_restartable( &pub, md_alg,
- hash, hlen, sig, slen, &rs_ctx );
- } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
- TEST_ASSERT( ret != 0 );
+ ret = mbedtls_pk_verify_restartable(&pub, md_alg,
+ hash, hlen, sig, slen, &rs_ctx);
+ } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
+ TEST_ASSERT(ret != 0);
hash[0]--;
sig[0]++;
do {
- ret = mbedtls_pk_verify_restartable( &pub, md_alg,
- hash, hlen, sig, slen, &rs_ctx );
- } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
- TEST_ASSERT( ret != 0 );
+ ret = mbedtls_pk_verify_restartable(&pub, md_alg,
+ hash, hlen, sig, slen, &rs_ctx);
+ } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
+ TEST_ASSERT(ret != 0);
sig[0]--;
/* Do we leak memory when aborting? try verify then sign
* This test only makes sense when we actually restart */
- if( min_restart > 0 )
- {
- ret = mbedtls_pk_verify_restartable( &pub, md_alg,
- hash, hlen, sig, slen, &rs_ctx );
- TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
- mbedtls_pk_restart_free( &rs_ctx );
+ if (min_restart > 0) {
+ ret = mbedtls_pk_verify_restartable(&pub, md_alg,
+ hash, hlen, sig, slen, &rs_ctx);
+ TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
+ mbedtls_pk_restart_free(&rs_ctx);
- slen = sizeof( sig );
- ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
- sig, &slen, NULL, NULL, &rs_ctx );
- TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+ slen = sizeof(sig);
+ ret = mbedtls_pk_sign_restartable(&prv, md_alg, hash, hlen,
+ sig, &slen, NULL, NULL, &rs_ctx);
+ TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
}
exit:
- mbedtls_pk_restart_free( &rs_ctx );
- mbedtls_pk_free( &prv );
- mbedtls_pk_free( &pub );
+ mbedtls_pk_restart_free(&rs_ctx);
+ mbedtls_pk_free(&prv);
+ mbedtls_pk_free(&pub);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void pk_sign_verify( int type, int parameter, int sign_ret, int verify_ret )
+void pk_sign_verify(int type, int parameter, int sign_ret, int verify_ret)
{
mbedtls_pk_context pk;
size_t sig_len, hash_len;
@@ -891,88 +888,88 @@
mbedtls_pk_restart_ctx ctx;
rs_ctx = &ctx;
- mbedtls_pk_restart_init( rs_ctx );
+ mbedtls_pk_restart_init(rs_ctx);
/* This value is large enough that the operation will complete in one run.
* See comments at the top of ecp_test_vect_restart in
* test_suite_ecp.function for estimates of operation counts. */
- mbedtls_ecp_set_max_ops( 42000 );
+ mbedtls_ecp_set_max_ops(42000);
#endif
- hash_len = mbedtls_md_get_size( mbedtls_md_info_from_type( md ) );
- ASSERT_ALLOC( hash, hash_len );
+ hash_len = mbedtls_md_get_size(mbedtls_md_info_from_type(md));
+ ASSERT_ALLOC(hash, hash_len);
- mbedtls_pk_init( &pk );
- USE_PSA_INIT( );
+ mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
- memset( hash, 0x2a, hash_len );
- memset( sig, 0, sizeof sig );
+ memset(hash, 0x2a, hash_len);
+ memset(sig, 0, sizeof sig);
- TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
- TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 );
+ TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
+ TEST_ASSERT(pk_genkey(&pk, parameter) == 0);
- TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, md,
- hash, hash_len, sig, &sig_len,
- mbedtls_test_rnd_std_rand, NULL, rs_ctx ) == sign_ret );
- if( sign_ret == 0 )
- TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE );
- else
+ TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, md,
+ hash, hash_len, sig, &sig_len,
+ mbedtls_test_rnd_std_rand, NULL, rs_ctx) == sign_ret);
+ if (sign_ret == 0) {
+ TEST_ASSERT(sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE);
+ } else {
sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE;
+ }
- TEST_ASSERT( mbedtls_pk_verify( &pk, md,
- hash, hash_len, sig, sig_len ) == verify_ret );
+ TEST_ASSERT(mbedtls_pk_verify(&pk, md,
+ hash, hash_len, sig, sig_len) == verify_ret);
- if( verify_ret == 0 )
- {
+ if (verify_ret == 0) {
hash[0]++;
- TEST_ASSERT( mbedtls_pk_verify( &pk, md,
- hash, hash_len, sig, sig_len ) != 0 );
+ TEST_ASSERT(mbedtls_pk_verify(&pk, md,
+ hash, hash_len, sig, sig_len) != 0);
hash[0]--;
sig[0]++;
- TEST_ASSERT( mbedtls_pk_verify( &pk, md,
- hash, hash_len, sig, sig_len ) != 0 );
+ TEST_ASSERT(mbedtls_pk_verify(&pk, md,
+ hash, hash_len, sig, sig_len) != 0);
sig[0]--;
}
- TEST_ASSERT( mbedtls_pk_sign( &pk, md, hash, hash_len,
- sig, &sig_len,
- mbedtls_test_rnd_std_rand,
- NULL ) == sign_ret );
- if( sign_ret == 0 )
- TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE );
- else
+ TEST_ASSERT(mbedtls_pk_sign(&pk, md, hash, hash_len,
+ sig, &sig_len,
+ mbedtls_test_rnd_std_rand,
+ NULL) == sign_ret);
+ if (sign_ret == 0) {
+ TEST_ASSERT(sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE);
+ } else {
sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE;
+ }
- TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, md,
- hash, hash_len, sig, sig_len, rs_ctx ) == verify_ret );
+ TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, md,
+ hash, hash_len, sig, sig_len, rs_ctx) == verify_ret);
- if( verify_ret == 0 )
- {
+ if (verify_ret == 0) {
hash[0]++;
- TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, md,
- hash, hash_len, sig, sig_len, rs_ctx ) != 0 );
+ TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, md,
+ hash, hash_len, sig, sig_len, rs_ctx) != 0);
hash[0]--;
sig[0]++;
- TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, md,
- hash, hash_len, sig, sig_len, rs_ctx ) != 0 );
+ TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, md,
+ hash, hash_len, sig, sig_len, rs_ctx) != 0);
sig[0]--;
}
exit:
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- mbedtls_pk_restart_free( rs_ctx );
+ mbedtls_pk_restart_free(rs_ctx);
#endif
- mbedtls_pk_free( &pk );
- mbedtls_free( hash );
- USE_PSA_DONE( );
+ mbedtls_pk_free(&pk);
+ mbedtls_free(hash);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_encrypt_test_vec( data_t * message, int mod,
- char * input_N, char * input_E,
- data_t * result, int ret )
+void pk_rsa_encrypt_test_vec(data_t *message, int mod,
+ char *input_N, char *input_E,
+ data_t *result, int ret)
{
unsigned char output[300];
mbedtls_test_rnd_pseudo_info rnd_info;
@@ -980,34 +977,34 @@
mbedtls_pk_context pk;
size_t olen;
- memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
- memset( output, 0, sizeof( output ) );
+ memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
+ memset(output, 0, sizeof(output));
- mbedtls_pk_init( &pk );
- TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
- rsa = mbedtls_pk_rsa( pk );
+ mbedtls_pk_init(&pk);
+ TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
+ rsa = mbedtls_pk_rsa(pk);
rsa->len = mod / 8;
- TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, input_E ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0);
- TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len,
- output, &olen, sizeof( output ),
- mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret );
- TEST_ASSERT( olen == result->len );
- TEST_ASSERT( memcmp( output, result->x, olen ) == 0 );
+ TEST_ASSERT(mbedtls_pk_encrypt(&pk, message->x, message->len,
+ output, &olen, sizeof(output),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret);
+ TEST_ASSERT(olen == result->len);
+ TEST_ASSERT(memcmp(output, result->x, olen) == 0);
exit:
- mbedtls_pk_free( &pk );
+ mbedtls_pk_free(&pk);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_decrypt_test_vec( data_t * cipher, int mod,
- char * input_P, char * input_Q,
- char * input_N, char * input_E,
- data_t * clear, int ret )
+void pk_rsa_decrypt_test_vec(data_t *cipher, int mod,
+ char *input_P, char *input_Q,
+ char *input_N, char *input_E,
+ data_t *clear, int ret)
{
unsigned char output[256];
mbedtls_test_rnd_pseudo_info rnd_info;
@@ -1016,49 +1013,48 @@
mbedtls_pk_context pk;
size_t olen;
- mbedtls_pk_init( &pk );
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
- mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
+ mbedtls_pk_init(&pk);
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
+ mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
- memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
/* init pk-rsa context */
- TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
- rsa = mbedtls_pk_rsa( pk );
+ TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
+ rsa = mbedtls_pk_rsa(pk);
/* load public key */
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
/* load private key */
- TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) );
- TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
+ TEST_ASSERT(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_get_len(rsa) == (size_t) (mod / 8));
+ TEST_ASSERT(mbedtls_rsa_complete(rsa) == 0);
/* decryption test */
- memset( output, 0, sizeof( output ) );
+ memset(output, 0, sizeof(output));
olen = 0;
- TEST_ASSERT( mbedtls_pk_decrypt( &pk, cipher->x, cipher->len,
- output, &olen, sizeof( output ),
- mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret );
- if( ret == 0 )
- {
- TEST_ASSERT( olen == clear->len );
- TEST_ASSERT( memcmp( output, clear->x, olen ) == 0 );
+ TEST_ASSERT(mbedtls_pk_decrypt(&pk, cipher->x, cipher->len,
+ output, &olen, sizeof(output),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret);
+ if (ret == 0) {
+ TEST_ASSERT(olen == clear->len);
+ TEST_ASSERT(memcmp(output, clear->x, olen) == 0);
}
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
- mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
- mbedtls_pk_free( &pk );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
+ mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
+ mbedtls_pk_free(&pk);
}
/* END_CASE */
/* BEGIN_CASE */
-void pk_ec_nocrypt( int type )
+void pk_ec_nocrypt(int type)
{
mbedtls_pk_context pk;
unsigned char output[100];
@@ -1067,65 +1063,66 @@
size_t olen = 0;
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
- mbedtls_pk_init( &pk );
+ mbedtls_pk_init(&pk);
- memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
- memset( output, 0, sizeof( output ) );
- memset( input, 0, sizeof( input ) );
+ memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
+ memset(output, 0, sizeof(output));
+ memset(input, 0, sizeof(input));
- TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
+ TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
- TEST_ASSERT( mbedtls_pk_encrypt( &pk, input, sizeof( input ),
- output, &olen, sizeof( output ),
- mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret );
+ TEST_ASSERT(mbedtls_pk_encrypt(&pk, input, sizeof(input),
+ output, &olen, sizeof(output),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret);
- TEST_ASSERT( mbedtls_pk_decrypt( &pk, input, sizeof( input ),
- output, &olen, sizeof( output ),
- mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret );
+ TEST_ASSERT(mbedtls_pk_decrypt(&pk, input, sizeof(input),
+ output, &olen, sizeof(output),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret);
exit:
- mbedtls_pk_free( &pk );
+ mbedtls_pk_free(&pk);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_overflow( )
+void pk_rsa_overflow()
{
mbedtls_pk_context pk;
size_t hash_len = SIZE_MAX, sig_len = SIZE_MAX;
unsigned char hash[50], sig[100];
- if( SIZE_MAX <= UINT_MAX )
+ if (SIZE_MAX <= UINT_MAX) {
return;
+ }
- memset( hash, 0x2a, sizeof hash );
- memset( sig, 0, sizeof sig );
+ memset(hash, 0x2a, sizeof hash);
+ memset(sig, 0, sizeof sig);
- mbedtls_pk_init( &pk );
+ mbedtls_pk_init(&pk);
- TEST_ASSERT( mbedtls_pk_setup( &pk,
- mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
+ TEST_ASSERT(mbedtls_pk_setup(&pk,
+ mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
#if defined(MBEDTLS_PKCS1_V21)
- TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, NULL, &pk,
- MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len ) ==
- MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_pk_verify_ext(MBEDTLS_PK_RSASSA_PSS, NULL, &pk,
+ MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA);
#endif /* MBEDTLS_PKCS1_V21 */
- TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, hash, hash_len,
- sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_NONE, hash, hash_len,
+ sig, sig_len) == MBEDTLS_ERR_PK_BAD_INPUT_DATA);
- TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig,
- &sig_len, mbedtls_test_rnd_std_rand, NULL )
- == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_NONE, hash, hash_len, sig,
+ &sig_len, mbedtls_test_rnd_std_rand, NULL)
+ == MBEDTLS_ERR_PK_BAD_INPUT_DATA);
exit:
- mbedtls_pk_free( &pk );
+ mbedtls_pk_free(&pk);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */
-void pk_rsa_alt( )
+void pk_rsa_alt()
{
/*
* An rsa_alt context can only do private operations (decrypt, sign).
@@ -1140,74 +1137,75 @@
size_t sig_len, ciph_len, test_len;
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
- mbedtls_rsa_init( &raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
- mbedtls_pk_init( &rsa ); mbedtls_pk_init( &alt );
+ mbedtls_rsa_init(&raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE);
+ mbedtls_pk_init(&rsa); mbedtls_pk_init(&alt);
- memset( hash, 0x2a, sizeof hash );
- memset( sig, 0, sizeof sig );
- memset( msg, 0x2a, sizeof msg );
- memset( ciph, 0, sizeof ciph );
- memset( test, 0, sizeof test );
+ memset(hash, 0x2a, sizeof hash);
+ memset(sig, 0, sizeof sig);
+ memset(msg, 0x2a, sizeof msg);
+ memset(ciph, 0, sizeof ciph);
+ memset(test, 0, sizeof test);
/* Initialize PK RSA context with random key */
- TEST_ASSERT( mbedtls_pk_setup( &rsa,
- mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
- TEST_ASSERT( pk_genkey( &rsa, RSA_KEY_SIZE ) == 0 );
+ TEST_ASSERT(mbedtls_pk_setup(&rsa,
+ mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
+ TEST_ASSERT(pk_genkey(&rsa, RSA_KEY_SIZE) == 0);
/* Extract key to the raw rsa context */
- TEST_ASSERT( mbedtls_rsa_copy( &raw, mbedtls_pk_rsa( rsa ) ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_copy(&raw, mbedtls_pk_rsa(rsa)) == 0);
/* Initialize PK RSA_ALT context */
- TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, (void *) &raw,
- mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, mbedtls_rsa_key_len_func ) == 0 );
+ TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&alt, (void *) &raw,
+ mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func,
+ mbedtls_rsa_key_len_func) == 0);
/* Test administrative functions */
- TEST_ASSERT( mbedtls_pk_can_do( &alt, MBEDTLS_PK_RSA ) );
- TEST_ASSERT( mbedtls_pk_get_bitlen( &alt ) == RSA_KEY_SIZE );
- TEST_ASSERT( mbedtls_pk_get_len( &alt ) == RSA_KEY_LEN );
- TEST_ASSERT( mbedtls_pk_get_type( &alt ) == MBEDTLS_PK_RSA_ALT );
- TEST_ASSERT( strcmp( mbedtls_pk_get_name( &alt ), "RSA-alt" ) == 0 );
+ TEST_ASSERT(mbedtls_pk_can_do(&alt, MBEDTLS_PK_RSA));
+ TEST_ASSERT(mbedtls_pk_get_bitlen(&alt) == RSA_KEY_SIZE);
+ TEST_ASSERT(mbedtls_pk_get_len(&alt) == RSA_KEY_LEN);
+ TEST_ASSERT(mbedtls_pk_get_type(&alt) == MBEDTLS_PK_RSA_ALT);
+ TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0);
/* Test signature */
#if SIZE_MAX > UINT_MAX
- TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, sig,
- &sig_len, mbedtls_test_rnd_std_rand, NULL )
- == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, sig,
+ &sig_len, mbedtls_test_rnd_std_rand, NULL)
+ == MBEDTLS_ERR_PK_BAD_INPUT_DATA);
#endif /* SIZE_MAX > UINT_MAX */
- TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, sig,
- &sig_len, mbedtls_test_rnd_std_rand, NULL )
- == 0 );
- TEST_ASSERT( sig_len == RSA_KEY_LEN );
- TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE,
- hash, sizeof hash, sig, sig_len ) == 0 );
+ TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, sizeof hash, sig,
+ &sig_len, mbedtls_test_rnd_std_rand, NULL)
+ == 0);
+ TEST_ASSERT(sig_len == RSA_KEY_LEN);
+ TEST_ASSERT(mbedtls_pk_verify(&rsa, MBEDTLS_MD_NONE,
+ hash, sizeof hash, sig, sig_len) == 0);
/* Test decrypt */
- TEST_ASSERT( mbedtls_pk_encrypt( &rsa, msg, sizeof msg,
- ciph, &ciph_len, sizeof ciph,
- mbedtls_test_rnd_std_rand, NULL ) == 0 );
- TEST_ASSERT( mbedtls_pk_decrypt( &alt, ciph, ciph_len,
- test, &test_len, sizeof test,
- mbedtls_test_rnd_std_rand, NULL ) == 0 );
- TEST_ASSERT( test_len == sizeof msg );
- TEST_ASSERT( memcmp( test, msg, test_len ) == 0 );
+ TEST_ASSERT(mbedtls_pk_encrypt(&rsa, msg, sizeof msg,
+ ciph, &ciph_len, sizeof ciph,
+ mbedtls_test_rnd_std_rand, NULL) == 0);
+ TEST_ASSERT(mbedtls_pk_decrypt(&alt, ciph, ciph_len,
+ test, &test_len, sizeof test,
+ mbedtls_test_rnd_std_rand, NULL) == 0);
+ TEST_ASSERT(test_len == sizeof msg);
+ TEST_ASSERT(memcmp(test, msg, test_len) == 0);
/* Test forbidden operations */
- TEST_ASSERT( mbedtls_pk_encrypt( &alt, msg, sizeof msg,
- ciph, &ciph_len, sizeof ciph,
- mbedtls_test_rnd_std_rand, NULL ) == ret );
- TEST_ASSERT( mbedtls_pk_verify( &alt, MBEDTLS_MD_NONE,
- hash, sizeof hash, sig, sig_len ) == ret );
- TEST_ASSERT( mbedtls_pk_debug( &alt, dbg_items ) == ret );
+ TEST_ASSERT(mbedtls_pk_encrypt(&alt, msg, sizeof msg,
+ ciph, &ciph_len, sizeof ciph,
+ mbedtls_test_rnd_std_rand, NULL) == ret);
+ TEST_ASSERT(mbedtls_pk_verify(&alt, MBEDTLS_MD_NONE,
+ hash, sizeof hash, sig, sig_len) == ret);
+ TEST_ASSERT(mbedtls_pk_debug(&alt, dbg_items) == ret);
exit:
- mbedtls_rsa_free( &raw );
- mbedtls_pk_free( &rsa ); mbedtls_pk_free( &alt );
+ mbedtls_rsa_free(&raw);
+ mbedtls_pk_free(&rsa); mbedtls_pk_free(&alt);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C */
-void pk_psa_sign( int grpid_arg,
- int psa_curve_arg, int expected_bits_arg )
+void pk_psa_sign(int grpid_arg,
+ int psa_curve_arg, int expected_bits_arg)
{
mbedtls_ecp_group_id grpid = grpid_arg;
mbedtls_pk_context pk;
@@ -1220,7 +1218,7 @@
int ret;
mbedtls_svc_key_id_t key_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_type_t expected_type = PSA_KEY_TYPE_ECC_KEY_PAIR( psa_curve_arg );
+ psa_key_type_t expected_type = PSA_KEY_TYPE_ECC_KEY_PAIR(psa_curve_arg);
size_t expected_bits = expected_bits_arg;
/*
@@ -1231,69 +1229,69 @@
* - parse it to a PK context and verify the signature this way
*/
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/* Create legacy EC public/private key in PK context. */
- mbedtls_pk_init( &pk );
- TEST_ASSERT( mbedtls_pk_setup( &pk,
- mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
- TEST_ASSERT( mbedtls_ecp_gen_key( grpid,
- (mbedtls_ecp_keypair*) pk.pk_ctx,
- mbedtls_test_rnd_std_rand, NULL ) == 0 );
+ mbedtls_pk_init(&pk);
+ TEST_ASSERT(mbedtls_pk_setup(&pk,
+ mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0);
+ TEST_ASSERT(mbedtls_ecp_gen_key(grpid,
+ (mbedtls_ecp_keypair *) pk.pk_ctx,
+ mbedtls_test_rnd_std_rand, NULL) == 0);
/* Export underlying public key for re-importing in a legacy context. */
- ret = mbedtls_pk_write_pubkey_der( &pk, pkey_legacy,
- sizeof( pkey_legacy ) );
- TEST_ASSERT( ret >= 0 );
+ ret = mbedtls_pk_write_pubkey_der(&pk, pkey_legacy,
+ sizeof(pkey_legacy));
+ TEST_ASSERT(ret >= 0);
klen_legacy = (size_t) ret;
/* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */
- pkey_legacy_start = pkey_legacy + sizeof( pkey_legacy ) - klen_legacy;
+ pkey_legacy_start = pkey_legacy + sizeof(pkey_legacy) - klen_legacy;
/* Turn PK context into an opaque one. */
- TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &key_id,
- PSA_ALG_SHA_256 ) == 0 );
+ TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&pk, &key_id,
+ PSA_ALG_SHA_256) == 0);
- PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) );
- TEST_EQUAL( psa_get_key_type( &attributes ), expected_type );
- TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits );
- TEST_EQUAL( psa_get_key_lifetime( &attributes ),
- PSA_KEY_LIFETIME_VOLATILE );
+ PSA_ASSERT(psa_get_key_attributes(key_id, &attributes));
+ TEST_EQUAL(psa_get_key_type(&attributes), expected_type);
+ TEST_EQUAL(psa_get_key_bits(&attributes), expected_bits);
+ TEST_EQUAL(psa_get_key_lifetime(&attributes),
+ PSA_KEY_LIFETIME_VOLATILE);
- memset( hash, 0x2a, sizeof hash );
- memset( sig, 0, sizeof sig );
+ memset(hash, 0x2a, sizeof hash);
+ memset(sig, 0, sizeof sig);
- TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, &sig_len,
- NULL, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256,
+ hash, sizeof hash, sig, &sig_len,
+ NULL, NULL) == 0);
/* Export underlying public key for re-importing in a psa context. */
- ret = mbedtls_pk_write_pubkey_der( &pk, pkey_psa,
- sizeof( pkey_psa ) );
- TEST_ASSERT( ret >= 0 );
+ ret = mbedtls_pk_write_pubkey_der(&pk, pkey_psa,
+ sizeof(pkey_psa));
+ TEST_ASSERT(ret >= 0);
klen_psa = (size_t) ret;
/* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */
- pkey_psa_start = pkey_psa + sizeof( pkey_psa ) - klen_psa;
+ pkey_psa_start = pkey_psa + sizeof(pkey_psa) - klen_psa;
- TEST_ASSERT( klen_psa == klen_legacy );
- TEST_ASSERT( memcmp( pkey_psa_start, pkey_legacy_start, klen_psa ) == 0 );
+ TEST_ASSERT(klen_psa == klen_legacy);
+ TEST_ASSERT(memcmp(pkey_psa_start, pkey_legacy_start, klen_psa) == 0);
- mbedtls_pk_free( &pk );
- TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key_id ) );
+ mbedtls_pk_free(&pk);
+ TEST_ASSERT(PSA_SUCCESS == psa_destroy_key(key_id));
- mbedtls_pk_init( &pk );
- TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey_legacy_start,
- klen_legacy ) == 0 );
- TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len ) == 0 );
+ mbedtls_pk_init(&pk);
+ TEST_ASSERT(mbedtls_pk_parse_public_key(&pk, pkey_legacy_start,
+ klen_legacy) == 0);
+ TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256,
+ hash, sizeof hash, sig, sig_len) == 0);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- mbedtls_pk_free( &pk );
- USE_PSA_DONE( );
+ mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function
index 385f86a..17d2ed7 100644
--- a/tests/suites/test_suite_pkcs12.function
+++ b/tests/suites/test_suite_pkcs12.function
@@ -2,10 +2,9 @@
#include "mbedtls/pkcs12.h"
#include "mbedtls/error.h"
-typedef enum
-{
- USE_NULL_INPUT = 0,
- USE_GIVEN_INPUT = 1,
+typedef enum {
+ USE_NULL_INPUT = 0,
+ USE_GIVEN_INPUT = 1,
} input_usage_method_t;
/* END_HEADER */
@@ -16,34 +15,36 @@
*/
/* BEGIN_CASE */
-void pkcs12_derive_key( int md_type, int key_size_arg,
- data_t *password_arg, int password_usage,
- data_t *salt_arg, int salt_usage,
- int iterations,
- data_t* expected_output, int expected_status )
+void pkcs12_derive_key(int md_type, int key_size_arg,
+ data_t *password_arg, int password_usage,
+ data_t *salt_arg, int salt_usage,
+ int iterations,
+ data_t *expected_output, int expected_status)
{
- unsigned char *output_data = NULL;
+ unsigned char *output_data = NULL;
- unsigned char *password = NULL;
- size_t password_len = 0;
- unsigned char *salt = NULL;
- size_t salt_len = 0;
- size_t key_size = key_size_arg;
+ unsigned char *password = NULL;
+ size_t password_len = 0;
+ unsigned char *salt = NULL;
+ size_t salt_len = 0;
+ size_t key_size = key_size_arg;
- if( password_usage == USE_GIVEN_INPUT )
- password = password_arg->x;
+ if (password_usage == USE_GIVEN_INPUT) {
+ password = password_arg->x;
+ }
- password_len = password_arg->len;
+ password_len = password_arg->len;
- if( salt_usage == USE_GIVEN_INPUT )
- salt = salt_arg->x;
+ if (salt_usage == USE_GIVEN_INPUT) {
+ salt = salt_arg->x;
+ }
- salt_len = salt_arg->len;
+ salt_len = salt_arg->len;
- ASSERT_ALLOC( output_data, key_size );
+ ASSERT_ALLOC(output_data, key_size);
- int ret = mbedtls_pkcs12_derivation( output_data,
+ int ret = mbedtls_pkcs12_derivation(output_data,
key_size,
password,
password_len,
@@ -51,18 +52,17 @@
salt_len,
md_type,
MBEDTLS_PKCS12_DERIVE_KEY,
- iterations );
+ iterations);
- TEST_EQUAL( ret, expected_status );
+ TEST_EQUAL(ret, expected_status);
- if( expected_status == 0 )
- {
- ASSERT_COMPARE( expected_output->x, expected_output->len,
- output_data, key_size );
- }
+ if (expected_status == 0) {
+ ASSERT_COMPARE(expected_output->x, expected_output->len,
+ output_data, key_size);
+ }
exit:
- mbedtls_free( output_data );
+ mbedtls_free(output_data);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 9fc4faa..83fc73a 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -9,10 +9,10 @@
*/
/* BEGIN_CASE */
-void pkcs1_rsaes_v15_encrypt( int mod, char * input_N,
- char * input_E, int hash,
- data_t * message_str, data_t * rnd_buf,
- data_t * result_str, int result )
+void pkcs1_rsaes_v15_encrypt(int mod, char *input_N,
+ char *input_E, int hash,
+ data_t *message_str, data_t *rnd_buf,
+ data_t *result_str, int result)
{
unsigned char output[128];
mbedtls_rsa_context ctx;
@@ -24,41 +24,41 @@
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
- memset( output, 0x00, sizeof( output ) );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
+ mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, hash);
+ memset(output, 0x00, sizeof(output));
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
- TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
+ TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
- if( message_str->len == 0 )
+ if (message_str->len == 0) {
message_str->x = NULL;
- TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
- &mbedtls_test_rnd_buffer_rand,
- &info, MBEDTLS_RSA_PUBLIC,
- message_str->len, message_str->x,
- output ) == result );
+ }
+ TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx,
+ &mbedtls_test_rnd_buffer_rand,
+ &info, MBEDTLS_RSA_PUBLIC,
+ message_str->len, message_str->x,
+ output) == result);
- if( result == 0 )
- {
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
- ctx.len, result_str->len ) == 0 );
+ if (result == 0) {
+ TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
+ ctx.len, result_str->len) == 0);
}
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
- mbedtls_rsa_free( &ctx );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void pkcs1_rsaes_v15_decrypt( int mod, char * input_P, char * input_Q,
- char * input_N, char * input_E, int hash,
- data_t * result_str, char * seed,
- data_t * message_str, int result )
+void pkcs1_rsaes_v15_decrypt(int mod, char *input_P, char *input_Q,
+ char *input_N, char *input_E, int hash,
+ data_t *result_str, char *seed,
+ data_t *message_str, int result)
{
unsigned char output[128];
mbedtls_rsa_context ctx;
@@ -67,60 +67,56 @@
mbedtls_mpi N, P, Q, E;
((void) seed);
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
- mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
+ mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
+ mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, hash);
- memset( output, 0x00, sizeof( output ) );
- memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ memset(output, 0x00, sizeof(output));
+ memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
- TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
- TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
- TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
+ TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
+ TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
- if( result_str->len == 0 )
- {
- TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info,
- MBEDTLS_RSA_PRIVATE,
- &output_len, message_str->x,
- NULL, 0 ) == result );
- }
- else
- {
- TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info, MBEDTLS_RSA_PRIVATE,
- &output_len, message_str->x,
- output, 1000 ) == result );
- if( result == 0 )
- {
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
- output_len,
- result_str->len) == 0 );
+ if (result_str->len == 0) {
+ TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info,
+ MBEDTLS_RSA_PRIVATE,
+ &output_len, message_str->x,
+ NULL, 0) == result);
+ } else {
+ TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, MBEDTLS_RSA_PRIVATE,
+ &output_len, message_str->x,
+ output, 1000) == result);
+ if (result == 0) {
+ TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
+ output_len,
+ result_str->len) == 0);
}
}
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
- mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
- mbedtls_rsa_free( &ctx );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
+ mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void pkcs1_v15_decode( int mode,
- data_t *input,
- int expected_plaintext_length_arg,
- int output_size_arg,
- int expected_result )
+void pkcs1_v15_decode(int mode,
+ data_t *input,
+ int expected_plaintext_length_arg,
+ int output_size_arg,
+ int expected_result)
{
size_t expected_plaintext_length = expected_plaintext_length_arg;
size_t output_size = output_size_arg;
@@ -190,48 +186,46 @@
unsigned char final[128];
size_t output_length = 0x7EA0;
- memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
- mbedtls_mpi_init( &Nmpi ); mbedtls_mpi_init( &Empi );
- mbedtls_mpi_init( &Pmpi ); mbedtls_mpi_init( &Qmpi );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
+ memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
+ mbedtls_mpi_init(&Nmpi); mbedtls_mpi_init(&Empi);
+ mbedtls_mpi_init(&Pmpi); mbedtls_mpi_init(&Qmpi);
+ mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, 0);
- TEST_ASSERT( mbedtls_mpi_read_binary( &Nmpi, N, sizeof( N ) ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &Empi, E, sizeof( E ) ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &Pmpi, P, sizeof( P ) ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &Qmpi, Q, sizeof( Q ) ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_read_binary(&Nmpi, N, sizeof(N)) == 0);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&Empi, E, sizeof(E)) == 0);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&Pmpi, P, sizeof(P)) == 0);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&Qmpi, Q, sizeof(Q)) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &Nmpi, &Pmpi, &Qmpi,
- NULL, &Empi ) == 0 );
- TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &Nmpi, &Pmpi, &Qmpi,
+ NULL, &Empi) == 0);
+ TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
- TEST_ASSERT( input->len <= sizeof( N ) );
- memcpy( original, input->x, input->len );
- memset( original + input->len, 'd', sizeof( original ) - input->len );
- if( mode == MBEDTLS_RSA_PRIVATE )
- TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 );
- else
- TEST_ASSERT( mbedtls_rsa_private( &ctx, &mbedtls_test_rnd_pseudo_rand,
- &rnd_info, original,
- intermediate ) == 0 );
-
- memcpy( final, default_content, sizeof( final ) );
- TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info, mode, &output_length,
- intermediate, final,
- output_size ) == expected_result );
- if( expected_result == 0 )
- {
- TEST_ASSERT( output_length == expected_plaintext_length );
- TEST_ASSERT( memcmp( original + sizeof( N ) - output_length,
- final,
- output_length ) == 0 );
+ TEST_ASSERT(input->len <= sizeof(N));
+ memcpy(original, input->x, input->len);
+ memset(original + input->len, 'd', sizeof(original) - input->len);
+ if (mode == MBEDTLS_RSA_PRIVATE) {
+ TEST_ASSERT(mbedtls_rsa_public(&ctx, original, intermediate) == 0);
+ } else {
+ TEST_ASSERT(mbedtls_rsa_private(&ctx, &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, original,
+ intermediate) == 0);
}
- else if( expected_result == MBEDTLS_ERR_RSA_INVALID_PADDING ||
- expected_result == MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE )
- {
+
+ memcpy(final, default_content, sizeof(final));
+ TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, mode, &output_length,
+ intermediate, final,
+ output_size) == expected_result);
+ if (expected_result == 0) {
+ TEST_ASSERT(output_length == expected_plaintext_length);
+ TEST_ASSERT(memcmp(original + sizeof(N) - output_length,
+ final,
+ output_length) == 0);
+ } else if (expected_result == MBEDTLS_ERR_RSA_INVALID_PADDING ||
+ expected_result == MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE) {
size_t max_payload_length =
- output_size > sizeof( N ) - 11 ? sizeof( N ) - 11 : output_size;
+ output_size > sizeof(N) - 11 ? sizeof(N) - 11 : output_size;
size_t i;
size_t count = 0;
@@ -240,34 +234,36 @@
* implementation currently does. Alternative implementations
* may produce different output, so we only perform these precise
* checks when using the default implementation. */
- TEST_ASSERT( output_length == max_payload_length );
- for( i = 0; i < max_payload_length; i++ )
- TEST_ASSERT( final[i] == 0 );
+ TEST_ASSERT(output_length == max_payload_length);
+ for (i = 0; i < max_payload_length; i++) {
+ TEST_ASSERT(final[i] == 0);
+ }
#endif
/* Even in alternative implementations, the outputs must have
* changed, otherwise it indicates at least a timing vulnerability
* because no write to the outputs is performed in the bad case. */
- TEST_ASSERT( output_length != 0x7EA0 );
- for( i = 0; i < max_payload_length; i++ )
- count += ( final[i] == default_content[i] );
+ TEST_ASSERT(output_length != 0x7EA0);
+ for (i = 0; i < max_payload_length; i++) {
+ count += (final[i] == default_content[i]);
+ }
/* If more than 16 bytes are unchanged in final, that's evidence
* that final wasn't overwritten. */
- TEST_ASSERT( count < 16 );
+ TEST_ASSERT(count < 16);
}
exit:
- mbedtls_mpi_free( &Nmpi ); mbedtls_mpi_free( &Empi );
- mbedtls_mpi_free( &Pmpi ); mbedtls_mpi_free( &Qmpi );
- mbedtls_rsa_free( &ctx );
+ mbedtls_mpi_free(&Nmpi); mbedtls_mpi_free(&Empi);
+ mbedtls_mpi_free(&Pmpi); mbedtls_mpi_free(&Qmpi);
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void pkcs1_rsassa_v15_sign( int mod, char * input_P,
- char * input_Q, char * input_N,
- char * input_E, int digest, int hash,
- data_t * message_str, data_t * rnd_buf,
- data_t * result_str, int result )
+void pkcs1_rsassa_v15_sign(int mod, char *input_P,
+ char *input_Q, char *input_N,
+ char *input_E, int digest, int hash,
+ data_t *message_str, data_t *rnd_buf,
+ data_t *result_str, int result)
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
unsigned char output[128];
@@ -280,72 +276,76 @@
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
- mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
+ mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
+ mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, hash);
- memset( hash_result, 0x00, sizeof( hash_result ) );
- memset( output, 0x00, sizeof( output ) );
+ memset(hash_result, 0x00, sizeof(hash_result));
+ memset(output, 0x00, sizeof(output));
- TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
- TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
- TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
+ TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
+ TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
+ if (mbedtls_md_info_from_type(digest) != NULL) {
+ TEST_ASSERT(mbedtls_md(mbedtls_md_info_from_type(digest), message_str->x, message_str->len,
+ hash_result) == 0);
+ }
- TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
- &info, MBEDTLS_RSA_PRIVATE, digest,
- 0, hash_result, output ) == result );
- if( result == 0 )
- {
+ TEST_ASSERT(mbedtls_rsa_pkcs1_sign(&ctx, &mbedtls_test_rnd_buffer_rand,
+ &info, MBEDTLS_RSA_PRIVATE, digest,
+ 0, hash_result, output) == result);
+ if (result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
- ctx.len, result_str->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
+ ctx.len, result_str->len) == 0);
}
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
- mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
- mbedtls_rsa_free( &ctx );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
+ mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void pkcs1_rsassa_v15_verify( int mod, char * input_N, char * input_E,
- int digest, int hash, data_t * message_str,
- char * salt, data_t * result_str, int result )
+void pkcs1_rsassa_v15_verify(int mod, char *input_N, char *input_E,
+ int digest, int hash, data_t *message_str,
+ char *salt, data_t *result_str, int result)
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
mbedtls_rsa_context ctx;
mbedtls_mpi N, E;
((void) salt);
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
- memset( hash_result, 0x00, sizeof( hash_result ) );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
+ mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, hash);
+ memset(hash_result, 0x00, sizeof(hash_result));
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
- TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
+ TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
+ if (mbedtls_md_info_from_type(digest) != NULL) {
+ TEST_ASSERT(mbedtls_md(mbedtls_md_info_from_type(digest), message_str->x, message_str->len,
+ hash_result) == 0);
+ }
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
+ TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0,
+ hash_result, result_str->x) == result);
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
- mbedtls_rsa_free( &ctx );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index c23a4ad..bf99df6 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -9,9 +9,9 @@
*/
/* BEGIN_CASE */
-void pkcs1_rsaes_oaep_encrypt( int mod, data_t * input_N, data_t * input_E,
- int hash, data_t * message_str, data_t * rnd_buf,
- data_t * result_str, int result )
+void pkcs1_rsaes_oaep_encrypt(int mod, data_t *input_N, data_t *input_E,
+ int hash, data_t *message_str, data_t *rnd_buf,
+ data_t *result_str, int result)
{
unsigned char output[256];
mbedtls_rsa_context ctx;
@@ -23,39 +23,39 @@
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
- memset( output, 0x00, sizeof( output ) );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
+ mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V21, hash);
+ memset(output, 0x00, sizeof(output));
- TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 );
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
- TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0);
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
+ TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
- if( message_str->len == 0 )
+ if (message_str->len == 0) {
message_str->x = NULL;
- TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
- &mbedtls_test_rnd_buffer_rand,
- &info, MBEDTLS_RSA_PUBLIC,
- message_str->len, message_str->x,
- output ) == result );
- if( result == 0 )
- {
- ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len );
+ }
+ TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx,
+ &mbedtls_test_rnd_buffer_rand,
+ &info, MBEDTLS_RSA_PUBLIC,
+ message_str->len, message_str->x,
+ output) == result);
+ if (result == 0) {
+ ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len);
}
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
- mbedtls_rsa_free( &ctx );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void pkcs1_rsaes_oaep_decrypt( int mod, data_t * input_P, data_t * input_Q,
- data_t * input_N, data_t * input_E, int hash,
- data_t * result_str, char * seed, data_t * message_str,
- int result )
+void pkcs1_rsaes_oaep_decrypt(int mod, data_t *input_P, data_t *input_Q,
+ data_t *input_N, data_t *input_E, int hash,
+ data_t *result_str, char *seed, data_t *message_str,
+ int result)
{
unsigned char output[64];
mbedtls_rsa_context ctx;
@@ -64,61 +64,57 @@
mbedtls_mpi N, P, Q, E;
((void) seed);
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
- mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
+ mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
+ mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V21, hash);
- memset( output, 0x00, sizeof( output ) );
- memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ memset(output, 0x00, sizeof(output));
+ memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
- TEST_ASSERT( mbedtls_mpi_read_binary( &P, input_P->x, input_P->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &Q, input_Q->x, input_Q->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_read_binary(&P, input_P->x, input_P->len) == 0);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&Q, input_Q->x, input_Q->len) == 0);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
- TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
- TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
+ TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
+ TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
- if( result_str->len == 0 )
- {
- TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info,
- MBEDTLS_RSA_PRIVATE,
- &output_len, message_str->x,
- NULL, 0 ) == result );
- }
- else
- {
- TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info,
- MBEDTLS_RSA_PRIVATE,
- &output_len, message_str->x,
- output,
- sizeof( output ) ) == result );
- if( result == 0 )
- {
- ASSERT_COMPARE( output, output_len, result_str->x, result_str->len );
+ if (result_str->len == 0) {
+ TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info,
+ MBEDTLS_RSA_PRIVATE,
+ &output_len, message_str->x,
+ NULL, 0) == result);
+ } else {
+ TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info,
+ MBEDTLS_RSA_PRIVATE,
+ &output_len, message_str->x,
+ output,
+ sizeof(output)) == result);
+ if (result == 0) {
+ ASSERT_COMPARE(output, output_len, result_str->x, result_str->len);
}
}
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
- mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
- mbedtls_rsa_free( &ctx );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
+ mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void pkcs1_rsassa_pss_sign( int mod, data_t * input_P, data_t * input_Q,
- data_t * input_N, data_t * input_E, int digest,
- int hash, data_t * message_str, data_t * rnd_buf,
- data_t * result_str, int fixed_salt_length,
- int result )
+void pkcs1_rsassa_pss_sign(int mod, data_t *input_P, data_t *input_Q,
+ data_t *input_N, data_t *input_E, int digest,
+ int hash, data_t *message_str, data_t *rnd_buf,
+ data_t *result_str, int fixed_salt_length,
+ int result)
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
unsigned char output[512];
@@ -131,136 +127,135 @@
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
- mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
+ mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
+ mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V21, hash);
- memset( hash_result, 0x00, sizeof( hash_result ) );
- memset( output, 0x00, sizeof( output ) );
+ memset(hash_result, 0x00, sizeof(hash_result));
+ memset(output, 0x00, sizeof(output));
- TEST_ASSERT( mbedtls_mpi_read_binary( &P, input_P->x, input_P->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &Q, input_Q->x, input_Q->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_read_binary(&P, input_P->x, input_P->len) == 0);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&Q, input_Q->x, input_Q->len) == 0);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
- TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
- TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
+ TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
+ TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
+ if (mbedtls_md_info_from_type(digest) != NULL) {
+ TEST_ASSERT(mbedtls_md(mbedtls_md_info_from_type(digest), message_str->x, message_str->len,
+ hash_result) == 0);
+ }
- if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY)
- {
- TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
- &info, MBEDTLS_RSA_PRIVATE, digest, 0,
- hash_result, output ) == result );
- if( result == 0 )
- {
- ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len );
+ if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY) {
+ TEST_ASSERT(mbedtls_rsa_pkcs1_sign(&ctx, &mbedtls_test_rnd_buffer_rand,
+ &info, MBEDTLS_RSA_PRIVATE, digest, 0,
+ hash_result, output) == result);
+ if (result == 0) {
+ ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len);
}
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
}
- TEST_ASSERT( mbedtls_rsa_rsassa_pss_sign_ext( &ctx, &mbedtls_test_rnd_buffer_rand,
- &info, digest, 0, hash_result,
- fixed_salt_length, output ) == result );
- if( result == 0 )
- {
- ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len );
+ TEST_ASSERT(mbedtls_rsa_rsassa_pss_sign_ext(&ctx, &mbedtls_test_rnd_buffer_rand,
+ &info, digest, 0, hash_result,
+ fixed_salt_length, output) == result);
+ if (result == 0) {
+ ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len);
}
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
- mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
- mbedtls_rsa_free( &ctx );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
+ mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void pkcs1_rsassa_pss_verify( int mod, data_t * input_N, data_t * input_E,
- int digest, int hash, data_t * message_str,
- char * salt, data_t * result_str, int result )
+void pkcs1_rsassa_pss_verify(int mod, data_t *input_N, data_t *input_E,
+ int digest, int hash, data_t *message_str,
+ char *salt, data_t *result_str, int result)
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
mbedtls_rsa_context ctx;
mbedtls_mpi N, E;
((void) salt);
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
- memset( hash_result, 0x00, sizeof( hash_result ) );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
+ mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V21, hash);
+ memset(hash_result, 0x00, sizeof(hash_result));
- TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
- TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
+ TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
+ if (mbedtls_md_info_from_type(digest) != NULL) {
+ TEST_ASSERT(mbedtls_md(mbedtls_md_info_from_type(digest), message_str->x, message_str->len,
+ hash_result) == 0);
+ }
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
+ TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0,
+ hash_result, result_str->x) == result);
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
- mbedtls_rsa_free( &ctx );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E,
- int msg_digest_id, int ctx_hash,
- int mgf_hash, int salt_len,
- data_t * message_str,
- data_t * result_str, int result_simple,
- int result_full )
+void pkcs1_rsassa_pss_verify_ext(int mod, data_t *input_N, data_t *input_E,
+ int msg_digest_id, int ctx_hash,
+ int mgf_hash, int salt_len,
+ data_t *message_str,
+ data_t *result_str, int result_simple,
+ int result_full)
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
mbedtls_rsa_context ctx;
size_t hash_len;
mbedtls_mpi N, E;
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, ctx_hash );
- memset( hash_result, 0x00, sizeof( hash_result ) );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
+ mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V21, ctx_hash);
+ memset(hash_result, 0x00, sizeof(hash_result));
- TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0);
+ TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
- TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
+ TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
- if( msg_digest_id != MBEDTLS_MD_NONE )
- {
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( msg_digest_id ),
- message_str->x, message_str->len, hash_result ) == 0 );
+ if (msg_digest_id != MBEDTLS_MD_NONE) {
+ TEST_ASSERT(mbedtls_md(mbedtls_md_info_from_type(msg_digest_id),
+ message_str->x, message_str->len, hash_result) == 0);
hash_len = 0;
- }
- else
- {
- memcpy( hash_result, message_str->x, message_str->len );
+ } else {
+ memcpy(hash_result, message_str->x, message_str->len);
hash_len = message_str->len;
}
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
- msg_digest_id, hash_len, hash_result,
- result_str->x ) == result_simple );
+ TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
+ msg_digest_id, hash_len, hash_result,
+ result_str->x) == result_simple);
- TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
- msg_digest_id, hash_len, hash_result,
- mgf_hash, salt_len,
- result_str->x ) == result_full );
+ TEST_ASSERT(mbedtls_rsa_rsassa_pss_verify_ext(&ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
+ msg_digest_id, hash_len, hash_result,
+ mgf_hash, salt_len,
+ result_str->x) == result_full);
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
- mbedtls_rsa_free( &ctx );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index 0b0c937..5d10da4 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -8,33 +8,33 @@
*/
/* BEGIN_CASE */
-void pbkdf2_hmac( int hash, data_t * pw_str, data_t * salt_str,
- int it_cnt, int key_len, data_t * result_key_string )
+void pbkdf2_hmac(int hash, data_t *pw_str, data_t *salt_str,
+ int it_cnt, int key_len, data_t *result_key_string)
{
mbedtls_md_context_t ctx;
const mbedtls_md_info_t *info;
unsigned char key[100];
- mbedtls_md_init( &ctx );
+ mbedtls_md_init(&ctx);
- info = mbedtls_md_info_from_type( hash );
- TEST_ASSERT( info != NULL );
- TEST_ASSERT( mbedtls_md_setup( &ctx, info, 1 ) == 0 );
- TEST_ASSERT( mbedtls_pkcs5_pbkdf2_hmac( &ctx, pw_str->x, pw_str->len, salt_str->x, salt_str->len,
- it_cnt, key_len, key ) == 0 );
+ info = mbedtls_md_info_from_type(hash);
+ TEST_ASSERT(info != NULL);
+ TEST_ASSERT(mbedtls_md_setup(&ctx, info, 1) == 0);
+ TEST_ASSERT(mbedtls_pkcs5_pbkdf2_hmac(&ctx, pw_str->x, pw_str->len, salt_str->x, salt_str->len,
+ it_cnt, key_len, key) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( key, result_key_string->x,
- key_len, result_key_string->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(key, result_key_string->x,
+ key_len, result_key_string->len) == 0);
exit:
- mbedtls_md_free( &ctx );
+ mbedtls_md_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
-void mbedtls_pkcs5_pbes2( int params_tag, data_t *params_hex, data_t *pw,
- data_t *data, int ref_ret, data_t *ref_out )
+void mbedtls_pkcs5_pbes2(int params_tag, data_t *params_hex, data_t *pw,
+ data_t *data, int ref_ret, data_t *ref_out)
{
int my_ret;
mbedtls_asn1_buf params;
@@ -44,23 +44,24 @@
params.p = params_hex->x;
params.len = params_hex->len;
- my_out = mbedtls_test_zero_alloc( ref_out->len );
+ my_out = mbedtls_test_zero_alloc(ref_out->len);
- my_ret = mbedtls_pkcs5_pbes2( ¶ms, MBEDTLS_PKCS5_DECRYPT,
- pw->x, pw->len, data->x, data->len, my_out );
- TEST_ASSERT( my_ret == ref_ret );
+ my_ret = mbedtls_pkcs5_pbes2(¶ms, MBEDTLS_PKCS5_DECRYPT,
+ pw->x, pw->len, data->x, data->len, my_out);
+ TEST_ASSERT(my_ret == ref_ret);
- if( ref_ret == 0 )
- TEST_ASSERT( memcmp( my_out, ref_out->x, ref_out->len ) == 0 );
+ if (ref_ret == 0) {
+ TEST_ASSERT(memcmp(my_out, ref_out->x, ref_out->len) == 0);
+ }
exit:
- mbedtls_free( my_out );
+ mbedtls_free(my_out);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void pkcs5_selftest( )
+void pkcs5_selftest()
{
- TEST_ASSERT( mbedtls_pkcs5_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_pkcs5_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 4650d33..f2f5e97 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -10,119 +10,116 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */
-void pk_parse_keyfile_rsa( char * key_file, char * password, int result )
+void pk_parse_keyfile_rsa(char *key_file, char *password, int result)
{
mbedtls_pk_context ctx;
int res;
char *pwd = password;
- mbedtls_pk_init( &ctx );
+ mbedtls_pk_init(&ctx);
- if( strcmp( pwd, "NULL" ) == 0 )
+ if (strcmp(pwd, "NULL") == 0) {
pwd = NULL;
+ }
- res = mbedtls_pk_parse_keyfile( &ctx, key_file, pwd );
+ res = mbedtls_pk_parse_keyfile(&ctx, key_file, pwd);
- TEST_ASSERT( res == result );
+ TEST_ASSERT(res == result);
- if( res == 0 )
- {
+ if (res == 0) {
mbedtls_rsa_context *rsa;
- TEST_ASSERT( mbedtls_pk_can_do( &ctx, MBEDTLS_PK_RSA ) );
- rsa = mbedtls_pk_rsa( ctx );
- TEST_ASSERT( mbedtls_rsa_check_privkey( rsa ) == 0 );
+ TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA));
+ rsa = mbedtls_pk_rsa(ctx);
+ TEST_ASSERT(mbedtls_rsa_check_privkey(rsa) == 0);
}
exit:
- mbedtls_pk_free( &ctx );
+ mbedtls_pk_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */
-void pk_parse_public_keyfile_rsa( char * key_file, int result )
+void pk_parse_public_keyfile_rsa(char *key_file, int result)
{
mbedtls_pk_context ctx;
int res;
- mbedtls_pk_init( &ctx );
+ mbedtls_pk_init(&ctx);
- res = mbedtls_pk_parse_public_keyfile( &ctx, key_file );
+ res = mbedtls_pk_parse_public_keyfile(&ctx, key_file);
- TEST_ASSERT( res == result );
+ TEST_ASSERT(res == result);
- if( res == 0 )
- {
+ if (res == 0) {
mbedtls_rsa_context *rsa;
- TEST_ASSERT( mbedtls_pk_can_do( &ctx, MBEDTLS_PK_RSA ) );
- rsa = mbedtls_pk_rsa( ctx );
- TEST_ASSERT( mbedtls_rsa_check_pubkey( rsa ) == 0 );
+ TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA));
+ rsa = mbedtls_pk_rsa(ctx);
+ TEST_ASSERT(mbedtls_rsa_check_pubkey(rsa) == 0);
}
exit:
- mbedtls_pk_free( &ctx );
+ mbedtls_pk_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_C */
-void pk_parse_public_keyfile_ec( char * key_file, int result )
+void pk_parse_public_keyfile_ec(char *key_file, int result)
{
mbedtls_pk_context ctx;
int res;
- mbedtls_pk_init( &ctx );
+ mbedtls_pk_init(&ctx);
- res = mbedtls_pk_parse_public_keyfile( &ctx, key_file );
+ res = mbedtls_pk_parse_public_keyfile(&ctx, key_file);
- TEST_ASSERT( res == result );
+ TEST_ASSERT(res == result);
- if( res == 0 )
- {
+ if (res == 0) {
mbedtls_ecp_keypair *eckey;
- TEST_ASSERT( mbedtls_pk_can_do( &ctx, MBEDTLS_PK_ECKEY ) );
- eckey = mbedtls_pk_ec( ctx );
- TEST_ASSERT( mbedtls_ecp_check_pubkey( &eckey->grp, &eckey->Q ) == 0 );
+ TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY));
+ eckey = mbedtls_pk_ec(ctx);
+ TEST_ASSERT(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q) == 0);
}
exit:
- mbedtls_pk_free( &ctx );
+ mbedtls_pk_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_C */
-void pk_parse_keyfile_ec( char * key_file, char * password, int result )
+void pk_parse_keyfile_ec(char *key_file, char *password, int result)
{
mbedtls_pk_context ctx;
int res;
- mbedtls_pk_init( &ctx );
+ mbedtls_pk_init(&ctx);
- res = mbedtls_pk_parse_keyfile( &ctx, key_file, password );
+ res = mbedtls_pk_parse_keyfile(&ctx, key_file, password);
- TEST_ASSERT( res == result );
+ TEST_ASSERT(res == result);
- if( res == 0 )
- {
+ if (res == 0) {
mbedtls_ecp_keypair *eckey;
- TEST_ASSERT( mbedtls_pk_can_do( &ctx, MBEDTLS_PK_ECKEY ) );
- eckey = mbedtls_pk_ec( ctx );
- TEST_ASSERT( mbedtls_ecp_check_privkey( &eckey->grp, &eckey->d ) == 0 );
+ TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY));
+ eckey = mbedtls_pk_ec(ctx);
+ TEST_ASSERT(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d) == 0);
}
exit:
- mbedtls_pk_free( &ctx );
+ mbedtls_pk_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void pk_parse_key( data_t * buf, int result )
+void pk_parse_key(data_t *buf, int result)
{
mbedtls_pk_context pk;
- mbedtls_pk_init( &pk );
+ mbedtls_pk_init(&pk);
- TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf->x, buf->len, NULL, 0 ) == result );
+ TEST_ASSERT(mbedtls_pk_parse_key(&pk, buf->x, buf->len, NULL, 0) == result);
exit:
- mbedtls_pk_free( &pk );
+ mbedtls_pk_free(&pk);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index 2bad4ed..a49846b 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -10,7 +10,7 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
-void pk_write_pubkey_check( char * key_file )
+void pk_write_pubkey_check(char *key_file)
{
mbedtls_pk_context key;
unsigned char buf[5000];
@@ -19,38 +19,37 @@
FILE *f;
size_t ilen, pem_len, buf_index;
- memset( buf, 0, sizeof( buf ) );
- memset( check_buf, 0, sizeof( check_buf ) );
+ memset(buf, 0, sizeof(buf));
+ memset(check_buf, 0, sizeof(check_buf));
- mbedtls_pk_init( &key );
- TEST_ASSERT( mbedtls_pk_parse_public_keyfile( &key, key_file ) == 0 );
+ mbedtls_pk_init(&key);
+ TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&key, key_file) == 0);
- ret = mbedtls_pk_write_pubkey_pem( &key, buf, sizeof( buf ));
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_pk_write_pubkey_pem(&key, buf, sizeof(buf));
+ TEST_ASSERT(ret == 0);
- pem_len = strlen( (char *) buf );
+ pem_len = strlen((char *) buf);
// check that the rest of the buffer remains clear
- for( buf_index = pem_len; buf_index < sizeof( buf ); ++buf_index )
- {
- TEST_ASSERT( buf[buf_index] == 0 );
+ for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) {
+ TEST_ASSERT(buf[buf_index] == 0);
}
- f = fopen( key_file, "r" );
- TEST_ASSERT( f != NULL );
- ilen = fread( check_buf, 1, sizeof( check_buf ), f );
- fclose( f );
+ f = fopen(key_file, "r");
+ TEST_ASSERT(f != NULL);
+ ilen = fread(check_buf, 1, sizeof(check_buf), f);
+ fclose(f);
- TEST_ASSERT( ilen == pem_len );
- TEST_ASSERT( memcmp( (char *) buf, (char *) check_buf, ilen ) == 0 );
+ TEST_ASSERT(ilen == pem_len);
+ TEST_ASSERT(memcmp((char *) buf, (char *) check_buf, ilen) == 0);
exit:
- mbedtls_pk_free( &key );
+ mbedtls_pk_free(&key);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
-void pk_write_key_check( char * key_file )
+void pk_write_key_check(char *key_file)
{
mbedtls_pk_context key;
unsigned char buf[5000];
@@ -59,32 +58,31 @@
FILE *f;
size_t ilen, pem_len, buf_index;
- memset( buf, 0, sizeof( buf ) );
- memset( check_buf, 0, sizeof( check_buf ) );
+ memset(buf, 0, sizeof(buf));
+ memset(check_buf, 0, sizeof(check_buf));
- mbedtls_pk_init( &key );
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
+ mbedtls_pk_init(&key);
+ TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0);
- ret = mbedtls_pk_write_key_pem( &key, buf, sizeof( buf ));
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_pk_write_key_pem(&key, buf, sizeof(buf));
+ TEST_ASSERT(ret == 0);
- pem_len = strlen( (char *) buf );
+ pem_len = strlen((char *) buf);
// check that the rest of the buffer remains clear
- for( buf_index = pem_len; buf_index < sizeof( buf ); ++buf_index )
- {
- TEST_ASSERT( buf[buf_index] == 0 );
+ for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) {
+ TEST_ASSERT(buf[buf_index] == 0);
}
- f = fopen( key_file, "r" );
- TEST_ASSERT( f != NULL );
- ilen = fread( check_buf, 1, sizeof( check_buf ), f );
- fclose( f );
+ f = fopen(key_file, "r");
+ TEST_ASSERT(f != NULL);
+ ilen = fread(check_buf, 1, sizeof(check_buf), f);
+ fclose(f);
- TEST_ASSERT( ilen == strlen( (char *) buf ) );
- TEST_ASSERT( memcmp( (char *) buf, (char *) check_buf, ilen ) == 0 );
+ TEST_ASSERT(ilen == strlen((char *) buf));
+ TEST_ASSERT(memcmp((char *) buf, (char *) check_buf, ilen) == 0);
exit:
- mbedtls_pk_free( &key );
+ mbedtls_pk_free(&key);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function
index 4b8995b..1a0e388 100644
--- a/tests/suites/test_suite_poly1305.function
+++ b/tests/suites/test_suite_poly1305.function
@@ -9,35 +9,35 @@
*/
/* BEGIN_CASE */
-void mbedtls_poly1305( data_t *key, data_t *expected_mac, data_t *src_str )
+void mbedtls_poly1305(data_t *key, data_t *expected_mac, data_t *src_str)
{
unsigned char mac[16]; /* size set by the standard */
mbedtls_poly1305_context ctx;
- memset( mac, 0x00, sizeof( mac ) );
+ memset(mac, 0x00, sizeof(mac));
/*
* Test the integrated API
*/
- TEST_ASSERT( mbedtls_poly1305_mac( key->x, src_str->x,
- src_str->len, mac ) == 0 );
+ TEST_ASSERT(mbedtls_poly1305_mac(key->x, src_str->x,
+ src_str->len, mac) == 0);
- ASSERT_COMPARE( mac, expected_mac->len,
- expected_mac->x, expected_mac->len );
+ ASSERT_COMPARE(mac, expected_mac->len,
+ expected_mac->x, expected_mac->len);
/*
* Test the streaming API
*/
- mbedtls_poly1305_init( &ctx );
+ mbedtls_poly1305_init(&ctx);
- TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key->x ) == 0 );
+ TEST_ASSERT(mbedtls_poly1305_starts(&ctx, key->x) == 0);
- TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x, src_str->len ) == 0 );
+ TEST_ASSERT(mbedtls_poly1305_update(&ctx, src_str->x, src_str->len) == 0);
- TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 );
+ TEST_ASSERT(mbedtls_poly1305_finish(&ctx, mac) == 0);
- ASSERT_COMPARE( mac, expected_mac->len,
- expected_mac->x, expected_mac->len );
+ ASSERT_COMPARE(mac, expected_mac->len,
+ expected_mac->x, expected_mac->len);
/*
* Test the streaming API again, piecewise
@@ -45,37 +45,35 @@
/* Don't free/init the context, in order to test that starts() does the
* right thing. */
- if( src_str->len >= 1 )
- {
- TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key->x ) == 0 );
+ if (src_str->len >= 1) {
+ TEST_ASSERT(mbedtls_poly1305_starts(&ctx, key->x) == 0);
- TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x, 1 ) == 0 );
- TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x + 1, src_str->len - 1 ) == 0 );
+ TEST_ASSERT(mbedtls_poly1305_update(&ctx, src_str->x, 1) == 0);
+ TEST_ASSERT(mbedtls_poly1305_update(&ctx, src_str->x + 1, src_str->len - 1) == 0);
- TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 );
+ TEST_ASSERT(mbedtls_poly1305_finish(&ctx, mac) == 0);
- ASSERT_COMPARE( mac, expected_mac->len,
- expected_mac->x, expected_mac->len );
+ ASSERT_COMPARE(mac, expected_mac->len,
+ expected_mac->x, expected_mac->len);
}
/*
* Again with more pieces
*/
- if( src_str->len >= 2 )
- {
- TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key->x ) == 0 );
+ if (src_str->len >= 2) {
+ TEST_ASSERT(mbedtls_poly1305_starts(&ctx, key->x) == 0);
- TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x, 1 ) == 0 );
- TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x + 1, 1 ) == 0 );
- TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x + 2, src_str->len - 2 ) == 0 );
+ TEST_ASSERT(mbedtls_poly1305_update(&ctx, src_str->x, 1) == 0);
+ TEST_ASSERT(mbedtls_poly1305_update(&ctx, src_str->x + 1, 1) == 0);
+ TEST_ASSERT(mbedtls_poly1305_update(&ctx, src_str->x + 2, src_str->len - 2) == 0);
- TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 );
+ TEST_ASSERT(mbedtls_poly1305_finish(&ctx, mac) == 0);
- ASSERT_COMPARE( mac, expected_mac->len,
- expected_mac->x, expected_mac->len );
+ ASSERT_COMPARE(mac, expected_mac->len,
+ expected_mac->x, expected_mac->len);
}
- mbedtls_poly1305_free( &ctx );
+ mbedtls_poly1305_free(&ctx);
}
/* END_CASE */
@@ -85,33 +83,33 @@
unsigned char src[1];
unsigned char key[32];
unsigned char mac[16];
- size_t src_len = sizeof( src );
+ size_t src_len = sizeof(src);
mbedtls_poly1305_context ctx;
- TEST_INVALID_PARAM( mbedtls_poly1305_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_poly1305_free( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_poly1305_init(NULL));
+ TEST_VALID_PARAM(mbedtls_poly1305_free(NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_starts( NULL, key ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_starts( &ctx, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_starts(NULL, key));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_starts(&ctx, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_update( NULL, src, 0 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_update( &ctx, NULL, src_len ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_update(NULL, src, 0));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_update(&ctx, NULL, src_len));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_finish( NULL, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_finish( &ctx, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_finish(NULL, mac));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_finish(&ctx, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_mac( NULL, src, 0, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_mac( key, NULL, src_len, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_mac( key, src, 0, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_mac(NULL, src, 0, mac));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_mac(key, NULL, src_len, mac));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_mac(key, src, 0, NULL));
exit:
return;
@@ -121,6 +119,6 @@
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void poly1305_selftest()
{
- TEST_ASSERT( mbedtls_poly1305_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_poly1305_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 5f489f9..bfb7117 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -22,8 +22,8 @@
/* Assert that an operation is (not) active.
* This serves as a proxy for checking if the operation is aborted. */
-#define ASSERT_OPERATION_IS_ACTIVE( operation ) TEST_ASSERT( operation.id != 0 )
-#define ASSERT_OPERATION_IS_INACTIVE( operation ) TEST_ASSERT( operation.id == 0 )
+#define ASSERT_OPERATION_IS_ACTIVE(operation) TEST_ASSERT(operation.id != 0)
+#define ASSERT_OPERATION_IS_INACTIVE(operation) TEST_ASSERT(operation.id == 0)
/** An invalid export length that will never be set by psa_export_key(). */
static const size_t INVALID_EXPORT_LENGTH = ~0U;
@@ -39,50 +39,54 @@
* \return 1 if the buffer is all-bits-zero.
* \return 0 if there is at least one nonzero byte.
*/
-static int mem_is_char( void *buffer, unsigned char c, size_t size )
+static int mem_is_char(void *buffer, unsigned char c, size_t size)
{
size_t i;
- for( i = 0; i < size; i++ )
- {
- if( ( (unsigned char *) buffer )[i] != c )
- return( 0 );
+ for (i = 0; i < size; i++) {
+ if (((unsigned char *) buffer)[i] != c) {
+ return 0;
+ }
}
- return( 1 );
+ return 1;
}
#if defined(MBEDTLS_ASN1_WRITE_C)
/* Write the ASN.1 INTEGER with the value 2^(bits-1)+x backwards from *p. */
-static int asn1_write_10x( unsigned char **p,
- unsigned char *start,
- size_t bits,
- unsigned char x )
+static int asn1_write_10x(unsigned char **p,
+ unsigned char *start,
+ size_t bits,
+ unsigned char x)
{
int ret;
int len = bits / 8 + 1;
- if( bits == 0 )
- return( MBEDTLS_ERR_ASN1_INVALID_DATA );
- if( bits <= 8 && x >= 1 << ( bits - 1 ) )
- return( MBEDTLS_ERR_ASN1_INVALID_DATA );
- if( *p < start || *p - start < (ptrdiff_t) len )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ if (bits == 0) {
+ return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ }
+ if (bits <= 8 && x >= 1 << (bits - 1)) {
+ return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ }
+ if (*p < start || *p - start < (ptrdiff_t) len) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
*p -= len;
- ( *p )[len-1] = x;
- if( bits % 8 == 0 )
- ( *p )[1] |= 1;
- else
- ( *p )[0] |= 1 << ( bits % 8 );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
- MBEDTLS_ASN1_INTEGER ) );
- return( len );
+ (*p)[len-1] = x;
+ if (bits % 8 == 0) {
+ (*p)[1] |= 1;
+ } else {
+ (*p)[0] |= 1 << (bits % 8);
+ }
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
+ MBEDTLS_ASN1_INTEGER));
+ return len;
}
-static int construct_fake_rsa_key( unsigned char *buffer,
- size_t buffer_size,
- unsigned char **p,
- size_t bits,
- int keypair )
+static int construct_fake_rsa_key(unsigned char *buffer,
+ size_t buffer_size,
+ unsigned char **p,
+ size_t bits,
+ int keypair)
{
- size_t half_bits = ( bits + 1 ) / 2;
+ size_t half_bits = (bits + 1) / 2;
int ret;
int len = 0;
/* Construct something that looks like a DER encoding of
@@ -103,134 +107,132 @@
* version, modulus and publicExponent.
*/
*p = buffer + buffer_size;
- if( keypair )
- {
- MBEDTLS_ASN1_CHK_ADD( len, /* pq */
- asn1_write_10x( p, buffer, half_bits, 1 ) );
- MBEDTLS_ASN1_CHK_ADD( len, /* dq */
- asn1_write_10x( p, buffer, half_bits, 1 ) );
- MBEDTLS_ASN1_CHK_ADD( len, /* dp */
- asn1_write_10x( p, buffer, half_bits, 1 ) );
- MBEDTLS_ASN1_CHK_ADD( len, /* q */
- asn1_write_10x( p, buffer, half_bits, 1 ) );
- MBEDTLS_ASN1_CHK_ADD( len, /* p != q to pass mbedtls sanity checks */
- asn1_write_10x( p, buffer, half_bits, 3 ) );
- MBEDTLS_ASN1_CHK_ADD( len, /* d */
- asn1_write_10x( p, buffer, bits, 1 ) );
+ if (keypair) {
+ MBEDTLS_ASN1_CHK_ADD(len, /* pq */
+ asn1_write_10x(p, buffer, half_bits, 1));
+ MBEDTLS_ASN1_CHK_ADD(len, /* dq */
+ asn1_write_10x(p, buffer, half_bits, 1));
+ MBEDTLS_ASN1_CHK_ADD(len, /* dp */
+ asn1_write_10x(p, buffer, half_bits, 1));
+ MBEDTLS_ASN1_CHK_ADD(len, /* q */
+ asn1_write_10x(p, buffer, half_bits, 1));
+ MBEDTLS_ASN1_CHK_ADD(len, /* p != q to pass mbedtls sanity checks */
+ asn1_write_10x(p, buffer, half_bits, 3));
+ MBEDTLS_ASN1_CHK_ADD(len, /* d */
+ asn1_write_10x(p, buffer, bits, 1));
}
- MBEDTLS_ASN1_CHK_ADD( len, /* e = 65537 */
- asn1_write_10x( p, buffer, 17, 1 ) );
- MBEDTLS_ASN1_CHK_ADD( len, /* n */
- asn1_write_10x( p, buffer, bits, 1 ) );
- if( keypair )
- MBEDTLS_ASN1_CHK_ADD( len, /* version = 0 */
- mbedtls_asn1_write_int( p, buffer, 0 ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, buffer, len ) );
+ MBEDTLS_ASN1_CHK_ADD(len, /* e = 65537 */
+ asn1_write_10x(p, buffer, 17, 1));
+ MBEDTLS_ASN1_CHK_ADD(len, /* n */
+ asn1_write_10x(p, buffer, bits, 1));
+ if (keypair) {
+ MBEDTLS_ASN1_CHK_ADD(len, /* version = 0 */
+ mbedtls_asn1_write_int(p, buffer, 0));
+ }
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buffer, len));
{
const unsigned char tag =
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, buffer, tag ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buffer, tag));
}
- return( len );
+ return len;
}
#endif /* MBEDTLS_ASN1_WRITE_C */
-int exercise_mac_setup( psa_key_type_t key_type,
- const unsigned char *key_bytes,
- size_t key_length,
- psa_algorithm_t alg,
- psa_mac_operation_t *operation,
- psa_status_t *status )
+int exercise_mac_setup(psa_key_type_t key_type,
+ const unsigned char *key_bytes,
+ size_t key_length,
+ psa_algorithm_t alg,
+ psa_mac_operation_t *operation,
+ psa_status_t *status)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
+ PSA_ASSERT(psa_import_key(&attributes, key_bytes, key_length, &key));
- *status = psa_mac_sign_setup( operation, key, alg );
+ *status = psa_mac_sign_setup(operation, key, alg);
/* Whether setup succeeded or failed, abort must succeed. */
- PSA_ASSERT( psa_mac_abort( operation ) );
+ PSA_ASSERT(psa_mac_abort(operation));
/* If setup failed, reproduce the failure, so that the caller can
* test the resulting state of the operation object. */
- if( *status != PSA_SUCCESS )
- {
- TEST_EQUAL( psa_mac_sign_setup( operation, key, alg ), *status );
+ if (*status != PSA_SUCCESS) {
+ TEST_EQUAL(psa_mac_sign_setup(operation, key, alg), *status);
}
- psa_destroy_key( key );
- return( 1 );
+ psa_destroy_key(key);
+ return 1;
exit:
- psa_destroy_key( key );
- return( 0 );
+ psa_destroy_key(key);
+ return 0;
}
-int exercise_cipher_setup( psa_key_type_t key_type,
- const unsigned char *key_bytes,
- size_t key_length,
- psa_algorithm_t alg,
- psa_cipher_operation_t *operation,
- psa_status_t *status )
+int exercise_cipher_setup(psa_key_type_t key_type,
+ const unsigned char *key_bytes,
+ size_t key_length,
+ psa_algorithm_t alg,
+ psa_cipher_operation_t *operation,
+ psa_status_t *status)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
+ PSA_ASSERT(psa_import_key(&attributes, key_bytes, key_length, &key));
- *status = psa_cipher_encrypt_setup( operation, key, alg );
+ *status = psa_cipher_encrypt_setup(operation, key, alg);
/* Whether setup succeeded or failed, abort must succeed. */
- PSA_ASSERT( psa_cipher_abort( operation ) );
+ PSA_ASSERT(psa_cipher_abort(operation));
/* If setup failed, reproduce the failure, so that the caller can
* test the resulting state of the operation object. */
- if( *status != PSA_SUCCESS )
- {
- TEST_EQUAL( psa_cipher_encrypt_setup( operation, key, alg ),
- *status );
+ if (*status != PSA_SUCCESS) {
+ TEST_EQUAL(psa_cipher_encrypt_setup(operation, key, alg),
+ *status);
}
- psa_destroy_key( key );
- return( 1 );
+ psa_destroy_key(key);
+ return 1;
exit:
- psa_destroy_key( key );
- return( 0 );
+ psa_destroy_key(key);
+ return 0;
}
-static int test_operations_on_invalid_key( mbedtls_svc_key_id_t key )
+static int test_operations_on_invalid_key(mbedtls_svc_key_id_t key)
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 0x6964 );
+ mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(1, 0x6964);
uint8_t buffer[1];
size_t length;
int ok = 0;
- psa_set_key_id( &attributes, key_id );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
- psa_set_key_algorithm( &attributes, PSA_ALG_CTR );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
- TEST_EQUAL( psa_get_key_attributes( key, &attributes ),
- PSA_ERROR_INVALID_HANDLE );
+ psa_set_key_id(&attributes, key_id);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, PSA_ALG_CTR);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ TEST_EQUAL(psa_get_key_attributes(key, &attributes),
+ PSA_ERROR_INVALID_HANDLE);
TEST_EQUAL(
- MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 );
+ MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(&attributes)), 0);
TEST_EQUAL(
- MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psa_get_key_id( &attributes ) ), 0 );
- TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
- TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
- TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
- TEST_EQUAL( psa_get_key_bits( &attributes ), 0 );
+ MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(psa_get_key_id(&attributes)), 0);
+ TEST_EQUAL(psa_get_key_lifetime(&attributes), 0);
+ TEST_EQUAL(psa_get_key_usage_flags(&attributes), 0);
+ TEST_EQUAL(psa_get_key_algorithm(&attributes), 0);
+ TEST_EQUAL(psa_get_key_type(&attributes), 0);
+ TEST_EQUAL(psa_get_key_bits(&attributes), 0);
- TEST_EQUAL( psa_export_key( key, buffer, sizeof( buffer ), &length ),
- PSA_ERROR_INVALID_HANDLE );
- TEST_EQUAL( psa_export_public_key( key,
- buffer, sizeof( buffer ), &length ),
- PSA_ERROR_INVALID_HANDLE );
+ TEST_EQUAL(psa_export_key(key, buffer, sizeof(buffer), &length),
+ PSA_ERROR_INVALID_HANDLE);
+ TEST_EQUAL(psa_export_public_key(key,
+ buffer, sizeof(buffer), &length),
+ PSA_ERROR_INVALID_HANDLE);
ok = 1;
@@ -239,34 +241,34 @@
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- return( ok );
+ return ok;
}
/* Assert that a key isn't reported as having a slot number. */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-#define ASSERT_NO_SLOT_NUMBER( attributes ) \
+#define ASSERT_NO_SLOT_NUMBER(attributes) \
do \
{ \
psa_key_slot_number_t ASSERT_NO_SLOT_NUMBER_slot_number; \
- TEST_EQUAL( psa_get_key_slot_number( \
- attributes, \
- &ASSERT_NO_SLOT_NUMBER_slot_number ), \
- PSA_ERROR_INVALID_ARGUMENT ); \
+ TEST_EQUAL(psa_get_key_slot_number( \
+ attributes, \
+ &ASSERT_NO_SLOT_NUMBER_slot_number), \
+ PSA_ERROR_INVALID_ARGUMENT); \
} \
- while( 0 )
+ while (0)
#else /* MBEDTLS_PSA_CRYPTO_SE_C */
-#define ASSERT_NO_SLOT_NUMBER( attributes ) \
- ( (void) 0 )
+#define ASSERT_NO_SLOT_NUMBER(attributes) \
+ ((void) 0)
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
/* An overapproximation of the amount of storage needed for a key of the
* given type and with the given content. The API doesn't make it easy
* to find a good value for the size. The current implementation doesn't
* care about the value anyway. */
-#define KEY_BITS_FROM_DATA( type, data ) \
- ( data )->len
+#define KEY_BITS_FROM_DATA(type, data) \
+ (data)->len
typedef enum {
IMPORT_KEY = 0,
@@ -282,7 +284,7 @@
*/
/* BEGIN_CASE */
-void static_checks( )
+void static_checks()
{
size_t max_truncated_mac_size =
PSA_ALG_MAC_TRUNCATION_MASK >> PSA_MAC_TRUNCATION_OFFSET;
@@ -290,75 +292,75 @@
/* Check that the length for a truncated MAC always fits in the algorithm
* encoding. The shifted mask is the maximum truncated value. The
* untruncated algorithm may be one byte larger. */
- TEST_LE_U( PSA_MAC_MAX_SIZE, 1 + max_truncated_mac_size );
+ TEST_LE_U(PSA_MAC_MAX_SIZE, 1 + max_truncated_mac_size);
#if defined(MBEDTLS_TEST_DEPRECATED)
/* Check deprecated constants. */
- TEST_EQUAL( PSA_ERROR_UNKNOWN_ERROR, PSA_ERROR_GENERIC_ERROR );
- TEST_EQUAL( PSA_ERROR_OCCUPIED_SLOT, PSA_ERROR_ALREADY_EXISTS );
- TEST_EQUAL( PSA_ERROR_EMPTY_SLOT, PSA_ERROR_DOES_NOT_EXIST );
- TEST_EQUAL( PSA_ERROR_INSUFFICIENT_CAPACITY, PSA_ERROR_INSUFFICIENT_DATA );
- TEST_EQUAL( PSA_ERROR_TAMPERING_DETECTED, PSA_ERROR_CORRUPTION_DETECTED );
- TEST_EQUAL( PSA_KEY_USAGE_SIGN, PSA_KEY_USAGE_SIGN_HASH );
- TEST_EQUAL( PSA_KEY_USAGE_VERIFY, PSA_KEY_USAGE_VERIFY_HASH );
- TEST_EQUAL( PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE, PSA_SIGNATURE_MAX_SIZE );
+ TEST_EQUAL(PSA_ERROR_UNKNOWN_ERROR, PSA_ERROR_GENERIC_ERROR);
+ TEST_EQUAL(PSA_ERROR_OCCUPIED_SLOT, PSA_ERROR_ALREADY_EXISTS);
+ TEST_EQUAL(PSA_ERROR_EMPTY_SLOT, PSA_ERROR_DOES_NOT_EXIST);
+ TEST_EQUAL(PSA_ERROR_INSUFFICIENT_CAPACITY, PSA_ERROR_INSUFFICIENT_DATA);
+ TEST_EQUAL(PSA_ERROR_TAMPERING_DETECTED, PSA_ERROR_CORRUPTION_DETECTED);
+ TEST_EQUAL(PSA_KEY_USAGE_SIGN, PSA_KEY_USAGE_SIGN_HASH);
+ TEST_EQUAL(PSA_KEY_USAGE_VERIFY, PSA_KEY_USAGE_VERIFY_HASH);
+ TEST_EQUAL(PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE, PSA_SIGNATURE_MAX_SIZE);
- TEST_EQUAL( PSA_ECC_CURVE_SECP160K1, PSA_ECC_FAMILY_SECP_K1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECP192K1, PSA_ECC_FAMILY_SECP_K1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECP224K1, PSA_ECC_FAMILY_SECP_K1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECP256K1, PSA_ECC_FAMILY_SECP_K1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECP160R1, PSA_ECC_FAMILY_SECP_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECP192R1, PSA_ECC_FAMILY_SECP_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECP224R1, PSA_ECC_FAMILY_SECP_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECP256R1, PSA_ECC_FAMILY_SECP_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECP384R1, PSA_ECC_FAMILY_SECP_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECP521R1, PSA_ECC_FAMILY_SECP_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECP160R2, PSA_ECC_FAMILY_SECP_R2 );
- TEST_EQUAL( PSA_ECC_CURVE_SECT163K1, PSA_ECC_FAMILY_SECT_K1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECT233K1, PSA_ECC_FAMILY_SECT_K1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECT239K1, PSA_ECC_FAMILY_SECT_K1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECT283K1, PSA_ECC_FAMILY_SECT_K1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECT409K1, PSA_ECC_FAMILY_SECT_K1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECT571K1, PSA_ECC_FAMILY_SECT_K1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECT163R1, PSA_ECC_FAMILY_SECT_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECT193R1, PSA_ECC_FAMILY_SECT_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECT233R1, PSA_ECC_FAMILY_SECT_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECT283R1, PSA_ECC_FAMILY_SECT_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECT409R1, PSA_ECC_FAMILY_SECT_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECT571R1, PSA_ECC_FAMILY_SECT_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECT163R2, PSA_ECC_FAMILY_SECT_R2 );
- TEST_EQUAL( PSA_ECC_CURVE_SECT193R2, PSA_ECC_FAMILY_SECT_R2 );
- TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY );
- TEST_EQUAL( PSA_ECC_CURVE_CURVE448, PSA_ECC_FAMILY_MONTGOMERY );
+ TEST_EQUAL(PSA_ECC_CURVE_SECP160K1, PSA_ECC_FAMILY_SECP_K1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECP192K1, PSA_ECC_FAMILY_SECP_K1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECP224K1, PSA_ECC_FAMILY_SECP_K1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECP256K1, PSA_ECC_FAMILY_SECP_K1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECP160R1, PSA_ECC_FAMILY_SECP_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECP192R1, PSA_ECC_FAMILY_SECP_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECP224R1, PSA_ECC_FAMILY_SECP_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECP256R1, PSA_ECC_FAMILY_SECP_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECP384R1, PSA_ECC_FAMILY_SECP_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECP521R1, PSA_ECC_FAMILY_SECP_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECP160R2, PSA_ECC_FAMILY_SECP_R2);
+ TEST_EQUAL(PSA_ECC_CURVE_SECT163K1, PSA_ECC_FAMILY_SECT_K1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECT233K1, PSA_ECC_FAMILY_SECT_K1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECT239K1, PSA_ECC_FAMILY_SECT_K1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECT283K1, PSA_ECC_FAMILY_SECT_K1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECT409K1, PSA_ECC_FAMILY_SECT_K1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECT571K1, PSA_ECC_FAMILY_SECT_K1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECT163R1, PSA_ECC_FAMILY_SECT_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECT193R1, PSA_ECC_FAMILY_SECT_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECT233R1, PSA_ECC_FAMILY_SECT_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECT283R1, PSA_ECC_FAMILY_SECT_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECT409R1, PSA_ECC_FAMILY_SECT_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECT571R1, PSA_ECC_FAMILY_SECT_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECT163R2, PSA_ECC_FAMILY_SECT_R2);
+ TEST_EQUAL(PSA_ECC_CURVE_SECT193R2, PSA_ECC_FAMILY_SECT_R2);
+ TEST_EQUAL(PSA_ECC_CURVE_BRAINPOOL_P256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_BRAINPOOL_P384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_BRAINPOOL_P512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY);
+ TEST_EQUAL(PSA_ECC_CURVE_CURVE448, PSA_ECC_FAMILY_MONTGOMERY);
- TEST_EQUAL( PSA_ECC_CURVE_SECP_K1, PSA_ECC_FAMILY_SECP_K1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECP_R1, PSA_ECC_FAMILY_SECP_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECP_R2, PSA_ECC_FAMILY_SECP_R2 );
- TEST_EQUAL( PSA_ECC_CURVE_SECT_K1, PSA_ECC_FAMILY_SECT_K1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECT_R1, PSA_ECC_FAMILY_SECT_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_SECT_R2, PSA_ECC_FAMILY_SECT_R2 );
- TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P_R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
- TEST_EQUAL( PSA_ECC_CURVE_MONTGOMERY, PSA_ECC_FAMILY_MONTGOMERY );
+ TEST_EQUAL(PSA_ECC_CURVE_SECP_K1, PSA_ECC_FAMILY_SECP_K1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECP_R1, PSA_ECC_FAMILY_SECP_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECP_R2, PSA_ECC_FAMILY_SECP_R2);
+ TEST_EQUAL(PSA_ECC_CURVE_SECT_K1, PSA_ECC_FAMILY_SECT_K1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECT_R1, PSA_ECC_FAMILY_SECT_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_SECT_R2, PSA_ECC_FAMILY_SECT_R2);
+ TEST_EQUAL(PSA_ECC_CURVE_BRAINPOOL_P_R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1);
+ TEST_EQUAL(PSA_ECC_CURVE_MONTGOMERY, PSA_ECC_FAMILY_MONTGOMERY);
- TEST_EQUAL( PSA_DH_GROUP_FFDHE2048, PSA_DH_FAMILY_RFC7919 );
- TEST_EQUAL( PSA_DH_GROUP_FFDHE3072, PSA_DH_FAMILY_RFC7919 );
- TEST_EQUAL( PSA_DH_GROUP_FFDHE4096, PSA_DH_FAMILY_RFC7919 );
- TEST_EQUAL( PSA_DH_GROUP_FFDHE6144, PSA_DH_FAMILY_RFC7919 );
- TEST_EQUAL( PSA_DH_GROUP_FFDHE8192, PSA_DH_FAMILY_RFC7919 );
+ TEST_EQUAL(PSA_DH_GROUP_FFDHE2048, PSA_DH_FAMILY_RFC7919);
+ TEST_EQUAL(PSA_DH_GROUP_FFDHE3072, PSA_DH_FAMILY_RFC7919);
+ TEST_EQUAL(PSA_DH_GROUP_FFDHE4096, PSA_DH_FAMILY_RFC7919);
+ TEST_EQUAL(PSA_DH_GROUP_FFDHE6144, PSA_DH_FAMILY_RFC7919);
+ TEST_EQUAL(PSA_DH_GROUP_FFDHE8192, PSA_DH_FAMILY_RFC7919);
- TEST_EQUAL( PSA_DH_GROUP_RFC7919, PSA_DH_FAMILY_RFC7919 );
- TEST_EQUAL( PSA_DH_GROUP_CUSTOM, PSA_DH_FAMILY_CUSTOM );
+ TEST_EQUAL(PSA_DH_GROUP_RFC7919, PSA_DH_FAMILY_RFC7919);
+ TEST_EQUAL(PSA_DH_GROUP_CUSTOM, PSA_DH_FAMILY_CUSTOM);
#endif
}
/* END_CASE */
/* BEGIN_CASE */
-void import_with_policy( int type_arg,
- int usage_arg, int alg_arg,
- int expected_status_arg )
+void import_with_policy(int type_arg,
+ int usage_arg, int alg_arg,
+ int expected_status_arg)
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -367,48 +369,49 @@
psa_key_usage_t usage = usage_arg;
psa_algorithm_t alg = alg_arg;
psa_status_t expected_status = expected_status_arg;
- const uint8_t key_material[16] = {0};
+ const uint8_t key_material[16] = { 0 };
psa_status_t status;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_type( &attributes, type );
- psa_set_key_usage_flags( &attributes, usage );
- psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type(&attributes, type);
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, alg);
- status = psa_import_key( &attributes,
- key_material, sizeof( key_material ),
- &key );
- TEST_EQUAL( status, expected_status );
- if( status != PSA_SUCCESS )
+ status = psa_import_key(&attributes,
+ key_material, sizeof(key_material),
+ &key);
+ TEST_EQUAL(status, expected_status);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
- TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
- TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ),
- mbedtls_test_update_key_usage_flags( usage ) );
- TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg );
- ASSERT_NO_SLOT_NUMBER( &got_attributes );
+ PSA_ASSERT(psa_get_key_attributes(key, &got_attributes));
+ TEST_EQUAL(psa_get_key_type(&got_attributes), type);
+ TEST_EQUAL(psa_get_key_usage_flags(&got_attributes),
+ mbedtls_test_update_key_usage_flags(usage));
+ TEST_EQUAL(psa_get_key_algorithm(&got_attributes), alg);
+ ASSERT_NO_SLOT_NUMBER(&got_attributes);
- PSA_ASSERT( psa_destroy_key( key ) );
- test_operations_on_invalid_key( key );
+ PSA_ASSERT(psa_destroy_key(key));
+ test_operations_on_invalid_key(key);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &got_attributes );
+ psa_reset_key_attributes(&got_attributes);
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void import_with_data( data_t *data, int type_arg,
- int attr_bits_arg,
- int expected_status_arg )
+void import_with_data(data_t *data, int type_arg,
+ int attr_bits_arg,
+ int expected_status_arg)
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -418,41 +421,43 @@
psa_status_t expected_status = expected_status_arg;
psa_status_t status;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_type( &attributes, type );
- psa_set_key_bits( &attributes, attr_bits );
+ psa_set_key_type(&attributes, type);
+ psa_set_key_bits(&attributes, attr_bits);
- status = psa_import_key( &attributes, data->x, data->len, &key );
- TEST_EQUAL( status, expected_status );
- if( status != PSA_SUCCESS )
+ status = psa_import_key(&attributes, data->x, data->len, &key);
+ TEST_EQUAL(status, expected_status);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
- TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
- if( attr_bits != 0 )
- TEST_EQUAL( attr_bits, psa_get_key_bits( &got_attributes ) );
- ASSERT_NO_SLOT_NUMBER( &got_attributes );
+ PSA_ASSERT(psa_get_key_attributes(key, &got_attributes));
+ TEST_EQUAL(psa_get_key_type(&got_attributes), type);
+ if (attr_bits != 0) {
+ TEST_EQUAL(attr_bits, psa_get_key_bits(&got_attributes));
+ }
+ ASSERT_NO_SLOT_NUMBER(&got_attributes);
- PSA_ASSERT( psa_destroy_key( key ) );
- test_operations_on_invalid_key( key );
+ PSA_ASSERT(psa_destroy_key(key));
+ test_operations_on_invalid_key(key);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &got_attributes );
+ psa_reset_key_attributes(&got_attributes);
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
/* Construct and attempt to import a large unstructured key. */
-void import_large_key( int type_arg, int byte_size_arg,
- int expected_status_arg )
+void import_large_key(int type_arg, int byte_size_arg,
+ int expected_status_arg)
{
psa_key_type_t type = type_arg;
size_t byte_size = byte_size_arg;
@@ -466,31 +471,32 @@
/* Skip the test case if the target running the test cannot
* accommodate large keys due to heap size constraints */
- ASSERT_ALLOC_WEAK( buffer, buffer_size );
- memset( buffer, 'K', byte_size );
+ ASSERT_ALLOC_WEAK(buffer, buffer_size);
+ memset(buffer, 'K', byte_size);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/* Try importing the key */
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
- psa_set_key_type( &attributes, type );
- status = psa_import_key( &attributes, buffer, byte_size, &key );
- TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY );
- TEST_EQUAL( status, expected_status );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
+ psa_set_key_type(&attributes, type);
+ status = psa_import_key(&attributes, buffer, byte_size, &key);
+ TEST_ASSUME(status != PSA_ERROR_INSUFFICIENT_MEMORY);
+ TEST_EQUAL(status, expected_status);
- if( status == PSA_SUCCESS )
- {
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- TEST_EQUAL( psa_get_key_type( &attributes ), type );
- TEST_EQUAL( psa_get_key_bits( &attributes ),
- PSA_BYTES_TO_BITS( byte_size ) );
- ASSERT_NO_SLOT_NUMBER( &attributes );
- memset( buffer, 0, byte_size + 1 );
- PSA_ASSERT( psa_export_key( key, buffer, byte_size, &n ) );
- for( n = 0; n < byte_size; n++ )
- TEST_EQUAL( buffer[n], 'K' );
- for( n = byte_size; n < buffer_size; n++ )
- TEST_EQUAL( buffer[n], 0 );
+ if (status == PSA_SUCCESS) {
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ TEST_EQUAL(psa_get_key_type(&attributes), type);
+ TEST_EQUAL(psa_get_key_bits(&attributes),
+ PSA_BYTES_TO_BITS(byte_size));
+ ASSERT_NO_SLOT_NUMBER(&attributes);
+ memset(buffer, 0, byte_size + 1);
+ PSA_ASSERT(psa_export_key(key, buffer, byte_size, &n));
+ for (n = 0; n < byte_size; n++) {
+ TEST_EQUAL(buffer[n], 'K');
+ }
+ for (n = byte_size; n < buffer_size; n++) {
+ TEST_EQUAL(buffer[n], 0);
+ }
}
exit:
@@ -498,11 +504,11 @@
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- psa_destroy_key( key );
- PSA_DONE( );
- mbedtls_free( buffer );
+ psa_destroy_key(key);
+ PSA_DONE();
+ mbedtls_free(buffer);
}
/* END_CASE */
@@ -510,7 +516,7 @@
/* Import an RSA key with a valid structure (but not valid numbers
* inside, beyond having sensible size and parity). This is expected to
* fail for large keys. */
-void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg )
+void import_rsa_made_up(int bits_arg, int keypair, int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
size_t bits = bits_arg;
@@ -519,43 +525,44 @@
psa_key_type_t type =
keypair ? PSA_KEY_TYPE_RSA_KEY_PAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY;
size_t buffer_size = /* Slight overapproximations */
- keypair ? bits * 9 / 16 + 80 : bits / 8 + 20;
+ keypair ? bits * 9 / 16 + 80 : bits / 8 + 20;
unsigned char *buffer = NULL;
unsigned char *p;
int ret;
size_t length;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
- ASSERT_ALLOC( buffer, buffer_size );
+ PSA_ASSERT(psa_crypto_init());
+ ASSERT_ALLOC(buffer, buffer_size);
- TEST_ASSERT( ( ret = construct_fake_rsa_key( buffer, buffer_size, &p,
- bits, keypair ) ) >= 0 );
+ TEST_ASSERT((ret = construct_fake_rsa_key(buffer, buffer_size, &p,
+ bits, keypair)) >= 0);
length = ret;
/* Try importing the key */
- psa_set_key_type( &attributes, type );
- status = psa_import_key( &attributes, p, length, &key );
- TEST_EQUAL( status, expected_status );
+ psa_set_key_type(&attributes, type);
+ status = psa_import_key(&attributes, p, length, &key);
+ TEST_EQUAL(status, expected_status);
- if( status == PSA_SUCCESS )
- PSA_ASSERT( psa_destroy_key( key ) );
+ if (status == PSA_SUCCESS) {
+ PSA_ASSERT(psa_destroy_key(key));
+ }
exit:
- mbedtls_free( buffer );
- PSA_DONE( );
+ mbedtls_free(buffer);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void import_export( data_t *data,
- int type_arg,
- int usage_arg, int alg_arg,
- int expected_bits,
- int export_size_delta,
- int expected_export_status_arg,
- /*whether reexport must give the original input exactly*/
- int canonical_input )
+void import_export(data_t *data,
+ int type_arg,
+ int usage_arg, int alg_arg,
+ int expected_bits,
+ int export_size_delta,
+ int expected_export_status_arg,
+ /*whether reexport must give the original input exactly*/
+ int canonical_input)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
@@ -571,39 +578,39 @@
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
export_size = (ptrdiff_t) data->len + export_size_delta;
- ASSERT_ALLOC( exported, export_size );
- if( ! canonical_input )
- ASSERT_ALLOC( reexported, export_size );
- PSA_ASSERT( psa_crypto_init( ) );
+ ASSERT_ALLOC(exported, export_size);
+ if (!canonical_input) {
+ ASSERT_ALLOC(reexported, export_size);
+ }
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, usage_arg );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, type );
+ psa_set_key_usage_flags(&attributes, usage_arg);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, type);
/* Import the key */
- PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, data->x, data->len, &key));
/* Test the key information */
- PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
- TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
- TEST_EQUAL( psa_get_key_bits( &got_attributes ), (size_t) expected_bits );
- ASSERT_NO_SLOT_NUMBER( &got_attributes );
+ PSA_ASSERT(psa_get_key_attributes(key, &got_attributes));
+ TEST_EQUAL(psa_get_key_type(&got_attributes), type);
+ TEST_EQUAL(psa_get_key_bits(&got_attributes), (size_t) expected_bits);
+ ASSERT_NO_SLOT_NUMBER(&got_attributes);
/* Export the key */
- status = psa_export_key( key, exported, export_size, &exported_length );
- TEST_EQUAL( status, expected_export_status );
+ status = psa_export_key(key, exported, export_size, &exported_length);
+ TEST_EQUAL(status, expected_export_status);
/* The exported length must be set by psa_export_key() to a value between 0
* and export_size. On errors, the exported length must be 0. */
- TEST_ASSERT( exported_length != INVALID_EXPORT_LENGTH );
- TEST_ASSERT( status == PSA_SUCCESS || exported_length == 0 );
- TEST_LE_U( exported_length, export_size );
+ TEST_ASSERT(exported_length != INVALID_EXPORT_LENGTH);
+ TEST_ASSERT(status == PSA_SUCCESS || exported_length == 0);
+ TEST_LE_U(exported_length, export_size);
- TEST_ASSERT( mem_is_char( exported + exported_length, 0,
- export_size - exported_length ) );
- if( status != PSA_SUCCESS )
- {
- TEST_EQUAL( exported_length, 0 );
+ TEST_ASSERT(mem_is_char(exported + exported_length, 0,
+ export_size - exported_length));
+ if (status != PSA_SUCCESS) {
+ TEST_EQUAL(exported_length, 0);
goto destroy;
}
@@ -611,54 +618,54 @@
* this validates the canonical representations. For canonical inputs,
* this doesn't directly validate the implementation, but it still helps
* by cross-validating the test data with the sanity check code. */
- if( ! mbedtls_test_psa_exercise_key( key, usage_arg, 0 ) )
+ if (!mbedtls_test_psa_exercise_key(key, usage_arg, 0)) {
goto exit;
-
- if( canonical_input )
- ASSERT_COMPARE( data->x, data->len, exported, exported_length );
- else
- {
- mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT;
- PSA_ASSERT( psa_import_key( &attributes, exported, exported_length,
- &key2 ) );
- PSA_ASSERT( psa_export_key( key2,
- reexported,
- export_size,
- &reexported_length ) );
- ASSERT_COMPARE( exported, exported_length,
- reexported, reexported_length );
- PSA_ASSERT( psa_destroy_key( key2 ) );
}
- TEST_ASSERT( exported_length <=
- PSA_EXPORT_KEY_OUTPUT_SIZE( type,
- psa_get_key_bits( &got_attributes ) ) );
- TEST_LE_U( exported_length, PSA_EXPORT_KEY_PAIR_MAX_SIZE );
+
+ if (canonical_input) {
+ ASSERT_COMPARE(data->x, data->len, exported, exported_length);
+ } else {
+ mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT;
+ PSA_ASSERT(psa_import_key(&attributes, exported, exported_length,
+ &key2));
+ PSA_ASSERT(psa_export_key(key2,
+ reexported,
+ export_size,
+ &reexported_length));
+ ASSERT_COMPARE(exported, exported_length,
+ reexported, reexported_length);
+ PSA_ASSERT(psa_destroy_key(key2));
+ }
+ TEST_ASSERT(exported_length <=
+ PSA_EXPORT_KEY_OUTPUT_SIZE(type,
+ psa_get_key_bits(&got_attributes)));
+ TEST_LE_U(exported_length, PSA_EXPORT_KEY_PAIR_MAX_SIZE);
destroy:
/* Destroy the key */
- PSA_ASSERT( psa_destroy_key( key ) );
- test_operations_on_invalid_key( key );
+ PSA_ASSERT(psa_destroy_key(key));
+ test_operations_on_invalid_key(key);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &got_attributes );
+ psa_reset_key_attributes(&got_attributes);
- mbedtls_free( exported );
- mbedtls_free( reexported );
- PSA_DONE( );
+ mbedtls_free(exported);
+ mbedtls_free(reexported);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void import_export_public_key( data_t *data,
- int type_arg, // key pair or public key
- int alg_arg,
- int export_size_delta,
- int expected_export_status_arg,
- data_t *expected_public_key )
+void import_export_public_key(data_t *data,
+ int type_arg, // key pair or public key
+ int alg_arg,
+ int export_size_delta,
+ int expected_export_status_arg,
+ data_t *expected_public_key)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
@@ -670,35 +677,34 @@
size_t exported_length = INVALID_EXPORT_LENGTH;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, type);
/* Import the key */
- PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, data->x, data->len, &key));
/* Export the public key */
- ASSERT_ALLOC( exported, export_size );
- status = psa_export_public_key( key,
- exported, export_size,
- &exported_length );
- TEST_EQUAL( status, expected_export_status );
- if( status == PSA_SUCCESS )
- {
- psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type );
+ ASSERT_ALLOC(exported, export_size);
+ status = psa_export_public_key(key,
+ exported, export_size,
+ &exported_length);
+ TEST_EQUAL(status, expected_export_status);
+ if (status == PSA_SUCCESS) {
+ psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type);
size_t bits;
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- bits = psa_get_key_bits( &attributes );
- TEST_LE_U( expected_public_key->len,
- PSA_EXPORT_KEY_OUTPUT_SIZE( public_type, bits ) );
- TEST_LE_U( expected_public_key->len,
- PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type, bits ) );
- TEST_LE_U( expected_public_key->len,
- PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
- ASSERT_COMPARE( expected_public_key->x, expected_public_key->len,
- exported, exported_length );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ bits = psa_get_key_bits(&attributes);
+ TEST_LE_U(expected_public_key->len,
+ PSA_EXPORT_KEY_OUTPUT_SIZE(public_type, bits));
+ TEST_LE_U(expected_public_key->len,
+ PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type, bits));
+ TEST_LE_U(expected_public_key->len,
+ PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
+ ASSERT_COMPARE(expected_public_key->x, expected_public_key->len,
+ exported, exported_length);
}
exit:
@@ -706,67 +712,68 @@
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- mbedtls_free( exported );
- psa_destroy_key( key );
- PSA_DONE( );
+ mbedtls_free(exported);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void import_and_exercise_key( data_t *data,
- int type_arg,
- int bits_arg,
- int alg_arg )
+void import_and_exercise_key(data_t *data,
+ int type_arg,
+ int bits_arg,
+ int alg_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
size_t bits = bits_arg;
psa_algorithm_t alg = alg_arg;
- psa_key_usage_t usage = mbedtls_test_psa_usage_to_exercise( type, alg );
+ psa_key_usage_t usage = mbedtls_test_psa_usage_to_exercise(type, alg);
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, usage );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, type );
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, type);
/* Import the key */
- PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, data->x, data->len, &key));
/* Test the key information */
- PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
- TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
- TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
+ PSA_ASSERT(psa_get_key_attributes(key, &got_attributes));
+ TEST_EQUAL(psa_get_key_type(&got_attributes), type);
+ TEST_EQUAL(psa_get_key_bits(&got_attributes), bits);
/* Do something with the key according to its type and permitted usage. */
- if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) )
+ if (!mbedtls_test_psa_exercise_key(key, usage, alg)) {
goto exit;
+ }
- PSA_ASSERT( psa_destroy_key( key ) );
- test_operations_on_invalid_key( key );
+ PSA_ASSERT(psa_destroy_key(key));
+ test_operations_on_invalid_key(key);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &got_attributes );
+ psa_reset_key_attributes(&got_attributes);
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void effective_key_attributes( int type_arg, int expected_type_arg,
- int bits_arg, int expected_bits_arg,
- int usage_arg, int expected_usage_arg,
- int alg_arg, int expected_alg_arg )
+void effective_key_attributes(int type_arg, int expected_type_arg,
+ int bits_arg, int expected_bits_arg,
+ int usage_arg, int expected_usage_arg,
+ int alg_arg, int expected_alg_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = type_arg;
@@ -779,89 +786,89 @@
psa_key_usage_t expected_usage = expected_usage_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, usage );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
- psa_set_key_bits( &attributes, bits );
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_bits(&attributes, bits);
- PSA_ASSERT( psa_generate_key( &attributes, &key ) );
- psa_reset_key_attributes( &attributes );
+ PSA_ASSERT(psa_generate_key(&attributes, &key));
+ psa_reset_key_attributes(&attributes);
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- TEST_EQUAL( psa_get_key_type( &attributes ), expected_key_type );
- TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage );
- TEST_EQUAL( psa_get_key_algorithm( &attributes ), expected_alg );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ TEST_EQUAL(psa_get_key_type(&attributes), expected_key_type);
+ TEST_EQUAL(psa_get_key_bits(&attributes), expected_bits);
+ TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage);
+ TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void check_key_policy( int type_arg, int bits_arg,
- int usage_arg, int alg_arg )
+void check_key_policy(int type_arg, int bits_arg,
+ int usage_arg, int alg_arg)
{
- test_effective_key_attributes( type_arg, type_arg, bits_arg, bits_arg,
- usage_arg,
- mbedtls_test_update_key_usage_flags( usage_arg ),
- alg_arg, alg_arg );
+ test_effective_key_attributes(type_arg, type_arg, bits_arg, bits_arg,
+ usage_arg,
+ mbedtls_test_update_key_usage_flags(usage_arg),
+ alg_arg, alg_arg);
goto exit;
}
/* END_CASE */
/* BEGIN_CASE */
-void key_attributes_init( )
+void key_attributes_init()
{
/* Test each valid way of initializing the object, except for `= {0}`, as
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
* to suppress the Clang warning for the test. */
- psa_key_attributes_t func = psa_key_attributes_init( );
+ psa_key_attributes_t func = psa_key_attributes_init();
psa_key_attributes_t init = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t zero;
- memset( &zero, 0, sizeof( zero ) );
+ memset(&zero, 0, sizeof(zero));
- TEST_EQUAL( psa_get_key_lifetime( &func ), PSA_KEY_LIFETIME_VOLATILE );
- TEST_EQUAL( psa_get_key_lifetime( &init ), PSA_KEY_LIFETIME_VOLATILE );
- TEST_EQUAL( psa_get_key_lifetime( &zero ), PSA_KEY_LIFETIME_VOLATILE );
+ TEST_EQUAL(psa_get_key_lifetime(&func), PSA_KEY_LIFETIME_VOLATILE);
+ TEST_EQUAL(psa_get_key_lifetime(&init), PSA_KEY_LIFETIME_VOLATILE);
+ TEST_EQUAL(psa_get_key_lifetime(&zero), PSA_KEY_LIFETIME_VOLATILE);
- TEST_EQUAL( psa_get_key_type( &func ), 0 );
- TEST_EQUAL( psa_get_key_type( &init ), 0 );
- TEST_EQUAL( psa_get_key_type( &zero ), 0 );
+ TEST_EQUAL(psa_get_key_type(&func), 0);
+ TEST_EQUAL(psa_get_key_type(&init), 0);
+ TEST_EQUAL(psa_get_key_type(&zero), 0);
- TEST_EQUAL( psa_get_key_bits( &func ), 0 );
- TEST_EQUAL( psa_get_key_bits( &init ), 0 );
- TEST_EQUAL( psa_get_key_bits( &zero ), 0 );
+ TEST_EQUAL(psa_get_key_bits(&func), 0);
+ TEST_EQUAL(psa_get_key_bits(&init), 0);
+ TEST_EQUAL(psa_get_key_bits(&zero), 0);
- TEST_EQUAL( psa_get_key_usage_flags( &func ), 0 );
- TEST_EQUAL( psa_get_key_usage_flags( &init ), 0 );
- TEST_EQUAL( psa_get_key_usage_flags( &zero ), 0 );
+ TEST_EQUAL(psa_get_key_usage_flags(&func), 0);
+ TEST_EQUAL(psa_get_key_usage_flags(&init), 0);
+ TEST_EQUAL(psa_get_key_usage_flags(&zero), 0);
- TEST_EQUAL( psa_get_key_algorithm( &func ), 0 );
- TEST_EQUAL( psa_get_key_algorithm( &init ), 0 );
- TEST_EQUAL( psa_get_key_algorithm( &zero ), 0 );
+ TEST_EQUAL(psa_get_key_algorithm(&func), 0);
+ TEST_EQUAL(psa_get_key_algorithm(&init), 0);
+ TEST_EQUAL(psa_get_key_algorithm(&zero), 0);
}
/* END_CASE */
/* BEGIN_CASE */
-void mac_key_policy( int policy_usage_arg,
- int policy_alg_arg,
- int key_type_arg,
- data_t *key_data,
- int exercise_alg_arg,
- int expected_status_sign_arg,
- int expected_status_verify_arg )
+void mac_key_policy(int policy_usage_arg,
+ int policy_alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ int exercise_alg_arg,
+ int expected_status_sign_arg,
+ int expected_status_verify_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -875,57 +882,58 @@
psa_status_t expected_status_verify = expected_status_verify_arg;
unsigned char mac[PSA_MAC_MAX_SIZE];
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, policy_usage );
- psa_set_key_algorithm( &attributes, policy_alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, policy_usage);
+ psa_set_key_algorithm(&attributes, policy_alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ),
- mbedtls_test_update_key_usage_flags( policy_usage ) );
+ TEST_EQUAL(psa_get_key_usage_flags(&attributes),
+ mbedtls_test_update_key_usage_flags(policy_usage));
- status = psa_mac_sign_setup( &operation, key, exercise_alg );
- TEST_EQUAL( status, expected_status_sign );
+ status = psa_mac_sign_setup(&operation, key, exercise_alg);
+ TEST_EQUAL(status, expected_status_sign);
/* Calculate the MAC, one-shot case. */
- uint8_t input[128] = {0};
+ uint8_t input[128] = { 0 };
size_t mac_len;
- TEST_EQUAL( psa_mac_compute( key, exercise_alg,
- input, 128,
- mac, PSA_MAC_MAX_SIZE, &mac_len ),
- expected_status_sign );
+ TEST_EQUAL(psa_mac_compute(key, exercise_alg,
+ input, 128,
+ mac, PSA_MAC_MAX_SIZE, &mac_len),
+ expected_status_sign);
/* Verify correct MAC, one-shot case. */
- status = psa_mac_verify( key, exercise_alg, input, 128,
- mac, mac_len );
+ status = psa_mac_verify(key, exercise_alg, input, 128,
+ mac, mac_len);
- if( expected_status_sign != PSA_SUCCESS && expected_status_verify == PSA_SUCCESS )
- TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
- else
- TEST_EQUAL( status, expected_status_verify );
+ if (expected_status_sign != PSA_SUCCESS && expected_status_verify == PSA_SUCCESS) {
+ TEST_EQUAL(status, PSA_ERROR_INVALID_SIGNATURE);
+ } else {
+ TEST_EQUAL(status, expected_status_verify);
+ }
- psa_mac_abort( &operation );
+ psa_mac_abort(&operation);
- memset( mac, 0, sizeof( mac ) );
- status = psa_mac_verify_setup( &operation, key, exercise_alg );
- TEST_EQUAL( status, expected_status_verify );
+ memset(mac, 0, sizeof(mac));
+ status = psa_mac_verify_setup(&operation, key, exercise_alg);
+ TEST_EQUAL(status, expected_status_verify);
exit:
- psa_mac_abort( &operation );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_mac_abort(&operation);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_key_policy( int policy_usage_arg,
- int policy_alg,
- int key_type,
- data_t *key_data,
- int exercise_alg )
+void cipher_key_policy(int policy_usage_arg,
+ int policy_alg,
+ int key_type,
+ data_t *key_data,
+ int exercise_alg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -933,115 +941,119 @@
psa_key_usage_t policy_usage = policy_usage_arg;
psa_status_t status;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, policy_usage );
- psa_set_key_algorithm( &attributes, policy_alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, policy_usage);
+ psa_set_key_algorithm(&attributes, policy_alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
/* Check if no key usage flag implication is done */
- TEST_EQUAL( policy_usage,
- mbedtls_test_update_key_usage_flags( policy_usage ) );
+ TEST_EQUAL(policy_usage,
+ mbedtls_test_update_key_usage_flags(policy_usage));
- status = psa_cipher_encrypt_setup( &operation, key, exercise_alg );
- if( policy_alg == exercise_alg &&
- ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
- PSA_ASSERT( status );
- else
- TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
- psa_cipher_abort( &operation );
+ status = psa_cipher_encrypt_setup(&operation, key, exercise_alg);
+ if (policy_alg == exercise_alg &&
+ (policy_usage & PSA_KEY_USAGE_ENCRYPT) != 0) {
+ PSA_ASSERT(status);
+ } else {
+ TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
+ }
+ psa_cipher_abort(&operation);
- status = psa_cipher_decrypt_setup( &operation, key, exercise_alg );
- if( policy_alg == exercise_alg &&
- ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
- PSA_ASSERT( status );
- else
- TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ status = psa_cipher_decrypt_setup(&operation, key, exercise_alg);
+ if (policy_alg == exercise_alg &&
+ (policy_usage & PSA_KEY_USAGE_DECRYPT) != 0) {
+ PSA_ASSERT(status);
+ } else {
+ TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
+ }
exit:
- psa_cipher_abort( &operation );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_cipher_abort(&operation);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void aead_key_policy( int policy_usage_arg,
- int policy_alg,
- int key_type,
- data_t *key_data,
- int nonce_length_arg,
- int tag_length_arg,
- int exercise_alg,
- int expected_status_arg )
+void aead_key_policy(int policy_usage_arg,
+ int policy_alg,
+ int key_type,
+ data_t *key_data,
+ int nonce_length_arg,
+ int tag_length_arg,
+ int exercise_alg,
+ int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_usage_t policy_usage = policy_usage_arg;
psa_status_t status;
psa_status_t expected_status = expected_status_arg;
- unsigned char nonce[16] = {0};
+ unsigned char nonce[16] = { 0 };
size_t nonce_length = nonce_length_arg;
unsigned char tag[16];
size_t tag_length = tag_length_arg;
size_t output_length;
- TEST_LE_U( nonce_length, sizeof( nonce ) );
- TEST_LE_U( tag_length, sizeof( tag ) );
+ TEST_LE_U(nonce_length, sizeof(nonce));
+ TEST_LE_U(tag_length, sizeof(tag));
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, policy_usage );
- psa_set_key_algorithm( &attributes, policy_alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, policy_usage);
+ psa_set_key_algorithm(&attributes, policy_alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
/* Check if no key usage implication is done */
- TEST_EQUAL( policy_usage,
- mbedtls_test_update_key_usage_flags( policy_usage ) );
+ TEST_EQUAL(policy_usage,
+ mbedtls_test_update_key_usage_flags(policy_usage));
- status = psa_aead_encrypt( key, exercise_alg,
- nonce, nonce_length,
- NULL, 0,
- NULL, 0,
- tag, tag_length,
- &output_length );
- if( ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
- TEST_EQUAL( status, expected_status );
- else
- TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ status = psa_aead_encrypt(key, exercise_alg,
+ nonce, nonce_length,
+ NULL, 0,
+ NULL, 0,
+ tag, tag_length,
+ &output_length);
+ if ((policy_usage & PSA_KEY_USAGE_ENCRYPT) != 0) {
+ TEST_EQUAL(status, expected_status);
+ } else {
+ TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
+ }
- memset( tag, 0, sizeof( tag ) );
- status = psa_aead_decrypt( key, exercise_alg,
- nonce, nonce_length,
- NULL, 0,
- tag, tag_length,
- NULL, 0,
- &output_length );
- if( ( policy_usage & PSA_KEY_USAGE_DECRYPT ) == 0 )
- TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
- else if( expected_status == PSA_SUCCESS )
- TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
- else
- TEST_EQUAL( status, expected_status );
+ memset(tag, 0, sizeof(tag));
+ status = psa_aead_decrypt(key, exercise_alg,
+ nonce, nonce_length,
+ NULL, 0,
+ tag, tag_length,
+ NULL, 0,
+ &output_length);
+ if ((policy_usage & PSA_KEY_USAGE_DECRYPT) == 0) {
+ TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
+ } else if (expected_status == PSA_SUCCESS) {
+ TEST_EQUAL(status, PSA_ERROR_INVALID_SIGNATURE);
+ } else {
+ TEST_EQUAL(status, expected_status);
+ }
exit:
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void asymmetric_encryption_key_policy( int policy_usage_arg,
- int policy_alg,
- int key_type,
- data_t *key_data,
- int exercise_alg )
+void asymmetric_encryption_key_policy(int policy_usage_arg,
+ int policy_alg,
+ int key_type,
+ data_t *key_data,
+ int exercise_alg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -1052,204 +1064,210 @@
unsigned char *buffer = NULL;
size_t output_length;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, policy_usage );
- psa_set_key_algorithm( &attributes, policy_alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, policy_usage);
+ psa_set_key_algorithm(&attributes, policy_alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
/* Check if no key usage implication is done */
- TEST_EQUAL( policy_usage,
- mbedtls_test_update_key_usage_flags( policy_usage ) );
+ TEST_EQUAL(policy_usage,
+ mbedtls_test_update_key_usage_flags(policy_usage));
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_bits = psa_get_key_bits( &attributes );
- buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits,
- exercise_alg );
- ASSERT_ALLOC( buffer, buffer_length );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_bits = psa_get_key_bits(&attributes);
+ buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits,
+ exercise_alg);
+ ASSERT_ALLOC(buffer, buffer_length);
- status = psa_asymmetric_encrypt( key, exercise_alg,
- NULL, 0,
- NULL, 0,
- buffer, buffer_length,
- &output_length );
- if( policy_alg == exercise_alg &&
- ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
- PSA_ASSERT( status );
- else
- TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ status = psa_asymmetric_encrypt(key, exercise_alg,
+ NULL, 0,
+ NULL, 0,
+ buffer, buffer_length,
+ &output_length);
+ if (policy_alg == exercise_alg &&
+ (policy_usage & PSA_KEY_USAGE_ENCRYPT) != 0) {
+ PSA_ASSERT(status);
+ } else {
+ TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
+ }
- if( buffer_length != 0 )
- memset( buffer, 0, buffer_length );
- status = psa_asymmetric_decrypt( key, exercise_alg,
- buffer, buffer_length,
- NULL, 0,
- buffer, buffer_length,
- &output_length );
- if( policy_alg == exercise_alg &&
- ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
- TEST_EQUAL( status, PSA_ERROR_INVALID_PADDING );
- else
- TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ if (buffer_length != 0) {
+ memset(buffer, 0, buffer_length);
+ }
+ status = psa_asymmetric_decrypt(key, exercise_alg,
+ buffer, buffer_length,
+ NULL, 0,
+ buffer, buffer_length,
+ &output_length);
+ if (policy_alg == exercise_alg &&
+ (policy_usage & PSA_KEY_USAGE_DECRYPT) != 0) {
+ TEST_EQUAL(status, PSA_ERROR_INVALID_PADDING);
+ } else {
+ TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
+ }
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- psa_destroy_key( key );
- PSA_DONE( );
- mbedtls_free( buffer );
+ psa_destroy_key(key);
+ PSA_DONE();
+ mbedtls_free(buffer);
}
/* END_CASE */
/* BEGIN_CASE */
-void asymmetric_signature_key_policy( int policy_usage_arg,
- int policy_alg,
- int key_type,
- data_t *key_data,
- int exercise_alg,
- int payload_length_arg,
- int expected_usage_arg )
+void asymmetric_signature_key_policy(int policy_usage_arg,
+ int policy_alg,
+ int key_type,
+ data_t *key_data,
+ int exercise_alg,
+ int payload_length_arg,
+ int expected_usage_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_usage_t policy_usage = policy_usage_arg;
psa_key_usage_t expected_usage = expected_usage_arg;
psa_status_t status;
- unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
+ unsigned char payload[PSA_HASH_MAX_SIZE] = { 1 };
/* If `payload_length_arg > 0`, `exercise_alg` is supposed to be
* compatible with the policy and `payload_length_arg` is supposed to be
* a valid input length to sign. If `payload_length_arg <= 0`,
* `exercise_alg` is supposed to be forbidden by the policy. */
int compatible_alg = payload_length_arg > 0;
size_t payload_length = compatible_alg ? payload_length_arg : 0;
- unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
+ unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 };
size_t signature_length;
/* Check if all implicit usage flags are deployed
in the expected usage flags. */
- TEST_EQUAL( expected_usage,
- mbedtls_test_update_key_usage_flags( policy_usage ) );
+ TEST_EQUAL(expected_usage,
+ mbedtls_test_update_key_usage_flags(policy_usage));
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, policy_usage );
- psa_set_key_algorithm( &attributes, policy_alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, policy_usage);
+ psa_set_key_algorithm(&attributes, policy_alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage );
+ TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage);
- status = psa_sign_hash( key, exercise_alg,
- payload, payload_length,
- signature, sizeof( signature ),
- &signature_length );
- if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 )
- PSA_ASSERT( status );
- else
- TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ status = psa_sign_hash(key, exercise_alg,
+ payload, payload_length,
+ signature, sizeof(signature),
+ &signature_length);
+ if (compatible_alg && (expected_usage & PSA_KEY_USAGE_SIGN_HASH) != 0) {
+ PSA_ASSERT(status);
+ } else {
+ TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
+ }
- memset( signature, 0, sizeof( signature ) );
- status = psa_verify_hash( key, exercise_alg,
- payload, payload_length,
- signature, sizeof( signature ) );
- if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 )
- TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
- else
- TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ memset(signature, 0, sizeof(signature));
+ status = psa_verify_hash(key, exercise_alg,
+ payload, payload_length,
+ signature, sizeof(signature));
+ if (compatible_alg && (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) != 0) {
+ TEST_EQUAL(status, PSA_ERROR_INVALID_SIGNATURE);
+ } else {
+ TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
+ }
- if( PSA_ALG_IS_SIGN_HASH( exercise_alg ) &&
- PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( exercise_alg ) ) )
- {
- status = psa_sign_message( key, exercise_alg,
- payload, payload_length,
- signature, sizeof( signature ),
- &signature_length );
- if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE ) != 0 )
- PSA_ASSERT( status );
- else
- TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ if (PSA_ALG_IS_SIGN_HASH(exercise_alg) &&
+ PSA_ALG_IS_HASH(PSA_ALG_SIGN_GET_HASH(exercise_alg))) {
+ status = psa_sign_message(key, exercise_alg,
+ payload, payload_length,
+ signature, sizeof(signature),
+ &signature_length);
+ if (compatible_alg && (expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE) != 0) {
+ PSA_ASSERT(status);
+ } else {
+ TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
+ }
- memset( signature, 0, sizeof( signature ) );
- status = psa_verify_message( key, exercise_alg,
- payload, payload_length,
- signature, sizeof( signature ) );
- if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_VERIFY_MESSAGE ) != 0 )
- TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
- else
- TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ memset(signature, 0, sizeof(signature));
+ status = psa_verify_message(key, exercise_alg,
+ payload, payload_length,
+ signature, sizeof(signature));
+ if (compatible_alg && (expected_usage & PSA_KEY_USAGE_VERIFY_MESSAGE) != 0) {
+ TEST_EQUAL(status, PSA_ERROR_INVALID_SIGNATURE);
+ } else {
+ TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
+ }
}
exit:
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void derive_key_policy( int policy_usage,
- int policy_alg,
- int key_type,
- data_t *key_data,
- int exercise_alg )
+void derive_key_policy(int policy_usage,
+ int policy_alg,
+ int key_type,
+ data_t *key_data,
+ int exercise_alg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_status_t status;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, policy_usage );
- psa_set_key_algorithm( &attributes, policy_alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, policy_usage);
+ psa_set_key_algorithm(&attributes, policy_alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
+ PSA_ASSERT(psa_key_derivation_setup(&operation, exercise_alg));
- if( PSA_ALG_IS_TLS12_PRF( exercise_alg ) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS( exercise_alg ) )
- {
- PSA_ASSERT( psa_key_derivation_input_bytes(
- &operation,
- PSA_KEY_DERIVATION_INPUT_SEED,
- (const uint8_t*) "", 0) );
+ if (PSA_ALG_IS_TLS12_PRF(exercise_alg) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS(exercise_alg)) {
+ PSA_ASSERT(psa_key_derivation_input_bytes(
+ &operation,
+ PSA_KEY_DERIVATION_INPUT_SEED,
+ (const uint8_t *) "", 0));
}
- status = psa_key_derivation_input_key( &operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- key );
+ status = psa_key_derivation_input_key(&operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ key);
- if( policy_alg == exercise_alg &&
- ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
- PSA_ASSERT( status );
- else
- TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ if (policy_alg == exercise_alg &&
+ (policy_usage & PSA_KEY_USAGE_DERIVE) != 0) {
+ PSA_ASSERT(status);
+ } else {
+ TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
+ }
exit:
- psa_key_derivation_abort( &operation );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_key_derivation_abort(&operation);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void agreement_key_policy( int policy_usage,
- int policy_alg,
- int key_type_arg,
- data_t *key_data,
- int exercise_alg,
- int expected_status_arg )
+void agreement_key_policy(int policy_usage,
+ int policy_alg,
+ int key_type_arg,
+ data_t *key_data,
+ int exercise_alg,
+ int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -1258,30 +1276,30 @@
psa_status_t status;
psa_status_t expected_status = expected_status_arg;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, policy_usage );
- psa_set_key_algorithm( &attributes, policy_alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, policy_usage);
+ psa_set_key_algorithm(&attributes, policy_alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
- status = mbedtls_test_psa_key_agreement_with_self( &operation, key );
+ PSA_ASSERT(psa_key_derivation_setup(&operation, exercise_alg));
+ status = mbedtls_test_psa_key_agreement_with_self(&operation, key);
- TEST_EQUAL( status, expected_status );
+ TEST_EQUAL(status, expected_status);
exit:
- psa_key_derivation_abort( &operation );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_key_derivation_abort(&operation);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void key_policy_alg2( int key_type_arg, data_t *key_data,
- int usage_arg, int alg_arg, int alg2_arg )
+void key_policy_alg2(int key_type_arg, data_t *key_data,
+ int usage_arg, int alg_arg, int alg2_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -1291,46 +1309,48 @@
psa_algorithm_t alg = alg_arg;
psa_algorithm_t alg2 = alg2_arg;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, usage );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_enrollment_algorithm( &attributes, alg2 );
- psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_enrollment_algorithm(&attributes, alg2);
+ psa_set_key_type(&attributes, key_type);
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
/* Update the usage flags to obtain implicit usage flags */
- usage = mbedtls_test_update_key_usage_flags( usage );
- PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
- TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage );
- TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg );
- TEST_EQUAL( psa_get_key_enrollment_algorithm( &got_attributes ), alg2 );
+ usage = mbedtls_test_update_key_usage_flags(usage);
+ PSA_ASSERT(psa_get_key_attributes(key, &got_attributes));
+ TEST_EQUAL(psa_get_key_usage_flags(&got_attributes), usage);
+ TEST_EQUAL(psa_get_key_algorithm(&got_attributes), alg);
+ TEST_EQUAL(psa_get_key_enrollment_algorithm(&got_attributes), alg2);
- if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) )
+ if (!mbedtls_test_psa_exercise_key(key, usage, alg)) {
goto exit;
- if( ! mbedtls_test_psa_exercise_key( key, usage, alg2 ) )
+ }
+ if (!mbedtls_test_psa_exercise_key(key, usage, alg2)) {
goto exit;
+ }
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &got_attributes );
+ psa_reset_key_attributes(&got_attributes);
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void raw_agreement_key_policy( int policy_usage,
- int policy_alg,
- int key_type_arg,
- data_t *key_data,
- int exercise_alg,
- int expected_status_arg )
+void raw_agreement_key_policy(int policy_usage,
+ int policy_alg,
+ int key_type_arg,
+ data_t *key_data,
+ int exercise_alg,
+ int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -1339,35 +1359,35 @@
psa_status_t status;
psa_status_t expected_status = expected_status_arg;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, policy_usage );
- psa_set_key_algorithm( &attributes, policy_alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, policy_usage);
+ psa_set_key_algorithm(&attributes, policy_alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- status = mbedtls_test_psa_raw_key_agreement_with_self( exercise_alg, key );
+ status = mbedtls_test_psa_raw_key_agreement_with_self(exercise_alg, key);
- TEST_EQUAL( status, expected_status );
+ TEST_EQUAL(status, expected_status);
exit:
- psa_key_derivation_abort( &operation );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_key_derivation_abort(&operation);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void copy_success( int source_usage_arg,
- int source_alg_arg, int source_alg2_arg,
- int type_arg, data_t *material,
- int copy_attributes,
- int target_usage_arg,
- int target_alg_arg, int target_alg2_arg,
- int expected_usage_arg,
- int expected_alg_arg, int expected_alg2_arg )
+void copy_success(int source_usage_arg,
+ int source_alg_arg, int source_alg2_arg,
+ int type_arg, data_t *material,
+ int copy_attributes,
+ int target_usage_arg,
+ int target_alg_arg, int target_alg2_arg,
+ int expected_usage_arg,
+ int expected_alg_arg, int expected_alg2_arg)
{
psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -1378,195 +1398,199 @@
mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT;
uint8_t *export_buffer = NULL;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/* Prepare the source key. */
- psa_set_key_usage_flags( &source_attributes, source_usage_arg );
- psa_set_key_algorithm( &source_attributes, source_alg_arg );
- psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg );
- psa_set_key_type( &source_attributes, type_arg );
- PSA_ASSERT( psa_import_key( &source_attributes,
- material->x, material->len,
- &source_key ) );
- PSA_ASSERT( psa_get_key_attributes( source_key, &source_attributes ) );
+ psa_set_key_usage_flags(&source_attributes, source_usage_arg);
+ psa_set_key_algorithm(&source_attributes, source_alg_arg);
+ psa_set_key_enrollment_algorithm(&source_attributes, source_alg2_arg);
+ psa_set_key_type(&source_attributes, type_arg);
+ PSA_ASSERT(psa_import_key(&source_attributes,
+ material->x, material->len,
+ &source_key));
+ PSA_ASSERT(psa_get_key_attributes(source_key, &source_attributes));
/* Prepare the target attributes. */
- if( copy_attributes )
- {
+ if (copy_attributes) {
target_attributes = source_attributes;
/* Set volatile lifetime to reset the key identifier to 0. */
- psa_set_key_lifetime( &target_attributes, PSA_KEY_LIFETIME_VOLATILE );
+ psa_set_key_lifetime(&target_attributes, PSA_KEY_LIFETIME_VOLATILE);
}
- if( target_usage_arg != -1 )
- psa_set_key_usage_flags( &target_attributes, target_usage_arg );
- if( target_alg_arg != -1 )
- psa_set_key_algorithm( &target_attributes, target_alg_arg );
- if( target_alg2_arg != -1 )
- psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
+ if (target_usage_arg != -1) {
+ psa_set_key_usage_flags(&target_attributes, target_usage_arg);
+ }
+ if (target_alg_arg != -1) {
+ psa_set_key_algorithm(&target_attributes, target_alg_arg);
+ }
+ if (target_alg2_arg != -1) {
+ psa_set_key_enrollment_algorithm(&target_attributes, target_alg2_arg);
+ }
/* Copy the key. */
- PSA_ASSERT( psa_copy_key( source_key,
- &target_attributes, &target_key ) );
+ PSA_ASSERT(psa_copy_key(source_key,
+ &target_attributes, &target_key));
/* Destroy the source to ensure that this doesn't affect the target. */
- PSA_ASSERT( psa_destroy_key( source_key ) );
+ PSA_ASSERT(psa_destroy_key(source_key));
/* Test that the target slot has the expected content and policy. */
- PSA_ASSERT( psa_get_key_attributes( target_key, &target_attributes ) );
- TEST_EQUAL( psa_get_key_type( &source_attributes ),
- psa_get_key_type( &target_attributes ) );
- TEST_EQUAL( psa_get_key_bits( &source_attributes ),
- psa_get_key_bits( &target_attributes ) );
- TEST_EQUAL( expected_usage, psa_get_key_usage_flags( &target_attributes ) );
- TEST_EQUAL( expected_alg, psa_get_key_algorithm( &target_attributes ) );
- TEST_EQUAL( expected_alg2,
- psa_get_key_enrollment_algorithm( &target_attributes ) );
- if( expected_usage & PSA_KEY_USAGE_EXPORT )
- {
+ PSA_ASSERT(psa_get_key_attributes(target_key, &target_attributes));
+ TEST_EQUAL(psa_get_key_type(&source_attributes),
+ psa_get_key_type(&target_attributes));
+ TEST_EQUAL(psa_get_key_bits(&source_attributes),
+ psa_get_key_bits(&target_attributes));
+ TEST_EQUAL(expected_usage, psa_get_key_usage_flags(&target_attributes));
+ TEST_EQUAL(expected_alg, psa_get_key_algorithm(&target_attributes));
+ TEST_EQUAL(expected_alg2,
+ psa_get_key_enrollment_algorithm(&target_attributes));
+ if (expected_usage & PSA_KEY_USAGE_EXPORT) {
size_t length;
- ASSERT_ALLOC( export_buffer, material->len );
- PSA_ASSERT( psa_export_key( target_key, export_buffer,
- material->len, &length ) );
- ASSERT_COMPARE( material->x, material->len,
- export_buffer, length );
+ ASSERT_ALLOC(export_buffer, material->len);
+ PSA_ASSERT(psa_export_key(target_key, export_buffer,
+ material->len, &length));
+ ASSERT_COMPARE(material->x, material->len,
+ export_buffer, length);
}
- if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg ) )
+ if (!mbedtls_test_psa_exercise_key(target_key, expected_usage, expected_alg)) {
goto exit;
- if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg2 ) )
+ }
+ if (!mbedtls_test_psa_exercise_key(target_key, expected_usage, expected_alg2)) {
goto exit;
+ }
- PSA_ASSERT( psa_destroy_key( target_key ) );
+ PSA_ASSERT(psa_destroy_key(target_key));
exit:
/*
* Source and target key attributes may have been returned by
* psa_get_key_attributes() thus reset them as required.
*/
- psa_reset_key_attributes( &source_attributes );
- psa_reset_key_attributes( &target_attributes );
+ psa_reset_key_attributes(&source_attributes);
+ psa_reset_key_attributes(&target_attributes);
- PSA_DONE( );
- mbedtls_free( export_buffer );
+ PSA_DONE();
+ mbedtls_free(export_buffer);
}
/* END_CASE */
/* BEGIN_CASE */
-void copy_fail( int source_usage_arg,
- int source_alg_arg, int source_alg2_arg,
- int type_arg, data_t *material,
- int target_type_arg, int target_bits_arg,
- int target_usage_arg,
- int target_alg_arg, int target_alg2_arg,
- int target_id_arg, int target_lifetime_arg,
- int expected_status_arg )
+void copy_fail(int source_usage_arg,
+ int source_alg_arg, int source_alg2_arg,
+ int type_arg, data_t *material,
+ int target_type_arg, int target_bits_arg,
+ int target_usage_arg,
+ int target_alg_arg, int target_alg2_arg,
+ int target_id_arg, int target_lifetime_arg,
+ int expected_status_arg)
{
psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT;
mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT;
- mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, target_id_arg );
+ mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(1, target_id_arg);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/* Prepare the source key. */
- psa_set_key_usage_flags( &source_attributes, source_usage_arg );
- psa_set_key_algorithm( &source_attributes, source_alg_arg );
- psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg );
- psa_set_key_type( &source_attributes, type_arg );
- PSA_ASSERT( psa_import_key( &source_attributes,
- material->x, material->len,
- &source_key ) );
+ psa_set_key_usage_flags(&source_attributes, source_usage_arg);
+ psa_set_key_algorithm(&source_attributes, source_alg_arg);
+ psa_set_key_enrollment_algorithm(&source_attributes, source_alg2_arg);
+ psa_set_key_type(&source_attributes, type_arg);
+ PSA_ASSERT(psa_import_key(&source_attributes,
+ material->x, material->len,
+ &source_key));
/* Prepare the target attributes. */
- psa_set_key_id( &target_attributes, key_id );
- psa_set_key_lifetime( &target_attributes, target_lifetime_arg );
- psa_set_key_type( &target_attributes, target_type_arg );
- psa_set_key_bits( &target_attributes, target_bits_arg );
- psa_set_key_usage_flags( &target_attributes, target_usage_arg );
- psa_set_key_algorithm( &target_attributes, target_alg_arg );
- psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
+ psa_set_key_id(&target_attributes, key_id);
+ psa_set_key_lifetime(&target_attributes, target_lifetime_arg);
+ psa_set_key_type(&target_attributes, target_type_arg);
+ psa_set_key_bits(&target_attributes, target_bits_arg);
+ psa_set_key_usage_flags(&target_attributes, target_usage_arg);
+ psa_set_key_algorithm(&target_attributes, target_alg_arg);
+ psa_set_key_enrollment_algorithm(&target_attributes, target_alg2_arg);
/* Try to copy the key. */
- TEST_EQUAL( psa_copy_key( source_key,
- &target_attributes, &target_key ),
- expected_status_arg );
+ TEST_EQUAL(psa_copy_key(source_key,
+ &target_attributes, &target_key),
+ expected_status_arg);
- PSA_ASSERT( psa_destroy_key( source_key ) );
+ PSA_ASSERT(psa_destroy_key(source_key));
exit:
- psa_reset_key_attributes( &source_attributes );
- psa_reset_key_attributes( &target_attributes );
- PSA_DONE( );
+ psa_reset_key_attributes(&source_attributes);
+ psa_reset_key_attributes(&target_attributes);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void hash_operation_init( )
+void hash_operation_init()
{
const uint8_t input[1] = { 0 };
/* Test each valid way of initializing the object, except for `= {0}`, as
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
* to suppress the Clang warning for the test. */
- psa_hash_operation_t func = psa_hash_operation_init( );
+ psa_hash_operation_t func = psa_hash_operation_init();
psa_hash_operation_t init = PSA_HASH_OPERATION_INIT;
psa_hash_operation_t zero;
- memset( &zero, 0, sizeof( zero ) );
+ memset(&zero, 0, sizeof(zero));
/* A freshly-initialized hash operation should not be usable. */
- TEST_EQUAL( psa_hash_update( &func, input, sizeof( input ) ),
- PSA_ERROR_BAD_STATE );
- TEST_EQUAL( psa_hash_update( &init, input, sizeof( input ) ),
- PSA_ERROR_BAD_STATE );
- TEST_EQUAL( psa_hash_update( &zero, input, sizeof( input ) ),
- PSA_ERROR_BAD_STATE );
+ TEST_EQUAL(psa_hash_update(&func, input, sizeof(input)),
+ PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(psa_hash_update(&init, input, sizeof(input)),
+ PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(psa_hash_update(&zero, input, sizeof(input)),
+ PSA_ERROR_BAD_STATE);
/* A default hash operation should be abortable without error. */
- PSA_ASSERT( psa_hash_abort( &func ) );
- PSA_ASSERT( psa_hash_abort( &init ) );
- PSA_ASSERT( psa_hash_abort( &zero ) );
+ PSA_ASSERT(psa_hash_abort(&func));
+ PSA_ASSERT(psa_hash_abort(&init));
+ PSA_ASSERT(psa_hash_abort(&zero));
}
/* END_CASE */
/* BEGIN_CASE */
-void hash_setup( int alg_arg,
- int expected_status_arg )
+void hash_setup(int alg_arg,
+ int expected_status_arg)
{
psa_algorithm_t alg = alg_arg;
psa_status_t expected_status = expected_status_arg;
psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
psa_status_t status;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- status = psa_hash_setup( &operation, alg );
- TEST_EQUAL( status, expected_status );
+ status = psa_hash_setup(&operation, alg);
+ TEST_EQUAL(status, expected_status);
/* Whether setup succeeded or failed, abort must succeed. */
- PSA_ASSERT( psa_hash_abort( &operation ) );
+ PSA_ASSERT(psa_hash_abort(&operation));
/* If setup failed, reproduce the failure, so as to
* test the resulting state of the operation object. */
- if( status != PSA_SUCCESS )
- TEST_EQUAL( psa_hash_setup( &operation, alg ), status );
+ if (status != PSA_SUCCESS) {
+ TEST_EQUAL(psa_hash_setup(&operation, alg), status);
+ }
/* Now the operation object should be reusable. */
#if defined(KNOWN_SUPPORTED_HASH_ALG)
- PSA_ASSERT( psa_hash_setup( &operation, KNOWN_SUPPORTED_HASH_ALG ) );
- PSA_ASSERT( psa_hash_abort( &operation ) );
+ PSA_ASSERT(psa_hash_setup(&operation, KNOWN_SUPPORTED_HASH_ALG));
+ PSA_ASSERT(psa_hash_abort(&operation));
#endif
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void hash_compute_fail( int alg_arg, data_t *input,
- int output_size_arg, int expected_status_arg )
+void hash_compute_fail(int alg_arg, data_t *input,
+ int output_size_arg, int expected_status_arg)
{
psa_algorithm_t alg = alg_arg;
uint8_t *output = NULL;
@@ -1575,100 +1599,99 @@
psa_status_t expected_status = expected_status_arg;
psa_status_t status;
- ASSERT_ALLOC( output, output_size );
+ ASSERT_ALLOC(output, output_size);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- status = psa_hash_compute( alg, input->x, input->len,
- output, output_size, &output_length );
- TEST_EQUAL( status, expected_status );
- TEST_LE_U( output_length, output_size );
+ status = psa_hash_compute(alg, input->x, input->len,
+ output, output_size, &output_length);
+ TEST_EQUAL(status, expected_status);
+ TEST_LE_U(output_length, output_size);
exit:
- mbedtls_free( output );
- PSA_DONE( );
+ mbedtls_free(output);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void hash_compare_fail( int alg_arg, data_t *input,
- data_t *reference_hash,
- int expected_status_arg )
+void hash_compare_fail(int alg_arg, data_t *input,
+ data_t *reference_hash,
+ int expected_status_arg)
{
psa_algorithm_t alg = alg_arg;
psa_status_t expected_status = expected_status_arg;
psa_status_t status;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- status = psa_hash_compare( alg, input->x, input->len,
- reference_hash->x, reference_hash->len );
- TEST_EQUAL( status, expected_status );
+ status = psa_hash_compare(alg, input->x, input->len,
+ reference_hash->x, reference_hash->len);
+ TEST_EQUAL(status, expected_status);
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void hash_compute_compare( int alg_arg, data_t *input,
- data_t *expected_output )
+void hash_compute_compare(int alg_arg, data_t *input,
+ data_t *expected_output)
{
psa_algorithm_t alg = alg_arg;
uint8_t output[PSA_HASH_MAX_SIZE + 1];
size_t output_length = INVALID_EXPORT_LENGTH;
size_t i;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/* Compute with tight buffer */
- PSA_ASSERT( psa_hash_compute( alg, input->x, input->len,
- output, PSA_HASH_LENGTH( alg ),
- &output_length ) );
- TEST_EQUAL( output_length, PSA_HASH_LENGTH( alg ) );
- ASSERT_COMPARE( output, output_length,
- expected_output->x, expected_output->len );
+ PSA_ASSERT(psa_hash_compute(alg, input->x, input->len,
+ output, PSA_HASH_LENGTH(alg),
+ &output_length));
+ TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg));
+ ASSERT_COMPARE(output, output_length,
+ expected_output->x, expected_output->len);
/* Compute with larger buffer */
- PSA_ASSERT( psa_hash_compute( alg, input->x, input->len,
- output, sizeof( output ),
- &output_length ) );
- TEST_EQUAL( output_length, PSA_HASH_LENGTH( alg ) );
- ASSERT_COMPARE( output, output_length,
- expected_output->x, expected_output->len );
+ PSA_ASSERT(psa_hash_compute(alg, input->x, input->len,
+ output, sizeof(output),
+ &output_length));
+ TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg));
+ ASSERT_COMPARE(output, output_length,
+ expected_output->x, expected_output->len);
/* Compare with correct hash */
- PSA_ASSERT( psa_hash_compare( alg, input->x, input->len,
- output, output_length ) );
+ PSA_ASSERT(psa_hash_compare(alg, input->x, input->len,
+ output, output_length));
/* Compare with trailing garbage */
- TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
- output, output_length + 1 ),
- PSA_ERROR_INVALID_SIGNATURE );
+ TEST_EQUAL(psa_hash_compare(alg, input->x, input->len,
+ output, output_length + 1),
+ PSA_ERROR_INVALID_SIGNATURE);
/* Compare with truncated hash */
- TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
- output, output_length - 1 ),
- PSA_ERROR_INVALID_SIGNATURE );
+ TEST_EQUAL(psa_hash_compare(alg, input->x, input->len,
+ output, output_length - 1),
+ PSA_ERROR_INVALID_SIGNATURE);
/* Compare with corrupted value */
- for( i = 0; i < output_length; i++ )
- {
- mbedtls_test_set_step( i );
+ for (i = 0; i < output_length; i++) {
+ mbedtls_test_set_step(i);
output[i] ^= 1;
- TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
- output, output_length ),
- PSA_ERROR_INVALID_SIGNATURE );
+ TEST_EQUAL(psa_hash_compare(alg, input->x, input->len,
+ output, output_length),
+ PSA_ERROR_INVALID_SIGNATURE);
output[i] ^= 1;
}
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
-void hash_bad_order( )
+void hash_bad_order()
{
psa_algorithm_t alg = PSA_ALG_SHA_256;
unsigned char input[] = "";
@@ -1676,103 +1699,104 @@
const unsigned char valid_hash[] = {
0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
- 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 };
+ 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
+ };
unsigned char hash[sizeof(valid_hash)] = { 0 };
size_t hash_len;
psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/* Call setup twice in a row. */
- PSA_ASSERT( psa_hash_setup( &operation, alg ) );
- ASSERT_OPERATION_IS_ACTIVE( operation );
- TEST_EQUAL( psa_hash_setup( &operation, alg ),
- PSA_ERROR_BAD_STATE );
- ASSERT_OPERATION_IS_INACTIVE( operation );
- PSA_ASSERT( psa_hash_abort( &operation ) );
- ASSERT_OPERATION_IS_INACTIVE( operation );
+ PSA_ASSERT(psa_hash_setup(&operation, alg));
+ ASSERT_OPERATION_IS_ACTIVE(operation);
+ TEST_EQUAL(psa_hash_setup(&operation, alg),
+ PSA_ERROR_BAD_STATE);
+ ASSERT_OPERATION_IS_INACTIVE(operation);
+ PSA_ASSERT(psa_hash_abort(&operation));
+ ASSERT_OPERATION_IS_INACTIVE(operation);
/* Call update without calling setup beforehand. */
- TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_hash_abort( &operation ) );
+ TEST_EQUAL(psa_hash_update(&operation, input, sizeof(input)),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_hash_abort(&operation));
/* Check that update calls abort on error. */
- PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ PSA_ASSERT(psa_hash_setup(&operation, alg));
operation.id = UINT_MAX;
- ASSERT_OPERATION_IS_ACTIVE( operation );
- TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
- PSA_ERROR_BAD_STATE );
- ASSERT_OPERATION_IS_INACTIVE( operation );
- PSA_ASSERT( psa_hash_abort( &operation ) );
- ASSERT_OPERATION_IS_INACTIVE( operation );
+ ASSERT_OPERATION_IS_ACTIVE(operation);
+ TEST_EQUAL(psa_hash_update(&operation, input, sizeof(input)),
+ PSA_ERROR_BAD_STATE);
+ ASSERT_OPERATION_IS_INACTIVE(operation);
+ PSA_ASSERT(psa_hash_abort(&operation));
+ ASSERT_OPERATION_IS_INACTIVE(operation);
/* Call update after finish. */
- PSA_ASSERT( psa_hash_setup( &operation, alg ) );
- PSA_ASSERT( psa_hash_finish( &operation,
- hash, sizeof( hash ), &hash_len ) );
- TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_hash_abort( &operation ) );
+ PSA_ASSERT(psa_hash_setup(&operation, alg));
+ PSA_ASSERT(psa_hash_finish(&operation,
+ hash, sizeof(hash), &hash_len));
+ TEST_EQUAL(psa_hash_update(&operation, input, sizeof(input)),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_hash_abort(&operation));
/* Call verify without calling setup beforehand. */
- TEST_EQUAL( psa_hash_verify( &operation,
- valid_hash, sizeof( valid_hash ) ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_hash_abort( &operation ) );
+ TEST_EQUAL(psa_hash_verify(&operation,
+ valid_hash, sizeof(valid_hash)),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_hash_abort(&operation));
/* Call verify after finish. */
- PSA_ASSERT( psa_hash_setup( &operation, alg ) );
- PSA_ASSERT( psa_hash_finish( &operation,
- hash, sizeof( hash ), &hash_len ) );
- TEST_EQUAL( psa_hash_verify( &operation,
- valid_hash, sizeof( valid_hash ) ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_hash_abort( &operation ) );
+ PSA_ASSERT(psa_hash_setup(&operation, alg));
+ PSA_ASSERT(psa_hash_finish(&operation,
+ hash, sizeof(hash), &hash_len));
+ TEST_EQUAL(psa_hash_verify(&operation,
+ valid_hash, sizeof(valid_hash)),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_hash_abort(&operation));
/* Call verify twice in a row. */
- PSA_ASSERT( psa_hash_setup( &operation, alg ) );
- ASSERT_OPERATION_IS_ACTIVE( operation );
- PSA_ASSERT( psa_hash_verify( &operation,
- valid_hash, sizeof( valid_hash ) ) );
- ASSERT_OPERATION_IS_INACTIVE( operation );
- TEST_EQUAL( psa_hash_verify( &operation,
- valid_hash, sizeof( valid_hash ) ),
- PSA_ERROR_BAD_STATE );
- ASSERT_OPERATION_IS_INACTIVE( operation );
- PSA_ASSERT( psa_hash_abort( &operation ) );
+ PSA_ASSERT(psa_hash_setup(&operation, alg));
+ ASSERT_OPERATION_IS_ACTIVE(operation);
+ PSA_ASSERT(psa_hash_verify(&operation,
+ valid_hash, sizeof(valid_hash)));
+ ASSERT_OPERATION_IS_INACTIVE(operation);
+ TEST_EQUAL(psa_hash_verify(&operation,
+ valid_hash, sizeof(valid_hash)),
+ PSA_ERROR_BAD_STATE);
+ ASSERT_OPERATION_IS_INACTIVE(operation);
+ PSA_ASSERT(psa_hash_abort(&operation));
/* Call finish without calling setup beforehand. */
- TEST_EQUAL( psa_hash_finish( &operation,
- hash, sizeof( hash ), &hash_len ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_hash_abort( &operation ) );
+ TEST_EQUAL(psa_hash_finish(&operation,
+ hash, sizeof(hash), &hash_len),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_hash_abort(&operation));
/* Call finish twice in a row. */
- PSA_ASSERT( psa_hash_setup( &operation, alg ) );
- PSA_ASSERT( psa_hash_finish( &operation,
- hash, sizeof( hash ), &hash_len ) );
- TEST_EQUAL( psa_hash_finish( &operation,
- hash, sizeof( hash ), &hash_len ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_hash_abort( &operation ) );
+ PSA_ASSERT(psa_hash_setup(&operation, alg));
+ PSA_ASSERT(psa_hash_finish(&operation,
+ hash, sizeof(hash), &hash_len));
+ TEST_EQUAL(psa_hash_finish(&operation,
+ hash, sizeof(hash), &hash_len),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_hash_abort(&operation));
/* Call finish after calling verify. */
- PSA_ASSERT( psa_hash_setup( &operation, alg ) );
- PSA_ASSERT( psa_hash_verify( &operation,
- valid_hash, sizeof( valid_hash ) ) );
- TEST_EQUAL( psa_hash_finish( &operation,
- hash, sizeof( hash ), &hash_len ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_hash_abort( &operation ) );
+ PSA_ASSERT(psa_hash_setup(&operation, alg));
+ PSA_ASSERT(psa_hash_verify(&operation,
+ valid_hash, sizeof(valid_hash)));
+ TEST_EQUAL(psa_hash_finish(&operation,
+ hash, sizeof(hash), &hash_len),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_hash_abort(&operation));
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
-void hash_verify_bad_args( )
+void hash_verify_bad_args()
{
psa_algorithm_t alg = PSA_ALG_SHA_256;
/* SHA-256 hash of an empty string with 2 extra bytes (0xaa and 0xbb)
@@ -1780,60 +1804,61 @@
unsigned char hash[] = {
0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
- 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, 0xaa, 0xbb };
- size_t expected_size = PSA_HASH_LENGTH( alg );
+ 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, 0xaa, 0xbb
+ };
+ size_t expected_size = PSA_HASH_LENGTH(alg);
psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/* psa_hash_verify with a smaller hash than expected */
- PSA_ASSERT( psa_hash_setup( &operation, alg ) );
- ASSERT_OPERATION_IS_ACTIVE( operation );
- TEST_EQUAL( psa_hash_verify( &operation, hash, expected_size - 1 ),
- PSA_ERROR_INVALID_SIGNATURE );
- ASSERT_OPERATION_IS_INACTIVE( operation );
- PSA_ASSERT( psa_hash_abort( &operation ) );
- ASSERT_OPERATION_IS_INACTIVE( operation );
+ PSA_ASSERT(psa_hash_setup(&operation, alg));
+ ASSERT_OPERATION_IS_ACTIVE(operation);
+ TEST_EQUAL(psa_hash_verify(&operation, hash, expected_size - 1),
+ PSA_ERROR_INVALID_SIGNATURE);
+ ASSERT_OPERATION_IS_INACTIVE(operation);
+ PSA_ASSERT(psa_hash_abort(&operation));
+ ASSERT_OPERATION_IS_INACTIVE(operation);
/* psa_hash_verify with a non-matching hash */
- PSA_ASSERT( psa_hash_setup( &operation, alg ) );
- TEST_EQUAL( psa_hash_verify( &operation, hash + 1, expected_size ),
- PSA_ERROR_INVALID_SIGNATURE );
+ PSA_ASSERT(psa_hash_setup(&operation, alg));
+ TEST_EQUAL(psa_hash_verify(&operation, hash + 1, expected_size),
+ PSA_ERROR_INVALID_SIGNATURE);
/* psa_hash_verify with a hash longer than expected */
- PSA_ASSERT( psa_hash_setup( &operation, alg ) );
- TEST_EQUAL( psa_hash_verify( &operation, hash, sizeof( hash ) ),
- PSA_ERROR_INVALID_SIGNATURE );
+ PSA_ASSERT(psa_hash_setup(&operation, alg));
+ TEST_EQUAL(psa_hash_verify(&operation, hash, sizeof(hash)),
+ PSA_ERROR_INVALID_SIGNATURE);
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
-void hash_finish_bad_args( )
+void hash_finish_bad_args()
{
psa_algorithm_t alg = PSA_ALG_SHA_256;
unsigned char hash[PSA_HASH_MAX_SIZE];
- size_t expected_size = PSA_HASH_LENGTH( alg );
+ size_t expected_size = PSA_HASH_LENGTH(alg);
psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
size_t hash_len;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/* psa_hash_finish with a smaller hash buffer than expected */
- PSA_ASSERT( psa_hash_setup( &operation, alg ) );
- TEST_EQUAL( psa_hash_finish( &operation,
- hash, expected_size - 1, &hash_len ),
- PSA_ERROR_BUFFER_TOO_SMALL );
+ PSA_ASSERT(psa_hash_setup(&operation, alg));
+ TEST_EQUAL(psa_hash_finish(&operation,
+ hash, expected_size - 1, &hash_len),
+ PSA_ERROR_BUFFER_TOO_SMALL);
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
-void hash_clone_source_state( )
+void hash_clone_source_state()
{
psa_algorithm_t alg = PSA_ALG_SHA_256;
unsigned char hash[PSA_HASH_MAX_SIZE];
@@ -1844,41 +1869,41 @@
psa_hash_operation_t op_aborted = PSA_HASH_OPERATION_INIT;
size_t hash_len;
- PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_hash_setup( &op_source, alg ) );
+ PSA_ASSERT(psa_crypto_init());
+ PSA_ASSERT(psa_hash_setup(&op_source, alg));
- PSA_ASSERT( psa_hash_setup( &op_setup, alg ) );
- PSA_ASSERT( psa_hash_setup( &op_finished, alg ) );
- PSA_ASSERT( psa_hash_finish( &op_finished,
- hash, sizeof( hash ), &hash_len ) );
- PSA_ASSERT( psa_hash_setup( &op_aborted, alg ) );
- PSA_ASSERT( psa_hash_abort( &op_aborted ) );
+ PSA_ASSERT(psa_hash_setup(&op_setup, alg));
+ PSA_ASSERT(psa_hash_setup(&op_finished, alg));
+ PSA_ASSERT(psa_hash_finish(&op_finished,
+ hash, sizeof(hash), &hash_len));
+ PSA_ASSERT(psa_hash_setup(&op_aborted, alg));
+ PSA_ASSERT(psa_hash_abort(&op_aborted));
- TEST_EQUAL( psa_hash_clone( &op_source, &op_setup ),
- PSA_ERROR_BAD_STATE );
+ TEST_EQUAL(psa_hash_clone(&op_source, &op_setup),
+ PSA_ERROR_BAD_STATE);
- PSA_ASSERT( psa_hash_clone( &op_source, &op_init ) );
- PSA_ASSERT( psa_hash_finish( &op_init,
- hash, sizeof( hash ), &hash_len ) );
- PSA_ASSERT( psa_hash_clone( &op_source, &op_finished ) );
- PSA_ASSERT( psa_hash_finish( &op_finished,
- hash, sizeof( hash ), &hash_len ) );
- PSA_ASSERT( psa_hash_clone( &op_source, &op_aborted ) );
- PSA_ASSERT( psa_hash_finish( &op_aborted,
- hash, sizeof( hash ), &hash_len ) );
+ PSA_ASSERT(psa_hash_clone(&op_source, &op_init));
+ PSA_ASSERT(psa_hash_finish(&op_init,
+ hash, sizeof(hash), &hash_len));
+ PSA_ASSERT(psa_hash_clone(&op_source, &op_finished));
+ PSA_ASSERT(psa_hash_finish(&op_finished,
+ hash, sizeof(hash), &hash_len));
+ PSA_ASSERT(psa_hash_clone(&op_source, &op_aborted));
+ PSA_ASSERT(psa_hash_finish(&op_aborted,
+ hash, sizeof(hash), &hash_len));
exit:
- psa_hash_abort( &op_source );
- psa_hash_abort( &op_init );
- psa_hash_abort( &op_setup );
- psa_hash_abort( &op_finished );
- psa_hash_abort( &op_aborted );
- PSA_DONE( );
+ psa_hash_abort(&op_source);
+ psa_hash_abort(&op_init);
+ psa_hash_abort(&op_setup);
+ psa_hash_abort(&op_finished);
+ psa_hash_abort(&op_aborted);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
-void hash_clone_target_state( )
+void hash_clone_target_state()
{
psa_algorithm_t alg = PSA_ALG_SHA_256;
unsigned char hash[PSA_HASH_MAX_SIZE];
@@ -1889,37 +1914,37 @@
psa_hash_operation_t op_target = PSA_HASH_OPERATION_INIT;
size_t hash_len;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- PSA_ASSERT( psa_hash_setup( &op_setup, alg ) );
- PSA_ASSERT( psa_hash_setup( &op_finished, alg ) );
- PSA_ASSERT( psa_hash_finish( &op_finished,
- hash, sizeof( hash ), &hash_len ) );
- PSA_ASSERT( psa_hash_setup( &op_aborted, alg ) );
- PSA_ASSERT( psa_hash_abort( &op_aborted ) );
+ PSA_ASSERT(psa_hash_setup(&op_setup, alg));
+ PSA_ASSERT(psa_hash_setup(&op_finished, alg));
+ PSA_ASSERT(psa_hash_finish(&op_finished,
+ hash, sizeof(hash), &hash_len));
+ PSA_ASSERT(psa_hash_setup(&op_aborted, alg));
+ PSA_ASSERT(psa_hash_abort(&op_aborted));
- PSA_ASSERT( psa_hash_clone( &op_setup, &op_target ) );
- PSA_ASSERT( psa_hash_finish( &op_target,
- hash, sizeof( hash ), &hash_len ) );
+ PSA_ASSERT(psa_hash_clone(&op_setup, &op_target));
+ PSA_ASSERT(psa_hash_finish(&op_target,
+ hash, sizeof(hash), &hash_len));
- TEST_EQUAL( psa_hash_clone( &op_init, &op_target ), PSA_ERROR_BAD_STATE );
- TEST_EQUAL( psa_hash_clone( &op_finished, &op_target ),
- PSA_ERROR_BAD_STATE );
- TEST_EQUAL( psa_hash_clone( &op_aborted, &op_target ),
- PSA_ERROR_BAD_STATE );
+ TEST_EQUAL(psa_hash_clone(&op_init, &op_target), PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(psa_hash_clone(&op_finished, &op_target),
+ PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(psa_hash_clone(&op_aborted, &op_target),
+ PSA_ERROR_BAD_STATE);
exit:
- psa_hash_abort( &op_target );
- psa_hash_abort( &op_init );
- psa_hash_abort( &op_setup );
- psa_hash_abort( &op_finished );
- psa_hash_abort( &op_aborted );
- PSA_DONE( );
+ psa_hash_abort(&op_target);
+ psa_hash_abort(&op_init);
+ psa_hash_abort(&op_setup);
+ psa_hash_abort(&op_finished);
+ psa_hash_abort(&op_aborted);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void mac_operation_init( )
+void mac_operation_init()
{
const uint8_t input[1] = { 0 };
@@ -1927,35 +1952,35 @@
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
* to suppress the Clang warning for the test. */
- psa_mac_operation_t func = psa_mac_operation_init( );
+ psa_mac_operation_t func = psa_mac_operation_init();
psa_mac_operation_t init = PSA_MAC_OPERATION_INIT;
psa_mac_operation_t zero;
- memset( &zero, 0, sizeof( zero ) );
+ memset(&zero, 0, sizeof(zero));
/* A freshly-initialized MAC operation should not be usable. */
- TEST_EQUAL( psa_mac_update( &func,
- input, sizeof( input ) ),
- PSA_ERROR_BAD_STATE );
- TEST_EQUAL( psa_mac_update( &init,
- input, sizeof( input ) ),
- PSA_ERROR_BAD_STATE );
- TEST_EQUAL( psa_mac_update( &zero,
- input, sizeof( input ) ),
- PSA_ERROR_BAD_STATE );
+ TEST_EQUAL(psa_mac_update(&func,
+ input, sizeof(input)),
+ PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(psa_mac_update(&init,
+ input, sizeof(input)),
+ PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(psa_mac_update(&zero,
+ input, sizeof(input)),
+ PSA_ERROR_BAD_STATE);
/* A default MAC operation should be abortable without error. */
- PSA_ASSERT( psa_mac_abort( &func ) );
- PSA_ASSERT( psa_mac_abort( &init ) );
- PSA_ASSERT( psa_mac_abort( &zero ) );
+ PSA_ASSERT(psa_mac_abort(&func));
+ PSA_ASSERT(psa_mac_abort(&init));
+ PSA_ASSERT(psa_mac_abort(&zero));
}
/* END_CASE */
/* BEGIN_CASE */
-void mac_setup( int key_type_arg,
- data_t *key,
- int alg_arg,
- int expected_status_arg )
+void mac_setup(int key_type_arg,
+ data_t *key,
+ int alg_arg,
+ int expected_status_arg)
{
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
@@ -1966,31 +1991,33 @@
const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk";
#endif
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- if( ! exercise_mac_setup( key_type, key->x, key->len, alg,
- &operation, &status ) )
+ if (!exercise_mac_setup(key_type, key->x, key->len, alg,
+ &operation, &status)) {
goto exit;
- TEST_EQUAL( status, expected_status );
+ }
+ TEST_EQUAL(status, expected_status);
/* The operation object should be reusable. */
#if defined(KNOWN_SUPPORTED_MAC_ALG)
- if( ! exercise_mac_setup( KNOWN_SUPPORTED_MAC_KEY_TYPE,
- smoke_test_key_data,
- sizeof( smoke_test_key_data ),
- KNOWN_SUPPORTED_MAC_ALG,
- &operation, &status ) )
+ if (!exercise_mac_setup(KNOWN_SUPPORTED_MAC_KEY_TYPE,
+ smoke_test_key_data,
+ sizeof(smoke_test_key_data),
+ KNOWN_SUPPORTED_MAC_ALG,
+ &operation, &status)) {
goto exit;
- TEST_EQUAL( status, PSA_SUCCESS );
+ }
+ TEST_EQUAL(status, PSA_SUCCESS);
#endif
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_HMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256 */
-void mac_bad_order( )
+void mac_bad_order()
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = PSA_KEY_TYPE_HMAC;
@@ -1998,7 +2025,8 @@
const uint8_t key_data[] = {
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
+ };
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
uint8_t sign_mac[PSA_MAC_MAX_SIZE + 10] = { 0 };
@@ -2007,119 +2035,120 @@
const uint8_t verify_mac[] = {
0x74, 0x65, 0x93, 0x8c, 0xeb, 0x1d, 0xb3, 0x76, 0x5a, 0x38, 0xe7, 0xdd,
0x85, 0xc5, 0xad, 0x4f, 0x07, 0xe7, 0xd5, 0xb2, 0x64, 0xf0, 0x1a, 0x1a,
- 0x2c, 0xf9, 0x18, 0xca, 0x59, 0x7e, 0x5d, 0xf6 };
+ 0x2c, 0xf9, 0x18, 0xca, 0x59, 0x7e, 0x5d, 0xf6
+ };
- PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ PSA_ASSERT(psa_crypto_init());
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ),
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data, sizeof(key_data),
+ &key));
/* Call update without calling setup beforehand. */
- TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_mac_abort( &operation ) );
+ TEST_EQUAL(psa_mac_update(&operation, input, sizeof(input)),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_mac_abort(&operation));
/* Call sign finish without calling setup beforehand. */
- TEST_EQUAL( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ),
- &sign_mac_length),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_mac_abort( &operation ) );
+ TEST_EQUAL(psa_mac_sign_finish(&operation, sign_mac, sizeof(sign_mac),
+ &sign_mac_length),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_mac_abort(&operation));
/* Call verify finish without calling setup beforehand. */
- TEST_EQUAL( psa_mac_verify_finish( &operation,
- verify_mac, sizeof( verify_mac ) ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_mac_abort( &operation ) );
+ TEST_EQUAL(psa_mac_verify_finish(&operation,
+ verify_mac, sizeof(verify_mac)),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_mac_abort(&operation));
/* Call setup twice in a row. */
- PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
- ASSERT_OPERATION_IS_ACTIVE( operation );
- TEST_EQUAL( psa_mac_sign_setup( &operation, key, alg ),
- PSA_ERROR_BAD_STATE );
- ASSERT_OPERATION_IS_INACTIVE( operation );
- PSA_ASSERT( psa_mac_abort( &operation ) );
- ASSERT_OPERATION_IS_INACTIVE( operation );
+ PSA_ASSERT(psa_mac_sign_setup(&operation, key, alg));
+ ASSERT_OPERATION_IS_ACTIVE(operation);
+ TEST_EQUAL(psa_mac_sign_setup(&operation, key, alg),
+ PSA_ERROR_BAD_STATE);
+ ASSERT_OPERATION_IS_INACTIVE(operation);
+ PSA_ASSERT(psa_mac_abort(&operation));
+ ASSERT_OPERATION_IS_INACTIVE(operation);
/* Call update after sign finish. */
- PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
- PSA_ASSERT( psa_mac_sign_finish( &operation,
- sign_mac, sizeof( sign_mac ),
- &sign_mac_length ) );
- TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_mac_abort( &operation ) );
+ PSA_ASSERT(psa_mac_sign_setup(&operation, key, alg));
+ PSA_ASSERT(psa_mac_update(&operation, input, sizeof(input)));
+ PSA_ASSERT(psa_mac_sign_finish(&operation,
+ sign_mac, sizeof(sign_mac),
+ &sign_mac_length));
+ TEST_EQUAL(psa_mac_update(&operation, input, sizeof(input)),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_mac_abort(&operation));
/* Call update after verify finish. */
- PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
- PSA_ASSERT( psa_mac_verify_finish( &operation,
- verify_mac, sizeof( verify_mac ) ) );
- TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_mac_abort( &operation ) );
+ PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg));
+ PSA_ASSERT(psa_mac_update(&operation, input, sizeof(input)));
+ PSA_ASSERT(psa_mac_verify_finish(&operation,
+ verify_mac, sizeof(verify_mac)));
+ TEST_EQUAL(psa_mac_update(&operation, input, sizeof(input)),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_mac_abort(&operation));
/* Call sign finish twice in a row. */
- PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
- PSA_ASSERT( psa_mac_sign_finish( &operation,
- sign_mac, sizeof( sign_mac ),
- &sign_mac_length ) );
- TEST_EQUAL( psa_mac_sign_finish( &operation,
- sign_mac, sizeof( sign_mac ),
- &sign_mac_length ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_mac_abort( &operation ) );
+ PSA_ASSERT(psa_mac_sign_setup(&operation, key, alg));
+ PSA_ASSERT(psa_mac_update(&operation, input, sizeof(input)));
+ PSA_ASSERT(psa_mac_sign_finish(&operation,
+ sign_mac, sizeof(sign_mac),
+ &sign_mac_length));
+ TEST_EQUAL(psa_mac_sign_finish(&operation,
+ sign_mac, sizeof(sign_mac),
+ &sign_mac_length),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_mac_abort(&operation));
/* Call verify finish twice in a row. */
- PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
- PSA_ASSERT( psa_mac_verify_finish( &operation,
- verify_mac, sizeof( verify_mac ) ) );
- TEST_EQUAL( psa_mac_verify_finish( &operation,
- verify_mac, sizeof( verify_mac ) ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_mac_abort( &operation ) );
+ PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg));
+ PSA_ASSERT(psa_mac_update(&operation, input, sizeof(input)));
+ PSA_ASSERT(psa_mac_verify_finish(&operation,
+ verify_mac, sizeof(verify_mac)));
+ TEST_EQUAL(psa_mac_verify_finish(&operation,
+ verify_mac, sizeof(verify_mac)),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_mac_abort(&operation));
/* Setup sign but try verify. */
- PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
- ASSERT_OPERATION_IS_ACTIVE( operation );
- TEST_EQUAL( psa_mac_verify_finish( &operation,
- verify_mac, sizeof( verify_mac ) ),
- PSA_ERROR_BAD_STATE );
- ASSERT_OPERATION_IS_INACTIVE( operation );
- PSA_ASSERT( psa_mac_abort( &operation ) );
- ASSERT_OPERATION_IS_INACTIVE( operation );
+ PSA_ASSERT(psa_mac_sign_setup(&operation, key, alg));
+ PSA_ASSERT(psa_mac_update(&operation, input, sizeof(input)));
+ ASSERT_OPERATION_IS_ACTIVE(operation);
+ TEST_EQUAL(psa_mac_verify_finish(&operation,
+ verify_mac, sizeof(verify_mac)),
+ PSA_ERROR_BAD_STATE);
+ ASSERT_OPERATION_IS_INACTIVE(operation);
+ PSA_ASSERT(psa_mac_abort(&operation));
+ ASSERT_OPERATION_IS_INACTIVE(operation);
/* Setup verify but try sign. */
- PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
- ASSERT_OPERATION_IS_ACTIVE( operation );
- TEST_EQUAL( psa_mac_sign_finish( &operation,
- sign_mac, sizeof( sign_mac ),
- &sign_mac_length ),
- PSA_ERROR_BAD_STATE );
- ASSERT_OPERATION_IS_INACTIVE( operation );
- PSA_ASSERT( psa_mac_abort( &operation ) );
- ASSERT_OPERATION_IS_INACTIVE( operation );
+ PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg));
+ PSA_ASSERT(psa_mac_update(&operation, input, sizeof(input)));
+ ASSERT_OPERATION_IS_ACTIVE(operation);
+ TEST_EQUAL(psa_mac_sign_finish(&operation,
+ sign_mac, sizeof(sign_mac),
+ &sign_mac_length),
+ PSA_ERROR_BAD_STATE);
+ ASSERT_OPERATION_IS_INACTIVE(operation);
+ PSA_ASSERT(psa_mac_abort(&operation));
+ ASSERT_OPERATION_IS_INACTIVE(operation);
- PSA_ASSERT( psa_destroy_key( key ) );
+ PSA_ASSERT(psa_destroy_key(key));
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void mac_sign( int key_type_arg,
- data_t *key_data,
- int alg_arg,
- data_t *input,
- data_t *expected_mac )
+void mac_sign(int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input,
+ data_t *expected_mac)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -2128,7 +2157,7 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *actual_mac = NULL;
size_t mac_buffer_size =
- PSA_MAC_LENGTH( key_type, PSA_BYTES_TO_BITS( key_data->len ), alg );
+ PSA_MAC_LENGTH(key_type, PSA_BYTES_TO_BITS(key_data->len), alg);
size_t mac_length = 0;
const size_t output_sizes_to_test[] = {
0,
@@ -2138,76 +2167,74 @@
expected_mac->len + 1,
};
- TEST_LE_U( mac_buffer_size, PSA_MAC_MAX_SIZE );
+ TEST_LE_U(mac_buffer_size, PSA_MAC_MAX_SIZE);
/* We expect PSA_MAC_LENGTH to be exact. */
- TEST_ASSERT( expected_mac->len == mac_buffer_size );
+ TEST_ASSERT(expected_mac->len == mac_buffer_size);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- for( size_t i = 0; i < ARRAY_LENGTH( output_sizes_to_test ); i++ )
- {
+ for (size_t i = 0; i < ARRAY_LENGTH(output_sizes_to_test); i++) {
const size_t output_size = output_sizes_to_test[i];
psa_status_t expected_status =
- ( output_size >= expected_mac->len ? PSA_SUCCESS :
- PSA_ERROR_BUFFER_TOO_SMALL );
+ (output_size >= expected_mac->len ? PSA_SUCCESS :
+ PSA_ERROR_BUFFER_TOO_SMALL);
- mbedtls_test_set_step( output_size );
- ASSERT_ALLOC( actual_mac, output_size );
+ mbedtls_test_set_step(output_size);
+ ASSERT_ALLOC(actual_mac, output_size);
/* Calculate the MAC, one-shot case. */
- TEST_EQUAL( psa_mac_compute( key, alg,
- input->x, input->len,
- actual_mac, output_size, &mac_length ),
- expected_status );
- if( expected_status == PSA_SUCCESS )
- {
- ASSERT_COMPARE( expected_mac->x, expected_mac->len,
- actual_mac, mac_length );
+ TEST_EQUAL(psa_mac_compute(key, alg,
+ input->x, input->len,
+ actual_mac, output_size, &mac_length),
+ expected_status);
+ if (expected_status == PSA_SUCCESS) {
+ ASSERT_COMPARE(expected_mac->x, expected_mac->len,
+ actual_mac, mac_length);
}
- if( output_size > 0 )
- memset( actual_mac, 0, output_size );
+ if (output_size > 0) {
+ memset(actual_mac, 0, output_size);
+ }
/* Calculate the MAC, multi-part case. */
- PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_mac_update( &operation,
- input->x, input->len ) );
- TEST_EQUAL( psa_mac_sign_finish( &operation,
- actual_mac, output_size,
- &mac_length ),
- expected_status );
- PSA_ASSERT( psa_mac_abort( &operation ) );
+ PSA_ASSERT(psa_mac_sign_setup(&operation, key, alg));
+ PSA_ASSERT(psa_mac_update(&operation,
+ input->x, input->len));
+ TEST_EQUAL(psa_mac_sign_finish(&operation,
+ actual_mac, output_size,
+ &mac_length),
+ expected_status);
+ PSA_ASSERT(psa_mac_abort(&operation));
- if( expected_status == PSA_SUCCESS )
- {
- ASSERT_COMPARE( expected_mac->x, expected_mac->len,
- actual_mac, mac_length );
+ if (expected_status == PSA_SUCCESS) {
+ ASSERT_COMPARE(expected_mac->x, expected_mac->len,
+ actual_mac, mac_length);
}
- mbedtls_free( actual_mac );
+ mbedtls_free(actual_mac);
actual_mac = NULL;
}
exit:
- psa_mac_abort( &operation );
- psa_destroy_key( key );
- PSA_DONE( );
- mbedtls_free( actual_mac );
+ psa_mac_abort(&operation);
+ psa_destroy_key(key);
+ PSA_DONE();
+ mbedtls_free(actual_mac);
}
/* END_CASE */
/* BEGIN_CASE */
-void mac_verify( int key_type_arg,
- data_t *key_data,
- int alg_arg,
- data_t *input,
- data_t *expected_mac )
+void mac_verify(int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input,
+ data_t *expected_mac)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -2216,93 +2243,92 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *perturbed_mac = NULL;
- TEST_LE_U( expected_mac->len, PSA_MAC_MAX_SIZE );
+ TEST_LE_U(expected_mac->len, PSA_MAC_MAX_SIZE);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
/* Verify correct MAC, one-shot case. */
- PSA_ASSERT( psa_mac_verify( key, alg, input->x, input->len,
- expected_mac->x, expected_mac->len ) );
+ PSA_ASSERT(psa_mac_verify(key, alg, input->x, input->len,
+ expected_mac->x, expected_mac->len));
/* Verify correct MAC, multi-part case. */
- PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_mac_update( &operation,
- input->x, input->len ) );
- PSA_ASSERT( psa_mac_verify_finish( &operation,
- expected_mac->x,
- expected_mac->len ) );
+ PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg));
+ PSA_ASSERT(psa_mac_update(&operation,
+ input->x, input->len));
+ PSA_ASSERT(psa_mac_verify_finish(&operation,
+ expected_mac->x,
+ expected_mac->len));
/* Test a MAC that's too short, one-shot case. */
- TEST_EQUAL( psa_mac_verify( key, alg,
- input->x, input->len,
- expected_mac->x,
- expected_mac->len - 1 ),
- PSA_ERROR_INVALID_SIGNATURE );
+ TEST_EQUAL(psa_mac_verify(key, alg,
+ input->x, input->len,
+ expected_mac->x,
+ expected_mac->len - 1),
+ PSA_ERROR_INVALID_SIGNATURE);
/* Test a MAC that's too short, multi-part case. */
- PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_mac_update( &operation,
- input->x, input->len ) );
- TEST_EQUAL( psa_mac_verify_finish( &operation,
- expected_mac->x,
- expected_mac->len - 1 ),
- PSA_ERROR_INVALID_SIGNATURE );
+ PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg));
+ PSA_ASSERT(psa_mac_update(&operation,
+ input->x, input->len));
+ TEST_EQUAL(psa_mac_verify_finish(&operation,
+ expected_mac->x,
+ expected_mac->len - 1),
+ PSA_ERROR_INVALID_SIGNATURE);
/* Test a MAC that's too long, one-shot case. */
- ASSERT_ALLOC( perturbed_mac, expected_mac->len + 1 );
- memcpy( perturbed_mac, expected_mac->x, expected_mac->len );
- TEST_EQUAL( psa_mac_verify( key, alg,
- input->x, input->len,
- perturbed_mac, expected_mac->len + 1 ),
- PSA_ERROR_INVALID_SIGNATURE );
+ ASSERT_ALLOC(perturbed_mac, expected_mac->len + 1);
+ memcpy(perturbed_mac, expected_mac->x, expected_mac->len);
+ TEST_EQUAL(psa_mac_verify(key, alg,
+ input->x, input->len,
+ perturbed_mac, expected_mac->len + 1),
+ PSA_ERROR_INVALID_SIGNATURE);
/* Test a MAC that's too long, multi-part case. */
- PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_mac_update( &operation,
- input->x, input->len ) );
- TEST_EQUAL( psa_mac_verify_finish( &operation,
- perturbed_mac,
- expected_mac->len + 1 ),
- PSA_ERROR_INVALID_SIGNATURE );
+ PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg));
+ PSA_ASSERT(psa_mac_update(&operation,
+ input->x, input->len));
+ TEST_EQUAL(psa_mac_verify_finish(&operation,
+ perturbed_mac,
+ expected_mac->len + 1),
+ PSA_ERROR_INVALID_SIGNATURE);
/* Test changing one byte. */
- for( size_t i = 0; i < expected_mac->len; i++ )
- {
- mbedtls_test_set_step( i );
+ for (size_t i = 0; i < expected_mac->len; i++) {
+ mbedtls_test_set_step(i);
perturbed_mac[i] ^= 1;
- TEST_EQUAL( psa_mac_verify( key, alg,
- input->x, input->len,
- perturbed_mac, expected_mac->len ),
- PSA_ERROR_INVALID_SIGNATURE );
+ TEST_EQUAL(psa_mac_verify(key, alg,
+ input->x, input->len,
+ perturbed_mac, expected_mac->len),
+ PSA_ERROR_INVALID_SIGNATURE);
- PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_mac_update( &operation,
- input->x, input->len ) );
- TEST_EQUAL( psa_mac_verify_finish( &operation,
- perturbed_mac,
- expected_mac->len ),
- PSA_ERROR_INVALID_SIGNATURE );
+ PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg));
+ PSA_ASSERT(psa_mac_update(&operation,
+ input->x, input->len));
+ TEST_EQUAL(psa_mac_verify_finish(&operation,
+ perturbed_mac,
+ expected_mac->len),
+ PSA_ERROR_INVALID_SIGNATURE);
perturbed_mac[i] ^= 1;
}
exit:
- psa_mac_abort( &operation );
- psa_destroy_key( key );
- PSA_DONE( );
- mbedtls_free( perturbed_mac );
+ psa_mac_abort(&operation);
+ psa_destroy_key(key);
+ PSA_DONE();
+ mbedtls_free(perturbed_mac);
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_operation_init( )
+void cipher_operation_init()
{
const uint8_t input[1] = { 0 };
unsigned char output[1] = { 0 };
@@ -2311,41 +2337,41 @@
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
* to suppress the Clang warning for the test. */
- psa_cipher_operation_t func = psa_cipher_operation_init( );
+ psa_cipher_operation_t func = psa_cipher_operation_init();
psa_cipher_operation_t init = PSA_CIPHER_OPERATION_INIT;
psa_cipher_operation_t zero;
- memset( &zero, 0, sizeof( zero ) );
+ memset(&zero, 0, sizeof(zero));
/* A freshly-initialized cipher operation should not be usable. */
- TEST_EQUAL( psa_cipher_update( &func,
- input, sizeof( input ),
- output, sizeof( output ),
- &output_length ),
- PSA_ERROR_BAD_STATE );
- TEST_EQUAL( psa_cipher_update( &init,
- input, sizeof( input ),
- output, sizeof( output ),
- &output_length ),
- PSA_ERROR_BAD_STATE );
- TEST_EQUAL( psa_cipher_update( &zero,
- input, sizeof( input ),
- output, sizeof( output ),
- &output_length ),
- PSA_ERROR_BAD_STATE );
+ TEST_EQUAL(psa_cipher_update(&func,
+ input, sizeof(input),
+ output, sizeof(output),
+ &output_length),
+ PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(psa_cipher_update(&init,
+ input, sizeof(input),
+ output, sizeof(output),
+ &output_length),
+ PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(psa_cipher_update(&zero,
+ input, sizeof(input),
+ output, sizeof(output),
+ &output_length),
+ PSA_ERROR_BAD_STATE);
/* A default cipher operation should be abortable without error. */
- PSA_ASSERT( psa_cipher_abort( &func ) );
- PSA_ASSERT( psa_cipher_abort( &init ) );
- PSA_ASSERT( psa_cipher_abort( &zero ) );
+ PSA_ASSERT(psa_cipher_abort(&func));
+ PSA_ASSERT(psa_cipher_abort(&init));
+ PSA_ASSERT(psa_cipher_abort(&zero));
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_setup( int key_type_arg,
- data_t *key,
- int alg_arg,
- int expected_status_arg )
+void cipher_setup(int key_type_arg,
+ data_t *key,
+ int alg_arg,
+ int expected_status_arg)
{
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
@@ -2356,32 +2382,34 @@
const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk";
#endif
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- if( ! exercise_cipher_setup( key_type, key->x, key->len, alg,
- &operation, &status ) )
+ if (!exercise_cipher_setup(key_type, key->x, key->len, alg,
+ &operation, &status)) {
goto exit;
- TEST_EQUAL( status, expected_status );
+ }
+ TEST_EQUAL(status, expected_status);
/* The operation object should be reusable. */
#if defined(KNOWN_SUPPORTED_CIPHER_ALG)
- if( ! exercise_cipher_setup( KNOWN_SUPPORTED_CIPHER_KEY_TYPE,
- smoke_test_key_data,
- sizeof( smoke_test_key_data ),
- KNOWN_SUPPORTED_CIPHER_ALG,
- &operation, &status ) )
+ if (!exercise_cipher_setup(KNOWN_SUPPORTED_CIPHER_KEY_TYPE,
+ smoke_test_key_data,
+ sizeof(smoke_test_key_data),
+ KNOWN_SUPPORTED_CIPHER_ALG,
+ &operation, &status)) {
goto exit;
- TEST_EQUAL( status, PSA_SUCCESS );
+ }
+ TEST_EQUAL(status, PSA_SUCCESS);
#endif
exit:
- psa_cipher_abort( &operation );
- PSA_DONE( );
+ psa_cipher_abort(&operation);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_PKCS7 */
-void cipher_bad_order( )
+void cipher_bad_order()
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = PSA_KEY_TYPE_AES;
@@ -2391,173 +2419,175 @@
unsigned char iv[PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES)] = { 0 };
const uint8_t key_data[] = {
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa };
+ 0xaa, 0xaa, 0xaa, 0xaa
+ };
const uint8_t text[] = {
0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
- 0xbb, 0xbb, 0xbb, 0xbb };
+ 0xbb, 0xbb, 0xbb, 0xbb
+ };
uint8_t buffer[PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES)] = { 0 };
size_t length = 0;
- PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ),
- &key ) );
+ PSA_ASSERT(psa_crypto_init());
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
+ PSA_ASSERT(psa_import_key(&attributes, key_data, sizeof(key_data),
+ &key));
/* Call encrypt setup twice in a row. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- ASSERT_OPERATION_IS_ACTIVE( operation );
- TEST_EQUAL( psa_cipher_encrypt_setup( &operation, key, alg ),
- PSA_ERROR_BAD_STATE );
- ASSERT_OPERATION_IS_INACTIVE( operation );
- PSA_ASSERT( psa_cipher_abort( &operation ) );
- ASSERT_OPERATION_IS_INACTIVE( operation );
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
+ ASSERT_OPERATION_IS_ACTIVE(operation);
+ TEST_EQUAL(psa_cipher_encrypt_setup(&operation, key, alg),
+ PSA_ERROR_BAD_STATE);
+ ASSERT_OPERATION_IS_INACTIVE(operation);
+ PSA_ASSERT(psa_cipher_abort(&operation));
+ ASSERT_OPERATION_IS_INACTIVE(operation);
/* Call decrypt setup twice in a row. */
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
- ASSERT_OPERATION_IS_ACTIVE( operation );
- TEST_EQUAL( psa_cipher_decrypt_setup( &operation, key, alg ),
- PSA_ERROR_BAD_STATE );
- ASSERT_OPERATION_IS_INACTIVE( operation );
- PSA_ASSERT( psa_cipher_abort( &operation ) );
- ASSERT_OPERATION_IS_INACTIVE( operation );
+ PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg));
+ ASSERT_OPERATION_IS_ACTIVE(operation);
+ TEST_EQUAL(psa_cipher_decrypt_setup(&operation, key, alg),
+ PSA_ERROR_BAD_STATE);
+ ASSERT_OPERATION_IS_INACTIVE(operation);
+ PSA_ASSERT(psa_cipher_abort(&operation));
+ ASSERT_OPERATION_IS_INACTIVE(operation);
/* Generate an IV without calling setup beforehand. */
- TEST_EQUAL( psa_cipher_generate_iv( &operation,
- buffer, sizeof( buffer ),
- &length ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_cipher_abort( &operation ) );
+ TEST_EQUAL(psa_cipher_generate_iv(&operation,
+ buffer, sizeof(buffer),
+ &length),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_cipher_abort(&operation));
/* Generate an IV twice in a row. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_cipher_generate_iv( &operation,
- buffer, sizeof( buffer ),
- &length ) );
- ASSERT_OPERATION_IS_ACTIVE( operation );
- TEST_EQUAL( psa_cipher_generate_iv( &operation,
- buffer, sizeof( buffer ),
- &length ),
- PSA_ERROR_BAD_STATE );
- ASSERT_OPERATION_IS_INACTIVE( operation );
- PSA_ASSERT( psa_cipher_abort( &operation ) );
- ASSERT_OPERATION_IS_INACTIVE( operation );
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
+ PSA_ASSERT(psa_cipher_generate_iv(&operation,
+ buffer, sizeof(buffer),
+ &length));
+ ASSERT_OPERATION_IS_ACTIVE(operation);
+ TEST_EQUAL(psa_cipher_generate_iv(&operation,
+ buffer, sizeof(buffer),
+ &length),
+ PSA_ERROR_BAD_STATE);
+ ASSERT_OPERATION_IS_INACTIVE(operation);
+ PSA_ASSERT(psa_cipher_abort(&operation));
+ ASSERT_OPERATION_IS_INACTIVE(operation);
/* Generate an IV after it's already set. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_cipher_set_iv( &operation,
- iv, sizeof( iv ) ) );
- TEST_EQUAL( psa_cipher_generate_iv( &operation,
- buffer, sizeof( buffer ),
- &length ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_cipher_abort( &operation ) );
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
+ PSA_ASSERT(psa_cipher_set_iv(&operation,
+ iv, sizeof(iv)));
+ TEST_EQUAL(psa_cipher_generate_iv(&operation,
+ buffer, sizeof(buffer),
+ &length),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_cipher_abort(&operation));
/* Set an IV without calling setup beforehand. */
- TEST_EQUAL( psa_cipher_set_iv( &operation,
- iv, sizeof( iv ) ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_cipher_abort( &operation ) );
+ TEST_EQUAL(psa_cipher_set_iv(&operation,
+ iv, sizeof(iv)),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_cipher_abort(&operation));
/* Set an IV after it's already set. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_cipher_set_iv( &operation,
- iv, sizeof( iv ) ) );
- ASSERT_OPERATION_IS_ACTIVE( operation );
- TEST_EQUAL( psa_cipher_set_iv( &operation,
- iv, sizeof( iv ) ),
- PSA_ERROR_BAD_STATE );
- ASSERT_OPERATION_IS_INACTIVE( operation );
- PSA_ASSERT( psa_cipher_abort( &operation ) );
- ASSERT_OPERATION_IS_INACTIVE( operation );
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
+ PSA_ASSERT(psa_cipher_set_iv(&operation,
+ iv, sizeof(iv)));
+ ASSERT_OPERATION_IS_ACTIVE(operation);
+ TEST_EQUAL(psa_cipher_set_iv(&operation,
+ iv, sizeof(iv)),
+ PSA_ERROR_BAD_STATE);
+ ASSERT_OPERATION_IS_INACTIVE(operation);
+ PSA_ASSERT(psa_cipher_abort(&operation));
+ ASSERT_OPERATION_IS_INACTIVE(operation);
/* Set an IV after it's already generated. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_cipher_generate_iv( &operation,
- buffer, sizeof( buffer ),
- &length ) );
- TEST_EQUAL( psa_cipher_set_iv( &operation,
- iv, sizeof( iv ) ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_cipher_abort( &operation ) );
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
+ PSA_ASSERT(psa_cipher_generate_iv(&operation,
+ buffer, sizeof(buffer),
+ &length));
+ TEST_EQUAL(psa_cipher_set_iv(&operation,
+ iv, sizeof(iv)),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_cipher_abort(&operation));
/* Call update without calling setup beforehand. */
- TEST_EQUAL( psa_cipher_update( &operation,
- text, sizeof( text ),
- buffer, sizeof( buffer ),
- &length ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_cipher_abort( &operation ) );
+ TEST_EQUAL(psa_cipher_update(&operation,
+ text, sizeof(text),
+ buffer, sizeof(buffer),
+ &length),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_cipher_abort(&operation));
/* Call update without an IV where an IV is required. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- ASSERT_OPERATION_IS_ACTIVE( operation );
- TEST_EQUAL( psa_cipher_update( &operation,
- text, sizeof( text ),
- buffer, sizeof( buffer ),
- &length ),
- PSA_ERROR_BAD_STATE );
- ASSERT_OPERATION_IS_INACTIVE( operation );
- PSA_ASSERT( psa_cipher_abort( &operation ) );
- ASSERT_OPERATION_IS_INACTIVE( operation );
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
+ ASSERT_OPERATION_IS_ACTIVE(operation);
+ TEST_EQUAL(psa_cipher_update(&operation,
+ text, sizeof(text),
+ buffer, sizeof(buffer),
+ &length),
+ PSA_ERROR_BAD_STATE);
+ ASSERT_OPERATION_IS_INACTIVE(operation);
+ PSA_ASSERT(psa_cipher_abort(&operation));
+ ASSERT_OPERATION_IS_INACTIVE(operation);
/* Call update after finish. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_cipher_set_iv( &operation,
- iv, sizeof( iv ) ) );
- PSA_ASSERT( psa_cipher_finish( &operation,
- buffer, sizeof( buffer ), &length ) );
- TEST_EQUAL( psa_cipher_update( &operation,
- text, sizeof( text ),
- buffer, sizeof( buffer ),
- &length ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_cipher_abort( &operation ) );
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
+ PSA_ASSERT(psa_cipher_set_iv(&operation,
+ iv, sizeof(iv)));
+ PSA_ASSERT(psa_cipher_finish(&operation,
+ buffer, sizeof(buffer), &length));
+ TEST_EQUAL(psa_cipher_update(&operation,
+ text, sizeof(text),
+ buffer, sizeof(buffer),
+ &length),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_cipher_abort(&operation));
/* Call finish without calling setup beforehand. */
- TEST_EQUAL( psa_cipher_finish( &operation,
- buffer, sizeof( buffer ), &length ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_cipher_abort( &operation ) );
+ TEST_EQUAL(psa_cipher_finish(&operation,
+ buffer, sizeof(buffer), &length),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_cipher_abort(&operation));
/* Call finish without an IV where an IV is required. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
/* Not calling update means we are encrypting an empty buffer, which is OK
* for cipher modes with padding. */
- ASSERT_OPERATION_IS_ACTIVE( operation );
- TEST_EQUAL( psa_cipher_finish( &operation,
- buffer, sizeof( buffer ), &length ),
- PSA_ERROR_BAD_STATE );
- ASSERT_OPERATION_IS_INACTIVE( operation );
- PSA_ASSERT( psa_cipher_abort( &operation ) );
- ASSERT_OPERATION_IS_INACTIVE( operation );
+ ASSERT_OPERATION_IS_ACTIVE(operation);
+ TEST_EQUAL(psa_cipher_finish(&operation,
+ buffer, sizeof(buffer), &length),
+ PSA_ERROR_BAD_STATE);
+ ASSERT_OPERATION_IS_INACTIVE(operation);
+ PSA_ASSERT(psa_cipher_abort(&operation));
+ ASSERT_OPERATION_IS_INACTIVE(operation);
/* Call finish twice in a row. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_cipher_set_iv( &operation,
- iv, sizeof( iv ) ) );
- PSA_ASSERT( psa_cipher_finish( &operation,
- buffer, sizeof( buffer ), &length ) );
- TEST_EQUAL( psa_cipher_finish( &operation,
- buffer, sizeof( buffer ), &length ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_cipher_abort( &operation ) );
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
+ PSA_ASSERT(psa_cipher_set_iv(&operation,
+ iv, sizeof(iv)));
+ PSA_ASSERT(psa_cipher_finish(&operation,
+ buffer, sizeof(buffer), &length));
+ TEST_EQUAL(psa_cipher_finish(&operation,
+ buffer, sizeof(buffer), &length),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_cipher_abort(&operation));
- PSA_ASSERT( psa_destroy_key( key ) );
+ PSA_ASSERT(psa_destroy_key(key));
exit:
- psa_cipher_abort( &operation );
- PSA_DONE( );
+ psa_cipher_abort(&operation);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_encrypt_fail( int alg_arg,
- int key_type_arg,
- data_t *key_data,
- data_t *input,
- int expected_status_arg )
+void cipher_encrypt_fail(int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *input,
+ int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
@@ -2569,37 +2599,36 @@
size_t output_length = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- if ( PSA_ERROR_BAD_STATE != expected_status )
- {
- PSA_ASSERT( psa_crypto_init( ) );
+ if (PSA_ERROR_BAD_STATE != expected_status) {
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg,
- input->len );
- ASSERT_ALLOC( output, output_buffer_size );
+ output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg,
+ input->len);
+ ASSERT_ALLOC(output, output_buffer_size);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
}
- status = psa_cipher_encrypt( key, alg, input->x, input->len, output,
- output_buffer_size, &output_length );
+ status = psa_cipher_encrypt(key, alg, input->x, input->len, output,
+ output_buffer_size, &output_length);
- TEST_EQUAL( status, expected_status );
+ TEST_EQUAL(status, expected_status);
exit:
- mbedtls_free( output );
- psa_destroy_key( key );
- PSA_DONE( );
+ mbedtls_free(output);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_alg_without_iv( int alg_arg, int key_type_arg, data_t *key_data,
- data_t *plaintext, data_t *ciphertext )
+void cipher_alg_without_iv(int alg_arg, int key_type_arg, data_t *key_data,
+ data_t *plaintext, data_t *ciphertext)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -2611,110 +2640,110 @@
size_t output_length, length;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/* Validate size macros */
- TEST_LE_U( ciphertext->len,
- PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, plaintext->len ) );
- TEST_LE_U( PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, plaintext->len ),
- PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( plaintext->len ) );
- TEST_LE_U( plaintext->len,
- PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, ciphertext->len ) );
- TEST_LE_U( PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, ciphertext->len ),
- PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( ciphertext->len ) );
+ TEST_LE_U(ciphertext->len,
+ PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext->len));
+ TEST_LE_U(PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext->len),
+ PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(plaintext->len));
+ TEST_LE_U(plaintext->len,
+ PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext->len));
+ TEST_LE_U(PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext->len),
+ PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(ciphertext->len));
/* Set up key and output buffer */
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
- output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg,
- plaintext->len );
- ASSERT_ALLOC( output, output_buffer_size );
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+ output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg,
+ plaintext->len);
+ ASSERT_ALLOC(output, output_buffer_size);
/* set_iv() is not allowed */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- TEST_EQUAL( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
- TEST_EQUAL( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ),
- PSA_ERROR_BAD_STATE );
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
+ TEST_EQUAL(psa_cipher_set_iv(&operation, iv, sizeof(iv)),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg));
+ TEST_EQUAL(psa_cipher_set_iv(&operation, iv, sizeof(iv)),
+ PSA_ERROR_BAD_STATE);
/* generate_iv() is not allowed */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- TEST_EQUAL( psa_cipher_generate_iv( &operation, iv, sizeof( iv ),
- &length ),
- PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
- TEST_EQUAL( psa_cipher_generate_iv( &operation, iv, sizeof( iv ),
- &length ),
- PSA_ERROR_BAD_STATE );
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
+ TEST_EQUAL(psa_cipher_generate_iv(&operation, iv, sizeof(iv),
+ &length),
+ PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg));
+ TEST_EQUAL(psa_cipher_generate_iv(&operation, iv, sizeof(iv),
+ &length),
+ PSA_ERROR_BAD_STATE);
/* Multipart encryption */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
output_length = 0;
length = ~0;
- PSA_ASSERT( psa_cipher_update( &operation,
- plaintext->x, plaintext->len,
- output, output_buffer_size,
- &length ) );
- TEST_LE_U( length, output_buffer_size );
+ PSA_ASSERT(psa_cipher_update(&operation,
+ plaintext->x, plaintext->len,
+ output, output_buffer_size,
+ &length));
+ TEST_LE_U(length, output_buffer_size);
output_length += length;
- PSA_ASSERT( psa_cipher_finish( &operation,
- mbedtls_buffer_offset( output, output_length ),
- output_buffer_size - output_length,
- &length ) );
+ PSA_ASSERT(psa_cipher_finish(&operation,
+ mbedtls_buffer_offset(output, output_length),
+ output_buffer_size - output_length,
+ &length));
output_length += length;
- ASSERT_COMPARE( ciphertext->x, ciphertext->len,
- output, output_length );
+ ASSERT_COMPARE(ciphertext->x, ciphertext->len,
+ output, output_length);
/* Multipart encryption */
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
+ PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg));
output_length = 0;
length = ~0;
- PSA_ASSERT( psa_cipher_update( &operation,
- ciphertext->x, ciphertext->len,
- output, output_buffer_size,
- &length ) );
- TEST_LE_U( length, output_buffer_size );
+ PSA_ASSERT(psa_cipher_update(&operation,
+ ciphertext->x, ciphertext->len,
+ output, output_buffer_size,
+ &length));
+ TEST_LE_U(length, output_buffer_size);
output_length += length;
- PSA_ASSERT( psa_cipher_finish( &operation,
- mbedtls_buffer_offset( output, output_length ),
- output_buffer_size - output_length,
- &length ) );
+ PSA_ASSERT(psa_cipher_finish(&operation,
+ mbedtls_buffer_offset(output, output_length),
+ output_buffer_size - output_length,
+ &length));
output_length += length;
- ASSERT_COMPARE( plaintext->x, plaintext->len,
- output, output_length );
+ ASSERT_COMPARE(plaintext->x, plaintext->len,
+ output, output_length);
/* One-shot encryption */
output_length = ~0;
- PSA_ASSERT( psa_cipher_encrypt( key, alg, plaintext->x, plaintext->len,
- output, output_buffer_size,
- &output_length ) );
- ASSERT_COMPARE( ciphertext->x, ciphertext->len,
- output, output_length );
+ PSA_ASSERT(psa_cipher_encrypt(key, alg, plaintext->x, plaintext->len,
+ output, output_buffer_size,
+ &output_length));
+ ASSERT_COMPARE(ciphertext->x, ciphertext->len,
+ output, output_length);
/* One-shot decryption */
output_length = ~0;
- PSA_ASSERT( psa_cipher_decrypt( key, alg, ciphertext->x, ciphertext->len,
- output, output_buffer_size,
- &output_length ) );
- ASSERT_COMPARE( plaintext->x, plaintext->len,
- output, output_length );
+ PSA_ASSERT(psa_cipher_decrypt(key, alg, ciphertext->x, ciphertext->len,
+ output, output_buffer_size,
+ &output_length));
+ ASSERT_COMPARE(plaintext->x, plaintext->len,
+ output, output_length);
exit:
- mbedtls_free( output );
- psa_cipher_abort( &operation );
- psa_destroy_key( key );
- PSA_DONE( );
+ mbedtls_free(output);
+ psa_cipher_abort(&operation);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_bad_key( int alg_arg, int key_type_arg, data_t *key_data )
+void cipher_bad_key(int alg_arg, int key_type_arg, data_t *key_data)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
@@ -2723,46 +2752,46 @@
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_status_t status;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
/* Usage of either of these two size macros would cause divide by zero
* with incorrect key types previously. Input length should be irrelevant
* here. */
- TEST_EQUAL( PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, 16 ),
- 0 );
- TEST_EQUAL( PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, 16 ), 0 );
+ TEST_EQUAL(PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, 16),
+ 0);
+ TEST_EQUAL(PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, 16), 0);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
/* Should fail due to invalid alg type (to support invalid key type).
* Encrypt or decrypt will end up in the same place. */
- status = psa_cipher_encrypt_setup( &operation, key, alg );
+ status = psa_cipher_encrypt_setup(&operation, key, alg);
- TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT );
+ TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT);
exit:
- psa_cipher_abort( &operation );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_cipher_abort(&operation);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_encrypt_validation( int alg_arg,
- int key_type_arg,
- data_t *key_data,
- data_t *input )
+void cipher_encrypt_validation(int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *input)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- size_t iv_size = PSA_CIPHER_IV_LENGTH ( key_type, alg );
+ size_t iv_size = PSA_CIPHER_IV_LENGTH(key_type, alg);
unsigned char *output1 = NULL;
size_t output1_buffer_size = 0;
size_t output1_length = 0;
@@ -2773,74 +2802,74 @@
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
- output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
- PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
- ASSERT_ALLOC( output1, output1_buffer_size );
- ASSERT_ALLOC( output2, output2_buffer_size );
+ output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len);
+ output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) +
+ PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg);
+ ASSERT_ALLOC(output1, output1_buffer_size);
+ ASSERT_ALLOC(output2, output2_buffer_size);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
/* The one-shot cipher encryption uses generated iv so validating
the output is not possible. Validating with multipart encryption. */
- PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output1,
- output1_buffer_size, &output1_length ) );
- TEST_LE_U( output1_length,
- PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
- TEST_LE_U( output1_length,
- PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
+ PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len, output1,
+ output1_buffer_size, &output1_length));
+ TEST_LE_U(output1_length,
+ PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len));
+ TEST_LE_U(output1_length,
+ PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input->len));
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_cipher_set_iv( &operation, output1, iv_size ) );
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
+ PSA_ASSERT(psa_cipher_set_iv(&operation, output1, iv_size));
- PSA_ASSERT( psa_cipher_update( &operation,
- input->x, input->len,
- output2, output2_buffer_size,
- &function_output_length ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
+ PSA_ASSERT(psa_cipher_update(&operation,
+ input->x, input->len,
+ output2, output2_buffer_size,
+ &function_output_length));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input->len));
output2_length += function_output_length;
- PSA_ASSERT( psa_cipher_finish( &operation,
- output2 + output2_length,
- output2_buffer_size - output2_length,
- &function_output_length ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
+ PSA_ASSERT(psa_cipher_finish(&operation,
+ output2 + output2_length,
+ output2_buffer_size - output2_length,
+ &function_output_length));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE);
output2_length += function_output_length;
- PSA_ASSERT( psa_cipher_abort( &operation ) );
- ASSERT_COMPARE( output1 + iv_size, output1_length - iv_size,
- output2, output2_length );
+ PSA_ASSERT(psa_cipher_abort(&operation));
+ ASSERT_COMPARE(output1 + iv_size, output1_length - iv_size,
+ output2, output2_length);
exit:
- psa_cipher_abort( &operation );
- mbedtls_free( output1 );
- mbedtls_free( output2 );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_cipher_abort(&operation);
+ mbedtls_free(output1);
+ mbedtls_free(output2);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
- data_t *key_data, data_t *iv,
- data_t *input,
- int first_part_size_arg,
- int output1_length_arg, int output2_length_arg,
- data_t *expected_output,
- int expected_status_arg )
+void cipher_encrypt_multipart(int alg_arg, int key_type_arg,
+ data_t *key_data, data_t *iv,
+ data_t *input,
+ int first_part_size_arg,
+ int output1_length_arg, int output2_length_arg,
+ data_t *expected_output,
+ int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -2857,92 +2886,89 @@
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
- if( iv->len > 0 )
- {
- PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
+ if (iv->len > 0) {
+ PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len));
}
- output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
- PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
- ASSERT_ALLOC( output, output_buffer_size );
+ output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) +
+ PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg);
+ ASSERT_ALLOC(output, output_buffer_size);
- TEST_LE_U( first_part_size, input->len );
- PSA_ASSERT( psa_cipher_update( &operation, input->x, first_part_size,
- output, output_buffer_size,
- &function_output_length ) );
- TEST_ASSERT( function_output_length == output1_length );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size) );
+ TEST_LE_U(first_part_size, input->len);
+ PSA_ASSERT(psa_cipher_update(&operation, input->x, first_part_size,
+ output, output_buffer_size,
+ &function_output_length));
+ TEST_ASSERT(function_output_length == output1_length);
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, first_part_size));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(first_part_size));
total_output_length += function_output_length;
- if( first_part_size < input->len )
- {
- PSA_ASSERT( psa_cipher_update( &operation,
- input->x + first_part_size,
- input->len - first_part_size,
- ( output_buffer_size == 0 ? NULL :
- output + total_output_length ),
- output_buffer_size - total_output_length,
- &function_output_length ) );
- TEST_ASSERT( function_output_length == output2_length );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
- alg,
- input->len - first_part_size ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
+ if (first_part_size < input->len) {
+ PSA_ASSERT(psa_cipher_update(&operation,
+ input->x + first_part_size,
+ input->len - first_part_size,
+ (output_buffer_size == 0 ? NULL :
+ output + total_output_length),
+ output_buffer_size - total_output_length,
+ &function_output_length));
+ TEST_ASSERT(function_output_length == output2_length);
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type,
+ alg,
+ input->len - first_part_size));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input->len));
total_output_length += function_output_length;
}
- status = psa_cipher_finish( &operation,
- ( output_buffer_size == 0 ? NULL :
- output + total_output_length ),
- output_buffer_size - total_output_length,
- &function_output_length );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
+ status = psa_cipher_finish(&operation,
+ (output_buffer_size == 0 ? NULL :
+ output + total_output_length),
+ output_buffer_size - total_output_length,
+ &function_output_length);
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE);
total_output_length += function_output_length;
- TEST_EQUAL( status, expected_status );
+ TEST_EQUAL(status, expected_status);
- if( expected_status == PSA_SUCCESS )
- {
- PSA_ASSERT( psa_cipher_abort( &operation ) );
+ if (expected_status == PSA_SUCCESS) {
+ PSA_ASSERT(psa_cipher_abort(&operation));
- ASSERT_COMPARE( expected_output->x, expected_output->len,
- output, total_output_length );
+ ASSERT_COMPARE(expected_output->x, expected_output->len,
+ output, total_output_length);
}
exit:
- psa_cipher_abort( &operation );
- mbedtls_free( output );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_cipher_abort(&operation);
+ mbedtls_free(output);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
- data_t *key_data, data_t *iv,
- data_t *input,
- int first_part_size_arg,
- int output1_length_arg, int output2_length_arg,
- data_t *expected_output,
- int expected_status_arg )
+void cipher_decrypt_multipart(int alg_arg, int key_type_arg,
+ data_t *key_data, data_t *iv,
+ data_t *input,
+ int first_part_size_arg,
+ int output1_length_arg, int output2_length_arg,
+ data_t *expected_output,
+ int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -2959,202 +2985,196 @@
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
+ PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg));
- if( iv->len > 0 )
- {
- PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
+ if (iv->len > 0) {
+ PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len));
}
- output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
- PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
- ASSERT_ALLOC( output, output_buffer_size );
+ output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) +
+ PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg);
+ ASSERT_ALLOC(output, output_buffer_size);
- TEST_LE_U( first_part_size, input->len );
- PSA_ASSERT( psa_cipher_update( &operation,
- input->x, first_part_size,
- output, output_buffer_size,
- &function_output_length ) );
- TEST_ASSERT( function_output_length == output1_length );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
+ TEST_LE_U(first_part_size, input->len);
+ PSA_ASSERT(psa_cipher_update(&operation,
+ input->x, first_part_size,
+ output, output_buffer_size,
+ &function_output_length));
+ TEST_ASSERT(function_output_length == output1_length);
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, first_part_size));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(first_part_size));
total_output_length += function_output_length;
- if( first_part_size < input->len )
- {
- PSA_ASSERT( psa_cipher_update( &operation,
- input->x + first_part_size,
- input->len - first_part_size,
- ( output_buffer_size == 0 ? NULL :
- output + total_output_length ),
- output_buffer_size - total_output_length,
- &function_output_length ) );
- TEST_ASSERT( function_output_length == output2_length );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
- alg,
- input->len - first_part_size ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
+ if (first_part_size < input->len) {
+ PSA_ASSERT(psa_cipher_update(&operation,
+ input->x + first_part_size,
+ input->len - first_part_size,
+ (output_buffer_size == 0 ? NULL :
+ output + total_output_length),
+ output_buffer_size - total_output_length,
+ &function_output_length));
+ TEST_ASSERT(function_output_length == output2_length);
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type,
+ alg,
+ input->len - first_part_size));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input->len));
total_output_length += function_output_length;
}
- status = psa_cipher_finish( &operation,
- ( output_buffer_size == 0 ? NULL :
- output + total_output_length ),
- output_buffer_size - total_output_length,
- &function_output_length );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
+ status = psa_cipher_finish(&operation,
+ (output_buffer_size == 0 ? NULL :
+ output + total_output_length),
+ output_buffer_size - total_output_length,
+ &function_output_length);
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE);
total_output_length += function_output_length;
- TEST_EQUAL( status, expected_status );
+ TEST_EQUAL(status, expected_status);
- if( expected_status == PSA_SUCCESS )
- {
- PSA_ASSERT( psa_cipher_abort( &operation ) );
+ if (expected_status == PSA_SUCCESS) {
+ PSA_ASSERT(psa_cipher_abort(&operation));
- ASSERT_COMPARE( expected_output->x, expected_output->len,
- output, total_output_length );
+ ASSERT_COMPARE(expected_output->x, expected_output->len,
+ output, total_output_length);
}
exit:
- psa_cipher_abort( &operation );
- mbedtls_free( output );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_cipher_abort(&operation);
+ mbedtls_free(output);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_decrypt_fail( int alg_arg,
+void cipher_decrypt_fail(int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *iv,
+ data_t *input_arg,
+ int expected_status_arg)
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_status_t status;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t expected_status = expected_status_arg;
+ unsigned char *input = NULL;
+ size_t input_buffer_size = 0;
+ unsigned char *output = NULL;
+ size_t output_buffer_size = 0;
+ size_t output_length = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (PSA_ERROR_BAD_STATE != expected_status) {
+ PSA_ASSERT(psa_crypto_init());
+
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
+
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+ }
+
+ /* Allocate input buffer and copy the iv and the plaintext */
+ input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len);
+ if (input_buffer_size > 0) {
+ ASSERT_ALLOC(input, input_buffer_size);
+ memcpy(input, iv->x, iv->len);
+ memcpy(input + iv->len, input_arg->x, input_arg->len);
+ }
+
+ output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size);
+ ASSERT_ALLOC(output, output_buffer_size);
+
+ status = psa_cipher_decrypt(key, alg, input, input_buffer_size, output,
+ output_buffer_size, &output_length);
+ TEST_EQUAL(status, expected_status);
+
+exit:
+ mbedtls_free(input);
+ mbedtls_free(output);
+ psa_destroy_key(key);
+ PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_decrypt(int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *iv,
+ data_t *input_arg,
+ data_t *expected_output)
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ unsigned char *input = NULL;
+ size_t input_buffer_size = 0;
+ unsigned char *output = NULL;
+ size_t output_buffer_size = 0;
+ size_t output_length = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT(psa_crypto_init());
+
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
+
+ /* Allocate input buffer and copy the iv and the plaintext */
+ input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len);
+ if (input_buffer_size > 0) {
+ ASSERT_ALLOC(input, input_buffer_size);
+ memcpy(input, iv->x, iv->len);
+ memcpy(input + iv->len, input_arg->x, input_arg->len);
+ }
+
+ output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size);
+ ASSERT_ALLOC(output, output_buffer_size);
+
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+
+ PSA_ASSERT(psa_cipher_decrypt(key, alg, input, input_buffer_size, output,
+ output_buffer_size, &output_length));
+ TEST_LE_U(output_length,
+ PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size));
+ TEST_LE_U(output_length,
+ PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_buffer_size));
+
+ ASSERT_COMPARE(expected_output->x, expected_output->len,
+ output, output_length);
+exit:
+ mbedtls_free(input);
+ mbedtls_free(output);
+ psa_destroy_key(key);
+ PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_verify_output(int alg_arg,
int key_type_arg,
data_t *key_data,
- data_t *iv,
- data_t *input_arg,
- int expected_status_arg )
-{
- mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
- psa_status_t status;
- psa_key_type_t key_type = key_type_arg;
- psa_algorithm_t alg = alg_arg;
- psa_status_t expected_status = expected_status_arg;
- unsigned char *input = NULL;
- size_t input_buffer_size = 0;
- unsigned char *output = NULL;
- size_t output_buffer_size = 0;
- size_t output_length = 0;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-
- if ( PSA_ERROR_BAD_STATE != expected_status )
- {
- PSA_ASSERT( psa_crypto_init( ) );
-
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
-
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
- }
-
- /* Allocate input buffer and copy the iv and the plaintext */
- input_buffer_size = ( (size_t) input_arg->len + (size_t) iv->len );
- if ( input_buffer_size > 0 )
- {
- ASSERT_ALLOC( input, input_buffer_size );
- memcpy( input, iv->x, iv->len );
- memcpy( input + iv->len, input_arg->x, input_arg->len );
- }
-
- output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size );
- ASSERT_ALLOC( output, output_buffer_size );
-
- status = psa_cipher_decrypt( key, alg, input, input_buffer_size, output,
- output_buffer_size, &output_length );
- TEST_EQUAL( status, expected_status );
-
-exit:
- mbedtls_free( input );
- mbedtls_free( output );
- psa_destroy_key( key );
- PSA_DONE( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void cipher_decrypt( int alg_arg,
- int key_type_arg,
- data_t *key_data,
- data_t *iv,
- data_t *input_arg,
- data_t *expected_output )
-{
- mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
- psa_key_type_t key_type = key_type_arg;
- psa_algorithm_t alg = alg_arg;
- unsigned char *input = NULL;
- size_t input_buffer_size = 0;
- unsigned char *output = NULL;
- size_t output_buffer_size = 0;
- size_t output_length = 0;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-
- PSA_ASSERT( psa_crypto_init( ) );
-
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
-
- /* Allocate input buffer and copy the iv and the plaintext */
- input_buffer_size = ( (size_t) input_arg->len + (size_t) iv->len );
- if ( input_buffer_size > 0 )
- {
- ASSERT_ALLOC( input, input_buffer_size );
- memcpy( input, iv->x, iv->len );
- memcpy( input + iv->len, input_arg->x, input_arg->len );
- }
-
- output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size );
- ASSERT_ALLOC( output, output_buffer_size );
-
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
-
- PSA_ASSERT( psa_cipher_decrypt( key, alg, input, input_buffer_size, output,
- output_buffer_size, &output_length ) );
- TEST_LE_U( output_length,
- PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size ) );
- TEST_LE_U( output_length,
- PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input_buffer_size ) );
-
- ASSERT_COMPARE( expected_output->x, expected_output->len,
- output, output_length );
-exit:
- mbedtls_free( input );
- mbedtls_free( output );
- psa_destroy_key( key );
- PSA_DONE( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void cipher_verify_output( int alg_arg,
- int key_type_arg,
- data_t *key_data,
- data_t *input )
+ data_t *input)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -3167,58 +3187,58 @@
size_t output2_length = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
- output1_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
- ASSERT_ALLOC( output1, output1_size );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+ output1_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len);
+ ASSERT_ALLOC(output1, output1_size);
- PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len,
- output1, output1_size,
- &output1_length ) );
- TEST_LE_U( output1_length,
- PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
- TEST_LE_U( output1_length,
- PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
+ PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len,
+ output1, output1_size,
+ &output1_length));
+ TEST_LE_U(output1_length,
+ PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len));
+ TEST_LE_U(output1_length,
+ PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input->len));
output2_size = output1_length;
- ASSERT_ALLOC( output2, output2_size );
+ ASSERT_ALLOC(output2, output2_size);
- PSA_ASSERT( psa_cipher_decrypt( key, alg, output1, output1_length,
- output2, output2_size,
- &output2_length ) );
- TEST_LE_U( output2_length,
- PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
- TEST_LE_U( output2_length,
- PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
+ PSA_ASSERT(psa_cipher_decrypt(key, alg, output1, output1_length,
+ output2, output2_size,
+ &output2_length));
+ TEST_LE_U(output2_length,
+ PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, output1_length));
+ TEST_LE_U(output2_length,
+ PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(output1_length));
- ASSERT_COMPARE( input->x, input->len, output2, output2_length );
+ ASSERT_COMPARE(input->x, input->len, output2, output2_length);
exit:
- mbedtls_free( output1 );
- mbedtls_free( output2 );
- psa_destroy_key( key );
- PSA_DONE( );
+ mbedtls_free(output1);
+ mbedtls_free(output2);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_verify_output_multipart( int alg_arg,
- int key_type_arg,
- data_t *key_data,
- data_t *input,
- int first_part_size_arg )
+void cipher_verify_output_multipart(int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *input,
+ int first_part_size_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t first_part_size = first_part_size_arg;
- unsigned char iv[16] = {0};
+ unsigned char iv[16] = { 0 };
size_t iv_size = 16;
size_t iv_length = 0;
unsigned char *output1 = NULL;
@@ -3232,132 +3252,130 @@
psa_cipher_operation_t operation2 = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) );
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) );
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation1, key, alg));
+ PSA_ASSERT(psa_cipher_decrypt_setup(&operation2, key, alg));
- if( alg != PSA_ALG_ECB_NO_PADDING )
- {
- PSA_ASSERT( psa_cipher_generate_iv( &operation1,
- iv, iv_size,
- &iv_length ) );
+ if (alg != PSA_ALG_ECB_NO_PADDING) {
+ PSA_ASSERT(psa_cipher_generate_iv(&operation1,
+ iv, iv_size,
+ &iv_length));
}
- output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
- TEST_LE_U( output1_buffer_size,
- PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
- ASSERT_ALLOC( output1, output1_buffer_size );
+ output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len);
+ TEST_LE_U(output1_buffer_size,
+ PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input->len));
+ ASSERT_ALLOC(output1, output1_buffer_size);
- TEST_LE_U( first_part_size, input->len );
+ TEST_LE_U(first_part_size, input->len);
- PSA_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size,
- output1, output1_buffer_size,
- &function_output_length ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
+ PSA_ASSERT(psa_cipher_update(&operation1, input->x, first_part_size,
+ output1, output1_buffer_size,
+ &function_output_length));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, first_part_size));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(first_part_size));
output1_length += function_output_length;
- PSA_ASSERT( psa_cipher_update( &operation1,
- input->x + first_part_size,
- input->len - first_part_size,
- output1, output1_buffer_size,
- &function_output_length ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
- alg,
- input->len - first_part_size ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len - first_part_size ) );
+ PSA_ASSERT(psa_cipher_update(&operation1,
+ input->x + first_part_size,
+ input->len - first_part_size,
+ output1, output1_buffer_size,
+ &function_output_length));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type,
+ alg,
+ input->len - first_part_size));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input->len - first_part_size));
output1_length += function_output_length;
- PSA_ASSERT( psa_cipher_finish( &operation1,
- output1 + output1_length,
- output1_buffer_size - output1_length,
- &function_output_length ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
+ PSA_ASSERT(psa_cipher_finish(&operation1,
+ output1 + output1_length,
+ output1_buffer_size - output1_length,
+ &function_output_length));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE);
output1_length += function_output_length;
- PSA_ASSERT( psa_cipher_abort( &operation1 ) );
+ PSA_ASSERT(psa_cipher_abort(&operation1));
output2_buffer_size = output1_length;
- TEST_LE_U( output2_buffer_size,
- PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
- TEST_LE_U( output2_buffer_size,
- PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
- ASSERT_ALLOC( output2, output2_buffer_size );
+ TEST_LE_U(output2_buffer_size,
+ PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, output1_length));
+ TEST_LE_U(output2_buffer_size,
+ PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(output1_length));
+ ASSERT_ALLOC(output2, output2_buffer_size);
- if( iv_length > 0 )
- {
- PSA_ASSERT( psa_cipher_set_iv( &operation2,
- iv, iv_length ) );
+ if (iv_length > 0) {
+ PSA_ASSERT(psa_cipher_set_iv(&operation2,
+ iv, iv_length));
}
- PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size,
- output2, output2_buffer_size,
- &function_output_length ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
+ PSA_ASSERT(psa_cipher_update(&operation2, output1, first_part_size,
+ output2, output2_buffer_size,
+ &function_output_length));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, first_part_size));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(first_part_size));
output2_length += function_output_length;
- PSA_ASSERT( psa_cipher_update( &operation2,
- output1 + first_part_size,
- output1_length - first_part_size,
- output2, output2_buffer_size,
- &function_output_length ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
- alg,
- output1_length - first_part_size ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( output1_length - first_part_size ) );
+ PSA_ASSERT(psa_cipher_update(&operation2,
+ output1 + first_part_size,
+ output1_length - first_part_size,
+ output2, output2_buffer_size,
+ &function_output_length));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type,
+ alg,
+ output1_length - first_part_size));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(output1_length - first_part_size));
output2_length += function_output_length;
- PSA_ASSERT( psa_cipher_finish( &operation2,
- output2 + output2_length,
- output2_buffer_size - output2_length,
- &function_output_length ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
- TEST_LE_U( function_output_length,
- PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
+ PSA_ASSERT(psa_cipher_finish(&operation2,
+ output2 + output2_length,
+ output2_buffer_size - output2_length,
+ &function_output_length));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg));
+ TEST_LE_U(function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE);
output2_length += function_output_length;
- PSA_ASSERT( psa_cipher_abort( &operation2 ) );
+ PSA_ASSERT(psa_cipher_abort(&operation2));
- ASSERT_COMPARE( input->x, input->len, output2, output2_length );
+ ASSERT_COMPARE(input->x, input->len, output2, output2_length);
exit:
- psa_cipher_abort( &operation1 );
- psa_cipher_abort( &operation2 );
- mbedtls_free( output1 );
- mbedtls_free( output2 );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_cipher_abort(&operation1);
+ psa_cipher_abort(&operation2);
+ mbedtls_free(output1);
+ mbedtls_free(output2);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void aead_encrypt_decrypt( int key_type_arg, data_t *key_data,
- int alg_arg,
- data_t *nonce,
- data_t *additional_data,
- data_t *input_data,
- int expected_result_arg )
+void aead_encrypt_decrypt(int key_type_arg, data_t *key_data,
+ int alg_arg,
+ data_t *nonce,
+ data_t *additional_data,
+ data_t *input_data,
+ int expected_result_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -3372,90 +3390,87 @@
psa_status_t expected_result = expected_result_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_bits = psa_get_key_bits( &attributes );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_bits = psa_get_key_bits(&attributes);
- output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits,
- alg );
+ output_size = input_data->len + PSA_AEAD_TAG_LENGTH(key_type, key_bits,
+ alg);
/* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
* should be exact. */
- if( expected_result != PSA_ERROR_INVALID_ARGUMENT &&
- expected_result != PSA_ERROR_NOT_SUPPORTED )
- {
- TEST_EQUAL( output_size,
- PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
- TEST_ASSERT( output_size <=
- PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+ if (expected_result != PSA_ERROR_INVALID_ARGUMENT &&
+ expected_result != PSA_ERROR_NOT_SUPPORTED) {
+ TEST_EQUAL(output_size,
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len));
+ TEST_ASSERT(output_size <=
+ PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len));
}
- ASSERT_ALLOC( output_data, output_size );
+ ASSERT_ALLOC(output_data, output_size);
- status = psa_aead_encrypt( key, alg,
- nonce->x, nonce->len,
- additional_data->x,
- additional_data->len,
- input_data->x, input_data->len,
- output_data, output_size,
- &output_length );
+ status = psa_aead_encrypt(key, alg,
+ nonce->x, nonce->len,
+ additional_data->x,
+ additional_data->len,
+ input_data->x, input_data->len,
+ output_data, output_size,
+ &output_length);
/* If the operation is not supported, just skip and not fail in case the
* encryption involves a common limitation of cryptography hardwares and
* an alternative implementation. */
- if( status == PSA_ERROR_NOT_SUPPORTED )
- {
- MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
- MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
+ if (status == PSA_ERROR_NOT_SUPPORTED) {
+ MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_data->len * 8);
+ MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, nonce->len);
}
- TEST_EQUAL( status, expected_result );
+ TEST_EQUAL(status, expected_result);
- if( PSA_SUCCESS == expected_result )
- {
- ASSERT_ALLOC( output_data2, output_length );
+ if (PSA_SUCCESS == expected_result) {
+ ASSERT_ALLOC(output_data2, output_length);
/* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
* should be exact. */
- TEST_EQUAL( input_data->len,
- PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, output_length ) );
+ TEST_EQUAL(input_data->len,
+ PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, output_length));
- TEST_ASSERT( input_data->len <=
- PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length ) );
+ TEST_ASSERT(input_data->len <=
+ PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(output_length));
- TEST_EQUAL( psa_aead_decrypt( key, alg,
- nonce->x, nonce->len,
- additional_data->x,
- additional_data->len,
- output_data, output_length,
- output_data2, output_length,
- &output_length2 ),
- expected_result );
+ TEST_EQUAL(psa_aead_decrypt(key, alg,
+ nonce->x, nonce->len,
+ additional_data->x,
+ additional_data->len,
+ output_data, output_length,
+ output_data2, output_length,
+ &output_length2),
+ expected_result);
- ASSERT_COMPARE( input_data->x, input_data->len,
- output_data2, output_length2 );
+ ASSERT_COMPARE(input_data->x, input_data->len,
+ output_data2, output_length2);
}
exit:
- psa_destroy_key( key );
- mbedtls_free( output_data );
- mbedtls_free( output_data2 );
- PSA_DONE( );
+ psa_destroy_key(key);
+ mbedtls_free(output_data);
+ mbedtls_free(output_data2);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void aead_encrypt( int key_type_arg, data_t *key_data,
- int alg_arg,
- data_t *nonce,
- data_t *additional_data,
- data_t *input_data,
- data_t *expected_result )
+void aead_encrypt(int key_type_arg, data_t *key_data,
+ int alg_arg,
+ data_t *nonce,
+ data_t *additional_data,
+ data_t *input_data,
+ data_t *expected_result)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -3467,62 +3482,61 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_bits = psa_get_key_bits( &attributes );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_bits = psa_get_key_bits(&attributes);
- output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits,
- alg );
+ output_size = input_data->len + PSA_AEAD_TAG_LENGTH(key_type, key_bits,
+ alg);
/* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
* should be exact. */
- TEST_EQUAL( output_size,
- PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
- TEST_ASSERT( output_size <=
- PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
- ASSERT_ALLOC( output_data, output_size );
+ TEST_EQUAL(output_size,
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len));
+ TEST_ASSERT(output_size <=
+ PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len));
+ ASSERT_ALLOC(output_data, output_size);
- status = psa_aead_encrypt( key, alg,
- nonce->x, nonce->len,
- additional_data->x, additional_data->len,
- input_data->x, input_data->len,
- output_data, output_size,
- &output_length );
+ status = psa_aead_encrypt(key, alg,
+ nonce->x, nonce->len,
+ additional_data->x, additional_data->len,
+ input_data->x, input_data->len,
+ output_data, output_size,
+ &output_length);
/* If the operation is not supported, just skip and not fail in case the
* encryption involves a common limitation of cryptography hardwares and
* an alternative implementation. */
- if( status == PSA_ERROR_NOT_SUPPORTED )
- {
- MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
- MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
+ if (status == PSA_ERROR_NOT_SUPPORTED) {
+ MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_data->len * 8);
+ MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, nonce->len);
}
- PSA_ASSERT( status );
- ASSERT_COMPARE( expected_result->x, expected_result->len,
- output_data, output_length );
+ PSA_ASSERT(status);
+ ASSERT_COMPARE(expected_result->x, expected_result->len,
+ output_data, output_length);
exit:
- psa_destroy_key( key );
- mbedtls_free( output_data );
- PSA_DONE( );
+ psa_destroy_key(key);
+ mbedtls_free(output_data);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void aead_decrypt( int key_type_arg, data_t *key_data,
- int alg_arg,
- data_t *nonce,
- data_t *additional_data,
- data_t *input_data,
- data_t *expected_data,
- int expected_result_arg )
+void aead_decrypt(int key_type_arg, data_t *key_data,
+ int alg_arg,
+ data_t *nonce,
+ data_t *additional_data,
+ data_t *input_data,
+ data_t *expected_data,
+ int expected_result_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -3535,75 +3549,74 @@
psa_status_t expected_result = expected_result_arg;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_bits = psa_get_key_bits( &attributes );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_bits = psa_get_key_bits(&attributes);
- output_size = input_data->len - PSA_AEAD_TAG_LENGTH( key_type, key_bits,
- alg );
- if( expected_result != PSA_ERROR_INVALID_ARGUMENT &&
- expected_result != PSA_ERROR_NOT_SUPPORTED )
- {
+ output_size = input_data->len - PSA_AEAD_TAG_LENGTH(key_type, key_bits,
+ alg);
+ if (expected_result != PSA_ERROR_INVALID_ARGUMENT &&
+ expected_result != PSA_ERROR_NOT_SUPPORTED) {
/* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
* should be exact. */
- TEST_EQUAL( output_size,
- PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
- TEST_ASSERT( output_size <=
- PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+ TEST_EQUAL(output_size,
+ PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, input_data->len));
+ TEST_ASSERT(output_size <=
+ PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(input_data->len));
}
- ASSERT_ALLOC( output_data, output_size );
+ ASSERT_ALLOC(output_data, output_size);
- status = psa_aead_decrypt( key, alg,
- nonce->x, nonce->len,
- additional_data->x,
- additional_data->len,
- input_data->x, input_data->len,
- output_data, output_size,
- &output_length );
+ status = psa_aead_decrypt(key, alg,
+ nonce->x, nonce->len,
+ additional_data->x,
+ additional_data->len,
+ input_data->x, input_data->len,
+ output_data, output_size,
+ &output_length);
/* If the operation is not supported, just skip and not fail in case the
* decryption involves a common limitation of cryptography hardwares and
* an alternative implementation. */
- if( status == PSA_ERROR_NOT_SUPPORTED )
- {
- MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
- MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
+ if (status == PSA_ERROR_NOT_SUPPORTED) {
+ MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_data->len * 8);
+ MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, nonce->len);
}
- TEST_EQUAL( status, expected_result );
+ TEST_EQUAL(status, expected_result);
- if( expected_result == PSA_SUCCESS )
- ASSERT_COMPARE( expected_data->x, expected_data->len,
- output_data, output_length );
+ if (expected_result == PSA_SUCCESS) {
+ ASSERT_COMPARE(expected_data->x, expected_data->len,
+ output_data, output_length);
+ }
exit:
- psa_destroy_key( key );
- mbedtls_free( output_data );
- PSA_DONE( );
+ psa_destroy_key(key);
+ mbedtls_free(output_data);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void signature_size( int type_arg,
- int bits,
- int alg_arg,
- int expected_size_arg )
+void signature_size(int type_arg,
+ int bits,
+ int alg_arg,
+ int expected_size_arg)
{
psa_key_type_t type = type_arg;
psa_algorithm_t alg = alg_arg;
- size_t actual_size = PSA_SIGN_OUTPUT_SIZE( type, bits, alg );
+ size_t actual_size = PSA_SIGN_OUTPUT_SIZE(type, bits, alg);
- TEST_EQUAL( actual_size, (size_t) expected_size_arg );
+ TEST_EQUAL(actual_size, (size_t) expected_size_arg);
#if defined(MBEDTLS_TEST_DEPRECATED)
- TEST_EQUAL( actual_size,
- PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( type, bits, alg ) );
+ TEST_EQUAL(actual_size,
+ PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(type, bits, alg));
#endif /* MBEDTLS_TEST_DEPRECATED */
exit:
@@ -3612,9 +3625,9 @@
/* END_CASE */
/* BEGIN_CASE */
-void sign_hash_deterministic( int key_type_arg, data_t *key_data,
- int alg_arg, data_t *input_data,
- data_t *output_data )
+void sign_hash_deterministic(int key_type_arg, data_t *key_data,
+ int alg_arg, data_t *input_data,
+ data_t *output_data)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -3625,43 +3638,43 @@
size_t signature_length = 0xdeadbeef;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_bits = psa_get_key_bits( &attributes );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_bits = psa_get_key_bits(&attributes);
/* Allocate a buffer which has the size advertised by the
* library. */
- signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
- key_bits, alg );
- TEST_ASSERT( signature_size != 0 );
- TEST_LE_U( signature_size, PSA_SIGNATURE_MAX_SIZE );
- ASSERT_ALLOC( signature, signature_size );
+ signature_size = PSA_SIGN_OUTPUT_SIZE(key_type,
+ key_bits, alg);
+ TEST_ASSERT(signature_size != 0);
+ TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE);
+ ASSERT_ALLOC(signature, signature_size);
/* Perform the signature. */
- PSA_ASSERT( psa_sign_hash( key, alg,
- input_data->x, input_data->len,
- signature, signature_size,
- &signature_length ) );
+ PSA_ASSERT(psa_sign_hash(key, alg,
+ input_data->x, input_data->len,
+ signature, signature_size,
+ &signature_length));
/* Verify that the signature is what is expected. */
- ASSERT_COMPARE( output_data->x, output_data->len,
- signature, signature_length );
+ ASSERT_COMPARE(output_data->x, output_data->len,
+ signature, signature_length);
#if defined(MBEDTLS_TEST_DEPRECATED)
- memset( signature, 0, signature_size );
+ memset(signature, 0, signature_size);
signature_length = INVALID_EXPORT_LENGTH;
- PSA_ASSERT( psa_asymmetric_sign( key, alg,
- input_data->x, input_data->len,
- signature, signature_size,
- &signature_length ) );
- ASSERT_COMPARE( output_data->x, output_data->len,
- signature, signature_length );
+ PSA_ASSERT(psa_asymmetric_sign(key, alg,
+ input_data->x, input_data->len,
+ signature, signature_size,
+ &signature_length));
+ ASSERT_COMPARE(output_data->x, output_data->len,
+ signature, signature_length);
#endif /* MBEDTLS_TEST_DEPRECATED */
exit:
@@ -3669,18 +3682,18 @@
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- psa_destroy_key( key );
- mbedtls_free( signature );
- PSA_DONE( );
+ psa_destroy_key(key);
+ mbedtls_free(signature);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void sign_hash_fail( int key_type_arg, data_t *key_data,
- int alg_arg, data_t *input_data,
- int signature_size_arg, int expected_status_arg )
+void sign_hash_fail(int key_type_arg, data_t *key_data,
+ int alg_arg, data_t *input_data,
+ int signature_size_arg, int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -3692,49 +3705,49 @@
size_t signature_length = 0xdeadbeef;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- ASSERT_ALLOC( signature, signature_size );
+ ASSERT_ALLOC(signature, signature_size);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- actual_status = psa_sign_hash( key, alg,
- input_data->x, input_data->len,
- signature, signature_size,
- &signature_length );
- TEST_EQUAL( actual_status, expected_status );
+ actual_status = psa_sign_hash(key, alg,
+ input_data->x, input_data->len,
+ signature, signature_size,
+ &signature_length);
+ TEST_EQUAL(actual_status, expected_status);
/* The value of *signature_length is unspecified on error, but
* whatever it is, it should be less than signature_size, so that
* if the caller tries to read *signature_length bytes without
* checking the error code then they don't overflow a buffer. */
- TEST_LE_U( signature_length, signature_size );
+ TEST_LE_U(signature_length, signature_size);
#if defined(MBEDTLS_TEST_DEPRECATED)
signature_length = INVALID_EXPORT_LENGTH;
- TEST_EQUAL( psa_asymmetric_sign( key, alg,
- input_data->x, input_data->len,
- signature, signature_size,
- &signature_length ),
- expected_status );
- TEST_LE_U( signature_length, signature_size );
+ TEST_EQUAL(psa_asymmetric_sign(key, alg,
+ input_data->x, input_data->len,
+ signature, signature_size,
+ &signature_length),
+ expected_status);
+ TEST_LE_U(signature_length, signature_size);
#endif /* MBEDTLS_TEST_DEPRECATED */
exit:
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key );
- mbedtls_free( signature );
- PSA_DONE( );
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ mbedtls_free(signature);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void sign_verify_hash( int key_type_arg, data_t *key_data,
- int alg_arg, data_t *input_data )
+void sign_verify_hash(int key_type_arg, data_t *key_data,
+ int alg_arg, data_t *input_data)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -3745,49 +3758,48 @@
size_t signature_length = 0xdeadbeef;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_bits = psa_get_key_bits( &attributes );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_bits = psa_get_key_bits(&attributes);
/* Allocate a buffer which has the size advertised by the
* library. */
- signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
- key_bits, alg );
- TEST_ASSERT( signature_size != 0 );
- TEST_LE_U( signature_size, PSA_SIGNATURE_MAX_SIZE );
- ASSERT_ALLOC( signature, signature_size );
+ signature_size = PSA_SIGN_OUTPUT_SIZE(key_type,
+ key_bits, alg);
+ TEST_ASSERT(signature_size != 0);
+ TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE);
+ ASSERT_ALLOC(signature, signature_size);
/* Perform the signature. */
- PSA_ASSERT( psa_sign_hash( key, alg,
- input_data->x, input_data->len,
- signature, signature_size,
- &signature_length ) );
+ PSA_ASSERT(psa_sign_hash(key, alg,
+ input_data->x, input_data->len,
+ signature, signature_size,
+ &signature_length));
/* Check that the signature length looks sensible. */
- TEST_LE_U( signature_length, signature_size );
- TEST_ASSERT( signature_length > 0 );
+ TEST_LE_U(signature_length, signature_size);
+ TEST_ASSERT(signature_length > 0);
/* Use the library to verify that the signature is correct. */
- PSA_ASSERT( psa_verify_hash( key, alg,
- input_data->x, input_data->len,
- signature, signature_length ) );
+ PSA_ASSERT(psa_verify_hash(key, alg,
+ input_data->x, input_data->len,
+ signature, signature_length));
- if( input_data->len != 0 )
- {
+ if (input_data->len != 0) {
/* Flip a bit in the input and verify that the signature is now
* detected as invalid. Flip a bit at the beginning, not at the end,
* because ECDSA may ignore the last few bits of the input. */
input_data->x[0] ^= 1;
- TEST_EQUAL( psa_verify_hash( key, alg,
- input_data->x, input_data->len,
- signature, signature_length ),
- PSA_ERROR_INVALID_SIGNATURE );
+ TEST_EQUAL(psa_verify_hash(key, alg,
+ input_data->x, input_data->len,
+ signature, signature_length),
+ PSA_ERROR_INVALID_SIGNATURE);
}
exit:
@@ -3795,59 +3807,59 @@
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- psa_destroy_key( key );
- mbedtls_free( signature );
- PSA_DONE( );
+ psa_destroy_key(key);
+ mbedtls_free(signature);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void verify_hash( int key_type_arg, data_t *key_data,
- int alg_arg, data_t *hash_data,
- data_t *signature_data )
+void verify_hash(int key_type_arg, data_t *key_data,
+ int alg_arg, data_t *hash_data,
+ data_t *signature_data)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- TEST_LE_U( signature_data->len, PSA_SIGNATURE_MAX_SIZE );
+ TEST_LE_U(signature_data->len, PSA_SIGNATURE_MAX_SIZE);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- PSA_ASSERT( psa_verify_hash( key, alg,
- hash_data->x, hash_data->len,
- signature_data->x, signature_data->len ) );
+ PSA_ASSERT(psa_verify_hash(key, alg,
+ hash_data->x, hash_data->len,
+ signature_data->x, signature_data->len));
#if defined(MBEDTLS_TEST_DEPRECATED)
- PSA_ASSERT( psa_asymmetric_verify( key, alg,
- hash_data->x, hash_data->len,
- signature_data->x,
- signature_data->len ) );
+ PSA_ASSERT(psa_asymmetric_verify(key, alg,
+ hash_data->x, hash_data->len,
+ signature_data->x,
+ signature_data->len));
#endif /* MBEDTLS_TEST_DEPRECATED */
exit:
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void verify_hash_fail( int key_type_arg, data_t *key_data,
- int alg_arg, data_t *hash_data,
- data_t *signature_data,
- int expected_status_arg )
+void verify_hash_fail(int key_type_arg, data_t *key_data,
+ int alg_arg, data_t *hash_data,
+ data_t *signature_data,
+ int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -3856,40 +3868,40 @@
psa_status_t expected_status = expected_status_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- actual_status = psa_verify_hash( key, alg,
- hash_data->x, hash_data->len,
- signature_data->x, signature_data->len );
- TEST_EQUAL( actual_status, expected_status );
+ actual_status = psa_verify_hash(key, alg,
+ hash_data->x, hash_data->len,
+ signature_data->x, signature_data->len);
+ TEST_EQUAL(actual_status, expected_status);
#if defined(MBEDTLS_TEST_DEPRECATED)
- TEST_EQUAL( psa_asymmetric_verify( key, alg,
- hash_data->x, hash_data->len,
- signature_data->x, signature_data->len ),
- expected_status );
+ TEST_EQUAL(psa_asymmetric_verify(key, alg,
+ hash_data->x, hash_data->len,
+ signature_data->x, signature_data->len),
+ expected_status);
#endif /* MBEDTLS_TEST_DEPRECATED */
exit:
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void sign_message_deterministic( int key_type_arg,
- data_t *key_data,
- int alg_arg,
- data_t *input_data,
- data_t *output_data )
+void sign_message_deterministic(int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input_data,
+ data_t *output_data)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -3900,231 +3912,230 @@
size_t signature_length = 0xdeadbeef;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_bits = psa_get_key_bits( &attributes );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_bits = psa_get_key_bits(&attributes);
- signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg );
- TEST_ASSERT( signature_size != 0 );
- TEST_LE_U( signature_size, PSA_SIGNATURE_MAX_SIZE );
- ASSERT_ALLOC( signature, signature_size );
+ signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg);
+ TEST_ASSERT(signature_size != 0);
+ TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE);
+ ASSERT_ALLOC(signature, signature_size);
- PSA_ASSERT( psa_sign_message( key, alg,
- input_data->x, input_data->len,
- signature, signature_size,
- &signature_length ) );
+ PSA_ASSERT(psa_sign_message(key, alg,
+ input_data->x, input_data->len,
+ signature, signature_size,
+ &signature_length));
- ASSERT_COMPARE( output_data->x, output_data->len,
- signature, signature_length );
+ ASSERT_COMPARE(output_data->x, output_data->len,
+ signature, signature_length);
exit:
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- psa_destroy_key( key );
- mbedtls_free( signature );
- PSA_DONE( );
+ psa_destroy_key(key);
+ mbedtls_free(signature);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void sign_message_fail( int key_type_arg,
+void sign_message_fail(int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input_data,
+ int signature_size_arg,
+ int expected_status_arg)
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t signature_size = signature_size_arg;
+ psa_status_t actual_status;
+ psa_status_t expected_status = expected_status_arg;
+ unsigned char *signature = NULL;
+ size_t signature_length = 0xdeadbeef;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ ASSERT_ALLOC(signature, signature_size);
+
+ PSA_ASSERT(psa_crypto_init());
+
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
+
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+
+ actual_status = psa_sign_message(key, alg,
+ input_data->x, input_data->len,
+ signature, signature_size,
+ &signature_length);
+ TEST_EQUAL(actual_status, expected_status);
+ /* The value of *signature_length is unspecified on error, but
+ * whatever it is, it should be less than signature_size, so that
+ * if the caller tries to read *signature_length bytes without
+ * checking the error code then they don't overflow a buffer. */
+ TEST_LE_U(signature_length, signature_size);
+
+exit:
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ mbedtls_free(signature);
+ PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void sign_verify_message(int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input_data)
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
+ unsigned char *signature = NULL;
+ size_t signature_size;
+ size_t signature_length = 0xdeadbeef;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT(psa_crypto_init());
+
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE |
+ PSA_KEY_USAGE_VERIFY_MESSAGE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
+
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_bits = psa_get_key_bits(&attributes);
+
+ signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg);
+ TEST_ASSERT(signature_size != 0);
+ TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE);
+ ASSERT_ALLOC(signature, signature_size);
+
+ PSA_ASSERT(psa_sign_message(key, alg,
+ input_data->x, input_data->len,
+ signature, signature_size,
+ &signature_length));
+ TEST_LE_U(signature_length, signature_size);
+ TEST_ASSERT(signature_length > 0);
+
+ PSA_ASSERT(psa_verify_message(key, alg,
+ input_data->x, input_data->len,
+ signature, signature_length));
+
+ if (input_data->len != 0) {
+ /* Flip a bit in the input and verify that the signature is now
+ * detected as invalid. Flip a bit at the beginning, not at the end,
+ * because ECDSA may ignore the last few bits of the input. */
+ input_data->x[0] ^= 1;
+ TEST_EQUAL(psa_verify_message(key, alg,
+ input_data->x, input_data->len,
+ signature, signature_length),
+ PSA_ERROR_INVALID_SIGNATURE);
+ }
+
+exit:
+ psa_reset_key_attributes(&attributes);
+
+ psa_destroy_key(key);
+ mbedtls_free(signature);
+ PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void verify_message(int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input_data,
+ data_t *signature_data)
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ TEST_LE_U(signature_data->len, PSA_SIGNATURE_MAX_SIZE);
+
+ PSA_ASSERT(psa_crypto_init());
+
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
+
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+
+ PSA_ASSERT(psa_verify_message(key, alg,
+ input_data->x, input_data->len,
+ signature_data->x, signature_data->len));
+
+exit:
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void verify_message_fail(int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *hash_data,
+ data_t *signature_data,
+ int expected_status_arg)
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t actual_status;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT(psa_crypto_init());
+
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
+
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+
+ actual_status = psa_verify_message(key, alg,
+ hash_data->x, hash_data->len,
+ signature_data->x,
+ signature_data->len);
+ TEST_EQUAL(actual_status, expected_status);
+
+exit:
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void asymmetric_encrypt(int key_type_arg,
data_t *key_data,
int alg_arg,
data_t *input_data,
- int signature_size_arg,
- int expected_status_arg )
-{
- mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
- psa_key_type_t key_type = key_type_arg;
- psa_algorithm_t alg = alg_arg;
- size_t signature_size = signature_size_arg;
- psa_status_t actual_status;
- psa_status_t expected_status = expected_status_arg;
- unsigned char *signature = NULL;
- size_t signature_length = 0xdeadbeef;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-
- ASSERT_ALLOC( signature, signature_size );
-
- PSA_ASSERT( psa_crypto_init( ) );
-
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
-
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
-
- actual_status = psa_sign_message( key, alg,
- input_data->x, input_data->len,
- signature, signature_size,
- &signature_length );
- TEST_EQUAL( actual_status, expected_status );
- /* The value of *signature_length is unspecified on error, but
- * whatever it is, it should be less than signature_size, so that
- * if the caller tries to read *signature_length bytes without
- * checking the error code then they don't overflow a buffer. */
- TEST_LE_U( signature_length, signature_size );
-
-exit:
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key );
- mbedtls_free( signature );
- PSA_DONE( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void sign_verify_message( int key_type_arg,
- data_t *key_data,
- int alg_arg,
- data_t *input_data )
-{
- mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
- psa_key_type_t key_type = key_type_arg;
- psa_algorithm_t alg = alg_arg;
- size_t key_bits;
- unsigned char *signature = NULL;
- size_t signature_size;
- size_t signature_length = 0xdeadbeef;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-
- PSA_ASSERT( psa_crypto_init( ) );
-
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE |
- PSA_KEY_USAGE_VERIFY_MESSAGE );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
-
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_bits = psa_get_key_bits( &attributes );
-
- signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg );
- TEST_ASSERT( signature_size != 0 );
- TEST_LE_U( signature_size, PSA_SIGNATURE_MAX_SIZE );
- ASSERT_ALLOC( signature, signature_size );
-
- PSA_ASSERT( psa_sign_message( key, alg,
- input_data->x, input_data->len,
- signature, signature_size,
- &signature_length ) );
- TEST_LE_U( signature_length, signature_size );
- TEST_ASSERT( signature_length > 0 );
-
- PSA_ASSERT( psa_verify_message( key, alg,
- input_data->x, input_data->len,
- signature, signature_length ) );
-
- if( input_data->len != 0 )
- {
- /* Flip a bit in the input and verify that the signature is now
- * detected as invalid. Flip a bit at the beginning, not at the end,
- * because ECDSA may ignore the last few bits of the input. */
- input_data->x[0] ^= 1;
- TEST_EQUAL( psa_verify_message( key, alg,
- input_data->x, input_data->len,
- signature, signature_length ),
- PSA_ERROR_INVALID_SIGNATURE );
- }
-
-exit:
- psa_reset_key_attributes( &attributes );
-
- psa_destroy_key( key );
- mbedtls_free( signature );
- PSA_DONE( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void verify_message( int key_type_arg,
- data_t *key_data,
- int alg_arg,
- data_t *input_data,
- data_t *signature_data )
-{
- mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
- psa_key_type_t key_type = key_type_arg;
- psa_algorithm_t alg = alg_arg;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-
- TEST_LE_U( signature_data->len, PSA_SIGNATURE_MAX_SIZE );
-
- PSA_ASSERT( psa_crypto_init( ) );
-
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
-
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
-
- PSA_ASSERT( psa_verify_message( key, alg,
- input_data->x, input_data->len,
- signature_data->x, signature_data->len ) );
-
-exit:
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key );
- PSA_DONE( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void verify_message_fail( int key_type_arg,
- data_t *key_data,
- int alg_arg,
- data_t *hash_data,
- data_t *signature_data,
- int expected_status_arg )
-{
- mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
- psa_key_type_t key_type = key_type_arg;
- psa_algorithm_t alg = alg_arg;
- psa_status_t actual_status;
- psa_status_t expected_status = expected_status_arg;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-
- PSA_ASSERT( psa_crypto_init( ) );
-
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
-
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
-
- actual_status = psa_verify_message( key, alg,
- hash_data->x, hash_data->len,
- signature_data->x,
- signature_data->len );
- TEST_EQUAL( actual_status, expected_status );
-
-exit:
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key );
- PSA_DONE( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void asymmetric_encrypt( int key_type_arg,
- data_t *key_data,
- int alg_arg,
- data_t *input_data,
- data_t *label,
- int expected_output_length_arg,
- int expected_status_arg )
+ data_t *label,
+ int expected_output_length_arg,
+ int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -4138,46 +4149,46 @@
psa_status_t expected_status = expected_status_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/* Import the key */
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
/* Determine the maximum output length */
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_bits = psa_get_key_bits( &attributes );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_bits = psa_get_key_bits(&attributes);
- output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
- TEST_LE_U( output_size, PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE );
- ASSERT_ALLOC( output, output_size );
+ output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg);
+ TEST_LE_U(output_size, PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE);
+ ASSERT_ALLOC(output, output_size);
/* Encrypt the input */
- actual_status = psa_asymmetric_encrypt( key, alg,
- input_data->x, input_data->len,
- label->x, label->len,
- output, output_size,
- &output_length );
- TEST_EQUAL( actual_status, expected_status );
- TEST_EQUAL( output_length, expected_output_length );
+ actual_status = psa_asymmetric_encrypt(key, alg,
+ input_data->x, input_data->len,
+ label->x, label->len,
+ output, output_size,
+ &output_length);
+ TEST_EQUAL(actual_status, expected_status);
+ TEST_EQUAL(output_length, expected_output_length);
/* If the label is empty, the test framework puts a non-null pointer
* in label->x. Test that a null pointer works as well. */
- if( label->len == 0 )
- {
+ if (label->len == 0) {
output_length = ~0;
- if( output_size != 0 )
- memset( output, 0, output_size );
- actual_status = psa_asymmetric_encrypt( key, alg,
- input_data->x, input_data->len,
- NULL, label->len,
- output, output_size,
- &output_length );
- TEST_EQUAL( actual_status, expected_status );
- TEST_EQUAL( output_length, expected_output_length );
+ if (output_size != 0) {
+ memset(output, 0, output_size);
+ }
+ actual_status = psa_asymmetric_encrypt(key, alg,
+ input_data->x, input_data->len,
+ NULL, label->len,
+ output, output_size,
+ &output_length);
+ TEST_EQUAL(actual_status, expected_status);
+ TEST_EQUAL(output_length, expected_output_length);
}
exit:
@@ -4185,20 +4196,20 @@
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- psa_destroy_key( key );
- mbedtls_free( output );
- PSA_DONE( );
+ psa_destroy_key(key);
+ mbedtls_free(output);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void asymmetric_encrypt_decrypt( int key_type_arg,
- data_t *key_data,
- int alg_arg,
- data_t *input_data,
- data_t *label )
+void asymmetric_encrypt_decrypt(int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input_data,
+ data_t *label)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -4212,70 +4223,70 @@
size_t output2_length = ~0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
/* Determine the maximum ciphertext length */
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_bits = psa_get_key_bits( &attributes );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_bits = psa_get_key_bits(&attributes);
- output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
- TEST_LE_U( output_size, PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE );
- ASSERT_ALLOC( output, output_size );
+ output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg);
+ TEST_LE_U(output_size, PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE);
+ ASSERT_ALLOC(output, output_size);
output2_size = input_data->len;
- TEST_LE_U( output2_size,
- PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg ) );
- TEST_LE_U( output2_size, PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE );
- ASSERT_ALLOC( output2, output2_size );
+ TEST_LE_U(output2_size,
+ PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg));
+ TEST_LE_U(output2_size, PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE);
+ ASSERT_ALLOC(output2, output2_size);
/* We test encryption by checking that encrypt-then-decrypt gives back
* the original plaintext because of the non-optional random
* part of encryption process which prevents using fixed vectors. */
- PSA_ASSERT( psa_asymmetric_encrypt( key, alg,
- input_data->x, input_data->len,
- label->x, label->len,
- output, output_size,
- &output_length ) );
+ PSA_ASSERT(psa_asymmetric_encrypt(key, alg,
+ input_data->x, input_data->len,
+ label->x, label->len,
+ output, output_size,
+ &output_length));
/* We don't know what ciphertext length to expect, but check that
* it looks sensible. */
- TEST_LE_U( output_length, output_size );
+ TEST_LE_U(output_length, output_size);
- PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
- output, output_length,
- label->x, label->len,
- output2, output2_size,
- &output2_length ) );
- ASSERT_COMPARE( input_data->x, input_data->len,
- output2, output2_length );
+ PSA_ASSERT(psa_asymmetric_decrypt(key, alg,
+ output, output_length,
+ label->x, label->len,
+ output2, output2_size,
+ &output2_length));
+ ASSERT_COMPARE(input_data->x, input_data->len,
+ output2, output2_length);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- psa_destroy_key( key );
- mbedtls_free( output );
- mbedtls_free( output2 );
- PSA_DONE( );
+ psa_destroy_key(key);
+ mbedtls_free(output);
+ mbedtls_free(output2);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void asymmetric_decrypt( int key_type_arg,
- data_t *key_data,
- int alg_arg,
- data_t *input_data,
- data_t *label,
- data_t *expected_data )
+void asymmetric_decrypt(int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input_data,
+ data_t *label,
+ data_t *expected_data)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -4286,65 +4297,65 @@
size_t output_length = ~0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_bits = psa_get_key_bits( &attributes );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_bits = psa_get_key_bits(&attributes);
/* Determine the maximum ciphertext length */
- output_size = PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
- TEST_LE_U( output_size, PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE );
- ASSERT_ALLOC( output, output_size );
+ output_size = PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg);
+ TEST_LE_U(output_size, PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE);
+ ASSERT_ALLOC(output, output_size);
- PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
- input_data->x, input_data->len,
- label->x, label->len,
- output,
- output_size,
- &output_length ) );
- ASSERT_COMPARE( expected_data->x, expected_data->len,
- output, output_length );
+ PSA_ASSERT(psa_asymmetric_decrypt(key, alg,
+ input_data->x, input_data->len,
+ label->x, label->len,
+ output,
+ output_size,
+ &output_length));
+ ASSERT_COMPARE(expected_data->x, expected_data->len,
+ output, output_length);
/* If the label is empty, the test framework puts a non-null pointer
* in label->x. Test that a null pointer works as well. */
- if( label->len == 0 )
- {
+ if (label->len == 0) {
output_length = ~0;
- if( output_size != 0 )
- memset( output, 0, output_size );
- PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
- input_data->x, input_data->len,
- NULL, label->len,
- output,
- output_size,
- &output_length ) );
- ASSERT_COMPARE( expected_data->x, expected_data->len,
- output, output_length );
+ if (output_size != 0) {
+ memset(output, 0, output_size);
+ }
+ PSA_ASSERT(psa_asymmetric_decrypt(key, alg,
+ input_data->x, input_data->len,
+ NULL, label->len,
+ output,
+ output_size,
+ &output_length));
+ ASSERT_COMPARE(expected_data->x, expected_data->len,
+ output, output_length);
}
exit:
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key );
- mbedtls_free( output );
- PSA_DONE( );
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ mbedtls_free(output);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void asymmetric_decrypt_fail( int key_type_arg,
- data_t *key_data,
- int alg_arg,
- data_t *input_data,
- data_t *label,
- int output_size_arg,
- int expected_status_arg )
+void asymmetric_decrypt_fail(int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input_data,
+ data_t *label,
+ int output_size_arg,
+ int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -4356,135 +4367,135 @@
psa_status_t expected_status = expected_status_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- ASSERT_ALLOC( output, output_size );
+ ASSERT_ALLOC(output, output_size);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- actual_status = psa_asymmetric_decrypt( key, alg,
- input_data->x, input_data->len,
- label->x, label->len,
- output, output_size,
- &output_length );
- TEST_EQUAL( actual_status, expected_status );
- TEST_LE_U( output_length, output_size );
+ actual_status = psa_asymmetric_decrypt(key, alg,
+ input_data->x, input_data->len,
+ label->x, label->len,
+ output, output_size,
+ &output_length);
+ TEST_EQUAL(actual_status, expected_status);
+ TEST_LE_U(output_length, output_size);
/* If the label is empty, the test framework puts a non-null pointer
* in label->x. Test that a null pointer works as well. */
- if( label->len == 0 )
- {
+ if (label->len == 0) {
output_length = ~0;
- if( output_size != 0 )
- memset( output, 0, output_size );
- actual_status = psa_asymmetric_decrypt( key, alg,
- input_data->x, input_data->len,
- NULL, label->len,
- output, output_size,
- &output_length );
- TEST_EQUAL( actual_status, expected_status );
- TEST_LE_U( output_length, output_size );
+ if (output_size != 0) {
+ memset(output, 0, output_size);
+ }
+ actual_status = psa_asymmetric_decrypt(key, alg,
+ input_data->x, input_data->len,
+ NULL, label->len,
+ output, output_size,
+ &output_length);
+ TEST_EQUAL(actual_status, expected_status);
+ TEST_LE_U(output_length, output_size);
}
exit:
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key );
- mbedtls_free( output );
- PSA_DONE( );
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ mbedtls_free(output);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void key_derivation_init( )
+void key_derivation_init()
{
/* Test each valid way of initializing the object, except for `= {0}`, as
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
* to suppress the Clang warning for the test. */
size_t capacity;
- psa_key_derivation_operation_t func = psa_key_derivation_operation_init( );
+ psa_key_derivation_operation_t func = psa_key_derivation_operation_init();
psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t zero;
- memset( &zero, 0, sizeof( zero ) );
+ memset(&zero, 0, sizeof(zero));
/* A default operation should not be able to report its capacity. */
- TEST_EQUAL( psa_key_derivation_get_capacity( &func, &capacity ),
- PSA_ERROR_BAD_STATE );
- TEST_EQUAL( psa_key_derivation_get_capacity( &init, &capacity ),
- PSA_ERROR_BAD_STATE );
- TEST_EQUAL( psa_key_derivation_get_capacity( &zero, &capacity ),
- PSA_ERROR_BAD_STATE );
+ TEST_EQUAL(psa_key_derivation_get_capacity(&func, &capacity),
+ PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(psa_key_derivation_get_capacity(&init, &capacity),
+ PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(psa_key_derivation_get_capacity(&zero, &capacity),
+ PSA_ERROR_BAD_STATE);
/* A default operation should be abortable without error. */
- PSA_ASSERT( psa_key_derivation_abort(&func) );
- PSA_ASSERT( psa_key_derivation_abort(&init) );
- PSA_ASSERT( psa_key_derivation_abort(&zero) );
+ PSA_ASSERT(psa_key_derivation_abort(&func));
+ PSA_ASSERT(psa_key_derivation_abort(&init));
+ PSA_ASSERT(psa_key_derivation_abort(&zero));
}
/* END_CASE */
/* BEGIN_CASE */
-void derive_setup( int alg_arg, int expected_status_arg )
+void derive_setup(int alg_arg, int expected_status_arg)
{
psa_algorithm_t alg = alg_arg;
psa_status_t expected_status = expected_status_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- TEST_EQUAL( psa_key_derivation_setup( &operation, alg ),
- expected_status );
+ TEST_EQUAL(psa_key_derivation_setup(&operation, alg),
+ expected_status);
exit:
- psa_key_derivation_abort( &operation );
- PSA_DONE( );
+ psa_key_derivation_abort(&operation);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void derive_set_capacity( int alg_arg, int capacity_arg,
- int expected_status_arg )
+void derive_set_capacity(int alg_arg, int capacity_arg,
+ int expected_status_arg)
{
psa_algorithm_t alg = alg_arg;
size_t capacity = capacity_arg;
psa_status_t expected_status = expected_status_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+ PSA_ASSERT(psa_key_derivation_setup(&operation, alg));
- TEST_EQUAL( psa_key_derivation_set_capacity( &operation, capacity ),
- expected_status );
+ TEST_EQUAL(psa_key_derivation_set_capacity(&operation, capacity),
+ expected_status);
exit:
- psa_key_derivation_abort( &operation );
- PSA_DONE( );
+ psa_key_derivation_abort(&operation);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void derive_input( int alg_arg,
- int step_arg1, int key_type_arg1, data_t *input1,
- int expected_status_arg1,
- int step_arg2, int key_type_arg2, data_t *input2,
- int expected_status_arg2,
- int step_arg3, int key_type_arg3, data_t *input3,
- int expected_status_arg3,
- int output_key_type_arg, int expected_output_status_arg )
+void derive_input(int alg_arg,
+ int step_arg1, int key_type_arg1, data_t *input1,
+ int expected_status_arg1,
+ int step_arg2, int key_type_arg2, data_t *input2,
+ int expected_status_arg2,
+ int step_arg3, int key_type_arg3, data_t *input3,
+ int expected_status_arg3,
+ int output_key_type_arg, int expected_output_status_arg)
{
psa_algorithm_t alg = alg_arg;
- psa_key_derivation_step_t steps[] = {step_arg1, step_arg2, step_arg3};
- psa_key_type_t key_types[] = {key_type_arg1, key_type_arg2, key_type_arg3};
- psa_status_t expected_statuses[] = {expected_status_arg1,
- expected_status_arg2,
- expected_status_arg3};
- data_t *inputs[] = {input1, input2, input3};
+ psa_key_derivation_step_t steps[] = { step_arg1, step_arg2, step_arg3 };
+ psa_key_type_t key_types[] = { key_type_arg1, key_type_arg2, key_type_arg3 };
+ psa_status_t expected_statuses[] = { expected_status_arg1,
+ expected_status_arg2,
+ expected_status_arg3 };
+ data_t *inputs[] = { input1, input2, input3 };
mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT,
MBEDTLS_SVC_KEY_ID_INIT,
MBEDTLS_SVC_KEY_ID_INIT };
@@ -4496,179 +4507,169 @@
psa_status_t expected_output_status = expected_output_status_arg;
psa_status_t actual_output_status;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&attributes, alg);
- PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+ PSA_ASSERT(psa_key_derivation_setup(&operation, alg));
- for( i = 0; i < ARRAY_LENGTH( steps ); i++ )
- {
- mbedtls_test_set_step( i );
- if( steps[i] == 0 )
- {
+ for (i = 0; i < ARRAY_LENGTH(steps); i++) {
+ mbedtls_test_set_step(i);
+ if (steps[i] == 0) {
/* Skip this step */
- }
- else if( key_types[i] != PSA_KEY_TYPE_NONE )
- {
- psa_set_key_type( &attributes, key_types[i] );
- PSA_ASSERT( psa_import_key( &attributes,
- inputs[i]->x, inputs[i]->len,
- &keys[i] ) );
- if( PSA_KEY_TYPE_IS_KEY_PAIR( key_types[i] ) &&
- steps[i] == PSA_KEY_DERIVATION_INPUT_SECRET )
- {
+ } else if (key_types[i] != PSA_KEY_TYPE_NONE) {
+ psa_set_key_type(&attributes, key_types[i]);
+ PSA_ASSERT(psa_import_key(&attributes,
+ inputs[i]->x, inputs[i]->len,
+ &keys[i]));
+ if (PSA_KEY_TYPE_IS_KEY_PAIR(key_types[i]) &&
+ steps[i] == PSA_KEY_DERIVATION_INPUT_SECRET) {
// When taking a private key as secret input, use key agreement
// to add the shared secret to the derivation
- TEST_EQUAL( mbedtls_test_psa_key_agreement_with_self(
- &operation, keys[i] ),
- expected_statuses[i] );
+ TEST_EQUAL(mbedtls_test_psa_key_agreement_with_self(
+ &operation, keys[i]),
+ expected_statuses[i]);
+ } else {
+ TEST_EQUAL(psa_key_derivation_input_key(&operation, steps[i],
+ keys[i]),
+ expected_statuses[i]);
}
- else
- {
- TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i],
- keys[i] ),
- expected_statuses[i] );
- }
- }
- else
- {
- TEST_EQUAL( psa_key_derivation_input_bytes(
- &operation, steps[i],
- inputs[i]->x, inputs[i]->len ),
- expected_statuses[i] );
+ } else {
+ TEST_EQUAL(psa_key_derivation_input_bytes(
+ &operation, steps[i],
+ inputs[i]->x, inputs[i]->len),
+ expected_statuses[i]);
}
}
- if( output_key_type != PSA_KEY_TYPE_NONE )
- {
- psa_reset_key_attributes( &attributes );
- psa_set_key_type( &attributes, output_key_type );
- psa_set_key_bits( &attributes, 8 );
+ if (output_key_type != PSA_KEY_TYPE_NONE) {
+ psa_reset_key_attributes(&attributes);
+ psa_set_key_type(&attributes, output_key_type);
+ psa_set_key_bits(&attributes, 8);
actual_output_status =
- psa_key_derivation_output_key( &attributes, &operation,
- &output_key );
- }
- else
- {
+ psa_key_derivation_output_key(&attributes, &operation,
+ &output_key);
+ } else {
uint8_t buffer[1];
actual_output_status =
- psa_key_derivation_output_bytes( &operation,
- buffer, sizeof( buffer ) );
+ psa_key_derivation_output_bytes(&operation,
+ buffer, sizeof(buffer));
}
- TEST_EQUAL( actual_output_status, expected_output_status );
+ TEST_EQUAL(actual_output_status, expected_output_status);
exit:
- psa_key_derivation_abort( &operation );
- for( i = 0; i < ARRAY_LENGTH( keys ); i++ )
- psa_destroy_key( keys[i] );
- psa_destroy_key( output_key );
- PSA_DONE( );
+ psa_key_derivation_abort(&operation);
+ for (i = 0; i < ARRAY_LENGTH(keys); i++) {
+ psa_destroy_key(keys[i]);
+ }
+ psa_destroy_key(output_key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void derive_over_capacity( int alg_arg )
+void derive_over_capacity(int alg_arg)
{
psa_algorithm_t alg = alg_arg;
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
size_t key_type = PSA_KEY_TYPE_DERIVE;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char input1[] = "Input 1";
- size_t input1_length = sizeof( input1 );
+ size_t input1_length = sizeof(input1);
unsigned char input2[] = "Input 2";
- size_t input2_length = sizeof( input2 );
+ size_t input2_length = sizeof(input2);
uint8_t buffer[42];
- size_t capacity = sizeof( buffer );
+ size_t capacity = sizeof(buffer);
const uint8_t key_data[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b};
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes,
- key_data, sizeof( key_data ),
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes,
+ key_data, sizeof(key_data),
+ &key));
/* valid key derivation */
- if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg,
- input1, input1_length,
- input2, input2_length,
- capacity ) )
+ if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, key, alg,
+ input1, input1_length,
+ input2, input2_length,
+ capacity)) {
goto exit;
+ }
/* state of operation shouldn't allow additional generation */
- TEST_EQUAL( psa_key_derivation_setup( &operation, alg ),
- PSA_ERROR_BAD_STATE );
+ TEST_EQUAL(psa_key_derivation_setup(&operation, alg),
+ PSA_ERROR_BAD_STATE);
- PSA_ASSERT( psa_key_derivation_output_bytes( &operation, buffer, capacity ) );
+ PSA_ASSERT(psa_key_derivation_output_bytes(&operation, buffer, capacity));
- TEST_EQUAL( psa_key_derivation_output_bytes( &operation, buffer, capacity ),
- PSA_ERROR_INSUFFICIENT_DATA );
+ TEST_EQUAL(psa_key_derivation_output_bytes(&operation, buffer, capacity),
+ PSA_ERROR_INSUFFICIENT_DATA);
exit:
- psa_key_derivation_abort( &operation );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_key_derivation_abort(&operation);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void derive_actions_without_setup( )
+void derive_actions_without_setup()
{
uint8_t output_buffer[16];
size_t buffer_size = 16;
size_t capacity = 0;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
- TEST_ASSERT( psa_key_derivation_output_bytes( &operation,
- output_buffer, buffer_size )
- == PSA_ERROR_BAD_STATE );
+ TEST_ASSERT(psa_key_derivation_output_bytes(&operation,
+ output_buffer, buffer_size)
+ == PSA_ERROR_BAD_STATE);
- TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
- == PSA_ERROR_BAD_STATE );
+ TEST_ASSERT(psa_key_derivation_get_capacity(&operation, &capacity)
+ == PSA_ERROR_BAD_STATE);
- PSA_ASSERT( psa_key_derivation_abort( &operation ) );
+ PSA_ASSERT(psa_key_derivation_abort(&operation));
- TEST_ASSERT( psa_key_derivation_output_bytes( &operation,
- output_buffer, buffer_size )
- == PSA_ERROR_BAD_STATE );
+ TEST_ASSERT(psa_key_derivation_output_bytes(&operation,
+ output_buffer, buffer_size)
+ == PSA_ERROR_BAD_STATE);
- TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
- == PSA_ERROR_BAD_STATE );
+ TEST_ASSERT(psa_key_derivation_get_capacity(&operation, &capacity)
+ == PSA_ERROR_BAD_STATE);
exit:
- psa_key_derivation_abort( &operation );
+ psa_key_derivation_abort(&operation);
}
/* END_CASE */
/* BEGIN_CASE */
-void derive_output( int alg_arg,
- int step1_arg, data_t *input1,
- int step2_arg, data_t *input2,
- int step3_arg, data_t *input3,
- int requested_capacity_arg,
- data_t *expected_output1,
- data_t *expected_output2 )
+void derive_output(int alg_arg,
+ int step1_arg, data_t *input1,
+ int step2_arg, data_t *input2,
+ int step3_arg, data_t *input3,
+ int requested_capacity_arg,
+ data_t *expected_output1,
+ data_t *expected_output2)
{
psa_algorithm_t alg = alg_arg;
- psa_key_derivation_step_t steps[] = {step1_arg, step2_arg, step3_arg};
- data_t *inputs[] = {input1, input2, input3};
+ psa_key_derivation_step_t steps[] = { step1_arg, step2_arg, step3_arg };
+ data_t *inputs[] = { input1, input2, input3 };
mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT,
MBEDTLS_SVC_KEY_ID_INIT,
MBEDTLS_SVC_KEY_ID_INIT };
size_t requested_capacity = requested_capacity_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
uint8_t *expected_outputs[2] =
- {expected_output1->x, expected_output2->x};
+ { expected_output1->x, expected_output2->x };
size_t output_sizes[2] =
- {expected_output1->len, expected_output2->len};
+ { expected_output1->len, expected_output2->len };
size_t output_buffer_size = 0;
uint8_t *output_buffer = NULL;
size_t expected_capacity;
@@ -4677,107 +4678,103 @@
psa_status_t status;
size_t i;
- for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
- {
- if( output_sizes[i] > output_buffer_size )
+ for (i = 0; i < ARRAY_LENGTH(expected_outputs); i++) {
+ if (output_sizes[i] > output_buffer_size) {
output_buffer_size = output_sizes[i];
- if( output_sizes[i] == 0 )
+ }
+ if (output_sizes[i] == 0) {
expected_outputs[i] = NULL;
+ }
}
- ASSERT_ALLOC( output_buffer, output_buffer_size );
- PSA_ASSERT( psa_crypto_init( ) );
+ ASSERT_ALLOC(output_buffer, output_buffer_size);
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
/* Extraction phase. */
- PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
- PSA_ASSERT( psa_key_derivation_set_capacity( &operation,
- requested_capacity ) );
- for( i = 0; i < ARRAY_LENGTH( steps ); i++ )
- {
- switch( steps[i] )
- {
+ PSA_ASSERT(psa_key_derivation_setup(&operation, alg));
+ PSA_ASSERT(psa_key_derivation_set_capacity(&operation,
+ requested_capacity));
+ for (i = 0; i < ARRAY_LENGTH(steps); i++) {
+ switch (steps[i]) {
case 0:
break;
case PSA_KEY_DERIVATION_INPUT_SECRET:
- PSA_ASSERT( psa_import_key( &attributes,
- inputs[i]->x, inputs[i]->len,
- &keys[i] ) );
+ PSA_ASSERT(psa_import_key(&attributes,
+ inputs[i]->x, inputs[i]->len,
+ &keys[i]));
- if ( PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
- {
- PSA_ASSERT( psa_get_key_attributes( keys[i], &attributes ) );
- TEST_ASSERT( PSA_BITS_TO_BYTES( psa_get_key_bits( &attributes ) ) <=
- PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE );
+ if (PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) {
+ PSA_ASSERT(psa_get_key_attributes(keys[i], &attributes));
+ TEST_ASSERT(PSA_BITS_TO_BYTES(psa_get_key_bits(&attributes)) <=
+ PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE);
}
- PSA_ASSERT( psa_key_derivation_input_key(
- &operation, steps[i], keys[i] ) );
+ PSA_ASSERT(psa_key_derivation_input_key(
+ &operation, steps[i], keys[i]));
break;
default:
- PSA_ASSERT( psa_key_derivation_input_bytes(
- &operation, steps[i],
- inputs[i]->x, inputs[i]->len ) );
+ PSA_ASSERT(psa_key_derivation_input_bytes(
+ &operation, steps[i],
+ inputs[i]->x, inputs[i]->len));
break;
}
}
- PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
- ¤t_capacity ) );
- TEST_EQUAL( current_capacity, requested_capacity );
+ PSA_ASSERT(psa_key_derivation_get_capacity(&operation,
+ ¤t_capacity));
+ TEST_EQUAL(current_capacity, requested_capacity);
expected_capacity = requested_capacity;
/* Expansion phase. */
- for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
- {
+ for (i = 0; i < ARRAY_LENGTH(expected_outputs); i++) {
/* Read some bytes. */
- status = psa_key_derivation_output_bytes( &operation,
- output_buffer, output_sizes[i] );
- if( expected_capacity == 0 && output_sizes[i] == 0 )
- {
+ status = psa_key_derivation_output_bytes(&operation,
+ output_buffer, output_sizes[i]);
+ if (expected_capacity == 0 && output_sizes[i] == 0) {
/* Reading 0 bytes when 0 bytes are available can go either way. */
- TEST_ASSERT( status == PSA_SUCCESS ||
- status == PSA_ERROR_INSUFFICIENT_DATA );
+ TEST_ASSERT(status == PSA_SUCCESS ||
+ status == PSA_ERROR_INSUFFICIENT_DATA);
continue;
- }
- else if( expected_capacity == 0 ||
- output_sizes[i] > expected_capacity )
- {
+ } else if (expected_capacity == 0 ||
+ output_sizes[i] > expected_capacity) {
/* Capacity exceeded. */
- TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_DATA );
+ TEST_EQUAL(status, PSA_ERROR_INSUFFICIENT_DATA);
expected_capacity = 0;
continue;
}
/* Success. Check the read data. */
- PSA_ASSERT( status );
- if( output_sizes[i] != 0 )
- ASSERT_COMPARE( output_buffer, output_sizes[i],
- expected_outputs[i], output_sizes[i] );
+ PSA_ASSERT(status);
+ if (output_sizes[i] != 0) {
+ ASSERT_COMPARE(output_buffer, output_sizes[i],
+ expected_outputs[i], output_sizes[i]);
+ }
/* Check the operation status. */
expected_capacity -= output_sizes[i];
- PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
- ¤t_capacity ) );
- TEST_EQUAL( expected_capacity, current_capacity );
+ PSA_ASSERT(psa_key_derivation_get_capacity(&operation,
+ ¤t_capacity));
+ TEST_EQUAL(expected_capacity, current_capacity);
}
- PSA_ASSERT( psa_key_derivation_abort( &operation ) );
+ PSA_ASSERT(psa_key_derivation_abort(&operation));
exit:
- mbedtls_free( output_buffer );
- psa_key_derivation_abort( &operation );
- for( i = 0; i < ARRAY_LENGTH( keys ); i++ )
- psa_destroy_key( keys[i] );
- PSA_DONE( );
+ mbedtls_free(output_buffer);
+ psa_key_derivation_abort(&operation);
+ for (i = 0; i < ARRAY_LENGTH(keys); i++) {
+ psa_destroy_key(keys[i]);
+ }
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void derive_full( int alg_arg,
- data_t *key_data,
- data_t *input1,
- data_t *input2,
- int requested_capacity_arg )
+void derive_full(int alg_arg,
+ data_t *key_data,
+ data_t *input1,
+ data_t *input2,
+ int requested_capacity_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
@@ -4788,62 +4785,63 @@
size_t current_capacity;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg,
- input1->x, input1->len,
- input2->x, input2->len,
- requested_capacity ) )
+ if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, key, alg,
+ input1->x, input1->len,
+ input2->x, input2->len,
+ requested_capacity)) {
goto exit;
+ }
- PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
- ¤t_capacity ) );
- TEST_EQUAL( current_capacity, expected_capacity );
+ PSA_ASSERT(psa_key_derivation_get_capacity(&operation,
+ ¤t_capacity));
+ TEST_EQUAL(current_capacity, expected_capacity);
/* Expansion phase. */
- while( current_capacity > 0 )
- {
- size_t read_size = sizeof( output_buffer );
- if( read_size > current_capacity )
+ while (current_capacity > 0) {
+ size_t read_size = sizeof(output_buffer);
+ if (read_size > current_capacity) {
read_size = current_capacity;
- PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
- output_buffer,
- read_size ) );
+ }
+ PSA_ASSERT(psa_key_derivation_output_bytes(&operation,
+ output_buffer,
+ read_size));
expected_capacity -= read_size;
- PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
- ¤t_capacity ) );
- TEST_EQUAL( current_capacity, expected_capacity );
+ PSA_ASSERT(psa_key_derivation_get_capacity(&operation,
+ ¤t_capacity));
+ TEST_EQUAL(current_capacity, expected_capacity);
}
/* Check that the operation refuses to go over capacity. */
- TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output_buffer, 1 ),
- PSA_ERROR_INSUFFICIENT_DATA );
+ TEST_EQUAL(psa_key_derivation_output_bytes(&operation, output_buffer, 1),
+ PSA_ERROR_INSUFFICIENT_DATA);
- PSA_ASSERT( psa_key_derivation_abort( &operation ) );
+ PSA_ASSERT(psa_key_derivation_abort(&operation));
exit:
- psa_key_derivation_abort( &operation );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_key_derivation_abort(&operation);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void derive_key_exercise( int alg_arg,
- data_t *key_data,
- data_t *input1,
- data_t *input2,
- int derived_type_arg,
- int derived_bits_arg,
- int derived_usage_arg,
- int derived_alg_arg )
+void derive_key_exercise(int alg_arg,
+ data_t *key_data,
+ data_t *input1,
+ data_t *input2,
+ int derived_type_arg,
+ int derived_bits_arg,
+ int derived_usage_arg,
+ int derived_alg_arg)
{
mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
@@ -4852,63 +4850,65 @@
size_t derived_bits = derived_bits_arg;
psa_key_usage_t derived_usage = derived_usage_arg;
psa_algorithm_t derived_alg = derived_alg_arg;
- size_t capacity = PSA_BITS_TO_BYTES( derived_bits );
+ size_t capacity = PSA_BITS_TO_BYTES(derived_bits);
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &base_key ) );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &base_key));
/* Derive a key. */
- if ( mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg,
- input1->x, input1->len,
- input2->x, input2->len,
- capacity ) )
+ if (mbedtls_test_psa_setup_key_derivation_wrap(&operation, base_key, alg,
+ input1->x, input1->len,
+ input2->x, input2->len,
+ capacity)) {
goto exit;
+ }
- psa_set_key_usage_flags( &attributes, derived_usage );
- psa_set_key_algorithm( &attributes, derived_alg );
- psa_set_key_type( &attributes, derived_type );
- psa_set_key_bits( &attributes, derived_bits );
- PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation,
- &derived_key ) );
+ psa_set_key_usage_flags(&attributes, derived_usage);
+ psa_set_key_algorithm(&attributes, derived_alg);
+ psa_set_key_type(&attributes, derived_type);
+ psa_set_key_bits(&attributes, derived_bits);
+ PSA_ASSERT(psa_key_derivation_output_key(&attributes, &operation,
+ &derived_key));
/* Test the key information */
- PSA_ASSERT( psa_get_key_attributes( derived_key, &got_attributes ) );
- TEST_EQUAL( psa_get_key_type( &got_attributes ), derived_type );
- TEST_EQUAL( psa_get_key_bits( &got_attributes ), derived_bits );
+ PSA_ASSERT(psa_get_key_attributes(derived_key, &got_attributes));
+ TEST_EQUAL(psa_get_key_type(&got_attributes), derived_type);
+ TEST_EQUAL(psa_get_key_bits(&got_attributes), derived_bits);
/* Exercise the derived key. */
- if( ! mbedtls_test_psa_exercise_key( derived_key, derived_usage, derived_alg ) )
+ if (!mbedtls_test_psa_exercise_key(derived_key, derived_usage, derived_alg)) {
goto exit;
+ }
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &got_attributes );
+ psa_reset_key_attributes(&got_attributes);
- psa_key_derivation_abort( &operation );
- psa_destroy_key( base_key );
- psa_destroy_key( derived_key );
- PSA_DONE( );
+ psa_key_derivation_abort(&operation);
+ psa_destroy_key(base_key);
+ psa_destroy_key(derived_key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void derive_key_export( int alg_arg,
- data_t *key_data,
- data_t *input1,
- data_t *input2,
- int bytes1_arg,
- int bytes2_arg )
+void derive_key_export(int alg_arg,
+ data_t *key_data,
+ data_t *input1,
+ data_t *input2,
+ int bytes1_arg,
+ int bytes2_arg)
{
mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
@@ -4923,74 +4923,76 @@
psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t length;
- ASSERT_ALLOC( output_buffer, capacity );
- ASSERT_ALLOC( export_buffer, capacity );
- PSA_ASSERT( psa_crypto_init( ) );
+ ASSERT_ALLOC(output_buffer, capacity);
+ ASSERT_ALLOC(export_buffer, capacity);
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &base_attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &base_attributes, alg );
- psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
- PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len,
- &base_key ) );
+ psa_set_key_usage_flags(&base_attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&base_attributes, alg);
+ psa_set_key_type(&base_attributes, PSA_KEY_TYPE_DERIVE);
+ PSA_ASSERT(psa_import_key(&base_attributes, key_data->x, key_data->len,
+ &base_key));
/* Derive some material and output it. */
- if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg,
- input1->x, input1->len,
- input2->x, input2->len,
- capacity ) )
+ if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, base_key, alg,
+ input1->x, input1->len,
+ input2->x, input2->len,
+ capacity)) {
goto exit;
+ }
- PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
- output_buffer,
- capacity ) );
- PSA_ASSERT( psa_key_derivation_abort( &operation ) );
+ PSA_ASSERT(psa_key_derivation_output_bytes(&operation,
+ output_buffer,
+ capacity));
+ PSA_ASSERT(psa_key_derivation_abort(&operation));
/* Derive the same output again, but this time store it in key objects. */
- if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg,
- input1->x, input1->len,
- input2->x, input2->len,
- capacity ) )
+ if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, base_key, alg,
+ input1->x, input1->len,
+ input2->x, input2->len,
+ capacity)) {
goto exit;
+ }
- psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT );
- psa_set_key_algorithm( &derived_attributes, 0 );
- psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA );
- psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) );
- PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
- &derived_key ) );
- PSA_ASSERT( psa_export_key( derived_key,
- export_buffer, bytes1,
- &length ) );
- TEST_EQUAL( length, bytes1 );
- PSA_ASSERT( psa_destroy_key( derived_key ) );
- psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) );
- PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
- &derived_key ) );
- PSA_ASSERT( psa_export_key( derived_key,
- export_buffer + bytes1, bytes2,
- &length ) );
- TEST_EQUAL( length, bytes2 );
+ psa_set_key_usage_flags(&derived_attributes, PSA_KEY_USAGE_EXPORT);
+ psa_set_key_algorithm(&derived_attributes, 0);
+ psa_set_key_type(&derived_attributes, PSA_KEY_TYPE_RAW_DATA);
+ psa_set_key_bits(&derived_attributes, PSA_BYTES_TO_BITS(bytes1));
+ PSA_ASSERT(psa_key_derivation_output_key(&derived_attributes, &operation,
+ &derived_key));
+ PSA_ASSERT(psa_export_key(derived_key,
+ export_buffer, bytes1,
+ &length));
+ TEST_EQUAL(length, bytes1);
+ PSA_ASSERT(psa_destroy_key(derived_key));
+ psa_set_key_bits(&derived_attributes, PSA_BYTES_TO_BITS(bytes2));
+ PSA_ASSERT(psa_key_derivation_output_key(&derived_attributes, &operation,
+ &derived_key));
+ PSA_ASSERT(psa_export_key(derived_key,
+ export_buffer + bytes1, bytes2,
+ &length));
+ TEST_EQUAL(length, bytes2);
/* Compare the outputs from the two runs. */
- ASSERT_COMPARE( output_buffer, bytes1 + bytes2,
- export_buffer, capacity );
+ ASSERT_COMPARE(output_buffer, bytes1 + bytes2,
+ export_buffer, capacity);
exit:
- mbedtls_free( output_buffer );
- mbedtls_free( export_buffer );
- psa_key_derivation_abort( &operation );
- psa_destroy_key( base_key );
- psa_destroy_key( derived_key );
- PSA_DONE( );
+ mbedtls_free(output_buffer);
+ mbedtls_free(export_buffer);
+ psa_key_derivation_abort(&operation);
+ psa_destroy_key(base_key);
+ psa_destroy_key(derived_key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void derive_key( int alg_arg,
- data_t *key_data, data_t *input1, data_t *input2,
- int type_arg, int bits_arg,
- int expected_status_arg,
- int is_large_output )
+void derive_key(int alg_arg,
+ data_t *key_data, data_t *input1, data_t *input2,
+ int type_arg, int bits_arg,
+ int expected_status_arg,
+ int is_large_output)
{
mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
@@ -5002,46 +5004,48 @@
psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &base_attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &base_attributes, alg );
- psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
- PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len,
- &base_key ) );
+ psa_set_key_usage_flags(&base_attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&base_attributes, alg);
+ psa_set_key_type(&base_attributes, PSA_KEY_TYPE_DERIVE);
+ PSA_ASSERT(psa_import_key(&base_attributes, key_data->x, key_data->len,
+ &base_key));
- if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg,
- input1->x, input1->len,
- input2->x, input2->len,
- SIZE_MAX ) )
+ if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, base_key, alg,
+ input1->x, input1->len,
+ input2->x, input2->len,
+ SIZE_MAX)) {
goto exit;
+ }
- psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT );
- psa_set_key_algorithm( &derived_attributes, 0 );
- psa_set_key_type( &derived_attributes, type );
- psa_set_key_bits( &derived_attributes, bits );
+ psa_set_key_usage_flags(&derived_attributes, PSA_KEY_USAGE_EXPORT);
+ psa_set_key_algorithm(&derived_attributes, 0);
+ psa_set_key_type(&derived_attributes, type);
+ psa_set_key_bits(&derived_attributes, bits);
psa_status_t status =
- psa_key_derivation_output_key( &derived_attributes,
- &operation,
- &derived_key );
- if( is_large_output > 0 )
- TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY );
- TEST_EQUAL( status, expected_status );
+ psa_key_derivation_output_key(&derived_attributes,
+ &operation,
+ &derived_key);
+ if (is_large_output > 0) {
+ TEST_ASSUME(status != PSA_ERROR_INSUFFICIENT_MEMORY);
+ }
+ TEST_EQUAL(status, expected_status);
exit:
- psa_key_derivation_abort( &operation );
- psa_destroy_key( base_key );
- psa_destroy_key( derived_key );
- PSA_DONE( );
+ psa_key_derivation_abort(&operation);
+ psa_destroy_key(base_key);
+ psa_destroy_key(derived_key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void key_agreement_setup( int alg_arg,
- int our_key_type_arg, int our_key_alg_arg,
- data_t *our_key_data, data_t *peer_key_data,
- int expected_status_arg )
+void key_agreement_setup(int alg_arg,
+ int our_key_type_arg, int our_key_alg_arg,
+ data_t *our_key_data, data_t *peer_key_data,
+ int expected_status_arg)
{
mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
@@ -5052,45 +5056,42 @@
psa_status_t expected_status = expected_status_arg;
psa_status_t status;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &attributes, our_key_alg );
- psa_set_key_type( &attributes, our_key_type );
- PSA_ASSERT( psa_import_key( &attributes,
- our_key_data->x, our_key_data->len,
- &our_key ) );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&attributes, our_key_alg);
+ psa_set_key_type(&attributes, our_key_type);
+ PSA_ASSERT(psa_import_key(&attributes,
+ our_key_data->x, our_key_data->len,
+ &our_key));
/* The tests currently include inputs that should fail at either step.
* Test cases that fail at the setup step should be changed to call
* key_derivation_setup instead, and this function should be renamed
* to key_agreement_fail. */
- status = psa_key_derivation_setup( &operation, alg );
- if( status == PSA_SUCCESS )
- {
- TEST_EQUAL( psa_key_derivation_key_agreement(
- &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
- our_key,
- peer_key_data->x, peer_key_data->len ),
- expected_status );
- }
- else
- {
- TEST_ASSERT( status == expected_status );
+ status = psa_key_derivation_setup(&operation, alg);
+ if (status == PSA_SUCCESS) {
+ TEST_EQUAL(psa_key_derivation_key_agreement(
+ &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
+ our_key,
+ peer_key_data->x, peer_key_data->len),
+ expected_status);
+ } else {
+ TEST_ASSERT(status == expected_status);
}
exit:
- psa_key_derivation_abort( &operation );
- psa_destroy_key( our_key );
- PSA_DONE( );
+ psa_key_derivation_abort(&operation);
+ psa_destroy_key(our_key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void raw_key_agreement( int alg_arg,
- int our_key_type_arg, data_t *our_key_data,
- data_t *peer_key_data,
- data_t *expected_output )
+void raw_key_agreement(int alg_arg,
+ int our_key_type_arg, data_t *our_key_data,
+ data_t *peer_key_data,
+ data_t *expected_output)
{
mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
@@ -5100,72 +5101,72 @@
size_t output_length = ~0;
size_t key_bits;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, our_key_type );
- PSA_ASSERT( psa_import_key( &attributes,
- our_key_data->x, our_key_data->len,
- &our_key ) );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, our_key_type);
+ PSA_ASSERT(psa_import_key(&attributes,
+ our_key_data->x, our_key_data->len,
+ &our_key));
- PSA_ASSERT( psa_get_key_attributes( our_key, &attributes ) );
- key_bits = psa_get_key_bits( &attributes );
+ PSA_ASSERT(psa_get_key_attributes(our_key, &attributes));
+ key_bits = psa_get_key_bits(&attributes);
/* Validate size macros */
- TEST_LE_U( expected_output->len,
- PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ) );
- TEST_LE_U( PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ),
- PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE );
+ TEST_LE_U(expected_output->len,
+ PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(our_key_type, key_bits));
+ TEST_LE_U(PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(our_key_type, key_bits),
+ PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE);
/* Good case with exact output size */
- ASSERT_ALLOC( output, expected_output->len );
- PSA_ASSERT( psa_raw_key_agreement( alg, our_key,
- peer_key_data->x, peer_key_data->len,
- output, expected_output->len,
- &output_length ) );
- ASSERT_COMPARE( output, output_length,
- expected_output->x, expected_output->len );
- mbedtls_free( output );
+ ASSERT_ALLOC(output, expected_output->len);
+ PSA_ASSERT(psa_raw_key_agreement(alg, our_key,
+ peer_key_data->x, peer_key_data->len,
+ output, expected_output->len,
+ &output_length));
+ ASSERT_COMPARE(output, output_length,
+ expected_output->x, expected_output->len);
+ mbedtls_free(output);
output = NULL;
output_length = ~0;
/* Larger buffer */
- ASSERT_ALLOC( output, expected_output->len + 1 );
- PSA_ASSERT( psa_raw_key_agreement( alg, our_key,
- peer_key_data->x, peer_key_data->len,
- output, expected_output->len + 1,
- &output_length ) );
- ASSERT_COMPARE( output, output_length,
- expected_output->x, expected_output->len );
- mbedtls_free( output );
+ ASSERT_ALLOC(output, expected_output->len + 1);
+ PSA_ASSERT(psa_raw_key_agreement(alg, our_key,
+ peer_key_data->x, peer_key_data->len,
+ output, expected_output->len + 1,
+ &output_length));
+ ASSERT_COMPARE(output, output_length,
+ expected_output->x, expected_output->len);
+ mbedtls_free(output);
output = NULL;
output_length = ~0;
/* Buffer too small */
- ASSERT_ALLOC( output, expected_output->len - 1 );
- TEST_EQUAL( psa_raw_key_agreement( alg, our_key,
- peer_key_data->x, peer_key_data->len,
- output, expected_output->len - 1,
- &output_length ),
- PSA_ERROR_BUFFER_TOO_SMALL );
+ ASSERT_ALLOC(output, expected_output->len - 1);
+ TEST_EQUAL(psa_raw_key_agreement(alg, our_key,
+ peer_key_data->x, peer_key_data->len,
+ output, expected_output->len - 1,
+ &output_length),
+ PSA_ERROR_BUFFER_TOO_SMALL);
/* Not required by the spec, but good robustness */
- TEST_LE_U( output_length, expected_output->len - 1 );
- mbedtls_free( output );
+ TEST_LE_U(output_length, expected_output->len - 1);
+ mbedtls_free(output);
output = NULL;
exit:
- mbedtls_free( output );
- psa_destroy_key( our_key );
- PSA_DONE( );
+ mbedtls_free(output);
+ psa_destroy_key(our_key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void key_agreement_capacity( int alg_arg,
- int our_key_type_arg, data_t *our_key_data,
- data_t *peer_key_data,
- int expected_capacity_arg )
+void key_agreement_capacity(int alg_arg,
+ int our_key_type_arg, data_t *our_key_data,
+ data_t *peer_key_data,
+ int expected_capacity_arg)
{
mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
@@ -5175,57 +5176,55 @@
size_t actual_capacity;
unsigned char output[16];
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, our_key_type );
- PSA_ASSERT( psa_import_key( &attributes,
- our_key_data->x, our_key_data->len,
- &our_key ) );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, our_key_type);
+ PSA_ASSERT(psa_import_key(&attributes,
+ our_key_data->x, our_key_data->len,
+ &our_key));
- PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
- PSA_ASSERT( psa_key_derivation_key_agreement(
- &operation,
- PSA_KEY_DERIVATION_INPUT_SECRET, our_key,
- peer_key_data->x, peer_key_data->len ) );
- if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
- {
+ PSA_ASSERT(psa_key_derivation_setup(&operation, alg));
+ PSA_ASSERT(psa_key_derivation_key_agreement(
+ &operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET, our_key,
+ peer_key_data->x, peer_key_data->len));
+ if (PSA_ALG_IS_HKDF(PSA_ALG_KEY_AGREEMENT_GET_KDF(alg))) {
/* The test data is for info="" */
- PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
- PSA_KEY_DERIVATION_INPUT_INFO,
- NULL, 0 ) );
+ PSA_ASSERT(psa_key_derivation_input_bytes(&operation,
+ PSA_KEY_DERIVATION_INPUT_INFO,
+ NULL, 0));
}
/* Test the advertised capacity. */
- PSA_ASSERT( psa_key_derivation_get_capacity(
- &operation, &actual_capacity ) );
- TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg );
+ PSA_ASSERT(psa_key_derivation_get_capacity(
+ &operation, &actual_capacity));
+ TEST_EQUAL(actual_capacity, (size_t) expected_capacity_arg);
/* Test the actual capacity by reading the output. */
- while( actual_capacity > sizeof( output ) )
- {
- PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
- output, sizeof( output ) ) );
- actual_capacity -= sizeof( output );
+ while (actual_capacity > sizeof(output)) {
+ PSA_ASSERT(psa_key_derivation_output_bytes(&operation,
+ output, sizeof(output)));
+ actual_capacity -= sizeof(output);
}
- PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
- output, actual_capacity ) );
- TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output, 1 ),
- PSA_ERROR_INSUFFICIENT_DATA );
+ PSA_ASSERT(psa_key_derivation_output_bytes(&operation,
+ output, actual_capacity));
+ TEST_EQUAL(psa_key_derivation_output_bytes(&operation, output, 1),
+ PSA_ERROR_INSUFFICIENT_DATA);
exit:
- psa_key_derivation_abort( &operation );
- psa_destroy_key( our_key );
- PSA_DONE( );
+ psa_key_derivation_abort(&operation);
+ psa_destroy_key(our_key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void key_agreement_output( int alg_arg,
- int our_key_type_arg, data_t *our_key_data,
- data_t *peer_key_data,
- data_t *expected_output1, data_t *expected_output2 )
+void key_agreement_output(int alg_arg,
+ int our_key_type_arg, data_t *our_key_data,
+ data_t *peer_key_data,
+ data_t *expected_output1, data_t *expected_output2)
{
mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
@@ -5234,55 +5233,53 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *actual_output = NULL;
- ASSERT_ALLOC( actual_output, MAX( expected_output1->len,
- expected_output2->len ) );
+ ASSERT_ALLOC(actual_output, MAX(expected_output1->len,
+ expected_output2->len));
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, our_key_type );
- PSA_ASSERT( psa_import_key( &attributes,
- our_key_data->x, our_key_data->len,
- &our_key ) );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, our_key_type);
+ PSA_ASSERT(psa_import_key(&attributes,
+ our_key_data->x, our_key_data->len,
+ &our_key));
- PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
- PSA_ASSERT( psa_key_derivation_key_agreement(
- &operation,
- PSA_KEY_DERIVATION_INPUT_SECRET, our_key,
- peer_key_data->x, peer_key_data->len ) );
- if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
- {
+ PSA_ASSERT(psa_key_derivation_setup(&operation, alg));
+ PSA_ASSERT(psa_key_derivation_key_agreement(
+ &operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET, our_key,
+ peer_key_data->x, peer_key_data->len));
+ if (PSA_ALG_IS_HKDF(PSA_ALG_KEY_AGREEMENT_GET_KDF(alg))) {
/* The test data is for info="" */
- PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
- PSA_KEY_DERIVATION_INPUT_INFO,
- NULL, 0 ) );
+ PSA_ASSERT(psa_key_derivation_input_bytes(&operation,
+ PSA_KEY_DERIVATION_INPUT_INFO,
+ NULL, 0));
}
- PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
- actual_output,
- expected_output1->len ) );
- ASSERT_COMPARE( actual_output, expected_output1->len,
- expected_output1->x, expected_output1->len );
- if( expected_output2->len != 0 )
- {
- PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
- actual_output,
- expected_output2->len ) );
- ASSERT_COMPARE( actual_output, expected_output2->len,
- expected_output2->x, expected_output2->len );
+ PSA_ASSERT(psa_key_derivation_output_bytes(&operation,
+ actual_output,
+ expected_output1->len));
+ ASSERT_COMPARE(actual_output, expected_output1->len,
+ expected_output1->x, expected_output1->len);
+ if (expected_output2->len != 0) {
+ PSA_ASSERT(psa_key_derivation_output_bytes(&operation,
+ actual_output,
+ expected_output2->len));
+ ASSERT_COMPARE(actual_output, expected_output2->len,
+ expected_output2->x, expected_output2->len);
}
exit:
- psa_key_derivation_abort( &operation );
- psa_destroy_key( our_key );
- PSA_DONE( );
- mbedtls_free( actual_output );
+ psa_key_derivation_abort(&operation);
+ psa_destroy_key(our_key);
+ PSA_DONE();
+ mbedtls_free(actual_output);
}
/* END_CASE */
/* BEGIN_CASE */
-void generate_random( int bytes_arg )
+void generate_random(int bytes_arg)
{
size_t bytes = bytes_arg;
unsigned char *output = NULL;
@@ -5290,51 +5287,50 @@
size_t i;
unsigned run;
- TEST_ASSERT( bytes_arg >= 0 );
+ TEST_ASSERT(bytes_arg >= 0);
- ASSERT_ALLOC( output, bytes );
- ASSERT_ALLOC( changed, bytes );
+ ASSERT_ALLOC(output, bytes);
+ ASSERT_ALLOC(changed, bytes);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/* Run several times, to ensure that every output byte will be
* nonzero at least once with overwhelming probability
* (2^(-8*number_of_runs)). */
- for( run = 0; run < 10; run++ )
- {
- if( bytes != 0 )
- memset( output, 0, bytes );
- PSA_ASSERT( psa_generate_random( output, bytes ) );
+ for (run = 0; run < 10; run++) {
+ if (bytes != 0) {
+ memset(output, 0, bytes);
+ }
+ PSA_ASSERT(psa_generate_random(output, bytes));
- for( i = 0; i < bytes; i++ )
- {
- if( output[i] != 0 )
+ for (i = 0; i < bytes; i++) {
+ if (output[i] != 0) {
++changed[i];
+ }
}
}
/* Check that every byte was changed to nonzero at least once. This
* validates that psa_generate_random is overwriting every byte of
* the output buffer. */
- for( i = 0; i < bytes; i++ )
- {
- TEST_ASSERT( changed[i] != 0 );
+ for (i = 0; i < bytes; i++) {
+ TEST_ASSERT(changed[i] != 0);
}
exit:
- PSA_DONE( );
- mbedtls_free( output );
- mbedtls_free( changed );
+ PSA_DONE();
+ mbedtls_free(output);
+ mbedtls_free(changed);
}
/* END_CASE */
/* BEGIN_CASE */
-void generate_key( int type_arg,
- int bits_arg,
- int usage_arg,
- int alg_arg,
- int expected_status_arg,
- int is_large_key )
+void generate_key(int type_arg,
+ int bits_arg,
+ int usage_arg,
+ int alg_arg,
+ int expected_status_arg,
+ int is_large_key)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
@@ -5345,47 +5341,50 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, usage );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, type );
- psa_set_key_bits( &attributes, bits );
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, type);
+ psa_set_key_bits(&attributes, bits);
/* Generate a key */
- psa_status_t status = psa_generate_key( &attributes, &key );
+ psa_status_t status = psa_generate_key(&attributes, &key);
- if( is_large_key > 0 )
- TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY );
- TEST_EQUAL( status , expected_status );
- if( expected_status != PSA_SUCCESS )
+ if (is_large_key > 0) {
+ TEST_ASSUME(status != PSA_ERROR_INSUFFICIENT_MEMORY);
+ }
+ TEST_EQUAL(status, expected_status);
+ if (expected_status != PSA_SUCCESS) {
goto exit;
+ }
/* Test the key information */
- PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
- TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
- TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
+ PSA_ASSERT(psa_get_key_attributes(key, &got_attributes));
+ TEST_EQUAL(psa_get_key_type(&got_attributes), type);
+ TEST_EQUAL(psa_get_key_bits(&got_attributes), bits);
/* Do something with the key according to its type and permitted usage. */
- if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) )
+ if (!mbedtls_test_psa_exercise_key(key, usage, alg)) {
goto exit;
+ }
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &got_attributes );
+ psa_reset_key_attributes(&got_attributes);
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_GENPRIME */
-void generate_key_rsa( int bits_arg,
- data_t *e_arg,
- int expected_status_arg )
+void generate_key_rsa(int bits_arg,
+ data_t *e_arg,
+ int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR;
@@ -5396,56 +5395,58 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *exported = NULL;
size_t exported_size =
- PSA_EXPORT_KEY_OUTPUT_SIZE( PSA_KEY_TYPE_RSA_PUBLIC_KEY, bits );
+ PSA_EXPORT_KEY_OUTPUT_SIZE(PSA_KEY_TYPE_RSA_PUBLIC_KEY, bits);
size_t exported_length = SIZE_MAX;
uint8_t *e_read_buffer = NULL;
int is_default_public_exponent = 0;
- size_t e_read_size = PSA_KEY_DOMAIN_PARAMETERS_SIZE( type, bits );
+ size_t e_read_size = PSA_KEY_DOMAIN_PARAMETERS_SIZE(type, bits);
size_t e_read_length = SIZE_MAX;
- if( e_arg->len == 0 ||
- ( e_arg->len == 3 &&
- e_arg->x[0] == 1 && e_arg->x[1] == 0 && e_arg->x[2] == 1 ) )
- {
+ if (e_arg->len == 0 ||
+ (e_arg->len == 3 &&
+ e_arg->x[0] == 1 && e_arg->x[1] == 0 && e_arg->x[2] == 1)) {
is_default_public_exponent = 1;
e_read_size = 0;
}
- ASSERT_ALLOC( e_read_buffer, e_read_size );
- ASSERT_ALLOC( exported, exported_size );
+ ASSERT_ALLOC(e_read_buffer, e_read_size);
+ ASSERT_ALLOC(exported, exported_size);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, usage );
- psa_set_key_algorithm( &attributes, alg );
- PSA_ASSERT( psa_set_key_domain_parameters( &attributes, type,
- e_arg->x, e_arg->len ) );
- psa_set_key_bits( &attributes, bits );
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, alg);
+ PSA_ASSERT(psa_set_key_domain_parameters(&attributes, type,
+ e_arg->x, e_arg->len));
+ psa_set_key_bits(&attributes, bits);
/* Generate a key */
- TEST_EQUAL( psa_generate_key( &attributes, &key ), expected_status );
- if( expected_status != PSA_SUCCESS )
+ TEST_EQUAL(psa_generate_key(&attributes, &key), expected_status);
+ if (expected_status != PSA_SUCCESS) {
goto exit;
+ }
/* Test the key information */
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- TEST_EQUAL( psa_get_key_type( &attributes ), type );
- TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
- PSA_ASSERT( psa_get_key_domain_parameters( &attributes,
- e_read_buffer, e_read_size,
- &e_read_length ) );
- if( is_default_public_exponent )
- TEST_EQUAL( e_read_length, 0 );
- else
- ASSERT_COMPARE( e_read_buffer, e_read_length, e_arg->x, e_arg->len );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ TEST_EQUAL(psa_get_key_type(&attributes), type);
+ TEST_EQUAL(psa_get_key_bits(&attributes), bits);
+ PSA_ASSERT(psa_get_key_domain_parameters(&attributes,
+ e_read_buffer, e_read_size,
+ &e_read_length));
+ if (is_default_public_exponent) {
+ TEST_EQUAL(e_read_length, 0);
+ } else {
+ ASSERT_COMPARE(e_read_buffer, e_read_length, e_arg->x, e_arg->len);
+ }
/* Do something with the key according to its type and permitted usage. */
- if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) )
+ if (!mbedtls_test_psa_exercise_key(key, usage, alg)) {
goto exit;
+ }
/* Export the key and check the public exponent. */
- PSA_ASSERT( psa_export_public_key( key,
- exported, exported_size,
- &exported_length ) );
+ PSA_ASSERT(psa_export_public_key(key,
+ exported, exported_size,
+ &exported_length));
{
uint8_t *p = exported;
uint8_t *end = exported + exported_length;
@@ -5454,26 +5455,24 @@
* modulus INTEGER, -- n
* publicExponent INTEGER } -- e
*/
- TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_SEQUENCE |
- MBEDTLS_ASN1_CONSTRUCTED ) );
- TEST_ASSERT( mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) );
- TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_INTEGER ) );
- if( len >= 1 && p[0] == 0 )
- {
+ TEST_EQUAL(0, mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_SEQUENCE |
+ MBEDTLS_ASN1_CONSTRUCTED));
+ TEST_ASSERT(mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1));
+ TEST_EQUAL(0, mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_INTEGER));
+ if (len >= 1 && p[0] == 0) {
++p;
--len;
}
- if( e_arg->len == 0 )
- {
- TEST_EQUAL( len, 3 );
- TEST_EQUAL( p[0], 1 );
- TEST_EQUAL( p[1], 0 );
- TEST_EQUAL( p[2], 1 );
+ if (e_arg->len == 0) {
+ TEST_EQUAL(len, 3);
+ TEST_EQUAL(p[0], 1);
+ TEST_EQUAL(p[1], 0);
+ TEST_EQUAL(p[2], 1);
+ } else {
+ ASSERT_COMPARE(p, len, e_arg->x, e_arg->len);
}
- else
- ASSERT_COMPARE( p, len, e_arg->x, e_arg->len );
}
exit:
@@ -5481,22 +5480,22 @@
* Key attributes may have been returned by psa_get_key_attributes() or
* set by psa_set_key_domain_parameters() thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- psa_destroy_key( key );
- PSA_DONE( );
- mbedtls_free( e_read_buffer );
- mbedtls_free( exported );
+ psa_destroy_key(key);
+ PSA_DONE();
+ mbedtls_free(e_read_buffer);
+ mbedtls_free(exported);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
-void persistent_key_load_key_from_storage( data_t *data,
- int type_arg, int bits_arg,
- int usage_flags_arg, int alg_arg,
- int generation_method )
+void persistent_key_load_key_from_storage(data_t *data,
+ int type_arg, int bits_arg,
+ int usage_flags_arg, int alg_arg,
+ int generation_method)
{
- mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 1 );
+ mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(1, 1);
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
@@ -5507,130 +5506,128 @@
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char *first_export = NULL;
unsigned char *second_export = NULL;
- size_t export_size = PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits );
+ size_t export_size = PSA_EXPORT_KEY_OUTPUT_SIZE(type, bits);
size_t first_exported_length;
size_t second_exported_length;
- if( usage_flags & PSA_KEY_USAGE_EXPORT )
- {
- ASSERT_ALLOC( first_export, export_size );
- ASSERT_ALLOC( second_export, export_size );
+ if (usage_flags & PSA_KEY_USAGE_EXPORT) {
+ ASSERT_ALLOC(first_export, export_size);
+ ASSERT_ALLOC(second_export, export_size);
}
- PSA_ASSERT( psa_crypto_init() );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_id( &attributes, key_id );
- psa_set_key_usage_flags( &attributes, usage_flags );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, type );
- psa_set_key_bits( &attributes, bits );
+ psa_set_key_id(&attributes, key_id);
+ psa_set_key_usage_flags(&attributes, usage_flags);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, type);
+ psa_set_key_bits(&attributes, bits);
- switch( generation_method )
- {
+ switch (generation_method) {
case IMPORT_KEY:
/* Import the key */
- PSA_ASSERT( psa_import_key( &attributes, data->x, data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, data->x, data->len,
+ &key));
break;
case GENERATE_KEY:
/* Generate a key */
- PSA_ASSERT( psa_generate_key( &attributes, &key ) );
+ PSA_ASSERT(psa_generate_key(&attributes, &key));
break;
case DERIVE_KEY:
#if defined(PSA_WANT_ALG_HKDF) && defined(PSA_WANT_ALG_SHA_256)
- {
- /* Create base key */
- psa_algorithm_t derive_alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
- psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_set_key_usage_flags( &base_attributes,
- PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &base_attributes, derive_alg );
- psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
- PSA_ASSERT( psa_import_key( &base_attributes,
- data->x, data->len,
- &base_key ) );
- /* Derive a key. */
- PSA_ASSERT( psa_key_derivation_setup( &operation, derive_alg ) );
- PSA_ASSERT( psa_key_derivation_input_key(
- &operation,
- PSA_KEY_DERIVATION_INPUT_SECRET, base_key ) );
- PSA_ASSERT( psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_INFO,
- NULL, 0 ) );
- PSA_ASSERT( psa_key_derivation_output_key( &attributes,
- &operation,
- &key ) );
- PSA_ASSERT( psa_key_derivation_abort( &operation ) );
- PSA_ASSERT( psa_destroy_key( base_key ) );
- base_key = MBEDTLS_SVC_KEY_ID_INIT;
- }
+ {
+ /* Create base key */
+ psa_algorithm_t derive_alg = PSA_ALG_HKDF(PSA_ALG_SHA_256);
+ psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_set_key_usage_flags(&base_attributes,
+ PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&base_attributes, derive_alg);
+ psa_set_key_type(&base_attributes, PSA_KEY_TYPE_DERIVE);
+ PSA_ASSERT(psa_import_key(&base_attributes,
+ data->x, data->len,
+ &base_key));
+ /* Derive a key. */
+ PSA_ASSERT(psa_key_derivation_setup(&operation, derive_alg));
+ PSA_ASSERT(psa_key_derivation_input_key(
+ &operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET, base_key));
+ PSA_ASSERT(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_INFO,
+ NULL, 0));
+ PSA_ASSERT(psa_key_derivation_output_key(&attributes,
+ &operation,
+ &key));
+ PSA_ASSERT(psa_key_derivation_abort(&operation));
+ PSA_ASSERT(psa_destroy_key(base_key));
+ base_key = MBEDTLS_SVC_KEY_ID_INIT;
+ }
#else
- TEST_ASSUME( ! "KDF not supported in this configuration" );
+ TEST_ASSUME(!"KDF not supported in this configuration");
#endif
break;
default:
- TEST_ASSERT( ! "generation_method not implemented in test" );
+ TEST_ASSERT(!"generation_method not implemented in test");
break;
}
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
/* Export the key if permitted by the key policy. */
- if( usage_flags & PSA_KEY_USAGE_EXPORT )
- {
- PSA_ASSERT( psa_export_key( key,
- first_export, export_size,
- &first_exported_length ) );
- if( generation_method == IMPORT_KEY )
- ASSERT_COMPARE( data->x, data->len,
- first_export, first_exported_length );
+ if (usage_flags & PSA_KEY_USAGE_EXPORT) {
+ PSA_ASSERT(psa_export_key(key,
+ first_export, export_size,
+ &first_exported_length));
+ if (generation_method == IMPORT_KEY) {
+ ASSERT_COMPARE(data->x, data->len,
+ first_export, first_exported_length);
+ }
}
/* Shutdown and restart */
- PSA_ASSERT( psa_purge_key( key ) );
+ PSA_ASSERT(psa_purge_key(key));
PSA_DONE();
- PSA_ASSERT( psa_crypto_init() );
+ PSA_ASSERT(psa_crypto_init());
/* Check key slot still contains key data */
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- TEST_ASSERT( mbedtls_svc_key_id_equal(
- psa_get_key_id( &attributes ), key_id ) );
- TEST_EQUAL( psa_get_key_lifetime( &attributes ),
- PSA_KEY_LIFETIME_PERSISTENT );
- TEST_EQUAL( psa_get_key_type( &attributes ), type );
- TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ),
- mbedtls_test_update_key_usage_flags( usage_flags ) );
- TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ TEST_ASSERT(mbedtls_svc_key_id_equal(
+ psa_get_key_id(&attributes), key_id));
+ TEST_EQUAL(psa_get_key_lifetime(&attributes),
+ PSA_KEY_LIFETIME_PERSISTENT);
+ TEST_EQUAL(psa_get_key_type(&attributes), type);
+ TEST_EQUAL(psa_get_key_bits(&attributes), bits);
+ TEST_EQUAL(psa_get_key_usage_flags(&attributes),
+ mbedtls_test_update_key_usage_flags(usage_flags));
+ TEST_EQUAL(psa_get_key_algorithm(&attributes), alg);
/* Export the key again if permitted by the key policy. */
- if( usage_flags & PSA_KEY_USAGE_EXPORT )
- {
- PSA_ASSERT( psa_export_key( key,
- second_export, export_size,
- &second_exported_length ) );
- ASSERT_COMPARE( first_export, first_exported_length,
- second_export, second_exported_length );
+ if (usage_flags & PSA_KEY_USAGE_EXPORT) {
+ PSA_ASSERT(psa_export_key(key,
+ second_export, export_size,
+ &second_exported_length));
+ ASSERT_COMPARE(first_export, first_exported_length,
+ second_export, second_exported_length);
}
/* Do something with the key according to its type and permitted usage. */
- if( ! mbedtls_test_psa_exercise_key( key, usage_flags, alg ) )
+ if (!mbedtls_test_psa_exercise_key(key, usage_flags, alg)) {
goto exit;
+ }
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- mbedtls_free( first_export );
- mbedtls_free( second_export );
- psa_key_derivation_abort( &operation );
- psa_destroy_key( base_key );
- psa_destroy_key( key );
+ mbedtls_free(first_export);
+ mbedtls_free(second_export);
+ psa_key_derivation_abort(&operation);
+ psa_destroy_key(base_key);
+ psa_destroy_key(key);
PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_attributes.function b/tests/suites/test_suite_psa_crypto_attributes.function
index ce34fae..c933cb7 100644
--- a/tests/suites/test_suite_psa_crypto_attributes.function
+++ b/tests/suites/test_suite_psa_crypto_attributes.function
@@ -8,12 +8,12 @@
*/
/* BEGIN_CASE */
-void attributes_set_get( int owner_id_arg, int id_arg, int lifetime_arg,
- int usage_flags_arg, int alg_arg,
- int type_arg, int bits_arg )
+void attributes_set_get(int owner_id_arg, int id_arg, int lifetime_arg,
+ int usage_flags_arg, int alg_arg,
+ int type_arg, int bits_arg)
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg );
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(owner_id_arg, id_arg);
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_usage_t usage_flags = usage_flags_arg;
psa_algorithm_t alg = alg_arg;
@@ -21,109 +21,112 @@
size_t bits = bits_arg;
TEST_EQUAL(
- MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 );
+ MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(&attributes)), 0);
TEST_EQUAL(
- MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psa_get_key_id( &attributes ) ), 0 );
- TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
- TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
- TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
- TEST_EQUAL( psa_get_key_bits( &attributes ), 0 );
+ MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(psa_get_key_id(&attributes)), 0);
+ TEST_EQUAL(psa_get_key_lifetime(&attributes), 0);
+ TEST_EQUAL(psa_get_key_usage_flags(&attributes), 0);
+ TEST_EQUAL(psa_get_key_algorithm(&attributes), 0);
+ TEST_EQUAL(psa_get_key_type(&attributes), 0);
+ TEST_EQUAL(psa_get_key_bits(&attributes), 0);
- psa_set_key_id( &attributes, id );
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_usage_flags( &attributes, usage_flags );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, type );
- psa_set_key_bits( &attributes, bits );
+ psa_set_key_id(&attributes, id);
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_usage_flags(&attributes, usage_flags);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, type);
+ psa_set_key_bits(&attributes, bits);
- TEST_ASSERT( mbedtls_svc_key_id_equal(
- psa_get_key_id( &attributes ), id ) );
- TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
- TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
- TEST_EQUAL( psa_get_key_type( &attributes ), type );
- TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
+ TEST_ASSERT(mbedtls_svc_key_id_equal(
+ psa_get_key_id(&attributes), id));
+ TEST_EQUAL(psa_get_key_lifetime(&attributes), lifetime);
+ TEST_EQUAL(psa_get_key_usage_flags(&attributes), usage_flags);
+ TEST_EQUAL(psa_get_key_algorithm(&attributes), alg);
+ TEST_EQUAL(psa_get_key_type(&attributes), type);
+ TEST_EQUAL(psa_get_key_bits(&attributes), bits);
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
TEST_EQUAL(
- MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 );
+ MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(&attributes)), 0);
TEST_EQUAL(
- MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psa_get_key_id( &attributes ) ), 0 );
- TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
- TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
- TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
- TEST_EQUAL( psa_get_key_bits( &attributes ), 0 );
+ MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(psa_get_key_id(&attributes)), 0);
+ TEST_EQUAL(psa_get_key_lifetime(&attributes), 0);
+ TEST_EQUAL(psa_get_key_usage_flags(&attributes), 0);
+ TEST_EQUAL(psa_get_key_algorithm(&attributes), 0);
+ TEST_EQUAL(psa_get_key_type(&attributes), 0);
+ TEST_EQUAL(psa_get_key_bits(&attributes), 0);
}
/* END_CASE */
/* BEGIN_CASE */
-void persistence_attributes( int id1_arg, int owner_id1_arg, int lifetime_arg,
- int id2_arg, int owner_id2_arg,
- int expected_id_arg, int expected_owner_id_arg,
- int expected_lifetime_arg )
+void persistence_attributes(int id1_arg, int owner_id1_arg, int lifetime_arg,
+ int id2_arg, int owner_id2_arg,
+ int expected_id_arg, int expected_owner_id_arg,
+ int expected_lifetime_arg)
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t id1 =
- mbedtls_svc_key_id_make( owner_id1_arg, id1_arg );
+ mbedtls_svc_key_id_make(owner_id1_arg, id1_arg);
psa_key_lifetime_t lifetime = lifetime_arg;
mbedtls_svc_key_id_t id2 =
- mbedtls_svc_key_id_make( owner_id2_arg, id2_arg );
+ mbedtls_svc_key_id_make(owner_id2_arg, id2_arg);
mbedtls_svc_key_id_t expected_id =
- mbedtls_svc_key_id_make( expected_owner_id_arg, expected_id_arg );
+ mbedtls_svc_key_id_make(expected_owner_id_arg, expected_id_arg);
psa_key_lifetime_t expected_lifetime = expected_lifetime_arg;
- if( id1_arg != -1 )
- psa_set_key_id( &attributes, id1 );
- if( lifetime_arg != -1 )
- psa_set_key_lifetime( &attributes, lifetime );
- if( id2_arg != -1 )
- psa_set_key_id( &attributes, id2 );
+ if (id1_arg != -1) {
+ psa_set_key_id(&attributes, id1);
+ }
+ if (lifetime_arg != -1) {
+ psa_set_key_lifetime(&attributes, lifetime);
+ }
+ if (id2_arg != -1) {
+ psa_set_key_id(&attributes, id2);
+ }
- TEST_ASSERT( mbedtls_svc_key_id_equal(
- psa_get_key_id( &attributes ), expected_id ) );
- TEST_EQUAL( psa_get_key_lifetime( &attributes ), expected_lifetime );
+ TEST_ASSERT(mbedtls_svc_key_id_equal(
+ psa_get_key_id(&attributes), expected_id));
+ TEST_EQUAL(psa_get_key_lifetime(&attributes), expected_lifetime);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_SE_C */
-void slot_number_attribute( )
+void slot_number_attribute()
{
psa_key_slot_number_t slot_number = 0xdeadbeef;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
/* Initially, there is no slot number. */
- TEST_EQUAL( psa_get_key_slot_number( &attributes, &slot_number ),
- PSA_ERROR_INVALID_ARGUMENT );
+ TEST_EQUAL(psa_get_key_slot_number(&attributes, &slot_number),
+ PSA_ERROR_INVALID_ARGUMENT);
/* Test setting a slot number. */
- psa_set_key_slot_number( &attributes, 0 );
- PSA_ASSERT( psa_get_key_slot_number( &attributes, &slot_number ) );
- TEST_EQUAL( slot_number, 0 );
+ psa_set_key_slot_number(&attributes, 0);
+ PSA_ASSERT(psa_get_key_slot_number(&attributes, &slot_number));
+ TEST_EQUAL(slot_number, 0);
/* Test changing the slot number. */
- psa_set_key_slot_number( &attributes, 42 );
- PSA_ASSERT( psa_get_key_slot_number( &attributes, &slot_number ) );
- TEST_EQUAL( slot_number, 42 );
+ psa_set_key_slot_number(&attributes, 42);
+ PSA_ASSERT(psa_get_key_slot_number(&attributes, &slot_number));
+ TEST_EQUAL(slot_number, 42);
/* Test clearing the slot number. */
- psa_clear_key_slot_number( &attributes );
- TEST_EQUAL( psa_get_key_slot_number( &attributes, &slot_number ),
- PSA_ERROR_INVALID_ARGUMENT );
+ psa_clear_key_slot_number(&attributes);
+ TEST_EQUAL(psa_get_key_slot_number(&attributes, &slot_number),
+ PSA_ERROR_INVALID_ARGUMENT);
/* Clearing again should have no effect. */
- psa_clear_key_slot_number( &attributes );
- TEST_EQUAL( psa_get_key_slot_number( &attributes, &slot_number ),
- PSA_ERROR_INVALID_ARGUMENT );
+ psa_clear_key_slot_number(&attributes);
+ TEST_EQUAL(psa_get_key_slot_number(&attributes, &slot_number),
+ PSA_ERROR_INVALID_ARGUMENT);
/* Test that reset clears the slot number. */
- psa_set_key_slot_number( &attributes, 42 );
- PSA_ASSERT( psa_get_key_slot_number( &attributes, &slot_number ) );
- TEST_EQUAL( slot_number, 42 );
- psa_reset_key_attributes( &attributes );
- TEST_EQUAL( psa_get_key_slot_number( &attributes, &slot_number ),
- PSA_ERROR_INVALID_ARGUMENT );
+ psa_set_key_slot_number(&attributes, 42);
+ PSA_ASSERT(psa_get_key_slot_number(&attributes, &slot_number));
+ TEST_EQUAL(slot_number, 42);
+ psa_reset_key_attributes(&attributes);
+ TEST_EQUAL(psa_get_key_slot_number(&attributes, &slot_number),
+ PSA_ERROR_INVALID_ARGUMENT);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index 27d50b2..953b9ff 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -8,14 +8,14 @@
*/
/* BEGIN_CASE */
-void sign_hash( int key_type_arg,
- int alg_arg,
- int force_status_arg,
- data_t *key_input,
- data_t *data_input,
- data_t *expected_output,
- int fake_output,
- int expected_status_arg )
+void sign_hash(int key_type_arg,
+ int alg_arg,
+ int force_status_arg,
+ data_t *key_input,
+ data_t *data_input,
+ data_t *expected_output,
+ int fake_output,
+ int expected_status_arg)
{
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
@@ -31,18 +31,17 @@
mbedtls_test_driver_signature_sign_hooks =
mbedtls_test_driver_signature_hooks_init();
- PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_type( &attributes,
- key_type );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
- psa_set_key_algorithm( &attributes, alg );
- psa_import_key( &attributes,
- key_input->x, key_input->len,
- &key );
+ PSA_ASSERT(psa_crypto_init());
+ psa_set_key_type(&attributes,
+ key_type);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_import_key(&attributes,
+ key_input->x, key_input->len,
+ &key);
mbedtls_test_driver_signature_sign_hooks.forced_status = force_status;
- if( fake_output == 1 )
- {
+ if (fake_output == 1) {
mbedtls_test_driver_signature_sign_hooks.forced_output =
expected_output->x;
mbedtls_test_driver_signature_sign_hooks.forced_output_length =
@@ -51,104 +50,100 @@
/* Allocate a buffer which has the size advertized by the
* library. */
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_bits = psa_get_key_bits( &attributes );
- signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_bits = psa_get_key_bits(&attributes);
+ signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg);
- TEST_ASSERT( signature_size != 0 );
- TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
- ASSERT_ALLOC( signature, signature_size );
+ TEST_ASSERT(signature_size != 0);
+ TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE);
+ ASSERT_ALLOC(signature, signature_size);
- actual_status = psa_sign_hash( key, alg,
- data_input->x, data_input->len,
- signature, signature_size,
- &signature_length );
- TEST_EQUAL( actual_status, expected_status );
- if( expected_status == PSA_SUCCESS )
- {
- ASSERT_COMPARE( signature, signature_length,
- expected_output->x, expected_output->len );
+ actual_status = psa_sign_hash(key, alg,
+ data_input->x, data_input->len,
+ signature, signature_size,
+ &signature_length);
+ TEST_EQUAL(actual_status, expected_status);
+ if (expected_status == PSA_SUCCESS) {
+ ASSERT_COMPARE(signature, signature_length,
+ expected_output->x, expected_output->len);
}
- TEST_EQUAL( mbedtls_test_driver_signature_sign_hooks.hits, 1 );
+ TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, 1);
exit:
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key );
- mbedtls_free( signature );
- PSA_DONE( );
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ mbedtls_free(signature);
+ PSA_DONE();
mbedtls_test_driver_signature_sign_hooks =
mbedtls_test_driver_signature_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void verify_hash( int key_type_arg,
- int key_type_public_arg,
+void verify_hash(int key_type_arg,
+ int key_type_public_arg,
+ int alg_arg,
+ int force_status_arg,
+ int register_public_key,
+ data_t *key_input,
+ data_t *data_input,
+ data_t *signature_input,
+ int expected_status_arg)
+{
+ psa_status_t force_status = force_status_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_type_t key_type = key_type_arg;
+ psa_key_type_t key_type_public = key_type_public_arg;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t actual_status;
+ mbedtls_test_driver_signature_verify_hooks =
+ mbedtls_test_driver_signature_hooks_init();
+
+ PSA_ASSERT(psa_crypto_init());
+ if (register_public_key) {
+ psa_set_key_type(&attributes, key_type_public);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_import_key(&attributes,
+ key_input->x, key_input->len,
+ &key);
+ } else {
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_import_key(&attributes,
+ key_input->x, key_input->len,
+ &key);
+ }
+
+ mbedtls_test_driver_signature_verify_hooks.forced_status = force_status;
+
+ actual_status = psa_verify_hash(key, alg,
+ data_input->x, data_input->len,
+ signature_input->x, signature_input->len);
+ TEST_EQUAL(actual_status, expected_status);
+ TEST_EQUAL(mbedtls_test_driver_signature_verify_hooks.hits, 1);
+
+exit:
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ PSA_DONE();
+ mbedtls_test_driver_signature_verify_hooks =
+ mbedtls_test_driver_signature_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void sign_message(int key_type_arg,
int alg_arg,
int force_status_arg,
- int register_public_key,
data_t *key_input,
data_t *data_input,
- data_t *signature_input,
- int expected_status_arg )
-{
- psa_status_t force_status = force_status_arg;
- psa_status_t expected_status = expected_status_arg;
- psa_algorithm_t alg = alg_arg;
- psa_key_type_t key_type = key_type_arg;
- psa_key_type_t key_type_public = key_type_public_arg;
- mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_status_t actual_status;
- mbedtls_test_driver_signature_verify_hooks =
- mbedtls_test_driver_signature_hooks_init();
-
- PSA_ASSERT( psa_crypto_init( ) );
- if( register_public_key )
- {
- psa_set_key_type( &attributes, key_type_public );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
- psa_set_key_algorithm( &attributes, alg );
- psa_import_key( &attributes,
- key_input->x, key_input->len,
- &key );
- }
- else
- {
- psa_set_key_type( &attributes, key_type );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
- psa_set_key_algorithm( &attributes, alg );
- psa_import_key( &attributes,
- key_input->x, key_input->len,
- &key );
- }
-
- mbedtls_test_driver_signature_verify_hooks.forced_status = force_status;
-
- actual_status = psa_verify_hash( key, alg,
- data_input->x, data_input->len,
- signature_input->x, signature_input->len );
- TEST_EQUAL( actual_status, expected_status );
- TEST_EQUAL( mbedtls_test_driver_signature_verify_hooks.hits, 1 );
-
-exit:
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key );
- PSA_DONE( );
- mbedtls_test_driver_signature_verify_hooks =
- mbedtls_test_driver_signature_hooks_init();
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void sign_message( int key_type_arg,
- int alg_arg,
- int force_status_arg,
- data_t *key_input,
- data_t *data_input,
- data_t *expected_output,
- int fake_output,
- int expected_status_arg )
+ data_t *expected_output,
+ int fake_output,
+ int expected_status_arg)
{
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
@@ -164,17 +159,16 @@
mbedtls_test_driver_signature_sign_hooks =
mbedtls_test_driver_signature_hooks_init();
- PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_type( &attributes, key_type );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
- psa_set_key_algorithm( &attributes, alg );
- psa_import_key( &attributes,
- key_input->x, key_input->len,
- &key );
+ PSA_ASSERT(psa_crypto_init());
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_import_key(&attributes,
+ key_input->x, key_input->len,
+ &key);
mbedtls_test_driver_signature_sign_hooks.forced_status = force_status;
- if( fake_output == 1 )
- {
+ if (fake_output == 1) {
mbedtls_test_driver_signature_sign_hooks.forced_output =
expected_output->x;
mbedtls_test_driver_signature_sign_hooks.forced_output_length =
@@ -183,48 +177,47 @@
/* Allocate a buffer which has the size advertized by the
* library. */
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_bits = psa_get_key_bits( &attributes );
- signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_bits = psa_get_key_bits(&attributes);
+ signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg);
- TEST_ASSERT( signature_size != 0 );
- TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
- ASSERT_ALLOC( signature, signature_size );
+ TEST_ASSERT(signature_size != 0);
+ TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE);
+ ASSERT_ALLOC(signature, signature_size);
- actual_status = psa_sign_message( key, alg,
- data_input->x, data_input->len,
- signature, signature_size,
- &signature_length );
- TEST_EQUAL( actual_status, expected_status );
- if( expected_status == PSA_SUCCESS )
- {
- ASSERT_COMPARE( signature, signature_length,
- expected_output->x, expected_output->len );
+ actual_status = psa_sign_message(key, alg,
+ data_input->x, data_input->len,
+ signature, signature_size,
+ &signature_length);
+ TEST_EQUAL(actual_status, expected_status);
+ if (expected_status == PSA_SUCCESS) {
+ ASSERT_COMPARE(signature, signature_length,
+ expected_output->x, expected_output->len);
}
/* In the builtin algorithm the driver is called twice. */
- TEST_EQUAL( mbedtls_test_driver_signature_sign_hooks.hits,
- force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1 );
+ TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits,
+ force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1);
exit:
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key );
- mbedtls_free( signature );
- PSA_DONE( );
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ mbedtls_free(signature);
+ PSA_DONE();
mbedtls_test_driver_signature_sign_hooks =
mbedtls_test_driver_signature_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void verify_message( int key_type_arg,
- int key_type_public_arg,
- int alg_arg,
- int force_status_arg,
- int register_public_key,
- data_t *key_input,
- data_t *data_input,
- data_t *signature_input,
- int expected_status_arg )
+void verify_message(int key_type_arg,
+ int key_type_public_arg,
+ int alg_arg,
+ int force_status_arg,
+ int register_public_key,
+ data_t *key_input,
+ data_t *data_input,
+ data_t *signature_input,
+ int expected_status_arg)
{
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
@@ -237,131 +230,123 @@
mbedtls_test_driver_signature_verify_hooks =
mbedtls_test_driver_signature_hooks_init();
- PSA_ASSERT( psa_crypto_init( ) );
- if( register_public_key )
- {
- psa_set_key_type( &attributes, key_type_public );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE );
- psa_set_key_algorithm( &attributes, alg );
- psa_import_key( &attributes,
- key_input->x, key_input->len,
- &key );
- }
- else
- {
- psa_set_key_type( &attributes, key_type );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE );
- psa_set_key_algorithm( &attributes, alg );
- psa_import_key( &attributes,
- key_input->x, key_input->len,
- &key );
+ PSA_ASSERT(psa_crypto_init());
+ if (register_public_key) {
+ psa_set_key_type(&attributes, key_type_public);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_import_key(&attributes,
+ key_input->x, key_input->len,
+ &key);
+ } else {
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_import_key(&attributes,
+ key_input->x, key_input->len,
+ &key);
}
mbedtls_test_driver_signature_verify_hooks.forced_status = force_status;
- actual_status = psa_verify_message( key, alg,
- data_input->x, data_input->len,
- signature_input->x, signature_input->len );
- TEST_EQUAL( actual_status, expected_status );
+ actual_status = psa_verify_message(key, alg,
+ data_input->x, data_input->len,
+ signature_input->x, signature_input->len);
+ TEST_EQUAL(actual_status, expected_status);
/* In the builtin algorithm the driver is called twice. */
- TEST_EQUAL( mbedtls_test_driver_signature_verify_hooks.hits,
- force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1 );
+ TEST_EQUAL(mbedtls_test_driver_signature_verify_hooks.hits,
+ force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1);
exit:
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ PSA_DONE();
mbedtls_test_driver_signature_verify_hooks =
mbedtls_test_driver_signature_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256 */
-void generate_key( int force_status_arg,
- data_t *fake_output,
- int expected_status_arg )
+void generate_key(int force_status_arg,
+ data_t *fake_output,
+ int expected_status_arg)
{
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 );
+ psa_algorithm_t alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
const uint8_t *expected_output = NULL;
size_t expected_output_length = 0;
psa_status_t actual_status;
- uint8_t actual_output[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(256)] = {0};
+ uint8_t actual_output[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(256)] = { 0 };
size_t actual_output_length;
mbedtls_test_driver_key_management_hooks =
mbedtls_test_driver_key_management_hooks_init();
- psa_set_key_type( &attributes,
- PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
- psa_set_key_bits( &attributes, 256 );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT );
- psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type(&attributes,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
+ psa_set_key_bits(&attributes, 256);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT);
+ psa_set_key_algorithm(&attributes, alg);
- if( fake_output->len > 0 )
- {
+ if (fake_output->len > 0) {
expected_output =
mbedtls_test_driver_key_management_hooks.forced_output =
- fake_output->x;
+ fake_output->x;
expected_output_length =
mbedtls_test_driver_key_management_hooks.forced_output_length =
- fake_output->len;
+ fake_output->len;
}
mbedtls_test_driver_key_management_hooks.hits = 0;
mbedtls_test_driver_key_management_hooks.forced_status = force_status;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- actual_status = psa_generate_key( &attributes, &key );
- TEST_EQUAL( mbedtls_test_driver_key_management_hooks.hits, 1 );
- TEST_EQUAL( actual_status, expected_status );
+ actual_status = psa_generate_key(&attributes, &key);
+ TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1);
+ TEST_EQUAL(actual_status, expected_status);
- if( actual_status == PSA_SUCCESS )
- {
- psa_export_key( key, actual_output, sizeof(actual_output), &actual_output_length );
+ if (actual_status == PSA_SUCCESS) {
+ psa_export_key(key, actual_output, sizeof(actual_output), &actual_output_length);
- if( fake_output->len > 0 )
- {
- ASSERT_COMPARE( actual_output, actual_output_length,
- expected_output, expected_output_length );
- }
- else
- {
+ if (fake_output->len > 0) {
+ ASSERT_COMPARE(actual_output, actual_output_length,
+ expected_output, expected_output_length);
+ } else {
size_t zeroes = 0;
- for( size_t i = 0; i < sizeof(actual_output); i++ )
- {
- if( actual_output[i] == 0)
+ for (size_t i = 0; i < sizeof(actual_output); i++) {
+ if (actual_output[i] == 0) {
zeroes++;
+ }
}
- TEST_ASSERT( zeroes != sizeof(actual_output) );
+ TEST_ASSERT(zeroes != sizeof(actual_output));
}
}
exit:
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ PSA_DONE();
mbedtls_test_driver_key_management_hooks =
mbedtls_test_driver_key_management_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void validate_key( int force_status_arg,
- int location,
- int owner_id_arg,
- int id_arg,
- int key_type_arg,
- data_t *key_input,
- int expected_status_arg )
+void validate_key(int force_status_arg,
+ int location,
+ int owner_id_arg,
+ int id_arg,
+ int key_type_arg,
+ data_t *key_input,
+ int expected_status_arg)
{
psa_key_lifetime_t lifetime =
- PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
- PSA_KEY_PERSISTENCE_DEFAULT, location);
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg );
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
+ PSA_KEY_PERSISTENCE_DEFAULT, location);
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(owner_id_arg, id_arg);
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
psa_key_type_t key_type = key_type_arg;
@@ -371,38 +356,38 @@
mbedtls_test_driver_key_management_hooks =
mbedtls_test_driver_key_management_hooks_init();
- psa_set_key_id( &attributes, id );
- psa_set_key_type( &attributes,
- key_type );
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_bits( &attributes, 0 );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_id(&attributes, id);
+ psa_set_key_type(&attributes,
+ key_type);
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_bits(&attributes, 0);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
mbedtls_test_driver_key_management_hooks.forced_status = force_status;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &key );
- TEST_EQUAL( mbedtls_test_driver_key_management_hooks.hits, 1 );
- TEST_EQUAL( actual_status, expected_status );
- TEST_EQUAL( mbedtls_test_driver_key_management_hooks.location, location );
+ actual_status = psa_import_key(&attributes, key_input->x, key_input->len, &key);
+ TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1);
+ TEST_EQUAL(actual_status, expected_status);
+ TEST_EQUAL(mbedtls_test_driver_key_management_hooks.location, location);
exit:
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ PSA_DONE();
mbedtls_test_driver_key_management_hooks =
mbedtls_test_driver_key_management_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void export_key( int force_status_arg,
- data_t *fake_output,
- int key_in_type_arg,
- data_t *key_in,
- int key_out_type_arg,
- data_t *expected_output,
- int expected_status_arg )
+void export_key(int force_status_arg,
+ data_t *fake_output,
+ int key_in_type_arg,
+ data_t *key_in,
+ int key_out_type_arg,
+ data_t *expected_output,
+ int expected_status_arg)
{
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
@@ -413,30 +398,27 @@
const uint8_t *expected_output_ptr = NULL;
size_t expected_output_length = 0;
psa_status_t actual_status;
- uint8_t actual_output[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)] = {0};
+ uint8_t actual_output[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)] = { 0 };
size_t actual_output_length;
mbedtls_test_driver_key_management_hooks =
mbedtls_test_driver_key_management_hooks_init();
- psa_set_key_type( &attributes, input_key_type );
- psa_set_key_bits( &attributes, 256 );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_type(&attributes, input_key_type);
+ psa_set_key_bits(&attributes, 256);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
- PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_import_key( &attributes, key_in->x, key_in->len, &handle ) );
+ PSA_ASSERT(psa_crypto_init());
+ PSA_ASSERT(psa_import_key(&attributes, key_in->x, key_in->len, &handle));
- if( fake_output->len > 0 )
- {
+ if (fake_output->len > 0) {
expected_output_ptr =
mbedtls_test_driver_key_management_hooks.forced_output =
- fake_output->x;
+ fake_output->x;
expected_output_length =
mbedtls_test_driver_key_management_hooks.forced_output_length =
- fake_output->len;
- }
- else
- {
+ fake_output->len;
+ } else {
expected_output_ptr = expected_output->x;
expected_output_length = expected_output->len;
}
@@ -444,40 +426,47 @@
mbedtls_test_driver_key_management_hooks.hits = 0;
mbedtls_test_driver_key_management_hooks.forced_status = force_status;
- if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) )
- actual_status = psa_export_public_key( handle, actual_output, sizeof(actual_output), &actual_output_length );
- else
- actual_status = psa_export_key( handle, actual_output, sizeof(actual_output), &actual_output_length );
- TEST_EQUAL( actual_status, expected_status );
+ if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type)) {
+ actual_status = psa_export_public_key(handle,
+ actual_output,
+ sizeof(actual_output),
+ &actual_output_length);
+ } else {
+ actual_status = psa_export_key(handle,
+ actual_output,
+ sizeof(actual_output),
+ &actual_output_length);
+ }
+ TEST_EQUAL(actual_status, expected_status);
- if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) &&
- !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( input_key_type ) )
- TEST_EQUAL( mbedtls_test_driver_key_management_hooks.hits, 1 );
+ if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type) &&
+ !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(input_key_type)) {
+ TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1);
+ }
- if( actual_status == PSA_SUCCESS )
- {
- ASSERT_COMPARE( actual_output, actual_output_length,
- expected_output_ptr, expected_output_length );
+ if (actual_status == PSA_SUCCESS) {
+ ASSERT_COMPARE(actual_output, actual_output_length,
+ expected_output_ptr, expected_output_length);
}
exit:
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
- PSA_DONE( );
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(handle);
+ PSA_DONE();
mbedtls_test_driver_key_management_hooks =
mbedtls_test_driver_key_management_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_encrypt_validation( int alg_arg,
- int key_type_arg,
- data_t *key_data,
- data_t *input )
+void cipher_encrypt_validation(int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *input)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- size_t iv_size = PSA_CIPHER_IV_LENGTH ( key_type, alg );
+ size_t iv_size = PSA_CIPHER_IV_LENGTH(key_type, alg);
unsigned char *output1 = NULL;
size_t output1_buffer_size = 0;
size_t output1_length = 0;
@@ -489,81 +478,81 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
- output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
- PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
- ASSERT_ALLOC( output1, output1_buffer_size );
- ASSERT_ALLOC( output2, output2_buffer_size );
+ output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len);
+ output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) +
+ PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg);
+ ASSERT_ALLOC(output1, output1_buffer_size);
+ ASSERT_ALLOC(output2, output2_buffer_size);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output1,
- output1_buffer_size, &output1_length ) );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len, output1,
+ output1_buffer_size, &output1_length));
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
mbedtls_test_driver_cipher_hooks.hits = 0;
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
mbedtls_test_driver_cipher_hooks.hits = 0;
- PSA_ASSERT( psa_cipher_set_iv( &operation, output1, iv_size ) );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ PSA_ASSERT(psa_cipher_set_iv(&operation, output1, iv_size));
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
mbedtls_test_driver_cipher_hooks.hits = 0;
- PSA_ASSERT( psa_cipher_update( &operation,
- input->x, input->len,
- output2, output2_buffer_size,
- &function_output_length ) );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ PSA_ASSERT(psa_cipher_update(&operation,
+ input->x, input->len,
+ output2, output2_buffer_size,
+ &function_output_length));
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
mbedtls_test_driver_cipher_hooks.hits = 0;
output2_length += function_output_length;
- PSA_ASSERT( psa_cipher_finish( &operation,
- output2 + output2_length,
- output2_buffer_size - output2_length,
- &function_output_length ) );
+ PSA_ASSERT(psa_cipher_finish(&operation,
+ output2 + output2_length,
+ output2_buffer_size - output2_length,
+ &function_output_length));
/* Finish will have called abort as well, so expecting two hits here */
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2);
mbedtls_test_driver_cipher_hooks.hits = 0;
output2_length += function_output_length;
- PSA_ASSERT( psa_cipher_abort( &operation ) );
+ PSA_ASSERT(psa_cipher_abort(&operation));
// driver function should've been called as part of the finish() core routine
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
- ASSERT_COMPARE( output1 + iv_size, output1_length - iv_size,
- output2, output2_length );
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0);
+ ASSERT_COMPARE(output1 + iv_size, output1_length - iv_size,
+ output2, output2_length);
exit:
- psa_cipher_abort( &operation );
- mbedtls_free( output1 );
- mbedtls_free( output2 );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_cipher_abort(&operation);
+ mbedtls_free(output1);
+ mbedtls_free(output2);
+ psa_destroy_key(key);
+ PSA_DONE();
mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_encrypt_multipart( int alg_arg,
- int key_type_arg,
- data_t *key_data,
- data_t *iv,
- data_t *input,
- int first_part_size_arg,
- int output1_length_arg,
- int output2_length_arg,
- data_t *expected_output,
- int mock_output_arg,
- int force_status_arg,
- int expected_status_arg )
+void cipher_encrypt_multipart(int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *iv,
+ data_t *input,
+ int first_part_size_arg,
+ int output1_length_arg,
+ int output2_length_arg,
+ data_t *expected_output,
+ int mock_output_arg,
+ int force_status_arg,
+ int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -585,247 +574,239 @@
/* Test operation initialization */
mbedtls_psa_cipher_operation_t mbedtls_operation =
- MBEDTLS_PSA_CIPHER_OPERATION_INIT;
+ MBEDTLS_PSA_CIPHER_OPERATION_INIT;
mbedtls_transparent_test_driver_cipher_operation_t transparent_operation =
- MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT;
+ MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT;
mbedtls_opaque_test_driver_cipher_operation_t opaque_operation =
- MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT;
+ MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT;
operation.ctx.mbedtls_ctx = mbedtls_operation;
operation.ctx.transparent_test_driver_ctx = transparent_operation;
operation.ctx.opaque_test_driver_ctx = opaque_operation;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
mbedtls_test_driver_cipher_hooks.hits = 0;
- PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
+ PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len));
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0));
mbedtls_test_driver_cipher_hooks.hits = 0;
- output_buffer_size = ( (size_t) input->len +
- PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
- ASSERT_ALLOC( output, output_buffer_size );
+ output_buffer_size = ((size_t) input->len +
+ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type));
+ ASSERT_ALLOC(output, output_buffer_size);
- if( mock_output_arg )
- {
+ if (mock_output_arg) {
mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x;
mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len;
}
- TEST_ASSERT( first_part_size <= input->len );
- PSA_ASSERT( psa_cipher_update( &operation, input->x, first_part_size,
- output, output_buffer_size,
- &function_output_length ) );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
+ TEST_ASSERT(first_part_size <= input->len);
+ PSA_ASSERT(psa_cipher_update(&operation, input->x, first_part_size,
+ output, output_buffer_size,
+ &function_output_length));
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0));
mbedtls_test_driver_cipher_hooks.hits = 0;
- TEST_ASSERT( function_output_length == output1_length );
+ TEST_ASSERT(function_output_length == output1_length);
total_output_length += function_output_length;
- if( first_part_size < input->len )
- {
- PSA_ASSERT( psa_cipher_update( &operation,
- input->x + first_part_size,
- input->len - first_part_size,
- output + total_output_length,
- output_buffer_size - total_output_length,
- &function_output_length ) );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ if (first_part_size < input->len) {
+ PSA_ASSERT(psa_cipher_update(&operation,
+ input->x + first_part_size,
+ input->len - first_part_size,
+ output + total_output_length,
+ output_buffer_size - total_output_length,
+ &function_output_length));
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
mbedtls_test_driver_cipher_hooks.hits = 0;
- TEST_ASSERT( function_output_length == output2_length );
+ TEST_ASSERT(function_output_length == output2_length);
total_output_length += function_output_length;
}
- if( mock_output_arg )
- {
+ if (mock_output_arg) {
mbedtls_test_driver_cipher_hooks.forced_output = NULL;
mbedtls_test_driver_cipher_hooks.forced_output_length = 0;
}
- status = psa_cipher_finish( &operation,
- output + total_output_length,
- output_buffer_size - total_output_length,
- &function_output_length );
- /* Finish will have called abort as well, so expecting two hits here */
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 2 : 0 ) );
- mbedtls_test_driver_cipher_hooks.hits = 0 ;
- total_output_length += function_output_length;
- TEST_EQUAL( status, expected_status );
-
- if( expected_status == PSA_SUCCESS )
- {
- PSA_ASSERT( psa_cipher_abort( &operation ) );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
-
- ASSERT_COMPARE( expected_output->x, expected_output->len,
- output, total_output_length );
- }
-
-exit:
- psa_cipher_abort( &operation );
- mbedtls_free( output );
- psa_destroy_key( key );
- PSA_DONE( );
- mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void cipher_decrypt_multipart( int alg_arg,
- int key_type_arg,
- data_t *key_data,
- data_t *iv,
- data_t *input,
- int first_part_size_arg,
- int output1_length_arg,
- int output2_length_arg,
- data_t *expected_output,
- int mock_output_arg,
- int force_status_arg,
- int expected_status_arg )
-{
- mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
- psa_key_type_t key_type = key_type_arg;
- psa_algorithm_t alg = alg_arg;
- psa_status_t status;
- psa_status_t expected_status = expected_status_arg;
- psa_status_t force_status = force_status_arg;
- size_t first_part_size = first_part_size_arg;
- size_t output1_length = output1_length_arg;
- size_t output2_length = output2_length_arg;
- unsigned char *output = NULL;
- size_t output_buffer_size = 0;
- size_t function_output_length = 0;
- size_t total_output_length = 0;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
- mbedtls_test_driver_cipher_hooks.forced_status = force_status;
-
- /* Test operation initialization */
- mbedtls_psa_cipher_operation_t mbedtls_operation =
- MBEDTLS_PSA_CIPHER_OPERATION_INIT;
-
- mbedtls_transparent_test_driver_cipher_operation_t transparent_operation =
- MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT;
-
- mbedtls_opaque_test_driver_cipher_operation_t opaque_operation =
- MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT;
-
- operation.ctx.mbedtls_ctx = mbedtls_operation;
- operation.ctx.transparent_test_driver_ctx = transparent_operation;
- operation.ctx.opaque_test_driver_ctx = opaque_operation;
-
- PSA_ASSERT( psa_crypto_init( ) );
-
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
-
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
-
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
- mbedtls_test_driver_cipher_hooks.hits = 0;
-
- PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
- mbedtls_test_driver_cipher_hooks.hits = 0;
-
- output_buffer_size = ( (size_t) input->len +
- PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
- ASSERT_ALLOC( output, output_buffer_size );
-
- if( mock_output_arg )
- {
- mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x;
- mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len;
- }
-
- TEST_ASSERT( first_part_size <= input->len );
- PSA_ASSERT( psa_cipher_update( &operation,
- input->x, first_part_size,
- output, output_buffer_size,
- &function_output_length ) );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
- mbedtls_test_driver_cipher_hooks.hits = 0;
-
- TEST_ASSERT( function_output_length == output1_length );
- total_output_length += function_output_length;
-
- if( first_part_size < input->len )
- {
- PSA_ASSERT( psa_cipher_update( &operation,
- input->x + first_part_size,
- input->len - first_part_size,
- output + total_output_length,
- output_buffer_size - total_output_length,
- &function_output_length ) );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
- mbedtls_test_driver_cipher_hooks.hits = 0;
-
- TEST_ASSERT( function_output_length == output2_length );
- total_output_length += function_output_length;
- }
-
- if( mock_output_arg )
- {
- mbedtls_test_driver_cipher_hooks.forced_output = NULL;
- mbedtls_test_driver_cipher_hooks.forced_output_length = 0;
- }
-
- status = psa_cipher_finish( &operation,
+ status = psa_cipher_finish(&operation,
output + total_output_length,
output_buffer_size - total_output_length,
- &function_output_length );
+ &function_output_length);
/* Finish will have called abort as well, so expecting two hits here */
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 2 : 0 ) );
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 2 : 0));
mbedtls_test_driver_cipher_hooks.hits = 0;
total_output_length += function_output_length;
- TEST_EQUAL( status, expected_status );
+ TEST_EQUAL(status, expected_status);
- if( expected_status == PSA_SUCCESS )
- {
- PSA_ASSERT( psa_cipher_abort( &operation ) );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
+ if (expected_status == PSA_SUCCESS) {
+ PSA_ASSERT(psa_cipher_abort(&operation));
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0);
- ASSERT_COMPARE( expected_output->x, expected_output->len,
- output, total_output_length );
+ ASSERT_COMPARE(expected_output->x, expected_output->len,
+ output, total_output_length);
}
exit:
- psa_cipher_abort( &operation );
- mbedtls_free( output );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_cipher_abort(&operation);
+ mbedtls_free(output);
+ psa_destroy_key(key);
+ PSA_DONE();
mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_decrypt( int alg_arg,
- int key_type_arg,
- data_t *key_data,
- data_t *iv,
- data_t *input_arg,
- data_t *expected_output,
- int mock_output_arg,
- int force_status_arg,
- int expected_status_arg )
+void cipher_decrypt_multipart(int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *iv,
+ data_t *input,
+ int first_part_size_arg,
+ int output1_length_arg,
+ int output2_length_arg,
+ data_t *expected_output,
+ int mock_output_arg,
+ int force_status_arg,
+ int expected_status_arg)
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t status;
+ psa_status_t expected_status = expected_status_arg;
+ psa_status_t force_status = force_status_arg;
+ size_t first_part_size = first_part_size_arg;
+ size_t output1_length = output1_length_arg;
+ size_t output2_length = output2_length_arg;
+ unsigned char *output = NULL;
+ size_t output_buffer_size = 0;
+ size_t function_output_length = 0;
+ size_t total_output_length = 0;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks.forced_status = force_status;
+
+ /* Test operation initialization */
+ mbedtls_psa_cipher_operation_t mbedtls_operation =
+ MBEDTLS_PSA_CIPHER_OPERATION_INIT;
+
+ mbedtls_transparent_test_driver_cipher_operation_t transparent_operation =
+ MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT;
+
+ mbedtls_opaque_test_driver_cipher_operation_t opaque_operation =
+ MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT;
+
+ operation.ctx.mbedtls_ctx = mbedtls_operation;
+ operation.ctx.transparent_test_driver_ctx = transparent_operation;
+ operation.ctx.opaque_test_driver_ctx = opaque_operation;
+
+ PSA_ASSERT(psa_crypto_init());
+
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
+
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+
+ PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg));
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
+ mbedtls_test_driver_cipher_hooks.hits = 0;
+
+ PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len));
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0));
+ mbedtls_test_driver_cipher_hooks.hits = 0;
+
+ output_buffer_size = ((size_t) input->len +
+ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type));
+ ASSERT_ALLOC(output, output_buffer_size);
+
+ if (mock_output_arg) {
+ mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x;
+ mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len;
+ }
+
+ TEST_ASSERT(first_part_size <= input->len);
+ PSA_ASSERT(psa_cipher_update(&operation,
+ input->x, first_part_size,
+ output, output_buffer_size,
+ &function_output_length));
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0));
+ mbedtls_test_driver_cipher_hooks.hits = 0;
+
+ TEST_ASSERT(function_output_length == output1_length);
+ total_output_length += function_output_length;
+
+ if (first_part_size < input->len) {
+ PSA_ASSERT(psa_cipher_update(&operation,
+ input->x + first_part_size,
+ input->len - first_part_size,
+ output + total_output_length,
+ output_buffer_size - total_output_length,
+ &function_output_length));
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0));
+ mbedtls_test_driver_cipher_hooks.hits = 0;
+
+ TEST_ASSERT(function_output_length == output2_length);
+ total_output_length += function_output_length;
+ }
+
+ if (mock_output_arg) {
+ mbedtls_test_driver_cipher_hooks.forced_output = NULL;
+ mbedtls_test_driver_cipher_hooks.forced_output_length = 0;
+ }
+
+ status = psa_cipher_finish(&operation,
+ output + total_output_length,
+ output_buffer_size - total_output_length,
+ &function_output_length);
+ /* Finish will have called abort as well, so expecting two hits here */
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 2 : 0));
+ mbedtls_test_driver_cipher_hooks.hits = 0;
+ total_output_length += function_output_length;
+ TEST_EQUAL(status, expected_status);
+
+ if (expected_status == PSA_SUCCESS) {
+ PSA_ASSERT(psa_cipher_abort(&operation));
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0);
+
+ ASSERT_COMPARE(expected_output->x, expected_output->len,
+ output, total_output_length);
+ }
+
+exit:
+ psa_cipher_abort(&operation);
+ mbedtls_free(output);
+ psa_destroy_key(key);
+ PSA_DONE();
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_decrypt(int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *iv,
+ data_t *input_arg,
+ data_t *expected_output,
+ int mock_output_arg,
+ int force_status_arg,
+ int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
@@ -842,59 +823,56 @@
mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
mbedtls_test_driver_cipher_hooks.forced_status = force_status;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
/* Allocate input buffer and copy the iv and the plaintext */
- input_buffer_size = ( (size_t) input_arg->len + (size_t) iv->len );
- if ( input_buffer_size > 0 )
- {
- ASSERT_ALLOC( input, input_buffer_size );
- memcpy( input, iv->x, iv->len );
- memcpy( input + iv->len, input_arg->x, input_arg->len );
+ input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len);
+ if (input_buffer_size > 0) {
+ ASSERT_ALLOC(input, input_buffer_size);
+ memcpy(input, iv->x, iv->len);
+ memcpy(input + iv->len, input_arg->x, input_arg->len);
}
- output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size );
- ASSERT_ALLOC( output, output_buffer_size );
+ output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size);
+ ASSERT_ALLOC(output, output_buffer_size);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- if( mock_output_arg )
- {
+ if (mock_output_arg) {
mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x;
mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len;
}
- status = psa_cipher_decrypt( key, alg, input, input_buffer_size, output,
- output_buffer_size, &output_length );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ status = psa_cipher_decrypt(key, alg, input, input_buffer_size, output,
+ output_buffer_size, &output_length);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
mbedtls_test_driver_cipher_hooks.hits = 0;
- TEST_EQUAL( status, expected_status );
+ TEST_EQUAL(status, expected_status);
- if( expected_status == PSA_SUCCESS )
- {
- ASSERT_COMPARE( expected_output->x, expected_output->len,
- output, output_length );
+ if (expected_status == PSA_SUCCESS) {
+ ASSERT_COMPARE(expected_output->x, expected_output->len,
+ output, output_length);
}
exit:
- mbedtls_free( input );
- mbedtls_free( output );
- psa_destroy_key( key );
- PSA_DONE( );
+ mbedtls_free(input);
+ mbedtls_free(output);
+ psa_destroy_key(key);
+ PSA_DONE();
mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_entry_points( int alg_arg, int key_type_arg,
- data_t *key_data, data_t *iv,
- data_t *input )
+void cipher_entry_points(int alg_arg, int key_type_arg,
+ data_t *key_data, data_t *iv,
+ data_t *input)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
@@ -907,17 +885,17 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
- ASSERT_ALLOC( output, input->len + 16 );
+ ASSERT_ALLOC(output, input->len + 16);
output_buffer_size = input->len + 16;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
/*
* Test encrypt failure
@@ -926,195 +904,195 @@
*/
status = psa_cipher_encrypt(
key, alg, input->x, input->len,
- output, output_buffer_size, &function_output_length );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, PSA_SUCCESS );
+ output, output_buffer_size, &function_output_length);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
+ TEST_EQUAL(status, PSA_SUCCESS);
mbedtls_test_driver_cipher_hooks.hits = 0;
mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
/* Set the output buffer in a given state. */
- for( size_t i = 0; i < output_buffer_size; i++ )
+ for (size_t i = 0; i < output_buffer_size; i++) {
output[i] = 0xa5;
+ }
status = psa_cipher_encrypt(
key, alg, input->x, input->len,
- output, output_buffer_size, &function_output_length );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, PSA_ERROR_GENERIC_ERROR );
+ output, output_buffer_size, &function_output_length);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
+ TEST_EQUAL(status, PSA_ERROR_GENERIC_ERROR);
/*
* Check that the output buffer is still in the same state.
* This will fail if the output buffer is used by the core to pass the IV
* it generated to the driver (and is not restored).
*/
- for( size_t i = 0; i < output_buffer_size; i++ )
- {
- TEST_EQUAL( output[i], 0xa5 );
+ for (size_t i = 0; i < output_buffer_size; i++) {
+ TEST_EQUAL(output[i], 0xa5);
}
mbedtls_test_driver_cipher_hooks.hits = 0;
/* Test setup call, encrypt */
mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
- status = psa_cipher_encrypt_setup( &operation, key, alg );
+ status = psa_cipher_encrypt_setup(&operation, key, alg);
/* When setup fails, it shouldn't call any further entry points */
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
+ TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status);
mbedtls_test_driver_cipher_hooks.hits = 0;
- status = psa_cipher_set_iv( &operation, iv->x, iv->len );
- TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
+ status = psa_cipher_set_iv(&operation, iv->x, iv->len);
+ TEST_EQUAL(status, PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0);
/* Test setup call failure, decrypt */
- status = psa_cipher_decrypt_setup( &operation, key, alg );
+ status = psa_cipher_decrypt_setup(&operation, key, alg);
/* When setup fails, it shouldn't call any further entry points */
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
+ TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status);
mbedtls_test_driver_cipher_hooks.hits = 0;
- status = psa_cipher_set_iv( &operation, iv->x, iv->len );
- TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
+ status = psa_cipher_set_iv(&operation, iv->x, iv->len);
+ TEST_EQUAL(status, PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0);
/* Test IV setting failure */
mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
- status = psa_cipher_encrypt_setup( &operation, key, alg );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ status = psa_cipher_encrypt_setup(&operation, key, alg);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
+ TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status);
mbedtls_test_driver_cipher_hooks.hits = 0;
mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
- status = psa_cipher_set_iv( &operation, iv->x, iv->len );
+ status = psa_cipher_set_iv(&operation, iv->x, iv->len);
/* When setting the IV fails, it should call abort too */
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
- TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2);
+ TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status);
/* Failure should prevent further operations from executing on the driver */
mbedtls_test_driver_cipher_hooks.hits = 0;
- status = psa_cipher_update( &operation,
- input->x, input->len,
- output, output_buffer_size,
- &function_output_length );
- TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
- psa_cipher_abort( &operation );
+ status = psa_cipher_update(&operation,
+ input->x, input->len,
+ output, output_buffer_size,
+ &function_output_length);
+ TEST_EQUAL(status, PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0);
+ psa_cipher_abort(&operation);
/* Test IV generation failure */
mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
- status = psa_cipher_encrypt_setup( &operation, key, alg );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ status = psa_cipher_encrypt_setup(&operation, key, alg);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
+ TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status);
mbedtls_test_driver_cipher_hooks.hits = 0;
mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
/* Set the output buffer in a given state. */
- for( size_t i = 0; i < 16; i++ )
+ for (size_t i = 0; i < 16; i++) {
output[i] = 0xa5;
+ }
- status = psa_cipher_generate_iv( &operation, output, 16, &function_output_length );
+ status = psa_cipher_generate_iv(&operation, output, 16, &function_output_length);
/* When generating the IV fails, it should call abort too */
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
- TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2);
+ TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status);
/*
* Check that the output buffer is still in the same state.
* This will fail if the output buffer is used by the core to pass the IV
* it generated to the driver (and is not restored).
*/
- for( size_t i = 0; i < 16; i++ )
- {
- TEST_EQUAL( output[i], 0xa5 );
+ for (size_t i = 0; i < 16; i++) {
+ TEST_EQUAL(output[i], 0xa5);
}
/* Failure should prevent further operations from executing on the driver */
mbedtls_test_driver_cipher_hooks.hits = 0;
- status = psa_cipher_update( &operation,
- input->x, input->len,
- output, output_buffer_size,
- &function_output_length );
- TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
- psa_cipher_abort( &operation );
+ status = psa_cipher_update(&operation,
+ input->x, input->len,
+ output, output_buffer_size,
+ &function_output_length);
+ TEST_EQUAL(status, PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0);
+ psa_cipher_abort(&operation);
/* Test update failure */
mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
- status = psa_cipher_encrypt_setup( &operation, key, alg );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ status = psa_cipher_encrypt_setup(&operation, key, alg);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
+ TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status);
mbedtls_test_driver_cipher_hooks.hits = 0;
- status = psa_cipher_set_iv( &operation, iv->x, iv->len );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ status = psa_cipher_set_iv(&operation, iv->x, iv->len);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
+ TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status);
mbedtls_test_driver_cipher_hooks.hits = 0;
mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
- status = psa_cipher_update( &operation,
- input->x, input->len,
- output, output_buffer_size,
- &function_output_length );
+ status = psa_cipher_update(&operation,
+ input->x, input->len,
+ output, output_buffer_size,
+ &function_output_length);
/* When the update call fails, it should call abort too */
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
- TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2);
+ TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status);
/* Failure should prevent further operations from executing on the driver */
mbedtls_test_driver_cipher_hooks.hits = 0;
- status = psa_cipher_update( &operation,
- input->x, input->len,
- output, output_buffer_size,
- &function_output_length );
- TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
- psa_cipher_abort( &operation );
+ status = psa_cipher_update(&operation,
+ input->x, input->len,
+ output, output_buffer_size,
+ &function_output_length);
+ TEST_EQUAL(status, PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0);
+ psa_cipher_abort(&operation);
/* Test finish failure */
mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
- status = psa_cipher_encrypt_setup( &operation, key, alg );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ status = psa_cipher_encrypt_setup(&operation, key, alg);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
+ TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status);
mbedtls_test_driver_cipher_hooks.hits = 0;
- status = psa_cipher_set_iv( &operation, iv->x, iv->len );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ status = psa_cipher_set_iv(&operation, iv->x, iv->len);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
+ TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status);
mbedtls_test_driver_cipher_hooks.hits = 0;
- status = psa_cipher_update( &operation,
- input->x, input->len,
- output, output_buffer_size,
- &function_output_length );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ status = psa_cipher_update(&operation,
+ input->x, input->len,
+ output, output_buffer_size,
+ &function_output_length);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
+ TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status);
mbedtls_test_driver_cipher_hooks.hits = 0;
mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
- status = psa_cipher_finish( &operation,
- output + function_output_length,
- output_buffer_size - function_output_length,
- &function_output_length );
+ status = psa_cipher_finish(&operation,
+ output + function_output_length,
+ output_buffer_size - function_output_length,
+ &function_output_length);
/* When the finish call fails, it should call abort too */
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
- TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2);
+ TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status);
/* Failure should prevent further operations from executing on the driver */
mbedtls_test_driver_cipher_hooks.hits = 0;
- status = psa_cipher_update( &operation,
- input->x, input->len,
- output, output_buffer_size,
- &function_output_length );
- TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
- psa_cipher_abort( &operation );
+ status = psa_cipher_update(&operation,
+ input->x, input->len,
+ output, output_buffer_size,
+ &function_output_length);
+ TEST_EQUAL(status, PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0);
+ psa_cipher_abort(&operation);
exit:
- psa_cipher_abort( &operation );
- mbedtls_free( output );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_cipher_abort(&operation);
+ mbedtls_free(output);
+ psa_destroy_key(key);
+ PSA_DONE();
mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void aead_encrypt( int key_type_arg, data_t *key_data,
- int alg_arg,
- data_t *nonce,
- data_t *additional_data,
- data_t *input_data,
- data_t *expected_result,
- int forced_status_arg )
+void aead_encrypt(int key_type_arg, data_t *key_data,
+ int alg_arg,
+ data_t *nonce,
+ data_t *additional_data,
+ data_t *input_data,
+ data_t *expected_result,
+ int forced_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -1128,62 +1106,61 @@
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init();
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_bits = psa_get_key_bits( &attributes );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_bits = psa_get_key_bits(&attributes);
- output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits,
- alg );
+ output_size = input_data->len + PSA_AEAD_TAG_LENGTH(key_type, key_bits,
+ alg);
/* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
* should be exact. */
- TEST_EQUAL( output_size,
- PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
- TEST_ASSERT( output_size <=
- PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
- ASSERT_ALLOC( output_data, output_size );
+ TEST_EQUAL(output_size,
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len));
+ TEST_ASSERT(output_size <=
+ PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len));
+ ASSERT_ALLOC(output_data, output_size);
mbedtls_test_driver_aead_hooks.forced_status = forced_status;
- status = psa_aead_encrypt( key, alg,
- nonce->x, nonce->len,
- additional_data->x, additional_data->len,
- input_data->x, input_data->len,
- output_data, output_size,
- &output_length );
- TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits, 1 );
- TEST_EQUAL( mbedtls_test_driver_aead_hooks.driver_status, forced_status );
+ status = psa_aead_encrypt(key, alg,
+ nonce->x, nonce->len,
+ additional_data->x, additional_data->len,
+ input_data->x, input_data->len,
+ output_data, output_size,
+ &output_length);
+ TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits, 1);
+ TEST_EQUAL(mbedtls_test_driver_aead_hooks.driver_status, forced_status);
- TEST_EQUAL( status, ( forced_status == PSA_ERROR_NOT_SUPPORTED ) ?
- PSA_SUCCESS : forced_status );
+ TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ?
+ PSA_SUCCESS : forced_status);
- if( status == PSA_SUCCESS )
- {
- ASSERT_COMPARE( expected_result->x, expected_result->len,
- output_data, output_length );
+ if (status == PSA_SUCCESS) {
+ ASSERT_COMPARE(expected_result->x, expected_result->len,
+ output_data, output_length);
}
exit:
- psa_destroy_key( key );
- mbedtls_free( output_data );
- PSA_DONE( );
+ psa_destroy_key(key);
+ mbedtls_free(output_data);
+ PSA_DONE();
mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void aead_decrypt( int key_type_arg, data_t *key_data,
- int alg_arg,
- data_t *nonce,
- data_t *additional_data,
- data_t *input_data,
- data_t *expected_data,
- int forced_status_arg )
+void aead_decrypt(int key_type_arg, data_t *key_data,
+ int alg_arg,
+ data_t *nonce,
+ data_t *additional_data,
+ data_t *input_data,
+ data_t *expected_data,
+ int forced_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -1197,56 +1174,55 @@
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init();
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_bits = psa_get_key_bits( &attributes );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_bits = psa_get_key_bits(&attributes);
- output_size = input_data->len - PSA_AEAD_TAG_LENGTH( key_type, key_bits,
- alg );
- ASSERT_ALLOC( output_data, output_size );
+ output_size = input_data->len - PSA_AEAD_TAG_LENGTH(key_type, key_bits,
+ alg);
+ ASSERT_ALLOC(output_data, output_size);
mbedtls_test_driver_aead_hooks.forced_status = forced_status;
- status = psa_aead_decrypt( key, alg,
- nonce->x, nonce->len,
- additional_data->x,
- additional_data->len,
- input_data->x, input_data->len,
- output_data, output_size,
- &output_length );
- TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits, 1 );
- TEST_EQUAL( mbedtls_test_driver_aead_hooks.driver_status, forced_status );
+ status = psa_aead_decrypt(key, alg,
+ nonce->x, nonce->len,
+ additional_data->x,
+ additional_data->len,
+ input_data->x, input_data->len,
+ output_data, output_size,
+ &output_length);
+ TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits, 1);
+ TEST_EQUAL(mbedtls_test_driver_aead_hooks.driver_status, forced_status);
- TEST_EQUAL( status, ( forced_status == PSA_ERROR_NOT_SUPPORTED ) ?
- PSA_SUCCESS : forced_status );
+ TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ?
+ PSA_SUCCESS : forced_status);
- if( status == PSA_SUCCESS )
- {
- ASSERT_COMPARE( expected_data->x, expected_data->len,
- output_data, output_length );
+ if (status == PSA_SUCCESS) {
+ ASSERT_COMPARE(expected_data->x, expected_data->len,
+ output_data, output_length);
}
exit:
- psa_destroy_key( key );
- mbedtls_free( output_data );
- PSA_DONE( );
+ psa_destroy_key(key);
+ mbedtls_free(output_data);
+ PSA_DONE();
mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void mac_sign( int key_type_arg,
- data_t *key_data,
- int alg_arg,
- data_t *input,
- data_t *expected_mac,
- int forced_status_arg )
+void mac_sign(int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input,
+ data_t *expected_mac,
+ int forced_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -1255,125 +1231,124 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *actual_mac = NULL;
size_t mac_buffer_size =
- PSA_MAC_LENGTH( key_type, PSA_BYTES_TO_BITS( key_data->len ), alg );
+ PSA_MAC_LENGTH(key_type, PSA_BYTES_TO_BITS(key_data->len), alg);
size_t mac_length = 0;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t forced_status = forced_status_arg;
mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
- TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE );
+ TEST_ASSERT(mac_buffer_size <= PSA_MAC_MAX_SIZE);
/* We expect PSA_MAC_LENGTH to be exact. */
- TEST_ASSERT( expected_mac->len == mac_buffer_size );
+ TEST_ASSERT(expected_mac->len == mac_buffer_size);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
- ASSERT_ALLOC( actual_mac, mac_buffer_size );
+ ASSERT_ALLOC(actual_mac, mac_buffer_size);
mbedtls_test_driver_mac_hooks.forced_status = forced_status;
/*
* Calculate the MAC, one-shot case.
*/
- status = psa_mac_compute( key, alg,
- input->x, input->len,
- actual_mac, mac_buffer_size,
- &mac_length );
+ status = psa_mac_compute(key, alg,
+ input->x, input->len,
+ actual_mac, mac_buffer_size,
+ &mac_length);
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
- if( forced_status == PSA_SUCCESS ||
- forced_status == PSA_ERROR_NOT_SUPPORTED )
- {
- PSA_ASSERT( status );
+ TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1);
+ if (forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED) {
+ PSA_ASSERT(status);
+ } else {
+ TEST_EQUAL(forced_status, status);
}
- else
- TEST_EQUAL( forced_status, status );
- if( mac_buffer_size > 0 )
- memset( actual_mac, 0, mac_buffer_size );
+ if (mac_buffer_size > 0) {
+ memset(actual_mac, 0, mac_buffer_size);
+ }
mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
mbedtls_test_driver_mac_hooks.forced_status = forced_status;
/*
* Calculate the MAC, multipart case.
*/
- status = psa_mac_sign_setup( &operation, key, alg );
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+ status = psa_mac_sign_setup(&operation, key, alg);
+ TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1);
- if( forced_status == PSA_SUCCESS ||
- forced_status == PSA_ERROR_NOT_SUPPORTED )
- {
- PSA_ASSERT( status );
- }
- else
- TEST_EQUAL( forced_status, status );
-
- status = psa_mac_update( &operation,
- input->x, input->len );
- if( forced_status == PSA_SUCCESS )
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 2 );
- else
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
- if( forced_status == PSA_SUCCESS ||
- forced_status == PSA_ERROR_NOT_SUPPORTED )
- {
- PSA_ASSERT( status );
- }
- else
- TEST_EQUAL( PSA_ERROR_BAD_STATE, status );
-
- status = psa_mac_sign_finish( &operation,
- actual_mac, mac_buffer_size,
- &mac_length );
- if( forced_status == PSA_SUCCESS )
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 4 );
- else
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
-
- if( forced_status == PSA_SUCCESS ||
- forced_status == PSA_ERROR_NOT_SUPPORTED )
- {
- PSA_ASSERT( status );
- }
- else
- TEST_EQUAL( PSA_ERROR_BAD_STATE, status );
-
- PSA_ASSERT( psa_mac_abort( &operation ) );
- if( forced_status == PSA_SUCCESS )
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 4 );
- else
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
-
- if( forced_status == PSA_SUCCESS )
- {
- ASSERT_COMPARE( expected_mac->x, expected_mac->len,
- actual_mac, mac_length );
+ if (forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED) {
+ PSA_ASSERT(status);
+ } else {
+ TEST_EQUAL(forced_status, status);
}
- mbedtls_free( actual_mac );
+ status = psa_mac_update(&operation,
+ input->x, input->len);
+ if (forced_status == PSA_SUCCESS) {
+ TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 2);
+ } else {
+ TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1);
+ }
+ if (forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED) {
+ PSA_ASSERT(status);
+ } else {
+ TEST_EQUAL(PSA_ERROR_BAD_STATE, status);
+ }
+
+ status = psa_mac_sign_finish(&operation,
+ actual_mac, mac_buffer_size,
+ &mac_length);
+ if (forced_status == PSA_SUCCESS) {
+ TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 4);
+ } else {
+ TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1);
+ }
+
+ if (forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED) {
+ PSA_ASSERT(status);
+ } else {
+ TEST_EQUAL(PSA_ERROR_BAD_STATE, status);
+ }
+
+ PSA_ASSERT(psa_mac_abort(&operation));
+ if (forced_status == PSA_SUCCESS) {
+ TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 4);
+ } else {
+ TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1);
+ }
+
+ if (forced_status == PSA_SUCCESS) {
+ ASSERT_COMPARE(expected_mac->x, expected_mac->len,
+ actual_mac, mac_length);
+ }
+
+ mbedtls_free(actual_mac);
actual_mac = NULL;
exit:
- psa_mac_abort( &operation );
- psa_destroy_key( key );
- PSA_DONE( );
- mbedtls_free( actual_mac );
+ psa_mac_abort(&operation);
+ psa_destroy_key(key);
+ PSA_DONE();
+ mbedtls_free(actual_mac);
mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void mac_verify( int key_type_arg,
- data_t *key_data,
- int alg_arg,
- data_t *input,
- data_t *expected_mac,
- int forced_status_arg )
+void mac_verify(int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input,
+ data_t *expected_mac,
+ int forced_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -1384,33 +1359,32 @@
psa_status_t forced_status = forced_status_arg;
mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
- TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE );
+ TEST_ASSERT(expected_mac->len <= PSA_MAC_MAX_SIZE);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
mbedtls_test_driver_mac_hooks.forced_status = forced_status;
/*
* Verify the MAC, one-shot case.
*/
- status = psa_mac_verify( key, alg,
- input->x, input->len,
- expected_mac->x, expected_mac->len );
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
- if( forced_status == PSA_SUCCESS ||
- forced_status == PSA_ERROR_NOT_SUPPORTED )
- {
- PSA_ASSERT( status );
+ status = psa_mac_verify(key, alg,
+ input->x, input->len,
+ expected_mac->x, expected_mac->len);
+ TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1);
+ if (forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED) {
+ PSA_ASSERT(status);
+ } else {
+ TEST_EQUAL(forced_status, status);
}
- else
- TEST_EQUAL( forced_status, status );
mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
mbedtls_test_driver_mac_hooks.forced_status = forced_status;
@@ -1418,70 +1392,70 @@
/*
* Verify the MAC, multi-part case.
*/
- status = psa_mac_verify_setup( &operation, key, alg );
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+ status = psa_mac_verify_setup(&operation, key, alg);
+ TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1);
- if( forced_status == PSA_SUCCESS ||
- forced_status == PSA_ERROR_NOT_SUPPORTED )
- {
- PSA_ASSERT( status );
+ if (forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED) {
+ PSA_ASSERT(status);
+ } else {
+ TEST_EQUAL(forced_status, status);
}
- else
- TEST_EQUAL( forced_status, status );
- status = psa_mac_update( &operation,
- input->x, input->len );
- if( forced_status == PSA_SUCCESS )
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 2 );
- else
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
-
- if( forced_status == PSA_SUCCESS ||
- forced_status == PSA_ERROR_NOT_SUPPORTED )
- {
- PSA_ASSERT( status );
+ status = psa_mac_update(&operation,
+ input->x, input->len);
+ if (forced_status == PSA_SUCCESS) {
+ TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 2);
+ } else {
+ TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1);
}
- else
- TEST_EQUAL( PSA_ERROR_BAD_STATE, status );
- status = psa_mac_verify_finish( &operation,
- expected_mac->x,
- expected_mac->len );
- if( forced_status == PSA_SUCCESS )
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 4 );
- else
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
-
- if( forced_status == PSA_SUCCESS ||
- forced_status == PSA_ERROR_NOT_SUPPORTED )
- {
- PSA_ASSERT( status );
+ if (forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED) {
+ PSA_ASSERT(status);
+ } else {
+ TEST_EQUAL(PSA_ERROR_BAD_STATE, status);
}
- else
- TEST_EQUAL( PSA_ERROR_BAD_STATE, status );
+
+ status = psa_mac_verify_finish(&operation,
+ expected_mac->x,
+ expected_mac->len);
+ if (forced_status == PSA_SUCCESS) {
+ TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 4);
+ } else {
+ TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1);
+ }
+
+ if (forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED) {
+ PSA_ASSERT(status);
+ } else {
+ TEST_EQUAL(PSA_ERROR_BAD_STATE, status);
+ }
- PSA_ASSERT( psa_mac_abort( &operation ) );
- if( forced_status == PSA_SUCCESS )
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 4 );
- else
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+ PSA_ASSERT(psa_mac_abort(&operation));
+ if (forced_status == PSA_SUCCESS) {
+ TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 4);
+ } else {
+ TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1);
+ }
exit:
- psa_mac_abort( &operation );
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_mac_abort(&operation);
+ psa_destroy_key(key);
+ PSA_DONE();
mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
-void builtin_key_export( int builtin_key_id_arg,
- int builtin_key_type_arg,
- int builtin_key_bits_arg,
- int builtin_key_algorithm_arg,
- data_t *expected_output,
- int expected_status_arg )
+void builtin_key_export(int builtin_key_id_arg,
+ int builtin_key_type_arg,
+ int builtin_key_bits_arg,
+ int builtin_key_algorithm_arg,
+ data_t *expected_output,
+ int expected_status_arg)
{
psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg;
psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg;
@@ -1490,51 +1464,49 @@
psa_status_t expected_status = expected_status_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make( 0, builtin_key_id );
- uint8_t* output_buffer = NULL;
+ mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id);
+ uint8_t *output_buffer = NULL;
size_t output_size = 0;
psa_status_t actual_status;
- PSA_ASSERT( psa_crypto_init( ) );
- ASSERT_ALLOC( output_buffer, expected_output->len );
+ PSA_ASSERT(psa_crypto_init());
+ ASSERT_ALLOC(output_buffer, expected_output->len);
- actual_status = psa_export_key( key, output_buffer, expected_output->len, &output_size );
+ actual_status = psa_export_key(key, output_buffer, expected_output->len, &output_size);
- if( expected_status == PSA_SUCCESS )
- {
- PSA_ASSERT( actual_status );
- TEST_EQUAL( output_size, expected_output->len );
- ASSERT_COMPARE( output_buffer, output_size,
- expected_output->x, expected_output->len );
+ if (expected_status == PSA_SUCCESS) {
+ PSA_ASSERT(actual_status);
+ TEST_EQUAL(output_size, expected_output->len);
+ ASSERT_COMPARE(output_buffer, output_size,
+ expected_output->x, expected_output->len);
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- TEST_EQUAL( psa_get_key_bits( &attributes ), builtin_key_bits );
- TEST_EQUAL( psa_get_key_type( &attributes ), builtin_key_type );
- TEST_EQUAL( psa_get_key_algorithm( &attributes ), builtin_key_alg );
- }
- else
- {
- if( actual_status != expected_status )
- fprintf( stderr, "Expected %d but got %d\n", expected_status, actual_status );
- TEST_EQUAL( actual_status, expected_status );
- TEST_EQUAL( output_size, 0 );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits);
+ TEST_EQUAL(psa_get_key_type(&attributes), builtin_key_type);
+ TEST_EQUAL(psa_get_key_algorithm(&attributes), builtin_key_alg);
+ } else {
+ if (actual_status != expected_status) {
+ fprintf(stderr, "Expected %d but got %d\n", expected_status, actual_status);
+ }
+ TEST_EQUAL(actual_status, expected_status);
+ TEST_EQUAL(output_size, 0);
}
exit:
- mbedtls_free( output_buffer );
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key );
- PSA_DONE( );
+ mbedtls_free(output_buffer);
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
-void builtin_pubkey_export( int builtin_key_id_arg,
- int builtin_key_type_arg,
- int builtin_key_bits_arg,
- int builtin_key_algorithm_arg,
- data_t *expected_output,
- int expected_status_arg )
+void builtin_pubkey_export(int builtin_key_id_arg,
+ int builtin_key_type_arg,
+ int builtin_key_bits_arg,
+ int builtin_key_algorithm_arg,
+ data_t *expected_output,
+ int expected_status_arg)
{
psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg;
psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg;
@@ -1543,47 +1515,44 @@
psa_status_t expected_status = expected_status_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make( 0, builtin_key_id );
- uint8_t* output_buffer = NULL;
+ mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id);
+ uint8_t *output_buffer = NULL;
size_t output_size = 0;
psa_status_t actual_status;
- PSA_ASSERT( psa_crypto_init( ) );
- ASSERT_ALLOC( output_buffer, expected_output->len );
+ PSA_ASSERT(psa_crypto_init());
+ ASSERT_ALLOC(output_buffer, expected_output->len);
- actual_status = psa_export_public_key( key, output_buffer, expected_output->len, &output_size );
+ actual_status = psa_export_public_key(key, output_buffer, expected_output->len, &output_size);
- if( expected_status == PSA_SUCCESS )
- {
- PSA_ASSERT( actual_status );
- TEST_EQUAL( output_size, expected_output->len );
- ASSERT_COMPARE( output_buffer, output_size,
- expected_output->x, expected_output->len );
+ if (expected_status == PSA_SUCCESS) {
+ PSA_ASSERT(actual_status);
+ TEST_EQUAL(output_size, expected_output->len);
+ ASSERT_COMPARE(output_buffer, output_size,
+ expected_output->x, expected_output->len);
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- TEST_EQUAL( psa_get_key_bits( &attributes ), builtin_key_bits );
- TEST_EQUAL( psa_get_key_type( &attributes ), builtin_key_type );
- TEST_EQUAL( psa_get_key_algorithm( &attributes ), builtin_key_alg );
- }
- else
- {
- TEST_EQUAL( actual_status, expected_status );
- TEST_EQUAL( output_size, 0 );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits);
+ TEST_EQUAL(psa_get_key_type(&attributes), builtin_key_type);
+ TEST_EQUAL(psa_get_key_algorithm(&attributes), builtin_key_alg);
+ } else {
+ TEST_EQUAL(actual_status, expected_status);
+ TEST_EQUAL(output_size, 0);
}
exit:
- mbedtls_free( output_buffer );
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key );
- PSA_DONE( );
+ mbedtls_free(output_buffer);
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void hash_compute( int alg_arg,
- data_t *input, data_t *hash,
- int forced_status_arg,
- int expected_status_arg )
+void hash_compute(int alg_arg,
+ data_t *input, data_t *hash,
+ int forced_status_arg,
+ int expected_status_arg)
{
psa_algorithm_t alg = alg_arg;
psa_status_t forced_status = forced_status_arg;
@@ -1594,79 +1563,77 @@
mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
mbedtls_test_driver_hash_hooks.forced_status = forced_status;
- PSA_ASSERT( psa_crypto_init( ) );
- ASSERT_ALLOC( output, PSA_HASH_LENGTH( alg ) );
+ PSA_ASSERT(psa_crypto_init());
+ ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg));
- TEST_EQUAL( psa_hash_compute( alg, input->x, input->len,
- output, PSA_HASH_LENGTH( alg ),
- &output_length ), expected_status );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+ TEST_EQUAL(psa_hash_compute(alg, input->x, input->len,
+ output, PSA_HASH_LENGTH(alg),
+ &output_length), expected_status);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status);
- if( expected_status == PSA_SUCCESS )
- {
- ASSERT_COMPARE( output, output_length, hash->x, hash->len );
+ if (expected_status == PSA_SUCCESS) {
+ ASSERT_COMPARE(output, output_length, hash->x, hash->len);
}
exit:
- mbedtls_free( output );
- PSA_DONE( );
+ mbedtls_free(output);
+ PSA_DONE();
mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void hash_multipart_setup( int alg_arg,
+void hash_multipart_setup(int alg_arg,
+ data_t *input, data_t *hash,
+ int forced_status_arg,
+ int expected_status_arg)
+{
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t forced_status = forced_status_arg;
+ psa_status_t expected_status = expected_status_arg;
+ unsigned char *output = NULL;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ size_t output_length;
+
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+ ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg));
+
+ PSA_ASSERT(psa_crypto_init());
+
+ mbedtls_test_driver_hash_hooks.forced_status = forced_status;
+ TEST_EQUAL(psa_hash_setup(&operation, alg), expected_status);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status);
+
+ if (expected_status == PSA_SUCCESS) {
+ PSA_ASSERT(psa_hash_update(&operation, input->x, input->len));
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits,
+ forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 2);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status);
+
+ PSA_ASSERT(psa_hash_finish(&operation,
+ output, PSA_HASH_LENGTH(alg),
+ &output_length));
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits,
+ forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 4);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status);
+
+ ASSERT_COMPARE(output, output_length, hash->x, hash->len);
+ }
+
+exit:
+ psa_hash_abort(&operation);
+ mbedtls_free(output);
+ PSA_DONE();
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_multipart_update(int alg_arg,
data_t *input, data_t *hash,
- int forced_status_arg,
- int expected_status_arg )
-{
- psa_algorithm_t alg = alg_arg;
- psa_status_t forced_status = forced_status_arg;
- psa_status_t expected_status = expected_status_arg;
- unsigned char *output = NULL;
- psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
- size_t output_length;
-
- mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
- ASSERT_ALLOC( output, PSA_HASH_LENGTH( alg ) );
-
- PSA_ASSERT( psa_crypto_init( ) );
-
- mbedtls_test_driver_hash_hooks.forced_status = forced_status;
- TEST_EQUAL( psa_hash_setup( &operation, alg ), expected_status );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
-
- if( expected_status == PSA_SUCCESS )
- {
- PSA_ASSERT( psa_hash_update( &operation, input->x, input->len ) );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits,
- forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 2 );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
-
- PSA_ASSERT( psa_hash_finish( &operation,
- output, PSA_HASH_LENGTH( alg ),
- &output_length ) );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits,
- forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 4 );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
-
- ASSERT_COMPARE( output, output_length, hash->x, hash->len );
- }
-
-exit:
- psa_hash_abort( &operation );
- mbedtls_free( output );
- PSA_DONE( );
- mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void hash_multipart_update( int alg_arg,
- data_t *input, data_t *hash,
- int forced_status_arg )
+ int forced_status_arg)
{
psa_algorithm_t alg = alg_arg;
psa_status_t forced_status = forced_status_arg;
@@ -1675,54 +1642,53 @@
size_t output_length;
mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
- ASSERT_ALLOC( output, PSA_HASH_LENGTH( alg ) );
+ ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg));
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/*
* Update inactive operation, the driver shouldn't be called.
*/
- TEST_EQUAL( psa_hash_update( &operation, input->x, input->len ),
- PSA_ERROR_BAD_STATE );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 0 );
+ TEST_EQUAL(psa_hash_update(&operation, input->x, input->len),
+ PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0);
- PSA_ASSERT( psa_hash_setup( &operation, alg ) );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+ PSA_ASSERT(psa_hash_setup(&operation, alg));
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS);
mbedtls_test_driver_hash_hooks.forced_status = forced_status;
- TEST_EQUAL( psa_hash_update( &operation, input->x, input->len ),
- forced_status );
+ TEST_EQUAL(psa_hash_update(&operation, input->x, input->len),
+ forced_status);
/* One or two more calls to the driver interface: update or update + abort */
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits,
- forced_status == PSA_SUCCESS ? 2 : 3 );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits,
+ forced_status == PSA_SUCCESS ? 2 : 3);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status);
- if( forced_status == PSA_SUCCESS )
- {
+ if (forced_status == PSA_SUCCESS) {
mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
- PSA_ASSERT( psa_hash_finish( &operation,
- output, PSA_HASH_LENGTH( alg ),
- &output_length ) );
+ PSA_ASSERT(psa_hash_finish(&operation,
+ output, PSA_HASH_LENGTH(alg),
+ &output_length));
/* Two calls to the driver interface: update + abort */
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 2 );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS);
- ASSERT_COMPARE( output, output_length, hash->x, hash->len );
+ ASSERT_COMPARE(output, output_length, hash->x, hash->len);
}
exit:
- psa_hash_abort( &operation );
- mbedtls_free( output );
- PSA_DONE( );
+ psa_hash_abort(&operation);
+ mbedtls_free(output);
+ PSA_DONE();
mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void hash_multipart_finish( int alg_arg,
- data_t *input, data_t *hash,
- int forced_status_arg )
+void hash_multipart_finish(int alg_arg,
+ data_t *input, data_t *hash,
+ int forced_status_arg)
{
psa_algorithm_t alg = alg_arg;
psa_status_t forced_status = forced_status_arg;
@@ -1731,50 +1697,51 @@
size_t output_length;
mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
- ASSERT_ALLOC( output, PSA_HASH_LENGTH( alg ) );
+ ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg));
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/*
* Finish inactive operation, the driver shouldn't be called.
*/
- TEST_EQUAL( psa_hash_finish( &operation, output, PSA_HASH_LENGTH( alg ),
- &output_length ),
- PSA_ERROR_BAD_STATE );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 0 );
+ TEST_EQUAL(psa_hash_finish(&operation, output, PSA_HASH_LENGTH(alg),
+ &output_length),
+ PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0);
- PSA_ASSERT( psa_hash_setup( &operation, alg ) );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+ PSA_ASSERT(psa_hash_setup(&operation, alg));
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS);
- PSA_ASSERT( psa_hash_update( &operation, input->x, input->len ) );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 2 );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+ PSA_ASSERT(psa_hash_update(&operation, input->x, input->len));
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS);
mbedtls_test_driver_hash_hooks.forced_status = forced_status;
- TEST_EQUAL( psa_hash_finish( &operation,
- output, PSA_HASH_LENGTH( alg ),
- &output_length ),
- forced_status );
+ TEST_EQUAL(psa_hash_finish(&operation,
+ output, PSA_HASH_LENGTH(alg),
+ &output_length),
+ forced_status);
/* Two more calls to the driver interface: finish + abort */
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 4 );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 4);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status);
- if( forced_status == PSA_SUCCESS )
- ASSERT_COMPARE( output, output_length, hash->x, hash->len );
+ if (forced_status == PSA_SUCCESS) {
+ ASSERT_COMPARE(output, output_length, hash->x, hash->len);
+ }
exit:
- psa_hash_abort( &operation );
- mbedtls_free( output );
- PSA_DONE( );
+ psa_hash_abort(&operation);
+ mbedtls_free(output);
+ PSA_DONE();
mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void hash_clone( int alg_arg,
- data_t *input, data_t *hash,
- int forced_status_arg )
+void hash_clone(int alg_arg,
+ data_t *input, data_t *hash,
+ int forced_status_arg)
{
psa_algorithm_t alg = alg_arg;
psa_status_t forced_status = forced_status_arg;
@@ -1784,50 +1751,49 @@
size_t output_length;
mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
- ASSERT_ALLOC( output, PSA_HASH_LENGTH( alg ) );
+ ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg));
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/*
* Clone inactive operation, the driver shouldn't be called.
*/
- TEST_EQUAL( psa_hash_clone( &source_operation, &target_operation ),
- PSA_ERROR_BAD_STATE );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 0 );
+ TEST_EQUAL(psa_hash_clone(&source_operation, &target_operation),
+ PSA_ERROR_BAD_STATE);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0);
- PSA_ASSERT( psa_hash_setup( &source_operation, alg ) );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+ PSA_ASSERT(psa_hash_setup(&source_operation, alg));
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS);
mbedtls_test_driver_hash_hooks.forced_status = forced_status;
- TEST_EQUAL( psa_hash_clone( &source_operation, &target_operation ),
- forced_status );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits,
- forced_status == PSA_SUCCESS ? 2 : 3 );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+ TEST_EQUAL(psa_hash_clone(&source_operation, &target_operation),
+ forced_status);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits,
+ forced_status == PSA_SUCCESS ? 2 : 3);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status);
- if( forced_status == PSA_SUCCESS )
- {
+ if (forced_status == PSA_SUCCESS) {
mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
- PSA_ASSERT( psa_hash_update( &target_operation,
- input->x, input->len ) );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+ PSA_ASSERT(psa_hash_update(&target_operation,
+ input->x, input->len));
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS);
- PSA_ASSERT( psa_hash_finish( &target_operation,
- output, PSA_HASH_LENGTH( alg ),
- &output_length ) );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 3 );
- TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+ PSA_ASSERT(psa_hash_finish(&target_operation,
+ output, PSA_HASH_LENGTH(alg),
+ &output_length));
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 3);
+ TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS);
- ASSERT_COMPARE( output, output_length, hash->x, hash->len );
+ ASSERT_COMPARE(output, output_length, hash->x, hash->len);
}
exit:
- psa_hash_abort( &source_operation );
- psa_hash_abort( &target_operation );
- mbedtls_free( output );
- PSA_DONE( );
+ psa_hash_abort(&source_operation);
+ psa_hash_abort(&target_operation);
+ mbedtls_free(output);
+ PSA_DONE();
mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function
index 4dcbb36..26ce0d3 100644
--- a/tests/suites/test_suite_psa_crypto_entropy.function
+++ b/tests/suites/test_suite_psa_crypto_entropy.function
@@ -8,7 +8,8 @@
#include "mbedtls/entropy_poll.h"
/* Calculating the minimum allowed entropy size in bytes */
-#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
+#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, \
+ MBEDTLS_ENTROPY_BLOCK_SIZE)
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
@@ -22,15 +23,16 @@
* to do this (it would be a security risk if such a function was ever
* accessible in production), implement this functionality in a white-box
* manner. */
-psa_status_t remove_seed_file( void )
+psa_status_t remove_seed_file(void)
{
#if defined(MBEDTLS_PSA_ITS_FILE_C)
- if( remove( "00000000ffffff52.psa_its" ) == 0 )
- return( PSA_SUCCESS );
- else
- return( PSA_ERROR_DOES_NOT_EXIST );
+ if (remove("00000000ffffff52.psa_its") == 0) {
+ return PSA_SUCCESS;
+ } else {
+ return PSA_ERROR_DOES_NOT_EXIST;
+ }
#else
- return( psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ) );
+ return psa_its_remove(PSA_CRYPTO_ITS_RANDOM_SEED_UID);
#endif
}
@@ -39,44 +41,44 @@
/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-void external_rng_failure_generate( )
+void external_rng_failure_generate()
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
- psa_set_key_bits( &attributes, 128 );
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
+ psa_set_key_bits(&attributes, 128);
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
uint8_t output[1];
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- PSA_ASSERT( psa_generate_random( output, sizeof( output ) ) );
- PSA_ASSERT( psa_generate_key( &attributes, &key ) );
- PSA_ASSERT( psa_destroy_key( key ) );
+ PSA_ASSERT(psa_generate_random(output, sizeof(output)));
+ PSA_ASSERT(psa_generate_key(&attributes, &key));
+ PSA_ASSERT(psa_destroy_key(key));
- mbedtls_test_disable_insecure_external_rng( );
- TEST_EQUAL( PSA_ERROR_INSUFFICIENT_ENTROPY,
- psa_generate_random( output, sizeof( output ) ) );
- TEST_EQUAL( PSA_ERROR_INSUFFICIENT_ENTROPY,
- psa_generate_key( &attributes, &key ) );
+ mbedtls_test_disable_insecure_external_rng();
+ TEST_EQUAL(PSA_ERROR_INSUFFICIENT_ENTROPY,
+ psa_generate_random(output, sizeof(output)));
+ TEST_EQUAL(PSA_ERROR_INSUFFICIENT_ENTROPY,
+ psa_generate_key(&attributes, &key));
exit:
- psa_destroy_key( key );
- PSA_DONE( );
+ psa_destroy_key(key);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-void external_rng_failure_sign( int key_type, data_t *key_data, int alg,
- int input_size_arg )
+void external_rng_failure_sign(int key_type, data_t *key_data, int alg,
+ int input_size_arg)
{
/* This test case is only expected to pass if the signature mechanism
* requires randomness, either because it is a randomized signature
* or because the implementation uses blinding. */
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_set_key_type( &attributes, key_type );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
- psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
+ psa_set_key_algorithm(&attributes, alg);
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
size_t input_size = input_size_arg;
uint8_t *input = NULL;
@@ -84,43 +86,43 @@
size_t signature_size = PSA_SIGNATURE_MAX_SIZE;
size_t signature_length;
- ASSERT_ALLOC( input, input_size );
- ASSERT_ALLOC( signature, signature_size );
+ ASSERT_ALLOC(input, input_size);
+ ASSERT_ALLOC(signature, signature_size);
- PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
- PSA_ASSERT( psa_sign_hash( key, alg,
- input, input_size,
- signature, signature_size,
- &signature_length ) );
- PSA_ASSERT( psa_destroy_key( key ) );
+ PSA_ASSERT(psa_crypto_init());
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+ PSA_ASSERT(psa_sign_hash(key, alg,
+ input, input_size,
+ signature, signature_size,
+ &signature_length));
+ PSA_ASSERT(psa_destroy_key(key));
- mbedtls_test_disable_insecure_external_rng( );
+ mbedtls_test_disable_insecure_external_rng();
/* Import the key again, because for RSA Mbed TLS caches blinding values
* in the key object and this could perturb the test. */
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
- TEST_EQUAL( PSA_ERROR_INSUFFICIENT_ENTROPY,
- psa_sign_hash( key, alg,
- input, input_size,
- signature, signature_size,
- &signature_length ) );
- PSA_ASSERT( psa_destroy_key( key ) );
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+ TEST_EQUAL(PSA_ERROR_INSUFFICIENT_ENTROPY,
+ psa_sign_hash(key, alg,
+ input, input_size,
+ signature, signature_size,
+ &signature_length));
+ PSA_ASSERT(psa_destroy_key(key));
exit:
- psa_destroy_key( key );
- PSA_DONE( );
- mbedtls_free( input );
- mbedtls_free( signature );
+ psa_destroy_key(key);
+ PSA_DONE();
+ mbedtls_free(input);
+ mbedtls_free(signature);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_INJECT_ENTROPY */
-void validate_entropy_seed_injection( int seed_length_a,
- int expected_status_a,
- int seed_length_b,
- int expected_status_b )
+void validate_entropy_seed_injection(int seed_length_a,
+ int expected_status_a,
+ int seed_length_b,
+ int expected_status_b)
{
psa_status_t status;
uint8_t output[32] = { 0 };
@@ -128,68 +130,63 @@
uint8_t *seed = NULL;
int i;
int seed_size;
- if( seed_length_a > seed_length_b )
- {
+ if (seed_length_a > seed_length_b) {
seed_size = seed_length_a;
- }
- else
- {
+ } else {
seed_size = seed_length_b;
}
- ASSERT_ALLOC( seed, seed_size );
+ ASSERT_ALLOC(seed, seed_size);
/* fill seed with some data */
- for( i = 0; i < seed_size; ++i )
- {
+ for (i = 0; i < seed_size; ++i) {
seed[i] = i;
}
- status = remove_seed_file( );
- TEST_ASSERT( ( status == PSA_SUCCESS ) ||
- ( status == PSA_ERROR_DOES_NOT_EXIST ) );
- status = mbedtls_psa_inject_entropy( seed, seed_length_a );
- TEST_EQUAL( status, expected_status_a );
- status = mbedtls_psa_inject_entropy( seed, seed_length_b );
- TEST_EQUAL( status, expected_status_b );
- PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_generate_random( output,
- sizeof( output ) ) );
- TEST_ASSERT( memcmp( output, zeros, sizeof( output ) ) != 0 );
+ status = remove_seed_file();
+ TEST_ASSERT((status == PSA_SUCCESS) ||
+ (status == PSA_ERROR_DOES_NOT_EXIST));
+ status = mbedtls_psa_inject_entropy(seed, seed_length_a);
+ TEST_EQUAL(status, expected_status_a);
+ status = mbedtls_psa_inject_entropy(seed, seed_length_b);
+ TEST_EQUAL(status, expected_status_b);
+ PSA_ASSERT(psa_crypto_init());
+ PSA_ASSERT(psa_generate_random(output,
+ sizeof(output)));
+ TEST_ASSERT(memcmp(output, zeros, sizeof(output)) != 0);
exit:
- mbedtls_free( seed );
- remove_seed_file( );
- PSA_DONE( );
+ mbedtls_free(seed);
+ remove_seed_file();
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_INJECT_ENTROPY */
-void run_entropy_inject_with_crypto_init( )
+void run_entropy_inject_with_crypto_init()
{
psa_status_t status;
size_t i;
uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = { 0 };
/* fill seed with some data */
- for( i = 0; i < sizeof( seed ); ++i )
- {
+ for (i = 0; i < sizeof(seed); ++i) {
seed[i] = i;
}
- status = remove_seed_file( );
- TEST_ASSERT( ( status == PSA_SUCCESS ) ||
- ( status == PSA_ERROR_DOES_NOT_EXIST ) );
- status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
- PSA_ASSERT( status );
- status = remove_seed_file( );
- TEST_EQUAL( status, PSA_SUCCESS );
- status = psa_crypto_init( );
- TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_ENTROPY );
- status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
- PSA_ASSERT( status );
- status = psa_crypto_init( );
- PSA_ASSERT( status );
- PSA_DONE( );
+ status = remove_seed_file();
+ TEST_ASSERT((status == PSA_SUCCESS) ||
+ (status == PSA_ERROR_DOES_NOT_EXIST));
+ status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
+ PSA_ASSERT(status);
+ status = remove_seed_file();
+ TEST_EQUAL(status, PSA_SUCCESS);
+ status = psa_crypto_init();
+ TEST_EQUAL(status, PSA_ERROR_INSUFFICIENT_ENTROPY);
+ status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
+ PSA_ASSERT(status);
+ status = psa_crypto_init();
+ PSA_ASSERT(status);
+ PSA_DONE();
/* The seed is written by nv_seed callback functions therefore the injection will fail */
- status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
- TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
+ TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
exit:
- remove_seed_file( );
- PSA_DONE( );
+ remove_seed_file();
+ PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_generate_key.function b/tests/suites/test_suite_psa_crypto_generate_key.function
index 6dc6043..366e09b 100644
--- a/tests/suites/test_suite_psa_crypto_generate_key.function
+++ b/tests/suites/test_suite_psa_crypto_generate_key.function
@@ -3,7 +3,7 @@
#include "psa/crypto.h"
#include "test/psa_crypto_helpers.h"
-#define INVALID_KEY_ID mbedtls_svc_key_id_make( 0, 0xfedcba98 )
+#define INVALID_KEY_ID mbedtls_svc_key_id_make(0, 0xfedcba98)
/* END_HEADER */
@@ -13,7 +13,7 @@
*/
/* BEGIN_CASE */
-void generate_key( int key_type_arg, int bits_arg, int expected_status_arg)
+void generate_key(int key_type_arg, int bits_arg, int expected_status_arg)
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = INVALID_KEY_ID;
@@ -23,27 +23,26 @@
size_t bits = bits_arg;
psa_status_t expected_status = expected_status_arg;
- PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_type( &attributes, key_type );
- psa_set_key_bits( &attributes, bits );
- TEST_EQUAL( psa_generate_key( &attributes, &key_id ),
- expected_status );
+ PSA_ASSERT(psa_crypto_init());
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_bits(&attributes, bits);
+ TEST_EQUAL(psa_generate_key(&attributes, &key_id),
+ expected_status);
// Verify attributes of the created key on success
- if ( expected_status == PSA_SUCCESS )
- {
+ if (expected_status == PSA_SUCCESS) {
psa_reset_key_attributes(&attributes);
- PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) );
- TEST_EQUAL( psa_get_key_lifetime( &attributes ), PSA_KEY_LIFETIME_VOLATILE );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
- TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
- TEST_EQUAL( psa_get_key_type( &attributes ), key_type );
- TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
+ PSA_ASSERT(psa_get_key_attributes(key_id, &attributes));
+ TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE);
+ TEST_EQUAL(psa_get_key_usage_flags(&attributes), 0);
+ TEST_EQUAL(psa_get_key_algorithm(&attributes), 0);
+ TEST_EQUAL(psa_get_key_type(&attributes), key_type);
+ TEST_EQUAL(psa_get_key_bits(&attributes), bits);
}
exit:
psa_reset_key_attributes(&attributes);
- psa_destroy_key( key_id );
- PSA_DONE( );
+ psa_destroy_key(key_id);
+ PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function
index b0da2bf..f12541d 100644
--- a/tests/suites/test_suite_psa_crypto_hash.function
+++ b/tests/suites/test_suite_psa_crypto_hash.function
@@ -10,54 +10,54 @@
*/
/* BEGIN_CASE */
-void hash_finish( int alg_arg, data_t *input, data_t *expected_hash )
+void hash_finish(int alg_arg, data_t *input, data_t *expected_hash)
{
psa_algorithm_t alg = alg_arg;
unsigned char actual_hash[PSA_HASH_MAX_SIZE];
size_t actual_hash_length;
psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- PSA_ASSERT( psa_hash_setup( &operation, alg ) );
- PSA_ASSERT( psa_hash_update( &operation,
- input->x, input->len ) );
- PSA_ASSERT( psa_hash_finish( &operation,
- actual_hash, sizeof( actual_hash ),
- &actual_hash_length ) );
- ASSERT_COMPARE( expected_hash->x, expected_hash->len,
- actual_hash, actual_hash_length );
+ PSA_ASSERT(psa_hash_setup(&operation, alg));
+ PSA_ASSERT(psa_hash_update(&operation,
+ input->x, input->len));
+ PSA_ASSERT(psa_hash_finish(&operation,
+ actual_hash, sizeof(actual_hash),
+ &actual_hash_length));
+ ASSERT_COMPARE(expected_hash->x, expected_hash->len,
+ actual_hash, actual_hash_length);
exit:
- psa_hash_abort( &operation );
- PSA_DONE( );
+ psa_hash_abort(&operation);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void hash_verify( int alg_arg, data_t *input, data_t *expected_hash )
+void hash_verify(int alg_arg, data_t *input, data_t *expected_hash)
{
psa_algorithm_t alg = alg_arg;
psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- PSA_ASSERT( psa_hash_setup( &operation, alg ) );
- PSA_ASSERT( psa_hash_update( &operation,
- input->x,
- input->len ) );
- PSA_ASSERT( psa_hash_verify( &operation,
- expected_hash->x,
- expected_hash->len ) );
+ PSA_ASSERT(psa_hash_setup(&operation, alg));
+ PSA_ASSERT(psa_hash_update(&operation,
+ input->x,
+ input->len));
+ PSA_ASSERT(psa_hash_verify(&operation,
+ expected_hash->x,
+ expected_hash->len));
exit:
- psa_hash_abort( &operation );
- PSA_DONE( );
+ psa_hash_abort(&operation);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void hash_multi_part( int alg_arg, data_t *input, data_t *expected_hash )
+void hash_multi_part(int alg_arg, data_t *input, data_t *expected_hash)
{
psa_algorithm_t alg = alg_arg;
unsigned char actual_hash[PSA_HASH_MAX_SIZE];
@@ -66,37 +66,36 @@
psa_hash_operation_t operation2 = PSA_HASH_OPERATION_INIT;
uint32_t len = 0;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- do
- {
- memset( actual_hash, 0, sizeof( actual_hash ) );
- PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ do {
+ memset(actual_hash, 0, sizeof(actual_hash));
+ PSA_ASSERT(psa_hash_setup(&operation, alg));
- PSA_ASSERT( psa_hash_update( &operation,
- input->x, len ) );
- PSA_ASSERT( psa_hash_clone( &operation, &operation2 ) );
- PSA_ASSERT( psa_hash_update( &operation,
- input->x + len, input->len - len ) );
- PSA_ASSERT( psa_hash_update( &operation2,
- input->x + len, input->len - len ) );
+ PSA_ASSERT(psa_hash_update(&operation,
+ input->x, len));
+ PSA_ASSERT(psa_hash_clone(&operation, &operation2));
+ PSA_ASSERT(psa_hash_update(&operation,
+ input->x + len, input->len - len));
+ PSA_ASSERT(psa_hash_update(&operation2,
+ input->x + len, input->len - len));
- PSA_ASSERT( psa_hash_finish( &operation,
- actual_hash, sizeof( actual_hash ),
- &actual_hash_length ) );
- ASSERT_COMPARE( expected_hash->x, expected_hash->len,
- actual_hash, actual_hash_length );
+ PSA_ASSERT(psa_hash_finish(&operation,
+ actual_hash, sizeof(actual_hash),
+ &actual_hash_length));
+ ASSERT_COMPARE(expected_hash->x, expected_hash->len,
+ actual_hash, actual_hash_length);
- PSA_ASSERT( psa_hash_finish( &operation2,
- actual_hash, sizeof( actual_hash ),
- &actual_hash_length ) );
- ASSERT_COMPARE( expected_hash->x, expected_hash->len,
- actual_hash, actual_hash_length );
- } while( len++ != input->len );
+ PSA_ASSERT(psa_hash_finish(&operation2,
+ actual_hash, sizeof(actual_hash),
+ &actual_hash_length));
+ ASSERT_COMPARE(expected_hash->x, expected_hash->len,
+ actual_hash, actual_hash_length);
+ } while (len++ != input->len);
exit:
- psa_hash_abort( &operation );
- psa_hash_abort( &operation2 );
- PSA_DONE( );
+ psa_hash_abort(&operation);
+ psa_hash_abort(&operation2);
+ PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function
index 40efb87..7345ad1 100644
--- a/tests/suites/test_suite_psa_crypto_init.function
+++ b/tests/suites/test_suite_psa_crypto_init.function
@@ -17,7 +17,7 @@
* half the entropy length. For SHA-256, SHA-384 or SHA-512, the
* entropy length is 256 per the documentation of mbedtls_hmac_drbg_seed(),
* and PSA crypto doesn't support other hashes for HMAC_DRBG. */
-#define ENTROPY_NONCE_LEN ( 256 / 2 )
+#define ENTROPY_NONCE_LEN (256 / 2)
#else
/* PSA crypto uses the CTR_DRBG module. In some configurations, it needs
* to read from the entropy source twice: once for the initial entropy
@@ -28,28 +28,29 @@
#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-typedef struct
-{
+typedef struct {
size_t threshold; /* Minimum bytes to make mbedtls_entropy_func happy */
size_t max_steps;
size_t *length_sequence;
size_t step;
} fake_entropy_state_t;
-static int fake_entropy_source( void *state_arg,
- unsigned char *output, size_t len,
- size_t *olen )
+static int fake_entropy_source(void *state_arg,
+ unsigned char *output, size_t len,
+ size_t *olen)
{
fake_entropy_state_t *state = state_arg;
size_t i;
- if( state->step >= state->max_steps )
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ if (state->step >= state->max_steps) {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ }
- *olen = MIN( len, state->length_sequence[state->step] );
- for( i = 0; i < *olen; i++ )
+ *olen = MIN(len, state->length_sequence[state->step]);
+ for (i = 0; i < *olen; i++) {
output[i] = i;
+ }
++state->step;
- return( 0 );
+ return 0;
}
#define ENTROPY_SOURCE_PLATFORM 0x00000001
@@ -64,69 +65,71 @@
/* This is a modified version of mbedtls_entropy_init() from entropy.c
* which chooses entropy sources dynamically. */
-static void custom_entropy_init( mbedtls_entropy_context *ctx )
+static void custom_entropy_init(mbedtls_entropy_context *ctx)
{
ctx->source_count = 0;
- memset( ctx->source, 0, sizeof( ctx->source ) );
+ memset(ctx->source, 0, sizeof(ctx->source));
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &ctx->mutex );
+ mbedtls_mutex_init(&ctx->mutex);
#endif
ctx->accumulator_started = 0;
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
- mbedtls_sha512_init( &ctx->accumulator );
+ mbedtls_sha512_init(&ctx->accumulator);
#else
- mbedtls_sha256_init( &ctx->accumulator );
+ mbedtls_sha256_init(&ctx->accumulator);
#endif
#if defined(MBEDTLS_HAVEGE_C)
- mbedtls_havege_init( &ctx->havege_data );
+ mbedtls_havege_init(&ctx->havege_data);
#endif
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
- if( custom_entropy_sources_mask & ENTROPY_SOURCE_PLATFORM )
- mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL,
- MBEDTLS_ENTROPY_MIN_PLATFORM,
- MBEDTLS_ENTROPY_SOURCE_STRONG );
+ if (custom_entropy_sources_mask & ENTROPY_SOURCE_PLATFORM) {
+ mbedtls_entropy_add_source(ctx, mbedtls_platform_entropy_poll, NULL,
+ MBEDTLS_ENTROPY_MIN_PLATFORM,
+ MBEDTLS_ENTROPY_SOURCE_STRONG);
+ }
#endif
#if defined(MBEDTLS_TIMING_C)
- if( custom_entropy_sources_mask & ENTROPY_SOURCE_TIMING )
- mbedtls_entropy_add_source( ctx, mbedtls_hardclock_poll, NULL,
- MBEDTLS_ENTROPY_MIN_HARDCLOCK,
- MBEDTLS_ENTROPY_SOURCE_WEAK );
+ if (custom_entropy_sources_mask & ENTROPY_SOURCE_TIMING) {
+ mbedtls_entropy_add_source(ctx, mbedtls_hardclock_poll, NULL,
+ MBEDTLS_ENTROPY_MIN_HARDCLOCK,
+ MBEDTLS_ENTROPY_SOURCE_WEAK);
+ }
#endif
#if defined(MBEDTLS_HAVEGE_C)
- if( custom_entropy_sources_mask & ENTROPY_SOURCE_HAVEGE )
- mbedtls_entropy_add_source( ctx, mbedtls_havege_poll, &ctx->havege_data,
- MBEDTLS_ENTROPY_MIN_HAVEGE,
- MBEDTLS_ENTROPY_SOURCE_STRONG );
+ if (custom_entropy_sources_mask & ENTROPY_SOURCE_HAVEGE) {
+ mbedtls_entropy_add_source(ctx, mbedtls_havege_poll, &ctx->havege_data,
+ MBEDTLS_ENTROPY_MIN_HAVEGE,
+ MBEDTLS_ENTROPY_SOURCE_STRONG);
+ }
#endif
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
- if( custom_entropy_sources_mask & ENTROPY_SOURCE_HARDWARE )
- mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL,
- MBEDTLS_ENTROPY_MIN_HARDWARE,
- MBEDTLS_ENTROPY_SOURCE_STRONG );
+ if (custom_entropy_sources_mask & ENTROPY_SOURCE_HARDWARE) {
+ mbedtls_entropy_add_source(ctx, mbedtls_hardware_poll, NULL,
+ MBEDTLS_ENTROPY_MIN_HARDWARE,
+ MBEDTLS_ENTROPY_SOURCE_STRONG);
+ }
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
- if( custom_entropy_sources_mask & ENTROPY_SOURCE_NV_SEED )
- {
- mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL,
- MBEDTLS_ENTROPY_BLOCK_SIZE,
- MBEDTLS_ENTROPY_SOURCE_STRONG );
+ if (custom_entropy_sources_mask & ENTROPY_SOURCE_NV_SEED) {
+ mbedtls_entropy_add_source(ctx, mbedtls_nv_seed_poll, NULL,
+ MBEDTLS_ENTROPY_BLOCK_SIZE,
+ MBEDTLS_ENTROPY_SOURCE_STRONG);
ctx->initial_entropy_run = 0;
- }
- else
- {
+ } else {
/* Skip the NV seed even though it's compiled in. */
ctx->initial_entropy_run = 1;
}
#endif
- if( custom_entropy_sources_mask & ENTROPY_SOURCE_FAKE )
- mbedtls_entropy_add_source( ctx,
- fake_entropy_source, &fake_entropy_state,
- fake_entropy_state.threshold,
- MBEDTLS_ENTROPY_SOURCE_STRONG );
+ if (custom_entropy_sources_mask & ENTROPY_SOURCE_FAKE) {
+ mbedtls_entropy_add_source(ctx,
+ fake_entropy_source, &fake_entropy_state,
+ fake_entropy_state.threshold,
+ MBEDTLS_ENTROPY_SOURCE_STRONG);
+ }
}
#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
@@ -139,109 +142,106 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-void create_nv_seed( )
+void create_nv_seed()
{
static unsigned char seed[ENTROPY_MIN_NV_SEED_SIZE];
- TEST_ASSERT( mbedtls_nv_seed_write( seed, sizeof( seed ) ) >= 0 );
+ TEST_ASSERT(mbedtls_nv_seed_write(seed, sizeof(seed)) >= 0);
}
/* END_CASE */
/* BEGIN_CASE */
-void init_deinit( int count )
+void init_deinit(int count)
{
psa_status_t status;
int i;
- for( i = 0; i < count; i++ )
- {
- status = psa_crypto_init( );
- PSA_ASSERT( status );
- status = psa_crypto_init( );
- PSA_ASSERT( status );
- PSA_DONE( );
+ for (i = 0; i < count; i++) {
+ status = psa_crypto_init();
+ PSA_ASSERT(status);
+ status = psa_crypto_init();
+ PSA_ASSERT(status);
+ PSA_DONE();
}
}
/* END_CASE */
/* BEGIN_CASE */
-void deinit_without_init( int count )
+void deinit_without_init(int count)
{
int i;
- for( i = 0; i < count; i++ )
- {
- PSA_ASSERT( psa_crypto_init( ) );
- PSA_DONE( );
+ for (i = 0; i < count; i++) {
+ PSA_ASSERT(psa_crypto_init());
+ PSA_DONE();
}
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void validate_module_init_generate_random( int count )
+void validate_module_init_generate_random(int count)
{
psa_status_t status;
uint8_t random[10] = { 0 };
int i;
- for( i = 0; i < count; i++ )
- {
- status = psa_crypto_init( );
- PSA_ASSERT( status );
- PSA_DONE( );
+ for (i = 0; i < count; i++) {
+ status = psa_crypto_init();
+ PSA_ASSERT(status);
+ PSA_DONE();
}
- status = psa_generate_random( random, sizeof( random ) );
- TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
+ status = psa_generate_random(random, sizeof(random));
+ TEST_EQUAL(status, PSA_ERROR_BAD_STATE);
}
/* END_CASE */
/* BEGIN_CASE */
-void validate_module_init_key_based( int count )
+void validate_module_init_key_based(int count)
{
psa_status_t status;
uint8_t data[10] = { 0 };
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make( 0xdead, 0xdead );
+ mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0xdead, 0xdead);
int i;
- for( i = 0; i < count; i++ )
- {
- status = psa_crypto_init( );
- PSA_ASSERT( status );
- PSA_DONE( );
+ for (i = 0; i < count; i++) {
+ status = psa_crypto_init();
+ PSA_ASSERT(status);
+ PSA_DONE();
}
- psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
- status = psa_import_key( &attributes, data, sizeof( data ), &key );
- TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_ASSERT( mbedtls_svc_key_id_is_null( key ) );
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA);
+ status = psa_import_key(&attributes, data, sizeof(data), &key);
+ TEST_EQUAL(status, PSA_ERROR_BAD_STATE);
+ TEST_ASSERT(mbedtls_svc_key_id_is_null(key));
}
/* END_CASE */
/* BEGIN_CASE depends_on:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-void custom_entropy_sources( int sources_arg, int expected_init_status_arg )
+void custom_entropy_sources(int sources_arg, int expected_init_status_arg)
{
psa_status_t expected_init_status = expected_init_status_arg;
uint8_t random[10] = { 0 };
custom_entropy_sources_mask = sources_arg;
- PSA_ASSERT( mbedtls_psa_crypto_configure_entropy_sources(
- custom_entropy_init, mbedtls_entropy_free ) );
+ PSA_ASSERT(mbedtls_psa_crypto_configure_entropy_sources(
+ custom_entropy_init, mbedtls_entropy_free));
- TEST_EQUAL( psa_crypto_init( ), expected_init_status );
- if( expected_init_status != PSA_SUCCESS )
+ TEST_EQUAL(psa_crypto_init(), expected_init_status);
+ if (expected_init_status != PSA_SUCCESS) {
goto exit;
+ }
- PSA_ASSERT( psa_generate_random( random, sizeof( random ) ) );
+ PSA_ASSERT(psa_generate_random(random, sizeof(random)));
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-void fake_entropy_source( int threshold,
- int amount1,
- int amount2,
- int amount3,
- int amount4,
- int expected_init_status_arg )
+void fake_entropy_source(int threshold,
+ int amount1,
+ int amount2,
+ int amount3,
+ int amount4,
+ int expected_init_status_arg)
{
psa_status_t expected_init_status = expected_init_status_arg;
uint8_t random[10] = { 0 };
@@ -250,55 +250,61 @@
fake_entropy_state.threshold = threshold;
fake_entropy_state.step = 0;
fake_entropy_state.max_steps = 0;
- if( amount1 >= 0 )
+ if (amount1 >= 0) {
lengths[fake_entropy_state.max_steps++] = amount1;
- if( amount2 >= 0 )
+ }
+ if (amount2 >= 0) {
lengths[fake_entropy_state.max_steps++] = amount2;
- if( amount3 >= 0 )
+ }
+ if (amount3 >= 0) {
lengths[fake_entropy_state.max_steps++] = amount3;
- if( amount4 >= 0 )
+ }
+ if (amount4 >= 0) {
lengths[fake_entropy_state.max_steps++] = amount4;
+ }
fake_entropy_state.length_sequence = lengths;
custom_entropy_sources_mask = ENTROPY_SOURCE_FAKE;
- PSA_ASSERT( mbedtls_psa_crypto_configure_entropy_sources(
- custom_entropy_init, mbedtls_entropy_free ) );
+ PSA_ASSERT(mbedtls_psa_crypto_configure_entropy_sources(
+ custom_entropy_init, mbedtls_entropy_free));
- TEST_EQUAL( psa_crypto_init( ), expected_init_status );
- if( expected_init_status != PSA_SUCCESS )
+ TEST_EQUAL(psa_crypto_init(), expected_init_status);
+ if (expected_init_status != PSA_SUCCESS) {
goto exit;
+ }
- PSA_ASSERT( psa_generate_random( random, sizeof( random ) ) );
+ PSA_ASSERT(psa_generate_random(random, sizeof(random)));
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-void entropy_from_nv_seed( int seed_size_arg,
- int expected_init_status_arg )
+void entropy_from_nv_seed(int seed_size_arg,
+ int expected_init_status_arg)
{
psa_status_t expected_init_status = expected_init_status_arg;
uint8_t random[10] = { 0 };
uint8_t *seed = NULL;
size_t seed_size = seed_size_arg;
- ASSERT_ALLOC( seed, seed_size );
- TEST_ASSERT( mbedtls_nv_seed_write( seed, seed_size ) >= 0 );
+ ASSERT_ALLOC(seed, seed_size);
+ TEST_ASSERT(mbedtls_nv_seed_write(seed, seed_size) >= 0);
custom_entropy_sources_mask = ENTROPY_SOURCE_NV_SEED;
- PSA_ASSERT( mbedtls_psa_crypto_configure_entropy_sources(
- custom_entropy_init, mbedtls_entropy_free ) );
+ PSA_ASSERT(mbedtls_psa_crypto_configure_entropy_sources(
+ custom_entropy_init, mbedtls_entropy_free));
- TEST_EQUAL( psa_crypto_init( ), expected_init_status );
- if( expected_init_status != PSA_SUCCESS )
+ TEST_EQUAL(psa_crypto_init(), expected_init_status);
+ if (expected_init_status != PSA_SUCCESS) {
goto exit;
+ }
- PSA_ASSERT( psa_generate_random( random, sizeof( random ) ) );
+ PSA_ASSERT(psa_generate_random(random, sizeof(random)));
exit:
- mbedtls_free( seed );
- PSA_DONE( );
+ mbedtls_free(seed);
+ PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index f2ba16a..47d60c1 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -16,56 +16,56 @@
* category test macros, which are hard-coded in each
* category-specific function. The name of the flag is the name of the
* classification macro without the PSA_ prefix. */
-#define ALG_IS_VENDOR_DEFINED ( 1u << 0 )
-#define ALG_IS_HMAC ( 1u << 1 )
-#define ALG_IS_BLOCK_CIPHER_MAC ( 1u << 2 )
-#define ALG_IS_STREAM_CIPHER ( 1u << 3 )
-#define ALG_IS_RSA_PKCS1V15_SIGN ( 1u << 4 )
-#define ALG_IS_RSA_PSS ( 1u << 5 )
-#define ALG_IS_RSA_PSS_ANY_SALT ( 1u << 6 )
-#define ALG_IS_RSA_PSS_STANDARD_SALT ( 1u << 7 )
-#define ALG_IS_DSA ( 1u << 8 )
-#define ALG_DSA_IS_DETERMINISTIC ( 1u << 9 )
-#define ALG_IS_DETERMINISTIC_DSA ( 1u << 10 )
-#define ALG_IS_RANDOMIZED_DSA ( 1u << 11 )
-#define ALG_IS_ECDSA ( 1u << 12 )
-#define ALG_ECDSA_IS_DETERMINISTIC ( 1u << 13 )
-#define ALG_IS_DETERMINISTIC_ECDSA ( 1u << 14 )
-#define ALG_IS_RANDOMIZED_ECDSA ( 1u << 15 )
-#define ALG_IS_HASH_EDDSA ( 1u << 16 )
-#define ALG_IS_SIGN_HASH ( 1u << 17 )
-#define ALG_IS_HASH_AND_SIGN ( 1u << 18 )
-#define ALG_IS_RSA_OAEP ( 1u << 19 )
-#define ALG_IS_HKDF ( 1u << 20 )
-#define ALG_IS_FFDH ( 1u << 21 )
-#define ALG_IS_ECDH ( 1u << 22 )
-#define ALG_IS_WILDCARD ( 1u << 23 )
-#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 24 )
-#define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 25 )
-#define ALG_IS_TLS12_PRF ( 1u << 26 )
-#define ALG_IS_TLS12_PSK_TO_MS ( 1u << 27 )
-#define ALG_FLAG_MASK_PLUS_ONE ( 1u << 28 ) /* must be last! */
+#define ALG_IS_VENDOR_DEFINED (1u << 0)
+#define ALG_IS_HMAC (1u << 1)
+#define ALG_IS_BLOCK_CIPHER_MAC (1u << 2)
+#define ALG_IS_STREAM_CIPHER (1u << 3)
+#define ALG_IS_RSA_PKCS1V15_SIGN (1u << 4)
+#define ALG_IS_RSA_PSS (1u << 5)
+#define ALG_IS_RSA_PSS_ANY_SALT (1u << 6)
+#define ALG_IS_RSA_PSS_STANDARD_SALT (1u << 7)
+#define ALG_IS_DSA (1u << 8)
+#define ALG_DSA_IS_DETERMINISTIC (1u << 9)
+#define ALG_IS_DETERMINISTIC_DSA (1u << 10)
+#define ALG_IS_RANDOMIZED_DSA (1u << 11)
+#define ALG_IS_ECDSA (1u << 12)
+#define ALG_ECDSA_IS_DETERMINISTIC (1u << 13)
+#define ALG_IS_DETERMINISTIC_ECDSA (1u << 14)
+#define ALG_IS_RANDOMIZED_ECDSA (1u << 15)
+#define ALG_IS_HASH_EDDSA (1u << 16)
+#define ALG_IS_SIGN_HASH (1u << 17)
+#define ALG_IS_HASH_AND_SIGN (1u << 18)
+#define ALG_IS_RSA_OAEP (1u << 19)
+#define ALG_IS_HKDF (1u << 20)
+#define ALG_IS_FFDH (1u << 21)
+#define ALG_IS_ECDH (1u << 22)
+#define ALG_IS_WILDCARD (1u << 23)
+#define ALG_IS_RAW_KEY_AGREEMENT (1u << 24)
+#define ALG_IS_AEAD_ON_BLOCK_CIPHER (1u << 25)
+#define ALG_IS_TLS12_PRF (1u << 26)
+#define ALG_IS_TLS12_PSK_TO_MS (1u << 27)
+#define ALG_FLAG_MASK_PLUS_ONE (1u << 28) /* must be last! */
/* Flags for key type classification macros. There is a flag for every
* key type classification macro PSA_KEY_TYPE_IS_xxx except for some that
* are tested as derived from other macros. The name of the flag is
* the name of the classification macro without the PSA_ prefix. */
-#define KEY_TYPE_IS_VENDOR_DEFINED ( 1u << 0 )
-#define KEY_TYPE_IS_UNSTRUCTURED ( 1u << 1 )
-#define KEY_TYPE_IS_PUBLIC_KEY ( 1u << 2 )
-#define KEY_TYPE_IS_KEY_PAIR ( 1u << 3 )
-#define KEY_TYPE_IS_RSA ( 1u << 4 )
-#define KEY_TYPE_IS_DSA ( 1u << 5 )
-#define KEY_TYPE_IS_ECC ( 1u << 6 )
-#define KEY_TYPE_IS_DH ( 1u << 7 )
-#define KEY_TYPE_FLAG_MASK_PLUS_ONE ( 1u << 8 ) /* must be last! */
+#define KEY_TYPE_IS_VENDOR_DEFINED (1u << 0)
+#define KEY_TYPE_IS_UNSTRUCTURED (1u << 1)
+#define KEY_TYPE_IS_PUBLIC_KEY (1u << 2)
+#define KEY_TYPE_IS_KEY_PAIR (1u << 3)
+#define KEY_TYPE_IS_RSA (1u << 4)
+#define KEY_TYPE_IS_DSA (1u << 5)
+#define KEY_TYPE_IS_ECC (1u << 6)
+#define KEY_TYPE_IS_DH (1u << 7)
+#define KEY_TYPE_FLAG_MASK_PLUS_ONE (1u << 8) /* must be last! */
/* Flags for lifetime classification macros. There is a flag for every
* lifetime classification macro PSA_KEY_LIFETIME_IS_xxx. The name of the
* flag is the name of the classification macro without the PSA_ prefix. */
-#define KEY_LIFETIME_IS_VOLATILE ( 1u << 0 )
-#define KEY_LIFETIME_IS_READ_ONLY ( 1u << 1 )
-#define KEY_LIFETIME_FLAG_MASK_PLUS_ONE ( 1u << 2 ) /* must be last! */
+#define KEY_LIFETIME_IS_VOLATILE (1u << 0)
+#define KEY_LIFETIME_IS_READ_ONLY (1u << 1)
+#define KEY_LIFETIME_FLAG_MASK_PLUS_ONE (1u << 2) /* must be last! */
/* Check that in the value of flags, the bit flag (which should be a macro
* expanding to a number of the form 1 << k) is set if and only if
@@ -78,19 +78,19 @@
* Unconditionally mask flag into the ambient variable
* classification_flags_tested.
*/
-#define TEST_CLASSIFICATION_MACRO( cond, flag, alg, flags ) \
+#define TEST_CLASSIFICATION_MACRO(cond, flag, alg, flags) \
do \
{ \
- if( cond ) \
+ if (cond) \
{ \
- if( ( flags ) & ( flag ) ) \
- TEST_ASSERT( PSA_##flag( alg ) ); \
+ if ((flags) & (flag)) \
+ TEST_ASSERT(PSA_##flag(alg)); \
else \
- TEST_ASSERT( ! PSA_##flag( alg ) ); \
+ TEST_ASSERT(!PSA_##flag(alg)); \
} \
- classification_flags_tested |= ( flag ); \
+ classification_flags_tested |= (flag); \
} \
- while( 0 )
+ while (0)
/* Check the parity of value.
*
@@ -104,134 +104,134 @@
* The expected parity is even so that 0 is considered a valid encoding.
*
* Return a nonzero value if value has even parity and 0 otherwise. */
-int has_even_parity( uint32_t value )
+int has_even_parity(uint32_t value)
{
value ^= value >> 16;
value ^= value >> 8;
value ^= value >> 4;
- return( 0x9669 & 1 << ( value & 0xf ) );
+ return 0x9669 & 1 << (value & 0xf);
}
-#define TEST_PARITY( value ) \
- TEST_ASSERT( has_even_parity( value ) )
+#define TEST_PARITY(value) \
+ TEST_ASSERT(has_even_parity(value))
-void algorithm_classification( psa_algorithm_t alg, unsigned flags )
+void algorithm_classification(psa_algorithm_t alg, unsigned flags)
{
unsigned classification_flags_tested = 0;
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_VENDOR_DEFINED, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HMAC, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_BLOCK_CIPHER_MAC, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_STREAM_CIPHER, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PKCS1V15_SIGN, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS_ANY_SALT, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS_STANDARD_SALT, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DSA, alg, flags );
- TEST_CLASSIFICATION_MACRO( PSA_ALG_IS_DSA( alg ),
- ALG_DSA_IS_DETERMINISTIC, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DETERMINISTIC_DSA, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RANDOMIZED_DSA, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_ECDSA, alg, flags );
- TEST_CLASSIFICATION_MACRO( PSA_ALG_IS_ECDSA( alg ),
- ALG_ECDSA_IS_DETERMINISTIC, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DETERMINISTIC_ECDSA, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RANDOMIZED_ECDSA, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HASH_EDDSA, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_SIGN_HASH, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HASH_AND_SIGN, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_OAEP, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_WILDCARD, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_ECDH, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_FFDH, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RAW_KEY_AGREEMENT, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_AEAD_ON_BLOCK_CIPHER, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_TLS12_PRF, alg, flags );
- TEST_CLASSIFICATION_MACRO( 1, ALG_IS_TLS12_PSK_TO_MS, alg, flags );
- TEST_EQUAL( classification_flags_tested, ALG_FLAG_MASK_PLUS_ONE - 1 );
-exit: ;
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_VENDOR_DEFINED, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_HMAC, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_BLOCK_CIPHER_MAC, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_STREAM_CIPHER, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_RSA_PKCS1V15_SIGN, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_RSA_PSS, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_RSA_PSS_ANY_SALT, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_RSA_PSS_STANDARD_SALT, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_DSA, alg, flags);
+ TEST_CLASSIFICATION_MACRO(PSA_ALG_IS_DSA(alg),
+ ALG_DSA_IS_DETERMINISTIC, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_DETERMINISTIC_DSA, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_RANDOMIZED_DSA, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_ECDSA, alg, flags);
+ TEST_CLASSIFICATION_MACRO(PSA_ALG_IS_ECDSA(alg),
+ ALG_ECDSA_IS_DETERMINISTIC, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_DETERMINISTIC_ECDSA, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_RANDOMIZED_ECDSA, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_HASH_EDDSA, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_SIGN_HASH, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_HASH_AND_SIGN, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_RSA_OAEP, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_HKDF, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_WILDCARD, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_ECDH, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_FFDH, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_RAW_KEY_AGREEMENT, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_AEAD_ON_BLOCK_CIPHER, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_TLS12_PRF, alg, flags);
+ TEST_CLASSIFICATION_MACRO(1, ALG_IS_TLS12_PSK_TO_MS, alg, flags);
+ TEST_EQUAL(classification_flags_tested, ALG_FLAG_MASK_PLUS_ONE - 1);
+exit:;
}
-void key_type_classification( psa_key_type_t type, unsigned flags )
+void key_type_classification(psa_key_type_t type, unsigned flags)
{
unsigned classification_flags_tested = 0;
/* Macros tested based on the test case parameter */
- TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_VENDOR_DEFINED, type, flags );
- TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_UNSTRUCTURED, type, flags );
- TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_PUBLIC_KEY, type, flags );
- TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_KEY_PAIR, type, flags );
- TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_RSA, type, flags );
- TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_DSA, type, flags );
- TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_ECC, type, flags );
- TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_DH, type, flags );
- TEST_EQUAL( classification_flags_tested, KEY_TYPE_FLAG_MASK_PLUS_ONE - 1 );
+ TEST_CLASSIFICATION_MACRO(1, KEY_TYPE_IS_VENDOR_DEFINED, type, flags);
+ TEST_CLASSIFICATION_MACRO(1, KEY_TYPE_IS_UNSTRUCTURED, type, flags);
+ TEST_CLASSIFICATION_MACRO(1, KEY_TYPE_IS_PUBLIC_KEY, type, flags);
+ TEST_CLASSIFICATION_MACRO(1, KEY_TYPE_IS_KEY_PAIR, type, flags);
+ TEST_CLASSIFICATION_MACRO(1, KEY_TYPE_IS_RSA, type, flags);
+ TEST_CLASSIFICATION_MACRO(1, KEY_TYPE_IS_DSA, type, flags);
+ TEST_CLASSIFICATION_MACRO(1, KEY_TYPE_IS_ECC, type, flags);
+ TEST_CLASSIFICATION_MACRO(1, KEY_TYPE_IS_DH, type, flags);
+ TEST_EQUAL(classification_flags_tested, KEY_TYPE_FLAG_MASK_PLUS_ONE - 1);
/* Macros with derived semantics */
- TEST_EQUAL( PSA_KEY_TYPE_IS_ASYMMETRIC( type ),
- ( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ||
- PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) );
- TEST_EQUAL( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ),
- ( PSA_KEY_TYPE_IS_ECC( type ) &&
- PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) );
- TEST_EQUAL( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ),
- ( PSA_KEY_TYPE_IS_ECC( type ) &&
- PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) );
- TEST_EQUAL( PSA_KEY_TYPE_IS_DH_KEY_PAIR( type ),
- ( PSA_KEY_TYPE_IS_DH( type ) &&
- PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) );
- TEST_EQUAL( PSA_KEY_TYPE_IS_DH_PUBLIC_KEY( type ),
- ( PSA_KEY_TYPE_IS_DH( type ) &&
- PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) );
+ TEST_EQUAL(PSA_KEY_TYPE_IS_ASYMMETRIC(type),
+ (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ||
+ PSA_KEY_TYPE_IS_KEY_PAIR(type)));
+ TEST_EQUAL(PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type),
+ (PSA_KEY_TYPE_IS_ECC(type) &&
+ PSA_KEY_TYPE_IS_KEY_PAIR(type)));
+ TEST_EQUAL(PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type),
+ (PSA_KEY_TYPE_IS_ECC(type) &&
+ PSA_KEY_TYPE_IS_PUBLIC_KEY(type)));
+ TEST_EQUAL(PSA_KEY_TYPE_IS_DH_KEY_PAIR(type),
+ (PSA_KEY_TYPE_IS_DH(type) &&
+ PSA_KEY_TYPE_IS_KEY_PAIR(type)));
+ TEST_EQUAL(PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type),
+ (PSA_KEY_TYPE_IS_DH(type) &&
+ PSA_KEY_TYPE_IS_PUBLIC_KEY(type)));
- TEST_PARITY( type );
+ TEST_PARITY(type);
-exit: ;
+exit:;
}
-void mac_algorithm_core( psa_algorithm_t alg, int classification_flags,
- psa_key_type_t key_type, size_t key_bits,
- size_t length )
+void mac_algorithm_core(psa_algorithm_t alg, int classification_flags,
+ psa_key_type_t key_type, size_t key_bits,
+ size_t length)
{
/* Algorithm classification */
- TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
- TEST_ASSERT( PSA_ALG_IS_MAC( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
- algorithm_classification( alg, classification_flags );
+ TEST_ASSERT(!PSA_ALG_IS_HASH(alg));
+ TEST_ASSERT(PSA_ALG_IS_MAC(alg));
+ TEST_ASSERT(!PSA_ALG_IS_CIPHER(alg));
+ TEST_ASSERT(!PSA_ALG_IS_AEAD(alg));
+ TEST_ASSERT(!PSA_ALG_IS_SIGN(alg));
+ TEST_ASSERT(!PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg));
+ TEST_ASSERT(!PSA_ALG_IS_KEY_AGREEMENT(alg));
+ TEST_ASSERT(!PSA_ALG_IS_KEY_DERIVATION(alg));
+ algorithm_classification(alg, classification_flags);
/* Length */
- TEST_EQUAL( length, PSA_MAC_LENGTH( key_type, key_bits, alg ) );
+ TEST_EQUAL(length, PSA_MAC_LENGTH(key_type, key_bits, alg));
#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C)
- PSA_ASSERT( psa_mac_key_can_do( alg, key_type ) );
+ PSA_ASSERT(psa_mac_key_can_do(alg, key_type));
#endif
-exit: ;
+exit:;
}
-void aead_algorithm_core( psa_algorithm_t alg, int classification_flags,
- psa_key_type_t key_type, size_t key_bits,
- size_t tag_length )
+void aead_algorithm_core(psa_algorithm_t alg, int classification_flags,
+ psa_key_type_t key_type, size_t key_bits,
+ size_t tag_length)
{
/* Algorithm classification */
- TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
- TEST_ASSERT( PSA_ALG_IS_AEAD( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
- algorithm_classification( alg, classification_flags );
+ TEST_ASSERT(!PSA_ALG_IS_HASH(alg));
+ TEST_ASSERT(!PSA_ALG_IS_MAC(alg));
+ TEST_ASSERT(!PSA_ALG_IS_CIPHER(alg));
+ TEST_ASSERT(PSA_ALG_IS_AEAD(alg));
+ TEST_ASSERT(!PSA_ALG_IS_SIGN(alg));
+ TEST_ASSERT(!PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg));
+ TEST_ASSERT(!PSA_ALG_IS_KEY_AGREEMENT(alg));
+ TEST_ASSERT(!PSA_ALG_IS_KEY_DERIVATION(alg));
+ algorithm_classification(alg, classification_flags);
/* Tag length */
- TEST_EQUAL( tag_length, PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ) );
+ TEST_EQUAL(tag_length, PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg));
-exit: ;
+exit:;
}
/* END_HEADER */
@@ -242,52 +242,52 @@
*/
/* BEGIN_CASE */
-void hash_algorithm( int alg_arg, int length_arg )
+void hash_algorithm(int alg_arg, int length_arg)
{
psa_algorithm_t alg = alg_arg;
size_t length = length_arg;
- psa_algorithm_t hmac_alg = PSA_ALG_HMAC( alg );
- psa_algorithm_t rsa_pkcs1v15_sign_alg = PSA_ALG_RSA_PKCS1V15_SIGN( alg );
- psa_algorithm_t rsa_pss_alg = PSA_ALG_RSA_PSS( alg );
- psa_algorithm_t dsa_alg = PSA_ALG_DSA( alg );
- psa_algorithm_t deterministic_dsa_alg = PSA_ALG_DETERMINISTIC_DSA( alg );
- psa_algorithm_t ecdsa_alg = PSA_ALG_ECDSA( alg );
- psa_algorithm_t deterministic_ecdsa_alg = PSA_ALG_DETERMINISTIC_ECDSA( alg );
- psa_algorithm_t rsa_oaep_alg = PSA_ALG_RSA_OAEP( alg );
- psa_algorithm_t hkdf_alg = PSA_ALG_HKDF( alg );
+ psa_algorithm_t hmac_alg = PSA_ALG_HMAC(alg);
+ psa_algorithm_t rsa_pkcs1v15_sign_alg = PSA_ALG_RSA_PKCS1V15_SIGN(alg);
+ psa_algorithm_t rsa_pss_alg = PSA_ALG_RSA_PSS(alg);
+ psa_algorithm_t dsa_alg = PSA_ALG_DSA(alg);
+ psa_algorithm_t deterministic_dsa_alg = PSA_ALG_DETERMINISTIC_DSA(alg);
+ psa_algorithm_t ecdsa_alg = PSA_ALG_ECDSA(alg);
+ psa_algorithm_t deterministic_ecdsa_alg = PSA_ALG_DETERMINISTIC_ECDSA(alg);
+ psa_algorithm_t rsa_oaep_alg = PSA_ALG_RSA_OAEP(alg);
+ psa_algorithm_t hkdf_alg = PSA_ALG_HKDF(alg);
/* Algorithm classification */
- TEST_ASSERT( PSA_ALG_IS_HASH( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
- algorithm_classification( alg, 0 );
+ TEST_ASSERT(PSA_ALG_IS_HASH(alg));
+ TEST_ASSERT(!PSA_ALG_IS_MAC(alg));
+ TEST_ASSERT(!PSA_ALG_IS_CIPHER(alg));
+ TEST_ASSERT(!PSA_ALG_IS_AEAD(alg));
+ TEST_ASSERT(!PSA_ALG_IS_SIGN(alg));
+ TEST_ASSERT(!PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg));
+ TEST_ASSERT(!PSA_ALG_IS_KEY_AGREEMENT(alg));
+ TEST_ASSERT(!PSA_ALG_IS_KEY_DERIVATION(alg));
+ algorithm_classification(alg, 0);
/* Dependent algorithms */
- TEST_EQUAL( PSA_ALG_HMAC_GET_HASH( hmac_alg ), alg );
- TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( rsa_pkcs1v15_sign_alg ), alg );
- TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( rsa_pss_alg ), alg );
- TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( dsa_alg ), alg );
- TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( deterministic_dsa_alg ), alg );
- TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( ecdsa_alg ), alg );
- TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( deterministic_ecdsa_alg ), alg );
- TEST_EQUAL( PSA_ALG_RSA_OAEP_GET_HASH( rsa_oaep_alg ), alg );
- TEST_EQUAL( PSA_ALG_HKDF_GET_HASH( hkdf_alg ), alg );
+ TEST_EQUAL(PSA_ALG_HMAC_GET_HASH(hmac_alg), alg);
+ TEST_EQUAL(PSA_ALG_SIGN_GET_HASH(rsa_pkcs1v15_sign_alg), alg);
+ TEST_EQUAL(PSA_ALG_SIGN_GET_HASH(rsa_pss_alg), alg);
+ TEST_EQUAL(PSA_ALG_SIGN_GET_HASH(dsa_alg), alg);
+ TEST_EQUAL(PSA_ALG_SIGN_GET_HASH(deterministic_dsa_alg), alg);
+ TEST_EQUAL(PSA_ALG_SIGN_GET_HASH(ecdsa_alg), alg);
+ TEST_EQUAL(PSA_ALG_SIGN_GET_HASH(deterministic_ecdsa_alg), alg);
+ TEST_EQUAL(PSA_ALG_RSA_OAEP_GET_HASH(rsa_oaep_alg), alg);
+ TEST_EQUAL(PSA_ALG_HKDF_GET_HASH(hkdf_alg), alg);
/* Hash length */
- TEST_EQUAL( length, PSA_HASH_LENGTH( alg ) );
- TEST_ASSERT( length <= PSA_HASH_MAX_SIZE );
+ TEST_EQUAL(length, PSA_HASH_LENGTH(alg));
+ TEST_ASSERT(length <= PSA_HASH_MAX_SIZE);
}
/* END_CASE */
/* BEGIN_CASE */
-void mac_algorithm( int alg_arg, int classification_flags,
- int length_arg,
- int key_type_arg, int key_bits_arg )
+void mac_algorithm(int alg_arg, int classification_flags,
+ int length_arg,
+ int key_type_arg, int key_bits_arg)
{
psa_algorithm_t alg = alg_arg;
size_t length = length_arg;
@@ -295,127 +295,124 @@
size_t key_type = key_type_arg;
size_t key_bits = key_bits_arg;
- mac_algorithm_core( alg, classification_flags,
- key_type, key_bits, length );
- TEST_EQUAL( PSA_ALG_FULL_LENGTH_MAC( alg ), alg );
- TEST_ASSERT( length <= PSA_MAC_MAX_SIZE );
+ mac_algorithm_core(alg, classification_flags,
+ key_type, key_bits, length);
+ TEST_EQUAL(PSA_ALG_FULL_LENGTH_MAC(alg), alg);
+ TEST_ASSERT(length <= PSA_MAC_MAX_SIZE);
/* Truncated versions */
- for( n = 1; n <= length; n++ )
- {
- psa_algorithm_t truncated_alg = PSA_ALG_TRUNCATED_MAC( alg, n );
- mac_algorithm_core( truncated_alg, classification_flags,
- key_type, key_bits, n );
- TEST_EQUAL( PSA_ALG_FULL_LENGTH_MAC( truncated_alg ), alg );
+ for (n = 1; n <= length; n++) {
+ psa_algorithm_t truncated_alg = PSA_ALG_TRUNCATED_MAC(alg, n);
+ mac_algorithm_core(truncated_alg, classification_flags,
+ key_type, key_bits, n);
+ TEST_EQUAL(PSA_ALG_FULL_LENGTH_MAC(truncated_alg), alg);
/* Check that calling PSA_ALG_TRUNCATED_MAC twice gives the length
* of the outer truncation (even if the outer length is smaller than
* the inner length). */
- TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( truncated_alg, 1 ),
- PSA_ALG_TRUNCATED_MAC( alg, 1 ) );
- TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( truncated_alg, length - 1 ),
- PSA_ALG_TRUNCATED_MAC( alg, length - 1) );
- TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( truncated_alg, length ),
- PSA_ALG_TRUNCATED_MAC( alg, length ) );
+ TEST_EQUAL(PSA_ALG_TRUNCATED_MAC(truncated_alg, 1),
+ PSA_ALG_TRUNCATED_MAC(alg, 1));
+ TEST_EQUAL(PSA_ALG_TRUNCATED_MAC(truncated_alg, length - 1),
+ PSA_ALG_TRUNCATED_MAC(alg, length - 1));
+ TEST_EQUAL(PSA_ALG_TRUNCATED_MAC(truncated_alg, length),
+ PSA_ALG_TRUNCATED_MAC(alg, length));
/* Check that calling PSA_ALG_TRUNCATED_MAC on an algorithm
* earlier constructed with PSA_ALG_AT_LEAST_THIS_LENGTH_MAC gives the
* length of the outer truncation (even if the outer length is smaller
* than the inner length). */
- TEST_EQUAL( PSA_ALG_TRUNCATED_MAC(
- PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( truncated_alg, n ), 1 ),
- PSA_ALG_TRUNCATED_MAC( alg, 1 ) );
- TEST_EQUAL( PSA_ALG_TRUNCATED_MAC(
- PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( truncated_alg, n ), length - 1 ),
- PSA_ALG_TRUNCATED_MAC( alg, length - 1) );
- TEST_EQUAL( PSA_ALG_TRUNCATED_MAC(
- PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( truncated_alg, n ), length ),
- PSA_ALG_TRUNCATED_MAC( alg, length ) );
+ TEST_EQUAL(PSA_ALG_TRUNCATED_MAC(
+ PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(truncated_alg, n), 1),
+ PSA_ALG_TRUNCATED_MAC(alg, 1));
+ TEST_EQUAL(PSA_ALG_TRUNCATED_MAC(
+ PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(truncated_alg, n), length - 1),
+ PSA_ALG_TRUNCATED_MAC(alg, length - 1));
+ TEST_EQUAL(PSA_ALG_TRUNCATED_MAC(
+ PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(truncated_alg, n), length),
+ PSA_ALG_TRUNCATED_MAC(alg, length));
}
/* At-leat-this-length versions */
- for( n = 1; n <= length; n++ )
- {
- psa_algorithm_t policy_alg = PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, n );
- mac_algorithm_core( policy_alg, classification_flags | ALG_IS_WILDCARD,
- key_type, key_bits, n );
- TEST_EQUAL( PSA_ALG_FULL_LENGTH_MAC( policy_alg ), alg );
+ for (n = 1; n <= length; n++) {
+ psa_algorithm_t policy_alg = PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg, n);
+ mac_algorithm_core(policy_alg, classification_flags | ALG_IS_WILDCARD,
+ key_type, key_bits, n);
+ TEST_EQUAL(PSA_ALG_FULL_LENGTH_MAC(policy_alg), alg);
/* Check that calling PSA_ALG_AT_LEAST_THIS_LENGTH_MAC twice gives the
* length of the outer truncation (even if the outer length is smaller
* than the inner length). */
- TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( policy_alg, 1 ),
- PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, 1 ) );
- TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( policy_alg, length - 1 ),
- PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length - 1) );
- TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( policy_alg, length ),
- PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length ) );
+ TEST_EQUAL(PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(policy_alg, 1),
+ PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg, 1));
+ TEST_EQUAL(PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(policy_alg, length - 1),
+ PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg, length - 1));
+ TEST_EQUAL(PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(policy_alg, length),
+ PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg, length));
/* Check that calling PSA_ALG_AT_LEAST_THIS_LENGTH_MAC on an algorithm
* earlier constructed with PSA_ALG_TRUNCATED_MAC gives the length of
* the outer truncation (even if the outer length is smaller than the
* inner length). */
- TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(
- PSA_ALG_TRUNCATED_MAC( policy_alg, n ), 1),
- PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, 1 ) );
- TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(
- PSA_ALG_TRUNCATED_MAC( policy_alg, n ), length - 1 ),
- PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length - 1) );
- TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(
- PSA_ALG_TRUNCATED_MAC( policy_alg, n ), length ),
- PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length ) );
+ TEST_EQUAL(PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(
+ PSA_ALG_TRUNCATED_MAC(policy_alg, n), 1),
+ PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg, 1));
+ TEST_EQUAL(PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(
+ PSA_ALG_TRUNCATED_MAC(policy_alg, n), length - 1),
+ PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg, length - 1));
+ TEST_EQUAL(PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(
+ PSA_ALG_TRUNCATED_MAC(policy_alg, n), length),
+ PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg, length));
}
}
/* END_CASE */
/* BEGIN_CASE */
-void hmac_algorithm( int alg_arg,
- int length_arg,
- int block_size_arg )
+void hmac_algorithm(int alg_arg,
+ int length_arg,
+ int block_size_arg)
{
psa_algorithm_t alg = alg_arg;
- psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH( alg );
+ psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH(alg);
size_t block_size = block_size_arg;
size_t length = length_arg;
size_t n;
- TEST_ASSERT( PSA_ALG_IS_HASH( hash_alg ) );
- TEST_EQUAL( PSA_ALG_HMAC( hash_alg ), alg );
+ TEST_ASSERT(PSA_ALG_IS_HASH(hash_alg));
+ TEST_EQUAL(PSA_ALG_HMAC(hash_alg), alg);
- TEST_ASSERT( block_size == PSA_HASH_BLOCK_LENGTH( alg ) );
- TEST_ASSERT( block_size <= PSA_HMAC_MAX_HASH_BLOCK_SIZE );
+ TEST_ASSERT(block_size == PSA_HASH_BLOCK_LENGTH(alg));
+ TEST_ASSERT(block_size <= PSA_HMAC_MAX_HASH_BLOCK_SIZE);
- test_mac_algorithm( alg_arg, ALG_IS_HMAC, length,
- PSA_KEY_TYPE_HMAC, PSA_BYTES_TO_BITS( length ) );
+ test_mac_algorithm(alg_arg, ALG_IS_HMAC, length,
+ PSA_KEY_TYPE_HMAC, PSA_BYTES_TO_BITS(length));
- for( n = 1; n <= length; n++ )
- {
- psa_algorithm_t truncated_alg = PSA_ALG_TRUNCATED_MAC( alg, n );
- TEST_EQUAL( PSA_ALG_HMAC_GET_HASH( truncated_alg ), hash_alg );
+ for (n = 1; n <= length; n++) {
+ psa_algorithm_t truncated_alg = PSA_ALG_TRUNCATED_MAC(alg, n);
+ TEST_EQUAL(PSA_ALG_HMAC_GET_HASH(truncated_alg), hash_alg);
}
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_algorithm( int alg_arg, int classification_flags )
+void cipher_algorithm(int alg_arg, int classification_flags)
{
psa_algorithm_t alg = alg_arg;
/* Algorithm classification */
- TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
- TEST_ASSERT( PSA_ALG_IS_CIPHER( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
- algorithm_classification( alg, classification_flags );
+ TEST_ASSERT(!PSA_ALG_IS_HASH(alg));
+ TEST_ASSERT(!PSA_ALG_IS_MAC(alg));
+ TEST_ASSERT(PSA_ALG_IS_CIPHER(alg));
+ TEST_ASSERT(!PSA_ALG_IS_AEAD(alg));
+ TEST_ASSERT(!PSA_ALG_IS_SIGN(alg));
+ TEST_ASSERT(!PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg));
+ TEST_ASSERT(!PSA_ALG_IS_KEY_AGREEMENT(alg));
+ TEST_ASSERT(!PSA_ALG_IS_KEY_DERIVATION(alg));
+ algorithm_classification(alg, classification_flags);
}
/* END_CASE */
/* BEGIN_CASE */
-void aead_algorithm( int alg_arg, int classification_flags,
- int tag_length_arg,
- int key_type_arg, int key_bits_arg )
+void aead_algorithm(int alg_arg, int classification_flags,
+ int tag_length_arg,
+ int key_type_arg, int key_bits_arg)
{
psa_algorithm_t alg = alg_arg;
size_t tag_length = tag_length_arg;
@@ -423,102 +420,101 @@
psa_key_type_t key_type = key_type_arg;
size_t key_bits = key_bits_arg;
- aead_algorithm_core( alg, classification_flags,
- key_type, key_bits, tag_length );
+ aead_algorithm_core(alg, classification_flags,
+ key_type, key_bits, tag_length);
/* Truncated versions */
- for( n = 1; n <= tag_length; n++ )
- {
- psa_algorithm_t truncated_alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, n );
- aead_algorithm_core( truncated_alg, classification_flags,
- key_type, key_bits, n );
- TEST_EQUAL( PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( truncated_alg ),
- alg );
+ for (n = 1; n <= tag_length; n++) {
+ psa_algorithm_t truncated_alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, n);
+ aead_algorithm_core(truncated_alg, classification_flags,
+ key_type, key_bits, n);
+ TEST_EQUAL(PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(truncated_alg),
+ alg);
/* Check that calling PSA_ALG_AEAD_WITH_SHORTENED_TAG twice gives
* the length of the outer truncation (even if the outer length is
* smaller than the inner length). */
- TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( truncated_alg, 1 ),
- PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 1 ) );
- TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( truncated_alg, tag_length - 1 ),
- PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length - 1) );
- TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( truncated_alg, tag_length ),
- PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length ) );
+ TEST_EQUAL(PSA_ALG_AEAD_WITH_SHORTENED_TAG(truncated_alg, 1),
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 1));
+ TEST_EQUAL(PSA_ALG_AEAD_WITH_SHORTENED_TAG(truncated_alg, tag_length - 1),
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, tag_length - 1));
+ TEST_EQUAL(PSA_ALG_AEAD_WITH_SHORTENED_TAG(truncated_alg, tag_length),
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, tag_length));
/* Check that calling PSA_ALG_AEAD_WITH_SHORTENED_TAG on an algorithm
* earlier constructed with PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG
* gives the length of the outer truncation (even if the outer length is
* smaller than the inner length). */
- TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG(
- PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( truncated_alg, n ), 1 ),
- PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 1 ) );
- TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG(
- PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( truncated_alg, n ), tag_length - 1 ),
- PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length - 1) );
- TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG(
- PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( truncated_alg, n ), tag_length ),
- PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length ) );
+ TEST_EQUAL(PSA_ALG_AEAD_WITH_SHORTENED_TAG(
+ PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(truncated_alg, n), 1),
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 1));
+ TEST_EQUAL(PSA_ALG_AEAD_WITH_SHORTENED_TAG(
+ PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(truncated_alg,
+ n), tag_length - 1),
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, tag_length - 1));
+ TEST_EQUAL(PSA_ALG_AEAD_WITH_SHORTENED_TAG(
+ PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(truncated_alg, n), tag_length),
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, tag_length));
}
/* At-leat-this-length versions */
- for( n = 1; n <= tag_length; n++ )
- {
- psa_algorithm_t policy_alg = PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, n );
- aead_algorithm_core( policy_alg, classification_flags | ALG_IS_WILDCARD,
- key_type, key_bits, n );
- TEST_EQUAL( PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( policy_alg ),
- alg );
+ for (n = 1; n <= tag_length; n++) {
+ psa_algorithm_t policy_alg = PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(alg, n);
+ aead_algorithm_core(policy_alg, classification_flags | ALG_IS_WILDCARD,
+ key_type, key_bits, n);
+ TEST_EQUAL(PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(policy_alg),
+ alg);
/* Check that calling PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG twice
* gives the length of the outer truncation (even if the outer length is
* smaller than the inner length). */
- TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( policy_alg, 1 ),
- PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, 1 ) );
- TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( policy_alg, tag_length - 1 ),
- PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length - 1) );
- TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( policy_alg, tag_length ),
- PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length ) );
+ TEST_EQUAL(PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(policy_alg, 1),
+ PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(alg, 1));
+ TEST_EQUAL(PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(policy_alg, tag_length - 1),
+ PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(alg, tag_length - 1));
+ TEST_EQUAL(PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(policy_alg, tag_length),
+ PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(alg, tag_length));
/* Check that calling PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG on an
* algorithm earlier constructed with PSA_ALG_AEAD_WITH_SHORTENED_TAG
* gives the length of the outer truncation (even if the outer length is
* smaller than the inner length). */
- TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
- PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, n ), 1),
- PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, 1 ) );
- TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
- PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, n ), tag_length - 1 ),
- PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length - 1) );
- TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
- PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, n ), tag_length ),
- PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length ) );
+ TEST_EQUAL(PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(policy_alg, n), 1),
+ PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(alg, 1));
+ TEST_EQUAL(PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(policy_alg, n), tag_length - 1),
+ PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(alg, tag_length - 1));
+ TEST_EQUAL(PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(policy_alg, n), tag_length),
+ PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(alg, tag_length));
}
}
/* END_CASE */
/* BEGIN_CASE */
-void asymmetric_signature_algorithm( int alg_arg, int classification_flags )
+void asymmetric_signature_algorithm(int alg_arg, int classification_flags)
{
psa_algorithm_t alg = alg_arg;
/* Algorithm classification */
- TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
- TEST_ASSERT( PSA_ALG_IS_SIGN( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
- algorithm_classification( alg, classification_flags );
+ TEST_ASSERT(!PSA_ALG_IS_HASH(alg));
+ TEST_ASSERT(!PSA_ALG_IS_MAC(alg));
+ TEST_ASSERT(!PSA_ALG_IS_CIPHER(alg));
+ TEST_ASSERT(!PSA_ALG_IS_AEAD(alg));
+ TEST_ASSERT(PSA_ALG_IS_SIGN(alg));
+ TEST_ASSERT(!PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg));
+ TEST_ASSERT(!PSA_ALG_IS_KEY_AGREEMENT(alg));
+ TEST_ASSERT(!PSA_ALG_IS_KEY_DERIVATION(alg));
+ algorithm_classification(alg, classification_flags);
}
/* END_CASE */
/* BEGIN_CASE */
-void asymmetric_signature_wildcard( int alg_arg, int classification_flags )
+void asymmetric_signature_wildcard(int alg_arg, int classification_flags)
{
classification_flags |= ALG_IS_WILDCARD;
classification_flags |= ALG_IS_SIGN_HASH;
classification_flags |= ALG_IS_HASH_AND_SIGN;
- test_asymmetric_signature_algorithm( alg_arg, classification_flags );
+ test_asymmetric_signature_algorithm(alg_arg, classification_flags);
/* Any failure of this test function comes from
* asymmetric_signature_algorithm. Pacify -Werror=unused-label. */
goto exit;
@@ -526,175 +522,173 @@
/* END_CASE */
/* BEGIN_CASE */
-void asymmetric_encryption_algorithm( int alg_arg, int classification_flags )
+void asymmetric_encryption_algorithm(int alg_arg, int classification_flags)
{
psa_algorithm_t alg = alg_arg;
/* Algorithm classification */
- TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
- TEST_ASSERT( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
- algorithm_classification( alg, classification_flags );
+ TEST_ASSERT(!PSA_ALG_IS_HASH(alg));
+ TEST_ASSERT(!PSA_ALG_IS_MAC(alg));
+ TEST_ASSERT(!PSA_ALG_IS_CIPHER(alg));
+ TEST_ASSERT(!PSA_ALG_IS_AEAD(alg));
+ TEST_ASSERT(!PSA_ALG_IS_SIGN(alg));
+ TEST_ASSERT(PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg));
+ TEST_ASSERT(!PSA_ALG_IS_KEY_AGREEMENT(alg));
+ TEST_ASSERT(!PSA_ALG_IS_KEY_DERIVATION(alg));
+ algorithm_classification(alg, classification_flags);
}
/* END_CASE */
/* BEGIN_CASE */
-void key_derivation_algorithm( int alg_arg, int classification_flags )
+void key_derivation_algorithm(int alg_arg, int classification_flags)
{
psa_algorithm_t alg = alg_arg;
- psa_algorithm_t ecdh_alg = PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, alg );
- psa_algorithm_t ffdh_alg = PSA_ALG_KEY_AGREEMENT( PSA_ALG_FFDH, alg );
+ psa_algorithm_t ecdh_alg = PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, alg);
+ psa_algorithm_t ffdh_alg = PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, alg);
/* Algorithm classification */
- TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
- TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( alg ) );
- algorithm_classification( alg, classification_flags );
+ TEST_ASSERT(!PSA_ALG_IS_HASH(alg));
+ TEST_ASSERT(!PSA_ALG_IS_MAC(alg));
+ TEST_ASSERT(!PSA_ALG_IS_CIPHER(alg));
+ TEST_ASSERT(!PSA_ALG_IS_AEAD(alg));
+ TEST_ASSERT(!PSA_ALG_IS_SIGN(alg));
+ TEST_ASSERT(!PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg));
+ TEST_ASSERT(!PSA_ALG_IS_KEY_AGREEMENT(alg));
+ TEST_ASSERT(PSA_ALG_IS_KEY_DERIVATION(alg));
+ algorithm_classification(alg, classification_flags);
/* Check combinations with key agreements */
- TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( ecdh_alg ) );
- TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( ffdh_alg ) );
- TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( ecdh_alg ), alg );
- TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( ffdh_alg ), alg );
+ TEST_ASSERT(PSA_ALG_IS_KEY_AGREEMENT(ecdh_alg));
+ TEST_ASSERT(PSA_ALG_IS_KEY_AGREEMENT(ffdh_alg));
+ TEST_EQUAL(PSA_ALG_KEY_AGREEMENT_GET_KDF(ecdh_alg), alg);
+ TEST_EQUAL(PSA_ALG_KEY_AGREEMENT_GET_KDF(ffdh_alg), alg);
}
/* END_CASE */
/* BEGIN_CASE */
-void key_agreement_algorithm( int alg_arg, int classification_flags,
- int ka_alg_arg, int kdf_alg_arg )
+void key_agreement_algorithm(int alg_arg, int classification_flags,
+ int ka_alg_arg, int kdf_alg_arg)
{
psa_algorithm_t alg = alg_arg;
- psa_algorithm_t actual_ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( alg );
+ psa_algorithm_t actual_ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE(alg);
psa_algorithm_t expected_ka_alg = ka_alg_arg;
- psa_algorithm_t actual_kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
+ psa_algorithm_t actual_kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg);
psa_algorithm_t expected_kdf_alg = kdf_alg_arg;
/* Algorithm classification */
- TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
- TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
- algorithm_classification( alg, classification_flags );
+ TEST_ASSERT(!PSA_ALG_IS_HASH(alg));
+ TEST_ASSERT(!PSA_ALG_IS_MAC(alg));
+ TEST_ASSERT(!PSA_ALG_IS_CIPHER(alg));
+ TEST_ASSERT(!PSA_ALG_IS_AEAD(alg));
+ TEST_ASSERT(!PSA_ALG_IS_SIGN(alg));
+ TEST_ASSERT(!PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg));
+ TEST_ASSERT(PSA_ALG_IS_KEY_AGREEMENT(alg));
+ TEST_ASSERT(!PSA_ALG_IS_KEY_DERIVATION(alg));
+ algorithm_classification(alg, classification_flags);
/* Shared secret derivation properties */
- TEST_EQUAL( actual_ka_alg, expected_ka_alg );
- TEST_EQUAL( actual_kdf_alg, expected_kdf_alg );
+ TEST_EQUAL(actual_ka_alg, expected_ka_alg);
+ TEST_EQUAL(actual_kdf_alg, expected_kdf_alg);
}
/* END_CASE */
/* BEGIN_CASE */
-void key_type( int type_arg, int classification_flags )
+void key_type(int type_arg, int classification_flags)
{
psa_key_type_t type = type_arg;
- key_type_classification( type, classification_flags );
+ key_type_classification(type, classification_flags);
/* For asymmetric types, check the corresponding pair/public type */
- if( classification_flags & KEY_TYPE_IS_PUBLIC_KEY )
- {
- psa_key_type_t pair_type = PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY( type );
- TEST_EQUAL( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( pair_type ), type );
- key_type_classification( pair_type,
- ( classification_flags
- & ~KEY_TYPE_IS_PUBLIC_KEY )
- | KEY_TYPE_IS_KEY_PAIR );
- TEST_EQUAL( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ), type );
+ if (classification_flags & KEY_TYPE_IS_PUBLIC_KEY) {
+ psa_key_type_t pair_type = PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type);
+ TEST_EQUAL(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(pair_type), type);
+ key_type_classification(pair_type,
+ (classification_flags
+ & ~KEY_TYPE_IS_PUBLIC_KEY)
+ | KEY_TYPE_IS_KEY_PAIR);
+ TEST_EQUAL(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type), type);
}
- if( classification_flags & KEY_TYPE_IS_KEY_PAIR )
- {
- psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type );
- TEST_EQUAL( PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY( public_type ), type );
- key_type_classification( public_type,
- ( classification_flags
- & ~KEY_TYPE_IS_KEY_PAIR )
- | KEY_TYPE_IS_PUBLIC_KEY );
- TEST_EQUAL( PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY( type ), type );
+ if (classification_flags & KEY_TYPE_IS_KEY_PAIR) {
+ psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type);
+ TEST_EQUAL(PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(public_type), type);
+ key_type_classification(public_type,
+ (classification_flags
+ & ~KEY_TYPE_IS_KEY_PAIR)
+ | KEY_TYPE_IS_PUBLIC_KEY);
+ TEST_EQUAL(PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type), type);
}
}
/* END_CASE */
/* BEGIN_CASE */
-void block_cipher_key_type( int type_arg, int block_size_arg )
+void block_cipher_key_type(int type_arg, int block_size_arg)
{
psa_key_type_t type = type_arg;
size_t block_size = block_size_arg;
- test_key_type( type_arg, KEY_TYPE_IS_UNSTRUCTURED );
+ test_key_type(type_arg, KEY_TYPE_IS_UNSTRUCTURED);
- TEST_EQUAL( type & PSA_KEY_TYPE_CATEGORY_MASK,
- PSA_KEY_TYPE_CATEGORY_SYMMETRIC );
- TEST_EQUAL( PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ), block_size );
+ TEST_EQUAL(type & PSA_KEY_TYPE_CATEGORY_MASK,
+ PSA_KEY_TYPE_CATEGORY_SYMMETRIC);
+ TEST_EQUAL(PSA_BLOCK_CIPHER_BLOCK_LENGTH(type), block_size);
/* Check that the block size is a power of 2. This is required, at least,
- for PSA_ROUND_UP_TO_MULTIPLE(block_size, length) in crypto_sizes.h. */
- TEST_ASSERT( ( ( block_size - 1 ) & block_size ) == 0 );
+ for PSA_ROUND_UP_TO_MULTIPLE(block_size, length) in crypto_sizes.h. */
+ TEST_ASSERT(((block_size - 1) & block_size) == 0);
}
/* END_CASE */
/* BEGIN_CASE */
-void stream_cipher_key_type( int type_arg )
+void stream_cipher_key_type(int type_arg)
{
psa_key_type_t type = type_arg;
- test_key_type( type_arg, KEY_TYPE_IS_UNSTRUCTURED );
+ test_key_type(type_arg, KEY_TYPE_IS_UNSTRUCTURED);
- TEST_EQUAL( type & PSA_KEY_TYPE_CATEGORY_MASK,
- PSA_KEY_TYPE_CATEGORY_SYMMETRIC );
- TEST_EQUAL( PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ), 1 );
+ TEST_EQUAL(type & PSA_KEY_TYPE_CATEGORY_MASK,
+ PSA_KEY_TYPE_CATEGORY_SYMMETRIC);
+ TEST_EQUAL(PSA_BLOCK_CIPHER_BLOCK_LENGTH(type), 1);
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_KEY_TYPE_ECC_PUBLIC_KEY:PSA_KEY_TYPE_ECC_KEY_PAIR */
-void ecc_key_family( int curve_arg )
+void ecc_key_family(int curve_arg)
{
psa_ecc_family_t curve = curve_arg;
- psa_key_type_t public_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve );
- psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve );
+ psa_key_type_t public_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve);
+ psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve);
- TEST_PARITY( curve );
+ TEST_PARITY(curve);
- test_key_type( public_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_PUBLIC_KEY );
- test_key_type( pair_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_KEY_PAIR );
+ test_key_type(public_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_PUBLIC_KEY);
+ test_key_type(pair_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_KEY_PAIR);
- TEST_EQUAL( PSA_KEY_TYPE_ECC_GET_FAMILY( public_type ), curve );
- TEST_EQUAL( PSA_KEY_TYPE_ECC_GET_FAMILY( pair_type ), curve );
+ TEST_EQUAL(PSA_KEY_TYPE_ECC_GET_FAMILY(public_type), curve);
+ TEST_EQUAL(PSA_KEY_TYPE_ECC_GET_FAMILY(pair_type), curve);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_DHM_C */
-void dh_key_family( int group_arg )
+void dh_key_family(int group_arg)
{
psa_dh_family_t group = group_arg;
- psa_key_type_t public_type = PSA_KEY_TYPE_DH_PUBLIC_KEY( group );
- psa_key_type_t pair_type = PSA_KEY_TYPE_DH_KEY_PAIR( group );
+ psa_key_type_t public_type = PSA_KEY_TYPE_DH_PUBLIC_KEY(group);
+ psa_key_type_t pair_type = PSA_KEY_TYPE_DH_KEY_PAIR(group);
- TEST_PARITY( group );
+ TEST_PARITY(group);
- test_key_type( public_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_PUBLIC_KEY );
- test_key_type( pair_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_KEY_PAIR );
+ test_key_type(public_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_PUBLIC_KEY);
+ test_key_type(pair_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_KEY_PAIR);
- TEST_EQUAL( PSA_KEY_TYPE_DH_GET_FAMILY( public_type ), group );
- TEST_EQUAL( PSA_KEY_TYPE_DH_GET_FAMILY( pair_type ), group );
+ TEST_EQUAL(PSA_KEY_TYPE_DH_GET_FAMILY(public_type), group);
+ TEST_EQUAL(PSA_KEY_TYPE_DH_GET_FAMILY(pair_type), group);
}
/* END_CASE */
/* BEGIN_CASE */
-void lifetime( int lifetime_arg, int classification_flags,
- int persistence_arg, int location_arg )
+void lifetime(int lifetime_arg, int classification_flags,
+ int persistence_arg, int location_arg)
{
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_persistence_t persistence = persistence_arg;
@@ -702,12 +696,12 @@
unsigned flags = classification_flags;
unsigned classification_flags_tested = 0;
- TEST_CLASSIFICATION_MACRO( 1, KEY_LIFETIME_IS_VOLATILE, lifetime, flags );
- TEST_CLASSIFICATION_MACRO( 1, KEY_LIFETIME_IS_READ_ONLY, lifetime, flags );
- TEST_EQUAL( classification_flags_tested,
- KEY_LIFETIME_FLAG_MASK_PLUS_ONE - 1 );
+ TEST_CLASSIFICATION_MACRO(1, KEY_LIFETIME_IS_VOLATILE, lifetime, flags);
+ TEST_CLASSIFICATION_MACRO(1, KEY_LIFETIME_IS_READ_ONLY, lifetime, flags);
+ TEST_EQUAL(classification_flags_tested,
+ KEY_LIFETIME_FLAG_MASK_PLUS_ONE - 1);
- TEST_EQUAL( PSA_KEY_LIFETIME_GET_PERSISTENCE( lifetime ), persistence );
- TEST_EQUAL( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ), location );
+ TEST_EQUAL(PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime), persistence);
+ TEST_EQUAL(PSA_KEY_LIFETIME_GET_LOCATION(lifetime), location);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_not_supported.function b/tests/suites/test_suite_psa_crypto_not_supported.function
index e3253d8..e5e66f4 100644
--- a/tests/suites/test_suite_psa_crypto_not_supported.function
+++ b/tests/suites/test_suite_psa_crypto_not_supported.function
@@ -3,7 +3,7 @@
#include "psa/crypto.h"
#include "test/psa_crypto_helpers.h"
-#define INVALID_KEY_ID mbedtls_svc_key_id_make( 0, 0xfedcba98 )
+#define INVALID_KEY_ID mbedtls_svc_key_id_make(0, 0xfedcba98)
/* END_HEADER */
@@ -13,40 +13,40 @@
*/
/* BEGIN_CASE */
-void import_not_supported( int key_type, data_t *key_material )
+void import_not_supported(int key_type, data_t *key_material)
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = INVALID_KEY_ID;
- PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_type( &attributes, key_type );
- TEST_EQUAL( psa_import_key( &attributes,
- key_material->x, key_material->len,
- &key_id ),
- PSA_ERROR_NOT_SUPPORTED );
- TEST_ASSERT( mbedtls_svc_key_id_equal( key_id, MBEDTLS_SVC_KEY_ID_INIT ) );
+ PSA_ASSERT(psa_crypto_init());
+ psa_set_key_type(&attributes, key_type);
+ TEST_EQUAL(psa_import_key(&attributes,
+ key_material->x, key_material->len,
+ &key_id),
+ PSA_ERROR_NOT_SUPPORTED);
+ TEST_ASSERT(mbedtls_svc_key_id_equal(key_id, MBEDTLS_SVC_KEY_ID_INIT));
exit:
- psa_destroy_key( key_id );
- PSA_DONE( );
+ psa_destroy_key(key_id);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void generate_not_supported( int key_type, int bits )
+void generate_not_supported(int key_type, int bits)
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = INVALID_KEY_ID;
- PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_type( &attributes, key_type );
- psa_set_key_bits( &attributes, bits );
- TEST_EQUAL( psa_generate_key( &attributes, &key_id ),
- PSA_ERROR_NOT_SUPPORTED );
- TEST_ASSERT( mbedtls_svc_key_id_equal( key_id, MBEDTLS_SVC_KEY_ID_INIT ) );
+ PSA_ASSERT(psa_crypto_init());
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_bits(&attributes, bits);
+ TEST_EQUAL(psa_generate_key(&attributes, &key_id),
+ PSA_ERROR_NOT_SUPPORTED);
+ TEST_ASSERT(mbedtls_svc_key_id_equal(key_id, MBEDTLS_SVC_KEY_ID_INIT));
exit:
- psa_destroy_key( key_id );
- PSA_DONE( );
+ psa_destroy_key(key_id);
+ PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_op_fail.function b/tests/suites/test_suite_psa_crypto_op_fail.function
index 1138e74..0d5d538 100644
--- a/tests/suites/test_suite_psa_crypto_op_fail.function
+++ b/tests/suites/test_suite_psa_crypto_op_fail.function
@@ -3,19 +3,18 @@
#include "psa/crypto.h"
#include "test/psa_crypto_helpers.h"
-static int test_equal_status( const char *test,
- int line_no, const char* filename,
- psa_status_t value1,
- psa_status_t value2 )
+static int test_equal_status(const char *test,
+ int line_no, const char *filename,
+ psa_status_t value1,
+ psa_status_t value2)
{
- if( ( value1 == PSA_ERROR_INVALID_ARGUMENT &&
- value2 == PSA_ERROR_NOT_SUPPORTED ) ||
- ( value1 == PSA_ERROR_NOT_SUPPORTED &&
- value2 == PSA_ERROR_INVALID_ARGUMENT ) )
- {
- return( 1 );
+ if ((value1 == PSA_ERROR_INVALID_ARGUMENT &&
+ value2 == PSA_ERROR_NOT_SUPPORTED) ||
+ (value1 == PSA_ERROR_NOT_SUPPORTED &&
+ value2 == PSA_ERROR_INVALID_ARGUMENT)) {
+ return 1;
}
- return( mbedtls_test_equal( test, line_no, filename, value1, value2 ) );
+ return mbedtls_test_equal(test, line_no, filename, value1, value2);
}
/** Like #TEST_EQUAL, but expects #psa_status_t values and treats
@@ -28,12 +27,12 @@
* run, it would be better to clarify the expectations and reconcile the
* library and the test case generator.
*/
-#define TEST_STATUS( expr1, expr2 ) \
+#define TEST_STATUS(expr1, expr2) \
do { \
- if( ! test_equal_status( #expr1 " == " #expr2, __LINE__, __FILE__, \
- expr1, expr2 ) ) \
- goto exit; \
- } while( 0 )
+ if (!test_equal_status( #expr1 " == " #expr2, __LINE__, __FILE__, \
+ expr1, expr2)) \
+ goto exit; \
+ } while (0)
/* END_HEADER */
@@ -43,35 +42,35 @@
*/
/* BEGIN_CASE */
-void hash_fail( int alg_arg, int expected_status_arg )
+void hash_fail(int alg_arg, int expected_status_arg)
{
psa_status_t expected_status = expected_status_arg;
psa_algorithm_t alg = alg_arg;
psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
- uint8_t input[1] = {'A'};
- uint8_t output[PSA_HASH_MAX_SIZE] = {0};
+ uint8_t input[1] = { 'A' };
+ uint8_t output[PSA_HASH_MAX_SIZE] = { 0 };
size_t length = SIZE_MAX;
- PSA_INIT( );
+ PSA_INIT();
- TEST_EQUAL( expected_status,
- psa_hash_setup( &operation, alg ) );
- TEST_EQUAL( expected_status,
- psa_hash_compute( alg, input, sizeof( input ),
- output, sizeof( output ), &length ) );
- TEST_EQUAL( expected_status,
- psa_hash_compare( alg, input, sizeof( input ),
- output, sizeof( output ) ) );
+ TEST_EQUAL(expected_status,
+ psa_hash_setup(&operation, alg));
+ TEST_EQUAL(expected_status,
+ psa_hash_compute(alg, input, sizeof(input),
+ output, sizeof(output), &length));
+ TEST_EQUAL(expected_status,
+ psa_hash_compare(alg, input, sizeof(input),
+ output, sizeof(output)));
exit:
- psa_hash_abort( &operation );
- PSA_DONE( );
+ psa_hash_abort(&operation);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void mac_fail( int key_type_arg, data_t *key_data,
- int alg_arg, int expected_status_arg )
+void mac_fail(int key_type_arg, data_t *key_data,
+ int alg_arg, int expected_status_arg)
{
psa_status_t expected_status = expected_status_arg;
psa_key_type_t key_type = key_type_arg;
@@ -79,45 +78,45 @@
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
- uint8_t input[1] = {'A'};
- uint8_t output[PSA_MAC_MAX_SIZE] = {0};
+ uint8_t input[1] = { 'A' };
+ uint8_t output[PSA_MAC_MAX_SIZE] = { 0 };
size_t length = SIZE_MAX;
- PSA_INIT( );
+ PSA_INIT();
- psa_set_key_type( &attributes, key_type );
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_SIGN_HASH |
- PSA_KEY_USAGE_VERIFY_HASH );
- psa_set_key_algorithm( &attributes, alg );
- PSA_ASSERT( psa_import_key( &attributes,
- key_data->x, key_data->len,
- &key_id ) );
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_SIGN_HASH |
+ PSA_KEY_USAGE_VERIFY_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ PSA_ASSERT(psa_import_key(&attributes,
+ key_data->x, key_data->len,
+ &key_id));
- TEST_STATUS( expected_status,
- psa_mac_sign_setup( &operation, key_id, alg ) );
- TEST_STATUS( expected_status,
- psa_mac_verify_setup( &operation, key_id, alg ) );
- TEST_STATUS( expected_status,
- psa_mac_compute( key_id, alg,
- input, sizeof( input ),
- output, sizeof( output ), &length ) );
- TEST_STATUS( expected_status,
- psa_mac_verify( key_id, alg,
- input, sizeof( input ),
- output, sizeof( output ) ) );
+ TEST_STATUS(expected_status,
+ psa_mac_sign_setup(&operation, key_id, alg));
+ TEST_STATUS(expected_status,
+ psa_mac_verify_setup(&operation, key_id, alg));
+ TEST_STATUS(expected_status,
+ psa_mac_compute(key_id, alg,
+ input, sizeof(input),
+ output, sizeof(output), &length));
+ TEST_STATUS(expected_status,
+ psa_mac_verify(key_id, alg,
+ input, sizeof(input),
+ output, sizeof(output)));
exit:
- psa_mac_abort( &operation );
- psa_destroy_key( key_id );
- psa_reset_key_attributes( &attributes );
- PSA_DONE( );
+ psa_mac_abort(&operation);
+ psa_destroy_key(key_id);
+ psa_reset_key_attributes(&attributes);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_fail( int key_type_arg, data_t *key_data,
- int alg_arg, int expected_status_arg )
+void cipher_fail(int key_type_arg, data_t *key_data,
+ int alg_arg, int expected_status_arg)
{
psa_status_t expected_status = expected_status_arg;
psa_key_type_t key_type = key_type_arg;
@@ -125,45 +124,45 @@
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
- uint8_t input[1] = {'A'};
- uint8_t output[64] = {0};
+ uint8_t input[1] = { 'A' };
+ uint8_t output[64] = { 0 };
size_t length = SIZE_MAX;
- PSA_INIT( );
+ PSA_INIT();
- psa_set_key_type( &attributes, key_type );
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_ENCRYPT |
- PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- PSA_ASSERT( psa_import_key( &attributes,
- key_data->x, key_data->len,
- &key_id ) );
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_ENCRYPT |
+ PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ PSA_ASSERT(psa_import_key(&attributes,
+ key_data->x, key_data->len,
+ &key_id));
- TEST_STATUS( expected_status,
- psa_cipher_encrypt_setup( &operation, key_id, alg ) );
- TEST_STATUS( expected_status,
- psa_cipher_decrypt_setup( &operation, key_id, alg ) );
- TEST_STATUS( expected_status,
- psa_cipher_encrypt( key_id, alg,
- input, sizeof( input ),
- output, sizeof( output ), &length ) );
- TEST_STATUS( expected_status,
- psa_cipher_decrypt( key_id, alg,
- input, sizeof( input ),
- output, sizeof( output ), &length ) );
+ TEST_STATUS(expected_status,
+ psa_cipher_encrypt_setup(&operation, key_id, alg));
+ TEST_STATUS(expected_status,
+ psa_cipher_decrypt_setup(&operation, key_id, alg));
+ TEST_STATUS(expected_status,
+ psa_cipher_encrypt(key_id, alg,
+ input, sizeof(input),
+ output, sizeof(output), &length));
+ TEST_STATUS(expected_status,
+ psa_cipher_decrypt(key_id, alg,
+ input, sizeof(input),
+ output, sizeof(output), &length));
exit:
- psa_cipher_abort( &operation );
- psa_destroy_key( key_id );
- psa_reset_key_attributes( &attributes );
- PSA_DONE( );
+ psa_cipher_abort(&operation);
+ psa_destroy_key(key_id);
+ psa_reset_key_attributes(&attributes);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void aead_fail( int key_type_arg, data_t *key_data,
- int alg_arg, int expected_status_arg )
+void aead_fail(int key_type_arg, data_t *key_data,
+ int alg_arg, int expected_status_arg)
{
psa_status_t expected_status = expected_status_arg;
psa_key_type_t key_type = key_type_arg;
@@ -171,214 +170,212 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
uint8_t input[16] = "ABCDEFGHIJKLMNO";
- uint8_t output[64] = {0};
+ uint8_t output[64] = { 0 };
size_t length = SIZE_MAX;
- PSA_INIT( );
+ PSA_INIT();
- psa_set_key_type( &attributes, key_type );
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_ENCRYPT |
- PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- PSA_ASSERT( psa_import_key( &attributes,
- key_data->x, key_data->len,
- &key_id ) );
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_ENCRYPT |
+ PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ PSA_ASSERT(psa_import_key(&attributes,
+ key_data->x, key_data->len,
+ &key_id));
- TEST_STATUS( expected_status,
- psa_aead_encrypt( key_id, alg,
- input, sizeof( input ),
- NULL, 0, input, sizeof( input ),
- output, sizeof( output ), &length ) );
- TEST_STATUS( expected_status,
- psa_aead_decrypt( key_id, alg,
- input, sizeof( input ),
- NULL, 0, input, sizeof( input ),
- output, sizeof( output ), &length ) );
+ TEST_STATUS(expected_status,
+ psa_aead_encrypt(key_id, alg,
+ input, sizeof(input),
+ NULL, 0, input, sizeof(input),
+ output, sizeof(output), &length));
+ TEST_STATUS(expected_status,
+ psa_aead_decrypt(key_id, alg,
+ input, sizeof(input),
+ NULL, 0, input, sizeof(input),
+ output, sizeof(output), &length));
exit:
- psa_destroy_key( key_id );
- psa_reset_key_attributes( &attributes );
- PSA_DONE( );
+ psa_destroy_key(key_id);
+ psa_reset_key_attributes(&attributes);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void sign_fail( int key_type_arg, data_t *key_data,
- int alg_arg, int private_only,
- int expected_status_arg )
+void sign_fail(int key_type_arg, data_t *key_data,
+ int alg_arg, int private_only,
+ int expected_status_arg)
{
psa_status_t expected_status = expected_status_arg;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
- uint8_t input[1] = {'A'};
- uint8_t output[PSA_SIGNATURE_MAX_SIZE] = {0};
+ uint8_t input[1] = { 'A' };
+ uint8_t output[PSA_SIGNATURE_MAX_SIZE] = { 0 };
size_t length = SIZE_MAX;
- PSA_INIT( );
+ PSA_INIT();
- psa_set_key_type( &attributes, key_type );
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_SIGN_HASH |
- PSA_KEY_USAGE_VERIFY_HASH );
- psa_set_key_algorithm( &attributes, alg );
- PSA_ASSERT( psa_import_key( &attributes,
- key_data->x, key_data->len,
- &key_id ) );
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_SIGN_HASH |
+ PSA_KEY_USAGE_VERIFY_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ PSA_ASSERT(psa_import_key(&attributes,
+ key_data->x, key_data->len,
+ &key_id));
- TEST_STATUS( expected_status,
- psa_sign_hash( key_id, alg,
- input, sizeof( input ),
- output, sizeof( output ), &length ) );
- if( ! private_only )
- {
+ TEST_STATUS(expected_status,
+ psa_sign_hash(key_id, alg,
+ input, sizeof(input),
+ output, sizeof(output), &length));
+ if (!private_only) {
/* Determine a plausible signature size to avoid an INVALID_SIGNATURE
* error based on this. */
- PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) );
- size_t key_bits = psa_get_key_bits( &attributes );
- size_t output_length = sizeof( output );
- if( PSA_KEY_TYPE_IS_RSA( key_type ) )
- output_length = PSA_BITS_TO_BYTES( key_bits );
- else if( PSA_KEY_TYPE_IS_ECC( key_type ) )
- output_length = 2 * PSA_BITS_TO_BYTES( key_bits );
- TEST_ASSERT( output_length <= sizeof( output ) );
- TEST_STATUS( expected_status,
- psa_verify_hash( key_id, alg,
- input, sizeof( input ),
- output, output_length ) );
+ PSA_ASSERT(psa_get_key_attributes(key_id, &attributes));
+ size_t key_bits = psa_get_key_bits(&attributes);
+ size_t output_length = sizeof(output);
+ if (PSA_KEY_TYPE_IS_RSA(key_type)) {
+ output_length = PSA_BITS_TO_BYTES(key_bits);
+ } else if (PSA_KEY_TYPE_IS_ECC(key_type)) {
+ output_length = 2 * PSA_BITS_TO_BYTES(key_bits);
+ }
+ TEST_ASSERT(output_length <= sizeof(output));
+ TEST_STATUS(expected_status,
+ psa_verify_hash(key_id, alg,
+ input, sizeof(input),
+ output, output_length));
}
exit:
- psa_destroy_key( key_id );
- psa_reset_key_attributes( &attributes );
- PSA_DONE( );
+ psa_destroy_key(key_id);
+ psa_reset_key_attributes(&attributes);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void asymmetric_encryption_fail( int key_type_arg, data_t *key_data,
- int alg_arg, int private_only,
- int expected_status_arg )
+void asymmetric_encryption_fail(int key_type_arg, data_t *key_data,
+ int alg_arg, int private_only,
+ int expected_status_arg)
{
psa_status_t expected_status = expected_status_arg;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
- uint8_t plaintext[PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE] = {0};
- uint8_t ciphertext[PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE] = {0};
+ uint8_t plaintext[PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE] = { 0 };
+ uint8_t ciphertext[PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE] = { 0 };
size_t length = SIZE_MAX;
- PSA_INIT( );
+ PSA_INIT();
- psa_set_key_type( &attributes, key_type );
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_ENCRYPT |
- PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- PSA_ASSERT( psa_import_key( &attributes,
- key_data->x, key_data->len,
- &key_id ) );
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_ENCRYPT |
+ PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ PSA_ASSERT(psa_import_key(&attributes,
+ key_data->x, key_data->len,
+ &key_id));
- if( ! private_only )
- {
- TEST_STATUS( expected_status,
- psa_asymmetric_encrypt( key_id, alg,
- plaintext, 1,
- NULL, 0,
- ciphertext, sizeof( ciphertext ),
- &length ) );
+ if (!private_only) {
+ TEST_STATUS(expected_status,
+ psa_asymmetric_encrypt(key_id, alg,
+ plaintext, 1,
+ NULL, 0,
+ ciphertext, sizeof(ciphertext),
+ &length));
}
- TEST_STATUS( expected_status,
- psa_asymmetric_decrypt( key_id, alg,
- ciphertext, sizeof( ciphertext ),
- NULL, 0,
- plaintext, sizeof( plaintext ),
- &length ) );
+ TEST_STATUS(expected_status,
+ psa_asymmetric_decrypt(key_id, alg,
+ ciphertext, sizeof(ciphertext),
+ NULL, 0,
+ plaintext, sizeof(plaintext),
+ &length));
exit:
- psa_destroy_key( key_id );
- psa_reset_key_attributes( &attributes );
- PSA_DONE( );
+ psa_destroy_key(key_id);
+ psa_reset_key_attributes(&attributes);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void key_derivation_fail( int alg_arg, int expected_status_arg )
+void key_derivation_fail(int alg_arg, int expected_status_arg)
{
psa_status_t expected_status = expected_status_arg;
psa_algorithm_t alg = alg_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
- PSA_INIT( );
+ PSA_INIT();
- TEST_EQUAL( expected_status,
- psa_key_derivation_setup( &operation, alg ) );
+ TEST_EQUAL(expected_status,
+ psa_key_derivation_setup(&operation, alg));
exit:
- psa_key_derivation_abort( &operation );
- PSA_DONE( );
+ psa_key_derivation_abort(&operation);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void key_agreement_fail( int key_type_arg, data_t *key_data,
- int alg_arg, int private_only,
- int expected_status_arg )
+void key_agreement_fail(int key_type_arg, data_t *key_data,
+ int alg_arg, int private_only,
+ int expected_status_arg)
{
psa_status_t expected_status = expected_status_arg;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
- uint8_t public_key[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE] = {0};
+ uint8_t public_key[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE] = { 0 };
size_t public_key_length = SIZE_MAX;
- uint8_t output[PSA_SIGNATURE_MAX_SIZE] = {0};
+ uint8_t output[PSA_SIGNATURE_MAX_SIZE] = { 0 };
size_t length = SIZE_MAX;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
- PSA_INIT( );
+ PSA_INIT();
- psa_set_key_type( &attributes, key_type );
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &attributes, alg );
- PSA_ASSERT( psa_import_key( &attributes,
- key_data->x, key_data->len,
- &key_id ) );
- if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) ||
- PSA_KEY_TYPE_IS_PUBLIC_KEY( key_type ) )
- {
- PSA_ASSERT( psa_export_public_key( key_id,
- public_key, sizeof( public_key ),
- &public_key_length ) );
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&attributes, alg);
+ PSA_ASSERT(psa_import_key(&attributes,
+ key_data->x, key_data->len,
+ &key_id));
+ if (PSA_KEY_TYPE_IS_KEY_PAIR(key_type) ||
+ PSA_KEY_TYPE_IS_PUBLIC_KEY(key_type)) {
+ PSA_ASSERT(psa_export_public_key(key_id,
+ public_key, sizeof(public_key),
+ &public_key_length));
}
- TEST_STATUS( expected_status,
- psa_raw_key_agreement( alg, key_id,
- public_key, public_key_length,
- output, sizeof( output ), &length ) );
+ TEST_STATUS(expected_status,
+ psa_raw_key_agreement(alg, key_id,
+ public_key, public_key_length,
+ output, sizeof(output), &length));
#if defined(PSA_WANT_ALG_HKDF) && defined(PSA_WANT_ALG_SHA_256)
- PSA_ASSERT( psa_key_derivation_setup( &operation,
- PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ) );
- TEST_STATUS( expected_status,
- psa_key_derivation_key_agreement(
- &operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- key_id,
- public_key, public_key_length ) );
+ PSA_ASSERT(psa_key_derivation_setup(&operation,
+ PSA_ALG_HKDF(PSA_ALG_SHA_256)));
+ TEST_STATUS(expected_status,
+ psa_key_derivation_key_agreement(
+ &operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ key_id,
+ public_key, public_key_length));
#endif
/* There are no public-key operations. */
(void) private_only;
exit:
- psa_key_derivation_abort( &operation );
- psa_destroy_key( key_id );
- psa_reset_key_attributes( &attributes );
- PSA_DONE( );
+ psa_key_derivation_abort(&operation);
+ psa_destroy_key(key_id);
+ psa_reset_key_attributes(&attributes);
+ PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function
index 08db34a..db99d79 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.function
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.function
@@ -20,7 +20,7 @@
#include "mbedtls/md.h"
#define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
-#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) )
+#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH (sizeof(PSA_KEY_STORAGE_MAGIC_HEADER))
/* Enforce the storage format for keys. The storage format is not a public
* documented interface, but it must be preserved between versions so that
@@ -29,9 +29,9 @@
typedef struct {
uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
uint8_t version[4];
- uint8_t lifetime[sizeof( psa_key_lifetime_t )];
+ uint8_t lifetime[sizeof(psa_key_lifetime_t)];
uint8_t type[4];
- uint8_t policy[sizeof( psa_key_policy_t )];
+ uint8_t policy[sizeof(psa_key_policy_t)];
uint8_t data_len[4];
uint8_t key_data[];
} psa_persistent_key_storage_format;
@@ -44,223 +44,222 @@
*/
/* BEGIN_CASE */
-void format_storage_data_check( data_t *key_data,
- data_t *expected_file_data,
- int key_lifetime, int key_type, int key_bits,
- int key_usage, int key_alg, int key_alg2 )
+void format_storage_data_check(data_t *key_data,
+ data_t *expected_file_data,
+ int key_lifetime, int key_type, int key_bits,
+ int key_usage, int key_alg, int key_alg2)
{
uint8_t *file_data = NULL;
size_t file_data_length =
- key_data->len + sizeof( psa_persistent_key_storage_format );
+ key_data->len + sizeof(psa_persistent_key_storage_format);
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_set_key_lifetime( &attributes, key_lifetime );
- psa_set_key_type( &attributes, key_type );
- psa_set_key_bits( &attributes, key_bits );
- psa_set_key_usage_flags( &attributes, key_usage );
- psa_set_key_algorithm( &attributes, key_alg );
- psa_set_key_enrollment_algorithm( &attributes, key_alg2 );
+ psa_set_key_lifetime(&attributes, key_lifetime);
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_bits(&attributes, key_bits);
+ psa_set_key_usage_flags(&attributes, key_usage);
+ psa_set_key_algorithm(&attributes, key_alg);
+ psa_set_key_enrollment_algorithm(&attributes, key_alg2);
- ASSERT_ALLOC( file_data, file_data_length );
- psa_format_key_data_for_storage( key_data->x, key_data->len,
- &attributes.core,
- file_data );
+ ASSERT_ALLOC(file_data, file_data_length);
+ psa_format_key_data_for_storage(key_data->x, key_data->len,
+ &attributes.core,
+ file_data);
- ASSERT_COMPARE( expected_file_data->x, expected_file_data->len,
- file_data, file_data_length );
+ ASSERT_COMPARE(expected_file_data->x, expected_file_data->len,
+ file_data, file_data_length);
exit:
- mbedtls_free( file_data );
+ mbedtls_free(file_data);
}
/* END_CASE */
/* BEGIN_CASE */
-void parse_storage_data_check( data_t *file_data,
- data_t *expected_key_data,
- int expected_key_lifetime,
- int expected_key_type,
- int expected_key_bits,
- int expected_key_usage,
- int expected_key_alg,
- int expected_key_alg2,
- int expected_status )
+void parse_storage_data_check(data_t *file_data,
+ data_t *expected_key_data,
+ int expected_key_lifetime,
+ int expected_key_type,
+ int expected_key_bits,
+ int expected_key_usage,
+ int expected_key_alg,
+ int expected_key_alg2,
+ int expected_status)
{
uint8_t *key_data = NULL;
size_t key_data_length = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status;
- status = psa_parse_key_data_from_storage( file_data->x, file_data->len,
- &key_data, &key_data_length,
- &attributes.core );
+ status = psa_parse_key_data_from_storage(file_data->x, file_data->len,
+ &key_data, &key_data_length,
+ &attributes.core);
- TEST_EQUAL( status, expected_status );
- if( status != PSA_SUCCESS )
+ TEST_EQUAL(status, expected_status);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- TEST_EQUAL( psa_get_key_lifetime( &attributes ),
- (psa_key_type_t) expected_key_lifetime );
- TEST_EQUAL( psa_get_key_type( &attributes ),
- (psa_key_type_t) expected_key_type );
- TEST_EQUAL( psa_get_key_bits( &attributes ),
- (psa_key_bits_t) expected_key_bits );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ),
- (uint32_t) expected_key_usage );
- TEST_EQUAL( psa_get_key_algorithm( &attributes ),
- (uint32_t) expected_key_alg );
- TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ),
- (uint32_t) expected_key_alg2 );
- ASSERT_COMPARE( expected_key_data->x, expected_key_data->len,
- key_data, key_data_length );
+ TEST_EQUAL(psa_get_key_lifetime(&attributes),
+ (psa_key_type_t) expected_key_lifetime);
+ TEST_EQUAL(psa_get_key_type(&attributes),
+ (psa_key_type_t) expected_key_type);
+ TEST_EQUAL(psa_get_key_bits(&attributes),
+ (psa_key_bits_t) expected_key_bits);
+ TEST_EQUAL(psa_get_key_usage_flags(&attributes),
+ (uint32_t) expected_key_usage);
+ TEST_EQUAL(psa_get_key_algorithm(&attributes),
+ (uint32_t) expected_key_alg);
+ TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes),
+ (uint32_t) expected_key_alg2);
+ ASSERT_COMPARE(expected_key_data->x, expected_key_data->len,
+ key_data, key_data_length);
exit:
- mbedtls_free( key_data );
+ mbedtls_free(key_data);
}
/* END_CASE */
/* BEGIN_CASE */
-void save_large_persistent_key( int data_length_arg, int expected_status )
+void save_large_persistent_key(int data_length_arg, int expected_status)
{
- mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 );
+ mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(1, 42);
uint8_t *data = NULL;
size_t data_length = data_length_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- ASSERT_ALLOC( data, data_length );
+ ASSERT_ALLOC(data, data_length);
- PSA_ASSERT( psa_crypto_init() );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_id( &attributes, key_id );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+ psa_set_key_id(&attributes, key_id);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA);
- TEST_EQUAL( psa_import_key( &attributes, data, data_length, &key_id ),
- expected_status );
+ TEST_EQUAL(psa_import_key(&attributes, data, data_length, &key_id),
+ expected_status);
- if( expected_status == PSA_SUCCESS )
- PSA_ASSERT( psa_destroy_key( key_id ) );
+ if (expected_status == PSA_SUCCESS) {
+ PSA_ASSERT(psa_destroy_key(key_id));
+ }
exit:
- mbedtls_free( data );
+ mbedtls_free(data);
PSA_DONE();
- psa_destroy_persistent_key( key_id );
+ psa_destroy_persistent_key(key_id);
}
/* END_CASE */
/* BEGIN_CASE */
-void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart,
- int first_type_arg, data_t *first_data,
- int second_type_arg, data_t *second_data )
+void persistent_key_destroy(int owner_id_arg, int key_id_arg, int restart,
+ int first_type_arg, data_t *first_data,
+ int second_type_arg, data_t *second_data)
{
mbedtls_svc_key_id_t key_id =
- mbedtls_svc_key_id_make( owner_id_arg, key_id_arg );
+ mbedtls_svc_key_id_make(owner_id_arg, key_id_arg);
mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t first_type = (psa_key_type_t) first_type_arg;
psa_key_type_t second_type = (psa_key_type_t) second_type_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init() );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_id( &attributes, key_id );
- psa_set_key_type( &attributes, first_type );
+ psa_set_key_id(&attributes, key_id);
+ psa_set_key_type(&attributes, first_type);
- PSA_ASSERT( psa_import_key( &attributes, first_data->x, first_data->len,
- &returned_key_id ) );
+ PSA_ASSERT(psa_import_key(&attributes, first_data->x, first_data->len,
+ &returned_key_id));
- if( restart )
- {
- psa_close_key( key_id );
+ if (restart) {
+ psa_close_key(key_id);
PSA_DONE();
- PSA_ASSERT( psa_crypto_init() );
+ PSA_ASSERT(psa_crypto_init());
}
- TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );
+ TEST_EQUAL(psa_is_key_present_in_storage(key_id), 1);
/* Destroy the key */
- PSA_ASSERT( psa_destroy_key( key_id ) );
+ PSA_ASSERT(psa_destroy_key(key_id));
/* Check key slot storage is removed */
- TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
+ TEST_EQUAL(psa_is_key_present_in_storage(key_id), 0);
/* Shutdown and restart */
PSA_DONE();
- PSA_ASSERT( psa_crypto_init() );
+ PSA_ASSERT(psa_crypto_init());
/* Create another key in the same slot */
- psa_set_key_id( &attributes, key_id );
- psa_set_key_type( &attributes, second_type );
- PSA_ASSERT( psa_import_key( &attributes, second_data->x, second_data->len,
- &returned_key_id ) );
+ psa_set_key_id(&attributes, key_id);
+ psa_set_key_type(&attributes, second_type);
+ PSA_ASSERT(psa_import_key(&attributes, second_data->x, second_data->len,
+ &returned_key_id));
- PSA_ASSERT( psa_destroy_key( key_id ) );
+ PSA_ASSERT(psa_destroy_key(key_id));
exit:
PSA_DONE();
- psa_destroy_persistent_key( key_id );
+ psa_destroy_persistent_key(key_id);
}
/* END_CASE */
/* BEGIN_CASE */
-void persistent_key_import( int owner_id_arg, int key_id_arg, int type_arg,
- data_t *data, int restart, int expected_status )
+void persistent_key_import(int owner_id_arg, int key_id_arg, int type_arg,
+ data_t *data, int restart, int expected_status)
{
mbedtls_svc_key_id_t key_id =
- mbedtls_svc_key_id_make( owner_id_arg, key_id_arg );
+ mbedtls_svc_key_id_make(owner_id_arg, key_id_arg);
mbedtls_svc_key_id_t returned_key_id;
psa_key_type_t type = (psa_key_type_t) type_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_crypto_init() );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_id( &attributes, key_id );
- psa_set_key_type( &attributes, type );
- TEST_EQUAL( psa_import_key( &attributes, data->x, data->len, &returned_key_id ),
- expected_status );
+ psa_set_key_id(&attributes, key_id);
+ psa_set_key_type(&attributes, type);
+ TEST_EQUAL(psa_import_key(&attributes, data->x, data->len, &returned_key_id),
+ expected_status);
- if( expected_status != PSA_SUCCESS )
- {
- TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_key_id ) );
- TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
+ if (expected_status != PSA_SUCCESS) {
+ TEST_ASSERT(mbedtls_svc_key_id_is_null(returned_key_id));
+ TEST_EQUAL(psa_is_key_present_in_storage(key_id), 0);
goto exit;
}
- TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, key_id ) );
+ TEST_ASSERT(mbedtls_svc_key_id_equal(returned_key_id, key_id));
- if( restart )
- {
- PSA_ASSERT( psa_purge_key( key_id ) );
+ if (restart) {
+ PSA_ASSERT(psa_purge_key(key_id));
PSA_DONE();
- PSA_ASSERT( psa_crypto_init() );
+ PSA_ASSERT(psa_crypto_init());
}
- psa_reset_key_attributes( &attributes );
- PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) );
- TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes ),
- key_id ) );
- TEST_EQUAL( psa_get_key_lifetime( &attributes ),
- PSA_KEY_LIFETIME_PERSISTENT );
- TEST_EQUAL( psa_get_key_type( &attributes ), type );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
- TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
+ psa_reset_key_attributes(&attributes);
+ PSA_ASSERT(psa_get_key_attributes(key_id, &attributes));
+ TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes),
+ key_id));
+ TEST_EQUAL(psa_get_key_lifetime(&attributes),
+ PSA_KEY_LIFETIME_PERSISTENT);
+ TEST_EQUAL(psa_get_key_type(&attributes), type);
+ TEST_EQUAL(psa_get_key_usage_flags(&attributes), 0);
+ TEST_EQUAL(psa_get_key_algorithm(&attributes), 0);
- PSA_ASSERT( psa_destroy_key( key_id ) );
+ PSA_ASSERT(psa_destroy_key(key_id));
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- psa_destroy_persistent_key( key_id );
+ psa_destroy_persistent_key(key_id);
PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void import_export_persistent_key( data_t *data, int type_arg,
- int expected_bits,
- int restart, int key_not_exist )
+void import_export_persistent_key(data_t *data, int type_arg,
+ int expected_bits,
+ int restart, int key_not_exist)
{
- mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 );
+ mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(1, 42);
psa_key_type_t type = (psa_key_type_t) type_arg;
mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT;
unsigned char *exported = NULL;
@@ -268,78 +267,76 @@
size_t exported_length;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- ASSERT_ALLOC( exported, export_size );
+ ASSERT_ALLOC(exported, export_size);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_id( &attributes, key_id );
- psa_set_key_type( &attributes, type );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_id(&attributes, key_id);
+ psa_set_key_type(&attributes, type);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
/* Import the key */
- PSA_ASSERT( psa_import_key( &attributes, data->x, data->len,
- &returned_key_id ) );
+ PSA_ASSERT(psa_import_key(&attributes, data->x, data->len,
+ &returned_key_id));
- if( restart )
- {
- PSA_ASSERT( psa_purge_key( key_id ) );
+ if (restart) {
+ PSA_ASSERT(psa_purge_key(key_id));
PSA_DONE();
- PSA_ASSERT( psa_crypto_init() );
+ PSA_ASSERT(psa_crypto_init());
}
/* Test the key information */
- psa_reset_key_attributes( &attributes );
- PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) );
- TEST_ASSERT( mbedtls_svc_key_id_equal(
- psa_get_key_id( &attributes ), key_id ) );
- TEST_EQUAL( psa_get_key_lifetime( &attributes ),
- PSA_KEY_LIFETIME_PERSISTENT );
- TEST_EQUAL( psa_get_key_type( &attributes ), type );
- TEST_EQUAL( psa_get_key_bits( &attributes ), (size_t) expected_bits );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT );
- TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
+ psa_reset_key_attributes(&attributes);
+ PSA_ASSERT(psa_get_key_attributes(key_id, &attributes));
+ TEST_ASSERT(mbedtls_svc_key_id_equal(
+ psa_get_key_id(&attributes), key_id));
+ TEST_EQUAL(psa_get_key_lifetime(&attributes),
+ PSA_KEY_LIFETIME_PERSISTENT);
+ TEST_EQUAL(psa_get_key_type(&attributes), type);
+ TEST_EQUAL(psa_get_key_bits(&attributes), (size_t) expected_bits);
+ TEST_EQUAL(psa_get_key_usage_flags(&attributes), PSA_KEY_USAGE_EXPORT);
+ TEST_EQUAL(psa_get_key_algorithm(&attributes), 0);
- TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );
+ TEST_EQUAL(psa_is_key_present_in_storage(key_id), 1);
- if( key_not_exist )
- {
- psa_destroy_persistent_key( key_id );
+ if (key_not_exist) {
+ psa_destroy_persistent_key(key_id);
}
/* Export the key */
- PSA_ASSERT( psa_export_key( key_id, exported, export_size,
- &exported_length ) );
+ PSA_ASSERT(psa_export_key(key_id, exported, export_size,
+ &exported_length));
- ASSERT_COMPARE( data->x, data->len, exported, exported_length );
+ ASSERT_COMPARE(data->x, data->len, exported, exported_length);
/* Destroy the key */
- PSA_ASSERT( psa_destroy_key( key_id ) );
- TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
+ PSA_ASSERT(psa_destroy_key(key_id));
+ TEST_EQUAL(psa_is_key_present_in_storage(key_id), 0);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- mbedtls_free( exported );
- PSA_DONE( );
- psa_destroy_persistent_key( key_id );
+ mbedtls_free(exported);
+ PSA_DONE();
+ psa_destroy_persistent_key(key_id);
}
/* END_CASE */
/* BEGIN_CASE */
-void destroy_nonexistent( int id_arg, int expected_status_arg )
+void destroy_nonexistent(int id_arg, int expected_status_arg)
{
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg );
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, id_arg);
psa_status_t expected_status = expected_status_arg;
- PSA_INIT( );
+ PSA_INIT();
- TEST_EQUAL( expected_status, psa_destroy_key( id ) );
+ TEST_EQUAL(expected_status, psa_destroy_key(id));
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index c96b988..aeced54 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -24,16 +24,16 @@
/** The location and lifetime used for tests that use a single driver. */
#define TEST_DRIVER_LOCATION 1
#define TEST_SE_PERSISTENT_LIFETIME \
- ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
- PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) )
+ (PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
+ PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION))
#define TEST_SE_VOLATILE_LIFETIME \
- ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
- PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ) )
+ (PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
+ PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION))
/** The driver detected a condition that shouldn't happen.
* This is probably a bug in the library. */
-#define PSA_ERROR_DETECTED_BY_DRIVER ((psa_status_t)( -500 ))
+#define PSA_ERROR_DETECTED_BY_DRIVER ((psa_status_t) (-500))
/** Like #TEST_ASSERT for use in a driver method, with no cleanup.
*
@@ -41,14 +41,14 @@
*
* Use this macro to assert on guarantees provided by the core.
*/
-#define DRIVER_ASSERT_RETURN( TEST ) \
+#define DRIVER_ASSERT_RETURN(TEST) \
do { \
- if( ! (TEST) ) \
- { \
- mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \
- return( PSA_ERROR_DETECTED_BY_DRIVER ); \
- } \
- } while( 0 )
+ if (!(TEST)) \
+ { \
+ mbedtls_test_fail( #TEST, __LINE__, __FILE__); \
+ return PSA_ERROR_DETECTED_BY_DRIVER; \
+ } \
+ } while (0)
/** Like #TEST_ASSERT for use in a driver method, with cleanup.
*
@@ -57,15 +57,15 @@
*
* Use this macro to assert on guarantees provided by the core.
*/
-#define DRIVER_ASSERT( TEST ) \
+#define DRIVER_ASSERT(TEST) \
do { \
- if( ! (TEST) ) \
- { \
- mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \
- status = PSA_ERROR_DETECTED_BY_DRIVER; \
- goto exit; \
- } \
- } while( 0 )
+ if (!(TEST)) \
+ { \
+ mbedtls_test_fail( #TEST, __LINE__, __FILE__); \
+ status = PSA_ERROR_DETECTED_BY_DRIVER; \
+ goto exit; \
+ } \
+ } while (0)
/** Like #PSA_ASSERT for a PSA API call that calls a driver underneath.
*
@@ -78,17 +78,17 @@
* case, the test driver code is expected to have called mbedtls_test_fail()
* already, so we make sure not to overwrite the failure information.
*/
-#define PSA_ASSERT_VIA_DRIVER( expr, expected_status ) \
+#define PSA_ASSERT_VIA_DRIVER(expr, expected_status) \
do { \
- psa_status_t PSA_ASSERT_VIA_DRIVER_status = ( expr ); \
- if( PSA_ASSERT_VIA_DRIVER_status == PSA_ERROR_DETECTED_BY_DRIVER ) \
- goto exit; \
- if( PSA_ASSERT_VIA_DRIVER_status != ( expected_status ) ) \
+ psa_status_t PSA_ASSERT_VIA_DRIVER_status = (expr); \
+ if (PSA_ASSERT_VIA_DRIVER_status == PSA_ERROR_DETECTED_BY_DRIVER) \
+ goto exit; \
+ if (PSA_ASSERT_VIA_DRIVER_status != (expected_status)) \
{ \
- mbedtls_test_fail( #expr, __LINE__, __FILE__ ); \
+ mbedtls_test_fail( #expr, __LINE__, __FILE__); \
goto exit; \
} \
- } while( 0 )
+ } while (0)
@@ -97,20 +97,21 @@
/****************************************************************/
/* Return the exact bit size given a curve family and a byte length. */
-static size_t ecc_curve_bits( psa_ecc_family_t curve, size_t data_length )
+static size_t ecc_curve_bits(psa_ecc_family_t curve, size_t data_length)
{
- switch( curve )
- {
+ switch (curve) {
case PSA_ECC_FAMILY_SECP_R1:
- if( data_length == PSA_BYTES_TO_BITS( 521 ) )
- return( 521 );
+ if (data_length == PSA_BYTES_TO_BITS(521)) {
+ return 521;
+ }
break;
case PSA_ECC_FAMILY_MONTGOMERY:
- if( data_length == PSA_BYTES_TO_BITS( 255 ) )
- return( 255 );
+ if (data_length == PSA_BYTES_TO_BITS(255)) {
+ return 255;
+ }
}
/* If not listed above, assume a multiple of 8 bits. */
- return( PSA_BYTES_TO_BITS( data_length ) );
+ return PSA_BYTES_TO_BITS(data_length);
}
@@ -118,8 +119,7 @@
/* Miscellaneous driver methods */
/****************************************************************/
-typedef struct
-{
+typedef struct {
psa_key_slot_number_t slot_number;
psa_key_creation_method_t method;
psa_status_t status;
@@ -132,50 +132,52 @@
void *persistent_data,
const psa_key_attributes_t *attributes,
psa_key_creation_method_t method,
- psa_key_slot_number_t slot_number )
+ psa_key_slot_number_t slot_number)
{
(void) context;
(void) persistent_data;
(void) attributes;
- DRIVER_ASSERT_RETURN( slot_number ==
- validate_slot_number_directions.slot_number );
- DRIVER_ASSERT_RETURN( method ==
- validate_slot_number_directions.method );
- return( validate_slot_number_directions.status );
+ DRIVER_ASSERT_RETURN(slot_number ==
+ validate_slot_number_directions.slot_number);
+ DRIVER_ASSERT_RETURN(method ==
+ validate_slot_number_directions.method);
+ return validate_slot_number_directions.status;
}
/* Allocate slot numbers with a monotonic counter. */
static psa_key_slot_number_t shadow_counter;
-static void counter_reset( void )
+static void counter_reset(void)
{
shadow_counter = 0;
}
-static psa_status_t counter_allocate( psa_drv_se_context_t *context,
- void *persistent_data,
- const psa_key_attributes_t *attributes,
- psa_key_creation_method_t method,
- psa_key_slot_number_t *slot_number )
+static psa_status_t counter_allocate(psa_drv_se_context_t *context,
+ void *persistent_data,
+ const psa_key_attributes_t *attributes,
+ psa_key_creation_method_t method,
+ psa_key_slot_number_t *slot_number)
{
psa_key_slot_number_t *p_counter = persistent_data;
(void) attributes;
(void) method;
- if( context->persistent_data_size != sizeof( psa_key_slot_number_t ) )
- return( PSA_ERROR_DETECTED_BY_DRIVER );
+ if (context->persistent_data_size != sizeof(psa_key_slot_number_t)) {
+ return PSA_ERROR_DETECTED_BY_DRIVER;
+ }
++*p_counter;
- if( *p_counter == 0 )
- return( PSA_ERROR_INSUFFICIENT_STORAGE );
+ if (*p_counter == 0) {
+ return PSA_ERROR_INSUFFICIENT_STORAGE;
+ }
shadow_counter = *p_counter;
*slot_number = *p_counter;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/* Null import: do nothing, but pretend it worked. */
-static psa_status_t null_import( psa_drv_se_context_t *context,
- psa_key_slot_number_t slot_number,
- const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- size_t *bits )
+static psa_status_t null_import(psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ size_t *bits)
{
(void) context;
(void) slot_number;
@@ -183,41 +185,40 @@
(void) data;
/* We're supposed to return a key size. Return one that's correct for
* plain data keys. */
- *bits = PSA_BYTES_TO_BITS( data_length );
- return( PSA_SUCCESS );
+ *bits = PSA_BYTES_TO_BITS(data_length);
+ return PSA_SUCCESS;
}
/* Null generate: do nothing, but pretend it worked. */
-static psa_status_t null_generate( psa_drv_se_context_t *context,
- psa_key_slot_number_t slot_number,
- const psa_key_attributes_t *attributes,
- uint8_t *pubkey,
- size_t pubkey_size,
- size_t *pubkey_length )
+static psa_status_t null_generate(psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ const psa_key_attributes_t *attributes,
+ uint8_t *pubkey,
+ size_t pubkey_size,
+ size_t *pubkey_length)
{
(void) context;
(void) slot_number;
(void) attributes;
- DRIVER_ASSERT_RETURN( *pubkey_length == 0 );
- if( ! PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) )
- {
- DRIVER_ASSERT_RETURN( pubkey == NULL );
- DRIVER_ASSERT_RETURN( pubkey_size == 0 );
+ DRIVER_ASSERT_RETURN(*pubkey_length == 0);
+ if (!PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
+ DRIVER_ASSERT_RETURN(pubkey == NULL);
+ DRIVER_ASSERT_RETURN(pubkey_size == 0);
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/* Null destroy: do nothing, but pretend it worked. */
-static psa_status_t null_destroy( psa_drv_se_context_t *context,
- void *persistent_data,
- psa_key_slot_number_t slot_number )
+static psa_status_t null_destroy(psa_drv_se_context_t *context,
+ void *persistent_data,
+ psa_key_slot_number_t slot_number)
{
(void) context;
(void) persistent_data;
(void) slot_number;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
@@ -227,8 +228,7 @@
/****************************************************************/
#define RAM_MAX_KEY_SIZE 64
-typedef struct
-{
+typedef struct {
psa_key_lifetime_t lifetime;
psa_key_type_t type;
size_t bits;
@@ -244,9 +244,9 @@
static uint8_t ram_min_slot = 0;
-static void ram_slots_reset( void )
+static void ram_slots_reset(void)
{
- memset( ram_slots, 0, sizeof( ram_slots ) );
+ memset(ram_slots, 0, sizeof(ram_slots));
ram_min_slot = 0;
ram_shadow_slot_usage = 0;
}
@@ -259,168 +259,165 @@
* in the test case function's cleanup code) and it might be wrong
* (if slot_number is invalid).
*/
-static psa_status_t ram_create_common( psa_drv_se_context_t *context,
- psa_key_slot_number_t slot_number,
- const psa_key_attributes_t *attributes,
- size_t required_storage )
+static psa_status_t ram_create_common(psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ const psa_key_attributes_t *attributes,
+ size_t required_storage)
{
(void) context;
- DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) );
+ DRIVER_ASSERT_RETURN(slot_number < ARRAY_LENGTH(ram_slots));
- ram_slots[slot_number].lifetime = psa_get_key_lifetime( attributes );
- ram_slots[slot_number].type = psa_get_key_type( attributes );
- ram_slots[slot_number].bits = psa_get_key_bits( attributes );
+ ram_slots[slot_number].lifetime = psa_get_key_lifetime(attributes);
+ ram_slots[slot_number].type = psa_get_key_type(attributes);
+ ram_slots[slot_number].bits = psa_get_key_bits(attributes);
- if( required_storage > sizeof( ram_slots[slot_number].content ) )
- {
- memset( &ram_slots[slot_number], 0, sizeof( ram_slots[slot_number] ) );
- return( PSA_ERROR_INSUFFICIENT_STORAGE );
+ if (required_storage > sizeof(ram_slots[slot_number].content)) {
+ memset(&ram_slots[slot_number], 0, sizeof(ram_slots[slot_number]));
+ return PSA_ERROR_INSUFFICIENT_STORAGE;
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/* This function does everything except actually generating key material.
* After calling it, you must copy the desired key material to
* ram_slots[slot_number].content. */
-static psa_status_t ram_fake_generate( psa_drv_se_context_t *context,
- psa_key_slot_number_t slot_number,
- const psa_key_attributes_t *attributes,
- uint8_t *pubkey,
- size_t pubkey_size,
- size_t *pubkey_length )
+static psa_status_t ram_fake_generate(psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ const psa_key_attributes_t *attributes,
+ uint8_t *pubkey,
+ size_t pubkey_size,
+ size_t *pubkey_length)
{
psa_status_t status;
size_t required_storage =
- PSA_EXPORT_KEY_OUTPUT_SIZE( psa_get_key_type( attributes ),
- psa_get_key_bits( attributes ) );
+ PSA_EXPORT_KEY_OUTPUT_SIZE(psa_get_key_type(attributes),
+ psa_get_key_bits(attributes));
- DRIVER_ASSERT_RETURN( *pubkey_length == 0 );
- if( ! PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) )
- {
- DRIVER_ASSERT_RETURN( pubkey == NULL );
- DRIVER_ASSERT_RETURN( pubkey_size == 0 );
+ DRIVER_ASSERT_RETURN(*pubkey_length == 0);
+ if (!PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
+ DRIVER_ASSERT_RETURN(pubkey == NULL);
+ DRIVER_ASSERT_RETURN(pubkey_size == 0);
}
- status = ram_create_common( context, slot_number, attributes,
- required_storage );
- return( status );
+ status = ram_create_common(context, slot_number, attributes,
+ required_storage);
+ return status;
}
-static psa_status_t ram_import( psa_drv_se_context_t *context,
- psa_key_slot_number_t slot_number,
- const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- size_t *bits )
+static psa_status_t ram_import(psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ size_t *bits)
{
- psa_key_type_t type = psa_get_key_type( attributes );
- psa_status_t status = ram_create_common( context, slot_number, attributes,
- data_length );
- if( status != PSA_SUCCESS )
- return( status );
+ psa_key_type_t type = psa_get_key_type(attributes);
+ psa_status_t status = ram_create_common(context, slot_number, attributes,
+ data_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/* The RAM driver only works for certain key types: raw keys,
* and ECC key pairs. This is true in particular of the bit-size
* calculation here. */
- if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
- *bits = PSA_BYTES_TO_BITS( data_length );
- else if ( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
- {
- *bits = ecc_curve_bits( PSA_KEY_TYPE_ECC_GET_FAMILY( type ), data_length );
- if( *bits == 0 )
- return( PSA_ERROR_DETECTED_BY_DRIVER );
- }
- else
- {
- memset( &ram_slots[slot_number], 0, sizeof( ram_slots[slot_number] ) );
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
+ *bits = PSA_BYTES_TO_BITS(data_length);
+ } else if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
+ *bits = ecc_curve_bits(PSA_KEY_TYPE_ECC_GET_FAMILY(type), data_length);
+ if (*bits == 0) {
+ return PSA_ERROR_DETECTED_BY_DRIVER;
+ }
+ } else {
+ memset(&ram_slots[slot_number], 0, sizeof(ram_slots[slot_number]));
+ return PSA_ERROR_NOT_SUPPORTED;
}
ram_slots[slot_number].bits = *bits;
- memcpy( ram_slots[slot_number].content, data, data_length );
+ memcpy(ram_slots[slot_number].content, data, data_length);
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-static psa_status_t ram_export( psa_drv_se_context_t *context,
- psa_key_slot_number_t slot_number,
- uint8_t *data,
- size_t data_size,
- size_t *data_length )
+static psa_status_t ram_export(psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length)
{
size_t actual_size;
(void) context;
- DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) );
- actual_size = PSA_BITS_TO_BYTES( ram_slots[slot_number].bits );
- if( actual_size > data_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ DRIVER_ASSERT_RETURN(slot_number < ARRAY_LENGTH(ram_slots));
+ actual_size = PSA_BITS_TO_BYTES(ram_slots[slot_number].bits);
+ if (actual_size > data_size) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
*data_length = actual_size;
- memcpy( data, ram_slots[slot_number].content, actual_size );
- return( PSA_SUCCESS );
+ memcpy(data, ram_slots[slot_number].content, actual_size);
+ return PSA_SUCCESS;
}
-static psa_status_t ram_export_public( psa_drv_se_context_t *context,
- psa_key_slot_number_t slot_number,
- uint8_t *data,
- size_t data_size,
- size_t *data_length )
+static psa_status_t ram_export_public(psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length)
{
psa_status_t status;
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
(void) context;
- DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) );
+ DRIVER_ASSERT_RETURN(slot_number < ARRAY_LENGTH(ram_slots));
DRIVER_ASSERT_RETURN(
- PSA_KEY_TYPE_IS_KEY_PAIR( ram_slots[slot_number].type ) );
+ PSA_KEY_TYPE_IS_KEY_PAIR(ram_slots[slot_number].type));
- psa_set_key_type( &attributes, ram_slots[slot_number].type );
- status = psa_import_key( &attributes,
- ram_slots[slot_number].content,
- PSA_BITS_TO_BYTES( ram_slots[slot_number].bits ),
- &key );
- if( status != PSA_SUCCESS )
- return( status );
- status = psa_export_public_key( key, data, data_size, data_length );
- psa_destroy_key( key );
- return( PSA_SUCCESS );
+ psa_set_key_type(&attributes, ram_slots[slot_number].type);
+ status = psa_import_key(&attributes,
+ ram_slots[slot_number].content,
+ PSA_BITS_TO_BYTES(ram_slots[slot_number].bits),
+ &key);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ status = psa_export_public_key(key, data, data_size, data_length);
+ psa_destroy_key(key);
+ return PSA_SUCCESS;
}
-static psa_status_t ram_destroy( psa_drv_se_context_t *context,
- void *persistent_data,
- psa_key_slot_number_t slot_number )
+static psa_status_t ram_destroy(psa_drv_se_context_t *context,
+ void *persistent_data,
+ psa_key_slot_number_t slot_number)
{
ram_slot_usage_t *slot_usage = persistent_data;
- DRIVER_ASSERT_RETURN( context->persistent_data_size == sizeof( ram_slot_usage_t ) );
- DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) );
- memset( &ram_slots[slot_number], 0, sizeof( ram_slots[slot_number] ) );
- *slot_usage &= ~(ram_slot_usage_t)( 1 << slot_number );
+ DRIVER_ASSERT_RETURN(context->persistent_data_size == sizeof(ram_slot_usage_t));
+ DRIVER_ASSERT_RETURN(slot_number < ARRAY_LENGTH(ram_slots));
+ memset(&ram_slots[slot_number], 0, sizeof(ram_slots[slot_number]));
+ *slot_usage &= ~(ram_slot_usage_t) (1 << slot_number);
ram_shadow_slot_usage = *slot_usage;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-static psa_status_t ram_allocate( psa_drv_se_context_t *context,
- void *persistent_data,
- const psa_key_attributes_t *attributes,
- psa_key_creation_method_t method,
- psa_key_slot_number_t *slot_number )
+static psa_status_t ram_allocate(psa_drv_se_context_t *context,
+ void *persistent_data,
+ const psa_key_attributes_t *attributes,
+ psa_key_creation_method_t method,
+ psa_key_slot_number_t *slot_number)
{
ram_slot_usage_t *slot_usage = persistent_data;
(void) attributes;
(void) method;
- DRIVER_ASSERT_RETURN( context->persistent_data_size == sizeof( ram_slot_usage_t ) );
- for( *slot_number = ram_min_slot;
- *slot_number < ARRAY_LENGTH( ram_slots );
- ++( *slot_number ) )
- {
- if( ! ( *slot_usage & 1 << *slot_number ) )
- {
+ DRIVER_ASSERT_RETURN(context->persistent_data_size == sizeof(ram_slot_usage_t));
+ for (*slot_number = ram_min_slot;
+ *slot_number < ARRAY_LENGTH(ram_slots);
+ ++(*slot_number)) {
+ if (!(*slot_usage & 1 << *slot_number)) {
ram_shadow_slot_usage = *slot_usage;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
}
- return( PSA_ERROR_INSUFFICIENT_STORAGE );
+ return PSA_ERROR_INSUFFICIENT_STORAGE;
}
static psa_status_t ram_validate_slot_number(
@@ -428,25 +425,26 @@
void *persistent_data,
const psa_key_attributes_t *attributes,
psa_key_creation_method_t method,
- psa_key_slot_number_t slot_number )
+ psa_key_slot_number_t slot_number)
{
(void) context;
(void) persistent_data;
(void) attributes;
(void) method;
- if( slot_number >= ARRAY_LENGTH( ram_slots ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
- return( PSA_SUCCESS );
+ if (slot_number >= ARRAY_LENGTH(ram_slots)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ return PSA_SUCCESS;
}
-static psa_status_t ram_sign( psa_drv_se_context_t *context,
- psa_key_slot_number_t slot_number,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length )
+static psa_status_t ram_sign(psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length)
{
ram_slot_t *slot;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -454,32 +452,32 @@
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
(void) context;
- DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) );
+ DRIVER_ASSERT_RETURN(slot_number < ARRAY_LENGTH(ram_slots));
slot = &ram_slots[slot_number];
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, slot->type );
- DRIVER_ASSERT( psa_import_key( &attributes,
- slot->content,
- PSA_BITS_TO_BYTES( slot->bits ),
- &key ) == PSA_SUCCESS );
- status = psa_sign_hash( key, alg,
- hash, hash_length,
- signature, signature_size, signature_length );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, slot->type);
+ DRIVER_ASSERT(psa_import_key(&attributes,
+ slot->content,
+ PSA_BITS_TO_BYTES(slot->bits),
+ &key) == PSA_SUCCESS);
+ status = psa_sign_hash(key, alg,
+ hash, hash_length,
+ signature, signature_size, signature_length);
exit:
- psa_destroy_key( key );
- return( status );
+ psa_destroy_key(key);
+ return status;
}
-static psa_status_t ram_verify( psa_drv_se_context_t *context,
- psa_key_slot_number_t slot_number,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length )
+static psa_status_t ram_verify(psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length)
{
ram_slot_t *slot;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -487,24 +485,24 @@
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
(void) context;
- DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) );
+ DRIVER_ASSERT_RETURN(slot_number < ARRAY_LENGTH(ram_slots));
slot = &ram_slots[slot_number];
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, slot->type );
- DRIVER_ASSERT( psa_import_key( &attributes,
- slot->content,
- PSA_BITS_TO_BYTES( slot->bits ),
- &key ) ==
- PSA_SUCCESS );
- status = psa_verify_hash( key, alg,
- hash, hash_length,
- signature, signature_length );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, slot->type);
+ DRIVER_ASSERT(psa_import_key(&attributes,
+ slot->content,
+ PSA_BITS_TO_BYTES(slot->bits),
+ &key) ==
+ PSA_SUCCESS);
+ status = psa_verify_hash(key, alg,
+ hash, hash_length,
+ signature, signature_length);
exit:
- psa_destroy_key( key );
- return( status );
+ psa_destroy_key(key);
+ return status;
}
@@ -512,8 +510,7 @@
/* Other test helper functions */
/****************************************************************/
-typedef enum
-{
+typedef enum {
SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION,
SIGN_IN_DRIVER_AND_PARALLEL_CREATION,
SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC,
@@ -523,54 +520,49 @@
* are consistent with the attributes used when creating the key. */
static int check_key_attributes(
mbedtls_svc_key_id_t key,
- const psa_key_attributes_t *reference_attributes )
+ const psa_key_attributes_t *reference_attributes)
{
int ok = 0;
psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_get_key_attributes( key, &actual_attributes ) );
+ PSA_ASSERT(psa_get_key_attributes(key, &actual_attributes));
- TEST_ASSERT( mbedtls_svc_key_id_equal(
- psa_get_key_id( &actual_attributes ),
- psa_get_key_id( reference_attributes ) ) );
- TEST_EQUAL( psa_get_key_lifetime( &actual_attributes ),
- psa_get_key_lifetime( reference_attributes ) );
- TEST_EQUAL( psa_get_key_type( &actual_attributes ),
- psa_get_key_type( reference_attributes ) );
- TEST_EQUAL( psa_get_key_usage_flags( &actual_attributes ),
- psa_get_key_usage_flags( reference_attributes ) );
- TEST_EQUAL( psa_get_key_algorithm( &actual_attributes ),
- psa_get_key_algorithm( reference_attributes ) );
- TEST_EQUAL( psa_get_key_enrollment_algorithm( &actual_attributes ),
- psa_get_key_enrollment_algorithm( reference_attributes ) );
- if( psa_get_key_bits( reference_attributes ) != 0 )
- {
- TEST_EQUAL( psa_get_key_bits( &actual_attributes ),
- psa_get_key_bits( reference_attributes ) );
+ TEST_ASSERT(mbedtls_svc_key_id_equal(
+ psa_get_key_id(&actual_attributes),
+ psa_get_key_id(reference_attributes)));
+ TEST_EQUAL(psa_get_key_lifetime(&actual_attributes),
+ psa_get_key_lifetime(reference_attributes));
+ TEST_EQUAL(psa_get_key_type(&actual_attributes),
+ psa_get_key_type(reference_attributes));
+ TEST_EQUAL(psa_get_key_usage_flags(&actual_attributes),
+ psa_get_key_usage_flags(reference_attributes));
+ TEST_EQUAL(psa_get_key_algorithm(&actual_attributes),
+ psa_get_key_algorithm(reference_attributes));
+ TEST_EQUAL(psa_get_key_enrollment_algorithm(&actual_attributes),
+ psa_get_key_enrollment_algorithm(reference_attributes));
+ if (psa_get_key_bits(reference_attributes) != 0) {
+ TEST_EQUAL(psa_get_key_bits(&actual_attributes),
+ psa_get_key_bits(reference_attributes));
}
{
psa_key_slot_number_t actual_slot_number = 0xdeadbeef;
psa_key_slot_number_t desired_slot_number = 0xb90cc011;
psa_key_lifetime_t lifetime =
- psa_get_key_lifetime( &actual_attributes );
- psa_status_t status = psa_get_key_slot_number( &actual_attributes,
- &actual_slot_number );
- if( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) < MIN_DRIVER_LOCATION )
- {
+ psa_get_key_lifetime(&actual_attributes);
+ psa_status_t status = psa_get_key_slot_number(&actual_attributes,
+ &actual_slot_number);
+ if (PSA_KEY_LIFETIME_GET_LOCATION(lifetime) < MIN_DRIVER_LOCATION) {
/* The key is not in a secure element. */
- TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT );
- }
- else
- {
+ TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT);
+ } else {
/* The key is in a secure element. If it had been created
* in a specific slot, check that it is reported there. */
- PSA_ASSERT( status );
- status = psa_get_key_slot_number( reference_attributes,
- &desired_slot_number );
- if( status == PSA_SUCCESS )
- {
- TEST_EQUAL( desired_slot_number, actual_slot_number );
+ PSA_ASSERT(status);
+ status = psa_get_key_slot_number(reference_attributes,
+ &desired_slot_number);
+ if (status == PSA_SUCCESS) {
+ TEST_EQUAL(desired_slot_number, actual_slot_number);
}
}
}
@@ -581,64 +573,64 @@
* Actual key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &actual_attributes );
+ psa_reset_key_attributes(&actual_attributes);
- return( ok );
+ return ok;
}
/* Get the file UID corresponding to the specified location.
* If this changes, the storage format version must change.
* See psa_get_se_driver_its_file_uid() in psa_crypto_se.c.
*/
-psa_storage_uid_t file_uid_for_location( psa_key_location_t location )
+psa_storage_uid_t file_uid_for_location(psa_key_location_t location)
{
- if( location > PSA_MAX_SE_LOCATION )
- return( 0 );
- return( 0xfffffe00 + location );
+ if (location > PSA_MAX_SE_LOCATION) {
+ return 0;
+ }
+ return 0xfffffe00 + location;
}
/* Check that the persistent data of a driver has its expected content. */
-static int check_persistent_data( psa_key_location_t location,
- const void *expected_data,
- size_t size )
+static int check_persistent_data(psa_key_location_t location,
+ const void *expected_data,
+ size_t size)
{
- psa_storage_uid_t uid = file_uid_for_location( location );
+ psa_storage_uid_t uid = file_uid_for_location(location);
struct psa_storage_info_t info;
uint8_t *loaded = NULL;
int ok = 0;
- PSA_ASSERT( psa_its_get_info( uid, &info ) );
- ASSERT_ALLOC( loaded, info.size );
- PSA_ASSERT( psa_its_get( uid, 0, info.size, loaded, NULL ) );
- ASSERT_COMPARE( expected_data, size, loaded, info.size );
+ PSA_ASSERT(psa_its_get_info(uid, &info));
+ ASSERT_ALLOC(loaded, info.size);
+ PSA_ASSERT(psa_its_get(uid, 0, info.size, loaded, NULL));
+ ASSERT_COMPARE(expected_data, size, loaded, info.size);
ok = 1;
exit:
- mbedtls_free( loaded );
- return( ok );
+ mbedtls_free(loaded);
+ return ok;
}
/* Check that no persistent data exists for the given location. */
-static int check_no_persistent_data( psa_key_location_t location )
+static int check_no_persistent_data(psa_key_location_t location)
{
- psa_storage_uid_t uid = file_uid_for_location( location );
+ psa_storage_uid_t uid = file_uid_for_location(location);
struct psa_storage_info_t info;
int ok = 0;
- TEST_EQUAL( psa_its_get_info( uid, &info ), PSA_ERROR_DOES_NOT_EXIST );
+ TEST_EQUAL(psa_its_get_info(uid, &info), PSA_ERROR_DOES_NOT_EXIST);
ok = 1;
exit:
- return( ok );
+ return ok;
}
/* Check that a function's return status is "smoke-free", i.e. that
* it's an acceptable error code when calling an API function that operates
* on a key with potentially bogus parameters. */
-static int is_status_smoke_free( psa_status_t status )
+static int is_status_smoke_free(psa_status_t status)
{
- switch( status )
- {
+ switch (status) {
case PSA_SUCCESS:
case PSA_ERROR_NOT_SUPPORTED:
case PSA_ERROR_NOT_PERMITTED:
@@ -646,19 +638,19 @@
case PSA_ERROR_INVALID_ARGUMENT:
case PSA_ERROR_INVALID_SIGNATURE:
case PSA_ERROR_INVALID_PADDING:
- return( 1 );
+ return 1;
default:
- return( 0 );
+ return 0;
}
}
-#define SMOKE_ASSERT( expr ) \
- TEST_ASSERT( is_status_smoke_free( expr ) )
+#define SMOKE_ASSERT(expr) \
+ TEST_ASSERT(is_status_smoke_free(expr))
/* Smoke test a key. There are mostly no wrong answers here since we pass
* mostly bogus parameters: the goal is to ensure that there is no memory
* corruption or crash. This test function is most useful when run under
* an environment with sanity checks such as ASan or MSan. */
-static int smoke_test_key( mbedtls_svc_key_id_t key )
+static int smoke_test_key(mbedtls_svc_key_id_t key)
{
int ok = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -672,88 +664,88 @@
size_t length;
mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT;
- SMOKE_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ SMOKE_ASSERT(psa_get_key_attributes(key, &attributes));
- SMOKE_ASSERT( psa_export_key( key,
- buffer, sizeof( buffer ), &length ) );
- SMOKE_ASSERT( psa_export_public_key( key,
- buffer, sizeof( buffer ), &length ) );
+ SMOKE_ASSERT(psa_export_key(key,
+ buffer, sizeof(buffer), &length));
+ SMOKE_ASSERT(psa_export_public_key(key,
+ buffer, sizeof(buffer), &length));
- SMOKE_ASSERT( psa_copy_key( key, &attributes, &key2 ) );
- if( ! mbedtls_svc_key_id_is_null( key2 ) )
- PSA_ASSERT( psa_destroy_key( key2 ) );
+ SMOKE_ASSERT(psa_copy_key(key, &attributes, &key2));
+ if (!mbedtls_svc_key_id_is_null(key2)) {
+ PSA_ASSERT(psa_destroy_key(key2));
+ }
- SMOKE_ASSERT( psa_mac_sign_setup( &mac_operation, key, PSA_ALG_CMAC ) );
- PSA_ASSERT( psa_mac_abort( &mac_operation ) );
- SMOKE_ASSERT( psa_mac_verify_setup( &mac_operation, key,
- PSA_ALG_HMAC( PSA_ALG_SHA_256 ) ) );
- PSA_ASSERT( psa_mac_abort( &mac_operation ) );
+ SMOKE_ASSERT(psa_mac_sign_setup(&mac_operation, key, PSA_ALG_CMAC));
+ PSA_ASSERT(psa_mac_abort(&mac_operation));
+ SMOKE_ASSERT(psa_mac_verify_setup(&mac_operation, key,
+ PSA_ALG_HMAC(PSA_ALG_SHA_256)));
+ PSA_ASSERT(psa_mac_abort(&mac_operation));
- SMOKE_ASSERT( psa_cipher_encrypt_setup( &cipher_operation, key,
- PSA_ALG_CTR ) );
- PSA_ASSERT( psa_cipher_abort( &cipher_operation ) );
- SMOKE_ASSERT( psa_cipher_decrypt_setup( &cipher_operation, key,
- PSA_ALG_CTR ) );
- PSA_ASSERT( psa_cipher_abort( &cipher_operation ) );
+ SMOKE_ASSERT(psa_cipher_encrypt_setup(&cipher_operation, key,
+ PSA_ALG_CTR));
+ PSA_ASSERT(psa_cipher_abort(&cipher_operation));
+ SMOKE_ASSERT(psa_cipher_decrypt_setup(&cipher_operation, key,
+ PSA_ALG_CTR));
+ PSA_ASSERT(psa_cipher_abort(&cipher_operation));
- SMOKE_ASSERT( psa_aead_encrypt( key, PSA_ALG_CCM,
- buffer, sizeof( buffer ),
- NULL, 0,
- buffer, sizeof( buffer),
- buffer, sizeof( buffer), &length ) );
- SMOKE_ASSERT( psa_aead_decrypt( key, PSA_ALG_CCM,
- buffer, sizeof( buffer ),
- NULL, 0,
- buffer, sizeof( buffer),
- buffer, sizeof( buffer), &length ) );
+ SMOKE_ASSERT(psa_aead_encrypt(key, PSA_ALG_CCM,
+ buffer, sizeof(buffer),
+ NULL, 0,
+ buffer, sizeof(buffer),
+ buffer, sizeof(buffer), &length));
+ SMOKE_ASSERT(psa_aead_decrypt(key, PSA_ALG_CCM,
+ buffer, sizeof(buffer),
+ NULL, 0,
+ buffer, sizeof(buffer),
+ buffer, sizeof(buffer), &length));
- SMOKE_ASSERT( psa_sign_hash( key, PSA_ALG_ECDSA_ANY,
+ SMOKE_ASSERT(psa_sign_hash(key, PSA_ALG_ECDSA_ANY,
+ buffer, 32,
+ buffer, sizeof(buffer), &length));
+ SMOKE_ASSERT(psa_verify_hash(key, PSA_ALG_ECDSA_ANY,
buffer, 32,
- buffer, sizeof( buffer ), &length ) );
- SMOKE_ASSERT( psa_verify_hash( key, PSA_ALG_ECDSA_ANY,
- buffer, 32,
- buffer, sizeof( buffer ) ) );
+ buffer, sizeof(buffer)));
- SMOKE_ASSERT( psa_asymmetric_encrypt( key, PSA_ALG_RSA_PKCS1V15_CRYPT,
- buffer, 10, NULL, 0,
- buffer, sizeof( buffer ), &length ) );
- SMOKE_ASSERT( psa_asymmetric_decrypt( key, PSA_ALG_RSA_PKCS1V15_CRYPT,
- buffer, sizeof( buffer ), NULL, 0,
- buffer, sizeof( buffer ), &length ) );
+ SMOKE_ASSERT(psa_asymmetric_encrypt(key, PSA_ALG_RSA_PKCS1V15_CRYPT,
+ buffer, 10, NULL, 0,
+ buffer, sizeof(buffer), &length));
+ SMOKE_ASSERT(psa_asymmetric_decrypt(key, PSA_ALG_RSA_PKCS1V15_CRYPT,
+ buffer, sizeof(buffer), NULL, 0,
+ buffer, sizeof(buffer), &length));
#if defined(MBEDTLS_SHA256_C)
/* Try the key in a plain key derivation. */
- PSA_ASSERT( psa_key_derivation_setup( &derivation_operation,
- PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ) );
- PSA_ASSERT( psa_key_derivation_input_bytes( &derivation_operation,
- PSA_KEY_DERIVATION_INPUT_SALT,
- NULL, 0 ) );
- SMOKE_ASSERT( psa_key_derivation_input_key( &derivation_operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- key ) );
- PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) );
+ PSA_ASSERT(psa_key_derivation_setup(&derivation_operation,
+ PSA_ALG_HKDF(PSA_ALG_SHA_256)));
+ PSA_ASSERT(psa_key_derivation_input_bytes(&derivation_operation,
+ PSA_KEY_DERIVATION_INPUT_SALT,
+ NULL, 0));
+ SMOKE_ASSERT(psa_key_derivation_input_key(&derivation_operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ key));
+ PSA_ASSERT(psa_key_derivation_abort(&derivation_operation));
/* If the key is asymmetric, try it in a key agreement, both as
* part of a derivation operation and standalone. */
- if( psa_export_public_key( key, buffer, sizeof( buffer ), &length ) ==
- PSA_SUCCESS )
- {
+ if (psa_export_public_key(key, buffer, sizeof(buffer), &length) ==
+ PSA_SUCCESS) {
psa_algorithm_t alg =
- PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH,
- PSA_ALG_HKDF( PSA_ALG_SHA_256 ) );
- PSA_ASSERT( psa_key_derivation_setup( &derivation_operation, alg ) );
- PSA_ASSERT( psa_key_derivation_input_bytes(
- &derivation_operation, PSA_KEY_DERIVATION_INPUT_SALT,
- NULL, 0 ) );
- SMOKE_ASSERT( psa_key_derivation_key_agreement(
- &derivation_operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- key, buffer, length ) );
- PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) );
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,
+ PSA_ALG_HKDF(PSA_ALG_SHA_256));
+ PSA_ASSERT(psa_key_derivation_setup(&derivation_operation, alg));
+ PSA_ASSERT(psa_key_derivation_input_bytes(
+ &derivation_operation, PSA_KEY_DERIVATION_INPUT_SALT,
+ NULL, 0));
+ SMOKE_ASSERT(psa_key_derivation_key_agreement(
+ &derivation_operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ key, buffer, length));
+ PSA_ASSERT(psa_key_derivation_abort(&derivation_operation));
- SMOKE_ASSERT( psa_raw_key_agreement(
- alg, key, buffer, length,
- buffer, sizeof( buffer ), &length ) );
+ SMOKE_ASSERT(psa_raw_key_agreement(
+ alg, key, buffer, length,
+ buffer, sizeof(buffer), &length));
}
#endif /* MBEDTLS_SHA256_C */
@@ -764,22 +756,23 @@
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- return( ok );
+ return ok;
}
-static void psa_purge_storage( void )
+static void psa_purge_storage(void)
{
/* The generic code in mbedtls_test_psa_purge_key_storage()
* (which is called by PSA_DONE()) doesn't take care of things that are
* specific to dynamic secure elements. */
psa_key_location_t location;
/* Purge the transaction file. */
- psa_crypto_stop_transaction( );
+ psa_crypto_stop_transaction();
/* Purge driver persistent data. */
- for( location = 0; location < PSA_MAX_SE_LOCATION; location++ )
- psa_destroy_se_persistent_data( location );
+ for (location = 0; location < PSA_MAX_SE_LOCATION; location++) {
+ psa_destroy_se_persistent_data(location);
+ }
}
/* END_HEADER */
@@ -790,205 +783,207 @@
*/
/* BEGIN_CASE */
-void register_one( int location, int version, int expected_status_arg )
+void register_one(int location, int version, int expected_status_arg)
{
psa_status_t expected_status = expected_status_arg;
psa_drv_se_t driver;
- memset( &driver, 0, sizeof( driver ) );
+ memset(&driver, 0, sizeof(driver));
driver.hal_version = version;
- TEST_EQUAL( psa_register_se_driver( location, &driver ),
- expected_status );
+ TEST_EQUAL(psa_register_se_driver(location, &driver),
+ expected_status);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void register_twice( int count )
+void register_twice(int count)
{
psa_drv_se_t driver;
psa_key_location_t location;
psa_key_location_t max = MIN_DRIVER_LOCATION + count;
- memset( &driver, 0, sizeof( driver ) );
+ memset(&driver, 0, sizeof(driver));
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
- for( location = MIN_DRIVER_LOCATION; location < max; location++ )
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- for( location = MIN_DRIVER_LOCATION; location < max; location++ )
- TEST_EQUAL( psa_register_se_driver( location, &driver ),
- PSA_ERROR_ALREADY_EXISTS );
+ for (location = MIN_DRIVER_LOCATION; location < max; location++) {
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ }
+ for (location = MIN_DRIVER_LOCATION; location < max; location++) {
+ TEST_EQUAL(psa_register_se_driver(location, &driver),
+ PSA_ERROR_ALREADY_EXISTS);
+ }
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void register_max( )
+void register_max()
{
psa_drv_se_t driver;
psa_key_location_t location;
psa_key_location_t max = MIN_DRIVER_LOCATION + PSA_MAX_SE_DRIVERS;
- memset( &driver, 0, sizeof( driver ) );
+ memset(&driver, 0, sizeof(driver));
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
- for( location = MIN_DRIVER_LOCATION; location < max; location++ )
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
+ for (location = MIN_DRIVER_LOCATION; location < max; location++) {
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ }
- TEST_EQUAL( psa_register_se_driver( location, &driver ),
- PSA_ERROR_INSUFFICIENT_MEMORY );
+ TEST_EQUAL(psa_register_se_driver(location, &driver),
+ PSA_ERROR_INSUFFICIENT_MEMORY);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void key_creation_import_export( int lifetime_arg, int min_slot, int restart )
+void key_creation_import_export(int lifetime_arg, int min_slot, int restart)
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime);
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1);
mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_handle_t handle;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
- uint8_t exported[sizeof( key_material )];
+ const uint8_t key_material[3] = { 0xfa, 0xca, 0xde };
+ uint8_t exported[sizeof(key_material)];
size_t exported_length;
- TEST_USES_KEY_ID( id );
+ TEST_USES_KEY_ID(id);
- memset( &driver, 0, sizeof( driver ) );
- memset( &key_management, 0, sizeof( key_management ) );
+ memset(&driver, 0, sizeof(driver));
+ memset(&key_management, 0, sizeof(key_management));
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
driver.key_management = &key_management;
- driver.persistent_data_size = sizeof( ram_slot_usage_t );
+ driver.persistent_data_size = sizeof(ram_slot_usage_t);
key_management.p_allocate = ram_allocate;
key_management.p_import = ram_import;
key_management.p_destroy = ram_destroy;
key_management.p_export = ram_export;
ram_min_slot = min_slot;
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ PSA_ASSERT(psa_crypto_init());
/* Create a key. */
- psa_set_key_id( &attributes, id );
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
- PSA_ASSERT( psa_import_key( &attributes,
- key_material, sizeof( key_material ),
- &returned_id ) );
+ psa_set_key_id(&attributes, id);
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA);
+ PSA_ASSERT(psa_import_key(&attributes,
+ key_material, sizeof(key_material),
+ &returned_id));
- if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
- {
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
/* For volatile keys, check no persistent data was created */
- if( ! check_no_persistent_data( location ) )
+ if (!check_no_persistent_data(location)) {
goto exit;
- }
- else
- {
+ }
+ } else {
/* For persistent keys, check persistent data */
- if( ! check_persistent_data( location,
- &ram_shadow_slot_usage,
- sizeof( ram_shadow_slot_usage ) ) )
+ if (!check_persistent_data(location,
+ &ram_shadow_slot_usage,
+ sizeof(ram_shadow_slot_usage))) {
goto exit;
+ }
}
/* Test that the key was created in the expected slot. */
- TEST_EQUAL( ram_slots[min_slot].type, PSA_KEY_TYPE_RAW_DATA );
+ TEST_EQUAL(ram_slots[min_slot].type, PSA_KEY_TYPE_RAW_DATA);
/* Maybe restart, to check that the information is saved correctly. */
- if( restart )
- {
- mbedtls_psa_crypto_free( );
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
+ if (restart) {
+ mbedtls_psa_crypto_free();
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ PSA_ASSERT(psa_crypto_init());
- if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
- {
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
/* Check that the PSA core has no knowledge of the volatile key */
- TEST_ASSERT( psa_open_key( returned_id, &handle ) ==
- PSA_ERROR_DOES_NOT_EXIST );
+ TEST_ASSERT(psa_open_key(returned_id, &handle) ==
+ PSA_ERROR_DOES_NOT_EXIST);
/* Drop data from our mockup driver */
ram_slots_reset();
ram_min_slot = min_slot;
/* Re-import key */
- PSA_ASSERT( psa_import_key( &attributes,
- key_material, sizeof( key_material ),
- &returned_id ) );
- }
- else
- {
+ PSA_ASSERT(psa_import_key(&attributes,
+ key_material, sizeof(key_material),
+ &returned_id));
+ } else {
/* Check the persistent key file */
- if( ! check_persistent_data( location,
- &ram_shadow_slot_usage,
- sizeof( ram_shadow_slot_usage ) ) )
+ if (!check_persistent_data(location,
+ &ram_shadow_slot_usage,
+ sizeof(ram_shadow_slot_usage))) {
goto exit;
+ }
}
}
/* Test that the key was created in the expected slot. */
- TEST_EQUAL( ram_slots[min_slot].type, PSA_KEY_TYPE_RAW_DATA );
+ TEST_EQUAL(ram_slots[min_slot].type, PSA_KEY_TYPE_RAW_DATA);
/* Test the key attributes, including the reported slot number. */
- psa_set_key_bits( &attributes,
- PSA_BYTES_TO_BITS( sizeof( key_material ) ) );
- psa_set_key_slot_number( &attributes, min_slot );
+ psa_set_key_bits(&attributes,
+ PSA_BYTES_TO_BITS(sizeof(key_material)));
+ psa_set_key_slot_number(&attributes, min_slot);
- if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
attributes.core.id = returned_id;
- else
- psa_set_key_id( &attributes, returned_id );
+ } else {
+ psa_set_key_id(&attributes, returned_id);
+ }
- if( ! check_key_attributes( returned_id, &attributes ) )
+ if (!check_key_attributes(returned_id, &attributes)) {
goto exit;
+ }
/* Test the key data. */
- PSA_ASSERT( psa_export_key( returned_id,
- exported, sizeof( exported ),
- &exported_length ) );
- ASSERT_COMPARE( key_material, sizeof( key_material ),
- exported, exported_length );
+ PSA_ASSERT(psa_export_key(returned_id,
+ exported, sizeof(exported),
+ &exported_length));
+ ASSERT_COMPARE(key_material, sizeof(key_material),
+ exported, exported_length);
- PSA_ASSERT( psa_destroy_key( returned_id ) );
- if( ! check_persistent_data( location,
- &ram_shadow_slot_usage,
- sizeof( ram_shadow_slot_usage ) ) )
+ PSA_ASSERT(psa_destroy_key(returned_id));
+ if (!check_persistent_data(location,
+ &ram_shadow_slot_usage,
+ sizeof(ram_shadow_slot_usage))) {
goto exit;
- TEST_EQUAL( psa_open_key( returned_id, &handle ),
- PSA_ERROR_DOES_NOT_EXIST );
+ }
+ TEST_EQUAL(psa_open_key(returned_id, &handle),
+ PSA_ERROR_DOES_NOT_EXIST);
/* Test that the key has been erased from the designated slot. */
- TEST_EQUAL( ram_slots[min_slot].type, 0 );
+ TEST_EQUAL(ram_slots[min_slot].type, 0);
exit:
- PSA_DONE( );
- ram_slots_reset( );
- psa_purge_storage( );
+ PSA_DONE();
+ ram_slots_reset();
+ psa_purge_storage();
}
/* END_CASE */
/* BEGIN_CASE */
-void key_creation_in_chosen_slot( int slot_arg,
- int restart,
- int expected_status_arg )
+void key_creation_in_chosen_slot(int slot_arg,
+ int restart,
+ int expected_status_arg)
{
psa_key_slot_number_t wanted_slot = slot_arg;
psa_status_t expected_status = expected_status_arg;
@@ -996,200 +991,208 @@
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime);
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1);
mbedtls_svc_key_id_t returned_id;
psa_key_handle_t handle;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
+ const uint8_t key_material[3] = { 0xfa, 0xca, 0xde };
- TEST_USES_KEY_ID( id );
+ TEST_USES_KEY_ID(id);
- memset( &driver, 0, sizeof( driver ) );
- memset( &key_management, 0, sizeof( key_management ) );
+ memset(&driver, 0, sizeof(driver));
+ memset(&key_management, 0, sizeof(key_management));
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
driver.key_management = &key_management;
- driver.persistent_data_size = sizeof( ram_slot_usage_t );
+ driver.persistent_data_size = sizeof(ram_slot_usage_t);
key_management.p_validate_slot_number = ram_validate_slot_number;
key_management.p_import = ram_import;
key_management.p_destroy = ram_destroy;
key_management.p_export = ram_export;
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ PSA_ASSERT(psa_crypto_init());
/* Create a key. */
- psa_set_key_id( &attributes, id );
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
- psa_set_key_slot_number( &attributes, wanted_slot );
- status = psa_import_key( &attributes,
- key_material, sizeof( key_material ),
- &returned_id );
- TEST_EQUAL( status, expected_status );
+ psa_set_key_id(&attributes, id);
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA);
+ psa_set_key_slot_number(&attributes, wanted_slot);
+ status = psa_import_key(&attributes,
+ key_material, sizeof(key_material),
+ &returned_id);
+ TEST_EQUAL(status, expected_status);
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
goto exit;
- if( ! check_persistent_data( location,
- &ram_shadow_slot_usage,
- sizeof( ram_shadow_slot_usage ) ) )
+ }
+ if (!check_persistent_data(location,
+ &ram_shadow_slot_usage,
+ sizeof(ram_shadow_slot_usage))) {
goto exit;
+ }
/* Maybe restart, to check that the information is saved correctly. */
- if( restart )
- {
- mbedtls_psa_crypto_free( );
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
- if( ! check_persistent_data( location,
- &ram_shadow_slot_usage,
- sizeof( ram_shadow_slot_usage ) ) )
+ if (restart) {
+ mbedtls_psa_crypto_free();
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ PSA_ASSERT(psa_crypto_init());
+ if (!check_persistent_data(location,
+ &ram_shadow_slot_usage,
+ sizeof(ram_shadow_slot_usage))) {
goto exit;
+ }
}
/* Test that the key was created in the expected slot. */
- TEST_EQUAL( ram_slots[wanted_slot].type, PSA_KEY_TYPE_RAW_DATA );
+ TEST_EQUAL(ram_slots[wanted_slot].type, PSA_KEY_TYPE_RAW_DATA);
/* Test that the key is reported with the correct attributes,
* including the expected slot. */
- PSA_ASSERT( psa_get_key_attributes( id, &attributes ) );
+ PSA_ASSERT(psa_get_key_attributes(id, &attributes));
- PSA_ASSERT( psa_destroy_key( id ) );
- if( ! check_persistent_data( location,
- &ram_shadow_slot_usage,
- sizeof( ram_shadow_slot_usage ) ) )
+ PSA_ASSERT(psa_destroy_key(id));
+ if (!check_persistent_data(location,
+ &ram_shadow_slot_usage,
+ sizeof(ram_shadow_slot_usage))) {
goto exit;
- TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
+ }
+ TEST_EQUAL(psa_open_key(id, &handle), PSA_ERROR_DOES_NOT_EXIST);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- PSA_DONE( );
- ram_slots_reset( );
- psa_purge_storage( );
+ PSA_DONE();
+ ram_slots_reset();
+ psa_purge_storage();
}
/* END_CASE */
/* BEGIN_CASE */
-void import_key_smoke( int type_arg, int alg_arg,
- data_t *key_material )
+void import_key_smoke(int type_arg, int alg_arg,
+ data_t *key_material)
{
psa_key_type_t type = type_arg;
psa_algorithm_t alg = alg_arg;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime);
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1);
mbedtls_svc_key_id_t returned_id;
psa_key_handle_t handle;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- TEST_USES_KEY_ID( id );
+ TEST_USES_KEY_ID(id);
- memset( &driver, 0, sizeof( driver ) );
- memset( &key_management, 0, sizeof( key_management ) );
+ memset(&driver, 0, sizeof(driver));
+ memset(&key_management, 0, sizeof(key_management));
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
driver.key_management = &key_management;
- driver.persistent_data_size = sizeof( psa_key_slot_number_t );
+ driver.persistent_data_size = sizeof(psa_key_slot_number_t);
key_management.p_allocate = counter_allocate;
key_management.p_import = null_import;
key_management.p_destroy = null_destroy;
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ PSA_ASSERT(psa_crypto_init());
/* Create a key. */
- psa_set_key_id( &attributes, id );
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH |
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT |
- PSA_KEY_USAGE_EXPORT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, type );
- PSA_ASSERT( psa_import_key( &attributes,
- key_material->x, key_material->len,
- &returned_id ) );
- if( ! check_persistent_data( location,
- &shadow_counter, sizeof( shadow_counter ) ) )
+ psa_set_key_id(&attributes, id);
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH |
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT |
+ PSA_KEY_USAGE_EXPORT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, type);
+ PSA_ASSERT(psa_import_key(&attributes,
+ key_material->x, key_material->len,
+ &returned_id));
+ if (!check_persistent_data(location,
+ &shadow_counter, sizeof(shadow_counter))) {
goto exit;
+ }
/* Do stuff with the key. */
- if( ! smoke_test_key( id ) )
+ if (!smoke_test_key(id)) {
goto exit;
+ }
/* Restart and try again. */
- mbedtls_psa_crypto_free( );
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
- if( ! check_persistent_data( location,
- &shadow_counter, sizeof( shadow_counter ) ) )
+ mbedtls_psa_crypto_free();
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ PSA_ASSERT(psa_crypto_init());
+ if (!check_persistent_data(location,
+ &shadow_counter, sizeof(shadow_counter))) {
goto exit;
- if( ! smoke_test_key( id ) )
+ }
+ if (!smoke_test_key(id)) {
goto exit;
+ }
/* We're done. */
- PSA_ASSERT( psa_destroy_key( id ) );
- if( ! check_persistent_data( location,
- &shadow_counter, sizeof( shadow_counter ) ) )
+ PSA_ASSERT(psa_destroy_key(id));
+ if (!check_persistent_data(location,
+ &shadow_counter, sizeof(shadow_counter))) {
goto exit;
- TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
+ }
+ TEST_EQUAL(psa_open_key(id, &handle), PSA_ERROR_DOES_NOT_EXIST);
exit:
- PSA_DONE( );
- counter_reset( );
- psa_purge_storage( );
+ PSA_DONE();
+ counter_reset();
+ psa_purge_storage();
}
/* END_CASE */
/* BEGIN_CASE */
-void generate_key_not_supported( int type_arg, int bits_arg )
+void generate_key_not_supported(int type_arg, int bits_arg)
{
psa_key_type_t type = type_arg;
size_t bits = bits_arg;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime);
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1);
mbedtls_svc_key_id_t returned_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- TEST_USES_KEY_ID( id );
+ TEST_USES_KEY_ID(id);
- memset( &driver, 0, sizeof( driver ) );
- memset( &key_management, 0, sizeof( key_management ) );
+ memset(&driver, 0, sizeof(driver));
+ memset(&key_management, 0, sizeof(key_management));
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
driver.key_management = &key_management;
- driver.persistent_data_size = sizeof( psa_key_slot_number_t );
+ driver.persistent_data_size = sizeof(psa_key_slot_number_t);
key_management.p_allocate = counter_allocate;
/* No p_generate method */
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_id( &attributes, id );
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_type( &attributes, type );
- psa_set_key_bits( &attributes, bits );
- TEST_EQUAL( psa_generate_key( &attributes, &returned_id ),
- PSA_ERROR_NOT_SUPPORTED );
+ psa_set_key_id(&attributes, id);
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_type(&attributes, type);
+ psa_set_key_bits(&attributes, bits);
+ TEST_EQUAL(psa_generate_key(&attributes, &returned_id),
+ PSA_ERROR_NOT_SUPPORTED);
exit:
- PSA_DONE( );
- counter_reset( );
- psa_purge_storage( );
+ PSA_DONE();
+ counter_reset();
+ psa_purge_storage();
}
/* END_CASE */
/* BEGIN_CASE */
-void generate_key_smoke( int type_arg, int bits_arg, int alg_arg )
+void generate_key_smoke(int type_arg, int bits_arg, int alg_arg)
{
psa_key_type_t type = type_arg;
psa_key_bits_t bits = bits_arg;
@@ -1197,88 +1200,93 @@
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime);
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1);
mbedtls_svc_key_id_t returned_id;
psa_key_handle_t handle;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- TEST_USES_KEY_ID( id );
+ TEST_USES_KEY_ID(id);
- memset( &driver, 0, sizeof( driver ) );
- memset( &key_management, 0, sizeof( key_management ) );
+ memset(&driver, 0, sizeof(driver));
+ memset(&key_management, 0, sizeof(key_management));
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
driver.key_management = &key_management;
- driver.persistent_data_size = sizeof( psa_key_slot_number_t );
+ driver.persistent_data_size = sizeof(psa_key_slot_number_t);
key_management.p_allocate = counter_allocate;
key_management.p_generate = null_generate;
key_management.p_destroy = null_destroy;
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ PSA_ASSERT(psa_crypto_init());
/* Create a key. */
- psa_set_key_id( &attributes, id );
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH |
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT |
- PSA_KEY_USAGE_EXPORT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, type );
- psa_set_key_bits( &attributes, bits );
- PSA_ASSERT( psa_generate_key( &attributes, &returned_id ) );
- if( ! check_persistent_data( location,
- &shadow_counter, sizeof( shadow_counter ) ) )
+ psa_set_key_id(&attributes, id);
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH |
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT |
+ PSA_KEY_USAGE_EXPORT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, type);
+ psa_set_key_bits(&attributes, bits);
+ PSA_ASSERT(psa_generate_key(&attributes, &returned_id));
+ if (!check_persistent_data(location,
+ &shadow_counter, sizeof(shadow_counter))) {
goto exit;
+ }
/* Do stuff with the key. */
- if( ! smoke_test_key( id ) )
+ if (!smoke_test_key(id)) {
goto exit;
+ }
/* Restart and try again. */
- mbedtls_psa_crypto_free( );
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
- if( ! check_persistent_data( location,
- &shadow_counter, sizeof( shadow_counter ) ) )
+ mbedtls_psa_crypto_free();
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ PSA_ASSERT(psa_crypto_init());
+ if (!check_persistent_data(location,
+ &shadow_counter, sizeof(shadow_counter))) {
goto exit;
- if( ! smoke_test_key( id ) )
+ }
+ if (!smoke_test_key(id)) {
goto exit;
+ }
/* We're done. */
- PSA_ASSERT( psa_destroy_key( id ) );
- if( ! check_persistent_data( location,
- &shadow_counter, sizeof( shadow_counter ) ) )
+ PSA_ASSERT(psa_destroy_key(id));
+ if (!check_persistent_data(location,
+ &shadow_counter, sizeof(shadow_counter))) {
goto exit;
- TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
+ }
+ TEST_EQUAL(psa_open_key(id, &handle), PSA_ERROR_DOES_NOT_EXIST);
exit:
- PSA_DONE( );
- counter_reset( );
- psa_purge_storage( );
+ PSA_DONE();
+ counter_reset();
+ psa_purge_storage();
}
/* END_CASE */
/* BEGIN_CASE */
-void sign_verify( int flow,
- int type_arg, int alg_arg,
- int bits_arg, data_t *key_material,
- data_t *input )
+void sign_verify(int flow,
+ int type_arg, int alg_arg,
+ int bits_arg, data_t *key_material,
+ data_t *input)
{
psa_key_type_t type = type_arg;
psa_algorithm_t alg = alg_arg;
size_t bits = bits_arg;
/* Pass bits=0 to import, bits>0 to fake-generate */
- int generating = ( bits != 0 );
+ int generating = (bits != 0);
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_drv_se_asymmetric_t asymmetric;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime);
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1);
mbedtls_svc_key_id_t returned_id;
mbedtls_svc_key_id_t sw_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -1286,23 +1294,23 @@
uint8_t signature[PSA_SIGNATURE_MAX_SIZE];
size_t signature_length;
- TEST_USES_KEY_ID( id );
+ TEST_USES_KEY_ID(id);
- memset( &driver, 0, sizeof( driver ) );
- memset( &key_management, 0, sizeof( key_management ) );
- memset( &asymmetric, 0, sizeof( asymmetric ) );
+ memset(&driver, 0, sizeof(driver));
+ memset(&key_management, 0, sizeof(key_management));
+ memset(&asymmetric, 0, sizeof(asymmetric));
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
driver.key_management = &key_management;
driver.asymmetric = &asymmetric;
- driver.persistent_data_size = sizeof( ram_slot_usage_t );
+ driver.persistent_data_size = sizeof(ram_slot_usage_t);
key_management.p_allocate = ram_allocate;
key_management.p_destroy = ram_destroy;
- if( generating )
+ if (generating) {
key_management.p_generate = ram_fake_generate;
- else
+ } else {
key_management.p_import = ram_import;
- switch( flow )
- {
+ }
+ switch (flow) {
case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:
break;
case SIGN_IN_DRIVER_AND_PARALLEL_CREATION:
@@ -1313,208 +1321,206 @@
key_management.p_export_public = ram_export_public;
break;
default:
- TEST_ASSERT( ! "unsupported flow (should be SIGN_IN_xxx)" );
+ TEST_ASSERT(!"unsupported flow (should be SIGN_IN_xxx)");
break;
}
asymmetric.p_verify = ram_verify;
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ PSA_ASSERT(psa_crypto_init());
/* Prepare to create two keys with the same key material: a transparent
* key, and one that goes through the driver. */
- psa_set_key_usage_flags( &sw_attributes,
- PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
- psa_set_key_algorithm( &sw_attributes, alg );
- psa_set_key_type( &sw_attributes, type );
+ psa_set_key_usage_flags(&sw_attributes,
+ PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH);
+ psa_set_key_algorithm(&sw_attributes, alg);
+ psa_set_key_type(&sw_attributes, type);
drv_attributes = sw_attributes;
- psa_set_key_id( &drv_attributes, id );
- psa_set_key_lifetime( &drv_attributes, lifetime );
+ psa_set_key_id(&drv_attributes, id);
+ psa_set_key_lifetime(&drv_attributes, lifetime);
/* Create the key in the driver. */
- if( generating )
- {
- psa_set_key_bits( &drv_attributes, bits );
- PSA_ASSERT( psa_generate_key( &drv_attributes, &returned_id ) );
+ if (generating) {
+ psa_set_key_bits(&drv_attributes, bits);
+ PSA_ASSERT(psa_generate_key(&drv_attributes, &returned_id));
/* Since we called a generate method that does not actually
* generate material, store the desired result of generation in
* the mock secure element storage. */
- PSA_ASSERT( psa_get_key_attributes( id, &drv_attributes ) );
- TEST_EQUAL( key_material->len, PSA_BITS_TO_BYTES( bits ) );
- memcpy( ram_slots[ram_min_slot].content, key_material->x,
- key_material->len );
- }
- else
- {
- PSA_ASSERT( psa_import_key( &drv_attributes,
- key_material->x, key_material->len,
- &returned_id ) );
+ PSA_ASSERT(psa_get_key_attributes(id, &drv_attributes));
+ TEST_EQUAL(key_material->len, PSA_BITS_TO_BYTES(bits));
+ memcpy(ram_slots[ram_min_slot].content, key_material->x,
+ key_material->len);
+ } else {
+ PSA_ASSERT(psa_import_key(&drv_attributes,
+ key_material->x, key_material->len,
+ &returned_id));
}
/* Either import the same key in software, or export the driver's
* public key and import that. */
- switch( flow )
- {
+ switch (flow) {
case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:
case SIGN_IN_DRIVER_AND_PARALLEL_CREATION:
- PSA_ASSERT( psa_import_key( &sw_attributes,
- key_material->x, key_material->len,
- &sw_key ) );
+ PSA_ASSERT(psa_import_key(&sw_attributes,
+ key_material->x, key_material->len,
+ &sw_key));
break;
case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:
{
- uint8_t public_key[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( PSA_VENDOR_ECC_MAX_CURVE_BITS )];
+ uint8_t public_key[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
+ ];
size_t public_key_length;
- PSA_ASSERT( psa_export_public_key( id,
- public_key, sizeof( public_key ),
- &public_key_length ) );
- psa_set_key_type( &sw_attributes,
- PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ) );
- PSA_ASSERT( psa_import_key( &sw_attributes,
- public_key, public_key_length,
- &sw_key ) );
+ PSA_ASSERT(psa_export_public_key(id,
+ public_key, sizeof(public_key),
+ &public_key_length));
+ psa_set_key_type(&sw_attributes,
+ PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type));
+ PSA_ASSERT(psa_import_key(&sw_attributes,
+ public_key, public_key_length,
+ &sw_key));
break;
}
}
/* Sign with the chosen key. */
- switch( flow )
- {
+ switch (flow) {
case SIGN_IN_DRIVER_AND_PARALLEL_CREATION:
case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:
PSA_ASSERT_VIA_DRIVER(
- psa_sign_hash( id, alg,
- input->x, input->len,
- signature, sizeof( signature ),
- &signature_length ),
- PSA_SUCCESS );
+ psa_sign_hash(id, alg,
+ input->x, input->len,
+ signature, sizeof(signature),
+ &signature_length),
+ PSA_SUCCESS);
break;
case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:
- PSA_ASSERT( psa_sign_hash( sw_key, alg,
- input->x, input->len,
- signature, sizeof( signature ),
- &signature_length ) );
+ PSA_ASSERT(psa_sign_hash(sw_key, alg,
+ input->x, input->len,
+ signature, sizeof(signature),
+ &signature_length));
break;
}
/* Verify with both keys. */
- PSA_ASSERT( psa_verify_hash( sw_key, alg,
- input->x, input->len,
- signature, signature_length ) );
+ PSA_ASSERT(psa_verify_hash(sw_key, alg,
+ input->x, input->len,
+ signature, signature_length));
PSA_ASSERT_VIA_DRIVER(
- psa_verify_hash( id, alg,
- input->x, input->len,
- signature, signature_length ),
- PSA_SUCCESS );
+ psa_verify_hash(id, alg,
+ input->x, input->len,
+ signature, signature_length),
+ PSA_SUCCESS);
/* Change the signature and verify again. */
signature[0] ^= 1;
- TEST_EQUAL( psa_verify_hash( sw_key, alg,
- input->x, input->len,
- signature, signature_length ),
- PSA_ERROR_INVALID_SIGNATURE );
+ TEST_EQUAL(psa_verify_hash(sw_key, alg,
+ input->x, input->len,
+ signature, signature_length),
+ PSA_ERROR_INVALID_SIGNATURE);
PSA_ASSERT_VIA_DRIVER(
- psa_verify_hash( id, alg,
- input->x, input->len,
- signature, signature_length ),
- PSA_ERROR_INVALID_SIGNATURE );
+ psa_verify_hash(id, alg,
+ input->x, input->len,
+ signature, signature_length),
+ PSA_ERROR_INVALID_SIGNATURE);
exit:
/*
* Driver key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &drv_attributes );
+ psa_reset_key_attributes(&drv_attributes);
- psa_destroy_key( id );
- psa_destroy_key( sw_key );
- PSA_DONE( );
- ram_slots_reset( );
- psa_purge_storage( );
+ psa_destroy_key(id);
+ psa_destroy_key(sw_key);
+ PSA_DONE();
+ ram_slots_reset();
+ psa_purge_storage();
}
/* END_CASE */
/* BEGIN_CASE */
-void register_key_smoke_test( int lifetime_arg,
- int owner_id_arg,
- int id_arg,
- int validate,
- int expected_status_arg )
+void register_key_smoke_test(int lifetime_arg,
+ int owner_id_arg,
+ int id_arg,
+ int validate,
+ int expected_status_arg)
{
psa_key_lifetime_t lifetime = lifetime_arg;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime);
psa_status_t expected_status = expected_status_arg;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg );
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(owner_id_arg, id_arg);
psa_key_handle_t handle;
size_t bit_size = 48;
psa_key_slot_number_t wanted_slot = 0x123456789;
psa_status_t status;
- TEST_USES_KEY_ID( id );
+ TEST_USES_KEY_ID(id);
- memset( &driver, 0, sizeof( driver ) );
+ memset(&driver, 0, sizeof(driver));
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
- memset( &key_management, 0, sizeof( key_management ) );
+ memset(&key_management, 0, sizeof(key_management));
driver.key_management = &key_management;
key_management.p_destroy = null_destroy;
- if( validate >= 0 )
- {
+ if (validate >= 0) {
key_management.p_validate_slot_number = validate_slot_number_as_directed;
validate_slot_number_directions.slot_number = wanted_slot;
validate_slot_number_directions.method = PSA_KEY_CREATION_REGISTER;
validate_slot_number_directions.status =
- ( validate > 0 ? PSA_SUCCESS : PSA_ERROR_NOT_PERMITTED );
+ (validate > 0 ? PSA_SUCCESS : PSA_ERROR_NOT_PERMITTED);
}
- mbedtls_test_set_step( 1 );
- PSA_ASSERT( psa_register_se_driver( MIN_DRIVER_LOCATION, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
+ mbedtls_test_set_step(1);
+ PSA_ASSERT(psa_register_se_driver(MIN_DRIVER_LOCATION, &driver));
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_id( &attributes, id );
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
- psa_set_key_bits( &attributes, bit_size );
- psa_set_key_slot_number( &attributes, wanted_slot );
+ psa_set_key_id(&attributes, id);
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA);
+ psa_set_key_bits(&attributes, bit_size);
+ psa_set_key_slot_number(&attributes, wanted_slot);
- status = mbedtls_psa_register_se_key( &attributes );
- TEST_EQUAL( status, expected_status );
+ status = mbedtls_psa_register_se_key(&attributes);
+ TEST_EQUAL(status, expected_status);
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* Test that the key exists and has the expected attributes. */
- if( ! check_key_attributes( id, &attributes ) )
+ if (!check_key_attributes(id, &attributes)) {
goto exit;
+ }
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
mbedtls_svc_key_id_t invalid_id =
- mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg );
- TEST_EQUAL( psa_open_key( invalid_id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
+ mbedtls_svc_key_id_make(owner_id_arg + 1, id_arg);
+ TEST_EQUAL(psa_open_key(invalid_id, &handle), PSA_ERROR_DOES_NOT_EXIST);
#endif
- PSA_ASSERT( psa_purge_key( id ) );
+ PSA_ASSERT(psa_purge_key(id));
/* Restart and try again. */
- mbedtls_test_set_step( 2 );
- PSA_SESSION_DONE( );
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
- if( ! check_key_attributes( id, &attributes ) )
+ mbedtls_test_set_step(2);
+ PSA_SESSION_DONE();
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ PSA_ASSERT(psa_crypto_init());
+ if (!check_key_attributes(id, &attributes)) {
goto exit;
+ }
/* This time, destroy the key. */
- PSA_ASSERT( psa_destroy_key( id ) );
- TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
+ PSA_ASSERT(psa_destroy_key(id));
+ TEST_EQUAL(psa_open_key(id, &handle), PSA_ERROR_DOES_NOT_EXIST);
exit:
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( id );
- PSA_DONE( );
- psa_purge_storage( );
- memset( &validate_slot_number_directions, 0,
- sizeof( validate_slot_number_directions ) );
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(id);
+ PSA_DONE();
+ psa_purge_storage();
+ memset(&validate_slot_number_directions, 0,
+ sizeof(validate_slot_number_directions));
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
index 12c58eb..6f28f93 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
@@ -7,18 +7,16 @@
/** The location and lifetime used for tests that use a single driver. */
#define TEST_DRIVER_LOCATION 1
#define TEST_SE_PERSISTENT_LIFETIME \
- ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
- PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) )
+ (PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
+ PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION))
-static struct
-{
+static struct {
uint16_t called;
psa_key_location_t location;
psa_status_t return_value;
} mock_init_data;
-static struct
-{
+static struct {
uint16_t called;
psa_key_slot_number_t key_slot;
psa_key_attributes_t attributes;
@@ -26,8 +24,7 @@
psa_status_t return_value;
} mock_generate_data;
-static struct
-{
+static struct {
uint16_t called;
psa_key_slot_number_t key_slot;
psa_key_attributes_t attributes;
@@ -36,24 +33,21 @@
psa_status_t return_value;
} mock_import_data;
-static struct
-{
+static struct {
uint16_t called;
psa_key_slot_number_t slot_number;
size_t data_size;
psa_status_t return_value;
} mock_export_data;
-static struct
-{
+static struct {
uint16_t called;
psa_key_slot_number_t slot_number;
size_t data_size;
psa_status_t return_value;
} mock_export_public_data;
-static struct
-{
+static struct {
uint16_t called;
psa_key_slot_number_t key_slot;
psa_algorithm_t alg;
@@ -62,8 +56,7 @@
psa_status_t return_value;
} mock_sign_data;
-static struct
-{
+static struct {
uint16_t called;
psa_key_slot_number_t key_slot;
psa_algorithm_t alg;
@@ -72,21 +65,19 @@
psa_status_t return_value;
} mock_verify_data;
-static struct
-{
+static struct {
uint16_t called;
psa_status_t return_value;
} mock_allocate_data;
-static struct
-{
+static struct {
uint16_t called;
psa_key_slot_number_t slot_number;
psa_status_t return_value;
} mock_destroy_data;
#define MAX_KEY_ID_FOR_TEST 10
-static void psa_purge_storage( void )
+static void psa_purge_storage(void)
{
psa_key_id_t id;
psa_key_location_t location;
@@ -94,48 +85,50 @@
/* The tests may have potentially created key ids from 1 to
* MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
* 0, which file-based storage uses as a temporary file. */
- for( id = 0; id <= MAX_KEY_ID_FOR_TEST; id++ )
- psa_destroy_persistent_key( mbedtls_svc_key_id_make( 1, id ) );
+ for (id = 0; id <= MAX_KEY_ID_FOR_TEST; id++) {
+ psa_destroy_persistent_key(mbedtls_svc_key_id_make(1, id));
+ }
/* Purge the transaction file. */
- psa_crypto_stop_transaction( );
+ psa_crypto_stop_transaction();
/* Purge driver persistent data. */
- for( location = 0; location < PSA_MAX_SE_LOCATION; location++ )
- psa_destroy_se_persistent_data( location );
+ for (location = 0; location < PSA_MAX_SE_LOCATION; location++) {
+ psa_destroy_se_persistent_data(location);
+ }
}
-static void mock_teardown( void )
+static void mock_teardown(void)
{
- memset( &mock_init_data, 0, sizeof( mock_init_data ) );
- memset( &mock_import_data, 0, sizeof( mock_import_data ) );
- memset( &mock_export_data, 0, sizeof( mock_export_data ) );
- memset( &mock_export_public_data, 0, sizeof( mock_export_public_data ) );
- memset( &mock_sign_data, 0, sizeof( mock_sign_data ) );
- memset( &mock_verify_data, 0, sizeof( mock_verify_data ) );
- memset( &mock_allocate_data, 0, sizeof( mock_allocate_data ) );
- memset( &mock_destroy_data, 0, sizeof( mock_destroy_data ) );
- memset( &mock_generate_data, 0, sizeof( mock_generate_data ) );
- psa_purge_storage( );
+ memset(&mock_init_data, 0, sizeof(mock_init_data));
+ memset(&mock_import_data, 0, sizeof(mock_import_data));
+ memset(&mock_export_data, 0, sizeof(mock_export_data));
+ memset(&mock_export_public_data, 0, sizeof(mock_export_public_data));
+ memset(&mock_sign_data, 0, sizeof(mock_sign_data));
+ memset(&mock_verify_data, 0, sizeof(mock_verify_data));
+ memset(&mock_allocate_data, 0, sizeof(mock_allocate_data));
+ memset(&mock_destroy_data, 0, sizeof(mock_destroy_data));
+ memset(&mock_generate_data, 0, sizeof(mock_generate_data));
+ psa_purge_storage();
}
-static psa_status_t mock_init( psa_drv_se_context_t *drv_context,
- void *persistent_data,
- psa_key_location_t location )
+static psa_status_t mock_init(psa_drv_se_context_t *drv_context,
+ void *persistent_data,
+ psa_key_location_t location)
{
(void) drv_context;
(void) persistent_data;
mock_init_data.called++;
mock_init_data.location = location;
- return( mock_init_data.return_value );
+ return mock_init_data.return_value;
}
-static psa_status_t mock_generate( psa_drv_se_context_t *drv_context,
- psa_key_slot_number_t key_slot,
- const psa_key_attributes_t *attributes,
- uint8_t *pubkey,
- size_t pubkey_size,
- size_t *pubkey_length )
+static psa_status_t mock_generate(psa_drv_se_context_t *drv_context,
+ psa_key_slot_number_t key_slot,
+ const psa_key_attributes_t *attributes,
+ uint8_t *pubkey,
+ size_t pubkey_size,
+ size_t *pubkey_length)
{
(void) drv_context;
(void) pubkey;
@@ -146,15 +139,15 @@
mock_generate_data.attributes = *attributes;
mock_generate_data.pubkey_size = pubkey_size;
- return( mock_generate_data.return_value );
+ return mock_generate_data.return_value;
}
-static psa_status_t mock_import( psa_drv_se_context_t *drv_context,
- psa_key_slot_number_t key_slot,
- const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- size_t *bits )
+static psa_status_t mock_import(psa_drv_se_context_t *drv_context,
+ psa_key_slot_number_t key_slot,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ size_t *bits)
{
(void) drv_context;
(void) data;
@@ -166,14 +159,14 @@
mock_import_data.attributes = *attributes;
mock_import_data.data_length = data_length;
- return( mock_import_data.return_value );
+ return mock_import_data.return_value;
}
-psa_status_t mock_export( psa_drv_se_context_t *context,
- psa_key_slot_number_t slot_number,
- uint8_t *p_data,
- size_t data_size,
- size_t *p_data_length )
+psa_status_t mock_export(psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ uint8_t *p_data,
+ size_t data_size,
+ size_t *p_data_length)
{
(void) context;
(void) p_data;
@@ -183,14 +176,14 @@
mock_export_data.slot_number = slot_number;
mock_export_data.data_size = data_size;
- return( mock_export_data.return_value );
+ return mock_export_data.return_value;
}
-psa_status_t mock_export_public( psa_drv_se_context_t *context,
- psa_key_slot_number_t slot_number,
- uint8_t *p_data,
- size_t data_size,
- size_t *p_data_length )
+psa_status_t mock_export_public(psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ uint8_t *p_data,
+ size_t data_size,
+ size_t *p_data_length)
{
(void) context;
(void) p_data;
@@ -200,17 +193,17 @@
mock_export_public_data.slot_number = slot_number;
mock_export_public_data.data_size = data_size;
- return( mock_export_public_data.return_value );
+ return mock_export_public_data.return_value;
}
-psa_status_t mock_sign( psa_drv_se_context_t *context,
- psa_key_slot_number_t key_slot,
- psa_algorithm_t alg,
- const uint8_t *p_hash,
- size_t hash_length,
- uint8_t *p_signature,
- size_t signature_size,
- size_t *p_signature_length )
+psa_status_t mock_sign(psa_drv_se_context_t *context,
+ psa_key_slot_number_t key_slot,
+ psa_algorithm_t alg,
+ const uint8_t *p_hash,
+ size_t hash_length,
+ uint8_t *p_signature,
+ size_t signature_size,
+ size_t *p_signature_length)
{
(void) context;
(void) p_hash;
@@ -226,13 +219,13 @@
return mock_sign_data.return_value;
}
-psa_status_t mock_verify( psa_drv_se_context_t *context,
- psa_key_slot_number_t key_slot,
- psa_algorithm_t alg,
- const uint8_t *p_hash,
- size_t hash_length,
- const uint8_t *p_signature,
- size_t signature_length )
+psa_status_t mock_verify(psa_drv_se_context_t *context,
+ psa_key_slot_number_t key_slot,
+ psa_algorithm_t alg,
+ const uint8_t *p_hash,
+ size_t hash_length,
+ const uint8_t *p_signature,
+ size_t signature_length)
{
(void) context;
(void) p_hash;
@@ -247,11 +240,11 @@
return mock_verify_data.return_value;
}
-psa_status_t mock_allocate( psa_drv_se_context_t *drv_context,
- void *persistent_data,
- const psa_key_attributes_t *attributes,
- psa_key_creation_method_t method,
- psa_key_slot_number_t *key_slot )
+psa_status_t mock_allocate(psa_drv_se_context_t *drv_context,
+ void *persistent_data,
+ const psa_key_attributes_t *attributes,
+ psa_key_creation_method_t method,
+ psa_key_slot_number_t *key_slot)
{
(void) drv_context;
(void) persistent_data;
@@ -262,12 +255,12 @@
mock_allocate_data.called++;
*key_slot = 0;
- return( mock_allocate_data.return_value );
+ return mock_allocate_data.return_value;
}
-psa_status_t mock_destroy( psa_drv_se_context_t *context,
- void *persistent_data,
- psa_key_slot_number_t slot_number )
+psa_status_t mock_destroy(psa_drv_se_context_t *context,
+ void *persistent_data,
+ psa_key_slot_number_t slot_number)
{
(void) context;
(void) persistent_data;
@@ -275,7 +268,7 @@
mock_destroy_data.called++;
mock_destroy_data.slot_number = slot_number;
- return( mock_destroy_data.return_value );
+ return mock_destroy_data.return_value;
}
/* END_HEADER */
@@ -286,11 +279,11 @@
*/
/* BEGIN_CASE */
-void mock_init( int location_arg,
- int expected_register_status_arg,
- int driver_status_arg,
- int expected_psa_status_arg,
- int expected_called )
+void mock_init(int location_arg,
+ int expected_register_status_arg,
+ int driver_status_arg,
+ int expected_psa_status_arg,
+ int expected_called)
{
psa_key_location_t location = location_arg;
psa_status_t expected_register_status = expected_register_status_arg;
@@ -304,112 +297,110 @@
mock_init_data.return_value = driver_status;
- TEST_EQUAL( psa_register_se_driver( location, &driver ),
- expected_register_status );
+ TEST_EQUAL(psa_register_se_driver(location, &driver),
+ expected_register_status);
psa_crypto_init_called = 1;
- TEST_EQUAL( psa_crypto_init( ), expected_psa_status );
+ TEST_EQUAL(psa_crypto_init(), expected_psa_status);
- TEST_EQUAL( mock_init_data.called, expected_called );
- if( expected_called )
- TEST_EQUAL( mock_init_data.location, location );
+ TEST_EQUAL(mock_init_data.called, expected_called);
+ if (expected_called) {
+ TEST_EQUAL(mock_init_data.location, location);
+ }
exit:
- if( psa_crypto_init_called )
- PSA_DONE( );
- mock_teardown( );
+ if (psa_crypto_init_called) {
+ PSA_DONE();
+ }
+ mock_teardown();
}
/* END_CASE */
/* BEGIN_CASE */
-void mock_import( int mock_alloc_return_value,
- int mock_import_return_value,
- int bits,
- int expected_result )
+void mock_import(int mock_alloc_return_value,
+ int mock_import_return_value,
+ int bits,
+ int expected_result)
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime);
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1);
mbedtls_svc_key_id_t returned_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
+ const uint8_t key_material[3] = { 0xfa, 0xca, 0xde };
mock_allocate_data.return_value = mock_alloc_return_value;
mock_import_data.return_value = mock_import_return_value;
mock_import_data.bits = bits;
- memset( &driver, 0, sizeof( driver ) );
- memset( &key_management, 0, sizeof( key_management ) );
+ memset(&driver, 0, sizeof(driver));
+ memset(&key_management, 0, sizeof(key_management));
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
driver.key_management = &key_management;
key_management.p_import = mock_import;
key_management.p_destroy = mock_destroy;
key_management.p_allocate = mock_allocate;
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_id( &attributes, id );
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
- TEST_ASSERT( psa_import_key( &attributes,
- key_material, sizeof( key_material ),
- &returned_id ) == expected_result );
+ psa_set_key_id(&attributes, id);
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA);
+ TEST_ASSERT(psa_import_key(&attributes,
+ key_material, sizeof(key_material),
+ &returned_id) == expected_result);
- TEST_ASSERT( mock_allocate_data.called == 1 );
- TEST_ASSERT( mock_import_data.called ==
- ( mock_alloc_return_value == PSA_SUCCESS? 1 : 0 ) );
+ TEST_ASSERT(mock_allocate_data.called == 1);
+ TEST_ASSERT(mock_import_data.called ==
+ (mock_alloc_return_value == PSA_SUCCESS ? 1 : 0));
- if( mock_alloc_return_value == PSA_SUCCESS )
- {
- TEST_ASSERT( mbedtls_svc_key_id_equal(
- mock_import_data.attributes.core.id, id ) );
- }
- else
- {
- TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
- mock_import_data.attributes.core.id ) == 0 );
- TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(
- mock_import_data.attributes.core.id ) == 0 );
+ if (mock_alloc_return_value == PSA_SUCCESS) {
+ TEST_ASSERT(mbedtls_svc_key_id_equal(
+ mock_import_data.attributes.core.id, id));
+ } else {
+ TEST_ASSERT(MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
+ mock_import_data.attributes.core.id) == 0);
+ TEST_ASSERT(MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(
+ mock_import_data.attributes.core.id) == 0);
}
- TEST_ASSERT( mock_import_data.attributes.core.lifetime ==
- ( mock_alloc_return_value == PSA_SUCCESS? lifetime : 0 ) );
- TEST_ASSERT( mock_import_data.attributes.core.policy.usage ==
- ( mock_alloc_return_value == PSA_SUCCESS? PSA_KEY_USAGE_EXPORT : 0 ) );
- TEST_ASSERT( mock_import_data.attributes.core.type ==
- ( mock_alloc_return_value == PSA_SUCCESS? PSA_KEY_TYPE_RAW_DATA : 0 ) );
+ TEST_ASSERT(mock_import_data.attributes.core.lifetime ==
+ (mock_alloc_return_value == PSA_SUCCESS ? lifetime : 0));
+ TEST_ASSERT(mock_import_data.attributes.core.policy.usage ==
+ (mock_alloc_return_value == PSA_SUCCESS ? PSA_KEY_USAGE_EXPORT : 0));
+ TEST_ASSERT(mock_import_data.attributes.core.type ==
+ (mock_alloc_return_value == PSA_SUCCESS ? PSA_KEY_TYPE_RAW_DATA : 0));
- if( expected_result == PSA_SUCCESS )
- {
- PSA_ASSERT( psa_destroy_key( id ) );
- TEST_ASSERT( mock_destroy_data.called == 1 );
+ if (expected_result == PSA_SUCCESS) {
+ PSA_ASSERT(psa_destroy_key(id));
+ TEST_ASSERT(mock_destroy_data.called == 1);
}
exit:
- PSA_DONE( );
- mock_teardown( );
+ PSA_DONE();
+ mock_teardown();
}
/* END_CASE */
/* BEGIN_CASE */
-void mock_export( int mock_export_return_value, int expected_result )
+void mock_export(int mock_export_return_value, int expected_result)
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime);
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1);
mbedtls_svc_key_id_t returned_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
- uint8_t exported[sizeof( key_material )];
+ const uint8_t key_material[3] = { 0xfa, 0xca, 0xde };
+ uint8_t exported[sizeof(key_material)];
size_t exported_length;
mock_export_data.return_value = mock_export_return_value;
- memset( &driver, 0, sizeof( driver ) );
- memset( &key_management, 0, sizeof( key_management ) );
+ memset(&driver, 0, sizeof(driver));
+ memset(&key_management, 0, sizeof(key_management));
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
driver.key_management = &key_management;
driver.p_init = mock_init;
@@ -418,119 +409,115 @@
key_management.p_destroy = mock_destroy;
key_management.p_allocate = mock_allocate;
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_id( &attributes, id );
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
- PSA_ASSERT( psa_import_key( &attributes,
- key_material, sizeof( key_material ),
- &returned_id ) );
+ psa_set_key_id(&attributes, id);
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA);
+ PSA_ASSERT(psa_import_key(&attributes,
+ key_material, sizeof(key_material),
+ &returned_id));
- TEST_ASSERT( psa_export_key( id,
- exported, sizeof( exported ),
- &exported_length ) == expected_result );
+ TEST_ASSERT(psa_export_key(id,
+ exported, sizeof(exported),
+ &exported_length) == expected_result);
- TEST_ASSERT( mock_export_data.called == 1 );
+ TEST_ASSERT(mock_export_data.called == 1);
- PSA_ASSERT( psa_destroy_key( id ) );
+ PSA_ASSERT(psa_destroy_key(id));
- TEST_ASSERT( mock_destroy_data.called == 1 );
+ TEST_ASSERT(mock_destroy_data.called == 1);
exit:
- PSA_DONE( );
- mock_teardown( );
+ PSA_DONE();
+ mock_teardown();
}
/* END_CASE */
/* BEGIN_CASE */
-void mock_generate( int mock_alloc_return_value,
- int mock_generate_return_value,
- int expected_result )
+void mock_generate(int mock_alloc_return_value,
+ int mock_generate_return_value,
+ int expected_result)
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime);
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1);
mbedtls_svc_key_id_t returned_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mock_allocate_data.return_value = mock_alloc_return_value;
mock_generate_data.return_value = mock_generate_return_value;
- memset( &driver, 0, sizeof( driver ) );
- memset( &key_management, 0, sizeof( key_management ) );
+ memset(&driver, 0, sizeof(driver));
+ memset(&key_management, 0, sizeof(key_management));
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
driver.key_management = &key_management;
key_management.p_generate = mock_generate;
key_management.p_destroy = mock_destroy;
key_management.p_allocate = mock_allocate;
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_id( &attributes, id );
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
- psa_set_key_bits( &attributes, 8 );
- TEST_ASSERT( psa_generate_key( &attributes, &returned_id) == expected_result );
- TEST_ASSERT( mock_allocate_data.called == 1 );
- TEST_ASSERT( mock_generate_data.called ==
- ( mock_alloc_return_value == PSA_SUCCESS? 1 : 0 ) );
+ psa_set_key_id(&attributes, id);
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA);
+ psa_set_key_bits(&attributes, 8);
+ TEST_ASSERT(psa_generate_key(&attributes, &returned_id) == expected_result);
+ TEST_ASSERT(mock_allocate_data.called == 1);
+ TEST_ASSERT(mock_generate_data.called ==
+ (mock_alloc_return_value == PSA_SUCCESS ? 1 : 0));
- if( mock_alloc_return_value == PSA_SUCCESS )
- {
- TEST_ASSERT( mbedtls_svc_key_id_equal(
- mock_generate_data.attributes.core.id, id ) );
- }
- else
- {
- TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
- mock_generate_data.attributes.core.id ) == 0 );
- TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(
- mock_generate_data.attributes.core.id ) == 0 );
+ if (mock_alloc_return_value == PSA_SUCCESS) {
+ TEST_ASSERT(mbedtls_svc_key_id_equal(
+ mock_generate_data.attributes.core.id, id));
+ } else {
+ TEST_ASSERT(MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
+ mock_generate_data.attributes.core.id) == 0);
+ TEST_ASSERT(MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(
+ mock_generate_data.attributes.core.id) == 0);
}
- TEST_ASSERT( mock_generate_data.attributes.core.lifetime ==
- ( mock_alloc_return_value == PSA_SUCCESS? lifetime : 0 ) );
- TEST_ASSERT( mock_generate_data.attributes.core.policy.usage ==
- ( mock_alloc_return_value == PSA_SUCCESS? PSA_KEY_USAGE_EXPORT : 0 ) );
- TEST_ASSERT( mock_generate_data.attributes.core.type ==
- ( mock_alloc_return_value == PSA_SUCCESS? PSA_KEY_TYPE_RAW_DATA : 0 ) );
+ TEST_ASSERT(mock_generate_data.attributes.core.lifetime ==
+ (mock_alloc_return_value == PSA_SUCCESS ? lifetime : 0));
+ TEST_ASSERT(mock_generate_data.attributes.core.policy.usage ==
+ (mock_alloc_return_value == PSA_SUCCESS ? PSA_KEY_USAGE_EXPORT : 0));
+ TEST_ASSERT(mock_generate_data.attributes.core.type ==
+ (mock_alloc_return_value == PSA_SUCCESS ? PSA_KEY_TYPE_RAW_DATA : 0));
- if( expected_result == PSA_SUCCESS )
- {
- PSA_ASSERT( psa_destroy_key( id ) );
- TEST_ASSERT( mock_destroy_data.called == 1 );
+ if (expected_result == PSA_SUCCESS) {
+ PSA_ASSERT(psa_destroy_key(id));
+ TEST_ASSERT(mock_destroy_data.called == 1);
}
exit:
- PSA_DONE( );
- mock_teardown( );
+ PSA_DONE();
+ mock_teardown();
}
/* END_CASE */
/* BEGIN_CASE */
-void mock_export_public( int mock_export_public_return_value,
- int expected_result )
+void mock_export_public(int mock_export_public_return_value,
+ int expected_result)
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime);
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1);
mbedtls_svc_key_id_t returned_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
- uint8_t exported[sizeof( key_material )];
+ const uint8_t key_material[3] = { 0xfa, 0xca, 0xde };
+ uint8_t exported[sizeof(key_material)];
size_t exported_length;
mock_export_public_data.return_value = mock_export_public_return_value;
- memset( &driver, 0, sizeof( driver ) );
- memset( &key_management, 0, sizeof( key_management ) );
+ memset(&driver, 0, sizeof(driver));
+ memset(&key_management, 0, sizeof(key_management));
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
driver.key_management = &key_management;
key_management.p_import = mock_import;
@@ -538,52 +525,52 @@
key_management.p_destroy = mock_destroy;
key_management.p_allocate = mock_allocate;
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_id( &attributes, id );
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY );
+ psa_set_key_id(&attributes, id);
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY);
- PSA_ASSERT( psa_import_key( &attributes,
- key_material, sizeof( key_material ),
- &returned_id ) );
+ PSA_ASSERT(psa_import_key(&attributes,
+ key_material, sizeof(key_material),
+ &returned_id));
- TEST_ASSERT( psa_export_public_key( id, exported, sizeof(exported),
- &exported_length ) == expected_result );
- TEST_ASSERT( mock_export_public_data.called == 1 );
+ TEST_ASSERT(psa_export_public_key(id, exported, sizeof(exported),
+ &exported_length) == expected_result);
+ TEST_ASSERT(mock_export_public_data.called == 1);
- PSA_ASSERT( psa_destroy_key( id ) );
- TEST_ASSERT( mock_destroy_data.called == 1 );
+ PSA_ASSERT(psa_destroy_key(id));
+ TEST_ASSERT(mock_destroy_data.called == 1);
exit:
- PSA_DONE( );
- mock_teardown( );
+ PSA_DONE();
+ mock_teardown();
}
/* END_CASE */
/* BEGIN_CASE */
-void mock_sign( int mock_sign_return_value, int expected_result )
+void mock_sign(int mock_sign_return_value, int expected_result)
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_drv_se_asymmetric_t asymmetric;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime);
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1);
mbedtls_svc_key_id_t returned_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
+ const uint8_t key_material[3] = { 0xfa, 0xca, 0xde };
psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
- const uint8_t hash[1] = {'H'};
- uint8_t signature[1] = {'S'};
+ const uint8_t hash[1] = { 'H' };
+ uint8_t signature[1] = { 'S' };
size_t signature_length;
mock_sign_data.return_value = mock_sign_return_value;
- memset( &driver, 0, sizeof( driver ) );
- memset( &key_management, 0, sizeof( key_management ) );
- memset( &asymmetric, 0, sizeof( asymmetric ) );
+ memset(&driver, 0, sizeof(driver));
+ memset(&key_management, 0, sizeof(key_management));
+ memset(&asymmetric, 0, sizeof(asymmetric));
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
@@ -595,55 +582,55 @@
driver.asymmetric = &asymmetric;
asymmetric.p_sign = mock_sign;
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_id( &attributes, id );
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
- psa_set_key_algorithm( &attributes, algorithm );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
+ psa_set_key_id(&attributes, id);
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
+ psa_set_key_algorithm(&attributes, algorithm);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
- PSA_ASSERT( psa_import_key( &attributes,
- key_material, sizeof( key_material ),
- &returned_id ) );
+ PSA_ASSERT(psa_import_key(&attributes,
+ key_material, sizeof(key_material),
+ &returned_id));
- TEST_ASSERT( psa_sign_hash( id, algorithm,
- hash, sizeof( hash ),
- signature, sizeof( signature ),
- &signature_length)
- == expected_result );
- TEST_ASSERT( mock_sign_data.called == 1 );
+ TEST_ASSERT(psa_sign_hash(id, algorithm,
+ hash, sizeof(hash),
+ signature, sizeof(signature),
+ &signature_length)
+ == expected_result);
+ TEST_ASSERT(mock_sign_data.called == 1);
- PSA_ASSERT( psa_destroy_key( id ) );
- TEST_ASSERT( mock_destroy_data.called == 1 );
+ PSA_ASSERT(psa_destroy_key(id));
+ TEST_ASSERT(mock_destroy_data.called == 1);
exit:
- PSA_DONE( );
- mock_teardown( );
+ PSA_DONE();
+ mock_teardown();
}
/* END_CASE */
/* BEGIN_CASE */
-void mock_verify( int mock_verify_return_value, int expected_result )
+void mock_verify(int mock_verify_return_value, int expected_result)
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_drv_se_asymmetric_t asymmetric;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime);
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1);
mbedtls_svc_key_id_t returned_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
+ const uint8_t key_material[3] = { 0xfa, 0xca, 0xde };
psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
- const uint8_t hash[1] = {'H'};
- const uint8_t signature[1] = {'S'};
+ const uint8_t hash[1] = { 'H' };
+ const uint8_t signature[1] = { 'S' };
mock_verify_data.return_value = mock_verify_return_value;
- memset( &driver, 0, sizeof( driver ) );
- memset( &key_management, 0, sizeof( key_management ) );
- memset( &asymmetric, 0, sizeof( asymmetric ) );
+ memset(&driver, 0, sizeof(driver));
+ memset(&key_management, 0, sizeof(key_management));
+ memset(&asymmetric, 0, sizeof(asymmetric));
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
@@ -655,30 +642,30 @@
driver.asymmetric = &asymmetric;
asymmetric.p_verify = mock_verify;
- PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_register_se_driver(location, &driver));
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_id( &attributes, id );
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
- psa_set_key_algorithm( &attributes, algorithm );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+ psa_set_key_id(&attributes, id);
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
+ psa_set_key_algorithm(&attributes, algorithm);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA);
- PSA_ASSERT( psa_import_key( &attributes,
- key_material, sizeof( key_material ),
- &returned_id ) );
+ PSA_ASSERT(psa_import_key(&attributes,
+ key_material, sizeof(key_material),
+ &returned_id));
- TEST_ASSERT( psa_verify_hash( id, algorithm,
- hash, sizeof( hash ),
- signature, sizeof( signature ) )
- == expected_result );
- TEST_ASSERT( mock_verify_data.called == 1 );
+ TEST_ASSERT(psa_verify_hash(id, algorithm,
+ hash, sizeof(hash),
+ signature, sizeof(signature))
+ == expected_result);
+ TEST_ASSERT(mock_verify_data.called == 1);
- PSA_ASSERT( psa_destroy_key( id ) );
- TEST_ASSERT( mock_destroy_data.called == 1 );
+ PSA_ASSERT(psa_destroy_key(id));
+ TEST_ASSERT(mock_destroy_data.called == 1);
exit:
- PSA_DONE( );
- mock_teardown( );
+ PSA_DONE();
+ mock_teardown();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index d577663..e3bb0d3 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -4,8 +4,7 @@
#include "psa_crypto_slot_management.h"
#include "psa_crypto_storage.h"
-typedef enum
-{
+typedef enum {
/**< Close key(s) */
INVALIDATE_BY_CLOSING,
@@ -28,15 +27,13 @@
INVALIDATE_BY_PURGING_WITH_SHUTDOWN,
} invalidate_method_t;
-typedef enum
-{
+typedef enum {
KEEP_OPEN,
CLOSE_BEFORE,
CLOSE_AFTER,
} reopen_policy_t;
-typedef enum
-{
+typedef enum {
INVALID_HANDLE_0,
INVALID_HANDLE_UNOPENED,
INVALID_HANDLE_CLOSED,
@@ -46,61 +43,59 @@
/** Apply \p invalidate_method to invalidate the specified key:
* close it, destroy it, or do nothing;
*/
-static int invalidate_key( invalidate_method_t invalidate_method,
- mbedtls_svc_key_id_t key )
+static int invalidate_key(invalidate_method_t invalidate_method,
+ mbedtls_svc_key_id_t key)
{
- switch( invalidate_method )
- {
+ switch (invalidate_method) {
/* Closing the key invalidate only volatile keys, not persistent ones. */
case INVALIDATE_BY_CLOSING:
case INVALIDATE_BY_CLOSING_WITH_SHUTDOWN:
- PSA_ASSERT( psa_close_key( key ) );
+ PSA_ASSERT(psa_close_key(key));
break;
case INVALIDATE_BY_DESTROYING:
case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN:
- PSA_ASSERT( psa_destroy_key( key ) );
+ PSA_ASSERT(psa_destroy_key(key));
break;
/* Purging the key just purges RAM data of persistent keys. */
case INVALIDATE_BY_PURGING:
case INVALIDATE_BY_PURGING_WITH_SHUTDOWN:
- PSA_ASSERT( psa_purge_key( key ) );
+ PSA_ASSERT(psa_purge_key(key));
break;
case INVALIDATE_BY_SHUTDOWN:
break;
}
- return( 1 );
+ return 1;
exit:
- return( 0 );
+ return 0;
}
/** Restart the PSA subsystem if \p invalidate_method says so. */
-static int invalidate_psa( invalidate_method_t invalidate_method )
+static int invalidate_psa(invalidate_method_t invalidate_method)
{
- switch( invalidate_method )
- {
+ switch (invalidate_method) {
case INVALIDATE_BY_CLOSING:
case INVALIDATE_BY_DESTROYING:
case INVALIDATE_BY_PURGING:
- return( 1 );
+ return 1;
case INVALIDATE_BY_CLOSING_WITH_SHUTDOWN:
case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN:
case INVALIDATE_BY_PURGING_WITH_SHUTDOWN:
/* All keys must have been closed. */
- PSA_SESSION_DONE( );
+ PSA_SESSION_DONE();
break;
case INVALIDATE_BY_SHUTDOWN:
/* Some keys may remain behind, and we're testing that this
* properly closes them. */
- mbedtls_psa_crypto_free( );
+ mbedtls_psa_crypto_free();
break;
}
- PSA_ASSERT( psa_crypto_init( ) );
- ASSERT_PSA_PRISTINE( );
- return( 1 );
+ PSA_ASSERT(psa_crypto_init());
+ ASSERT_PSA_PRISTINE();
+ return 1;
exit:
- return( 0 );
+ return 0;
}
/* END_HEADER */
@@ -111,10 +106,10 @@
*/
/* BEGIN_CASE */
-void transient_slot_lifecycle( int owner_id_arg,
- int usage_arg, int alg_arg,
- int type_arg, data_t *key_data,
- int invalidate_method_arg )
+void transient_slot_lifecycle(int owner_id_arg,
+ int usage_arg, int alg_arg,
+ int type_arg, data_t *key_data,
+ int invalidate_method_arg)
{
psa_algorithm_t alg = alg_arg;
psa_key_usage_t usage_flags = usage_arg;
@@ -123,40 +118,40 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- mbedtls_test_set_step( 1 );
- PSA_ASSERT( psa_crypto_init( ) );
+ mbedtls_test_set_step(1);
+ PSA_ASSERT(psa_crypto_init());
/* Import a key. */
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
mbedtls_key_owner_id_t owner_id = owner_id_arg;
- mbedtls_set_key_owner_id( &attributes, owner_id );
+ mbedtls_set_key_owner_id(&attributes, owner_id);
#else
- (void)owner_id_arg;
+ (void) owner_id_arg;
#endif
- psa_set_key_usage_flags( &attributes, usage_flags );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, type );
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
- TEST_ASSERT( ! mbedtls_svc_key_id_is_null( key ) );
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- TEST_EQUAL( psa_get_key_type( &attributes ), type );
- psa_reset_key_attributes( &attributes );
+ psa_set_key_usage_flags(&attributes, usage_flags);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, type);
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &key));
+ TEST_ASSERT(!mbedtls_svc_key_id_is_null(key));
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ TEST_EQUAL(psa_get_key_type(&attributes), type);
+ psa_reset_key_attributes(&attributes);
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
{
psa_key_handle_t handle;
mbedtls_svc_key_id_t key_with_invalid_owner =
- mbedtls_svc_key_id_make( owner_id + 1,
- MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) );
+ mbedtls_svc_key_id_make(owner_id + 1,
+ MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key));
- TEST_ASSERT( mbedtls_key_owner_id_equal(
- owner_id,
- MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( key ) ) );
- TEST_EQUAL( psa_open_key( key_with_invalid_owner, &handle ),
- PSA_ERROR_DOES_NOT_EXIST );
+ TEST_ASSERT(mbedtls_key_owner_id_equal(
+ owner_id,
+ MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(key)));
+ TEST_EQUAL(psa_open_key(key_with_invalid_owner, &handle),
+ PSA_ERROR_DOES_NOT_EXIST);
}
#endif
@@ -164,42 +159,44 @@
* Purge the key and make sure that it is still valid, as purging a
* volatile key shouldn't invalidate/destroy it.
*/
- PSA_ASSERT( psa_purge_key( key ) );
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- TEST_EQUAL( psa_get_key_type( &attributes ), type );
- psa_reset_key_attributes( &attributes );
+ PSA_ASSERT(psa_purge_key(key));
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ TEST_EQUAL(psa_get_key_type(&attributes), type);
+ psa_reset_key_attributes(&attributes);
/* Do something that invalidates the key. */
- mbedtls_test_set_step( 2 );
- if( ! invalidate_key( invalidate_method, key ) )
+ mbedtls_test_set_step(2);
+ if (!invalidate_key(invalidate_method, key)) {
goto exit;
- if( ! invalidate_psa( invalidate_method ) )
+ }
+ if (!invalidate_psa(invalidate_method)) {
goto exit;
+ }
/* Test that the key is now invalid. */
- TEST_EQUAL( psa_get_key_attributes( key, &attributes ),
- PSA_ERROR_INVALID_HANDLE );
- TEST_EQUAL( psa_close_key( key ), PSA_ERROR_INVALID_HANDLE );
+ TEST_EQUAL(psa_get_key_attributes(key, &attributes),
+ PSA_ERROR_INVALID_HANDLE);
+ TEST_EQUAL(psa_close_key(key), PSA_ERROR_INVALID_HANDLE);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
-void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg,
- int usage_arg, int alg_arg, int alg2_arg,
- int type_arg, data_t *key_data,
- int invalidate_method_arg )
+void persistent_slot_lifecycle(int lifetime_arg, int owner_id_arg, int id_arg,
+ int usage_arg, int alg_arg, int alg2_arg,
+ int type_arg, data_t *key_data,
+ int invalidate_method_arg)
{
psa_key_lifetime_t lifetime = lifetime_arg;
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg );
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(owner_id_arg, id_arg);
psa_algorithm_t alg = alg_arg;
psa_algorithm_t alg2 = alg2_arg;
psa_key_usage_t usage_flags = usage_arg;
@@ -214,112 +211,110 @@
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
mbedtls_svc_key_id_t wrong_owner_id =
- mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg );
+ mbedtls_svc_key_id_make(owner_id_arg + 1, id_arg);
mbedtls_svc_key_id_t invalid_svc_key_id = MBEDTLS_SVC_KEY_ID_INIT;
#endif
- TEST_USES_KEY_ID( id );
+ TEST_USES_KEY_ID(id);
- mbedtls_test_set_step( 1 );
- PSA_ASSERT( psa_crypto_init( ) );
+ mbedtls_test_set_step(1);
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_id( &attributes, id );
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_type( &attributes, type );
- psa_set_key_usage_flags( &attributes, usage_flags );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_enrollment_algorithm( &attributes, alg2 );
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &returned_id ) );
- TEST_ASSERT( mbedtls_svc_key_id_equal( id, returned_id ) );
+ psa_set_key_id(&attributes, id);
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_type(&attributes, type);
+ psa_set_key_usage_flags(&attributes, usage_flags);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_enrollment_algorithm(&attributes, alg2);
+ PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
+ &returned_id));
+ TEST_ASSERT(mbedtls_svc_key_id_equal(id, returned_id));
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
- TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_svc_key_id ),
- PSA_ERROR_DOES_NOT_EXIST );
+ TEST_EQUAL(psa_open_key(wrong_owner_id, &invalid_svc_key_id),
+ PSA_ERROR_DOES_NOT_EXIST);
#endif
- PSA_ASSERT( psa_get_key_attributes( id, &attributes ) );
- TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
- TEST_ASSERT( mbedtls_svc_key_id_equal(
- psa_get_key_id( &attributes ), id ) );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ),
- mbedtls_test_update_key_usage_flags( usage_flags ) );
- TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
- TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 );
- TEST_EQUAL( psa_get_key_type( &attributes ), type );
+ PSA_ASSERT(psa_get_key_attributes(id, &attributes));
+ TEST_EQUAL(psa_get_key_lifetime(&attributes), lifetime);
+ TEST_ASSERT(mbedtls_svc_key_id_equal(
+ psa_get_key_id(&attributes), id));
+ TEST_EQUAL(psa_get_key_usage_flags(&attributes),
+ mbedtls_test_update_key_usage_flags(usage_flags));
+ TEST_EQUAL(psa_get_key_algorithm(&attributes), alg);
+ TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), alg2);
+ TEST_EQUAL(psa_get_key_type(&attributes), type);
/* Close the key and then open it. */
- PSA_ASSERT( psa_close_key( id ) );
+ PSA_ASSERT(psa_close_key(id));
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
- TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_svc_key_id ),
- PSA_ERROR_DOES_NOT_EXIST );
+ TEST_EQUAL(psa_open_key(wrong_owner_id, &invalid_svc_key_id),
+ PSA_ERROR_DOES_NOT_EXIST);
#endif
- PSA_ASSERT( psa_open_key( id, &handle ) );
- TEST_ASSERT( ! psa_key_handle_is_null( handle ) );
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
- TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
- TEST_ASSERT( mbedtls_svc_key_id_equal(
- psa_get_key_id( &attributes ), id ) );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ),
- mbedtls_test_update_key_usage_flags( usage_flags ) );
- TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
- TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 );
- TEST_EQUAL( psa_get_key_type( &attributes ), type );
+ PSA_ASSERT(psa_open_key(id, &handle));
+ TEST_ASSERT(!psa_key_handle_is_null(handle));
+ PSA_ASSERT(psa_get_key_attributes(handle, &attributes));
+ TEST_EQUAL(psa_get_key_lifetime(&attributes), lifetime);
+ TEST_ASSERT(mbedtls_svc_key_id_equal(
+ psa_get_key_id(&attributes), id));
+ TEST_EQUAL(psa_get_key_usage_flags(&attributes),
+ mbedtls_test_update_key_usage_flags(usage_flags));
+ TEST_EQUAL(psa_get_key_algorithm(&attributes), alg);
+ TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), alg2);
+ TEST_EQUAL(psa_get_key_type(&attributes), type);
/*
* Do something that wipes key data in volatile memory or destroy the
* key.
*/
- mbedtls_test_set_step( 2 );
- if( ! invalidate_key( invalidate_method, id ) )
+ mbedtls_test_set_step(2);
+ if (!invalidate_key(invalidate_method, id)) {
goto exit;
- if( ! invalidate_psa( invalidate_method ) )
+ }
+ if (!invalidate_psa(invalidate_method)) {
goto exit;
+ }
/* Try to reaccess the key. If we destroyed it, check that it doesn't
* exist. Otherwise check that it still exists and has the expected
* content. */
- switch( invalidate_method )
- {
+ switch (invalidate_method) {
case INVALIDATE_BY_CLOSING:
case INVALIDATE_BY_CLOSING_WITH_SHUTDOWN:
case INVALIDATE_BY_PURGING:
case INVALIDATE_BY_PURGING_WITH_SHUTDOWN:
case INVALIDATE_BY_SHUTDOWN:
- PSA_ASSERT( psa_open_key( id, &handle ) );
- PSA_ASSERT( psa_get_key_attributes( id, &read_attributes ) );
- TEST_EQUAL( psa_get_key_lifetime( &attributes ),
- psa_get_key_lifetime( &read_attributes ) );
- TEST_ASSERT( mbedtls_svc_key_id_equal(
- psa_get_key_id( &attributes ),
- psa_get_key_id( &read_attributes ) ) );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ),
- mbedtls_test_update_key_usage_flags( usage_flags ) );
- TEST_EQUAL( psa_get_key_algorithm( &attributes ),
- psa_get_key_algorithm( &read_attributes ) );
- TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ),
- psa_get_key_enrollment_algorithm( &read_attributes ) );
- TEST_EQUAL( psa_get_key_type( &attributes ),
- psa_get_key_type( &read_attributes ) );
- TEST_EQUAL( psa_get_key_bits( &attributes ),
- psa_get_key_bits( &read_attributes ) );
- ASSERT_ALLOC( reexported, key_data->len );
- if( usage_flags & PSA_KEY_USAGE_EXPORT )
- {
- PSA_ASSERT( psa_export_key( id, reexported, key_data->len,
- &reexported_length ) );
- ASSERT_COMPARE( key_data->x, key_data->len,
- reexported, reexported_length );
+ PSA_ASSERT(psa_open_key(id, &handle));
+ PSA_ASSERT(psa_get_key_attributes(id, &read_attributes));
+ TEST_EQUAL(psa_get_key_lifetime(&attributes),
+ psa_get_key_lifetime(&read_attributes));
+ TEST_ASSERT(mbedtls_svc_key_id_equal(
+ psa_get_key_id(&attributes),
+ psa_get_key_id(&read_attributes)));
+ TEST_EQUAL(psa_get_key_usage_flags(&attributes),
+ mbedtls_test_update_key_usage_flags(usage_flags));
+ TEST_EQUAL(psa_get_key_algorithm(&attributes),
+ psa_get_key_algorithm(&read_attributes));
+ TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes),
+ psa_get_key_enrollment_algorithm(&read_attributes));
+ TEST_EQUAL(psa_get_key_type(&attributes),
+ psa_get_key_type(&read_attributes));
+ TEST_EQUAL(psa_get_key_bits(&attributes),
+ psa_get_key_bits(&read_attributes));
+ ASSERT_ALLOC(reexported, key_data->len);
+ if (usage_flags & PSA_KEY_USAGE_EXPORT) {
+ PSA_ASSERT(psa_export_key(id, reexported, key_data->len,
+ &reexported_length));
+ ASSERT_COMPARE(key_data->x, key_data->len,
+ reexported, reexported_length);
+ } else {
+ TEST_EQUAL(psa_export_key(id, reexported,
+ key_data->len, &reexported_length),
+ PSA_ERROR_NOT_PERMITTED);
}
- else
- {
- TEST_EQUAL( psa_export_key( id, reexported,
- key_data->len, &reexported_length ),
- PSA_ERROR_NOT_PERMITTED );
- }
- PSA_ASSERT( psa_close_key( handle ) );
+ PSA_ASSERT(psa_close_key(handle));
break;
case INVALIDATE_BY_DESTROYING:
@@ -328,11 +323,11 @@
* Test that the key handle and identifier are now not referring to an
* existing key.
*/
- TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ),
- PSA_ERROR_INVALID_HANDLE );
- TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE );
- TEST_EQUAL( psa_get_key_attributes( id, &read_attributes ),
- PSA_ERROR_INVALID_HANDLE );
+ TEST_EQUAL(psa_get_key_attributes(handle, &read_attributes),
+ PSA_ERROR_INVALID_HANDLE);
+ TEST_EQUAL(psa_close_key(handle), PSA_ERROR_INVALID_HANDLE);
+ TEST_EQUAL(psa_get_key_attributes(id, &read_attributes),
+ PSA_ERROR_INVALID_HANDLE);
break;
}
@@ -341,158 +336,159 @@
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
- psa_reset_key_attributes( &read_attributes );
+ psa_reset_key_attributes(&attributes);
+ psa_reset_key_attributes(&read_attributes);
- PSA_DONE( );
- mbedtls_free( reexported );
+ PSA_DONE();
+ mbedtls_free(reexported);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
-void create_existent( int lifetime_arg, int owner_id_arg, int id_arg,
- int reopen_policy_arg )
+void create_existent(int lifetime_arg, int owner_id_arg, int id_arg,
+ int reopen_policy_arg)
{
psa_key_lifetime_t lifetime = lifetime_arg;
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg );
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(owner_id_arg, id_arg);
mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA;
const uint8_t material1[5] = "a key";
const uint8_t material2[5] = "b key";
- size_t bits1 = PSA_BYTES_TO_BITS( sizeof( material1 ) );
- uint8_t reexported[sizeof( material1 )];
+ size_t bits1 = PSA_BYTES_TO_BITS(sizeof(material1));
+ uint8_t reexported[sizeof(material1)];
size_t reexported_length;
reopen_policy_t reopen_policy = reopen_policy_arg;
- TEST_USES_KEY_ID( id );
+ TEST_USES_KEY_ID(id);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/* Create a key. */
- psa_set_key_id( &attributes, id );
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_type( &attributes, type1 );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
- psa_set_key_algorithm( &attributes, 0 );
- PSA_ASSERT( psa_import_key( &attributes, material1, sizeof( material1 ),
- &returned_id ) );
- TEST_ASSERT( mbedtls_svc_key_id_equal( id, returned_id ) );
+ psa_set_key_id(&attributes, id);
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_type(&attributes, type1);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
+ psa_set_key_algorithm(&attributes, 0);
+ PSA_ASSERT(psa_import_key(&attributes, material1, sizeof(material1),
+ &returned_id));
+ TEST_ASSERT(mbedtls_svc_key_id_equal(id, returned_id));
- if( reopen_policy == CLOSE_BEFORE )
- PSA_ASSERT( psa_close_key( id ) );
+ if (reopen_policy == CLOSE_BEFORE) {
+ PSA_ASSERT(psa_close_key(id));
+ }
/* Attempt to create a new key in the same slot. */
- TEST_EQUAL( psa_import_key( &attributes, material2, sizeof( material2 ),
- &returned_id ),
- PSA_ERROR_ALREADY_EXISTS );
- TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_id ) );
+ TEST_EQUAL(psa_import_key(&attributes, material2, sizeof(material2),
+ &returned_id),
+ PSA_ERROR_ALREADY_EXISTS);
+ TEST_ASSERT(mbedtls_svc_key_id_is_null(returned_id));
- if( reopen_policy == CLOSE_AFTER )
- PSA_ASSERT( psa_close_key( id ) );
+ if (reopen_policy == CLOSE_AFTER) {
+ PSA_ASSERT(psa_close_key(id));
+ }
/* Check that the original key hasn't changed. */
- psa_reset_key_attributes( &attributes );
- PSA_ASSERT( psa_get_key_attributes( id, &attributes ) );
- TEST_ASSERT( mbedtls_svc_key_id_equal(
- psa_get_key_id( &attributes ), id ) );
- TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
- TEST_EQUAL( psa_get_key_type( &attributes ), type1 );
- TEST_EQUAL( psa_get_key_bits( &attributes ), bits1 );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT );
- TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
+ psa_reset_key_attributes(&attributes);
+ PSA_ASSERT(psa_get_key_attributes(id, &attributes));
+ TEST_ASSERT(mbedtls_svc_key_id_equal(
+ psa_get_key_id(&attributes), id));
+ TEST_EQUAL(psa_get_key_lifetime(&attributes), lifetime);
+ TEST_EQUAL(psa_get_key_type(&attributes), type1);
+ TEST_EQUAL(psa_get_key_bits(&attributes), bits1);
+ TEST_EQUAL(psa_get_key_usage_flags(&attributes), PSA_KEY_USAGE_EXPORT);
+ TEST_EQUAL(psa_get_key_algorithm(&attributes), 0);
- PSA_ASSERT( psa_export_key( id,
- reexported, sizeof( reexported ),
- &reexported_length ) );
- ASSERT_COMPARE( material1, sizeof( material1 ),
- reexported, reexported_length );
+ PSA_ASSERT(psa_export_key(id,
+ reexported, sizeof(reexported),
+ &reexported_length));
+ ASSERT_COMPARE(material1, sizeof(material1),
+ reexported, reexported_length);
- PSA_ASSERT( psa_close_key( id ) );
+ PSA_ASSERT(psa_close_key(id));
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void open_fail( int id_arg,
- int expected_status_arg )
+void open_fail(int id_arg,
+ int expected_status_arg)
{
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg );
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, id_arg);
psa_status_t expected_status = expected_status_arg;
- psa_key_handle_t handle = mbedtls_svc_key_id_make( 0xdead, 0xdead );
+ psa_key_handle_t handle = mbedtls_svc_key_id_make(0xdead, 0xdead);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- TEST_EQUAL( psa_open_key( id, &handle ), expected_status );
- TEST_ASSERT( psa_key_handle_is_null( handle ) );
+ TEST_EQUAL(psa_open_key(id, &handle), expected_status);
+ TEST_ASSERT(psa_key_handle_is_null(handle));
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void create_fail( int lifetime_arg, int id_arg,
- int expected_status_arg )
+void create_fail(int lifetime_arg, int id_arg,
+ int expected_status_arg)
{
psa_key_lifetime_t lifetime = lifetime_arg;
- mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg );
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, id_arg);
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t expected_status = expected_status_arg;
mbedtls_svc_key_id_t returned_id =
- mbedtls_svc_key_id_make( 0xdead, 0xdead );
- uint8_t material[1] = {'k'};
+ mbedtls_svc_key_id_make(0xdead, 0xdead);
+ uint8_t material[1] = { 'k' };
- TEST_USES_KEY_ID( id );
+ TEST_USES_KEY_ID(id);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_lifetime( &attributes, lifetime );
- if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
- {
+ psa_set_key_lifetime(&attributes, lifetime);
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
/*
* Not possible to set a key identifier different from 0 through
* PSA key attributes APIs thus accessing to the attributes
* directly.
*/
attributes.core.id = id;
+ } else {
+ psa_set_key_id(&attributes, id);
}
- else
- psa_set_key_id( &attributes, id );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
- TEST_EQUAL( psa_import_key( &attributes, material, sizeof( material ),
- &returned_id ),
- expected_status );
- TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_id ) );
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA);
+ TEST_EQUAL(psa_import_key(&attributes, material, sizeof(material),
+ &returned_id),
+ expected_status);
+ TEST_ASSERT(mbedtls_svc_key_id_is_null(returned_id));
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg,
- int source_id_arg, int source_usage_arg,
- int source_alg_arg, int source_alg2_arg,
- int type_arg, data_t *material,
- int target_lifetime_arg, int target_owner_id_arg,
- int target_id_arg, int target_usage_arg,
- int target_alg_arg, int target_alg2_arg,
- int expected_usage_arg,
- int expected_alg_arg, int expected_alg2_arg )
+void copy_across_lifetimes(int source_lifetime_arg, int source_owner_id_arg,
+ int source_id_arg, int source_usage_arg,
+ int source_alg_arg, int source_alg2_arg,
+ int type_arg, data_t *material,
+ int target_lifetime_arg, int target_owner_id_arg,
+ int target_id_arg, int target_usage_arg,
+ int target_alg_arg, int target_alg2_arg,
+ int expected_usage_arg,
+ int expected_alg_arg, int expected_alg2_arg)
{
psa_key_lifetime_t source_lifetime = source_lifetime_arg;
mbedtls_svc_key_id_t source_id =
- mbedtls_svc_key_id_make( source_owner_id_arg, source_id_arg );
+ mbedtls_svc_key_id_make(source_owner_id_arg, source_id_arg);
psa_key_usage_t source_usage = source_usage_arg;
psa_algorithm_t source_alg = source_alg_arg;
psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -500,7 +496,7 @@
mbedtls_svc_key_id_t returned_source_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
mbedtls_svc_key_id_t target_id =
- mbedtls_svc_key_id_make( target_owner_id_arg, target_id_arg );
+ mbedtls_svc_key_id_make(target_owner_id_arg, target_id_arg);
psa_key_usage_t target_usage = target_usage_arg;
psa_algorithm_t target_alg = target_alg_arg;
psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -511,127 +507,120 @@
psa_algorithm_t expected_alg2 = expected_alg2_arg;
uint8_t *export_buffer = NULL;
- TEST_USES_KEY_ID( source_id );
- TEST_USES_KEY_ID( target_id );
+ TEST_USES_KEY_ID(source_id);
+ TEST_USES_KEY_ID(target_id);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/* Populate the source slot. */
- psa_set_key_id( &source_attributes, source_id );
- psa_set_key_lifetime( &source_attributes, source_lifetime );
+ psa_set_key_id(&source_attributes, source_id);
+ psa_set_key_lifetime(&source_attributes, source_lifetime);
- psa_set_key_type( &source_attributes, source_type );
- psa_set_key_usage_flags( &source_attributes, source_usage );
- psa_set_key_algorithm( &source_attributes, source_alg );
- psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg );
- PSA_ASSERT( psa_import_key( &source_attributes,
- material->x, material->len,
- &returned_source_id ) );
+ psa_set_key_type(&source_attributes, source_type);
+ psa_set_key_usage_flags(&source_attributes, source_usage);
+ psa_set_key_algorithm(&source_attributes, source_alg);
+ psa_set_key_enrollment_algorithm(&source_attributes, source_alg2_arg);
+ PSA_ASSERT(psa_import_key(&source_attributes,
+ material->x, material->len,
+ &returned_source_id));
/* Update the attributes with the bit size. */
- PSA_ASSERT( psa_get_key_attributes( returned_source_id,
- &source_attributes ) );
+ PSA_ASSERT(psa_get_key_attributes(returned_source_id,
+ &source_attributes));
/* Prepare the target slot. */
- psa_set_key_id( &target_attributes, target_id );
- psa_set_key_lifetime( &target_attributes, target_lifetime );
+ psa_set_key_id(&target_attributes, target_id);
+ psa_set_key_lifetime(&target_attributes, target_lifetime);
- psa_set_key_usage_flags( &target_attributes, target_usage );
- psa_set_key_algorithm( &target_attributes, target_alg );
- psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
+ psa_set_key_usage_flags(&target_attributes, target_usage);
+ psa_set_key_algorithm(&target_attributes, target_alg);
+ psa_set_key_enrollment_algorithm(&target_attributes, target_alg2_arg);
/* Copy the key. */
- PSA_ASSERT( psa_copy_key( returned_source_id,
- &target_attributes, &returned_target_id ) );
+ PSA_ASSERT(psa_copy_key(returned_source_id,
+ &target_attributes, &returned_target_id));
/* Destroy the source to ensure that this doesn't affect the target. */
- PSA_ASSERT( psa_destroy_key( returned_source_id ) );
+ PSA_ASSERT(psa_destroy_key(returned_source_id));
/* If the target key is persistent, restart the system to make
* sure that the material is still alive. */
- if( ! PSA_KEY_LIFETIME_IS_VOLATILE( target_lifetime ) )
- {
- mbedtls_psa_crypto_free( );
- PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_open_key( target_id, &target_handle ) );
+ if (!PSA_KEY_LIFETIME_IS_VOLATILE(target_lifetime)) {
+ mbedtls_psa_crypto_free();
+ PSA_ASSERT(psa_crypto_init());
+ PSA_ASSERT(psa_open_key(target_id, &target_handle));
}
/* Test that the target slot has the expected content. */
- psa_reset_key_attributes( &target_attributes );
- PSA_ASSERT( psa_get_key_attributes( returned_target_id,
- &target_attributes ) );
+ psa_reset_key_attributes(&target_attributes);
+ PSA_ASSERT(psa_get_key_attributes(returned_target_id,
+ &target_attributes));
- if( ! PSA_KEY_LIFETIME_IS_VOLATILE( target_lifetime ) )
- {
- TEST_ASSERT( mbedtls_svc_key_id_equal(
- target_id, psa_get_key_id( &target_attributes ) ) );
- }
- else
- {
+ if (!PSA_KEY_LIFETIME_IS_VOLATILE(target_lifetime)) {
+ TEST_ASSERT(mbedtls_svc_key_id_equal(
+ target_id, psa_get_key_id(&target_attributes)));
+ } else {
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
- TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( returned_target_id ),
- target_owner_id_arg );
+ TEST_EQUAL(MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(returned_target_id),
+ target_owner_id_arg);
#endif
}
- TEST_EQUAL( target_lifetime, psa_get_key_lifetime( &target_attributes ) );
- TEST_EQUAL( source_type, psa_get_key_type( &target_attributes ) );
- TEST_EQUAL( psa_get_key_bits( &source_attributes ),
- psa_get_key_bits( &target_attributes ) );
- TEST_EQUAL( expected_usage, psa_get_key_usage_flags( &target_attributes ) );
- TEST_EQUAL( expected_alg, psa_get_key_algorithm( &target_attributes ) );
- TEST_EQUAL( expected_alg2,
- psa_get_key_enrollment_algorithm( &target_attributes ) );
- if( expected_usage & PSA_KEY_USAGE_EXPORT )
- {
+ TEST_EQUAL(target_lifetime, psa_get_key_lifetime(&target_attributes));
+ TEST_EQUAL(source_type, psa_get_key_type(&target_attributes));
+ TEST_EQUAL(psa_get_key_bits(&source_attributes),
+ psa_get_key_bits(&target_attributes));
+ TEST_EQUAL(expected_usage, psa_get_key_usage_flags(&target_attributes));
+ TEST_EQUAL(expected_alg, psa_get_key_algorithm(&target_attributes));
+ TEST_EQUAL(expected_alg2,
+ psa_get_key_enrollment_algorithm(&target_attributes));
+ if (expected_usage & PSA_KEY_USAGE_EXPORT) {
size_t length;
- ASSERT_ALLOC( export_buffer, material->len );
- PSA_ASSERT( psa_export_key( returned_target_id, export_buffer,
- material->len, &length ) );
- ASSERT_COMPARE( material->x, material->len,
- export_buffer, length );
- }
- else
- {
+ ASSERT_ALLOC(export_buffer, material->len);
+ PSA_ASSERT(psa_export_key(returned_target_id, export_buffer,
+ material->len, &length));
+ ASSERT_COMPARE(material->x, material->len,
+ export_buffer, length);
+ } else {
size_t length;
/* Check that the key is actually non-exportable. */
- TEST_EQUAL( psa_export_key( returned_target_id, export_buffer,
- material->len, &length ),
- PSA_ERROR_NOT_PERMITTED );
+ TEST_EQUAL(psa_export_key(returned_target_id, export_buffer,
+ material->len, &length),
+ PSA_ERROR_NOT_PERMITTED);
}
- PSA_ASSERT( psa_destroy_key( returned_target_id ) );
+ PSA_ASSERT(psa_destroy_key(returned_target_id));
exit:
/*
* Source and target key attributes may have been returned by
* psa_get_key_attributes() thus reset them as required.
*/
- psa_reset_key_attributes( &source_attributes );
- psa_reset_key_attributes( &target_attributes );
+ psa_reset_key_attributes(&source_attributes);
+ psa_reset_key_attributes(&target_attributes);
- PSA_DONE( );
- mbedtls_free( export_buffer );
+ PSA_DONE();
+ mbedtls_free(export_buffer);
}
/* END_CASE */
/* BEGIN_CASE */
-void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
- int source_usage_arg, int source_alg_arg,
- int source_type_arg, data_t *source_material,
- int target_lifetime_arg, int target_id_arg,
- int target_usage_arg, int target_alg_arg,
- int target_type_arg, data_t *target_material )
+void copy_to_occupied(int source_lifetime_arg, int source_id_arg,
+ int source_usage_arg, int source_alg_arg,
+ int source_type_arg, data_t *source_material,
+ int target_lifetime_arg, int target_id_arg,
+ int target_usage_arg, int target_alg_arg,
+ int target_type_arg, data_t *target_material)
{
psa_key_lifetime_t source_lifetime = source_lifetime_arg;
mbedtls_svc_key_id_t source_id =
- mbedtls_svc_key_id_make( 1, source_id_arg );
+ mbedtls_svc_key_id_make(1, source_id_arg);
psa_key_usage_t source_usage = source_usage_arg;
psa_algorithm_t source_alg = source_alg_arg;
psa_key_type_t source_type = source_type_arg;
mbedtls_svc_key_id_t returned_source_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
mbedtls_svc_key_id_t target_id =
- mbedtls_svc_key_id_make( 1, target_id_arg );
+ mbedtls_svc_key_id_make(1, target_id_arg);
psa_key_usage_t target_usage = target_usage_arg;
psa_algorithm_t target_alg = target_alg_arg;
psa_key_type_t target_type = target_type_arg;
@@ -642,96 +631,92 @@
psa_key_attributes_t attributes1 = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t attributes2 = PSA_KEY_ATTRIBUTES_INIT;
- TEST_USES_KEY_ID( source_id );
- TEST_USES_KEY_ID( target_id );
+ TEST_USES_KEY_ID(source_id);
+ TEST_USES_KEY_ID(target_id);
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/* Populate the source slot. */
- if( ! PSA_KEY_LIFETIME_IS_VOLATILE( source_lifetime ) )
- {
- psa_set_key_id( &attributes, source_id );
- psa_set_key_lifetime( &attributes, source_lifetime );
+ if (!PSA_KEY_LIFETIME_IS_VOLATILE(source_lifetime)) {
+ psa_set_key_id(&attributes, source_id);
+ psa_set_key_lifetime(&attributes, source_lifetime);
}
- psa_set_key_type( &attributes, source_type );
- psa_set_key_usage_flags( &attributes, source_usage );
- psa_set_key_algorithm( &attributes, source_alg );
- PSA_ASSERT( psa_import_key( &attributes,
- source_material->x, source_material->len,
- &returned_source_id ) );
+ psa_set_key_type(&attributes, source_type);
+ psa_set_key_usage_flags(&attributes, source_usage);
+ psa_set_key_algorithm(&attributes, source_alg);
+ PSA_ASSERT(psa_import_key(&attributes,
+ source_material->x, source_material->len,
+ &returned_source_id));
/* Populate the target slot. */
- if( mbedtls_svc_key_id_equal( target_id, source_id ) )
- {
+ if (mbedtls_svc_key_id_equal(target_id, source_id)) {
returned_target_id = returned_source_id;
- }
- else
- {
- psa_set_key_id( &attributes1, target_id );
- psa_set_key_lifetime( &attributes1, target_lifetime );
- psa_set_key_type( &attributes1, target_type );
- psa_set_key_usage_flags( &attributes1, target_usage );
- psa_set_key_algorithm( &attributes1, target_alg );
- PSA_ASSERT( psa_import_key( &attributes1,
- target_material->x, target_material->len,
- &returned_target_id ) );
+ } else {
+ psa_set_key_id(&attributes1, target_id);
+ psa_set_key_lifetime(&attributes1, target_lifetime);
+ psa_set_key_type(&attributes1, target_type);
+ psa_set_key_usage_flags(&attributes1, target_usage);
+ psa_set_key_algorithm(&attributes1, target_alg);
+ PSA_ASSERT(psa_import_key(&attributes1,
+ target_material->x, target_material->len,
+ &returned_target_id));
}
- PSA_ASSERT( psa_get_key_attributes( returned_target_id, &attributes1 ) );
+ PSA_ASSERT(psa_get_key_attributes(returned_target_id, &attributes1));
/* Make a copy attempt. */
- psa_set_key_id( &attributes, target_id );
- psa_set_key_lifetime( &attributes, target_lifetime );
- TEST_EQUAL( psa_copy_key( returned_source_id,
- &attributes, &new_key ),
- PSA_ERROR_ALREADY_EXISTS );
- TEST_ASSERT( mbedtls_svc_key_id_is_null( new_key ) );
+ psa_set_key_id(&attributes, target_id);
+ psa_set_key_lifetime(&attributes, target_lifetime);
+ TEST_EQUAL(psa_copy_key(returned_source_id,
+ &attributes, &new_key),
+ PSA_ERROR_ALREADY_EXISTS);
+ TEST_ASSERT(mbedtls_svc_key_id_is_null(new_key));
/* Test that the target slot is unaffected. */
- PSA_ASSERT( psa_get_key_attributes( returned_target_id, &attributes2 ) );
- TEST_ASSERT( mbedtls_svc_key_id_equal(
- psa_get_key_id( &attributes1 ),
- psa_get_key_id( &attributes2 ) ) );
- TEST_EQUAL( psa_get_key_lifetime( &attributes1 ),
- psa_get_key_lifetime( &attributes2 ) );
- TEST_EQUAL( psa_get_key_type( &attributes1 ),
- psa_get_key_type( &attributes2 ) );
- TEST_EQUAL( psa_get_key_bits( &attributes1 ),
- psa_get_key_bits( &attributes2 ) );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes1 ),
- psa_get_key_usage_flags( &attributes2 ) );
- TEST_EQUAL( psa_get_key_algorithm( &attributes1 ),
- psa_get_key_algorithm( &attributes2 ) );
- if( target_usage & PSA_KEY_USAGE_EXPORT )
- {
+ PSA_ASSERT(psa_get_key_attributes(returned_target_id, &attributes2));
+ TEST_ASSERT(mbedtls_svc_key_id_equal(
+ psa_get_key_id(&attributes1),
+ psa_get_key_id(&attributes2)));
+ TEST_EQUAL(psa_get_key_lifetime(&attributes1),
+ psa_get_key_lifetime(&attributes2));
+ TEST_EQUAL(psa_get_key_type(&attributes1),
+ psa_get_key_type(&attributes2));
+ TEST_EQUAL(psa_get_key_bits(&attributes1),
+ psa_get_key_bits(&attributes2));
+ TEST_EQUAL(psa_get_key_usage_flags(&attributes1),
+ psa_get_key_usage_flags(&attributes2));
+ TEST_EQUAL(psa_get_key_algorithm(&attributes1),
+ psa_get_key_algorithm(&attributes2));
+ if (target_usage & PSA_KEY_USAGE_EXPORT) {
size_t length;
- ASSERT_ALLOC( export_buffer, target_material->len );
- PSA_ASSERT( psa_export_key( returned_target_id, export_buffer,
- target_material->len, &length ) );
- ASSERT_COMPARE( target_material->x, target_material->len,
- export_buffer, length );
+ ASSERT_ALLOC(export_buffer, target_material->len);
+ PSA_ASSERT(psa_export_key(returned_target_id, export_buffer,
+ target_material->len, &length));
+ ASSERT_COMPARE(target_material->x, target_material->len,
+ export_buffer, length);
}
- PSA_ASSERT( psa_destroy_key( returned_source_id ) );
- if( ! mbedtls_svc_key_id_equal( target_id, source_id ) )
- PSA_ASSERT( psa_destroy_key( returned_target_id ) );
+ PSA_ASSERT(psa_destroy_key(returned_source_id));
+ if (!mbedtls_svc_key_id_equal(target_id, source_id)) {
+ PSA_ASSERT(psa_destroy_key(returned_target_id));
+ }
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes1 );
- psa_reset_key_attributes( &attributes2 );
+ psa_reset_key_attributes(&attributes1);
+ psa_reset_key_attributes(&attributes2);
- PSA_DONE( );
- mbedtls_free( export_buffer );
+ PSA_DONE();
+ mbedtls_free(export_buffer);
}
/* END_CASE */
/* BEGIN_CASE */
-void invalid_handle( int handle_construction,
- int close_status_arg )
+void invalid_handle(int handle_construction,
+ int close_status_arg)
{
psa_key_handle_t valid_handle = PSA_KEY_HANDLE_INIT;
psa_key_handle_t invalid_handle = PSA_KEY_HANDLE_INIT;
@@ -740,20 +725,19 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t material[1] = "a";
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
/* Allocate a handle and store a key in it. */
- psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
- psa_set_key_usage_flags( &attributes, 0 );
- psa_set_key_algorithm( &attributes, 0 );
- PSA_ASSERT( psa_import_key( &attributes,
- material, sizeof( material ),
- &valid_handle ) );
- TEST_ASSERT( ! psa_key_handle_is_null( valid_handle ) );
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA);
+ psa_set_key_usage_flags(&attributes, 0);
+ psa_set_key_algorithm(&attributes, 0);
+ PSA_ASSERT(psa_import_key(&attributes,
+ material, sizeof(material),
+ &valid_handle));
+ TEST_ASSERT(!psa_key_handle_is_null(valid_handle));
/* Construct an invalid handle as specified in the test case data. */
- switch( handle_construction )
- {
+ switch (handle_construction) {
case INVALID_HANDLE_0:
invalid_handle = PSA_KEY_HANDLE_INIT;
break;
@@ -770,129 +754,129 @@
* unopened and thus invalid identifier.
*/
- if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) ==
- PSA_KEY_ID_VOLATILE_MIN )
+ if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(valid_handle) ==
+ PSA_KEY_ID_VOLATILE_MIN) {
key_id = PSA_KEY_ID_VOLATILE_MIN + 1;
- else
- key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) - 1;
+ } else {
+ key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(valid_handle) - 1;
+ }
invalid_handle =
- mbedtls_svc_key_id_make( 0, key_id );
+ mbedtls_svc_key_id_make(0, key_id);
break;
case INVALID_HANDLE_CLOSED:
- PSA_ASSERT( psa_import_key( &attributes,
- material, sizeof( material ),
- &invalid_handle ) );
- PSA_ASSERT( psa_destroy_key( invalid_handle ) );
+ PSA_ASSERT(psa_import_key(&attributes,
+ material, sizeof(material),
+ &invalid_handle));
+ PSA_ASSERT(psa_destroy_key(invalid_handle));
break;
case INVALID_HANDLE_HUGE:
invalid_handle =
- mbedtls_svc_key_id_make( 0, PSA_KEY_ID_VENDOR_MAX + 1 );
+ mbedtls_svc_key_id_make(0, PSA_KEY_ID_VENDOR_MAX + 1);
break;
default:
- TEST_ASSERT( ! "unknown handle construction" );
+ TEST_ASSERT(!"unknown handle construction");
}
/* Attempt to use the invalid handle. */
- TEST_EQUAL( psa_get_key_attributes( invalid_handle, &attributes ),
- PSA_ERROR_INVALID_HANDLE );
- TEST_EQUAL( psa_close_key( invalid_handle ), close_status );
- TEST_EQUAL( psa_destroy_key( invalid_handle ), close_status );
+ TEST_EQUAL(psa_get_key_attributes(invalid_handle, &attributes),
+ PSA_ERROR_INVALID_HANDLE);
+ TEST_EQUAL(psa_close_key(invalid_handle), close_status);
+ TEST_EQUAL(psa_destroy_key(invalid_handle), close_status);
/* After all this, check that the original handle is intact. */
- PSA_ASSERT( psa_get_key_attributes( valid_handle, &attributes ) );
- TEST_EQUAL( psa_get_key_type( &attributes ), PSA_KEY_TYPE_RAW_DATA );
- TEST_EQUAL( psa_get_key_bits( &attributes ),
- PSA_BYTES_TO_BITS( sizeof( material ) ) );
- PSA_ASSERT( psa_close_key( valid_handle ) );
+ PSA_ASSERT(psa_get_key_attributes(valid_handle, &attributes));
+ TEST_EQUAL(psa_get_key_type(&attributes), PSA_KEY_TYPE_RAW_DATA);
+ TEST_EQUAL(psa_get_key_bits(&attributes),
+ PSA_BYTES_TO_BITS(sizeof(material)));
+ PSA_ASSERT(psa_close_key(valid_handle));
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void many_transient_keys( int max_keys_arg )
+void many_transient_keys(int max_keys_arg)
{
mbedtls_svc_key_id_t *keys = NULL;
size_t max_keys = max_keys_arg;
size_t i, j;
psa_status_t status;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- uint8_t exported[sizeof( size_t )];
+ uint8_t exported[sizeof(size_t)];
size_t exported_length;
- ASSERT_ALLOC( keys, max_keys );
- PSA_ASSERT( psa_crypto_init( ) );
+ ASSERT_ALLOC(keys, max_keys);
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
- psa_set_key_algorithm( &attributes, 0 );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
+ psa_set_key_algorithm(&attributes, 0);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA);
- for( i = 0; i < max_keys; i++ )
- {
- status = psa_import_key( &attributes,
- (uint8_t *) &i, sizeof( i ),
- &keys[i] );
- if( status == PSA_ERROR_INSUFFICIENT_MEMORY )
+ for (i = 0; i < max_keys; i++) {
+ status = psa_import_key(&attributes,
+ (uint8_t *) &i, sizeof(i),
+ &keys[i]);
+ if (status == PSA_ERROR_INSUFFICIENT_MEMORY) {
break;
- PSA_ASSERT( status );
- TEST_ASSERT( ! mbedtls_svc_key_id_is_null( keys[i] ) );
- for( j = 0; j < i; j++ )
- TEST_ASSERT( ! mbedtls_svc_key_id_equal( keys[i], keys[j] ) );
+ }
+ PSA_ASSERT(status);
+ TEST_ASSERT(!mbedtls_svc_key_id_is_null(keys[i]));
+ for (j = 0; j < i; j++) {
+ TEST_ASSERT(!mbedtls_svc_key_id_equal(keys[i], keys[j]));
+ }
}
max_keys = i;
- for( i = 1; i < max_keys; i++ )
- {
- PSA_ASSERT( psa_close_key( keys[i - 1] ) );
- PSA_ASSERT( psa_export_key( keys[i],
- exported, sizeof( exported ),
- &exported_length ) );
- ASSERT_COMPARE( exported, exported_length,
- (uint8_t *) &i, sizeof( i ) );
+ for (i = 1; i < max_keys; i++) {
+ PSA_ASSERT(psa_close_key(keys[i - 1]));
+ PSA_ASSERT(psa_export_key(keys[i],
+ exported, sizeof(exported),
+ &exported_length));
+ ASSERT_COMPARE(exported, exported_length,
+ (uint8_t *) &i, sizeof(i));
}
- PSA_ASSERT( psa_close_key( keys[i - 1] ) );
+ PSA_ASSERT(psa_close_key(keys[i - 1]));
exit:
- PSA_DONE( );
- mbedtls_free( keys );
+ PSA_DONE();
+ mbedtls_free(keys);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
-void key_slot_eviction_to_import_new_key( int lifetime_arg )
+void key_slot_eviction_to_import_new_key(int lifetime_arg)
{
- psa_key_lifetime_t lifetime = (psa_key_lifetime_t)lifetime_arg;
+ psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg;
size_t i;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- uint8_t exported[sizeof( size_t )];
+ uint8_t exported[sizeof(size_t)];
size_t exported_length;
mbedtls_svc_key_id_t key, returned_key_id;
- PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
- psa_set_key_algorithm( &attributes, 0 );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
+ psa_set_key_algorithm(&attributes, 0);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA);
/*
* Create MBEDTLS_PSA_KEY_SLOT_COUNT persistent keys.
*/
- for( i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++ )
- {
- key = mbedtls_svc_key_id_make( i, i + 1 );
- psa_set_key_id( &attributes, key );
- PSA_ASSERT( psa_import_key( &attributes,
- (uint8_t *) &i, sizeof( i ),
- &returned_key_id ) );
- TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, key ) );
+ for (i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++) {
+ key = mbedtls_svc_key_id_make(i, i + 1);
+ psa_set_key_id(&attributes, key);
+ PSA_ASSERT(psa_import_key(&attributes,
+ (uint8_t *) &i, sizeof(i),
+ &returned_key_id));
+ TEST_ASSERT(mbedtls_svc_key_id_equal(returned_key_id, key));
}
/*
@@ -902,18 +886,19 @@
* description in RAM.
*/
i = MBEDTLS_PSA_KEY_SLOT_COUNT;
- key = mbedtls_svc_key_id_make( i, i + 1 );
- psa_set_key_id( &attributes, key );
- psa_set_key_lifetime( &attributes, lifetime );
+ key = mbedtls_svc_key_id_make(i, i + 1);
+ psa_set_key_id(&attributes, key);
+ psa_set_key_lifetime(&attributes, lifetime);
- PSA_ASSERT( psa_import_key( &attributes,
- (uint8_t *) &i, sizeof( i ),
- &returned_key_id ) );
- if( lifetime != PSA_KEY_LIFETIME_VOLATILE )
- TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, key ) );
- else
- TEST_ASSERT( psa_key_id_is_volatile(
- MBEDTLS_SVC_KEY_ID_GET_KEY_ID( returned_key_id ) ) );
+ PSA_ASSERT(psa_import_key(&attributes,
+ (uint8_t *) &i, sizeof(i),
+ &returned_key_id));
+ if (lifetime != PSA_KEY_LIFETIME_VOLATILE) {
+ TEST_ASSERT(mbedtls_svc_key_id_equal(returned_key_id, key));
+ } else {
+ TEST_ASSERT(psa_key_id_is_volatile(
+ MBEDTLS_SVC_KEY_ID_GET_KEY_ID(returned_key_id)));
+ }
/*
* Check that we can export all ( MBEDTLS_PSA_KEY_SLOT_COUNT + 1 ) keys,
@@ -922,120 +907,118 @@
* slots when creating the last key is restored in a RAM slot to export
* its value.
*/
- for( i = 0; i <= MBEDTLS_PSA_KEY_SLOT_COUNT; i++ )
- {
- if( i < MBEDTLS_PSA_KEY_SLOT_COUNT )
- key = mbedtls_svc_key_id_make( i, i + 1 );
- else
+ for (i = 0; i <= MBEDTLS_PSA_KEY_SLOT_COUNT; i++) {
+ if (i < MBEDTLS_PSA_KEY_SLOT_COUNT) {
+ key = mbedtls_svc_key_id_make(i, i + 1);
+ } else {
key = returned_key_id;
+ }
- PSA_ASSERT( psa_export_key( key,
- exported, sizeof( exported ),
- &exported_length ) );
- ASSERT_COMPARE( exported, exported_length,
- (uint8_t *) &i, sizeof( i ) );
- PSA_ASSERT( psa_destroy_key( key ) );
+ PSA_ASSERT(psa_export_key(key,
+ exported, sizeof(exported),
+ &exported_length));
+ ASSERT_COMPARE(exported, exported_length,
+ (uint8_t *) &i, sizeof(i));
+ PSA_ASSERT(psa_destroy_key(key));
}
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
-void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( )
+void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation()
{
psa_status_t status;
size_t i;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- uint8_t exported[sizeof( size_t )];
+ uint8_t exported[sizeof(size_t)];
size_t exported_length;
mbedtls_svc_key_id_t persistent_key = MBEDTLS_SVC_KEY_ID_INIT;
mbedtls_svc_key_id_t persistent_key2 = MBEDTLS_SVC_KEY_ID_INIT;
mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT;
mbedtls_svc_key_id_t *keys = NULL;
- TEST_ASSERT( MBEDTLS_PSA_KEY_SLOT_COUNT >= 1 );
+ TEST_ASSERT(MBEDTLS_PSA_KEY_SLOT_COUNT >= 1);
- ASSERT_ALLOC( keys, MBEDTLS_PSA_KEY_SLOT_COUNT );
- PSA_ASSERT( psa_crypto_init( ) );
+ ASSERT_ALLOC(keys, MBEDTLS_PSA_KEY_SLOT_COUNT);
+ PSA_ASSERT(psa_crypto_init());
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY );
- psa_set_key_algorithm( &attributes, 0 );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY);
+ psa_set_key_algorithm(&attributes, 0);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA);
/*
* Create a persistent key
*/
- persistent_key = mbedtls_svc_key_id_make( 0x100, 0x205 );
- psa_set_key_id( &attributes, persistent_key );
- PSA_ASSERT( psa_import_key( &attributes,
- (uint8_t *) &persistent_key,
- sizeof( persistent_key ),
- &returned_key_id ) );
- TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, persistent_key ) );
+ persistent_key = mbedtls_svc_key_id_make(0x100, 0x205);
+ psa_set_key_id(&attributes, persistent_key);
+ PSA_ASSERT(psa_import_key(&attributes,
+ (uint8_t *) &persistent_key,
+ sizeof(persistent_key),
+ &returned_key_id));
+ TEST_ASSERT(mbedtls_svc_key_id_equal(returned_key_id, persistent_key));
/*
* Create MBEDTLS_PSA_KEY_SLOT_COUNT volatile keys
*/
- psa_set_key_lifetime( &attributes, PSA_KEY_LIFETIME_VOLATILE );
- for( i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++ )
- {
- PSA_ASSERT( psa_import_key( &attributes,
- (uint8_t *) &i, sizeof( i ),
- &keys[i]) );
+ psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
+ for (i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++) {
+ PSA_ASSERT(psa_import_key(&attributes,
+ (uint8_t *) &i, sizeof(i),
+ &keys[i]));
}
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
/*
* Check that we cannot access the persistent key as all slots are
* occupied by volatile keys and the implementation needs to load the
* persistent key description in a slot to be able to access it.
*/
- status = psa_get_key_attributes( persistent_key, &attributes );
- TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_MEMORY );
+ status = psa_get_key_attributes(persistent_key, &attributes);
+ TEST_EQUAL(status, PSA_ERROR_INSUFFICIENT_MEMORY);
/*
* Check we can export the volatile key created last and that it has the
* expected value. Then, destroy it.
*/
- PSA_ASSERT( psa_export_key( keys[MBEDTLS_PSA_KEY_SLOT_COUNT - 1],
- exported, sizeof( exported ),
- &exported_length ) );
+ PSA_ASSERT(psa_export_key(keys[MBEDTLS_PSA_KEY_SLOT_COUNT - 1],
+ exported, sizeof(exported),
+ &exported_length));
i = MBEDTLS_PSA_KEY_SLOT_COUNT - 1;
- ASSERT_COMPARE( exported, exported_length, (uint8_t *) &i, sizeof( i ) );
- PSA_ASSERT( psa_destroy_key( keys[MBEDTLS_PSA_KEY_SLOT_COUNT - 1] ) );
+ ASSERT_COMPARE(exported, exported_length, (uint8_t *) &i, sizeof(i));
+ PSA_ASSERT(psa_destroy_key(keys[MBEDTLS_PSA_KEY_SLOT_COUNT - 1]));
/*
* Check that we can now access the persistent key again.
*/
- PSA_ASSERT( psa_get_key_attributes( persistent_key, &attributes ) );
- TEST_ASSERT( mbedtls_svc_key_id_equal( attributes.core.id,
- persistent_key ) );
+ PSA_ASSERT(psa_get_key_attributes(persistent_key, &attributes));
+ TEST_ASSERT(mbedtls_svc_key_id_equal(attributes.core.id,
+ persistent_key));
/*
* Check that we cannot copy the persistent key as all slots are occupied
* by the persistent key and the volatile keys and the slot containing the
* persistent key cannot be reclaimed as it contains the key to copy.
*/
- persistent_key2 = mbedtls_svc_key_id_make( 0x100, 0x204 );
- psa_set_key_id( &attributes, persistent_key2 );
- status = psa_copy_key( persistent_key, &attributes, &returned_key_id );
- TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_MEMORY );
+ persistent_key2 = mbedtls_svc_key_id_make(0x100, 0x204);
+ psa_set_key_id(&attributes, persistent_key2);
+ status = psa_copy_key(persistent_key, &attributes, &returned_key_id);
+ TEST_EQUAL(status, PSA_ERROR_INSUFFICIENT_MEMORY);
/*
* Check we can export the remaining volatile keys and that they have the
* expected values.
*/
- for( i = 0; i < ( MBEDTLS_PSA_KEY_SLOT_COUNT - 1 ); i++ )
- {
- PSA_ASSERT( psa_export_key( keys[i],
- exported, sizeof( exported ),
- &exported_length ) );
- ASSERT_COMPARE( exported, exported_length,
- (uint8_t *) &i, sizeof( i ) );
- PSA_ASSERT( psa_destroy_key( keys[i] ) );
+ for (i = 0; i < (MBEDTLS_PSA_KEY_SLOT_COUNT - 1); i++) {
+ PSA_ASSERT(psa_export_key(keys[i],
+ exported, sizeof(exported),
+ &exported_length));
+ ASSERT_COMPARE(exported, exported_length,
+ (uint8_t *) &i, sizeof(i));
+ PSA_ASSERT(psa_destroy_key(keys[i]));
}
/*
@@ -1043,19 +1026,19 @@
* value.
*/
- PSA_ASSERT( psa_export_key( persistent_key, exported, sizeof( exported ),
- &exported_length ) );
- ASSERT_COMPARE( exported, exported_length,
- (uint8_t *) &persistent_key, sizeof( persistent_key ) );
+ PSA_ASSERT(psa_export_key(persistent_key, exported, sizeof(exported),
+ &exported_length));
+ ASSERT_COMPARE(exported, exported_length,
+ (uint8_t *) &persistent_key, sizeof(persistent_key));
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- psa_destroy_key( persistent_key );
- PSA_DONE( );
- mbedtls_free( keys );
+ psa_destroy_key(persistent_key);
+ PSA_DONE();
+ mbedtls_free(keys);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function
index 7f0a00e..ee66f7d 100644
--- a/tests/suites/test_suite_psa_crypto_storage_format.function
+++ b/tests/suites/test_suite_psa_crypto_storage_format.function
@@ -16,10 +16,10 @@
* On error, including if the key representation in storage differs,
* mark the test case as failed and return 0. On success, return 1.
*/
-static int test_written_key( const psa_key_attributes_t *attributes,
- const data_t *material,
- psa_storage_uid_t uid,
- const data_t *expected_representation )
+static int test_written_key(const psa_key_attributes_t *attributes,
+ const data_t *material,
+ psa_storage_uid_t uid,
+ const data_t *expected_representation)
{
mbedtls_svc_key_id_t created_key_id = MBEDTLS_SVC_KEY_ID_INIT;
uint8_t *actual_representation = NULL;
@@ -28,136 +28,153 @@
int ok = 0;
/* Create a key with the given parameters. */
- PSA_ASSERT( psa_import_key( attributes, material->x, material->len,
- &created_key_id ) );
- TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( attributes ),
- created_key_id ) );
+ PSA_ASSERT(psa_import_key(attributes, material->x, material->len,
+ &created_key_id));
+ TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(attributes),
+ created_key_id));
/* Check that the key is represented as expected. */
- PSA_ASSERT( psa_its_get_info( uid, &storage_info ) );
- TEST_EQUAL( storage_info.size, expected_representation->len );
- ASSERT_ALLOC( actual_representation, storage_info.size );
- PSA_ASSERT( psa_its_get( uid, 0, storage_info.size,
- actual_representation, &length ) );
- ASSERT_COMPARE( expected_representation->x, expected_representation->len,
- actual_representation, length );
+ PSA_ASSERT(psa_its_get_info(uid, &storage_info));
+ TEST_EQUAL(storage_info.size, expected_representation->len);
+ ASSERT_ALLOC(actual_representation, storage_info.size);
+ PSA_ASSERT(psa_its_get(uid, 0, storage_info.size,
+ actual_representation, &length));
+ ASSERT_COMPARE(expected_representation->x, expected_representation->len,
+ actual_representation, length);
ok = 1;
exit:
- mbedtls_free( actual_representation );
- return( ok );
+ mbedtls_free(actual_representation);
+ return ok;
}
/** Check if a key is exportable. */
-static int can_export( const psa_key_attributes_t *attributes )
+static int can_export(const psa_key_attributes_t *attributes)
{
- if( psa_get_key_usage_flags( attributes ) & PSA_KEY_USAGE_EXPORT )
- return( 1 );
- else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( attributes ) ) )
- return( 1 );
- else
- return( 0 );
+ if (psa_get_key_usage_flags(attributes) & PSA_KEY_USAGE_EXPORT) {
+ return 1;
+ } else if (PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(attributes))) {
+ return 1;
+ } else {
+ return 0;
+ }
}
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-static int is_accelerated_rsa( psa_algorithm_t alg )
+static int is_accelerated_rsa(psa_algorithm_t alg)
{
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN)
- if ( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
- return( 1 );
+ if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)) {
+ return 1;
+ }
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
- if( PSA_ALG_IS_RSA_PSS( alg ) )
- return( 1 );
+ if (PSA_ALG_IS_RSA_PSS(alg)) {
+ return 1;
+ }
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
- if( PSA_ALG_IS_RSA_OAEP( alg ) )
- return( 1 );
+ if (PSA_ALG_IS_RSA_OAEP(alg)) {
+ return 1;
+ }
#endif
(void) alg;
- return( 0 );
+ return 0;
}
/* Whether the algorithm is implemented as a builtin, i.e. not accelerated,
* and calls mbedtls_md() functions that require the hash algorithm to
* also be built-in. */
-static int is_builtin_calling_md( psa_algorithm_t alg )
+static int is_builtin_calling_md(psa_algorithm_t alg)
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
- if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
- return( 1 );
+ if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)) {
+ return 1;
+ }
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
- if( PSA_ALG_IS_RSA_PSS( alg ) )
- return( 1 );
+ if (PSA_ALG_IS_RSA_PSS(alg)) {
+ return 1;
+ }
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
- if( PSA_ALG_IS_RSA_OAEP( alg ) )
- return( 1 );
+ if (PSA_ALG_IS_RSA_OAEP(alg)) {
+ return 1;
+ }
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
- if( PSA_ALG_IS_DETERMINISTIC_ECDSA( alg ) )
- return( 1 );
+ if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)) {
+ return 1;
+ }
#endif
(void) alg;
- return( 0 );
+ return 0;
}
-static int has_builtin_hash( psa_algorithm_t alg )
+static int has_builtin_hash(psa_algorithm_t alg)
{
#if !defined(MBEDTLS_MD2_C)
- if( alg == PSA_ALG_MD2 )
- return( 0 );
+ if (alg == PSA_ALG_MD2) {
+ return 0;
+ }
#endif
#if !defined(MBEDTLS_MD4_C)
- if( alg == PSA_ALG_MD4 )
- return( 0 );
+ if (alg == PSA_ALG_MD4) {
+ return 0;
+ }
#endif
#if !defined(MBEDTLS_MD5_C)
- if( alg == PSA_ALG_MD5 )
- return( 0 );
+ if (alg == PSA_ALG_MD5) {
+ return 0;
+ }
#endif
#if !defined(MBEDTLS_RIPEMD160_C)
- if( alg == PSA_ALG_RIPEMD160 )
- return( 0 );
+ if (alg == PSA_ALG_RIPEMD160) {
+ return 0;
+ }
#endif
#if !defined(MBEDTLS_SHA1_C)
- if( alg == PSA_ALG_SHA_1 )
- return( 0 );
+ if (alg == PSA_ALG_SHA_1) {
+ return 0;
+ }
#endif
#if !defined(MBEDTLS_SHA224_C)
- if( alg == PSA_ALG_SHA_224 )
- return( 0 );
+ if (alg == PSA_ALG_SHA_224) {
+ return 0;
+ }
#endif
#if !defined(MBEDTLS_SHA256_C)
- if( alg == PSA_ALG_SHA_256 )
- return( 0 );
+ if (alg == PSA_ALG_SHA_256) {
+ return 0;
+ }
#endif
#if !defined(MBEDTLS_SHA384_C)
- if( alg == PSA_ALG_SHA_384 )
- return( 0 );
+ if (alg == PSA_ALG_SHA_384) {
+ return 0;
+ }
#endif
#if !defined(MBEDTLS_SHA512_C)
- if( alg == PSA_ALG_SHA_512 )
- return( 0 );
+ if (alg == PSA_ALG_SHA_512) {
+ return 0;
+ }
#endif
(void) alg;
- return( 1 );
+ return 1;
}
#endif
/* Mbed TLS doesn't support certain combinations of key type and algorithm
* in certain configurations. */
-static int can_exercise( const psa_key_attributes_t *attributes )
+static int can_exercise(const psa_key_attributes_t *attributes)
{
- psa_key_type_t key_type = psa_get_key_type( attributes );
- psa_algorithm_t alg = psa_get_key_algorithm( attributes );
+ psa_key_type_t key_type = psa_get_key_type(attributes);
+ psa_algorithm_t alg = psa_get_key_algorithm(attributes);
psa_algorithm_t hash_alg =
- PSA_ALG_IS_HASH_AND_SIGN( alg ) ? PSA_ALG_SIGN_GET_HASH( alg ) :
- PSA_ALG_IS_RSA_OAEP( alg ) ? PSA_ALG_RSA_OAEP_GET_HASH( alg ) :
+ PSA_ALG_IS_HASH_AND_SIGN(alg) ? PSA_ALG_SIGN_GET_HASH(alg) :
+ PSA_ALG_IS_RSA_OAEP(alg) ? PSA_ALG_RSA_OAEP_GET_HASH(alg) :
PSA_ALG_NONE;
- psa_key_usage_t usage = psa_get_key_usage_flags( attributes );
+ psa_key_usage_t usage = psa_get_key_usage_flags(attributes);
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
/* We test some configurations using drivers where the driver doesn't
@@ -171,32 +188,28 @@
* affected. All RSA signatures are affected except raw PKCS#1v1.5.
* OAEP is also affected.
*/
- if( PSA_ALG_IS_DETERMINISTIC_ECDSA( alg ) &&
- ! ( usage & ( PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE ) ) )
- {
+ if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) &&
+ !(usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE))) {
/* Verification only. Verification doesn't use the hash algorithm. */
- return( 1 );
+ return 1;
}
#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
- if( PSA_ALG_IS_DETERMINISTIC_ECDSA( alg ) &&
- ( hash_alg == PSA_ALG_MD5 ||
- hash_alg == PSA_ALG_RIPEMD160 ||
- hash_alg == PSA_ALG_SHA_1 ) )
- {
- return( 0 );
+ if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) &&
+ (hash_alg == PSA_ALG_MD5 ||
+ hash_alg == PSA_ALG_RIPEMD160 ||
+ hash_alg == PSA_ALG_SHA_1)) {
+ return 0;
}
#endif
- if( is_accelerated_rsa( alg ) &&
- ( hash_alg == PSA_ALG_RIPEMD160 || hash_alg == PSA_ALG_SHA_384 ) )
- {
- return( 0 );
+ if (is_accelerated_rsa(alg) &&
+ (hash_alg == PSA_ALG_RIPEMD160 || hash_alg == PSA_ALG_SHA_384)) {
+ return 0;
}
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
- if( PSA_ALG_IS_RSA_OAEP( alg ) &&
- ( hash_alg == PSA_ALG_RIPEMD160 || hash_alg == PSA_ALG_SHA_384 ) )
- {
- return( 0 );
+ if (PSA_ALG_IS_RSA_OAEP(alg) &&
+ (hash_alg == PSA_ALG_RIPEMD160 || hash_alg == PSA_ALG_SHA_384)) {
+ return 0;
}
#endif
@@ -204,9 +217,8 @@
* hash internally only dispatch to the internal md module, not to
* PSA. Until this is supported, don't try to actually perform
* operations when the operation is built-in and the hash isn't. */
- if( is_builtin_calling_md( alg ) && ! has_builtin_hash( hash_alg ) )
- {
- return( 0 );
+ if (is_builtin_calling_md(alg) && !has_builtin_hash(hash_alg)) {
+ return 0;
}
#endif /* MBEDTLS_TEST_LIBTESTDRIVER1 */
@@ -214,7 +226,7 @@
(void) alg;
(void) hash_alg;
(void) usage;
- return( 1 );
+ return 1;
}
/** Write a key with the given representation to storage, then check
@@ -223,78 +235,73 @@
* On error, including if the key representation in storage differs,
* mark the test case as failed and return 0. On success, return 1.
*/
-static int test_read_key( const psa_key_attributes_t *expected_attributes,
- const data_t *expected_material,
- psa_storage_uid_t uid,
- const data_t *representation,
- int flags )
+static int test_read_key(const psa_key_attributes_t *expected_attributes,
+ const data_t *expected_material,
+ psa_storage_uid_t uid,
+ const data_t *representation,
+ int flags)
{
psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT;
- mbedtls_svc_key_id_t key_id = psa_get_key_id( expected_attributes );
+ mbedtls_svc_key_id_t key_id = psa_get_key_id(expected_attributes);
struct psa_storage_info_t storage_info;
int ok = 0;
uint8_t *exported_material = NULL;
size_t length;
/* Prime the storage with a key file. */
- PSA_ASSERT( psa_its_set( uid, representation->len, representation->x, 0 ) );
+ PSA_ASSERT(psa_its_set(uid, representation->len, representation->x, 0));
/* Check that the injected key exists and looks as expected. */
- PSA_ASSERT( psa_get_key_attributes( key_id, &actual_attributes ) );
- TEST_ASSERT( mbedtls_svc_key_id_equal( key_id,
- psa_get_key_id( &actual_attributes ) ) );
- TEST_EQUAL( psa_get_key_lifetime( expected_attributes ),
- psa_get_key_lifetime( &actual_attributes ) );
- TEST_EQUAL( psa_get_key_type( expected_attributes ),
- psa_get_key_type( &actual_attributes ) );
- TEST_EQUAL( psa_get_key_bits( expected_attributes ),
- psa_get_key_bits( &actual_attributes ) );
- TEST_EQUAL( psa_get_key_usage_flags( expected_attributes ),
- psa_get_key_usage_flags( &actual_attributes ) );
- TEST_EQUAL( psa_get_key_algorithm( expected_attributes ),
- psa_get_key_algorithm( &actual_attributes ) );
- TEST_EQUAL( psa_get_key_enrollment_algorithm( expected_attributes ),
- psa_get_key_enrollment_algorithm( &actual_attributes ) );
- if( can_export( expected_attributes ) )
- {
- ASSERT_ALLOC( exported_material, expected_material->len );
- PSA_ASSERT( psa_export_key( key_id,
- exported_material, expected_material->len,
- &length ) );
- ASSERT_COMPARE( expected_material->x, expected_material->len,
- exported_material, length );
+ PSA_ASSERT(psa_get_key_attributes(key_id, &actual_attributes));
+ TEST_ASSERT(mbedtls_svc_key_id_equal(key_id,
+ psa_get_key_id(&actual_attributes)));
+ TEST_EQUAL(psa_get_key_lifetime(expected_attributes),
+ psa_get_key_lifetime(&actual_attributes));
+ TEST_EQUAL(psa_get_key_type(expected_attributes),
+ psa_get_key_type(&actual_attributes));
+ TEST_EQUAL(psa_get_key_bits(expected_attributes),
+ psa_get_key_bits(&actual_attributes));
+ TEST_EQUAL(psa_get_key_usage_flags(expected_attributes),
+ psa_get_key_usage_flags(&actual_attributes));
+ TEST_EQUAL(psa_get_key_algorithm(expected_attributes),
+ psa_get_key_algorithm(&actual_attributes));
+ TEST_EQUAL(psa_get_key_enrollment_algorithm(expected_attributes),
+ psa_get_key_enrollment_algorithm(&actual_attributes));
+ if (can_export(expected_attributes)) {
+ ASSERT_ALLOC(exported_material, expected_material->len);
+ PSA_ASSERT(psa_export_key(key_id,
+ exported_material, expected_material->len,
+ &length));
+ ASSERT_COMPARE(expected_material->x, expected_material->len,
+ exported_material, length);
}
- if( ( flags & TEST_FLAG_EXERCISE ) && can_exercise( &actual_attributes ) )
- {
- TEST_ASSERT( mbedtls_test_psa_exercise_key(
- key_id,
- psa_get_key_usage_flags( expected_attributes ),
- psa_get_key_algorithm( expected_attributes ) ) );
+ if ((flags & TEST_FLAG_EXERCISE) && can_exercise(&actual_attributes)) {
+ TEST_ASSERT(mbedtls_test_psa_exercise_key(
+ key_id,
+ psa_get_key_usage_flags(expected_attributes),
+ psa_get_key_algorithm(expected_attributes)));
}
- if( flags & TEST_FLAG_READ_ONLY )
- {
+ if (flags & TEST_FLAG_READ_ONLY) {
/* Read-only keys cannot be removed through the API.
* The key will be removed through ITS in the cleanup code below. */
- TEST_EQUAL( PSA_ERROR_NOT_PERMITTED, psa_destroy_key( key_id ) );
- }
- else
- {
+ TEST_EQUAL(PSA_ERROR_NOT_PERMITTED, psa_destroy_key(key_id));
+ } else {
/* Destroy the key. Confirm through direct access to the storage. */
- PSA_ASSERT( psa_destroy_key( key_id ) );
- TEST_EQUAL( PSA_ERROR_DOES_NOT_EXIST,
- psa_its_get_info( uid, &storage_info ) );
+ PSA_ASSERT(psa_destroy_key(key_id));
+ TEST_EQUAL(PSA_ERROR_DOES_NOT_EXIST,
+ psa_its_get_info(uid, &storage_info));
}
ok = 1;
exit:
- psa_reset_key_attributes( &actual_attributes );
- psa_its_remove( uid );
- mbedtls_free( exported_material );
- return( ok );
+ psa_reset_key_attributes(&actual_attributes);
+ psa_its_remove(uid);
+ mbedtls_free(exported_material);
+ return ok;
}
/* END_HEADER */
@@ -305,10 +312,10 @@
*/
/* BEGIN_CASE */
-void key_storage_save( int lifetime_arg, int type_arg, int bits_arg,
- int usage_arg, int alg_arg, int alg2_arg,
- data_t *material,
- data_t *representation )
+void key_storage_save(int lifetime_arg, int type_arg, int bits_arg,
+ int usage_arg, int alg_arg, int alg2_arg,
+ data_t *material,
+ data_t *representation)
{
/* Forward compatibility: save a key in the current format and
* check that it has the expected format so that future versions
@@ -320,40 +327,40 @@
psa_key_usage_t usage = usage_arg;
psa_algorithm_t alg = alg_arg;
psa_algorithm_t alg2 = alg2_arg;
- mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 0, 1 );
+ mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(0, 1);
psa_storage_uid_t uid = 1;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_INIT( );
- TEST_USES_KEY_ID( key_id );
+ PSA_INIT();
+ TEST_USES_KEY_ID(key_id);
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_id( &attributes, key_id );
- psa_set_key_type( &attributes, type );
- psa_set_key_bits( &attributes, bits );
- psa_set_key_usage_flags( &attributes, usage );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_enrollment_algorithm( &attributes, alg2 );
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_id(&attributes, key_id);
+ psa_set_key_type(&attributes, type);
+ psa_set_key_bits(&attributes, bits);
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_enrollment_algorithm(&attributes, alg2);
/* This is the current storage format. Test that we know exactly how
* the key is stored. The stability of the test data in future
* versions of Mbed TLS will guarantee that future versions
* can read back what this version wrote. */
- TEST_ASSERT( test_written_key( &attributes, material,
- uid, representation ) );
+ TEST_ASSERT(test_written_key(&attributes, material,
+ uid, representation));
exit:
- psa_reset_key_attributes( &attributes );
- psa_destroy_key( key_id );
- PSA_DONE( );
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key_id);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void key_storage_read( int lifetime_arg, int type_arg, int bits_arg,
- int usage_arg, int alg_arg, int alg2_arg,
- data_t *material,
- data_t *representation, int flags )
+void key_storage_read(int lifetime_arg, int type_arg, int bits_arg,
+ int usage_arg, int alg_arg, int alg2_arg,
+ data_t *material,
+ data_t *representation, int flags)
{
/* Backward compatibility: read a key in the format of a past version
* and check that this version can use it. */
@@ -364,29 +371,29 @@
psa_key_usage_t usage = usage_arg;
psa_algorithm_t alg = alg_arg;
psa_algorithm_t alg2 = alg2_arg;
- mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 0, 1 );
+ mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(0, 1);
psa_storage_uid_t uid = 1;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_INIT( );
- TEST_USES_KEY_ID( key_id );
+ PSA_INIT();
+ TEST_USES_KEY_ID(key_id);
- psa_set_key_lifetime( &attributes, lifetime );
- psa_set_key_id( &attributes, key_id );
- psa_set_key_type( &attributes, type );
- psa_set_key_bits( &attributes, bits );
- psa_set_key_usage_flags( &attributes, usage );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_enrollment_algorithm( &attributes, alg2 );
+ psa_set_key_lifetime(&attributes, lifetime);
+ psa_set_key_id(&attributes, key_id);
+ psa_set_key_type(&attributes, type);
+ psa_set_key_bits(&attributes, bits);
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_enrollment_algorithm(&attributes, alg2);
/* Test that we can use a key with the given representation. This
* guarantees backward compatibility with keys that were stored by
* past versions of Mbed TLS. */
- TEST_ASSERT( test_read_key( &attributes, material,
- uid, representation, flags ) );
+ TEST_ASSERT(test_read_key(&attributes, material,
+ uid, representation, flags));
exit:
- psa_reset_key_attributes( &attributes );
- PSA_DONE( );
+ psa_reset_key_attributes(&attributes);
+ PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function
index 12878b5..7864b9c 100644
--- a/tests/suites/test_suite_psa_its.function
+++ b/tests/suites/test_suite_psa_its.function
@@ -20,23 +20,23 @@
#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08lx%08lx"
#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
#define PSA_ITS_STORAGE_FILENAME_LENGTH \
- ( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
- 16 + /*UID (64-bit number in hex)*/ \
- 16 + /*UID (64-bit number in hex)*/ \
- sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \
- 1 /*terminating null byte*/ )
+ (sizeof(PSA_ITS_STORAGE_PREFIX) - 1 + /*prefix without terminating 0*/ \
+ 16 + /*UID (64-bit number in hex)*/ \
+ 16 + /*UID (64-bit number in hex)*/ \
+ sizeof(PSA_ITS_STORAGE_SUFFIX) - 1 + /*suffix without terminating 0*/ \
+ 1 /*terminating null byte*/)
#define PSA_ITS_STORAGE_TEMP \
PSA_ITS_STORAGE_PREFIX "tempfile" PSA_ITS_STORAGE_SUFFIX
-static void psa_its_fill_filename( psa_storage_uid_t uid, char *filename )
+static void psa_its_fill_filename(psa_storage_uid_t uid, char *filename)
{
/* Break up the UID into two 32-bit pieces so as not to rely on
* long long support in snprintf. */
- mbedtls_snprintf( filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
- "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
- PSA_ITS_STORAGE_PREFIX,
- (unsigned long) ( uid >> 32 ),
- (unsigned long) ( uid & 0xffffffff ),
- PSA_ITS_STORAGE_SUFFIX );
+ mbedtls_snprintf(filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
+ "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
+ PSA_ITS_STORAGE_PREFIX,
+ (unsigned long) (uid >> 32),
+ (unsigned long) (uid & 0xffffffff),
+ PSA_ITS_STORAGE_SUFFIX);
}
/* Maximum uid used by the test, recorded so that cleanup() can delete
@@ -44,7 +44,7 @@
* need to and should not be taken into account for uid_max. */
static psa_storage_uid_t uid_max = 0;
-static void cleanup( void )
+static void cleanup(void)
{
/* Call remove() on all the files that a test might have created.
* We ignore the error if the file exists but remove() fails because
@@ -55,25 +55,25 @@
* test case. */
char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
psa_storage_uid_t uid;
- for( uid = 0; uid < uid_max; uid++ )
- {
- psa_its_fill_filename( uid, filename );
- (void) remove( filename );
+ for (uid = 0; uid < uid_max; uid++) {
+ psa_its_fill_filename(uid, filename);
+ (void) remove(filename);
}
- psa_its_fill_filename( (psa_storage_uid_t)( -1 ), filename );
- (void) remove( filename );
- (void) remove( PSA_ITS_STORAGE_TEMP );
+ psa_its_fill_filename((psa_storage_uid_t) (-1), filename);
+ (void) remove(filename);
+ (void) remove(PSA_ITS_STORAGE_TEMP);
uid_max = 0;
}
-static psa_status_t psa_its_set_wrap( psa_storage_uid_t uid,
- uint32_t data_length,
- const void *p_data,
- psa_storage_create_flags_t create_flags )
+static psa_status_t psa_its_set_wrap(psa_storage_uid_t uid,
+ uint32_t data_length,
+ const void *p_data,
+ psa_storage_create_flags_t create_flags)
{
- if( uid_max != (psa_storage_uid_t)( -1 ) && uid_max < uid )
+ if (uid_max != (psa_storage_uid_t) (-1) && uid_max < uid) {
uid_max = uid;
- return( psa_its_set( uid, data_length, p_data, create_flags ) );
+ }
+ return psa_its_set(uid, data_length, p_data, create_flags);
}
/* END_HEADER */
@@ -84,7 +84,7 @@
*/
/* BEGIN_CASE */
-void set_get_remove( int uid_arg, int flags_arg, data_t *data )
+void set_get_remove(int uid_arg, int flags_arg, data_t *data)
{
psa_storage_uid_t uid = uid_arg;
uint32_t flags = flags_arg;
@@ -92,28 +92,28 @@
unsigned char *buffer = NULL;
size_t ret_len = 0;
- ASSERT_ALLOC( buffer, data->len );
+ ASSERT_ALLOC(buffer, data->len);
- PSA_ASSERT( psa_its_set_wrap( uid, data->len, data->x, flags ) );
+ PSA_ASSERT(psa_its_set_wrap(uid, data->len, data->x, flags));
- PSA_ASSERT( psa_its_get_info( uid, &info ) );
- TEST_ASSERT( info.size == data->len );
- TEST_ASSERT( info.flags == flags );
- PSA_ASSERT( psa_its_get( uid, 0, data->len, buffer, &ret_len ) );
- ASSERT_COMPARE( data->x, data->len, buffer, ret_len );
+ PSA_ASSERT(psa_its_get_info(uid, &info));
+ TEST_ASSERT(info.size == data->len);
+ TEST_ASSERT(info.flags == flags);
+ PSA_ASSERT(psa_its_get(uid, 0, data->len, buffer, &ret_len));
+ ASSERT_COMPARE(data->x, data->len, buffer, ret_len);
- PSA_ASSERT( psa_its_remove( uid ) );
+ PSA_ASSERT(psa_its_remove(uid));
exit:
- mbedtls_free( buffer );
- cleanup( );
+ mbedtls_free(buffer);
+ cleanup();
}
/* END_CASE */
/* BEGIN_CASE */
-void set_overwrite( int uid_arg,
- int flags1_arg, data_t *data1,
- int flags2_arg, data_t *data2 )
+void set_overwrite(int uid_arg,
+ int flags1_arg, data_t *data1,
+ int flags2_arg, data_t *data2)
{
psa_storage_uid_t uid = uid_arg;
uint32_t flags1 = flags1_arg;
@@ -122,33 +122,33 @@
unsigned char *buffer = NULL;
size_t ret_len = 0;
- ASSERT_ALLOC( buffer, MAX( data1->len, data2->len ) );
+ ASSERT_ALLOC(buffer, MAX(data1->len, data2->len));
- PSA_ASSERT( psa_its_set_wrap( uid, data1->len, data1->x, flags1 ) );
- PSA_ASSERT( psa_its_get_info( uid, &info ) );
- TEST_ASSERT( info.size == data1->len );
- TEST_ASSERT( info.flags == flags1 );
- PSA_ASSERT( psa_its_get( uid, 0, data1->len, buffer, &ret_len ) );
- ASSERT_COMPARE( data1->x, data1->len, buffer, ret_len );
+ PSA_ASSERT(psa_its_set_wrap(uid, data1->len, data1->x, flags1));
+ PSA_ASSERT(psa_its_get_info(uid, &info));
+ TEST_ASSERT(info.size == data1->len);
+ TEST_ASSERT(info.flags == flags1);
+ PSA_ASSERT(psa_its_get(uid, 0, data1->len, buffer, &ret_len));
+ ASSERT_COMPARE(data1->x, data1->len, buffer, ret_len);
- PSA_ASSERT( psa_its_set_wrap( uid, data2->len, data2->x, flags2 ) );
- PSA_ASSERT( psa_its_get_info( uid, &info ) );
- TEST_ASSERT( info.size == data2->len );
- TEST_ASSERT( info.flags == flags2 );
+ PSA_ASSERT(psa_its_set_wrap(uid, data2->len, data2->x, flags2));
+ PSA_ASSERT(psa_its_get_info(uid, &info));
+ TEST_ASSERT(info.size == data2->len);
+ TEST_ASSERT(info.flags == flags2);
ret_len = 0;
- PSA_ASSERT( psa_its_get( uid, 0, data2->len, buffer, &ret_len ) );
- ASSERT_COMPARE( data2->x, data2->len, buffer, ret_len );
+ PSA_ASSERT(psa_its_get(uid, 0, data2->len, buffer, &ret_len));
+ ASSERT_COMPARE(data2->x, data2->len, buffer, ret_len);
- PSA_ASSERT( psa_its_remove( uid ) );
+ PSA_ASSERT(psa_its_remove(uid));
exit:
- mbedtls_free( buffer );
- cleanup( );
+ mbedtls_free(buffer);
+ cleanup();
}
/* END_CASE */
/* BEGIN_CASE */
-void set_multiple( int first_id, int count )
+void set_multiple(int first_id, int count)
{
psa_storage_uid_t uid0 = first_id;
psa_storage_uid_t uid;
@@ -156,58 +156,55 @@
char retrieved[40];
size_t ret_len = 0;
- memset( stored, '.', sizeof( stored ) );
- for( uid = uid0; uid < uid0 + count; uid++ )
- {
- mbedtls_snprintf( stored, sizeof( stored ),
- "Content of file 0x%08lx", (unsigned long) uid );
- PSA_ASSERT( psa_its_set_wrap( uid, sizeof( stored ), stored, 0 ) );
+ memset(stored, '.', sizeof(stored));
+ for (uid = uid0; uid < uid0 + count; uid++) {
+ mbedtls_snprintf(stored, sizeof(stored),
+ "Content of file 0x%08lx", (unsigned long) uid);
+ PSA_ASSERT(psa_its_set_wrap(uid, sizeof(stored), stored, 0));
}
- for( uid = uid0; uid < uid0 + count; uid++ )
- {
- mbedtls_snprintf( stored, sizeof( stored ),
- "Content of file 0x%08lx", (unsigned long) uid );
- PSA_ASSERT( psa_its_get( uid, 0, sizeof( stored ), retrieved, &ret_len ) );
- ASSERT_COMPARE( retrieved, ret_len,
- stored, sizeof( stored ) );
- PSA_ASSERT( psa_its_remove( uid ) );
- TEST_ASSERT( psa_its_get( uid, 0, 0, NULL, NULL ) ==
- PSA_ERROR_DOES_NOT_EXIST );
+ for (uid = uid0; uid < uid0 + count; uid++) {
+ mbedtls_snprintf(stored, sizeof(stored),
+ "Content of file 0x%08lx", (unsigned long) uid);
+ PSA_ASSERT(psa_its_get(uid, 0, sizeof(stored), retrieved, &ret_len));
+ ASSERT_COMPARE(retrieved, ret_len,
+ stored, sizeof(stored));
+ PSA_ASSERT(psa_its_remove(uid));
+ TEST_ASSERT(psa_its_get(uid, 0, 0, NULL, NULL) ==
+ PSA_ERROR_DOES_NOT_EXIST);
}
exit:
- cleanup( );
+ cleanup();
}
/* END_CASE */
/* BEGIN_CASE */
-void nonexistent( int uid_arg, int create_and_remove )
+void nonexistent(int uid_arg, int create_and_remove)
{
psa_storage_uid_t uid = uid_arg;
struct psa_storage_info_t info;
- if( create_and_remove )
- {
- PSA_ASSERT( psa_its_set_wrap( uid, 0, NULL, 0 ) );
- PSA_ASSERT( psa_its_remove( uid ) );
+ if (create_and_remove) {
+ PSA_ASSERT(psa_its_set_wrap(uid, 0, NULL, 0));
+ PSA_ASSERT(psa_its_remove(uid));
}
- TEST_ASSERT( psa_its_remove( uid ) == PSA_ERROR_DOES_NOT_EXIST );
- TEST_ASSERT( psa_its_get_info( uid, &info ) ==
- PSA_ERROR_DOES_NOT_EXIST );
- TEST_ASSERT( psa_its_get( uid, 0, 0, NULL, NULL ) ==
- PSA_ERROR_DOES_NOT_EXIST );
+ TEST_ASSERT(psa_its_remove(uid) == PSA_ERROR_DOES_NOT_EXIST);
+ TEST_ASSERT(psa_its_get_info(uid, &info) ==
+ PSA_ERROR_DOES_NOT_EXIST);
+ TEST_ASSERT(psa_its_get(uid, 0, 0, NULL, NULL) ==
+ PSA_ERROR_DOES_NOT_EXIST);
exit:
- cleanup( );
+ cleanup();
}
/* END_CASE */
/* BEGIN_CASE */
-void get_at( int uid_arg, data_t *data,
- int offset, int length_arg,
- int expected_status )
+void get_at(int uid_arg, data_t *data,
+ int offset, int length_arg,
+ int expected_status)
{
psa_storage_uid_t uid = uid_arg;
unsigned char *buffer = NULL;
@@ -217,31 +214,33 @@
size_t i;
size_t ret_len = 0;
- ASSERT_ALLOC( buffer, length + 16 );
+ ASSERT_ALLOC(buffer, length + 16);
trailer = buffer + length;
- memset( trailer, '-', 16 );
+ memset(trailer, '-', 16);
- PSA_ASSERT( psa_its_set_wrap( uid, data->len, data->x, 0 ) );
+ PSA_ASSERT(psa_its_set_wrap(uid, data->len, data->x, 0));
- status = psa_its_get( uid, offset, length_arg, buffer, &ret_len );
- TEST_ASSERT( status == (psa_status_t) expected_status );
- if( status == PSA_SUCCESS )
- ASSERT_COMPARE( data->x + offset, (size_t) length_arg,
- buffer, ret_len );
- for( i = 0; i < 16; i++ )
- TEST_ASSERT( trailer[i] == '-' );
- PSA_ASSERT( psa_its_remove( uid ) );
+ status = psa_its_get(uid, offset, length_arg, buffer, &ret_len);
+ TEST_ASSERT(status == (psa_status_t) expected_status);
+ if (status == PSA_SUCCESS) {
+ ASSERT_COMPARE(data->x + offset, (size_t) length_arg,
+ buffer, ret_len);
+ }
+ for (i = 0; i < 16; i++) {
+ TEST_ASSERT(trailer[i] == '-');
+ }
+ PSA_ASSERT(psa_its_remove(uid));
exit:
- mbedtls_free( buffer );
- cleanup( );
+ mbedtls_free(buffer);
+ cleanup();
}
/* END_CASE */
/* BEGIN_CASE */
-void get_fail( int uid_arg, data_t *data,
- int overwrite_magic, int cut_header,
- int expected_status )
+void get_fail(int uid_arg, data_t *data,
+ int overwrite_magic, int cut_header,
+ int expected_status)
{
psa_storage_uid_t uid = uid_arg;
unsigned char *buffer = NULL;
@@ -252,54 +251,53 @@
FILE *stream = NULL;
char bad_char = 'X';
- PSA_ASSERT( psa_its_set_wrap( uid, data->len, data->x, 0 ) );
+ PSA_ASSERT(psa_its_set_wrap(uid, data->len, data->x, 0));
- psa_its_fill_filename( uid, filename );
- stream = fopen( filename, "rb+" );
- TEST_ASSERT( NULL != stream );
- if( 0 != overwrite_magic )
- {
+ psa_its_fill_filename(uid, filename);
+ stream = fopen(filename, "rb+");
+ TEST_ASSERT(NULL != stream);
+ if (0 != overwrite_magic) {
/* Overwrite the 1st byte of the file, the ITS magic number */
- TEST_ASSERT( fseek( stream, 0, SEEK_SET ) == 0 );
- n = fwrite( &bad_char, 1, 1, stream );
- TEST_ASSERT( 1 == n );
+ TEST_ASSERT(fseek(stream, 0, SEEK_SET) == 0);
+ n = fwrite(&bad_char, 1, 1, stream);
+ TEST_ASSERT(1 == n);
}
- if( 0 != cut_header )
- {
+ if (0 != cut_header) {
/* Reopen file and truncate it to 0 byte by specifying the 'w' flag */
- stream = freopen( filename, "wb", stream );
- TEST_ASSERT( NULL != stream );
+ stream = freopen(filename, "wb", stream);
+ TEST_ASSERT(NULL != stream);
}
- fclose( stream );
+ fclose(stream);
stream = NULL;
- status = psa_its_get( uid, 0, 0, buffer, &ret_len );
- TEST_ASSERT( status == (psa_status_t) expected_status );
- TEST_ASSERT( 0 == ret_len );
- PSA_ASSERT( psa_its_remove( uid ) );
+ status = psa_its_get(uid, 0, 0, buffer, &ret_len);
+ TEST_ASSERT(status == (psa_status_t) expected_status);
+ TEST_ASSERT(0 == ret_len);
+ PSA_ASSERT(psa_its_remove(uid));
/* Check if the file is really deleted. */
- stream = fopen( filename, "rb" );
- TEST_ASSERT( NULL == stream );
+ stream = fopen(filename, "rb");
+ TEST_ASSERT(NULL == stream);
exit:
- if( stream != NULL )
- fclose( stream );
+ if (stream != NULL) {
+ fclose(stream);
+ }
- mbedtls_free( buffer );
- cleanup( );
+ mbedtls_free(buffer);
+ cleanup();
}
/* END_CASE */
/* BEGIN_CASE */
-void set_fail( int uid_arg, data_t *data,
- int expected_status )
+void set_fail(int uid_arg, data_t *data,
+ int expected_status)
{
psa_storage_uid_t uid = uid_arg;
- TEST_ASSERT( psa_its_set_wrap( uid, data->len, data->x, 0 ) ==
- (psa_status_t) expected_status );
+ TEST_ASSERT(psa_its_set_wrap(uid, data->len, data->x, 0) ==
+ (psa_status_t) expected_status);
- exit:
- cleanup( );
+exit:
+ cleanup();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_random.function b/tests/suites/test_suite_random.function
index 37fa36e..0f0c7fa 100644
--- a/tests/suites/test_suite_random.function
+++ b/tests/suites/test_suite_random.function
@@ -19,7 +19,7 @@
/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:MBEDTLS_CTR_DRBG_C */
-void random_twice_with_ctr_drbg( )
+void random_twice_with_ctr_drbg()
{
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context drbg;
@@ -27,176 +27,176 @@
unsigned char output2[OUTPUT_SIZE];
/* First round */
- mbedtls_entropy_init( &entropy );
- mbedtls_ctr_drbg_init( &drbg );
- TEST_EQUAL( 0, mbedtls_ctr_drbg_seed( &drbg,
- mbedtls_entropy_func, &entropy,
- NULL, 0 ) );
- TEST_EQUAL( 0, mbedtls_ctr_drbg_random( &drbg,
- output1, sizeof( output1 ) ) );
- mbedtls_ctr_drbg_free( &drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_entropy_init(&entropy);
+ mbedtls_ctr_drbg_init(&drbg);
+ TEST_EQUAL(0, mbedtls_ctr_drbg_seed(&drbg,
+ mbedtls_entropy_func, &entropy,
+ NULL, 0));
+ TEST_EQUAL(0, mbedtls_ctr_drbg_random(&drbg,
+ output1, sizeof(output1)));
+ mbedtls_ctr_drbg_free(&drbg);
+ mbedtls_entropy_free(&entropy);
/* Second round */
- mbedtls_entropy_init( &entropy );
- mbedtls_ctr_drbg_init( &drbg );
- TEST_EQUAL( 0, mbedtls_ctr_drbg_seed( &drbg,
- mbedtls_entropy_func, &entropy,
- NULL, 0 ) );
- TEST_EQUAL( 0, mbedtls_ctr_drbg_random( &drbg,
- output2, sizeof( output2 ) ) );
- mbedtls_ctr_drbg_free( &drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_entropy_init(&entropy);
+ mbedtls_ctr_drbg_init(&drbg);
+ TEST_EQUAL(0, mbedtls_ctr_drbg_seed(&drbg,
+ mbedtls_entropy_func, &entropy,
+ NULL, 0));
+ TEST_EQUAL(0, mbedtls_ctr_drbg_random(&drbg,
+ output2, sizeof(output2)));
+ mbedtls_ctr_drbg_free(&drbg);
+ mbedtls_entropy_free(&entropy);
/* The two rounds must generate different random data. */
- TEST_ASSERT( memcmp( output1, output2, OUTPUT_SIZE ) != 0 );
+ TEST_ASSERT(memcmp(output1, output2, OUTPUT_SIZE) != 0);
exit:
- mbedtls_ctr_drbg_free( &drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_ctr_drbg_free(&drbg);
+ mbedtls_entropy_free(&entropy);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:MBEDTLS_HMAC_DRBG_C */
-void random_twice_with_hmac_drbg( int md_type )
+void random_twice_with_hmac_drbg(int md_type)
{
mbedtls_entropy_context entropy;
mbedtls_hmac_drbg_context drbg;
unsigned char output1[OUTPUT_SIZE];
unsigned char output2[OUTPUT_SIZE];
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type );
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
/* First round */
- mbedtls_entropy_init( &entropy );
- mbedtls_hmac_drbg_init( &drbg );
- TEST_EQUAL( 0, mbedtls_hmac_drbg_seed( &drbg, md_info,
- mbedtls_entropy_func, &entropy,
- NULL, 0 ) );
- TEST_EQUAL( 0, mbedtls_hmac_drbg_random( &drbg,
- output1, sizeof( output1 ) ) );
- mbedtls_hmac_drbg_free( &drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_entropy_init(&entropy);
+ mbedtls_hmac_drbg_init(&drbg);
+ TEST_EQUAL(0, mbedtls_hmac_drbg_seed(&drbg, md_info,
+ mbedtls_entropy_func, &entropy,
+ NULL, 0));
+ TEST_EQUAL(0, mbedtls_hmac_drbg_random(&drbg,
+ output1, sizeof(output1)));
+ mbedtls_hmac_drbg_free(&drbg);
+ mbedtls_entropy_free(&entropy);
/* Second round */
- mbedtls_entropy_init( &entropy );
- mbedtls_hmac_drbg_init( &drbg );
- TEST_EQUAL( 0, mbedtls_hmac_drbg_seed( &drbg, md_info,
- mbedtls_entropy_func, &entropy,
- NULL, 0 ) );
- TEST_EQUAL( 0, mbedtls_hmac_drbg_random( &drbg,
- output2, sizeof( output2 ) ) );
- mbedtls_hmac_drbg_free( &drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_entropy_init(&entropy);
+ mbedtls_hmac_drbg_init(&drbg);
+ TEST_EQUAL(0, mbedtls_hmac_drbg_seed(&drbg, md_info,
+ mbedtls_entropy_func, &entropy,
+ NULL, 0));
+ TEST_EQUAL(0, mbedtls_hmac_drbg_random(&drbg,
+ output2, sizeof(output2)));
+ mbedtls_hmac_drbg_free(&drbg);
+ mbedtls_entropy_free(&entropy);
/* The two rounds must generate different random data. */
- TEST_ASSERT( memcmp( output1, output2, OUTPUT_SIZE ) != 0 );
+ TEST_ASSERT(memcmp(output1, output2, OUTPUT_SIZE) != 0);
exit:
- mbedtls_hmac_drbg_free( &drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_hmac_drbg_free(&drbg);
+ mbedtls_entropy_free(&entropy);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-void random_twice_with_psa_from_classic( )
+void random_twice_with_psa_from_classic()
{
unsigned char output1[OUTPUT_SIZE];
unsigned char output2[OUTPUT_SIZE];
/* First round */
- PSA_ASSERT( psa_crypto_init( ) );
- TEST_EQUAL( 0, mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE,
- output1, sizeof( output1 ) ) );
- PSA_DONE( );
+ PSA_ASSERT(psa_crypto_init());
+ TEST_EQUAL(0, mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
+ output1, sizeof(output1)));
+ PSA_DONE();
/* Second round */
- PSA_ASSERT( psa_crypto_init( ) );
- TEST_EQUAL( 0, mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE,
- output2, sizeof( output2 ) ) );
- PSA_DONE( );
+ PSA_ASSERT(psa_crypto_init());
+ TEST_EQUAL(0, mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
+ output2, sizeof(output2)));
+ PSA_DONE();
/* The two rounds must generate different random data. */
- TEST_ASSERT( memcmp( output1, output2, OUTPUT_SIZE ) != 0 );
+ TEST_ASSERT(memcmp(output1, output2, OUTPUT_SIZE) != 0);
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-void random_twice_with_psa_from_psa( )
+void random_twice_with_psa_from_psa()
{
unsigned char output1[OUTPUT_SIZE];
unsigned char output2[OUTPUT_SIZE];
/* First round */
- PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_generate_random( output1, sizeof( output1 ) ) );
- PSA_DONE( );
+ PSA_ASSERT(psa_crypto_init());
+ PSA_ASSERT(psa_generate_random(output1, sizeof(output1)));
+ PSA_DONE();
/* Second round */
- PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_generate_random( output2, sizeof( output2 ) ) );
- PSA_DONE( );
+ PSA_ASSERT(psa_crypto_init());
+ PSA_ASSERT(psa_generate_random(output2, sizeof(output2)));
+ PSA_DONE();
/* The two rounds must generate different random data. */
- TEST_ASSERT( memcmp( output1, output2, OUTPUT_SIZE ) != 0 );
+ TEST_ASSERT(memcmp(output1, output2, OUTPUT_SIZE) != 0);
exit:
- PSA_DONE( );
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
-void mbedtls_psa_get_random_no_init( )
+void mbedtls_psa_get_random_no_init()
{
unsigned char output[1];
- TEST_ASSERT( mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE,
- output, sizeof( output ) ) != 0 );
+ TEST_ASSERT(mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
+ output, sizeof(output)) != 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
-void mbedtls_psa_get_random_length( int n )
+void mbedtls_psa_get_random_length(int n)
{
unsigned char *output = NULL;
- PSA_ASSERT( psa_crypto_init( ) );
- ASSERT_ALLOC( output, n );
+ PSA_ASSERT(psa_crypto_init());
+ ASSERT_ALLOC(output, n);
- TEST_EQUAL( 0, mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE,
- output, n ) );
+ TEST_EQUAL(0, mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
+ output, n));
exit:
- mbedtls_free( output );
- PSA_DONE( );
+ mbedtls_free(output);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_ECDSA_C */
-void mbedtls_psa_get_random_ecdsa_sign( int curve )
+void mbedtls_psa_get_random_ecdsa_sign(int curve)
{
mbedtls_ecp_group grp;
mbedtls_mpi d, r, s;
unsigned char buf[] = "This is not a hash.";
- mbedtls_ecp_group_init( &grp );
- mbedtls_mpi_init( &d );
- mbedtls_mpi_init( &r );
- mbedtls_mpi_init( &s );
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_mpi_init(&d);
+ mbedtls_mpi_init(&r);
+ mbedtls_mpi_init(&s);
- TEST_EQUAL( 0, mbedtls_mpi_lset( &d, 123456789 ) );
- TEST_EQUAL( 0, mbedtls_ecp_group_load( &grp, curve ) );
- PSA_ASSERT( psa_crypto_init( ) );
- TEST_EQUAL( 0, mbedtls_ecdsa_sign( &grp, &r, &s, &d,
- buf, sizeof( buf ),
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE ) );
+ TEST_EQUAL(0, mbedtls_mpi_lset(&d, 123456789));
+ TEST_EQUAL(0, mbedtls_ecp_group_load(&grp, curve));
+ PSA_ASSERT(psa_crypto_init());
+ TEST_EQUAL(0, mbedtls_ecdsa_sign(&grp, &r, &s, &d,
+ buf, sizeof(buf),
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE));
exit:
- mbedtls_mpi_free( &d );
- mbedtls_mpi_free( &r );
- mbedtls_mpi_free( &s );
- mbedtls_ecp_group_free( &grp );
- PSA_DONE( );
+ mbedtls_mpi_free(&d);
+ mbedtls_mpi_free(&r);
+ mbedtls_mpi_free(&s);
+ mbedtls_ecp_group_free(&grp);
+ PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 3c0e35f..fa7fa95 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -18,7 +18,7 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void rsa_invalid_param( )
+void rsa_invalid_param()
{
mbedtls_rsa_context ctx;
const int valid_padding = MBEDTLS_RSA_PKCS_V21;
@@ -28,460 +28,460 @@
unsigned char buf[42] = { 0 };
size_t olen;
- TEST_INVALID_PARAM( mbedtls_rsa_init( NULL, valid_padding, 0 ) );
- TEST_INVALID_PARAM( mbedtls_rsa_init( &ctx, invalid_padding, 0 ) );
- TEST_VALID_PARAM( mbedtls_rsa_free( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_rsa_init(NULL, valid_padding, 0));
+ TEST_INVALID_PARAM(mbedtls_rsa_init(&ctx, invalid_padding, 0));
+ TEST_VALID_PARAM(mbedtls_rsa_free(NULL));
/* No more variants because only the first argument must be non-NULL. */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_import( NULL, NULL, NULL,
- NULL, NULL, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_import_raw( NULL,
- NULL, 0,
- NULL, 0,
- NULL, 0,
- NULL, 0,
- NULL, 0 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_import(NULL, NULL, NULL,
+ NULL, NULL, NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_import_raw(NULL,
+ NULL, 0,
+ NULL, 0,
+ NULL, 0,
+ NULL, 0,
+ NULL, 0));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_complete( NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_complete(NULL));
/* No more variants because only the first argument must be non-NULL. */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_export( NULL, NULL, NULL,
- NULL, NULL, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_export_raw( NULL,
- NULL, 0,
- NULL, 0,
- NULL, 0,
- NULL, 0,
- NULL, 0 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_export_crt( NULL, NULL, NULL, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_export(NULL, NULL, NULL,
+ NULL, NULL, NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_export_raw(NULL,
+ NULL, 0,
+ NULL, 0,
+ NULL, 0,
+ NULL, 0,
+ NULL, 0));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_export_crt(NULL, NULL, NULL, NULL));
- TEST_INVALID_PARAM( mbedtls_rsa_set_padding( NULL,
- valid_padding, 0 ) );
- TEST_INVALID_PARAM( mbedtls_rsa_set_padding( &ctx,
- invalid_padding, 0 ) );
+ TEST_INVALID_PARAM(mbedtls_rsa_set_padding(NULL,
+ valid_padding, 0));
+ TEST_INVALID_PARAM(mbedtls_rsa_set_padding(&ctx,
+ invalid_padding, 0));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_gen_key( NULL,
- mbedtls_test_rnd_std_rand,
- NULL, 0, 0 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_gen_key( &ctx, NULL,
- NULL, 0, 0 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_gen_key(NULL,
+ mbedtls_test_rnd_std_rand,
+ NULL, 0, 0));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_gen_key(&ctx, NULL,
+ NULL, 0, 0));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_check_pubkey( NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_check_privkey( NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_check_pubkey(NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_check_privkey(NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_check_pub_priv( NULL, &ctx ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_check_pub_priv( &ctx, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_check_pub_priv(NULL, &ctx));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_check_pub_priv(&ctx, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_public( NULL, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_public( &ctx, NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_public( &ctx, buf, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_public(NULL, buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_public(&ctx, NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_public(&ctx, buf, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_private( NULL, NULL, NULL,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_private( &ctx, NULL, NULL,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_private( &ctx, NULL, NULL,
- buf, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_private(NULL, NULL, NULL,
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_private(&ctx, NULL, NULL,
+ NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_private(&ctx, NULL, NULL,
+ buf, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL,
- valid_mode,
- sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
- invalid_mode,
- sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
- valid_mode,
- sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
- valid_mode,
- sizeof( buf ), buf,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_encrypt(NULL, NULL, NULL,
+ valid_mode,
+ sizeof(buf), buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_encrypt(&ctx, NULL, NULL,
+ invalid_mode,
+ sizeof(buf), buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_encrypt(&ctx, NULL, NULL,
+ valid_mode,
+ sizeof(buf), NULL,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_encrypt(&ctx, NULL, NULL,
+ valid_mode,
+ sizeof(buf), buf,
+ NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL,
- NULL,
- valid_mode,
- sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
- NULL,
- invalid_mode,
- sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
- NULL,
- valid_mode,
- sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
- NULL,
- valid_mode,
- sizeof( buf ), buf,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_encrypt(NULL, NULL,
+ NULL,
+ valid_mode,
+ sizeof(buf), buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_encrypt(&ctx, NULL,
+ NULL,
+ invalid_mode,
+ sizeof(buf), buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_encrypt(&ctx, NULL,
+ NULL,
+ valid_mode,
+ sizeof(buf), NULL,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_encrypt(&ctx, NULL,
+ NULL,
+ valid_mode,
+ sizeof(buf), buf,
+ NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL,
- valid_mode,
- buf, sizeof( buf ),
- sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
- invalid_mode,
- buf, sizeof( buf ),
- sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
- valid_mode,
- NULL, sizeof( buf ),
- sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
- valid_mode,
- buf, sizeof( buf ),
- sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
- valid_mode,
- buf, sizeof( buf ),
- sizeof( buf ), buf,
- NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_encrypt(NULL, NULL, NULL,
+ valid_mode,
+ buf, sizeof(buf),
+ sizeof(buf), buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_encrypt(&ctx, NULL, NULL,
+ invalid_mode,
+ buf, sizeof(buf),
+ sizeof(buf), buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_encrypt(&ctx, NULL, NULL,
+ valid_mode,
+ NULL, sizeof(buf),
+ sizeof(buf), buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_encrypt(&ctx, NULL, NULL,
+ valid_mode,
+ buf, sizeof(buf),
+ sizeof(buf), NULL,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_encrypt(&ctx, NULL, NULL,
+ valid_mode,
+ buf, sizeof(buf),
+ sizeof(buf), buf,
+ NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_decrypt( NULL, NULL, NULL,
- valid_mode, &olen,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
- invalid_mode, &olen,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
- valid_mode, NULL,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
- valid_mode, &olen,
- NULL, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
- valid_mode, &olen,
- buf, NULL, 42 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_decrypt(NULL, NULL, NULL,
+ valid_mode, &olen,
+ buf, buf, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_decrypt(&ctx, NULL, NULL,
+ invalid_mode, &olen,
+ buf, buf, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_decrypt(&ctx, NULL, NULL,
+ valid_mode, NULL,
+ buf, buf, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_decrypt(&ctx, NULL, NULL,
+ valid_mode, &olen,
+ NULL, buf, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_decrypt(&ctx, NULL, NULL,
+ valid_mode, &olen,
+ buf, NULL, 42));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt( NULL, NULL,
- NULL,
- valid_mode, &olen,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
- NULL,
- invalid_mode, &olen,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
- NULL,
- valid_mode, NULL,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
- NULL,
- valid_mode, &olen,
- NULL, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
- NULL,
- valid_mode, &olen,
- buf, NULL, 42 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_decrypt(NULL, NULL,
+ NULL,
+ valid_mode, &olen,
+ buf, buf, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_decrypt(&ctx, NULL,
+ NULL,
+ invalid_mode, &olen,
+ buf, buf, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_decrypt(&ctx, NULL,
+ NULL,
+ valid_mode, NULL,
+ buf, buf, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_decrypt(&ctx, NULL,
+ NULL,
+ valid_mode, &olen,
+ NULL, buf, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_decrypt(&ctx, NULL,
+ NULL,
+ valid_mode, &olen,
+ buf, NULL, 42));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_decrypt( NULL, NULL, NULL,
- valid_mode,
- buf, sizeof( buf ),
- &olen,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
- invalid_mode,
- buf, sizeof( buf ),
- &olen,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
- valid_mode,
- NULL, sizeof( buf ),
- NULL,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
- valid_mode,
- buf, sizeof( buf ),
- &olen,
- NULL, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
- valid_mode,
- buf, sizeof( buf ),
- &olen,
- buf, NULL, 42 ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_decrypt(NULL, NULL, NULL,
+ valid_mode,
+ buf, sizeof(buf),
+ &olen,
+ buf, buf, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_decrypt(&ctx, NULL, NULL,
+ invalid_mode,
+ buf, sizeof(buf),
+ &olen,
+ buf, buf, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_decrypt(&ctx, NULL, NULL,
+ valid_mode,
+ NULL, sizeof(buf),
+ NULL,
+ buf, buf, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_decrypt(&ctx, NULL, NULL,
+ valid_mode,
+ buf, sizeof(buf),
+ &olen,
+ NULL, buf, 42));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_decrypt(&ctx, NULL, NULL,
+ valid_mode,
+ buf, sizeof(buf),
+ &olen,
+ buf, NULL, 42));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL,
- valid_mode,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
- invalid_mode,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
- valid_mode,
- 0, sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
- valid_mode,
- 0, sizeof( buf ), buf,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
- valid_mode,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- buf ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_sign(NULL, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf), buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_sign(&ctx, NULL, NULL,
+ invalid_mode,
+ 0, sizeof(buf), buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_sign(&ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf), NULL,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_sign(&ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf), buf,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_sign(&ctx, NULL, NULL,
+ valid_mode,
+ MBEDTLS_MD_SHA1,
+ 0, NULL,
+ buf));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL,
- valid_mode,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
- invalid_mode,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
- valid_mode,
- 0, sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
- valid_mode,
- 0, sizeof( buf ), buf,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
- valid_mode,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL,
- valid_mode,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
- invalid_mode,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
- valid_mode,
- 0, sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
- valid_mode,
- 0, sizeof( buf ), buf,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
- valid_mode,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign_ext( NULL, NULL, NULL,
- 0, sizeof( buf ), buf,
- MBEDTLS_RSA_SALT_LEN_ANY,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL,
- 0, sizeof( buf ), NULL,
- MBEDTLS_RSA_SALT_LEN_ANY,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL,
- 0, sizeof( buf ), buf,
- MBEDTLS_RSA_SALT_LEN_ANY,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL,
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_sign(NULL, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf), buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, NULL,
+ invalid_mode,
+ 0, sizeof(buf), buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf), NULL,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf), buf,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, NULL,
+ valid_mode,
MBEDTLS_MD_SHA1,
0, NULL,
- MBEDTLS_RSA_SALT_LEN_ANY,
- buf ) );
+ buf));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL,
- valid_mode,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
- invalid_mode,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
- valid_mode,
- 0, sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
- valid_mode,
- 0, sizeof( buf ), buf,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
- valid_mode,
- MBEDTLS_MD_SHA1, 0, NULL,
- buf ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign(NULL, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf), buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign(&ctx, NULL, NULL,
+ invalid_mode,
+ 0, sizeof(buf), buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign(&ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf), NULL,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign(&ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf), buf,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign(&ctx, NULL, NULL,
+ valid_mode,
+ MBEDTLS_MD_SHA1,
+ 0, NULL,
+ buf));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL,
- NULL,
- valid_mode,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
- NULL,
- invalid_mode,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
- NULL,
- valid_mode,
- 0, sizeof( buf ),
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
- NULL,
- valid_mode,
- 0, sizeof( buf ), buf,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
- NULL,
- valid_mode,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL,
- valid_mode,
- 0, sizeof( buf ),
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
- invalid_mode,
- 0, sizeof( buf ),
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
- valid_mode,
- 0, sizeof( buf ),
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
- valid_mode,
- 0, sizeof( buf ),
- buf, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
- valid_mode,
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign_ext(NULL, NULL, NULL,
+ 0, sizeof(buf), buf,
+ MBEDTLS_RSA_SALT_LEN_ANY,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL,
+ 0, sizeof(buf), NULL,
+ MBEDTLS_RSA_SALT_LEN_ANY,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL,
+ 0, sizeof(buf), buf,
+ MBEDTLS_RSA_SALT_LEN_ANY,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL,
MBEDTLS_MD_SHA1,
0, NULL,
- buf ) );
+ MBEDTLS_RSA_SALT_LEN_ANY,
+ buf));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL,
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_verify(NULL, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf), buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL,
+ invalid_mode,
+ 0, sizeof(buf), buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf), NULL,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf), buf,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL,
+ valid_mode,
+ MBEDTLS_MD_SHA1, 0, NULL,
+ buf));
+
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_verify(NULL, NULL,
+ NULL,
valid_mode,
- 0, sizeof( buf ),
- buf,
- 0, 0,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
+ 0, sizeof(buf), buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, NULL,
+ NULL,
invalid_mode,
- 0, sizeof( buf ),
- buf,
- 0, 0,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
+ 0, sizeof(buf), buf,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, NULL,
+ NULL,
valid_mode,
- 0, sizeof( buf ),
- NULL, 0, 0,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
+ 0, sizeof(buf),
+ NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, NULL,
+ NULL,
valid_mode,
- 0, sizeof( buf ),
- buf, 0, 0,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
+ 0, sizeof(buf), buf,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, NULL,
+ NULL,
valid_mode,
MBEDTLS_MD_SHA1,
0, NULL,
- 0, 0,
- buf ) );
+ buf));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_copy( NULL, &ctx ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_copy( &ctx, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify(NULL, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf),
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify(&ctx, NULL, NULL,
+ invalid_mode,
+ 0, sizeof(buf),
+ buf, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify(&ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf),
+ NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify(&ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf),
+ buf, NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify(&ctx, NULL, NULL,
+ valid_mode,
+ MBEDTLS_MD_SHA1,
+ 0, NULL,
+ buf));
+
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify_ext(NULL, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf),
+ buf,
+ 0, 0,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify_ext(&ctx, NULL, NULL,
+ invalid_mode,
+ 0, sizeof(buf),
+ buf,
+ 0, 0,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify_ext(&ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf),
+ NULL, 0, 0,
+ buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify_ext(&ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof(buf),
+ buf, 0, 0,
+ NULL));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify_ext(&ctx, NULL, NULL,
+ valid_mode,
+ MBEDTLS_MD_SHA1,
+ 0, NULL,
+ 0, 0,
+ buf));
+
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_copy(NULL, &ctx));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_copy(&ctx, NULL));
exit:
return;
@@ -489,7 +489,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void rsa_init_free( int reinit )
+void rsa_init_free(int reinit)
{
mbedtls_rsa_context ctx;
@@ -498,12 +498,13 @@
* unconditionally on an error path without checking whether it has
* already been called in the success path. */
- mbedtls_rsa_init( &ctx, 0, 0 );
- mbedtls_rsa_free( &ctx );
+ mbedtls_rsa_init(&ctx, 0, 0);
+ mbedtls_rsa_free(&ctx);
- if( reinit )
- mbedtls_rsa_init( &ctx, 0, 0 );
- mbedtls_rsa_free( &ctx );
+ if (reinit) {
+ mbedtls_rsa_init(&ctx, 0, 0);
+ }
+ mbedtls_rsa_free(&ctx);
/* This test case always succeeds, functionally speaking. A plausible
* bug might trigger an invalid pointer dereference or a memory leak. */
@@ -512,10 +513,10 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode,
- int digest, int mod, char * input_P,
- char * input_Q, char * input_N, char * input_E,
- data_t * result_str, int result )
+void mbedtls_rsa_pkcs1_sign(data_t *message_str, int padding_mode,
+ int digest, int mod, char *input_P,
+ char *input_Q, char *input_N, char *input_E,
+ data_t *result_str, int result)
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
unsigned char output[256];
@@ -523,303 +524,304 @@
mbedtls_mpi N, P, Q, E;
mbedtls_test_rnd_pseudo_info rnd_info;
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
- mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
+ mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
+ mbedtls_rsa_init(&ctx, padding_mode, 0);
- memset( hash_result, 0x00, sizeof( hash_result ) );
- memset( output, 0x00, sizeof( output ) );
- memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ memset(hash_result, 0x00, sizeof(hash_result));
+ memset(output, 0x00, sizeof(output));
+ memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
- TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
- TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
- TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+ TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
+ TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
+ if (mbedtls_md_info_from_type(digest) != NULL) {
+ TEST_ASSERT(mbedtls_md(mbedtls_md_info_from_type(digest), message_str->x, message_str->len,
+ hash_result) == 0);
+ }
- TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
- &rnd_info, MBEDTLS_RSA_PRIVATE, digest,
- 0, hash_result, output ) == result );
- if( result == 0 )
- {
+ TEST_ASSERT(mbedtls_rsa_pkcs1_sign(&ctx, &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, MBEDTLS_RSA_PRIVATE, digest,
+ 0, hash_result, output) == result);
+ if (result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
- ctx.len, result_str->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
+ ctx.len, result_str->len) == 0);
}
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
- mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
- mbedtls_rsa_free( &ctx );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
+ mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode,
- int digest, int mod,
- char * input_N, char * input_E,
- data_t * result_str, int result )
+void mbedtls_rsa_pkcs1_verify(data_t *message_str, int padding_mode,
+ int digest, int mod,
+ char *input_N, char *input_E,
+ data_t *result_str, int result)
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
mbedtls_rsa_context ctx;
mbedtls_mpi N, E;
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
- memset( hash_result, 0x00, sizeof( hash_result ) );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
+ mbedtls_rsa_init(&ctx, padding_mode, 0);
+ memset(hash_result, 0x00, sizeof(hash_result));
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
- TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+ TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
+ if (mbedtls_md_info_from_type(digest) != NULL) {
+ TEST_ASSERT(mbedtls_md(mbedtls_md_info_from_type(digest), message_str->x, message_str->len,
+ hash_result) == 0);
+ }
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
+ TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0,
+ hash_result, result_str->x) == result);
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
- mbedtls_rsa_free( &ctx );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void rsa_pkcs1_sign_raw( data_t * hash_result,
- int padding_mode, int mod,
- char * input_P, char * input_Q,
- char * input_N, char * input_E,
- data_t * result_str )
+void rsa_pkcs1_sign_raw(data_t *hash_result,
+ int padding_mode, int mod,
+ char *input_P, char *input_Q,
+ char *input_N, char *input_E,
+ data_t *result_str)
{
unsigned char output[256];
mbedtls_rsa_context ctx;
mbedtls_mpi N, P, Q, E;
mbedtls_test_rnd_pseudo_info rnd_info;
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
- mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
+ mbedtls_rsa_init(&ctx, padding_mode, 0);
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
+ mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
- memset( output, 0x00, sizeof( output ) );
- memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ memset(output, 0x00, sizeof(output));
+ memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
- TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
- TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
- TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+ TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
+ TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
- TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
- &rnd_info, MBEDTLS_RSA_PRIVATE,
- MBEDTLS_MD_NONE, hash_result->len,
- hash_result->x, output ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_pkcs1_sign(&ctx, &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, MBEDTLS_RSA_PRIVATE,
+ MBEDTLS_MD_NONE, hash_result->len,
+ hash_result->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
- ctx.len, result_str->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
+ ctx.len, result_str->len) == 0);
#if defined(MBEDTLS_PKCS1_V15)
/* For PKCS#1 v1.5, there is an alternative way to generate signatures */
- if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
- {
+ if (padding_mode == MBEDTLS_RSA_PKCS_V15) {
int res;
- memset( output, 0x00, sizeof( output) );
+ memset(output, 0x00, sizeof(output));
- res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
- &mbedtls_test_rnd_pseudo_rand, &rnd_info,
- MBEDTLS_RSA_PRIVATE, hash_result->len,
- hash_result->x, output );
+ res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt(&ctx,
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info,
+ MBEDTLS_RSA_PRIVATE, hash_result->len,
+ hash_result->x, output);
#if !defined(MBEDTLS_RSA_ALT)
- TEST_ASSERT( res == 0 );
+ TEST_ASSERT(res == 0);
#else
- TEST_ASSERT( ( res == 0 ) ||
- ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
+ TEST_ASSERT((res == 0) ||
+ (res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION));
#endif
- if( res == 0 )
- {
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
- ctx.len,
- result_str->len ) == 0 );
+ if (res == 0) {
+ TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
+ ctx.len,
+ result_str->len) == 0);
}
}
#endif /* MBEDTLS_PKCS1_V15 */
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
- mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
+ mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
- mbedtls_rsa_free( &ctx );
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void rsa_pkcs1_verify_raw( data_t * hash_result,
- int padding_mode, int mod,
- char * input_N, char * input_E,
- data_t * result_str, int correct )
+void rsa_pkcs1_verify_raw(data_t *hash_result,
+ int padding_mode, int mod,
+ char *input_N, char *input_E,
+ data_t *result_str, int correct)
{
unsigned char output[256];
mbedtls_rsa_context ctx;
mbedtls_mpi N, E;
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
- memset( output, 0x00, sizeof( output ) );
+ mbedtls_rsa_init(&ctx, padding_mode, 0);
+ memset(output, 0x00, sizeof(output));
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
- TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+ TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
+ TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE,
+ hash_result->len, hash_result->x,
+ result_str->x) == correct);
#if defined(MBEDTLS_PKCS1_V15)
/* For PKCS#1 v1.5, there is an alternative way to verify signatures */
- if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
- {
+ if (padding_mode == MBEDTLS_RSA_PKCS_V15) {
int res;
int ok;
size_t olen;
- res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx,
- NULL, NULL, MBEDTLS_RSA_PUBLIC,
- &olen, result_str->x, output, sizeof( output ) );
+ res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt(&ctx,
+ NULL, NULL, MBEDTLS_RSA_PUBLIC,
+ &olen, result_str->x, output, sizeof(output));
#if !defined(MBEDTLS_RSA_ALT)
- TEST_ASSERT( res == 0 );
+ TEST_ASSERT(res == 0);
#else
- TEST_ASSERT( ( res == 0 ) ||
- ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
+ TEST_ASSERT((res == 0) ||
+ (res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION));
#endif
- if( res == 0 )
- {
- ok = olen == hash_result->len && memcmp( output, hash_result->x, olen ) == 0;
- if( correct == 0 )
- TEST_ASSERT( ok == 1 );
- else
- TEST_ASSERT( ok == 0 );
+ if (res == 0) {
+ ok = olen == hash_result->len && memcmp(output, hash_result->x, olen) == 0;
+ if (correct == 0) {
+ TEST_ASSERT(ok == 1);
+ } else {
+ TEST_ASSERT(ok == 0);
+ }
}
}
#endif /* MBEDTLS_PKCS1_V15 */
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
- mbedtls_rsa_free( &ctx );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode,
- int mod, char * input_N, char * input_E,
- data_t * result_str, int result )
+void mbedtls_rsa_pkcs1_encrypt(data_t *message_str, int padding_mode,
+ int mod, char *input_N, char *input_E,
+ data_t *result_str, int result)
{
unsigned char output[256];
mbedtls_rsa_context ctx;
mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_mpi N, E;
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
- memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
- memset( output, 0x00, sizeof( output ) );
+ mbedtls_rsa_init(&ctx, padding_mode, 0);
+ memset(output, 0x00, sizeof(output));
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
- TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+ TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
- TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info, MBEDTLS_RSA_PUBLIC,
- message_str->len, message_str->x,
- output ) == result );
- if( result == 0 )
- {
+ TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, MBEDTLS_RSA_PUBLIC,
+ message_str->len, message_str->x,
+ output) == result);
+ if (result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
- ctx.len, result_str->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
+ ctx.len, result_str->len) == 0);
}
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
- mbedtls_rsa_free( &ctx );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode,
- int mod, char * input_N, char * input_E,
- data_t * result_str, int result )
+void rsa_pkcs1_encrypt_bad_rng(data_t *message_str, int padding_mode,
+ int mod, char *input_N, char *input_E,
+ data_t *result_str, int result)
{
unsigned char output[256];
mbedtls_rsa_context ctx;
mbedtls_mpi N, E;
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
- memset( output, 0x00, sizeof( output ) );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
+ mbedtls_rsa_init(&ctx, padding_mode, 0);
+ memset(output, 0x00, sizeof(output));
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
- TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+ TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
- TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand,
- NULL, MBEDTLS_RSA_PUBLIC,
- message_str->len, message_str->x,
- output ) == result );
- if( result == 0 )
- {
+ TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, &mbedtls_test_rnd_zero_rand,
+ NULL, MBEDTLS_RSA_PUBLIC,
+ message_str->len, message_str->x,
+ output) == result);
+ if (result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
- ctx.len, result_str->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
+ ctx.len, result_str->len) == 0);
}
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
- mbedtls_rsa_free( &ctx );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode,
- int mod, char * input_P,
- char * input_Q, char * input_N,
- char * input_E, int max_output,
- data_t * result_str, int result )
+void mbedtls_rsa_pkcs1_decrypt(data_t *message_str, int padding_mode,
+ int mod, char *input_P,
+ char *input_Q, char *input_N,
+ char *input_E, int max_output,
+ data_t *result_str, int result)
{
unsigned char output[32];
mbedtls_rsa_context ctx;
@@ -827,107 +829,104 @@
mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_mpi N, P, Q, E;
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
- mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
+ mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init(&ctx, padding_mode, 0);
- memset( output, 0x00, sizeof( output ) );
- memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ memset(output, 0x00, sizeof(output));
+ memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
- TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
- TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
- TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+ TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
+ TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
output_len = 0;
- TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, mbedtls_test_rnd_pseudo_rand,
- &rnd_info, MBEDTLS_RSA_PRIVATE,
- &output_len, message_str->x, output,
- max_output ) == result );
- if( result == 0 )
- {
+ TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, MBEDTLS_RSA_PRIVATE,
+ &output_len, message_str->x, output,
+ max_output) == result);
+ if (result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
- output_len,
- result_str->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
+ output_len,
+ result_str->len) == 0);
}
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
- mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
- mbedtls_rsa_free( &ctx );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
+ mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_rsa_public( data_t * message_str, int mod,
- char * input_N, char * input_E,
- data_t * result_str, int result )
+void mbedtls_rsa_public(data_t *message_str, int mod,
+ char *input_N, char *input_E,
+ data_t *result_str, int result)
{
unsigned char output[256];
mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
mbedtls_mpi N, E;
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
- mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
- memset( output, 0x00, sizeof( output ) );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
+ mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, 0);
+ mbedtls_rsa_init(&ctx2, MBEDTLS_RSA_PKCS_V15, 0);
+ memset(output, 0x00, sizeof(output));
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
/* Check test data consistency */
- TEST_ASSERT( message_str->len == (size_t) ( mod / 8 ) );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
- TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
+ TEST_ASSERT(message_str->len == (size_t) (mod / 8));
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+ TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
- TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str->x, output ) == result );
- if( result == 0 )
- {
+ TEST_ASSERT(mbedtls_rsa_public(&ctx, message_str->x, output) == result);
+ if (result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
- ctx.len, result_str->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
+ ctx.len, result_str->len) == 0);
}
/* And now with the copy */
- TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0);
/* clear the original to be sure */
- mbedtls_rsa_free( &ctx );
+ mbedtls_rsa_free(&ctx);
- TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx2) == 0);
- memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str->x, output ) == result );
- if( result == 0 )
- {
+ memset(output, 0x00, sizeof(output));
+ TEST_ASSERT(mbedtls_rsa_public(&ctx2, message_str->x, output) == result);
+ if (result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
- ctx.len, result_str->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
+ ctx.len, result_str->len) == 0);
}
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
- mbedtls_rsa_free( &ctx );
- mbedtls_rsa_free( &ctx2 );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
+ mbedtls_rsa_free(&ctx);
+ mbedtls_rsa_free(&ctx2);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_rsa_private( data_t * message_str, int mod,
- char * input_P, char * input_Q,
- char * input_N, char * input_E,
- data_t * result_str, int result )
+void mbedtls_rsa_private(data_t *message_str, int mod,
+ char *input_P, char *input_Q,
+ char *input_N, char *input_E,
+ data_t *result_str, int result)
{
unsigned char output[256];
mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
@@ -935,149 +934,136 @@
mbedtls_test_rnd_pseudo_info rnd_info;
int i;
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
- mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
- mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
+ mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
+ mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, 0);
+ mbedtls_rsa_init(&ctx2, MBEDTLS_RSA_PKCS_V15, 0);
- memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
- TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
/* Check test data consistency */
- TEST_ASSERT( message_str->len == (size_t) ( mod / 8 ) );
- TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
- TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
- TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+ TEST_ASSERT(message_str->len == (size_t) (mod / 8));
+ TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+ TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
+ TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
/* repeat three times to test updating of blinding values */
- for( i = 0; i < 3; i++ )
- {
- memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_pseudo_rand,
- &rnd_info, message_str->x,
- output ) == result );
- if( result == 0 )
- {
+ for (i = 0; i < 3; i++) {
+ memset(output, 0x00, sizeof(output));
+ TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, message_str->x,
+ output) == result);
+ if (result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
- ctx.len,
- result_str->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
+ ctx.len,
+ result_str->len) == 0);
}
}
/* And now one more time with the copy */
- TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0);
/* clear the original to be sure */
- mbedtls_rsa_free( &ctx );
+ mbedtls_rsa_free(&ctx);
- TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx2) == 0);
- memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_rsa_private( &ctx2, mbedtls_test_rnd_pseudo_rand,
- &rnd_info, message_str->x,
- output ) == result );
- if( result == 0 )
- {
+ memset(output, 0x00, sizeof(output));
+ TEST_ASSERT(mbedtls_rsa_private(&ctx2, mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, message_str->x,
+ output) == result);
+ if (result == 0) {
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
- ctx2.len,
- result_str->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
+ ctx2.len,
+ result_str->len) == 0);
}
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
- mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
+ mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
- mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 );
+ mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx2);
}
/* END_CASE */
/* BEGIN_CASE */
-void rsa_check_privkey_null( )
+void rsa_check_privkey_null()
{
mbedtls_rsa_context ctx;
- memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) );
+ memset(&ctx, 0x00, sizeof(mbedtls_rsa_context));
- TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+ TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_rsa_check_pubkey( char * input_N, char * input_E, int result )
+void mbedtls_rsa_check_pubkey(char *input_N, char *input_E, int result)
{
mbedtls_rsa_context ctx;
mbedtls_mpi N, E;
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
+ mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, 0);
- if( strlen( input_N ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
+ if (strlen(input_N)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
}
- if( strlen( input_E ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
+ if (strlen(input_E)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
}
- TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
- TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
+ TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == result);
exit:
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
- mbedtls_rsa_free( &ctx );
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_rsa_check_privkey( int mod, char * input_P, char * input_Q,
- char * input_N, char * input_E, char * input_D,
- char * input_DP, char * input_DQ, char * input_QP,
- int result )
+void mbedtls_rsa_check_privkey(int mod, char *input_P, char *input_Q,
+ char *input_N, char *input_E, char *input_D,
+ char *input_DP, char *input_DQ, char *input_QP,
+ int result)
{
mbedtls_rsa_context ctx;
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, 0);
ctx.len = mod / 8;
- if( strlen( input_P ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &ctx.P, input_P ) == 0 );
+ if (strlen(input_P)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&ctx.P, input_P) == 0);
}
- if( strlen( input_Q ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &ctx.Q, input_Q ) == 0 );
+ if (strlen(input_Q)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&ctx.Q, input_Q) == 0);
}
- if( strlen( input_N ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &ctx.N, input_N ) == 0 );
+ if (strlen(input_N)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&ctx.N, input_N) == 0);
}
- if( strlen( input_E ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &ctx.E, input_E ) == 0 );
+ if (strlen(input_E)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&ctx.E, input_E) == 0);
}
- if( strlen( input_D ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &ctx.D, input_D ) == 0 );
+ if (strlen(input_D)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&ctx.D, input_D) == 0);
}
#if !defined(MBEDTLS_RSA_NO_CRT)
- if( strlen( input_DP ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &ctx.DP, input_DP ) == 0 );
+ if (strlen(input_DP)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DP, input_DP) == 0);
}
- if( strlen( input_DQ ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &ctx.DQ, input_DQ ) == 0 );
+ if (strlen(input_DQ)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DQ, input_DQ) == 0);
}
- if( strlen( input_QP ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &ctx.QP, input_QP ) == 0 );
+ if (strlen(input_QP)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&ctx.QP, input_QP) == 0);
}
#else
((void) input_DP);
@@ -1085,68 +1071,58 @@
((void) input_QP);
#endif
- TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result );
+ TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == result);
exit:
- mbedtls_rsa_free( &ctx );
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
-void rsa_check_pubpriv( int mod, char * input_Npub, char * input_Epub,
- char * input_P, char * input_Q, char * input_N,
- char * input_E, char * input_D, char * input_DP,
- char * input_DQ, char * input_QP, int result )
+void rsa_check_pubpriv(int mod, char *input_Npub, char *input_Epub,
+ char *input_P, char *input_Q, char *input_N,
+ char *input_E, char *input_D, char *input_DP,
+ char *input_DQ, char *input_QP, int result)
{
mbedtls_rsa_context pub, prv;
- mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 );
- mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init(&pub, MBEDTLS_RSA_PKCS_V15, 0);
+ mbedtls_rsa_init(&prv, MBEDTLS_RSA_PKCS_V15, 0);
pub.len = mod / 8;
prv.len = mod / 8;
- if( strlen( input_Npub ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &pub.N, input_Npub ) == 0 );
+ if (strlen(input_Npub)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&pub.N, input_Npub) == 0);
}
- if( strlen( input_Epub ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &pub.E, input_Epub ) == 0 );
+ if (strlen(input_Epub)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&pub.E, input_Epub) == 0);
}
- if( strlen( input_P ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &prv.P, input_P ) == 0 );
+ if (strlen(input_P)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&prv.P, input_P) == 0);
}
- if( strlen( input_Q ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &prv.Q, input_Q ) == 0 );
+ if (strlen(input_Q)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&prv.Q, input_Q) == 0);
}
- if( strlen( input_N ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &prv.N, input_N ) == 0 );
+ if (strlen(input_N)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&prv.N, input_N) == 0);
}
- if( strlen( input_E ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &prv.E, input_E ) == 0 );
+ if (strlen(input_E)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&prv.E, input_E) == 0);
}
- if( strlen( input_D ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &prv.D, input_D ) == 0 );
+ if (strlen(input_D)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&prv.D, input_D) == 0);
}
#if !defined(MBEDTLS_RSA_NO_CRT)
- if( strlen( input_DP ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &prv.DP, input_DP ) == 0 );
+ if (strlen(input_DP)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&prv.DP, input_DP) == 0);
}
- if( strlen( input_DQ ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &prv.DQ, input_DQ ) == 0 );
+ if (strlen(input_DQ)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&prv.DQ, input_DQ) == 0);
}
- if( strlen( input_QP ) )
- {
- TEST_ASSERT( mbedtls_test_read_mpi( &prv.QP, input_QP ) == 0 );
+ if (strlen(input_QP)) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&prv.QP, input_QP) == 0);
}
#else
((void) input_DP);
@@ -1154,155 +1130,153 @@
((void) input_QP);
#endif
- TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result );
+ TEST_ASSERT(mbedtls_rsa_check_pub_priv(&pub, &prv) == result);
exit:
- mbedtls_rsa_free( &pub );
- mbedtls_rsa_free( &prv );
+ mbedtls_rsa_free(&pub);
+ mbedtls_rsa_free(&prv);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
-void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
+void mbedtls_rsa_gen_key(int nrbits, int exponent, int result)
{
mbedtls_rsa_context ctx;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "test_suite_rsa";
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_entropy_init( &entropy );
- mbedtls_rsa_init ( &ctx, 0, 0 );
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+ mbedtls_rsa_init(&ctx, 0, 0);
- TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
- &entropy, (const unsigned char *) pers,
- strlen( pers ) ) == 0 );
+ TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen(pers)) == 0);
- TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
- if( result == 0 )
- {
- TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
+ TEST_ASSERT(mbedtls_rsa_gen_key(&ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits,
+ exponent) == result);
+ if (result == 0) {
+ TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&ctx.P, &ctx.Q) > 0);
}
exit:
- mbedtls_rsa_free( &ctx );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_rsa_free(&ctx);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
-void mbedtls_rsa_deduce_primes( char *input_N,
- char *input_D,
- char *input_E,
- char *output_P,
- char *output_Q,
- int corrupt, int result )
+void mbedtls_rsa_deduce_primes(char *input_N,
+ char *input_D,
+ char *input_E,
+ char *output_P,
+ char *output_Q,
+ int corrupt, int result)
{
mbedtls_mpi N, P, Pp, Q, Qp, D, E;
- mbedtls_mpi_init( &N );
- mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
- mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp );
- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
+ mbedtls_mpi_init(&N);
+ mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&Pp); mbedtls_mpi_init(&Qp);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &D, input_D ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Qp, output_P ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Pp, output_Q ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Qp, output_P) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Pp, output_Q) == 0);
- if( corrupt )
- TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 );
+ if (corrupt) {
+ TEST_ASSERT(mbedtls_mpi_add_int(&D, &D, 2) == 0);
+ }
/* Try to deduce P, Q from N, D, E only. */
- TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result );
+ TEST_ASSERT(mbedtls_rsa_deduce_primes(&N, &D, &E, &P, &Q) == result);
- if( !corrupt )
- {
+ if (!corrupt) {
/* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */
- TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) ||
- ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) );
+ TEST_ASSERT((mbedtls_mpi_cmp_mpi(&P, &Pp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Qp) == 0) ||
+ (mbedtls_mpi_cmp_mpi(&P, &Qp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Pp) == 0));
}
exit:
- mbedtls_mpi_free( &N );
- mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
- mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp );
- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
+ mbedtls_mpi_free(&N);
+ mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&Pp); mbedtls_mpi_free(&Qp);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_rsa_deduce_private_exponent( char *input_P,
- char *input_Q,
- char *input_E,
- char *output_D,
- int corrupt, int result )
+void mbedtls_rsa_deduce_private_exponent(char *input_P,
+ char *input_Q,
+ char *input_E,
+ char *output_D,
+ int corrupt, int result)
{
mbedtls_mpi P, Q, D, Dp, E, R, Rp;
- mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp );
- mbedtls_mpi_init( &E );
- mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp );
+ mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&Dp);
+ mbedtls_mpi_init(&E);
+ mbedtls_mpi_init(&R); mbedtls_mpi_init(&Rp);
- TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
- TEST_ASSERT( mbedtls_test_read_mpi( &Dp, output_D ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&Dp, output_D) == 0);
- if( corrupt )
- {
+ if (corrupt) {
/* Make E even */
- TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_set_bit(&E, 0, 0) == 0);
}
/* Try to deduce D from N, P, Q, E. */
- TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q,
- &E, &D ) == result );
+ TEST_ASSERT(mbedtls_rsa_deduce_private_exponent(&P, &Q,
+ &E, &D) == result);
- if( !corrupt )
- {
+ if (!corrupt) {
/*
* Check that D and Dp agree modulo LCM(P-1, Q-1).
*/
/* Replace P,Q by P-1, Q-1 */
- TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_sub_int(&P, &P, 1) == 0);
+ TEST_ASSERT(mbedtls_mpi_sub_int(&Q, &Q, 1) == 0);
/* Check D == Dp modulo P-1 */
- TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &P) == 0);
+ TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &P) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0);
/* Check D == Dp modulo Q-1 */
- TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 );
- TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &Q) == 0);
+ TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &Q) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0);
}
exit:
- mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp );
- mbedtls_mpi_free( &E );
- mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp );
+ mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&Dp);
+ mbedtls_mpi_free(&E);
+ mbedtls_mpi_free(&R); mbedtls_mpi_free(&Rp);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
-void mbedtls_rsa_import( char *input_N,
- char *input_P,
- char *input_Q,
- char *input_D,
- char *input_E,
- int successive,
- int is_priv,
- int res_check,
- int res_complete )
+void mbedtls_rsa_import(char *input_N,
+ char *input_P,
+ char *input_Q,
+ char *input_D,
+ char *input_E,
+ int successive,
+ int is_priv,
+ int res_check,
+ int res_complete)
{
mbedtls_mpi N, P, Q, D, E;
mbedtls_rsa_context ctx;
@@ -1316,140 +1290,143 @@
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "test_suite_rsa";
- const int have_N = ( strlen( input_N ) > 0 );
- const int have_P = ( strlen( input_P ) > 0 );
- const int have_Q = ( strlen( input_Q ) > 0 );
- const int have_D = ( strlen( input_D ) > 0 );
- const int have_E = ( strlen( input_E ) > 0 );
+ const int have_N = (strlen(input_N) > 0);
+ const int have_P = (strlen(input_P) > 0);
+ const int have_Q = (strlen(input_Q) > 0);
+ const int have_D = (strlen(input_D) > 0);
+ const int have_E = (strlen(input_E) > 0);
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_entropy_init( &entropy );
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+ mbedtls_rsa_init(&ctx, 0, 0);
- mbedtls_mpi_init( &N );
- mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
+ mbedtls_mpi_init(&N);
+ mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
- TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers, strlen( pers ) ) == 0 );
+ TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers, strlen(pers)) == 0);
- if( have_N )
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
-
- if( have_P )
- TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 );
-
- if( have_Q )
- TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 );
-
- if( have_D )
- TEST_ASSERT( mbedtls_test_read_mpi( &D, input_D ) == 0 );
-
- if( have_E )
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
-
- if( !successive )
- {
- TEST_ASSERT( mbedtls_rsa_import( &ctx,
- have_N ? &N : NULL,
- have_P ? &P : NULL,
- have_Q ? &Q : NULL,
- have_D ? &D : NULL,
- have_E ? &E : NULL ) == 0 );
+ if (have_N) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
}
- else
- {
+
+ if (have_P) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
+ }
+
+ if (have_Q) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
+ }
+
+ if (have_D) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0);
+ }
+
+ if (have_E) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
+ }
+
+ if (!successive) {
+ TEST_ASSERT(mbedtls_rsa_import(&ctx,
+ have_N ? &N : NULL,
+ have_P ? &P : NULL,
+ have_Q ? &Q : NULL,
+ have_D ? &D : NULL,
+ have_E ? &E : NULL) == 0);
+ } else {
/* Import N, P, Q, D, E separately.
* This should make no functional difference. */
- TEST_ASSERT( mbedtls_rsa_import( &ctx,
- have_N ? &N : NULL,
- NULL, NULL, NULL, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx,
+ have_N ? &N : NULL,
+ NULL, NULL, NULL, NULL) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx,
- NULL,
- have_P ? &P : NULL,
- NULL, NULL, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx,
+ NULL,
+ have_P ? &P : NULL,
+ NULL, NULL, NULL) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx,
- NULL, NULL,
- have_Q ? &Q : NULL,
- NULL, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx,
+ NULL, NULL,
+ have_Q ? &Q : NULL,
+ NULL, NULL) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx,
- NULL, NULL, NULL,
- have_D ? &D : NULL,
- NULL ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx,
+ NULL, NULL, NULL,
+ have_D ? &D : NULL,
+ NULL) == 0);
- TEST_ASSERT( mbedtls_rsa_import( &ctx,
- NULL, NULL, NULL, NULL,
- have_E ? &E : NULL ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx,
+ NULL, NULL, NULL, NULL,
+ have_E ? &E : NULL) == 0);
}
- TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
+ TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete);
/* On expected success, perform some public and private
* key operations to check if the key is working properly. */
- if( res_complete == 0 )
- {
- if( is_priv )
- TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
- else
- TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
+ if (res_complete == 0) {
+ if (is_priv) {
+ TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check);
+ } else {
+ TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check);
+ }
- if( res_check != 0 )
+ if (res_check != 0) {
goto exit;
+ }
- buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
- buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
- buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
- if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
+ buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
+ buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
+ buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
+ if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) {
goto exit;
+ }
- TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
- buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
+ TEST_ASSERT(mbedtls_ctr_drbg_random(&ctr_drbg,
+ buf_orig, mbedtls_rsa_get_len(&ctx)) == 0);
/* Make sure the number we're generating is smaller than the modulus */
buf_orig[0] = 0x00;
- TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0);
- if( is_priv )
- {
- TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
- &ctr_drbg, buf_enc,
- buf_dec ) == 0 );
+ if (is_priv) {
+ TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_ctr_drbg_random,
+ &ctr_drbg, buf_enc,
+ buf_dec) == 0);
- TEST_ASSERT( memcmp( buf_orig, buf_dec,
- mbedtls_rsa_get_len( &ctx ) ) == 0 );
+ TEST_ASSERT(memcmp(buf_orig, buf_dec,
+ mbedtls_rsa_get_len(&ctx)) == 0);
}
}
exit:
- mbedtls_free( buf_orig );
- mbedtls_free( buf_enc );
- mbedtls_free( buf_dec );
+ mbedtls_free(buf_orig);
+ mbedtls_free(buf_enc);
+ mbedtls_free(buf_dec);
- mbedtls_rsa_free( &ctx );
+ mbedtls_rsa_free(&ctx);
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
- mbedtls_mpi_free( &N );
- mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
+ mbedtls_mpi_free(&N);
+ mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_rsa_export( char *input_N,
- char *input_P,
- char *input_Q,
- char *input_D,
- char *input_E,
- int is_priv,
- int successive )
+void mbedtls_rsa_export(char *input_N,
+ char *input_P,
+ char *input_Q,
+ char *input_D,
+ char *input_E,
+ int is_priv,
+ int successive)
{
/* Original MPI's with which we set up the RSA context */
mbedtls_mpi N, P, Q, D, E;
@@ -1457,184 +1434,190 @@
/* Exported MPI's */
mbedtls_mpi Ne, Pe, Qe, De, Ee;
- const int have_N = ( strlen( input_N ) > 0 );
- const int have_P = ( strlen( input_P ) > 0 );
- const int have_Q = ( strlen( input_Q ) > 0 );
- const int have_D = ( strlen( input_D ) > 0 );
- const int have_E = ( strlen( input_E ) > 0 );
+ const int have_N = (strlen(input_N) > 0);
+ const int have_P = (strlen(input_P) > 0);
+ const int have_Q = (strlen(input_Q) > 0);
+ const int have_D = (strlen(input_D) > 0);
+ const int have_E = (strlen(input_E) > 0);
mbedtls_rsa_context ctx;
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init(&ctx, 0, 0);
- mbedtls_mpi_init( &N );
- mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
+ mbedtls_mpi_init(&N);
+ mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
- mbedtls_mpi_init( &Ne );
- mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe );
- mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee );
+ mbedtls_mpi_init(&Ne);
+ mbedtls_mpi_init(&Pe); mbedtls_mpi_init(&Qe);
+ mbedtls_mpi_init(&De); mbedtls_mpi_init(&Ee);
/* Setup RSA context */
- if( have_N )
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
+ if (have_N) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ }
- if( have_P )
- TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 );
+ if (have_P) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
+ }
- if( have_Q )
- TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 );
+ if (have_Q) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
+ }
- if( have_D )
- TEST_ASSERT( mbedtls_test_read_mpi( &D, input_D ) == 0 );
+ if (have_D) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0);
+ }
- if( have_E )
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
+ if (have_E) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
+ }
- TEST_ASSERT( mbedtls_rsa_import( &ctx,
- strlen( input_N ) ? &N : NULL,
- strlen( input_P ) ? &P : NULL,
- strlen( input_Q ) ? &Q : NULL,
- strlen( input_D ) ? &D : NULL,
- strlen( input_E ) ? &E : NULL ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import(&ctx,
+ strlen(input_N) ? &N : NULL,
+ strlen(input_P) ? &P : NULL,
+ strlen(input_Q) ? &Q : NULL,
+ strlen(input_D) ? &D : NULL,
+ strlen(input_E) ? &E : NULL) == 0);
- TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
/*
* Export parameters and compare to original ones.
*/
/* N and E must always be present. */
- if( !successive )
- {
- TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 );
+ if (!successive) {
+ TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, &Ee) == 0);
+ } else {
+ TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, NULL) == 0);
+ TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL, NULL, &Ee) == 0);
}
- else
- {
- TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 );
- TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 );
- }
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 );
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&N, &Ne) == 0);
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&E, &Ee) == 0);
/* If we were providing enough information to setup a complete private context,
* we expect to be able to export all core parameters. */
- if( is_priv )
- {
- if( !successive )
- {
- TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe,
- &De, NULL ) == 0 );
- }
- else
- {
- TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL,
- NULL, NULL ) == 0 );
- TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe,
- NULL, NULL ) == 0 );
- TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL,
- &De, NULL ) == 0 );
+ if (is_priv) {
+ if (!successive) {
+ TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, &Qe,
+ &De, NULL) == 0);
+ } else {
+ TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, NULL,
+ NULL, NULL) == 0);
+ TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, &Qe,
+ NULL, NULL) == 0);
+ TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL,
+ &De, NULL) == 0);
}
- if( have_P )
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 );
+ if (have_P) {
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P, &Pe) == 0);
+ }
- if( have_Q )
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 );
+ if (have_Q) {
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &Qe) == 0);
+ }
- if( have_D )
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 );
+ if (have_D) {
+ TEST_ASSERT(mbedtls_mpi_cmp_mpi(&D, &De) == 0);
+ }
/* While at it, perform a sanity check */
- TEST_ASSERT( mbedtls_rsa_validate_params( &Ne, &Pe, &Qe, &De, &Ee,
- NULL, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_validate_params(&Ne, &Pe, &Qe, &De, &Ee,
+ NULL, NULL) == 0);
}
exit:
- mbedtls_rsa_free( &ctx );
+ mbedtls_rsa_free(&ctx);
- mbedtls_mpi_free( &N );
- mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
+ mbedtls_mpi_free(&N);
+ mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
- mbedtls_mpi_free( &Ne );
- mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe );
- mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee );
+ mbedtls_mpi_free(&Ne);
+ mbedtls_mpi_free(&Pe); mbedtls_mpi_free(&Qe);
+ mbedtls_mpi_free(&De); mbedtls_mpi_free(&Ee);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
-void mbedtls_rsa_validate_params( char *input_N,
- char *input_P,
- char *input_Q,
- char *input_D,
- char *input_E,
- int prng, int result )
+void mbedtls_rsa_validate_params(char *input_N,
+ char *input_P,
+ char *input_Q,
+ char *input_D,
+ char *input_E,
+ int prng, int result)
{
/* Original MPI's with which we set up the RSA context */
mbedtls_mpi N, P, Q, D, E;
- const int have_N = ( strlen( input_N ) > 0 );
- const int have_P = ( strlen( input_P ) > 0 );
- const int have_Q = ( strlen( input_Q ) > 0 );
- const int have_D = ( strlen( input_D ) > 0 );
- const int have_E = ( strlen( input_E ) > 0 );
+ const int have_N = (strlen(input_N) > 0);
+ const int have_P = (strlen(input_P) > 0);
+ const int have_Q = (strlen(input_Q) > 0);
+ const int have_D = (strlen(input_D) > 0);
+ const int have_E = (strlen(input_E) > 0);
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "test_suite_rsa";
- mbedtls_mpi_init( &N );
- mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
+ mbedtls_mpi_init(&N);
+ mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_entropy_init( &entropy );
- TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
- &entropy, (const unsigned char *) pers,
- strlen( pers ) ) == 0 );
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+ TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen(pers)) == 0);
- if( have_N )
- TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
+ if (have_N) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+ }
- if( have_P )
- TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 );
+ if (have_P) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
+ }
- if( have_Q )
- TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 );
+ if (have_Q) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
+ }
- if( have_D )
- TEST_ASSERT( mbedtls_test_read_mpi( &D, input_D ) == 0 );
+ if (have_D) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0);
+ }
- if( have_E )
- TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
+ if (have_E) {
+ TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
+ }
- TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL,
- have_P ? &P : NULL,
- have_Q ? &Q : NULL,
- have_D ? &D : NULL,
- have_E ? &E : NULL,
- prng ? mbedtls_ctr_drbg_random : NULL,
- prng ? &ctr_drbg : NULL ) == result );
+ TEST_ASSERT(mbedtls_rsa_validate_params(have_N ? &N : NULL,
+ have_P ? &P : NULL,
+ have_Q ? &Q : NULL,
+ have_D ? &D : NULL,
+ have_E ? &E : NULL,
+ prng ? mbedtls_ctr_drbg_random : NULL,
+ prng ? &ctr_drbg : NULL) == result);
exit:
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
- mbedtls_mpi_free( &N );
- mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
+ mbedtls_mpi_free(&N);
+ mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
-void mbedtls_rsa_export_raw( data_t *input_N, data_t *input_P,
- data_t *input_Q, data_t *input_D,
- data_t *input_E, int is_priv,
- int successive )
+void mbedtls_rsa_export_raw(data_t *input_N, data_t *input_P,
+ data_t *input_Q, data_t *input_D,
+ data_t *input_E, int is_priv,
+ int successive)
{
/* Exported buffers */
unsigned char bufNe[256];
@@ -1645,94 +1628,90 @@
mbedtls_rsa_context ctx;
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init(&ctx, 0, 0);
/* Setup RSA context */
- TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
- input_N->len ? input_N->x : NULL, input_N->len,
- input_P->len ? input_P->x : NULL, input_P->len,
- input_Q->len ? input_Q->x : NULL, input_Q->len,
- input_D->len ? input_D->x : NULL, input_D->len,
- input_E->len ? input_E->x : NULL, input_E->len ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
+ input_N->len ? input_N->x : NULL, input_N->len,
+ input_P->len ? input_P->x : NULL, input_P->len,
+ input_Q->len ? input_Q->x : NULL, input_Q->len,
+ input_D->len ? input_D->x : NULL, input_D->len,
+ input_E->len ? input_E->x : NULL, input_E->len) == 0);
- TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
/*
* Export parameters and compare to original ones.
*/
/* N and E must always be present. */
- if( !successive )
- {
- TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
- NULL, 0, NULL, 0, NULL, 0,
- bufEe, input_E->len ) == 0 );
+ if (!successive) {
+ TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len,
+ NULL, 0, NULL, 0, NULL, 0,
+ bufEe, input_E->len) == 0);
+ } else {
+ TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len,
+ NULL, 0, NULL, 0, NULL, 0,
+ NULL, 0) == 0);
+ TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0,
+ NULL, 0, NULL, 0, NULL, 0,
+ bufEe, input_E->len) == 0);
}
- else
- {
- TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
- NULL, 0, NULL, 0, NULL, 0,
- NULL, 0 ) == 0 );
- TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
- NULL, 0, NULL, 0, NULL, 0,
- bufEe, input_E->len ) == 0 );
- }
- TEST_ASSERT( memcmp( input_N->x, bufNe, input_N->len ) == 0 );
- TEST_ASSERT( memcmp( input_E->x, bufEe, input_E->len ) == 0 );
+ TEST_ASSERT(memcmp(input_N->x, bufNe, input_N->len) == 0);
+ TEST_ASSERT(memcmp(input_E->x, bufEe, input_E->len) == 0);
/* If we were providing enough information to setup a complete private context,
* we expect to be able to export all core parameters. */
- if( is_priv )
- {
- if( !successive )
- {
- TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
- bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
- bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
- bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
- NULL, 0 ) == 0 );
- }
- else
- {
- TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
- bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
- NULL, 0, NULL, 0,
- NULL, 0 ) == 0 );
+ if (is_priv) {
+ if (!successive) {
+ TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0,
+ bufPe, input_P->len ? input_P->len : sizeof(bufPe),
+ bufQe, input_Q->len ? input_Q->len : sizeof(bufQe),
+ bufDe, input_D->len ? input_D->len : sizeof(bufDe),
+ NULL, 0) == 0);
+ } else {
+ TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0,
+ bufPe, input_P->len ? input_P->len : sizeof(bufPe),
+ NULL, 0, NULL, 0,
+ NULL, 0) == 0);
- TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
- bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
- NULL, 0, NULL, 0 ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0,
+ bufQe, input_Q->len ? input_Q->len : sizeof(bufQe),
+ NULL, 0, NULL, 0) == 0);
- TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, NULL, 0,
- bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
- NULL, 0 ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0, NULL, 0,
+ bufDe, input_D->len ? input_D->len : sizeof(bufDe),
+ NULL, 0) == 0);
}
- if( input_P->len )
- TEST_ASSERT( memcmp( input_P->x, bufPe, input_P->len ) == 0 );
+ if (input_P->len) {
+ TEST_ASSERT(memcmp(input_P->x, bufPe, input_P->len) == 0);
+ }
- if( input_Q->len )
- TEST_ASSERT( memcmp( input_Q->x, bufQe, input_Q->len ) == 0 );
+ if (input_Q->len) {
+ TEST_ASSERT(memcmp(input_Q->x, bufQe, input_Q->len) == 0);
+ }
- if( input_D->len )
- TEST_ASSERT( memcmp( input_D->x, bufDe, input_D->len ) == 0 );
+ if (input_D->len) {
+ TEST_ASSERT(memcmp(input_D->x, bufDe, input_D->len) == 0);
+ }
}
exit:
- mbedtls_rsa_free( &ctx );
+ mbedtls_rsa_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
-void mbedtls_rsa_import_raw( data_t *input_N,
- data_t *input_P, data_t *input_Q,
- data_t *input_D, data_t *input_E,
- int successive,
- int is_priv,
- int res_check,
- int res_complete )
+void mbedtls_rsa_import_raw(data_t *input_N,
+ data_t *input_P, data_t *input_Q,
+ data_t *input_D, data_t *input_E,
+ int successive,
+ int is_priv,
+ int res_check,
+ int res_complete)
{
/* Buffers used for encryption-decryption test */
unsigned char *buf_orig = NULL;
@@ -1745,108 +1724,108 @@
const char *pers = "test_suite_rsa";
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_entropy_init( &entropy );
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+ mbedtls_rsa_init(&ctx, 0, 0);
- TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
- &entropy, (const unsigned char *) pers,
- strlen( pers ) ) == 0 );
+ TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen(pers)) == 0);
- if( !successive )
- {
- TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
- ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
- ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
- ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
- ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
- ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
- }
- else
- {
+ if (!successive) {
+ TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
+ (input_N->len > 0) ? input_N->x : NULL, input_N->len,
+ (input_P->len > 0) ? input_P->x : NULL, input_P->len,
+ (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len,
+ (input_D->len > 0) ? input_D->x : NULL, input_D->len,
+ (input_E->len > 0) ? input_E->x : NULL,
+ input_E->len) == 0);
+ } else {
/* Import N, P, Q, D, E separately.
* This should make no functional difference. */
- TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
- ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
- NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
+ (input_N->len > 0) ? input_N->x : NULL, input_N->len,
+ NULL, 0, NULL, 0, NULL, 0, NULL, 0) == 0);
- TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
- NULL, 0,
- ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
- NULL, 0, NULL, 0, NULL, 0 ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
+ NULL, 0,
+ (input_P->len > 0) ? input_P->x : NULL, input_P->len,
+ NULL, 0, NULL, 0, NULL, 0) == 0);
- TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
- NULL, 0, NULL, 0,
- ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
- NULL, 0, NULL, 0 ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
+ NULL, 0, NULL, 0,
+ (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len,
+ NULL, 0, NULL, 0) == 0);
- TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
- NULL, 0, NULL, 0, NULL, 0,
- ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
- NULL, 0 ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
+ NULL, 0, NULL, 0, NULL, 0,
+ (input_D->len > 0) ? input_D->x : NULL, input_D->len,
+ NULL, 0) == 0);
- TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
- NULL, 0, NULL, 0, NULL, 0, NULL, 0,
- ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
+ NULL, 0, NULL, 0, NULL, 0, NULL, 0,
+ (input_E->len > 0) ? input_E->x : NULL,
+ input_E->len) == 0);
}
- TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
+ TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete);
/* On expected success, perform some public and private
* key operations to check if the key is working properly. */
- if( res_complete == 0 )
- {
- if( is_priv )
- TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
- else
- TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
+ if (res_complete == 0) {
+ if (is_priv) {
+ TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check);
+ } else {
+ TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check);
+ }
- if( res_check != 0 )
+ if (res_check != 0) {
goto exit;
+ }
- buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
- buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
- buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
- if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
+ buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
+ buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
+ buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
+ if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) {
goto exit;
+ }
- TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
- buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
+ TEST_ASSERT(mbedtls_ctr_drbg_random(&ctr_drbg,
+ buf_orig, mbedtls_rsa_get_len(&ctx)) == 0);
/* Make sure the number we're generating is smaller than the modulus */
buf_orig[0] = 0x00;
- TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0);
- if( is_priv )
- {
- TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
- &ctr_drbg, buf_enc,
- buf_dec ) == 0 );
+ if (is_priv) {
+ TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_ctr_drbg_random,
+ &ctr_drbg, buf_enc,
+ buf_dec) == 0);
- TEST_ASSERT( memcmp( buf_orig, buf_dec,
- mbedtls_rsa_get_len( &ctx ) ) == 0 );
+ TEST_ASSERT(memcmp(buf_orig, buf_dec,
+ mbedtls_rsa_get_len(&ctx)) == 0);
}
}
exit:
- mbedtls_free( buf_orig );
- mbedtls_free( buf_enc );
- mbedtls_free( buf_dec );
+ mbedtls_free(buf_orig);
+ mbedtls_free(buf_enc);
+ mbedtls_free(buf_dec);
- mbedtls_rsa_free( &ctx );
+ mbedtls_rsa_free(&ctx);
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void rsa_selftest( )
+void rsa_selftest()
{
- TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_rsa_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index f3477ec..02c410e 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -5,46 +5,46 @@
/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */
-void sha1_valid_param( )
+void sha1_valid_param()
{
- TEST_VALID_PARAM( mbedtls_sha1_free( NULL ) );
+ TEST_VALID_PARAM(mbedtls_sha1_free(NULL));
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void sha1_invalid_param( )
+void sha1_invalid_param()
{
mbedtls_sha1_context ctx;
unsigned char buf[64] = { 0 };
- size_t const buflen = sizeof( buf );
+ size_t const buflen = sizeof(buf);
- TEST_INVALID_PARAM( mbedtls_sha1_init( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_sha1_init(NULL));
- TEST_INVALID_PARAM( mbedtls_sha1_clone( NULL, &ctx ) );
- TEST_INVALID_PARAM( mbedtls_sha1_clone( &ctx, NULL ) );
+ TEST_INVALID_PARAM(mbedtls_sha1_clone(NULL, &ctx));
+ TEST_INVALID_PARAM(mbedtls_sha1_clone(&ctx, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_starts_ret( NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_sha1_starts_ret(NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_update_ret( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_update_ret( &ctx, NULL, buflen ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_sha1_update_ret(NULL, buf, buflen));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_sha1_update_ret(&ctx, NULL, buflen));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_finish_ret( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_finish_ret( &ctx, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_sha1_finish_ret(NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_sha1_finish_ret(&ctx, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_internal_sha1_process( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_internal_sha1_process( &ctx, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_internal_sha1_process(NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_internal_sha1_process(&ctx, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_ret( NULL, buflen, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_ret( buf, buflen, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_sha1_ret(NULL, buflen, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_sha1_ret(buf, buflen, NULL));
exit:
return;
@@ -52,69 +52,69 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */
-void mbedtls_sha1( data_t * src_str, data_t * hash )
+void mbedtls_sha1(data_t *src_str, data_t *hash)
{
unsigned char output[41];
memset(output, 0x00, 41);
- TEST_ASSERT( mbedtls_sha1_ret( src_str->x, src_str->len, output ) == 0 );
+ TEST_ASSERT(mbedtls_sha1_ret(src_str->x, src_str->len, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 20, hash->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x, 20, hash->len) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void sha256_valid_param( )
+void sha256_valid_param()
{
- TEST_VALID_PARAM( mbedtls_sha256_free( NULL ) );
+ TEST_VALID_PARAM(mbedtls_sha256_free(NULL));
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void sha256_invalid_param( )
+void sha256_invalid_param()
{
mbedtls_sha256_context ctx;
unsigned char buf[64] = { 0 };
- size_t const buflen = sizeof( buf );
+ size_t const buflen = sizeof(buf);
int valid_type = 0;
int invalid_type = 42;
- TEST_INVALID_PARAM( mbedtls_sha256_init( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_sha256_init(NULL));
- TEST_INVALID_PARAM( mbedtls_sha256_clone( NULL, &ctx ) );
- TEST_INVALID_PARAM( mbedtls_sha256_clone( &ctx, NULL ) );
+ TEST_INVALID_PARAM(mbedtls_sha256_clone(NULL, &ctx));
+ TEST_INVALID_PARAM(mbedtls_sha256_clone(&ctx, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_starts_ret( NULL, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_starts_ret( &ctx, invalid_type ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_starts_ret(NULL, valid_type));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_starts_ret(&ctx, invalid_type));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_update_ret( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_update_ret( &ctx, NULL, buflen ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_update_ret(NULL, buf, buflen));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_update_ret(&ctx, NULL, buflen));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_finish_ret( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_finish_ret( &ctx, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_finish_ret(NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_finish_ret(&ctx, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_internal_sha256_process( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_internal_sha256_process( &ctx, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_internal_sha256_process(NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_internal_sha256_process(&ctx, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_ret( NULL, buflen,
- buf, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_ret( buf, buflen,
- NULL, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_ret( buf, buflen,
- buf, invalid_type ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_ret(NULL, buflen,
+ buf, valid_type));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_ret(buf, buflen,
+ NULL, valid_type));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_ret(buf, buflen,
+ buf, invalid_type));
exit:
return;
@@ -122,83 +122,83 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void sha224( data_t * src_str, data_t * hash )
+void sha224(data_t *src_str, data_t *hash)
{
unsigned char output[57];
memset(output, 0x00, 57);
- TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 1 ) == 0 );
+ TEST_ASSERT(mbedtls_sha256_ret(src_str->x, src_str->len, output, 1) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 28, hash->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x, 28, hash->len) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void mbedtls_sha256( data_t * src_str, data_t * hash )
+void mbedtls_sha256(data_t *src_str, data_t *hash)
{
unsigned char output[65];
memset(output, 0x00, 65);
- TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 0 ) == 0 );
+ TEST_ASSERT(mbedtls_sha256_ret(src_str->x, src_str->len, output, 0) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 32, hash->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x, 32, hash->len) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
-void sha512_valid_param( )
+void sha512_valid_param()
{
- TEST_VALID_PARAM( mbedtls_sha512_free( NULL ) );
+ TEST_VALID_PARAM(mbedtls_sha512_free(NULL));
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void sha512_invalid_param( )
+void sha512_invalid_param()
{
mbedtls_sha512_context ctx;
unsigned char buf[64] = { 0 };
- size_t const buflen = sizeof( buf );
+ size_t const buflen = sizeof(buf);
int valid_type = 0;
int invalid_type = 42;
- TEST_INVALID_PARAM( mbedtls_sha512_init( NULL ) );
+ TEST_INVALID_PARAM(mbedtls_sha512_init(NULL));
- TEST_INVALID_PARAM( mbedtls_sha512_clone( NULL, &ctx ) );
- TEST_INVALID_PARAM( mbedtls_sha512_clone( &ctx, NULL ) );
+ TEST_INVALID_PARAM(mbedtls_sha512_clone(NULL, &ctx));
+ TEST_INVALID_PARAM(mbedtls_sha512_clone(&ctx, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_starts_ret( NULL, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_starts_ret( &ctx, invalid_type ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_starts_ret(NULL, valid_type));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_starts_ret(&ctx, invalid_type));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_update_ret( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_update_ret( &ctx, NULL, buflen ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_update_ret(NULL, buf, buflen));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_update_ret(&ctx, NULL, buflen));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_finish_ret( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_finish_ret( &ctx, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_finish_ret(NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_finish_ret(&ctx, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_internal_sha512_process( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_internal_sha512_process( &ctx, NULL ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_internal_sha512_process(NULL, buf));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_internal_sha512_process(&ctx, NULL));
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_ret( NULL, buflen,
- buf, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_ret( buf, buflen,
- NULL, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_ret( buf, buflen,
- buf, invalid_type ) );
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_ret(NULL, buflen,
+ buf, valid_type));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_ret(buf, buflen,
+ NULL, valid_type));
+ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_ret(buf, buflen,
+ buf, invalid_type));
exit:
return;
@@ -206,50 +206,50 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
-void sha384( data_t * src_str, data_t * hash )
+void sha384(data_t *src_str, data_t *hash)
{
unsigned char output[97];
memset(output, 0x00, 97);
- TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 1 ) == 0 );
+ TEST_ASSERT(mbedtls_sha512_ret(src_str->x, src_str->len, output, 1) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 48, hash->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x, 48, hash->len) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
-void mbedtls_sha512( data_t * src_str, data_t * hash )
+void mbedtls_sha512(data_t *src_str, data_t *hash)
{
unsigned char output[129];
memset(output, 0x00, 129);
- TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 0 ) == 0 );
+ TEST_ASSERT(mbedtls_sha512_ret(src_str->x, src_str->len, output, 0) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 64, hash->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x, 64, hash->len) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C:MBEDTLS_SELF_TEST */
-void sha1_selftest( )
+void sha1_selftest()
{
- TEST_ASSERT( mbedtls_sha1_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_sha1_self_test(1) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_SELF_TEST */
-void sha256_selftest( )
+void sha256_selftest()
{
- TEST_ASSERT( mbedtls_sha256_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_sha256_self_test(1) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:MBEDTLS_SELF_TEST */
-void sha512_selftest( )
+void sha512_selftest()
{
- TEST_ASSERT( mbedtls_sha512_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_sha512_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 7575f78..5a92820 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -12,16 +12,14 @@
#include <test/constant_flow.h>
-enum
-{
-#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
- tls1_3_label_ ## name,
-MBEDTLS_SSL_TLS1_3_LABEL_LIST
+enum {
+#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
+ tls1_3_label_ ## name,
+ MBEDTLS_SSL_TLS1_3_LABEL_LIST
#undef MBEDTLS_SSL_TLS1_3_LABEL
};
-typedef struct log_pattern
-{
+typedef struct log_pattern {
const char *pattern;
size_t counter;
} log_pattern;
@@ -31,9 +29,9 @@
* this case, it will count the instances of a log_pattern in the received
* logged messages.
*/
-void log_analyzer( void *ctx, int level,
- const char *file, int line,
- const char *str )
+void log_analyzer(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
{
log_pattern *p = (log_pattern *) ctx;
@@ -41,10 +39,9 @@
(void) line;
(void) file;
- if( NULL != p &&
+ if (NULL != p &&
NULL != p->pattern &&
- NULL != strstr( str, p->pattern ) )
- {
+ NULL != strstr(str, p->pattern)) {
p->counter++;
}
}
@@ -52,8 +49,7 @@
/* Invalid minor version used when not specifying a min/max version or expecting a test to fail */
#define TEST_SSL_MINOR_VERSION_NONE -1
-typedef struct handshake_test_options
-{
+typedef struct handshake_test_options {
const char *cipher;
int client_min_version;
int client_max_version;
@@ -79,38 +75,37 @@
int resize_buffers;
} handshake_test_options;
-void init_handshake_options( handshake_test_options *opts )
+void init_handshake_options(handshake_test_options *opts)
{
- opts->cipher = "";
- opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE;
- opts->client_max_version = TEST_SSL_MINOR_VERSION_NONE;
- opts->server_min_version = TEST_SSL_MINOR_VERSION_NONE;
- opts->server_max_version = TEST_SSL_MINOR_VERSION_NONE;
- opts->expected_negotiated_version = MBEDTLS_SSL_MINOR_VERSION_3;
- opts->pk_alg = MBEDTLS_PK_RSA;
- opts->psk_str = NULL;
- opts->dtls = 0;
- opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
- opts->serialize = 0;
- opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
- opts->cli_msg_len = 100;
- opts->srv_msg_len = 100;
- opts->expected_cli_fragments = 1;
- opts->expected_srv_fragments = 1;
- opts->renegotiate = 0;
- opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
- opts->srv_log_obj = NULL;
- opts->srv_log_obj = NULL;
- opts->srv_log_fun = NULL;
- opts->cli_log_fun = NULL;
- opts->resize_buffers = 1;
+ opts->cipher = "";
+ opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE;
+ opts->client_max_version = TEST_SSL_MINOR_VERSION_NONE;
+ opts->server_min_version = TEST_SSL_MINOR_VERSION_NONE;
+ opts->server_max_version = TEST_SSL_MINOR_VERSION_NONE;
+ opts->expected_negotiated_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opts->pk_alg = MBEDTLS_PK_RSA;
+ opts->psk_str = NULL;
+ opts->dtls = 0;
+ opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
+ opts->serialize = 0;
+ opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
+ opts->cli_msg_len = 100;
+ opts->srv_msg_len = 100;
+ opts->expected_cli_fragments = 1;
+ opts->expected_srv_fragments = 1;
+ opts->renegotiate = 0;
+ opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
+ opts->srv_log_obj = NULL;
+ opts->srv_log_obj = NULL;
+ opts->srv_log_fun = NULL;
+ opts->cli_log_fun = NULL;
+ opts->resize_buffers = 1;
}
/*
* Buffer structure for custom I/O callbacks.
*/
-typedef struct mbedtls_test_buffer
-{
+typedef struct mbedtls_test_buffer {
size_t start;
size_t content_length;
size_t capacity;
@@ -121,32 +116,34 @@
* Initialises \p buf. After calling this function it is safe to call
* `mbedtls_test_buffer_free()` on \p buf.
*/
-void mbedtls_test_buffer_init( mbedtls_test_buffer *buf )
+void mbedtls_test_buffer_init(mbedtls_test_buffer *buf)
{
- memset( buf, 0, sizeof( *buf ) );
+ memset(buf, 0, sizeof(*buf));
}
/*
* Sets up \p buf. After calling this function it is safe to call
* `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf.
*/
-int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity )
+int mbedtls_test_buffer_setup(mbedtls_test_buffer *buf, size_t capacity)
{
- buf->buffer = (unsigned char*) mbedtls_calloc( capacity,
- sizeof( unsigned char ) );
- if( NULL == buf->buffer )
+ buf->buffer = (unsigned char *) mbedtls_calloc(capacity,
+ sizeof(unsigned char));
+ if (NULL == buf->buffer) {
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
buf->capacity = capacity;
return 0;
}
-void mbedtls_test_buffer_free( mbedtls_test_buffer *buf )
+void mbedtls_test_buffer_free(mbedtls_test_buffer *buf)
{
- if( buf->buffer != NULL )
- mbedtls_free( buf->buffer );
+ if (buf->buffer != NULL) {
+ mbedtls_free(buf->buffer);
+ }
- memset( buf, 0, sizeof( *buf ) );
+ memset(buf, 0, sizeof(*buf));
}
/*
@@ -160,49 +157,44 @@
* \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
* zero and \p input is NULL.
*/
-int mbedtls_test_buffer_put( mbedtls_test_buffer *buf,
- const unsigned char *input, size_t input_len )
+int mbedtls_test_buffer_put(mbedtls_test_buffer *buf,
+ const unsigned char *input, size_t input_len)
{
size_t overflow = 0;
- if( ( buf == NULL ) || ( buf->buffer == NULL ) )
+ if ((buf == NULL) || (buf->buffer == NULL)) {
return -1;
+ }
/* Reduce input_len to a number that fits in the buffer. */
- if ( ( buf->content_length + input_len ) > buf->capacity )
- {
+ if ((buf->content_length + input_len) > buf->capacity) {
input_len = buf->capacity - buf->content_length;
}
- if( input == NULL )
- {
- return ( input_len == 0 ) ? 0 : -1;
+ if (input == NULL) {
+ return (input_len == 0) ? 0 : -1;
}
- /* Check if the buffer has not come full circle and free space is not in
- * the middle */
- if( buf->start + buf->content_length < buf->capacity )
- {
+ /* Check if the buffer has not come full circle and free space is not in
+ * the middle */
+ if (buf->start + buf->content_length < buf->capacity) {
/* Calculate the number of bytes that need to be placed at lower memory
- * address */
- if( buf->start + buf->content_length + input_len
- > buf->capacity )
- {
- overflow = ( buf->start + buf->content_length + input_len )
- % buf->capacity;
+ * address */
+ if (buf->start + buf->content_length + input_len
+ > buf->capacity) {
+ overflow = (buf->start + buf->content_length + input_len)
+ % buf->capacity;
}
- memcpy( buf->buffer + buf->start + buf->content_length, input,
- input_len - overflow );
- memcpy( buf->buffer, input + input_len - overflow, overflow );
+ memcpy(buf->buffer + buf->start + buf->content_length, input,
+ input_len - overflow);
+ memcpy(buf->buffer, input + input_len - overflow, overflow);
- }
- else
- {
+ } else {
/* The buffer has come full circle and free space is in the middle */
- memcpy( buf->buffer + buf->start + buf->content_length - buf->capacity,
- input, input_len );
+ memcpy(buf->buffer + buf->start + buf->content_length - buf->capacity,
+ input, input_len);
}
buf->content_length += input_len;
@@ -221,35 +213,36 @@
* \retval 0 <= value < \p output_len, if the data is not available.
* \retval -1, if \buf is NULL or it hasn't been set up.
*/
-int mbedtls_test_buffer_get( mbedtls_test_buffer *buf,
- unsigned char* output, size_t output_len )
+int mbedtls_test_buffer_get(mbedtls_test_buffer *buf,
+ unsigned char *output, size_t output_len)
{
size_t overflow = 0;
- if( ( buf == NULL ) || ( buf->buffer == NULL ) )
+ if ((buf == NULL) || (buf->buffer == NULL)) {
return -1;
+ }
- if( output == NULL && output_len == 0 )
+ if (output == NULL && output_len == 0) {
return 0;
+ }
- if( buf->content_length < output_len )
+ if (buf->content_length < output_len) {
output_len = buf->content_length;
+ }
/* Calculate the number of bytes that need to be drawn from lower memory
* address */
- if( buf->start + output_len > buf->capacity )
- {
- overflow = ( buf->start + output_len ) % buf->capacity;
+ if (buf->start + output_len > buf->capacity) {
+ overflow = (buf->start + output_len) % buf->capacity;
}
- if( output != NULL )
- {
- memcpy( output, buf->buffer + buf->start, output_len - overflow );
- memcpy( output + output_len - overflow, buf->buffer, overflow );
+ if (output != NULL) {
+ memcpy(output, buf->buffer + buf->start, output_len - overflow);
+ memcpy(output + output_len - overflow, buf->buffer, overflow);
}
buf->content_length -= output_len;
- buf->start = ( buf->start + output_len ) % buf->capacity;
+ buf->start = (buf->start + output_len) % buf->capacity;
return output_len;
}
@@ -263,8 +256,7 @@
/*
* Context for a message metadata queue (fifo) that is on top of the ring buffer.
*/
-typedef struct mbedtls_test_message_queue
-{
+typedef struct mbedtls_test_message_queue {
size_t *messages;
int pos;
int num;
@@ -280,12 +272,13 @@
* \retval 0, if a metadata queue of a given length can be allocated.
* \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed.
*/
-int mbedtls_test_message_queue_setup( mbedtls_test_message_queue *queue,
- size_t capacity )
+int mbedtls_test_message_queue_setup(mbedtls_test_message_queue *queue,
+ size_t capacity)
{
- queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof( size_t ) );
- if( NULL == queue->messages )
+ queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t));
+ if (NULL == queue->messages) {
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
queue->capacity = capacity;
queue->pos = 0;
@@ -294,15 +287,17 @@
return 0;
}
-void mbedtls_test_message_queue_free( mbedtls_test_message_queue *queue )
+void mbedtls_test_message_queue_free(mbedtls_test_message_queue *queue)
{
- if( queue == NULL )
+ if (queue == NULL) {
return;
+ }
- if( queue->messages != NULL )
- mbedtls_free( queue->messages );
+ if (queue->messages != NULL) {
+ mbedtls_free(queue->messages);
+ }
- memset( queue, 0, sizeof( *queue ) );
+ memset(queue, 0, sizeof(*queue));
}
/*
@@ -313,17 +308,19 @@
* \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full.
* \retval \p len, if the push was successful.
*/
-int mbedtls_test_message_queue_push_info( mbedtls_test_message_queue *queue,
- size_t len )
+int mbedtls_test_message_queue_push_info(mbedtls_test_message_queue *queue,
+ size_t len)
{
int place;
- if( queue == NULL )
+ if (queue == NULL) {
return MBEDTLS_TEST_ERROR_ARG_NULL;
+ }
- if( queue->num >= queue->capacity )
+ if (queue->num >= queue->capacity) {
return MBEDTLS_ERR_SSL_WANT_WRITE;
+ }
- place = ( queue->pos + queue->num ) % queue->capacity;
+ place = (queue->pos + queue->num) % queue->capacity;
queue->messages[place] = len;
queue->num++;
return len;
@@ -339,24 +336,27 @@
* \retval message length, if the pop was successful, up to the given
\p buf_len.
*/
-int mbedtls_test_message_queue_pop_info( mbedtls_test_message_queue *queue,
- size_t buf_len )
+int mbedtls_test_message_queue_pop_info(mbedtls_test_message_queue *queue,
+ size_t buf_len)
{
size_t message_length;
- if( queue == NULL )
+ if (queue == NULL) {
return MBEDTLS_TEST_ERROR_ARG_NULL;
- if( queue->num == 0 )
+ }
+ if (queue->num == 0) {
return MBEDTLS_ERR_SSL_WANT_READ;
+ }
message_length = queue->messages[queue->pos];
queue->messages[queue->pos] = 0;
queue->num--;
queue->pos++;
queue->pos %= queue->capacity;
- if( queue->pos < 0 )
+ if (queue->pos < 0) {
queue->pos += queue->capacity;
+ }
- return ( message_length > buf_len ) ? buf_len : message_length;
+ return (message_length > buf_len) ? buf_len : message_length;
}
/*
@@ -371,16 +371,18 @@
* set to the full message length so that the
* caller knows what portion of the message can be dropped.
*/
-int mbedtls_test_message_queue_peek_info( mbedtls_test_message_queue *queue,
- size_t buf_len, size_t* msg_len )
+int mbedtls_test_message_queue_peek_info(mbedtls_test_message_queue *queue,
+ size_t buf_len, size_t *msg_len)
{
- if( queue == NULL || msg_len == NULL )
+ if (queue == NULL || msg_len == NULL) {
return MBEDTLS_TEST_ERROR_ARG_NULL;
- if( queue->num == 0 )
+ }
+ if (queue->num == 0) {
return MBEDTLS_ERR_SSL_WANT_READ;
+ }
*msg_len = queue->messages[queue->pos];
- return ( *msg_len > buf_len ) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
+ return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
}
/*
* Context for the I/O callbacks simulating network connection.
@@ -388,8 +390,7 @@
#define MBEDTLS_MOCK_SOCKET_CONNECTED 1
-typedef struct mbedtls_mock_socket
-{
+typedef struct mbedtls_mock_socket {
int status;
mbedtls_test_buffer *input;
mbedtls_test_buffer *output;
@@ -399,9 +400,9 @@
/*
* Setup and teardown functions for mock sockets.
*/
-void mbedtls_mock_socket_init( mbedtls_mock_socket *socket )
+void mbedtls_mock_socket_init(mbedtls_mock_socket *socket)
{
- memset( socket, 0, sizeof( *socket ) );
+ memset(socket, 0, sizeof(*socket));
}
/*
@@ -417,27 +418,27 @@
* phenomenon that when closing a UDP connection the peer is not aware of the
* connection having been closed.
*/
-void mbedtls_mock_socket_close( mbedtls_mock_socket* socket )
+void mbedtls_mock_socket_close(mbedtls_mock_socket *socket)
{
- if( socket == NULL )
+ if (socket == NULL) {
return;
-
- if( socket->input != NULL )
- {
- mbedtls_test_buffer_free( socket->input );
- mbedtls_free( socket->input );
}
- if( socket->output != NULL )
- {
- mbedtls_test_buffer_free( socket->output );
- mbedtls_free( socket->output );
+ if (socket->input != NULL) {
+ mbedtls_test_buffer_free(socket->input);
+ mbedtls_free(socket->input);
}
- if( socket->peer != NULL )
- memset( socket->peer, 0, sizeof( *socket->peer ) );
+ if (socket->output != NULL) {
+ mbedtls_test_buffer_free(socket->output);
+ mbedtls_free(socket->output);
+ }
- memset( socket, 0, sizeof( *socket ) );
+ if (socket->peer != NULL) {
+ memset(socket->peer, 0, sizeof(*socket->peer));
+ }
+
+ memset(socket, 0, sizeof(*socket));
}
/*
@@ -450,35 +451,31 @@
* the correct value allows for simulation of MTU, sanity testing the mock
* implementation and mocking TCP connections with lower memory cost.
*/
-int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
- mbedtls_mock_socket* peer2,
- size_t bufsize )
+int mbedtls_mock_socket_connect(mbedtls_mock_socket *peer1,
+ mbedtls_mock_socket *peer2,
+ size_t bufsize)
{
int ret = -1;
peer1->output =
- (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof( mbedtls_test_buffer ) );
- if( peer1->output == NULL )
- {
+ (mbedtls_test_buffer *) mbedtls_calloc(1, sizeof(mbedtls_test_buffer));
+ if (peer1->output == NULL) {
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto exit;
}
- mbedtls_test_buffer_init( peer1->output );
- if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->output, bufsize ) ) )
- {
+ mbedtls_test_buffer_init(peer1->output);
+ if (0 != (ret = mbedtls_test_buffer_setup(peer1->output, bufsize))) {
goto exit;
}
peer2->output =
- (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof( mbedtls_test_buffer) );
- if( peer2->output == NULL )
- {
+ (mbedtls_test_buffer *) mbedtls_calloc(1, sizeof(mbedtls_test_buffer));
+ if (peer2->output == NULL) {
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto exit;
}
- mbedtls_test_buffer_init( peer2->output );
- if( 0 != ( ret = mbedtls_test_buffer_setup( peer2->output, bufsize ) ) )
- {
+ mbedtls_test_buffer_init(peer2->output);
+ if (0 != (ret = mbedtls_test_buffer_setup(peer2->output, bufsize))) {
goto exit;
}
@@ -492,10 +489,9 @@
exit:
- if( ret != 0 )
- {
- mbedtls_mock_socket_close( peer1 );
- mbedtls_mock_socket_close( peer2 );
+ if (ret != 0) {
+ mbedtls_mock_socket_close(peer1);
+ mbedtls_mock_socket_close(peer2);
}
return ret;
@@ -505,58 +501,60 @@
* Callbacks for simulating blocking I/O over connection-oriented transport.
*/
-int mbedtls_mock_tcp_send_b( void *ctx, const unsigned char *buf, size_t len )
+int mbedtls_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len)
{
- mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
+ mbedtls_mock_socket *socket = (mbedtls_mock_socket *) ctx;
- if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
+ if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
return -1;
+ }
- return mbedtls_test_buffer_put( socket->output, buf, len );
+ return mbedtls_test_buffer_put(socket->output, buf, len);
}
-int mbedtls_mock_tcp_recv_b( void *ctx, unsigned char *buf, size_t len )
+int mbedtls_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len)
{
- mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
+ mbedtls_mock_socket *socket = (mbedtls_mock_socket *) ctx;
- if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
+ if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
return -1;
+ }
- return mbedtls_test_buffer_get( socket->input, buf, len );
+ return mbedtls_test_buffer_get(socket->input, buf, len);
}
/*
* Callbacks for simulating non-blocking I/O over connection-oriented transport.
*/
-int mbedtls_mock_tcp_send_nb( void *ctx, const unsigned char *buf, size_t len )
+int mbedtls_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len)
{
- mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
+ mbedtls_mock_socket *socket = (mbedtls_mock_socket *) ctx;
- if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
+ if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
return -1;
+ }
- if( socket->output->capacity == socket->output->content_length )
- {
+ if (socket->output->capacity == socket->output->content_length) {
return MBEDTLS_ERR_SSL_WANT_WRITE;
}
- return mbedtls_test_buffer_put( socket->output, buf, len );
+ return mbedtls_test_buffer_put(socket->output, buf, len);
}
-int mbedtls_mock_tcp_recv_nb( void *ctx, unsigned char *buf, size_t len )
+int mbedtls_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len)
{
- mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
+ mbedtls_mock_socket *socket = (mbedtls_mock_socket *) ctx;
- if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
+ if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
return -1;
+ }
- if( socket->input->content_length == 0 )
- {
+ if (socket->input->content_length == 0) {
return MBEDTLS_ERR_SSL_WANT_READ;
}
- return mbedtls_test_buffer_get( socket->input, buf, len );
+ return mbedtls_test_buffer_get(socket->input, buf, len);
}
/* Errors used in the message socket mocks */
@@ -572,14 +570,13 @@
* considered as an owner of the input queue only, which is initialized and
* freed in the respective setup and free calls.
*/
-typedef struct mbedtls_test_message_socket_context
-{
- mbedtls_test_message_queue* queue_input;
- mbedtls_test_message_queue* queue_output;
- mbedtls_mock_socket* socket;
+typedef struct mbedtls_test_message_socket_context {
+ mbedtls_test_message_queue *queue_input;
+ mbedtls_test_message_queue *queue_output;
+ mbedtls_mock_socket *socket;
} mbedtls_test_message_socket_context;
-void mbedtls_message_socket_init( mbedtls_test_message_socket_context *ctx )
+void mbedtls_message_socket_init(mbedtls_test_message_socket_context *ctx)
{
ctx->queue_input = NULL;
ctx->queue_output = NULL;
@@ -595,19 +592,20 @@
* \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message
* queue failed.
*/
-int mbedtls_message_socket_setup( mbedtls_test_message_queue* queue_input,
- mbedtls_test_message_queue* queue_output,
- size_t queue_capacity,
- mbedtls_mock_socket* socket,
- mbedtls_test_message_socket_context* ctx )
+int mbedtls_message_socket_setup(mbedtls_test_message_queue *queue_input,
+ mbedtls_test_message_queue *queue_output,
+ size_t queue_capacity,
+ mbedtls_mock_socket *socket,
+ mbedtls_test_message_socket_context *ctx)
{
- int ret = mbedtls_test_message_queue_setup( queue_input, queue_capacity );
- if( ret != 0 )
+ int ret = mbedtls_test_message_queue_setup(queue_input, queue_capacity);
+ if (ret != 0) {
return ret;
+ }
ctx->queue_input = queue_input;
ctx->queue_output = queue_output;
ctx->socket = socket;
- mbedtls_mock_socket_init( socket );
+ mbedtls_mock_socket_init(socket);
return 0;
}
@@ -616,14 +614,15 @@
* Close a given message socket context, along with the socket itself. Free the
* memory allocated by the input queue.
*/
-void mbedtls_message_socket_close( mbedtls_test_message_socket_context* ctx )
+void mbedtls_message_socket_close(mbedtls_test_message_socket_context *ctx)
{
- if( ctx == NULL )
+ if (ctx == NULL) {
return;
+ }
- mbedtls_test_message_queue_free( ctx->queue_input );
- mbedtls_mock_socket_close( ctx->socket );
- memset( ctx, 0, sizeof( *ctx ) );
+ mbedtls_test_message_queue_free(ctx->queue_input);
+ mbedtls_mock_socket_close(ctx->socket);
+ memset(ctx, 0, sizeof(*ctx));
}
/*
@@ -638,28 +637,29 @@
* This function will also return any error from
* mbedtls_test_message_queue_push_info.
*/
-int mbedtls_mock_tcp_send_msg( void *ctx, const unsigned char *buf, size_t len )
+int mbedtls_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len)
{
- mbedtls_test_message_queue* queue;
- mbedtls_mock_socket* socket;
- mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
+ mbedtls_test_message_queue *queue;
+ mbedtls_mock_socket *socket;
+ mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context *) ctx;
- if( context == NULL || context->socket == NULL
- || context->queue_output == NULL )
- {
+ if (context == NULL || context->socket == NULL
+ || context->queue_output == NULL) {
return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
}
queue = context->queue_output;
socket = context->socket;
- if( queue->num >= queue->capacity )
+ if (queue->num >= queue->capacity) {
return MBEDTLS_ERR_SSL_WANT_WRITE;
+ }
- if( mbedtls_mock_tcp_send_b( socket, buf, len ) != (int) len )
+ if (mbedtls_mock_tcp_send_b(socket, buf, len) != (int) len) {
return MBEDTLS_TEST_ERROR_SEND_FAILED;
+ }
- return mbedtls_test_message_queue_push_info( queue, len );
+ return mbedtls_test_message_queue_push_info(queue, len);
}
/*
@@ -674,18 +674,17 @@
* This function will also return any error other than
* MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from mbedtls_test_message_queue_peek_info.
*/
-int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len )
+int mbedtls_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len)
{
- mbedtls_test_message_queue* queue;
- mbedtls_mock_socket* socket;
- mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
+ mbedtls_test_message_queue *queue;
+ mbedtls_mock_socket *socket;
+ mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context *) ctx;
size_t drop_len = 0;
size_t msg_len;
int ret;
- if( context == NULL || context->socket == NULL
- || context->queue_input == NULL )
- {
+ if (context == NULL || context->socket == NULL
+ || context->queue_input == NULL) {
return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
}
@@ -694,33 +693,30 @@
/* Peek first, so that in case of a socket error the data remains in
* the queue. */
- ret = mbedtls_test_message_queue_peek_info( queue, buf_len, &msg_len );
- if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
- {
+ ret = mbedtls_test_message_queue_peek_info(queue, buf_len, &msg_len);
+ if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) {
/* Calculate how much to drop */
drop_len = msg_len - buf_len;
/* Set the requested message len to be buffer length */
msg_len = buf_len;
- } else if( ret != 0 )
- {
+ } else if (ret != 0) {
return ret;
}
- if( mbedtls_mock_tcp_recv_b( socket, buf, msg_len ) != (int) msg_len )
+ if (mbedtls_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) {
return MBEDTLS_TEST_ERROR_RECV_FAILED;
+ }
- if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
- {
+ if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) {
/* Drop the remaining part of the message */
- if( mbedtls_mock_tcp_recv_b( socket, NULL, drop_len ) != (int) drop_len )
- {
- /* Inconsistent state - part of the message was read,
- * and a part couldn't. Not much we can do here, but it should not
- * happen in test environment, unless forced manually. */
+ if (mbedtls_mock_tcp_recv_b(socket, NULL, drop_len) != (int) drop_len) {
+ /* Inconsistent state - part of the message was read,
+ * and a part couldn't. Not much we can do here, but it should not
+ * happen in test environment, unless forced manually. */
}
}
- mbedtls_test_message_queue_pop_info( queue, buf_len );
+ mbedtls_test_message_queue_pop_info(queue, buf_len);
return msg_len;
}
@@ -732,18 +728,16 @@
/*
* Structure with endpoint's certificates for SSL communication tests.
*/
-typedef struct mbedtls_endpoint_certificate
-{
- mbedtls_x509_crt* ca_cert;
- mbedtls_x509_crt* cert;
- mbedtls_pk_context* pkey;
+typedef struct mbedtls_endpoint_certificate {
+ mbedtls_x509_crt *ca_cert;
+ mbedtls_x509_crt *cert;
+ mbedtls_pk_context *pkey;
} mbedtls_endpoint_certificate;
/*
* Endpoint structure for SSL communication tests.
*/
-typedef struct mbedtls_endpoint
-{
+typedef struct mbedtls_endpoint {
const char *name;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
@@ -756,34 +750,29 @@
/*
* Deinitializes certificates from endpoint represented by \p ep.
*/
-void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
+void mbedtls_endpoint_certificate_free(mbedtls_endpoint *ep)
{
- mbedtls_endpoint_certificate *cert = &( ep->cert );
- if( cert != NULL )
- {
- if( cert->ca_cert != NULL )
- {
- mbedtls_x509_crt_free( cert->ca_cert );
- mbedtls_free( cert->ca_cert );
+ mbedtls_endpoint_certificate *cert = &(ep->cert);
+ if (cert != NULL) {
+ if (cert->ca_cert != NULL) {
+ mbedtls_x509_crt_free(cert->ca_cert);
+ mbedtls_free(cert->ca_cert);
cert->ca_cert = NULL;
}
- if( cert->cert != NULL )
- {
- mbedtls_x509_crt_free( cert->cert );
- mbedtls_free( cert->cert );
+ if (cert->cert != NULL) {
+ mbedtls_x509_crt_free(cert->cert);
+ mbedtls_free(cert->cert);
cert->cert = NULL;
}
- if( cert->pkey != NULL )
- {
+ if (cert->pkey != NULL) {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( mbedtls_pk_get_type( cert->pkey ) == MBEDTLS_PK_OPAQUE )
- {
+ if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) {
mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx;
- psa_destroy_key( *key_slot );
+ psa_destroy_key(*key_slot);
}
#endif
- mbedtls_pk_free( cert->pkey );
- mbedtls_free( cert->pkey );
+ mbedtls_pk_free(cert->pkey);
+ mbedtls_free(cert->pkey);
cert->pkey = NULL;
}
}
@@ -795,103 +784,91 @@
*
* \retval 0 on success, otherwise error code.
*/
-int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
+int mbedtls_endpoint_certificate_init(mbedtls_endpoint *ep, int pk_alg)
{
int i = 0;
int ret = -1;
mbedtls_endpoint_certificate *cert = NULL;
- if( ep == NULL )
- {
+ if (ep == NULL) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- cert = &( ep->cert );
- ASSERT_ALLOC( cert->ca_cert, 1 );
- ASSERT_ALLOC( cert->cert, 1 );
- ASSERT_ALLOC( cert->pkey, 1 );
+ cert = &(ep->cert);
+ ASSERT_ALLOC(cert->ca_cert, 1);
+ ASSERT_ALLOC(cert->cert, 1);
+ ASSERT_ALLOC(cert->pkey, 1);
- mbedtls_x509_crt_init( cert->ca_cert );
- mbedtls_x509_crt_init( cert->cert );
- mbedtls_pk_init( cert->pkey );
+ mbedtls_x509_crt_init(cert->ca_cert);
+ mbedtls_x509_crt_init(cert->cert);
+ mbedtls_pk_init(cert->pkey);
/* Load the trusted CA */
- for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
- {
- ret = mbedtls_x509_crt_parse_der( cert->ca_cert,
- (const unsigned char *) mbedtls_test_cas_der[i],
- mbedtls_test_cas_der_len[i] );
- TEST_ASSERT( ret == 0 );
+ for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) {
+ ret = mbedtls_x509_crt_parse_der(cert->ca_cert,
+ (const unsigned char *) mbedtls_test_cas_der[i],
+ mbedtls_test_cas_der_len[i]);
+ TEST_ASSERT(ret == 0);
}
/* Load own certificate and private key */
- if( ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER )
- {
- if( pk_alg == MBEDTLS_PK_RSA )
- {
- ret = mbedtls_x509_crt_parse( cert->cert,
- (const unsigned char*) mbedtls_test_srv_crt_rsa_sha256_der,
- mbedtls_test_srv_crt_rsa_sha256_der_len );
- TEST_ASSERT( ret == 0 );
+ if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) {
+ if (pk_alg == MBEDTLS_PK_RSA) {
+ ret = mbedtls_x509_crt_parse(cert->cert,
+ (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der,
+ mbedtls_test_srv_crt_rsa_sha256_der_len);
+ TEST_ASSERT(ret == 0);
- ret = mbedtls_pk_parse_key( cert->pkey,
- (const unsigned char*) mbedtls_test_srv_key_rsa_der,
- mbedtls_test_srv_key_rsa_der_len, NULL, 0 );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_pk_parse_key(cert->pkey,
+ (const unsigned char *) mbedtls_test_srv_key_rsa_der,
+ mbedtls_test_srv_key_rsa_der_len, NULL, 0);
+ TEST_ASSERT(ret == 0);
+ } else {
+ ret = mbedtls_x509_crt_parse(cert->cert,
+ (const unsigned char *) mbedtls_test_srv_crt_ec_der,
+ mbedtls_test_srv_crt_ec_der_len);
+ TEST_ASSERT(ret == 0);
+
+ ret = mbedtls_pk_parse_key(cert->pkey,
+ (const unsigned char *) mbedtls_test_srv_key_ec_der,
+ mbedtls_test_srv_key_ec_der_len, NULL, 0);
+ TEST_ASSERT(ret == 0);
}
- else
- {
- ret = mbedtls_x509_crt_parse( cert->cert,
- (const unsigned char*) mbedtls_test_srv_crt_ec_der,
- mbedtls_test_srv_crt_ec_der_len );
- TEST_ASSERT( ret == 0 );
+ } else {
+ if (pk_alg == MBEDTLS_PK_RSA) {
+ ret = mbedtls_x509_crt_parse(cert->cert,
+ (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
+ mbedtls_test_cli_crt_rsa_der_len);
+ TEST_ASSERT(ret == 0);
- ret = mbedtls_pk_parse_key( cert->pkey,
- (const unsigned char*) mbedtls_test_srv_key_ec_der,
- mbedtls_test_srv_key_ec_der_len, NULL, 0 );
- TEST_ASSERT( ret == 0 );
- }
- }
- else
- {
- if( pk_alg == MBEDTLS_PK_RSA )
- {
- ret = mbedtls_x509_crt_parse( cert->cert,
- (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
- mbedtls_test_cli_crt_rsa_der_len );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_pk_parse_key(cert->pkey,
+ (const unsigned char *) mbedtls_test_cli_key_rsa_der,
+ mbedtls_test_cli_key_rsa_der_len, NULL, 0);
+ TEST_ASSERT(ret == 0);
+ } else {
+ ret = mbedtls_x509_crt_parse(cert->cert,
+ (const unsigned char *) mbedtls_test_cli_crt_ec_der,
+ mbedtls_test_cli_crt_ec_len);
+ TEST_ASSERT(ret == 0);
- ret = mbedtls_pk_parse_key( cert->pkey,
- (const unsigned char *) mbedtls_test_cli_key_rsa_der,
- mbedtls_test_cli_key_rsa_der_len, NULL, 0 );
- TEST_ASSERT( ret == 0 );
- }
- else
- {
- ret = mbedtls_x509_crt_parse( cert->cert,
- (const unsigned char *) mbedtls_test_cli_crt_ec_der,
- mbedtls_test_cli_crt_ec_len );
- TEST_ASSERT( ret == 0 );
-
- ret = mbedtls_pk_parse_key( cert->pkey,
- (const unsigned char *) mbedtls_test_cli_key_ec_der,
- mbedtls_test_cli_key_ec_der_len, NULL, 0 );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_pk_parse_key(cert->pkey,
+ (const unsigned char *) mbedtls_test_cli_key_ec_der,
+ mbedtls_test_cli_key_ec_der_len, NULL, 0);
+ TEST_ASSERT(ret == 0);
}
}
- mbedtls_ssl_conf_ca_chain( &( ep->conf ), cert->ca_cert, NULL );
+ mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL);
- ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), cert->cert,
- cert->pkey );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert,
+ cert->pkey);
+ TEST_ASSERT(ret == 0);
exit:
- if( ret != 0 )
- {
- mbedtls_endpoint_certificate_free( ep );
+ if (ret != 0) {
+ mbedtls_endpoint_certificate_free(ep);
}
return ret;
@@ -911,87 +888,85 @@
*
* \retval 0 on success, otherwise error code.
*/
-int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
- mbedtls_test_message_socket_context *dtls_context,
- mbedtls_test_message_queue *input_queue,
- mbedtls_test_message_queue *output_queue,
- const mbedtls_ecp_group_id *curves )
+int mbedtls_endpoint_init(mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
+ mbedtls_test_message_socket_context *dtls_context,
+ mbedtls_test_message_queue *input_queue,
+ mbedtls_test_message_queue *output_queue,
+ const mbedtls_ecp_group_id *curves)
{
int ret = -1;
- if( dtls_context != NULL && ( input_queue == NULL || output_queue == NULL ) )
+ if (dtls_context != NULL && (input_queue == NULL || output_queue == NULL)) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
-
- if( ep == NULL )
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
-
- memset( ep, 0, sizeof( *ep ) );
-
- ep->name = ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ? "Server" : "Client";
-
- mbedtls_ssl_init( &( ep->ssl ) );
- mbedtls_ssl_config_init( &( ep->conf ) );
- mbedtls_ctr_drbg_init( &( ep->ctr_drbg ) );
- mbedtls_ssl_conf_rng( &( ep->conf ),
- mbedtls_ctr_drbg_random,
- &( ep->ctr_drbg ) );
- mbedtls_entropy_init( &( ep->entropy ) );
- if( dtls_context != NULL )
- {
- TEST_ASSERT( mbedtls_message_socket_setup( input_queue, output_queue,
- 100, &( ep->socket ),
- dtls_context ) == 0 );
- }
- else
- {
- mbedtls_mock_socket_init( &( ep->socket ) );
}
- ret = mbedtls_ctr_drbg_seed( &( ep->ctr_drbg ), mbedtls_entropy_func,
- &( ep->entropy ), (const unsigned char *) ( ep->name ),
- strlen( ep->name ) );
- TEST_ASSERT( ret == 0 );
+ if (ep == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
+
+ memset(ep, 0, sizeof(*ep));
+
+ ep->name = (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? "Server" : "Client";
+
+ mbedtls_ssl_init(&(ep->ssl));
+ mbedtls_ssl_config_init(&(ep->conf));
+ mbedtls_ctr_drbg_init(&(ep->ctr_drbg));
+ mbedtls_ssl_conf_rng(&(ep->conf),
+ mbedtls_ctr_drbg_random,
+ &(ep->ctr_drbg));
+ mbedtls_entropy_init(&(ep->entropy));
+ if (dtls_context != NULL) {
+ TEST_ASSERT(mbedtls_message_socket_setup(input_queue, output_queue,
+ 100, &(ep->socket),
+ dtls_context) == 0);
+ } else {
+ mbedtls_mock_socket_init(&(ep->socket));
+ }
+
+ ret = mbedtls_ctr_drbg_seed(&(ep->ctr_drbg), mbedtls_entropy_func,
+ &(ep->entropy), (const unsigned char *) (ep->name),
+ strlen(ep->name));
+ TEST_ASSERT(ret == 0);
/* Non-blocking callbacks without timeout */
- if( dtls_context != NULL )
- {
- mbedtls_ssl_set_bio( &( ep->ssl ), dtls_context,
- mbedtls_mock_tcp_send_msg,
- mbedtls_mock_tcp_recv_msg,
- NULL );
- }
- else
- {
- mbedtls_ssl_set_bio( &( ep->ssl ), &( ep->socket ),
- mbedtls_mock_tcp_send_nb,
- mbedtls_mock_tcp_recv_nb,
- NULL );
+ if (dtls_context != NULL) {
+ mbedtls_ssl_set_bio(&(ep->ssl), dtls_context,
+ mbedtls_mock_tcp_send_msg,
+ mbedtls_mock_tcp_recv_msg,
+ NULL);
+ } else {
+ mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket),
+ mbedtls_mock_tcp_send_nb,
+ mbedtls_mock_tcp_recv_nb,
+ NULL);
}
- ret = mbedtls_ssl_config_defaults( &( ep->conf ), endpoint_type,
- ( dtls_context != NULL ) ?
- MBEDTLS_SSL_TRANSPORT_DATAGRAM :
- MBEDTLS_SSL_TRANSPORT_STREAM,
- MBEDTLS_SSL_PRESET_DEFAULT );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type,
+ (dtls_context != NULL) ?
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM :
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT);
+ TEST_ASSERT(ret == 0);
#if defined(MBEDTLS_ECP_C)
- if( curves != NULL )
- mbedtls_ssl_conf_curves( &(ep->conf), curves );
+ if (curves != NULL) {
+ mbedtls_ssl_conf_curves(&(ep->conf), curves);
+ }
#else
(void) curves;
#endif
- ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf));
+ TEST_ASSERT(ret == 0);
#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
- if( endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL )
- mbedtls_ssl_conf_dtls_cookies( &( ep->conf ), NULL, NULL, NULL );
+ if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) {
+ mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL);
+ }
#endif
- ret = mbedtls_endpoint_certificate_init( ep, pk_alg );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_endpoint_certificate_init(ep, pk_alg);
+ TEST_ASSERT(ret == 0);
exit:
return ret;
@@ -1000,23 +975,20 @@
/*
* Deinitializes endpoint represented by \p ep.
*/
-void mbedtls_endpoint_free( mbedtls_endpoint *ep,
- mbedtls_test_message_socket_context *context )
+void mbedtls_endpoint_free(mbedtls_endpoint *ep,
+ mbedtls_test_message_socket_context *context)
{
- mbedtls_endpoint_certificate_free( ep );
+ mbedtls_endpoint_certificate_free(ep);
- mbedtls_ssl_free( &( ep->ssl ) );
- mbedtls_ssl_config_free( &( ep->conf ) );
- mbedtls_ctr_drbg_free( &( ep->ctr_drbg ) );
- mbedtls_entropy_free( &( ep->entropy ) );
+ mbedtls_ssl_free(&(ep->ssl));
+ mbedtls_ssl_config_free(&(ep->conf));
+ mbedtls_ctr_drbg_free(&(ep->ctr_drbg));
+ mbedtls_entropy_free(&(ep->entropy));
- if( context != NULL )
- {
- mbedtls_message_socket_close( context );
- }
- else
- {
- mbedtls_mock_socket_close( &( ep->socket ) );
+ if (context != NULL) {
+ mbedtls_message_socket_close(context);
+ } else {
+ mbedtls_mock_socket_close(&(ep->socket));
}
}
@@ -1027,45 +999,40 @@
*
* \retval 0 on success, otherwise error code.
*/
-int mbedtls_move_handshake_to_state( mbedtls_ssl_context *ssl,
- mbedtls_ssl_context *second_ssl,
- int state )
+int mbedtls_move_handshake_to_state(mbedtls_ssl_context *ssl,
+ mbedtls_ssl_context *second_ssl,
+ int state)
{
enum { BUFFSIZE = 1024 };
int max_steps = 1000;
int ret = 0;
- if( ssl == NULL || second_ssl == NULL )
- {
+ if (ssl == NULL || second_ssl == NULL) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
/* Perform communication via connected sockets */
- while( ( ssl->state != state ) && ( --max_steps >= 0 ) )
- {
+ while ((ssl->state != state) && (--max_steps >= 0)) {
/* If /p second_ssl ends the handshake procedure before /p ssl then
* there is no need to call the next step */
- if( second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
- {
- ret = mbedtls_ssl_handshake_step( second_ssl );
- if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
- ret != MBEDTLS_ERR_SSL_WANT_WRITE )
- {
+ if (second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
+ ret = mbedtls_ssl_handshake_step(second_ssl);
+ if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
return ret;
}
}
/* We only care about the \p ssl state and returns, so we call it last,
* to leave the iteration as soon as the state is as expected. */
- ret = mbedtls_ssl_handshake_step( ssl );
- if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
- ret != MBEDTLS_ERR_SSL_WANT_WRITE )
- {
+ ret = mbedtls_ssl_handshake_step(ssl);
+ if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
return ret;
}
}
- return ( max_steps >= 0 ) ? ret : -1;
+ return (max_steps >= 0) ? ret : -1;
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
@@ -1073,38 +1040,32 @@
/*
* Write application data. Increase write counter if necessary.
*/
-int mbedtls_ssl_write_fragment( mbedtls_ssl_context *ssl, unsigned char *buf,
- int buf_len, int *written,
- const int expected_fragments )
+int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, unsigned char *buf,
+ int buf_len, int *written,
+ const int expected_fragments)
{
- int ret = mbedtls_ssl_write( ssl, buf + *written, buf_len - *written );
- if( ret > 0 )
- {
+ int ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written);
+ if (ret > 0) {
*written += ret;
}
- if( expected_fragments == 0 )
- {
+ if (expected_fragments == 0) {
/* Used for DTLS and the message size larger than MFL. In that case
* the message can not be fragmented and the library should return
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned
* to prevent a dead loop inside mbedtls_exchange_data(). */
return ret;
- }
- else if( expected_fragments == 1 )
- {
+ } else if (expected_fragments == 1) {
/* Used for TLS/DTLS and the message size lower than MFL */
- TEST_ASSERT( ret == buf_len ||
- ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE );
- }
- else
- {
+ TEST_ASSERT(ret == buf_len ||
+ ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+ } else {
/* Used for TLS and the message size larger than MFL */
- TEST_ASSERT( expected_fragments > 1 );
- TEST_ASSERT( ( ret >= 0 && ret <= buf_len ) ||
- ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ TEST_ASSERT(expected_fragments > 1);
+ TEST_ASSERT((ret >= 0 && ret <= buf_len) ||
+ ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
}
return 0;
@@ -1117,33 +1078,27 @@
/*
* Read application data and increase read counter and fragments counter if necessary.
*/
-int mbedtls_ssl_read_fragment( mbedtls_ssl_context *ssl, unsigned char *buf,
- int buf_len, int *read,
- int *fragments, const int expected_fragments )
+int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, unsigned char *buf,
+ int buf_len, int *read,
+ int *fragments, const int expected_fragments)
{
- int ret = mbedtls_ssl_read( ssl, buf + *read, buf_len - *read );
- if( ret > 0 )
- {
- ( *fragments )++;
+ int ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read);
+ if (ret > 0) {
+ (*fragments)++;
*read += ret;
}
- if( expected_fragments == 0 )
- {
- TEST_ASSERT( ret == 0 );
- }
- else if( expected_fragments == 1 )
- {
- TEST_ASSERT( ret == buf_len ||
- ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE );
- }
- else
- {
- TEST_ASSERT( expected_fragments > 1 );
- TEST_ASSERT( ( ret >= 0 && ret <= buf_len ) ||
- ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ if (expected_fragments == 0) {
+ TEST_ASSERT(ret == 0);
+ } else if (expected_fragments == 1) {
+ TEST_ASSERT(ret == buf_len ||
+ ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+ } else {
+ TEST_ASSERT(expected_fragments > 1);
+ TEST_ASSERT((ret >= 0 && ret <= buf_len) ||
+ ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
}
return 0;
@@ -1159,54 +1114,52 @@
* and version.
*/
-#define CHK( x ) \
+#define CHK(x) \
do \
{ \
- if( !( x ) ) \
+ if (!(x)) \
{ \
ret = -1; \
goto cleanup; \
} \
- } while( 0 )
+ } while (0)
-void set_ciphersuite( mbedtls_ssl_config *conf, const char *cipher,
- int* forced_ciphersuite )
+void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher,
+ int *forced_ciphersuite)
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
- forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( cipher );
+ forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher);
forced_ciphersuite[1] = 0;
ciphersuite_info =
- mbedtls_ssl_ciphersuite_from_id( forced_ciphersuite[0] );
+ mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]);
- TEST_ASSERT( ciphersuite_info != NULL );
- TEST_ASSERT( ciphersuite_info->min_minor_ver <= conf->max_minor_ver );
- TEST_ASSERT( ciphersuite_info->max_minor_ver >= conf->min_minor_ver );
+ TEST_ASSERT(ciphersuite_info != NULL);
+ TEST_ASSERT(ciphersuite_info->min_minor_ver <= conf->max_minor_ver);
+ TEST_ASSERT(ciphersuite_info->max_minor_ver >= conf->min_minor_ver);
- if( conf->max_minor_ver > ciphersuite_info->max_minor_ver )
- {
+ if (conf->max_minor_ver > ciphersuite_info->max_minor_ver) {
conf->max_minor_ver = ciphersuite_info->max_minor_ver;
}
- if( conf->min_minor_ver < ciphersuite_info->min_minor_ver )
- {
+ if (conf->min_minor_ver < ciphersuite_info->min_minor_ver) {
conf->min_minor_ver = ciphersuite_info->min_minor_ver;
}
- mbedtls_ssl_conf_ciphersuites( conf, forced_ciphersuite );
+ mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite);
exit:
return;
}
-int psk_dummy_callback( void *p_info, mbedtls_ssl_context *ssl,
- const unsigned char *name, size_t name_len )
+int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl,
+ const unsigned char *name, size_t name_len)
{
(void) p_info;
(void) ssl;
(void) name;
(void) name_len;
- return ( 0 );
+ return 0;
}
#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
@@ -1215,12 +1168,12 @@
#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
#endif
-static int build_transforms( mbedtls_ssl_transform *t_in,
- mbedtls_ssl_transform *t_out,
- int cipher_type, int hash_id,
- int etm, int tag_mode, int ver,
- size_t cid0_len,
- size_t cid1_len )
+static int build_transforms(mbedtls_ssl_transform *t_in,
+ mbedtls_ssl_transform *t_out,
+ int cipher_type, int hash_id,
+ int etm, int tag_mode, int ver,
+ size_t cid0_len,
+ size_t cid1_len)
{
mbedtls_cipher_info_t const *cipher_info;
int ret = 0;
@@ -1231,11 +1184,11 @@
unsigned char iv_enc[16], iv_dec[16];
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned char cid0[ SSL_CID_LEN_MIN ];
- unsigned char cid1[ SSL_CID_LEN_MIN ];
+ unsigned char cid0[SSL_CID_LEN_MIN];
+ unsigned char cid1[SSL_CID_LEN_MIN];
- mbedtls_test_rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
- mbedtls_test_rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
+ mbedtls_test_rnd_std_rand(NULL, cid0, sizeof(cid0));
+ mbedtls_test_rnd_std_rand(NULL, cid1, sizeof(cid1));
#else
((void) cid0_len);
((void) cid1_len);
@@ -1244,91 +1197,87 @@
maclen = 0;
/* Pick cipher */
- cipher_info = mbedtls_cipher_info_from_type( cipher_type );
- CHK( cipher_info != NULL );
- CHK( cipher_info->iv_size <= 16 );
- CHK( cipher_info->key_bitlen % 8 == 0 );
+ cipher_info = mbedtls_cipher_info_from_type(cipher_type);
+ CHK(cipher_info != NULL);
+ CHK(cipher_info->iv_size <= 16);
+ CHK(cipher_info->key_bitlen % 8 == 0);
/* Pick keys */
keylen = cipher_info->key_bitlen / 8;
/* Allocate `keylen + 1` bytes to ensure that we get
* a non-NULL pointers from `mbedtls_calloc` even if
* `keylen == 0` in the case of the NULL cipher. */
- CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
- CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
- memset( key0, 0x1, keylen );
- memset( key1, 0x2, keylen );
+ CHK((key0 = mbedtls_calloc(1, keylen + 1)) != NULL);
+ CHK((key1 = mbedtls_calloc(1, keylen + 1)) != NULL);
+ memset(key0, 0x1, keylen);
+ memset(key1, 0x2, keylen);
/* Setup cipher contexts */
- CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
- CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
- CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
- CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
+ CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0);
+ CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0);
+ CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0);
+ CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- if( cipher_info->mode == MBEDTLS_MODE_CBC )
- {
- CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
- MBEDTLS_PADDING_NONE ) == 0 );
- CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
- MBEDTLS_PADDING_NONE ) == 0 );
- CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc,
- MBEDTLS_PADDING_NONE ) == 0 );
- CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
- MBEDTLS_PADDING_NONE ) == 0 );
+ if (cipher_info->mode == MBEDTLS_MODE_CBC) {
+ CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc,
+ MBEDTLS_PADDING_NONE) == 0);
+ CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec,
+ MBEDTLS_PADDING_NONE) == 0);
+ CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc,
+ MBEDTLS_PADDING_NONE) == 0);
+ CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec,
+ MBEDTLS_PADDING_NONE) == 0);
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
- CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
- keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
- CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
- keylen << 3, MBEDTLS_DECRYPT ) == 0 );
- CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1,
- keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
- CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
- keylen << 3, MBEDTLS_DECRYPT ) == 0 );
+ CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0,
+ keylen << 3, MBEDTLS_ENCRYPT) == 0);
+ CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1,
+ keylen << 3, MBEDTLS_DECRYPT) == 0);
+ CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1,
+ keylen << 3, MBEDTLS_ENCRYPT) == 0);
+ CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0,
+ keylen << 3, MBEDTLS_DECRYPT) == 0);
/* Setup MAC contexts */
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
- if( cipher_info->mode == MBEDTLS_MODE_CBC ||
- cipher_info->mode == MBEDTLS_MODE_STREAM )
- {
+ if (cipher_info->mode == MBEDTLS_MODE_CBC ||
+ cipher_info->mode == MBEDTLS_MODE_STREAM) {
mbedtls_md_info_t const *md_info;
/* Pick hash */
- md_info = mbedtls_md_info_from_type( hash_id );
- CHK( md_info != NULL );
+ md_info = mbedtls_md_info_from_type(hash_id);
+ CHK(md_info != NULL);
/* Pick hash keys */
- maclen = mbedtls_md_get_size( md_info );
- CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL );
- CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL );
- memset( md0, 0x5, maclen );
- memset( md1, 0x6, maclen );
+ maclen = mbedtls_md_get_size(md_info);
+ CHK((md0 = mbedtls_calloc(1, maclen)) != NULL);
+ CHK((md1 = mbedtls_calloc(1, maclen)) != NULL);
+ memset(md0, 0x5, maclen);
+ memset(md1, 0x6, maclen);
- CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
- CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
- CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
- CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
+ CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0);
+ CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0);
+ CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0);
+ CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0);
- if( ver > MBEDTLS_SSL_MINOR_VERSION_0 )
- {
- CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
- md0, maclen ) == 0 );
- CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
- md1, maclen ) == 0 );
- CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc,
- md1, maclen ) == 0 );
- CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
- md0, maclen ) == 0 );
+ if (ver > MBEDTLS_SSL_MINOR_VERSION_0) {
+ CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc,
+ md0, maclen) == 0);
+ CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec,
+ md1, maclen) == 0);
+ CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc,
+ md1, maclen) == 0);
+ CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec,
+ md0, maclen) == 0);
}
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- else
- {
- memcpy( &t_in->mac_enc, md0, maclen );
- memcpy( &t_in->mac_dec, md1, maclen );
- memcpy( &t_out->mac_enc, md1, maclen );
- memcpy( &t_out->mac_dec, md0, maclen );
+ else {
+ memcpy(&t_in->mac_enc, md0, maclen);
+ memcpy(&t_in->mac_dec, md1, maclen);
+ memcpy(&t_out->mac_enc, md1, maclen);
+ memcpy(&t_out->mac_dec, md0, maclen);
}
#endif
}
@@ -1340,8 +1289,8 @@
/* Pick IV's (regardless of whether they
* are being used by the transform). */
ivlen = cipher_info->iv_size;
- memset( iv_enc, 0x3, sizeof( iv_enc ) );
- memset( iv_dec, 0x4, sizeof( iv_dec ) );
+ memset(iv_enc, 0x3, sizeof(iv_enc));
+ memset(iv_dec, 0x4, sizeof(iv_dec));
/*
* Setup transforms
@@ -1360,17 +1309,14 @@
t_out->ivlen = ivlen;
t_in->ivlen = ivlen;
- switch( cipher_info->mode )
- {
+ switch (cipher_info->mode) {
case MBEDTLS_MODE_GCM:
case MBEDTLS_MODE_CCM:
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
- if( ver == MBEDTLS_SSL_MINOR_VERSION_4 )
- {
+ if (ver == MBEDTLS_SSL_MINOR_VERSION_4) {
t_out->fixed_ivlen = 12;
t_in->fixed_ivlen = 12;
- }
- else
+ } else
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
{
t_out->fixed_ivlen = 4;
@@ -1378,8 +1324,7 @@
}
t_out->maclen = 0;
t_in->maclen = 0;
- switch( tag_mode )
- {
+ switch (tag_mode) {
case 0: /* Full tag */
t_out->taglen = 16;
t_in->taglen = 16;
@@ -1399,8 +1344,7 @@
t_in->fixed_ivlen = 12;
t_out->maclen = 0;
t_in->maclen = 0;
- switch( tag_mode )
- {
+ switch (tag_mode) {
case 0: /* Full tag */
t_out->taglen = 16;
t_in->taglen = 16;
@@ -1421,8 +1365,7 @@
t_in->fixed_ivlen = 0; /* redundant, must be 0 */
t_out->taglen = 0;
t_in->taglen = 0;
- switch( tag_mode )
- {
+ switch (tag_mode) {
case 0: /* Full tag */
t_out->maclen = maclen;
t_in->maclen = maclen;
@@ -1444,88 +1387,91 @@
/* Setup IV's */
- memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) );
- memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) );
- memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
- memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
+ memcpy(&t_in->iv_dec, iv_dec, sizeof(iv_dec));
+ memcpy(&t_in->iv_enc, iv_enc, sizeof(iv_enc));
+ memcpy(&t_out->iv_dec, iv_enc, sizeof(iv_enc));
+ memcpy(&t_out->iv_enc, iv_dec, sizeof(iv_dec));
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* Add CID */
- memcpy( &t_in->in_cid, cid0, cid0_len );
- memcpy( &t_in->out_cid, cid1, cid1_len );
+ memcpy(&t_in->in_cid, cid0, cid0_len);
+ memcpy(&t_in->out_cid, cid1, cid1_len);
t_in->in_cid_len = cid0_len;
t_in->out_cid_len = cid1_len;
- memcpy( &t_out->in_cid, cid1, cid1_len );
- memcpy( &t_out->out_cid, cid0, cid0_len );
+ memcpy(&t_out->in_cid, cid1, cid1_len);
+ memcpy(&t_out->out_cid, cid0, cid0_len);
t_out->in_cid_len = cid1_len;
t_out->out_cid_len = cid0_len;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
cleanup:
- mbedtls_free( key0 );
- mbedtls_free( key1 );
+ mbedtls_free(key0);
+ mbedtls_free(key1);
- mbedtls_free( md0 );
- mbedtls_free( md1 );
+ mbedtls_free(md0);
+ mbedtls_free(md1);
- return( ret );
+ return ret;
}
/*
* Populate a session structure for serialization tests.
* Choose dummy values, mostly non-0 to distinguish from the init default.
*/
-static int ssl_populate_session( mbedtls_ssl_session *session,
- int ticket_len,
- const char *crt_file )
+static int ssl_populate_session(mbedtls_ssl_session *session,
+ int ticket_len,
+ const char *crt_file)
{
#if defined(MBEDTLS_HAVE_TIME)
- session->start = mbedtls_time( NULL ) - 42;
+ session->start = mbedtls_time(NULL) - 42;
#endif
session->ciphersuite = 0xabcd;
session->compression = 1;
- session->id_len = sizeof( session->id );
- memset( session->id, 66, session->id_len );
- memset( session->master, 17, sizeof( session->master ) );
+ session->id_len = sizeof(session->id);
+ memset(session->id, 66, session->id_len);
+ memset(session->master, 17, sizeof(session->master));
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO)
- if( strlen( crt_file ) != 0 )
- {
+ if (strlen(crt_file) != 0) {
mbedtls_x509_crt tmp_crt;
int ret;
- mbedtls_x509_crt_init( &tmp_crt );
- ret = mbedtls_x509_crt_parse_file( &tmp_crt, crt_file );
- if( ret != 0 )
- return( ret );
+ mbedtls_x509_crt_init(&tmp_crt);
+ ret = mbedtls_x509_crt_parse_file(&tmp_crt, crt_file);
+ if (ret != 0) {
+ return ret;
+ }
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* Move temporary CRT. */
- session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) );
- if( session->peer_cert == NULL )
- return( -1 );
+ session->peer_cert = mbedtls_calloc(1, sizeof(*session->peer_cert));
+ if (session->peer_cert == NULL) {
+ return -1;
+ }
*session->peer_cert = tmp_crt;
- memset( &tmp_crt, 0, sizeof( tmp_crt ) );
+ memset(&tmp_crt, 0, sizeof(tmp_crt));
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/* Calculate digest of temporary CRT. */
session->peer_cert_digest =
- mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
- if( session->peer_cert_digest == NULL )
- return( -1 );
- ret = mbedtls_md( mbedtls_md_info_from_type(
- MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
- tmp_crt.raw.p, tmp_crt.raw.len,
- session->peer_cert_digest );
- if( ret != 0 )
- return( ret );
+ mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN);
+ if (session->peer_cert_digest == NULL) {
+ return -1;
+ }
+ ret = mbedtls_md(mbedtls_md_info_from_type(
+ MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE),
+ tmp_crt.raw.p, tmp_crt.raw.len,
+ session->peer_cert_digest);
+ if (ret != 0) {
+ return ret;
+ }
session->peer_cert_digest_type =
MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
session->peer_cert_digest_len =
MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- mbedtls_x509_crt_free( &tmp_crt );
+ mbedtls_x509_crt_free(&tmp_crt);
}
#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
(void) crt_file;
@@ -1533,12 +1479,12 @@
session->verify_result = 0xdeadbeef;
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- if( ticket_len != 0 )
- {
- session->ticket = mbedtls_calloc( 1, ticket_len );
- if( session->ticket == NULL )
- return( -1 );
- memset( session->ticket, 33, ticket_len );
+ if (ticket_len != 0) {
+ session->ticket = mbedtls_calloc(1, ticket_len);
+ if (session->ticket == NULL) {
+ return -1;
+ }
+ memset(session->ticket, 33, ticket_len);
}
session->ticket_len = ticket_len;
session->ticket_lifetime = 86401;
@@ -1556,7 +1502,7 @@
session->encrypt_then_mac = 1;
#endif
- return( 0 );
+ return 0;
}
/*
@@ -1579,22 +1525,21 @@
*
* \retval 0 on success, otherwise error code.
*/
-int mbedtls_exchange_data( mbedtls_ssl_context *ssl_1,
- int msg_len_1, const int expected_fragments_1,
- mbedtls_ssl_context *ssl_2,
- int msg_len_2, const int expected_fragments_2 )
+int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1,
+ int msg_len_1, const int expected_fragments_1,
+ mbedtls_ssl_context *ssl_2,
+ int msg_len_2, const int expected_fragments_2)
{
- unsigned char *msg_buf_1 = malloc( msg_len_1 );
- unsigned char *msg_buf_2 = malloc( msg_len_2 );
- unsigned char *in_buf_1 = malloc( msg_len_2 );
- unsigned char *in_buf_2 = malloc( msg_len_1 );
+ unsigned char *msg_buf_1 = malloc(msg_len_1);
+ unsigned char *msg_buf_2 = malloc(msg_len_2);
+ unsigned char *in_buf_1 = malloc(msg_len_2);
+ unsigned char *in_buf_2 = malloc(msg_len_1);
int msg_type, ret = -1;
/* Perform this test with two message types. At first use a message
* consisting of only 0x00 for the client and only 0xFF for the server.
* At the second time use message with generated data */
- for( msg_type = 0; msg_type < 2; msg_type++ )
- {
+ for (msg_type = 0; msg_type < 2; msg_type++) {
int written_1 = 0;
int written_2 = 0;
int read_1 = 0;
@@ -1602,99 +1547,83 @@
int fragments_1 = 0;
int fragments_2 = 0;
- if( msg_type == 0 )
- {
- memset( msg_buf_1, 0x00, msg_len_1 );
- memset( msg_buf_2, 0xff, msg_len_2 );
- }
- else
- {
+ if (msg_type == 0) {
+ memset(msg_buf_1, 0x00, msg_len_1);
+ memset(msg_buf_2, 0xff, msg_len_2);
+ } else {
int i, j = 0;
- for( i = 0; i < msg_len_1; i++ )
- {
+ for (i = 0; i < msg_len_1; i++) {
msg_buf_1[i] = j++ & 0xFF;
}
- for( i = 0; i < msg_len_2; i++ )
- {
- msg_buf_2[i] = ( j -= 5 ) & 0xFF;
+ for (i = 0; i < msg_len_2; i++) {
+ msg_buf_2[i] = (j -= 5) & 0xFF;
}
}
- while( read_1 < msg_len_2 || read_2 < msg_len_1 )
- {
+ while (read_1 < msg_len_2 || read_2 < msg_len_1) {
/* ssl_1 sending */
- if( msg_len_1 > written_1 )
- {
- ret = mbedtls_ssl_write_fragment( ssl_1, msg_buf_1,
- msg_len_1, &written_1,
- expected_fragments_1 );
- if( expected_fragments_1 == 0 )
- {
+ if (msg_len_1 > written_1) {
+ ret = mbedtls_ssl_write_fragment(ssl_1, msg_buf_1,
+ msg_len_1, &written_1,
+ expected_fragments_1);
+ if (expected_fragments_1 == 0) {
/* This error is expected when the message is too large and
* cannot be fragmented */
- TEST_ASSERT( ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
msg_len_1 = 0;
- }
- else
- {
- TEST_ASSERT( ret == 0 );
+ } else {
+ TEST_ASSERT(ret == 0);
}
}
/* ssl_2 sending */
- if( msg_len_2 > written_2 )
- {
- ret = mbedtls_ssl_write_fragment( ssl_2, msg_buf_2,
- msg_len_2, &written_2,
- expected_fragments_2 );
- if( expected_fragments_2 == 0 )
- {
+ if (msg_len_2 > written_2) {
+ ret = mbedtls_ssl_write_fragment(ssl_2, msg_buf_2,
+ msg_len_2, &written_2,
+ expected_fragments_2);
+ if (expected_fragments_2 == 0) {
/* This error is expected when the message is too large and
* cannot be fragmented */
- TEST_ASSERT( ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
msg_len_2 = 0;
- }
- else
- {
- TEST_ASSERT( ret == 0 );
+ } else {
+ TEST_ASSERT(ret == 0);
}
}
/* ssl_1 reading */
- if( read_1 < msg_len_2 )
- {
- ret = mbedtls_ssl_read_fragment( ssl_1, in_buf_1,
- msg_len_2, &read_1,
- &fragments_2,
- expected_fragments_2 );
- TEST_ASSERT( ret == 0 );
+ if (read_1 < msg_len_2) {
+ ret = mbedtls_ssl_read_fragment(ssl_1, in_buf_1,
+ msg_len_2, &read_1,
+ &fragments_2,
+ expected_fragments_2);
+ TEST_ASSERT(ret == 0);
}
/* ssl_2 reading */
- if( read_2 < msg_len_1 )
- {
- ret = mbedtls_ssl_read_fragment( ssl_2, in_buf_2,
- msg_len_1, &read_2,
- &fragments_1,
- expected_fragments_1 );
- TEST_ASSERT( ret == 0 );
+ if (read_2 < msg_len_1) {
+ ret = mbedtls_ssl_read_fragment(ssl_2, in_buf_2,
+ msg_len_1, &read_2,
+ &fragments_1,
+ expected_fragments_1);
+ TEST_ASSERT(ret == 0);
}
}
ret = -1;
- TEST_ASSERT( 0 == memcmp( msg_buf_1, in_buf_2, msg_len_1 ) );
- TEST_ASSERT( 0 == memcmp( msg_buf_2, in_buf_1, msg_len_2 ) );
- TEST_ASSERT( fragments_1 == expected_fragments_1 );
- TEST_ASSERT( fragments_2 == expected_fragments_2 );
+ TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1));
+ TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2));
+ TEST_ASSERT(fragments_1 == expected_fragments_1);
+ TEST_ASSERT(fragments_2 == expected_fragments_2);
}
ret = 0;
exit:
- free( msg_buf_1 );
- free( in_buf_1 );
- free( msg_buf_2 );
- free( in_buf_2 );
+ free(msg_buf_1);
+ free(in_buf_1);
+ free(msg_buf_2);
+ free(in_buf_2);
return ret;
}
@@ -1705,17 +1634,17 @@
*
* \retval 0 on success, otherwise error code.
*/
-int exchange_data( mbedtls_ssl_context *ssl_1,
- mbedtls_ssl_context *ssl_2 )
+int exchange_data(mbedtls_ssl_context *ssl_1,
+ mbedtls_ssl_context *ssl_2)
{
- return mbedtls_exchange_data( ssl_1, 256, 1,
- ssl_2, 256, 1 );
+ return mbedtls_exchange_data(ssl_1, 256, 1,
+ ssl_2, 256, 1);
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
-void perform_handshake( handshake_test_options* options )
+void perform_handshake(handshake_test_options *options)
{
/* forced_ciphersuite needs to last until the end of the handshake */
int forced_ciphersuite[2];
@@ -1736,360 +1665,332 @@
#endif
int expected_handshake_result = 0;
- USE_PSA_INIT( );
- mbedtls_platform_zeroize( &client, sizeof( client ) );
- mbedtls_platform_zeroize( &server, sizeof( server ) );
+ USE_PSA_INIT();
+ mbedtls_platform_zeroize(&client, sizeof(client));
+ mbedtls_platform_zeroize(&server, sizeof(server));
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init( &server_context );
- mbedtls_message_socket_init( &client_context );
+ mbedtls_message_socket_init(&server_context);
+ mbedtls_message_socket_init(&client_context);
/* Client side */
- if( options->dtls != 0 )
- {
- TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
- options->pk_alg, &client_context,
- &client_queue,
- &server_queue, NULL ) == 0 );
+ if (options->dtls != 0) {
+ TEST_ASSERT(mbedtls_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
+ options->pk_alg, &client_context,
+ &client_queue,
+ &server_queue, NULL) == 0);
#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
+ mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client,
+ mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
#endif
- }
- else
- {
- TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
- options->pk_alg, NULL, NULL,
- NULL, NULL ) == 0 );
+ } else {
+ TEST_ASSERT(mbedtls_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
+ options->pk_alg, NULL, NULL,
+ NULL, NULL) == 0);
}
- if( options->client_min_version != TEST_SSL_MINOR_VERSION_NONE )
- {
- mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
- options->client_min_version );
+ if (options->client_min_version != TEST_SSL_MINOR_VERSION_NONE) {
+ mbedtls_ssl_conf_min_version(&client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ options->client_min_version);
}
- if( options->client_max_version != TEST_SSL_MINOR_VERSION_NONE )
- {
- mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
- options->client_max_version );
+ if (options->client_max_version != TEST_SSL_MINOR_VERSION_NONE) {
+ mbedtls_ssl_conf_max_version(&client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ options->client_max_version);
}
- if( strlen( options->cipher ) > 0 )
- {
- set_ciphersuite( &client.conf, options->cipher, forced_ciphersuite );
+ if (strlen(options->cipher) > 0) {
+ set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite);
}
-#if defined (MBEDTLS_DEBUG_C)
- if( options->cli_log_fun )
- {
- mbedtls_debug_set_threshold( 4 );
- mbedtls_ssl_conf_dbg( &client.conf, options->cli_log_fun,
- options->cli_log_obj );
+#if defined(MBEDTLS_DEBUG_C)
+ if (options->cli_log_fun) {
+ mbedtls_debug_set_threshold(4);
+ mbedtls_ssl_conf_dbg(&client.conf, options->cli_log_fun,
+ options->cli_log_obj);
}
#endif
/* Server side */
- if( options->dtls != 0 )
- {
- TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
- options->pk_alg, &server_context,
- &server_queue,
- &client_queue, NULL ) == 0 );
+ if (options->dtls != 0) {
+ TEST_ASSERT(mbedtls_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
+ options->pk_alg, &server_context,
+ &server_queue,
+ &client_queue, NULL) == 0);
#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
+ mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server,
+ mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
#endif
- }
- else
- {
- TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
- options->pk_alg, NULL, NULL,
- NULL, NULL ) == 0 );
+ } else {
+ TEST_ASSERT(mbedtls_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
+ options->pk_alg, NULL, NULL,
+ NULL, NULL) == 0);
}
- mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode );
+ mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode);
- if( options->server_min_version != TEST_SSL_MINOR_VERSION_NONE )
- {
- mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
- options->server_min_version );
+ if (options->server_min_version != TEST_SSL_MINOR_VERSION_NONE) {
+ mbedtls_ssl_conf_min_version(&server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ options->server_min_version);
}
- if( options->server_max_version != TEST_SSL_MINOR_VERSION_NONE )
- {
- mbedtls_ssl_conf_max_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
- options->server_max_version );
+ if (options->server_max_version != TEST_SSL_MINOR_VERSION_NONE) {
+ mbedtls_ssl_conf_max_version(&server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ options->server_max_version);
}
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(server.conf),
- (unsigned char) options->mfl ) == 0 );
- TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(client.conf),
- (unsigned char) options->mfl ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf),
+ (unsigned char) options->mfl) == 0);
+ TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf),
+ (unsigned char) options->mfl) == 0);
#else
- TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl );
+ TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl);
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( options->psk_str != NULL && options->psk_str->len > 0 )
- {
- TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, options->psk_str->x,
- options->psk_str->len,
- (const unsigned char *) psk_identity,
- strlen( psk_identity ) ) == 0 );
+ if (options->psk_str != NULL && options->psk_str->len > 0) {
+ TEST_ASSERT(mbedtls_ssl_conf_psk(&client.conf, options->psk_str->x,
+ options->psk_str->len,
+ (const unsigned char *) psk_identity,
+ strlen(psk_identity)) == 0);
- TEST_ASSERT( mbedtls_ssl_conf_psk( &server.conf, options->psk_str->x,
- options->psk_str->len,
- (const unsigned char *) psk_identity,
- strlen( psk_identity ) ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_conf_psk(&server.conf, options->psk_str->x,
+ options->psk_str->len,
+ (const unsigned char *) psk_identity,
+ strlen(psk_identity)) == 0);
- mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL );
+ mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL);
}
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( options->renegotiate )
- {
- mbedtls_ssl_conf_renegotiation( &(server.conf),
- MBEDTLS_SSL_RENEGOTIATION_ENABLED );
- mbedtls_ssl_conf_renegotiation( &(client.conf),
- MBEDTLS_SSL_RENEGOTIATION_ENABLED );
+ if (options->renegotiate) {
+ mbedtls_ssl_conf_renegotiation(&(server.conf),
+ MBEDTLS_SSL_RENEGOTIATION_ENABLED);
+ mbedtls_ssl_conf_renegotiation(&(client.conf),
+ MBEDTLS_SSL_RENEGOTIATION_ENABLED);
- mbedtls_ssl_conf_legacy_renegotiation( &(server.conf),
- options->legacy_renegotiation );
- mbedtls_ssl_conf_legacy_renegotiation( &(client.conf),
- options->legacy_renegotiation );
+ mbedtls_ssl_conf_legacy_renegotiation(&(server.conf),
+ options->legacy_renegotiation);
+ mbedtls_ssl_conf_legacy_renegotiation(&(client.conf),
+ options->legacy_renegotiation);
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
-#if defined (MBEDTLS_DEBUG_C)
- if( options->srv_log_fun )
- {
- mbedtls_debug_set_threshold( 4 );
- mbedtls_ssl_conf_dbg( &server.conf, options->srv_log_fun,
- options->srv_log_obj );
+#if defined(MBEDTLS_DEBUG_C)
+ if (options->srv_log_fun) {
+ mbedtls_debug_set_threshold(4);
+ mbedtls_ssl_conf_dbg(&server.conf, options->srv_log_fun,
+ options->srv_log_obj);
}
#endif
- TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
- &(server.socket),
- BUFFSIZE ) == 0 );
+ TEST_ASSERT(mbedtls_mock_socket_connect(&(client.socket),
+ &(server.socket),
+ BUFFSIZE) == 0);
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- if( options->resize_buffers != 0 )
- {
+ if (options->resize_buffers != 0) {
/* Ensure that the buffer sizes are appropriate before resizes */
- TEST_ASSERT( client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
- TEST_ASSERT( client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
- TEST_ASSERT( server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
- TEST_ASSERT( server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
+ TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
+ TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
+ TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
+ TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
}
#endif
- if( options->expected_negotiated_version == TEST_SSL_MINOR_VERSION_NONE )
- {
+ if (options->expected_negotiated_version == TEST_SSL_MINOR_VERSION_NONE) {
expected_handshake_result = MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION;
}
- TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
- &(server.ssl),
- MBEDTLS_SSL_HANDSHAKE_OVER )
- == expected_handshake_result );
+ TEST_ASSERT(mbedtls_move_handshake_to_state(&(client.ssl),
+ &(server.ssl),
+ MBEDTLS_SSL_HANDSHAKE_OVER)
+ == expected_handshake_result);
- if( expected_handshake_result != 0 )
- {
+ if (expected_handshake_result != 0) {
/* Connection will have failed by this point, skip to cleanup */
goto exit;
}
- TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
- TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
+ TEST_ASSERT(client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER);
+ TEST_ASSERT(server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER);
/* Check that we agree on the version... */
- TEST_ASSERT( client.ssl.minor_ver == server.ssl.minor_ver );
+ TEST_ASSERT(client.ssl.minor_ver == server.ssl.minor_ver);
/* And check that the version negotiated is the expected one. */
- TEST_EQUAL( client.ssl.minor_ver, options->expected_negotiated_version );
+ TEST_EQUAL(client.ssl.minor_ver, options->expected_negotiated_version);
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- if( options->resize_buffers != 0 )
- {
- if( options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_0 &&
- options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_1 )
- {
+ if (options->resize_buffers != 0) {
+ if (options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_0 &&
+ options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_1) {
/* A server, when using DTLS, might delay a buffer resize to happen
* after it receives a message, so we force it. */
- TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
+ TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
- TEST_ASSERT( client.ssl.out_buf_len ==
- mbedtls_ssl_get_output_buflen( &client.ssl ) );
- TEST_ASSERT( client.ssl.in_buf_len ==
- mbedtls_ssl_get_input_buflen( &client.ssl ) );
- TEST_ASSERT( server.ssl.out_buf_len ==
- mbedtls_ssl_get_output_buflen( &server.ssl ) );
- TEST_ASSERT( server.ssl.in_buf_len ==
- mbedtls_ssl_get_input_buflen( &server.ssl ) );
+ TEST_ASSERT(client.ssl.out_buf_len ==
+ mbedtls_ssl_get_output_buflen(&client.ssl));
+ TEST_ASSERT(client.ssl.in_buf_len ==
+ mbedtls_ssl_get_input_buflen(&client.ssl));
+ TEST_ASSERT(server.ssl.out_buf_len ==
+ mbedtls_ssl_get_output_buflen(&server.ssl));
+ TEST_ASSERT(server.ssl.in_buf_len ==
+ mbedtls_ssl_get_input_buflen(&server.ssl));
}
}
#endif
- if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
- {
+ if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
/* Start data exchanging test */
- TEST_ASSERT( mbedtls_exchange_data( &(client.ssl), options->cli_msg_len,
- options->expected_cli_fragments,
- &(server.ssl), options->srv_msg_len,
- options->expected_srv_fragments )
- == 0 );
+ TEST_ASSERT(mbedtls_exchange_data(&(client.ssl), options->cli_msg_len,
+ options->expected_cli_fragments,
+ &(server.ssl), options->srv_msg_len,
+ options->expected_srv_fragments)
+ == 0);
}
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
- if( options->serialize == 1 )
- {
- TEST_ASSERT( options->dtls == 1 );
+ if (options->serialize == 1) {
+ TEST_ASSERT(options->dtls == 1);
- TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), NULL,
- 0, &context_buf_len )
- == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL,
+ 0, &context_buf_len)
+ == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
- context_buf = mbedtls_calloc( 1, context_buf_len );
- TEST_ASSERT( context_buf != NULL );
+ context_buf = mbedtls_calloc(1, context_buf_len);
+ TEST_ASSERT(context_buf != NULL);
- TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), context_buf,
- context_buf_len,
- &context_buf_len ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf,
+ context_buf_len,
+ &context_buf_len) == 0);
- mbedtls_ssl_free( &(server.ssl) );
- mbedtls_ssl_init( &(server.ssl) );
+ mbedtls_ssl_free(&(server.ssl));
+ mbedtls_ssl_init(&(server.ssl));
- TEST_ASSERT( mbedtls_ssl_setup( &(server.ssl), &(server.conf) ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0);
- mbedtls_ssl_set_bio( &( server.ssl ), &server_context,
- mbedtls_mock_tcp_send_msg,
- mbedtls_mock_tcp_recv_msg,
- NULL );
+ mbedtls_ssl_set_bio(&(server.ssl), &server_context,
+ mbedtls_mock_tcp_send_msg,
+ mbedtls_mock_tcp_recv_msg,
+ NULL);
#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
+ mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server,
+ mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
#endif
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- if( options->resize_buffers != 0 )
- {
+ if (options->resize_buffers != 0) {
/* Ensure that the buffer sizes are appropriate before resizes */
- TEST_ASSERT( server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
- TEST_ASSERT( server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
+ TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
+ TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
}
#endif
- TEST_ASSERT( mbedtls_ssl_context_load( &( server.ssl ), context_buf,
- context_buf_len ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf,
+ context_buf_len) == 0);
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
/* Validate buffer sizes after context deserialization */
- if( options->resize_buffers != 0 )
- {
- TEST_ASSERT( server.ssl.out_buf_len ==
- mbedtls_ssl_get_output_buflen( &server.ssl ) );
- TEST_ASSERT( server.ssl.in_buf_len ==
- mbedtls_ssl_get_input_buflen( &server.ssl ) );
+ if (options->resize_buffers != 0) {
+ TEST_ASSERT(server.ssl.out_buf_len ==
+ mbedtls_ssl_get_output_buflen(&server.ssl));
+ TEST_ASSERT(server.ssl.in_buf_len ==
+ mbedtls_ssl_get_input_buflen(&server.ssl));
}
#endif
/* Retest writing/reading */
- if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
- {
- TEST_ASSERT( mbedtls_exchange_data( &(client.ssl),
- options->cli_msg_len,
- options->expected_cli_fragments,
- &(server.ssl),
- options->srv_msg_len,
- options->expected_srv_fragments )
- == 0 );
+ if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
+ TEST_ASSERT(mbedtls_exchange_data(&(client.ssl),
+ options->cli_msg_len,
+ options->expected_cli_fragments,
+ &(server.ssl),
+ options->srv_msg_len,
+ options->expected_srv_fragments)
+ == 0);
}
}
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( options->renegotiate )
- {
+ if (options->renegotiate) {
/* Start test with renegotiation */
- TEST_ASSERT( server.ssl.renego_status ==
- MBEDTLS_SSL_INITIAL_HANDSHAKE );
- TEST_ASSERT( client.ssl.renego_status ==
- MBEDTLS_SSL_INITIAL_HANDSHAKE );
+ TEST_ASSERT(server.ssl.renego_status ==
+ MBEDTLS_SSL_INITIAL_HANDSHAKE);
+ TEST_ASSERT(client.ssl.renego_status ==
+ MBEDTLS_SSL_INITIAL_HANDSHAKE);
/* After calling this function for the server, it only sends a handshake
* request. All renegotiation should happen during data exchanging */
- TEST_ASSERT( mbedtls_ssl_renegotiate( &(server.ssl) ) == 0 );
- TEST_ASSERT( server.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_PENDING );
- TEST_ASSERT( client.ssl.renego_status ==
- MBEDTLS_SSL_INITIAL_HANDSHAKE );
+ TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0);
+ TEST_ASSERT(server.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_PENDING);
+ TEST_ASSERT(client.ssl.renego_status ==
+ MBEDTLS_SSL_INITIAL_HANDSHAKE);
- TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
- TEST_ASSERT( server.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_DONE );
- TEST_ASSERT( client.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_DONE );
+ TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
+ TEST_ASSERT(server.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_DONE);
+ TEST_ASSERT(client.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_DONE);
/* After calling mbedtls_ssl_renegotiate for the client all renegotiation
* should happen inside this function. However in this test, we cannot
* perform simultaneous communication between client and server so this
* function will return waiting error on the socket. All rest of
* renegotiation should happen during data exchanging */
- ret = mbedtls_ssl_renegotiate( &(client.ssl) );
+ ret = mbedtls_ssl_renegotiate(&(client.ssl));
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- if( options->resize_buffers != 0 )
- {
+ if (options->resize_buffers != 0) {
/* Ensure that the buffer sizes are appropriate before resizes */
- TEST_ASSERT( client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
- TEST_ASSERT( client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
+ TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
+ TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
}
#endif
- TEST_ASSERT( ret == 0 ||
- ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE );
- TEST_ASSERT( server.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_DONE );
- TEST_ASSERT( client.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS );
+ TEST_ASSERT(ret == 0 ||
+ ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+ TEST_ASSERT(server.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_DONE);
+ TEST_ASSERT(client.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS);
- TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
- TEST_ASSERT( server.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_DONE );
- TEST_ASSERT( client.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_DONE );
+ TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
+ TEST_ASSERT(server.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_DONE);
+ TEST_ASSERT(client.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_DONE);
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
/* Validate buffer sizes after renegotiation */
- if( options->resize_buffers != 0 )
- {
- TEST_ASSERT( client.ssl.out_buf_len ==
- mbedtls_ssl_get_output_buflen( &client.ssl ) );
- TEST_ASSERT( client.ssl.in_buf_len ==
- mbedtls_ssl_get_input_buflen( &client.ssl ) );
- TEST_ASSERT( server.ssl.out_buf_len ==
- mbedtls_ssl_get_output_buflen( &server.ssl ) );
- TEST_ASSERT( server.ssl.in_buf_len ==
- mbedtls_ssl_get_input_buflen( &server.ssl ) );
+ if (options->resize_buffers != 0) {
+ TEST_ASSERT(client.ssl.out_buf_len ==
+ mbedtls_ssl_get_output_buflen(&client.ssl));
+ TEST_ASSERT(client.ssl.in_buf_len ==
+ mbedtls_ssl_get_input_buflen(&client.ssl));
+ TEST_ASSERT(server.ssl.out_buf_len ==
+ mbedtls_ssl_get_output_buflen(&server.ssl));
+ TEST_ASSERT(server.ssl.in_buf_len ==
+ mbedtls_ssl_get_input_buflen(&server.ssl));
}
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
exit:
- mbedtls_endpoint_free( &client, options->dtls != 0 ? &client_context : NULL );
- mbedtls_endpoint_free( &server, options->dtls != 0 ? &server_context : NULL );
-#if defined (MBEDTLS_DEBUG_C)
- if( options->cli_log_fun || options->srv_log_fun )
- {
- mbedtls_debug_set_threshold( 0 );
+ mbedtls_endpoint_free(&client, options->dtls != 0 ? &client_context : NULL);
+ mbedtls_endpoint_free(&server, options->dtls != 0 ? &server_context : NULL);
+#if defined(MBEDTLS_DEBUG_C)
+ if (options->cli_log_fun || options->srv_log_fun) {
+ mbedtls_debug_set_threshold(0);
}
#endif
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
- if( context_buf != NULL )
- mbedtls_free( context_buf );
+ if (context_buf != NULL) {
+ mbedtls_free(context_buf);
+ }
#endif
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
@@ -2109,56 +2010,56 @@
unsigned char input[MSGLEN];
unsigned char output[MSGLEN];
- memset( input, 0, sizeof( input ) );
+ memset(input, 0, sizeof(input));
/* Make sure calling put and get on NULL buffer results in error. */
- TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) )
- == -1 );
- TEST_ASSERT( mbedtls_test_buffer_get( NULL, output, sizeof( output ) )
- == -1 );
- TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, sizeof( input ) ) == -1 );
+ TEST_ASSERT(mbedtls_test_buffer_put(NULL, input, sizeof(input))
+ == -1);
+ TEST_ASSERT(mbedtls_test_buffer_get(NULL, output, sizeof(output))
+ == -1);
+ TEST_ASSERT(mbedtls_test_buffer_put(NULL, NULL, sizeof(input)) == -1);
- TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, 0 ) == -1 );
- TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
+ TEST_ASSERT(mbedtls_test_buffer_put(NULL, NULL, 0) == -1);
+ TEST_ASSERT(mbedtls_test_buffer_get(NULL, NULL, 0) == -1);
/* Make sure calling put and get on a buffer that hasn't been set up results
* in error. */
- mbedtls_test_buffer_init( &buf );
+ mbedtls_test_buffer_init(&buf);
- TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
- TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, sizeof( output ) )
- == -1 );
- TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
+ TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, sizeof(input)) == -1);
+ TEST_ASSERT(mbedtls_test_buffer_get(&buf, output, sizeof(output))
+ == -1);
+ TEST_ASSERT(mbedtls_test_buffer_put(&buf, NULL, sizeof(input)) == -1);
- TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == -1 );
- TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == -1 );
+ TEST_ASSERT(mbedtls_test_buffer_put(&buf, NULL, 0) == -1);
+ TEST_ASSERT(mbedtls_test_buffer_get(&buf, NULL, 0) == -1);
/* Make sure calling put and get on NULL input only results in
* error if the length is not zero, and that a NULL output is valid for data
* dropping.
*/
- TEST_ASSERT( mbedtls_test_buffer_setup( &buf, sizeof( input ) ) == 0 );
+ TEST_ASSERT(mbedtls_test_buffer_setup(&buf, sizeof(input)) == 0);
- TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
- TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
- == 0 );
- TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 );
- TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 );
+ TEST_ASSERT(mbedtls_test_buffer_put(&buf, NULL, sizeof(input)) == -1);
+ TEST_ASSERT(mbedtls_test_buffer_get(&buf, NULL, sizeof(output))
+ == 0);
+ TEST_ASSERT(mbedtls_test_buffer_put(&buf, NULL, 0) == 0);
+ TEST_ASSERT(mbedtls_test_buffer_get(&buf, NULL, 0) == 0);
/* Make sure calling put several times in the row is safe */
- TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) )
- == sizeof( input ) );
- TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, 2 ) == 2 );
- TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 1 ) == 1 );
- TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 1 );
- TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 0 );
+ TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, sizeof(input))
+ == sizeof(input));
+ TEST_ASSERT(mbedtls_test_buffer_get(&buf, output, 2) == 2);
+ TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, 1) == 1);
+ TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, 2) == 1);
+ TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, 2) == 0);
exit:
- mbedtls_test_buffer_free( &buf );
+ mbedtls_test_buffer_free(&buf);
}
/* END_CASE */
@@ -2176,9 +2077,9 @@
*/
/* BEGIN_CASE */
-void test_callback_buffer( int size, int put1, int put1_ret,
- int get1, int get1_ret, int put2, int put2_ret,
- int get2, int get2_ret )
+void test_callback_buffer(int size, int put1, int put1_ret,
+ int get1, int get1_ret, int put2, int put2_ret,
+ int get2, int get2_ret)
{
enum { ROUNDS = 2 };
size_t put[ROUNDS];
@@ -2186,96 +2087,91 @@
size_t get[ROUNDS];
int get_ret[ROUNDS];
mbedtls_test_buffer buf;
- unsigned char* input = NULL;
+ unsigned char *input = NULL;
size_t input_len;
- unsigned char* output = NULL;
+ unsigned char *output = NULL;
size_t output_len;
size_t i, j, written, read;
- mbedtls_test_buffer_init( &buf );
- TEST_ASSERT( mbedtls_test_buffer_setup( &buf, size ) == 0 );
+ mbedtls_test_buffer_init(&buf);
+ TEST_ASSERT(mbedtls_test_buffer_setup(&buf, size) == 0);
/* Check the sanity of input parameters and initialise local variables. That
* is, ensure that the amount of data is not negative and that we are not
* expecting more to put or get than we actually asked for. */
- TEST_ASSERT( put1 >= 0 );
+ TEST_ASSERT(put1 >= 0);
put[0] = put1;
put_ret[0] = put1_ret;
- TEST_ASSERT( put1_ret <= put1 );
- TEST_ASSERT( put2 >= 0 );
+ TEST_ASSERT(put1_ret <= put1);
+ TEST_ASSERT(put2 >= 0);
put[1] = put2;
put_ret[1] = put2_ret;
- TEST_ASSERT( put2_ret <= put2 );
+ TEST_ASSERT(put2_ret <= put2);
- TEST_ASSERT( get1 >= 0 );
+ TEST_ASSERT(get1 >= 0);
get[0] = get1;
get_ret[0] = get1_ret;
- TEST_ASSERT( get1_ret <= get1 );
- TEST_ASSERT( get2 >= 0 );
+ TEST_ASSERT(get1_ret <= get1);
+ TEST_ASSERT(get2 >= 0);
get[1] = get2;
get_ret[1] = get2_ret;
- TEST_ASSERT( get2_ret <= get2 );
+ TEST_ASSERT(get2_ret <= get2);
input_len = 0;
/* Calculate actual input and output lengths */
- for( j = 0; j < ROUNDS; j++ )
- {
- if( put_ret[j] > 0 )
- {
+ for (j = 0; j < ROUNDS; j++) {
+ if (put_ret[j] > 0) {
input_len += put_ret[j];
}
}
/* In order to always have a valid pointer we always allocate at least 1
* byte. */
- if( input_len == 0 )
+ if (input_len == 0) {
input_len = 1;
- ASSERT_ALLOC( input, input_len );
+ }
+ ASSERT_ALLOC(input, input_len);
output_len = 0;
- for( j = 0; j < ROUNDS; j++ )
- {
- if( get_ret[j] > 0 )
- {
+ for (j = 0; j < ROUNDS; j++) {
+ if (get_ret[j] > 0) {
output_len += get_ret[j];
}
}
- TEST_ASSERT( output_len <= input_len );
+ TEST_ASSERT(output_len <= input_len);
/* In order to always have a valid pointer we always allocate at least 1
* byte. */
- if( output_len == 0 )
+ if (output_len == 0) {
output_len = 1;
- ASSERT_ALLOC( output, output_len );
+ }
+ ASSERT_ALLOC(output, output_len);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
- for( i = 0; i < input_len; i++ )
- {
+ for (i = 0; i < input_len; i++) {
input[i] = i & 0xFF;
}
written = read = 0;
- for( j = 0; j < ROUNDS; j++ )
- {
- TEST_ASSERT( put_ret[j] == mbedtls_test_buffer_put( &buf,
- input + written, put[j] ) );
+ for (j = 0; j < ROUNDS; j++) {
+ TEST_ASSERT(put_ret[j] == mbedtls_test_buffer_put(&buf,
+ input + written, put[j]));
written += put_ret[j];
- TEST_ASSERT( get_ret[j] == mbedtls_test_buffer_get( &buf,
- output + read, get[j] ) );
+ TEST_ASSERT(get_ret[j] == mbedtls_test_buffer_get(&buf,
+ output + read, get[j]));
read += get_ret[j];
- TEST_ASSERT( read <= written );
- if( get_ret[j] > 0 )
- {
- TEST_ASSERT( memcmp( output + read - get_ret[j],
- input + read - get_ret[j], get_ret[j] )
- == 0 );
+ TEST_ASSERT(read <= written);
+ if (get_ret[j] > 0) {
+ TEST_ASSERT(memcmp(output + read - get_ret[j],
+ input + read - get_ret[j], get_ret[j])
+ == 0);
}
}
exit:
- mbedtls_free( input );
- mbedtls_free( output );
- mbedtls_test_buffer_free( &buf );
+ mbedtls_free(input);
+ mbedtls_free(output);
+ mbedtls_test_buffer_free(&buf);
}
/* END_CASE */
@@ -2285,30 +2181,30 @@
*/
/* BEGIN_CASE */
-void ssl_mock_sanity( )
+void ssl_mock_sanity()
{
enum { MSGLEN = 105 };
unsigned char message[MSGLEN] = { 0 };
unsigned char received[MSGLEN] = { 0 };
mbedtls_mock_socket socket;
- mbedtls_mock_socket_init( &socket );
- TEST_ASSERT( mbedtls_mock_tcp_send_b( &socket, message, MSGLEN ) < 0 );
- mbedtls_mock_socket_close( &socket );
- mbedtls_mock_socket_init( &socket );
- TEST_ASSERT( mbedtls_mock_tcp_recv_b( &socket, received, MSGLEN ) < 0 );
- mbedtls_mock_socket_close( &socket );
+ mbedtls_mock_socket_init(&socket);
+ TEST_ASSERT(mbedtls_mock_tcp_send_b(&socket, message, MSGLEN) < 0);
+ mbedtls_mock_socket_close(&socket);
+ mbedtls_mock_socket_init(&socket);
+ TEST_ASSERT(mbedtls_mock_tcp_recv_b(&socket, received, MSGLEN) < 0);
+ mbedtls_mock_socket_close(&socket);
- mbedtls_mock_socket_init( &socket );
- TEST_ASSERT( mbedtls_mock_tcp_send_nb( &socket, message, MSGLEN ) < 0 );
- mbedtls_mock_socket_close( &socket );
- mbedtls_mock_socket_init( &socket );
- TEST_ASSERT( mbedtls_mock_tcp_recv_nb( &socket, received, MSGLEN ) < 0 );
- mbedtls_mock_socket_close( &socket );
+ mbedtls_mock_socket_init(&socket);
+ TEST_ASSERT(mbedtls_mock_tcp_send_nb(&socket, message, MSGLEN) < 0);
+ mbedtls_mock_socket_close(&socket);
+ mbedtls_mock_socket_init(&socket);
+ TEST_ASSERT(mbedtls_mock_tcp_recv_nb(&socket, received, MSGLEN) < 0);
+ mbedtls_mock_socket_close(&socket);
exit:
- mbedtls_mock_socket_close( &socket );
+ mbedtls_mock_socket_close(&socket);
}
/* END_CASE */
@@ -2318,7 +2214,7 @@
*/
/* BEGIN_CASE */
-void ssl_mock_tcp( int blocking )
+void ssl_mock_tcp(int blocking)
{
enum { MSGLEN = 105 };
enum { BUFLEN = MSGLEN / 5 };
@@ -2332,94 +2228,76 @@
mbedtls_ssl_recv_t *recv;
unsigned i;
- if( blocking == 0 )
- {
+ if (blocking == 0) {
send = mbedtls_mock_tcp_send_nb;
recv = mbedtls_mock_tcp_recv_nb;
- }
- else
- {
+ } else {
send = mbedtls_mock_tcp_send_b;
recv = mbedtls_mock_tcp_recv_b;
}
- mbedtls_mock_socket_init( &client );
- mbedtls_mock_socket_init( &server );
+ mbedtls_mock_socket_init(&client);
+ mbedtls_mock_socket_init(&server);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
- for( i = 0; i < MSGLEN; i++ )
- {
+ for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
/* Make sure that sending a message takes a few iterations. */
- TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
+ TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, BUFLEN));
/* Send the message to the server */
send_ret = recv_ret = 1;
written = read = 0;
- while( send_ret != 0 || recv_ret != 0 )
- {
- send_ret = send( &client, message + written, MSGLEN - written );
+ while (send_ret != 0 || recv_ret != 0) {
+ send_ret = send(&client, message + written, MSGLEN - written);
- TEST_ASSERT( send_ret >= 0 );
- TEST_ASSERT( send_ret <= BUFLEN );
+ TEST_ASSERT(send_ret >= 0);
+ TEST_ASSERT(send_ret <= BUFLEN);
written += send_ret;
/* If the buffer is full we can test blocking and non-blocking send */
- if ( send_ret == BUFLEN )
- {
- int blocking_ret = send( &client, message , 1 );
- if ( blocking )
- {
- TEST_ASSERT( blocking_ret == 0 );
- }
- else
- {
- TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ if (send_ret == BUFLEN) {
+ int blocking_ret = send(&client, message, 1);
+ if (blocking) {
+ TEST_ASSERT(blocking_ret == 0);
+ } else {
+ TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE);
}
}
- recv_ret = recv( &server, received + read, MSGLEN - read );
+ recv_ret = recv(&server, received + read, MSGLEN - read);
/* The result depends on whether any data was sent */
- if ( send_ret > 0 )
- {
- TEST_ASSERT( recv_ret > 0 );
- TEST_ASSERT( recv_ret <= BUFLEN );
+ if (send_ret > 0) {
+ TEST_ASSERT(recv_ret > 0);
+ TEST_ASSERT(recv_ret <= BUFLEN);
read += recv_ret;
- }
- else if( blocking )
- {
- TEST_ASSERT( recv_ret == 0 );
- }
- else
- {
- TEST_ASSERT( recv_ret == MBEDTLS_ERR_SSL_WANT_READ );
+ } else if (blocking) {
+ TEST_ASSERT(recv_ret == 0);
+ } else {
+ TEST_ASSERT(recv_ret == MBEDTLS_ERR_SSL_WANT_READ);
recv_ret = 0;
}
/* If the buffer is empty we can test blocking and non-blocking read */
- if ( recv_ret == BUFLEN )
- {
- int blocking_ret = recv( &server, received, 1 );
- if ( blocking )
- {
- TEST_ASSERT( blocking_ret == 0 );
- }
- else
- {
- TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
+ if (recv_ret == BUFLEN) {
+ int blocking_ret = recv(&server, received, 1);
+ if (blocking) {
+ TEST_ASSERT(blocking_ret == 0);
+ } else {
+ TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ);
}
}
}
- TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
+ TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
exit:
- mbedtls_mock_socket_close( &client );
- mbedtls_mock_socket_close( &server );
+ mbedtls_mock_socket_close(&client);
+ mbedtls_mock_socket_close(&server);
}
/* END_CASE */
@@ -2430,7 +2308,7 @@
*/
/* BEGIN_CASE */
-void ssl_mock_tcp_interleaving( int blocking )
+void ssl_mock_tcp_interleaving(int blocking)
{
enum { ROUNDS = 2 };
enum { MSGLEN = 105 };
@@ -2447,305 +2325,283 @@
mbedtls_ssl_send_t *send;
mbedtls_ssl_recv_t *recv;
- if( blocking == 0 )
- {
+ if (blocking == 0) {
send = mbedtls_mock_tcp_send_nb;
recv = mbedtls_mock_tcp_recv_nb;
- }
- else
- {
+ } else {
send = mbedtls_mock_tcp_send_b;
recv = mbedtls_mock_tcp_recv_b;
}
- mbedtls_mock_socket_init( &client );
- mbedtls_mock_socket_init( &server );
+ mbedtls_mock_socket_init(&client);
+ mbedtls_mock_socket_init(&server);
/* Fill up the buffers with structured data so that unwanted changes
* can be detected */
- for( i = 0; i < ROUNDS; i++ )
- {
- for( j = 0; j < MSGLEN; j++ )
- {
- message[i][j] = ( i * MSGLEN + j ) & 0xFF;
+ for (i = 0; i < ROUNDS; i++) {
+ for (j = 0; j < MSGLEN; j++) {
+ message[i][j] = (i * MSGLEN + j) & 0xFF;
}
}
/* Make sure that sending a message takes a few iterations. */
- TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
+ TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, BUFLEN));
/* Send the message from both sides, interleaving. */
progress = 1;
- for( i = 0; i < ROUNDS; i++ )
- {
+ for (i = 0; i < ROUNDS; i++) {
written[i] = 0;
read[i] = 0;
}
/* This loop does not stop as long as there was a successful write or read
* of at least one byte on either side. */
- while( progress != 0 )
- {
+ while (progress != 0) {
mbedtls_mock_socket *socket;
- for( i = 0; i < ROUNDS; i++ )
- {
+ for (i = 0; i < ROUNDS; i++) {
/* First sending is from the client */
- socket = ( i % 2 == 0 ) ? ( &client ) : ( &server );
+ socket = (i % 2 == 0) ? (&client) : (&server);
- send_ret[i] = send( socket, message[i] + written[i],
- MSGLEN - written[i] );
- TEST_ASSERT( send_ret[i] >= 0 );
- TEST_ASSERT( send_ret[i] <= BUFLEN );
+ send_ret[i] = send(socket, message[i] + written[i],
+ MSGLEN - written[i]);
+ TEST_ASSERT(send_ret[i] >= 0);
+ TEST_ASSERT(send_ret[i] <= BUFLEN);
written[i] += send_ret[i];
/* If the buffer is full we can test blocking and non-blocking
* send */
- if ( send_ret[i] == BUFLEN )
- {
- int blocking_ret = send( socket, message[i] , 1 );
- if ( blocking )
- {
- TEST_ASSERT( blocking_ret == 0 );
- }
- else
- {
- TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ if (send_ret[i] == BUFLEN) {
+ int blocking_ret = send(socket, message[i], 1);
+ if (blocking) {
+ TEST_ASSERT(blocking_ret == 0);
+ } else {
+ TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE);
}
}
}
- for( i = 0; i < ROUNDS; i++ )
- {
+ for (i = 0; i < ROUNDS; i++) {
/* First receiving is from the server */
- socket = ( i % 2 == 0 ) ? ( &server ) : ( &client );
+ socket = (i % 2 == 0) ? (&server) : (&client);
- recv_ret[i] = recv( socket, received[i] + read[i],
- MSGLEN - read[i] );
+ recv_ret[i] = recv(socket, received[i] + read[i],
+ MSGLEN - read[i]);
/* The result depends on whether any data was sent */
- if ( send_ret[i] > 0 )
- {
- TEST_ASSERT( recv_ret[i] > 0 );
- TEST_ASSERT( recv_ret[i] <= BUFLEN );
+ if (send_ret[i] > 0) {
+ TEST_ASSERT(recv_ret[i] > 0);
+ TEST_ASSERT(recv_ret[i] <= BUFLEN);
read[i] += recv_ret[i];
- }
- else if( blocking )
- {
- TEST_ASSERT( recv_ret[i] == 0 );
- }
- else
- {
- TEST_ASSERT( recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ );
+ } else if (blocking) {
+ TEST_ASSERT(recv_ret[i] == 0);
+ } else {
+ TEST_ASSERT(recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ);
recv_ret[i] = 0;
}
/* If the buffer is empty we can test blocking and non-blocking
* read */
- if ( recv_ret[i] == BUFLEN )
- {
- int blocking_ret = recv( socket, received[i], 1 );
- if ( blocking )
- {
- TEST_ASSERT( blocking_ret == 0 );
- }
- else
- {
- TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
+ if (recv_ret[i] == BUFLEN) {
+ int blocking_ret = recv(socket, received[i], 1);
+ if (blocking) {
+ TEST_ASSERT(blocking_ret == 0);
+ } else {
+ TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ);
}
}
}
progress = 0;
- for( i = 0; i < ROUNDS; i++ )
- {
+ for (i = 0; i < ROUNDS; i++) {
progress += send_ret[i] + recv_ret[i];
}
}
- for( i = 0; i < ROUNDS; i++ )
- TEST_ASSERT( memcmp( message[i], received[i], MSGLEN ) == 0 );
+ for (i = 0; i < ROUNDS; i++) {
+ TEST_ASSERT(memcmp(message[i], received[i], MSGLEN) == 0);
+ }
exit:
- mbedtls_mock_socket_close( &client );
- mbedtls_mock_socket_close( &server );
+ mbedtls_mock_socket_close(&client);
+ mbedtls_mock_socket_close(&server);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_message_queue_sanity( )
+void ssl_message_queue_sanity()
{
mbedtls_test_message_queue queue;
/* Trying to push/pull to an empty queue */
- TEST_ASSERT( mbedtls_test_message_queue_push_info( NULL, 1 )
- == MBEDTLS_TEST_ERROR_ARG_NULL );
- TEST_ASSERT( mbedtls_test_message_queue_pop_info( NULL, 1 )
- == MBEDTLS_TEST_ERROR_ARG_NULL );
+ TEST_ASSERT(mbedtls_test_message_queue_push_info(NULL, 1)
+ == MBEDTLS_TEST_ERROR_ARG_NULL);
+ TEST_ASSERT(mbedtls_test_message_queue_pop_info(NULL, 1)
+ == MBEDTLS_TEST_ERROR_ARG_NULL);
- TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
- TEST_ASSERT( queue.capacity == 3 );
- TEST_ASSERT( queue.num == 0 );
+ TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0);
+ TEST_ASSERT(queue.capacity == 3);
+ TEST_ASSERT(queue.num == 0);
exit:
- mbedtls_test_message_queue_free( &queue );
+ mbedtls_test_message_queue_free(&queue);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_message_queue_basic( )
+void ssl_message_queue_basic()
{
mbedtls_test_message_queue queue;
- TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
+ TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0);
/* Sanity test - 3 pushes and 3 pops with sufficient space */
- TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
- TEST_ASSERT( queue.capacity == 3 );
- TEST_ASSERT( queue.num == 1 );
- TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
- TEST_ASSERT( queue.capacity == 3 );
- TEST_ASSERT( queue.num == 2 );
- TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
- TEST_ASSERT( queue.capacity == 3 );
- TEST_ASSERT( queue.num == 3 );
+ TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1);
+ TEST_ASSERT(queue.capacity == 3);
+ TEST_ASSERT(queue.num == 1);
+ TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1);
+ TEST_ASSERT(queue.capacity == 3);
+ TEST_ASSERT(queue.num == 2);
+ TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 2) == 2);
+ TEST_ASSERT(queue.capacity == 3);
+ TEST_ASSERT(queue.num == 3);
- TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
- TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
- TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
+ TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 2) == 2);
exit:
- mbedtls_test_message_queue_free( &queue );
+ mbedtls_test_message_queue_free(&queue);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_message_queue_overflow_underflow( )
+void ssl_message_queue_overflow_underflow()
{
mbedtls_test_message_queue queue;
- TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
+ TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0);
/* 4 pushes (last one with an error), 4 pops (last one with an error) */
- TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
- TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
- TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
- TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 )
- == MBEDTLS_ERR_SSL_WANT_WRITE );
+ TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 2) == 2);
+ TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 3)
+ == MBEDTLS_ERR_SSL_WANT_WRITE);
- TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
- TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
- TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
+ TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 2) == 2);
- TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 )
- == MBEDTLS_ERR_SSL_WANT_READ );
+ TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1)
+ == MBEDTLS_ERR_SSL_WANT_READ);
exit:
- mbedtls_test_message_queue_free( &queue );
+ mbedtls_test_message_queue_free(&queue);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_message_queue_interleaved( )
+void ssl_message_queue_interleaved()
{
mbedtls_test_message_queue queue;
- TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
+ TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0);
/* Interleaved test - [2 pushes, 1 pop] twice, and then two pops
* (to wrap around the buffer) */
- TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
- TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
+ TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1);
- TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
+ TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1);
- TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
- TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 ) == 3 );
+ TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 2) == 2);
+ TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 3) == 3);
- TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
- TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
+ TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 2) == 2);
- TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 5 ) == 5 );
- TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 8 ) == 8 );
+ TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 5) == 5);
+ TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 8) == 8);
- TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 3 ) == 3 );
+ TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 3) == 3);
- TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 5 ) == 5 );
+ TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 5) == 5);
- TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 8 ) == 8 );
+ TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 8) == 8);
exit:
- mbedtls_test_message_queue_free( &queue );
+ mbedtls_test_message_queue_free(&queue);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_message_queue_insufficient_buffer( )
+void ssl_message_queue_insufficient_buffer()
{
mbedtls_test_message_queue queue;
size_t message_len = 10;
size_t buffer_len = 5;
- TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 1 ) == 0 );
+ TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 1) == 0);
/* Popping without a sufficient buffer */
- TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, message_len )
- == (int) message_len );
- TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, buffer_len )
- == (int) buffer_len );
+ TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, message_len)
+ == (int) message_len);
+ TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, buffer_len)
+ == (int) buffer_len);
exit:
- mbedtls_test_message_queue_free( &queue );
+ mbedtls_test_message_queue_free(&queue);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_message_mock_uninitialized( )
+void ssl_message_mock_uninitialized()
{
enum { MSGLEN = 10 };
- unsigned char message[MSGLEN] = {0}, received[MSGLEN];
+ unsigned char message[MSGLEN] = { 0 }, received[MSGLEN];
mbedtls_mock_socket client, server;
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init( &server_context );
- mbedtls_message_socket_init( &client_context );
+ mbedtls_message_socket_init(&server_context);
+ mbedtls_message_socket_init(&client_context);
/* Send with a NULL context */
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( NULL, message, MSGLEN )
- == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(NULL, message, MSGLEN)
+ == MBEDTLS_TEST_ERROR_CONTEXT_ERROR);
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( NULL, message, MSGLEN )
- == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(NULL, message, MSGLEN)
+ == MBEDTLS_TEST_ERROR_CONTEXT_ERROR);
- TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
- &server,
- &server_context ) == 0 );
+ TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 1,
+ &server,
+ &server_context) == 0);
- TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
- &client,
- &client_context ) == 0 );
+ TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 1,
+ &client,
+ &client_context) == 0);
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, MSGLEN )
- == MBEDTLS_TEST_ERROR_SEND_FAILED );
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, MSGLEN)
+ == MBEDTLS_TEST_ERROR_SEND_FAILED);
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
- == MBEDTLS_ERR_SSL_WANT_READ );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ == MBEDTLS_ERR_SSL_WANT_READ);
/* Push directly to a queue to later simulate a disconnected behavior */
- TEST_ASSERT( mbedtls_test_message_queue_push_info( &server_queue, MSGLEN )
- == MSGLEN );
+ TEST_ASSERT(mbedtls_test_message_queue_push_info(&server_queue, MSGLEN)
+ == MSGLEN);
/* Test if there's an error when trying to read from a disconnected
* socket */
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
- == MBEDTLS_TEST_ERROR_RECV_FAILED );
- exit:
- mbedtls_message_socket_close( &server_context );
- mbedtls_message_socket_close( &client_context );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ == MBEDTLS_TEST_ERROR_RECV_FAILED);
+exit:
+ mbedtls_message_socket_close(&server_context);
+ mbedtls_message_socket_close(&client_context);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_message_mock_basic( )
+void ssl_message_mock_basic()
{
enum { MSGLEN = 10 };
unsigned char message[MSGLEN], received[MSGLEN];
@@ -2753,54 +2609,53 @@
unsigned i;
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init( &server_context );
- mbedtls_message_socket_init( &client_context );
+ mbedtls_message_socket_init(&server_context);
+ mbedtls_message_socket_init(&client_context);
- TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
- &server,
- &server_context ) == 0 );
+ TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 1,
+ &server,
+ &server_context) == 0);
- TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
- &client,
- &client_context ) == 0 );
+ TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 1,
+ &client,
+ &client_context) == 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
- for( i = 0; i < MSGLEN; i++ )
- {
+ for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
- MSGLEN ) );
+ TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server,
+ MSGLEN));
/* Send the message to the server */
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
- MSGLEN ) == MSGLEN );
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
+ MSGLEN) == MSGLEN);
/* Read from the server */
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
- == MSGLEN );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ == MSGLEN);
- TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
- memset( received, 0, MSGLEN );
+ TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+ memset(received, 0, MSGLEN);
/* Send the message to the client */
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
- MSGLEN ) == MSGLEN );
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(&server_context, message,
+ MSGLEN) == MSGLEN);
/* Read from the client */
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
- == MSGLEN );
- TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&client_context, received, MSGLEN)
+ == MSGLEN);
+ TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
- exit:
- mbedtls_message_socket_close( &server_context );
- mbedtls_message_socket_close( &client_context );
+exit:
+ mbedtls_message_socket_close(&server_context);
+ mbedtls_message_socket_close(&client_context);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_message_mock_queue_overflow_underflow( )
+void ssl_message_mock_queue_overflow_underflow()
{
enum { MSGLEN = 10 };
unsigned char message[MSGLEN], received[MSGLEN];
@@ -2808,57 +2663,56 @@
unsigned i;
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init( &server_context );
- mbedtls_message_socket_init( &client_context );
+ mbedtls_message_socket_init(&server_context);
+ mbedtls_message_socket_init(&client_context);
- TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
- &server,
- &server_context ) == 0 );
+ TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 2,
+ &server,
+ &server_context) == 0);
- TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
- &client,
- &client_context ) == 0 );
+ TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 2,
+ &client,
+ &client_context) == 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
- for( i = 0; i < MSGLEN; i++ )
- {
+ for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
- MSGLEN*2 ) );
+ TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server,
+ MSGLEN*2));
/* Send three message to the server, last one with an error */
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
- MSGLEN - 1 ) == MSGLEN - 1 );
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
+ MSGLEN - 1) == MSGLEN - 1);
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
- MSGLEN ) == MSGLEN );
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
- MSGLEN )
- == MBEDTLS_ERR_SSL_WANT_WRITE );
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
+ MSGLEN)
+ == MBEDTLS_ERR_SSL_WANT_WRITE);
/* Read three messages from the server, last one with an error */
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
- MSGLEN - 1 ) == MSGLEN - 1 );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN - 1) == MSGLEN - 1);
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
- == MSGLEN );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ == MSGLEN);
- TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
+ TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
- == MBEDTLS_ERR_SSL_WANT_READ );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ == MBEDTLS_ERR_SSL_WANT_READ);
- exit:
- mbedtls_message_socket_close( &server_context );
- mbedtls_message_socket_close( &client_context );
+exit:
+ mbedtls_message_socket_close(&server_context);
+ mbedtls_message_socket_close(&client_context);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_message_mock_socket_overflow( )
+void ssl_message_mock_socket_overflow()
{
enum { MSGLEN = 10 };
unsigned char message[MSGLEN], received[MSGLEN];
@@ -2866,48 +2720,47 @@
unsigned i;
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init( &server_context );
- mbedtls_message_socket_init( &client_context );
+ mbedtls_message_socket_init(&server_context);
+ mbedtls_message_socket_init(&client_context);
- TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
- &server,
- &server_context ) == 0 );
+ TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 2,
+ &server,
+ &server_context) == 0);
- TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
- &client,
- &client_context ) == 0 );
+ TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 2,
+ &client,
+ &client_context) == 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
- for( i = 0; i < MSGLEN; i++ )
- {
+ for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
- MSGLEN ) );
+ TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server,
+ MSGLEN));
/* Send two message to the server, second one with an error */
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
- MSGLEN ) == MSGLEN );
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
- MSGLEN )
- == MBEDTLS_TEST_ERROR_SEND_FAILED );
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
+ MSGLEN)
+ == MBEDTLS_TEST_ERROR_SEND_FAILED);
/* Read the only message from the server */
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
- == MSGLEN );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ == MSGLEN);
- TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
+ TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
- exit:
- mbedtls_message_socket_close( &server_context );
- mbedtls_message_socket_close( &client_context );
+exit:
+ mbedtls_message_socket_close(&server_context);
+ mbedtls_message_socket_close(&client_context);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_message_mock_truncated( )
+void ssl_message_mock_truncated()
{
enum { MSGLEN = 10 };
unsigned char message[MSGLEN], received[MSGLEN];
@@ -2915,58 +2768,57 @@
unsigned i;
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init( &server_context );
- mbedtls_message_socket_init( &client_context );
+ mbedtls_message_socket_init(&server_context);
+ mbedtls_message_socket_init(&client_context);
- TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
- &server,
- &server_context ) == 0 );
+ TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 2,
+ &server,
+ &server_context) == 0);
- TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
- &client,
- &client_context ) == 0 );
+ TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 2,
+ &client,
+ &client_context) == 0);
- memset( received, 0, MSGLEN );
+ memset(received, 0, MSGLEN);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
- for( i = 0; i < MSGLEN; i++ )
- {
+ for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
- 2 * MSGLEN ) );
+ TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server,
+ 2 * MSGLEN));
/* Send two messages to the server, the second one small enough to fit in the
* receiver's buffer. */
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
- MSGLEN ) == MSGLEN );
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
- MSGLEN / 2 ) == MSGLEN / 2 );
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
+ MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
+ MSGLEN / 2) == MSGLEN / 2);
/* Read a truncated message from the server */
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
- == MSGLEN/2 );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN/2)
+ == MSGLEN/2);
/* Test that the first half of the message is valid, and second one isn't */
- TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
- TEST_ASSERT( memcmp( message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2 )
- != 0 );
- memset( received, 0, MSGLEN );
+ TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0);
+ TEST_ASSERT(memcmp(message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2)
+ != 0);
+ memset(received, 0, MSGLEN);
/* Read a full message from the server */
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
- == MSGLEN / 2 );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN/2)
+ == MSGLEN / 2);
/* Test that the first half of the message is valid */
- TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
+ TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0);
- exit:
- mbedtls_message_socket_close( &server_context );
- mbedtls_message_socket_close( &client_context );
+exit:
+ mbedtls_message_socket_close(&server_context);
+ mbedtls_message_socket_close(&client_context);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_message_mock_socket_read_error( )
+void ssl_message_mock_socket_read_error()
{
enum { MSGLEN = 10 };
unsigned char message[MSGLEN], received[MSGLEN];
@@ -2974,53 +2826,52 @@
unsigned i;
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init( &server_context );
- mbedtls_message_socket_init( &client_context );
+ mbedtls_message_socket_init(&server_context);
+ mbedtls_message_socket_init(&client_context);
- TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
- &server,
- &server_context ) == 0 );
+ TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 1,
+ &server,
+ &server_context) == 0);
- TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
- &client,
- &client_context ) == 0 );
+ TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 1,
+ &client,
+ &client_context) == 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
- for( i = 0; i < MSGLEN; i++ )
- {
+ for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
- MSGLEN ) );
+ TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server,
+ MSGLEN));
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
- MSGLEN ) == MSGLEN );
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
+ MSGLEN) == MSGLEN);
/* Force a read error by disconnecting the socket by hand */
server.status = 0;
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
- == MBEDTLS_TEST_ERROR_RECV_FAILED );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ == MBEDTLS_TEST_ERROR_RECV_FAILED);
/* Return to a valid state */
server.status = MBEDTLS_MOCK_SOCKET_CONNECTED;
- memset( received, 0, sizeof( received ) );
+ memset(received, 0, sizeof(received));
/* Test that even though the server tried to read once disconnected, the
* continuity is preserved */
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
- == MSGLEN );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ == MSGLEN);
- TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
+ TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
- exit:
- mbedtls_message_socket_close( &server_context );
- mbedtls_message_socket_close( &client_context );
+exit:
+ mbedtls_message_socket_close(&server_context);
+ mbedtls_message_socket_close(&client_context);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_message_mock_interleaved_one_way( )
+void ssl_message_mock_interleaved_one_way()
{
enum { MSGLEN = 10 };
unsigned char message[MSGLEN], received[MSGLEN];
@@ -3028,59 +2879,56 @@
unsigned i;
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init( &server_context );
- mbedtls_message_socket_init( &client_context );
+ mbedtls_message_socket_init(&server_context);
+ mbedtls_message_socket_init(&client_context);
- TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
- &server,
- &server_context ) == 0 );
+ TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 3,
+ &server,
+ &server_context) == 0);
- TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
- &client,
- &client_context ) == 0 );
+ TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 3,
+ &client,
+ &client_context) == 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
- for( i = 0; i < MSGLEN; i++ )
- {
+ for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
- MSGLEN*3 ) );
+ TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server,
+ MSGLEN*3));
/* Interleaved test - [2 sends, 1 read] twice, and then two reads
* (to wrap around the buffer) */
- for( i = 0; i < 2; i++ )
- {
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
- MSGLEN ) == MSGLEN );
+ for (i = 0; i < 2; i++) {
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
- MSGLEN ) == MSGLEN );
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
- MSGLEN ) == MSGLEN );
- TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
- memset( received, 0, sizeof( received ) );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN) == MSGLEN);
+ TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+ memset(received, 0, sizeof(received));
}
- for( i = 0; i < 2; i++ )
- {
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
- MSGLEN ) == MSGLEN );
+ for (i = 0; i < 2; i++) {
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
+ TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
}
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
- == MBEDTLS_ERR_SSL_WANT_READ );
- exit:
- mbedtls_message_socket_close( &server_context );
- mbedtls_message_socket_close( &client_context );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ == MBEDTLS_ERR_SSL_WANT_READ);
+exit:
+ mbedtls_message_socket_close(&server_context);
+ mbedtls_message_socket_close(&client_context);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_message_mock_interleaved_two_ways( )
+void ssl_message_mock_interleaved_two_ways()
{
enum { MSGLEN = 10 };
unsigned char message[MSGLEN], received[MSGLEN];
@@ -3088,132 +2936,128 @@
unsigned i;
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init( &server_context );
- mbedtls_message_socket_init( &client_context );
+ mbedtls_message_socket_init(&server_context);
+ mbedtls_message_socket_init(&client_context);
- TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
- &server,
- &server_context ) == 0 );
+ TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 3,
+ &server,
+ &server_context) == 0);
- TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
- &client,
- &client_context ) == 0 );
+ TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 3,
+ &client,
+ &client_context) == 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
- for( i = 0; i < MSGLEN; i++ )
- {
+ for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
- MSGLEN*3 ) );
+ TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server,
+ MSGLEN*3));
/* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads
* (to wrap around the buffer) both ways. */
- for( i = 0; i < 2; i++ )
- {
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
- MSGLEN ) == MSGLEN );
+ for (i = 0; i < 2; i++) {
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
- MSGLEN ) == MSGLEN );
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
- MSGLEN ) == MSGLEN );
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(&server_context, message,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
- MSGLEN ) == MSGLEN );
+ TEST_ASSERT(mbedtls_mock_tcp_send_msg(&server_context, message,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
- MSGLEN ) == MSGLEN );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
+ TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
- memset( received, 0, sizeof( received ) );
+ memset(received, 0, sizeof(received));
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
- MSGLEN ) == MSGLEN );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&client_context, received,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
+ TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
- memset( received, 0, sizeof( received ) );
+ memset(received, 0, sizeof(received));
}
- for( i = 0; i < 2; i++ )
- {
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
- MSGLEN ) == MSGLEN );
+ for (i = 0; i < 2; i++) {
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
- memset( received, 0, sizeof( received ) );
+ TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+ memset(received, 0, sizeof(received));
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
- MSGLEN ) == MSGLEN );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&client_context, received,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
- memset( received, 0, sizeof( received ) );
+ TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+ memset(received, 0, sizeof(received));
}
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
- == MBEDTLS_ERR_SSL_WANT_READ );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ == MBEDTLS_ERR_SSL_WANT_READ);
- TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
- == MBEDTLS_ERR_SSL_WANT_READ );
- exit:
- mbedtls_message_socket_close( &server_context );
- mbedtls_message_socket_close( &client_context );
+ TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&client_context, received, MSGLEN)
+ == MBEDTLS_ERR_SSL_WANT_READ);
+exit:
+ mbedtls_message_socket_close(&server_context);
+ mbedtls_message_socket_close(&client_context);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
+void ssl_dtls_replay(data_t *prevs, data_t *new, int ret)
{
uint32_t len = 0;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
- TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
- MBEDTLS_SSL_IS_CLIENT,
- MBEDTLS_SSL_TRANSPORT_DATAGRAM,
- MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
- TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ MBEDTLS_SSL_PRESET_DEFAULT) == 0);
+ TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
/* Read previous record numbers */
- for( len = 0; len < prevs->len; len += 6 )
- {
- memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
- mbedtls_ssl_dtls_replay_update( &ssl );
+ for (len = 0; len < prevs->len; len += 6) {
+ memcpy(ssl.in_ctr + 2, prevs->x + len, 6);
+ mbedtls_ssl_dtls_replay_update(&ssl);
}
/* Check new number */
- memcpy( ssl.in_ctr + 2, new->x, 6 );
- TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
+ memcpy(ssl.in_ctr + 2, new->x, 6);
+ TEST_ASSERT(mbedtls_ssl_dtls_replay_check(&ssl) == ret);
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
+void ssl_set_hostname_twice(char *hostname0, char *hostname1)
{
mbedtls_ssl_context ssl;
- mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_init(&ssl);
- TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
- TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname0) == 0);
+ TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname1) == 0);
- mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_free(&ssl);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_crypt_record( int cipher_type, int hash_id,
- int etm, int tag_mode, int ver,
- int cid0_len, int cid1_len )
+void ssl_crypt_record(int cipher_type, int hash_id,
+ int etm, int tag_mode, int ver,
+ int cid0_len, int cid1_len)
{
/*
* Test several record encryptions and decryptions
@@ -3230,27 +3074,23 @@
size_t const buflen = 512;
mbedtls_record rec, rec_backup;
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_transform_init( &t0 );
- mbedtls_ssl_transform_init( &t1 );
- TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
- etm, tag_mode, ver,
- (size_t) cid0_len,
- (size_t) cid1_len ) == 0 );
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_transform_init(&t0);
+ mbedtls_ssl_transform_init(&t1);
+ TEST_ASSERT(build_transforms(&t0, &t1, cipher_type, hash_id,
+ etm, tag_mode, ver,
+ (size_t) cid0_len,
+ (size_t) cid1_len) == 0);
- TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
+ TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL);
- while( num_records-- > 0 )
- {
+ while (num_records-- > 0) {
mbedtls_ssl_transform *t_dec, *t_enc;
/* Take turns in who's sending and who's receiving. */
- if( num_records % 3 == 0 )
- {
+ if (num_records % 3 == 0) {
t_dec = &t0;
t_enc = &t1;
- }
- else
- {
+ } else {
t_dec = &t1;
t_enc = &t0;
}
@@ -3267,7 +3107,7 @@
* type is sensible.
*/
- memset( rec.ctr, num_records, sizeof( rec.ctr ) );
+ memset(rec.ctr, num_records, sizeof(rec.ctr));
rec.type = 42;
rec.ver[0] = num_records;
rec.ver[1] = num_records;
@@ -3282,71 +3122,68 @@
* paddings. */
rec.data_len = 1 + num_records;
- memset( rec.buf + rec.data_offset, 42, rec.data_len );
+ memset(rec.buf + rec.data_offset, 42, rec.data_len);
/* Make a copy for later comparison */
rec_backup = rec;
/* Encrypt record */
- ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
- mbedtls_test_rnd_std_rand, NULL );
- TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
- if( ret != 0 )
- {
+ ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec,
+ mbedtls_test_rnd_std_rand, NULL);
+ TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+ if (ret != 0) {
continue;
}
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if( rec.cid_len != 0 )
- {
+ if (rec.cid_len != 0) {
/* DTLS 1.2 + CID hides the real content type and
* uses a special CID content type in the protected
* record. Double-check this. */
- TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
+ TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID);
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
- if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
- {
+ if (t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) {
/* TLS 1.3 hides the real content type and
* always uses Application Data as the content type
* for protected records. Double-check this. */
- TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
+ TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA);
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
/* Decrypt record with t_dec */
- ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec);
+ TEST_ASSERT(ret == 0);
/* Compare results */
- TEST_ASSERT( rec.type == rec_backup.type );
- TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
- TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
- TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
- TEST_ASSERT( rec.data_len == rec_backup.data_len );
- TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
- TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
- rec_backup.buf + rec_backup.data_offset,
- rec.data_len ) == 0 );
+ TEST_ASSERT(rec.type == rec_backup.type);
+ TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0);
+ TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]);
+ TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]);
+ TEST_ASSERT(rec.data_len == rec_backup.data_len);
+ TEST_ASSERT(rec.data_offset == rec_backup.data_offset);
+ TEST_ASSERT(memcmp(rec.buf + rec.data_offset,
+ rec_backup.buf + rec_backup.data_offset,
+ rec.data_len) == 0);
}
exit:
/* Cleanup */
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_transform_free( &t0 );
- mbedtls_ssl_transform_free( &t1 );
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_transform_free(&t0);
+ mbedtls_ssl_transform_free(&t1);
- mbedtls_free( buf );
+ mbedtls_free(buf);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_crypt_record_small( int cipher_type, int hash_id,
- int etm, int tag_mode, int ver,
- int cid0_len, int cid1_len )
+void ssl_crypt_record_small(int cipher_type, int hash_id,
+ int etm, int tag_mode, int ver,
+ int cid0_len, int cid1_len)
{
/*
* Test pairs of encryption and decryption with an increasing
@@ -3386,26 +3223,24 @@
int seen_success; /* Indicates if in the current mode we've
* already seen a successful test. */
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_transform_init( &t0 );
- mbedtls_ssl_transform_init( &t1 );
- TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
- etm, tag_mode, ver,
- (size_t) cid0_len,
- (size_t) cid1_len ) == 0 );
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_transform_init(&t0);
+ mbedtls_ssl_transform_init(&t1);
+ TEST_ASSERT(build_transforms(&t0, &t1, cipher_type, hash_id,
+ etm, tag_mode, ver,
+ (size_t) cid0_len,
+ (size_t) cid1_len) == 0);
- TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
+ TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL);
- for( mode=1; mode <= 3; mode++ )
- {
+ for (mode = 1; mode <= 3; mode++) {
seen_success = 0;
- for( offset=0; offset <= threshold; offset++ )
- {
+ for (offset = 0; offset <= threshold; offset++) {
mbedtls_ssl_transform *t_dec, *t_enc;
t_dec = &t0;
t_enc = &t1;
- memset( rec.ctr, offset, sizeof( rec.ctr ) );
+ memset(rec.ctr, offset, sizeof(rec.ctr));
rec.type = 42;
rec.ver[0] = offset;
rec.ver[1] = offset;
@@ -3415,8 +3250,7 @@
rec.cid_len = 0;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- switch( mode )
- {
+ switch (mode) {
case 1: /* Space in the beginning */
rec.data_offset = offset;
rec.data_len = buflen - offset - default_post_padding;
@@ -3433,85 +3267,82 @@
break;
default:
- TEST_ASSERT( 0 );
+ TEST_ASSERT(0);
break;
}
- memset( rec.buf + rec.data_offset, 42, rec.data_len );
+ memset(rec.buf + rec.data_offset, 42, rec.data_len);
/* Make a copy for later comparison */
rec_backup = rec;
/* Encrypt record */
- ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
- mbedtls_test_rnd_std_rand, NULL );
+ ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec,
+ mbedtls_test_rnd_std_rand, NULL);
- if( ( mode == 1 || mode == 2 ) && seen_success )
- {
- TEST_ASSERT( ret == 0 );
- }
- else
- {
- TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
- if( ret == 0 )
+ if ((mode == 1 || mode == 2) && seen_success) {
+ TEST_ASSERT(ret == 0);
+ } else {
+ TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+ if (ret == 0) {
seen_success = 1;
+ }
}
- if( ret != 0 )
+ if (ret != 0) {
continue;
+ }
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if( rec.cid_len != 0 )
- {
+ if (rec.cid_len != 0) {
/* DTLS 1.2 + CID hides the real content type and
* uses a special CID content type in the protected
* record. Double-check this. */
- TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
+ TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID);
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
- if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
- {
+ if (t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) {
/* TLS 1.3 hides the real content type and
* always uses Application Data as the content type
* for protected records. Double-check this. */
- TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
+ TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA);
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
/* Decrypt record with t_dec */
- TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec) == 0);
/* Compare results */
- TEST_ASSERT( rec.type == rec_backup.type );
- TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
- TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
- TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
- TEST_ASSERT( rec.data_len == rec_backup.data_len );
- TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
- TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
- rec_backup.buf + rec_backup.data_offset,
- rec.data_len ) == 0 );
+ TEST_ASSERT(rec.type == rec_backup.type);
+ TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0);
+ TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]);
+ TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]);
+ TEST_ASSERT(rec.data_len == rec_backup.data_len);
+ TEST_ASSERT(rec.data_offset == rec_backup.data_offset);
+ TEST_ASSERT(memcmp(rec.buf + rec.data_offset,
+ rec_backup.buf + rec_backup.data_offset,
+ rec.data_len) == 0);
}
- TEST_ASSERT( seen_success == 1 );
+ TEST_ASSERT(seen_success == 1);
}
exit:
/* Cleanup */
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_transform_free( &t0 );
- mbedtls_ssl_transform_free( &t1 );
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_transform_free(&t0);
+ mbedtls_ssl_transform_free(&t1);
- mbedtls_free( buf );
+ mbedtls_free(buf);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */
-void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
- int length_selector )
+void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac,
+ int length_selector)
{
/*
* Test record decryption for CBC without EtM, focused on the verification
@@ -3542,50 +3373,48 @@
int exp_ret;
const unsigned char pad_max_len = 255; /* Per the standard */
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_transform_init( &t0 );
- mbedtls_ssl_transform_init( &t1 );
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_transform_init(&t0);
+ mbedtls_ssl_transform_init(&t1);
/* Set up transforms with dummy keys */
- TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
- 0, trunc_hmac,
- MBEDTLS_SSL_MINOR_VERSION_3,
- 0 , 0 ) == 0 );
+ TEST_ASSERT(build_transforms(&t0, &t1, cipher_type, hash_id,
+ 0, trunc_hmac,
+ MBEDTLS_SSL_MINOR_VERSION_3,
+ 0, 0) == 0);
/* Determine padding/plaintext length */
- TEST_ASSERT( length_selector >= -2 && length_selector <= 255 );
+ TEST_ASSERT(length_selector >= -2 && length_selector <= 255);
block_size = t0.ivlen;
- if( length_selector < 0 )
- {
+ if (length_selector < 0) {
plaintext_len = 0;
/* Minimal padding
* The +1 is for the padding_length byte, not counted in padlen. */
- padlen = block_size - ( t0.maclen + 1 ) % block_size;
+ padlen = block_size - (t0.maclen + 1) % block_size;
/* Maximal padding? */
- if( length_selector == -2 )
- padlen += block_size * ( ( pad_max_len - padlen ) / block_size );
- }
- else
- {
+ if (length_selector == -2) {
+ padlen += block_size * ((pad_max_len - padlen) / block_size);
+ }
+ } else {
padlen = length_selector;
/* Minimal non-zero plaintext_length giving desired padding.
* The +1 is for the padding_length byte, not counted in padlen. */
- plaintext_len = block_size - ( padlen + t0.maclen + 1 ) % block_size;
+ plaintext_len = block_size - (padlen + t0.maclen + 1) % block_size;
}
/* Prepare a buffer for record data */
buflen = block_size
- + plaintext_len
- + t0.maclen
- + padlen + 1;
- ASSERT_ALLOC( buf, buflen );
- ASSERT_ALLOC( buf_save, buflen );
+ + plaintext_len
+ + t0.maclen
+ + padlen + 1;
+ ASSERT_ALLOC(buf, buflen);
+ ASSERT_ALLOC(buf_save, buflen);
/* Prepare a dummy record header */
- memset( rec.ctr, 0, sizeof( rec.ctr ) );
+ memset(rec.ctr, 0, sizeof(rec.ctr));
rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
rec.ver[0] = MBEDTLS_SSL_MAJOR_VERSION_3;
rec.ver[1] = MBEDTLS_SSL_MINOR_VERSION_3;
@@ -3598,82 +3427,81 @@
rec.buf_len = buflen;
rec.data_offset = block_size;
rec.data_len = plaintext_len;
- memset( rec.buf + rec.data_offset, 42, rec.data_len );
+ memset(rec.buf + rec.data_offset, 42, rec.data_len);
/* Serialized version of record header for MAC purposes */
- memcpy( add_data, rec.ctr, 8 );
+ memcpy(add_data, rec.ctr, 8);
add_data[8] = rec.type;
add_data[9] = rec.ver[0];
add_data[10] = rec.ver[1];
- add_data[11] = ( rec.data_len >> 8 ) & 0xff;
- add_data[12] = ( rec.data_len >> 0 ) & 0xff;
+ add_data[11] = (rec.data_len >> 8) & 0xff;
+ add_data[12] = (rec.data_len >> 0) & 0xff;
/* Set dummy IV */
- memset( t0.iv_enc, 0x55, t0.ivlen );
- memcpy( rec.buf, t0.iv_enc, t0.ivlen );
+ memset(t0.iv_enc, 0x55, t0.ivlen);
+ memcpy(rec.buf, t0.iv_enc, t0.ivlen);
/*
* Prepare a pre-encryption record (with MAC and padding), and save it.
*/
/* MAC with additional data */
- TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc, add_data, 13 ) );
- TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc,
- rec.buf + rec.data_offset,
- rec.data_len ) );
- TEST_EQUAL( 0, mbedtls_md_hmac_finish( &t0.md_ctx_enc, mac ) );
+ TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc, add_data, 13));
+ TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc,
+ rec.buf + rec.data_offset,
+ rec.data_len));
+ TEST_EQUAL(0, mbedtls_md_hmac_finish(&t0.md_ctx_enc, mac));
- memcpy( rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen );
+ memcpy(rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen);
rec.data_len += t0.maclen;
/* Pad */
- memset( rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1 );
+ memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1);
rec.data_len += padlen + 1;
/* Save correct pre-encryption record */
rec_save = rec;
rec_save.buf = buf_save;
- memcpy( buf_save, buf, buflen );
+ memcpy(buf_save, buf, buflen);
/*
* Encrypt and decrypt the correct record, expecting success
*/
- TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
- t0.iv_enc, t0.ivlen,
- rec.buf + rec.data_offset, rec.data_len,
- rec.buf + rec.data_offset, &olen ) );
+ TEST_EQUAL(0, mbedtls_cipher_crypt(&t0.cipher_ctx_enc,
+ t0.iv_enc, t0.ivlen,
+ rec.buf + rec.data_offset, rec.data_len,
+ rec.buf + rec.data_offset, &olen));
rec.data_offset -= t0.ivlen;
rec.data_len += t0.ivlen;
- TEST_EQUAL( 0, mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
+ TEST_EQUAL(0, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
/*
* Modify each byte of the pre-encryption record before encrypting and
* decrypting it, expecting failure every time.
*/
- for( i = block_size; i < buflen; i++ )
- {
- mbedtls_test_set_step( i );
+ for (i = block_size; i < buflen; i++) {
+ mbedtls_test_set_step(i);
/* Restore correct pre-encryption record */
rec = rec_save;
rec.buf = buf;
- memcpy( buf, buf_save, buflen );
+ memcpy(buf, buf_save, buflen);
/* Corrupt one byte of the data (could be plaintext, MAC or padding) */
rec.buf[i] ^= 0x01;
/* Encrypt */
- TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
- t0.iv_enc, t0.ivlen,
- rec.buf + rec.data_offset, rec.data_len,
- rec.buf + rec.data_offset, &olen ) );
+ TEST_EQUAL(0, mbedtls_cipher_crypt(&t0.cipher_ctx_enc,
+ t0.iv_enc, t0.ivlen,
+ rec.buf + rec.data_offset, rec.data_len,
+ rec.buf + rec.data_offset, &olen));
rec.data_offset -= t0.ivlen;
rec.data_len += t0.ivlen;
/* Decrypt and expect failure */
- TEST_EQUAL( MBEDTLS_ERR_SSL_INVALID_MAC,
- mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
+ TEST_EQUAL(MBEDTLS_ERR_SSL_INVALID_MAC,
+ mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
}
/*
@@ -3688,214 +3516,213 @@
* (Start the loop with correct padding, just to double-check that record
* saving did work, and that we're overwriting the correct bytes.)
*/
- for( i = padlen; i <= pad_max_len; i++ )
- {
- mbedtls_test_set_step( i );
+ for (i = padlen; i <= pad_max_len; i++) {
+ mbedtls_test_set_step(i);
/* Restore correct pre-encryption record */
rec = rec_save;
rec.buf = buf;
- memcpy( buf, buf_save, buflen );
+ memcpy(buf, buf_save, buflen);
/* Set padding bytes to new value */
- memset( buf + buflen - padlen - 1, i, padlen + 1 );
+ memset(buf + buflen - padlen - 1, i, padlen + 1);
/* Encrypt */
- TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
- t0.iv_enc, t0.ivlen,
- rec.buf + rec.data_offset, rec.data_len,
- rec.buf + rec.data_offset, &olen ) );
+ TEST_EQUAL(0, mbedtls_cipher_crypt(&t0.cipher_ctx_enc,
+ t0.iv_enc, t0.ivlen,
+ rec.buf + rec.data_offset, rec.data_len,
+ rec.buf + rec.data_offset, &olen));
rec.data_offset -= t0.ivlen;
rec.data_len += t0.ivlen;
/* Decrypt and expect failure except the first time */
- exp_ret = ( i == padlen ) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC;
- TEST_EQUAL( exp_ret, mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
+ exp_ret = (i == padlen) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC;
+ TEST_EQUAL(exp_ret, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
}
exit:
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_transform_free( &t0 );
- mbedtls_ssl_transform_free( &t1 );
- mbedtls_free( buf );
- mbedtls_free( buf_save );
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_transform_free(&t0);
+ mbedtls_ssl_transform_free(&t1);
+ mbedtls_free(buf);
+ mbedtls_free(buf_save);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
-void ssl_tls1_3_hkdf_expand_label( int hash_alg,
- data_t *secret,
- int label_idx,
- data_t *ctx,
- int desired_length,
- data_t *expected )
+void ssl_tls1_3_hkdf_expand_label(int hash_alg,
+ data_t *secret,
+ int label_idx,
+ data_t *ctx,
+ int desired_length,
+ data_t *expected)
{
- unsigned char dst[ 100 ];
+ unsigned char dst[100];
unsigned char const *lbl = NULL;
size_t lbl_len;
-#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
- if( label_idx == (int) tls1_3_label_ ## name ) \
+#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
+ if (label_idx == (int) tls1_3_label_ ## name) \
{ \
lbl = mbedtls_ssl_tls1_3_labels.name; \
- lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \
+ lbl_len = sizeof(mbedtls_ssl_tls1_3_labels.name); \
}
-MBEDTLS_SSL_TLS1_3_LABEL_LIST
+ MBEDTLS_SSL_TLS1_3_LABEL_LIST
#undef MBEDTLS_SSL_TLS1_3_LABEL
- TEST_ASSERT( lbl != NULL );
+ TEST_ASSERT(lbl != NULL);
/* Check sanity of test parameters. */
- TEST_ASSERT( (size_t) desired_length <= sizeof( dst ) );
- TEST_ASSERT( (size_t) desired_length == expected->len );
+ TEST_ASSERT((size_t) desired_length <= sizeof(dst));
+ TEST_ASSERT((size_t) desired_length == expected->len);
- TEST_ASSERT( mbedtls_ssl_tls1_3_hkdf_expand_label(
- (mbedtls_md_type_t) hash_alg,
- secret->x, secret->len,
- lbl, lbl_len,
- ctx->x, ctx->len,
- dst, desired_length ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_tls1_3_hkdf_expand_label(
+ (mbedtls_md_type_t) hash_alg,
+ secret->x, secret->len,
+ lbl, lbl_len,
+ ctx->x, ctx->len,
+ dst, desired_length) == 0);
- ASSERT_COMPARE( dst, (size_t) desired_length,
- expected->x, (size_t) expected->len );
+ ASSERT_COMPARE(dst, (size_t) desired_length,
+ expected->x, (size_t) expected->len);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
-void ssl_tls1_3_traffic_key_generation( int hash_alg,
- data_t *server_secret,
- data_t *client_secret,
- int desired_iv_len,
- int desired_key_len,
- data_t *expected_server_write_key,
- data_t *expected_server_write_iv,
- data_t *expected_client_write_key,
- data_t *expected_client_write_iv )
+void ssl_tls1_3_traffic_key_generation(int hash_alg,
+ data_t *server_secret,
+ data_t *client_secret,
+ int desired_iv_len,
+ int desired_key_len,
+ data_t *expected_server_write_key,
+ data_t *expected_server_write_iv,
+ data_t *expected_client_write_key,
+ data_t *expected_client_write_iv)
{
mbedtls_ssl_key_set keys;
/* Check sanity of test parameters. */
- TEST_ASSERT( client_secret->len == server_secret->len );
- TEST_ASSERT( expected_client_write_iv->len == expected_server_write_iv->len &&
- expected_client_write_iv->len == (size_t) desired_iv_len );
- TEST_ASSERT( expected_client_write_key->len == expected_server_write_key->len &&
- expected_client_write_key->len == (size_t) desired_key_len );
+ TEST_ASSERT(client_secret->len == server_secret->len);
+ TEST_ASSERT(expected_client_write_iv->len == expected_server_write_iv->len &&
+ expected_client_write_iv->len == (size_t) desired_iv_len);
+ TEST_ASSERT(expected_client_write_key->len == expected_server_write_key->len &&
+ expected_client_write_key->len == (size_t) desired_key_len);
- TEST_ASSERT( mbedtls_ssl_tls1_3_make_traffic_keys(
- (mbedtls_md_type_t) hash_alg,
- client_secret->x,
- server_secret->x,
- client_secret->len /* == server_secret->len */,
- desired_key_len, desired_iv_len,
- &keys ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_tls1_3_make_traffic_keys(
+ (mbedtls_md_type_t) hash_alg,
+ client_secret->x,
+ server_secret->x,
+ client_secret->len /* == server_secret->len */,
+ desired_key_len, desired_iv_len,
+ &keys) == 0);
- ASSERT_COMPARE( keys.client_write_key,
- keys.key_len,
- expected_client_write_key->x,
- (size_t) desired_key_len );
- ASSERT_COMPARE( keys.server_write_key,
- keys.key_len,
- expected_server_write_key->x,
- (size_t) desired_key_len );
- ASSERT_COMPARE( keys.client_write_iv,
- keys.iv_len,
- expected_client_write_iv->x,
- (size_t) desired_iv_len );
- ASSERT_COMPARE( keys.server_write_iv,
- keys.iv_len,
- expected_server_write_iv->x,
- (size_t) desired_iv_len );
+ ASSERT_COMPARE(keys.client_write_key,
+ keys.key_len,
+ expected_client_write_key->x,
+ (size_t) desired_key_len);
+ ASSERT_COMPARE(keys.server_write_key,
+ keys.key_len,
+ expected_server_write_key->x,
+ (size_t) desired_key_len);
+ ASSERT_COMPARE(keys.client_write_iv,
+ keys.iv_len,
+ expected_client_write_iv->x,
+ (size_t) desired_iv_len);
+ ASSERT_COMPARE(keys.server_write_iv,
+ keys.iv_len,
+ expected_server_write_iv->x,
+ (size_t) desired_iv_len);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
-void ssl_tls1_3_derive_secret( int hash_alg,
- data_t *secret,
- int label_idx,
- data_t *ctx,
- int desired_length,
- int already_hashed,
- data_t *expected )
+void ssl_tls1_3_derive_secret(int hash_alg,
+ data_t *secret,
+ int label_idx,
+ data_t *ctx,
+ int desired_length,
+ int already_hashed,
+ data_t *expected)
{
- unsigned char dst[ 100 ];
+ unsigned char dst[100];
unsigned char const *lbl = NULL;
size_t lbl_len;
-#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
- if( label_idx == (int) tls1_3_label_ ## name ) \
+#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
+ if (label_idx == (int) tls1_3_label_ ## name) \
{ \
lbl = mbedtls_ssl_tls1_3_labels.name; \
- lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \
+ lbl_len = sizeof(mbedtls_ssl_tls1_3_labels.name); \
}
-MBEDTLS_SSL_TLS1_3_LABEL_LIST
+ MBEDTLS_SSL_TLS1_3_LABEL_LIST
#undef MBEDTLS_SSL_TLS1_3_LABEL
- TEST_ASSERT( lbl != NULL );
+ TEST_ASSERT(lbl != NULL);
/* Check sanity of test parameters. */
- TEST_ASSERT( (size_t) desired_length <= sizeof( dst ) );
- TEST_ASSERT( (size_t) desired_length == expected->len );
+ TEST_ASSERT((size_t) desired_length <= sizeof(dst));
+ TEST_ASSERT((size_t) desired_length == expected->len);
- TEST_ASSERT( mbedtls_ssl_tls1_3_derive_secret(
- (mbedtls_md_type_t) hash_alg,
- secret->x, secret->len,
- lbl, lbl_len,
- ctx->x, ctx->len,
- already_hashed,
- dst, desired_length ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_tls1_3_derive_secret(
+ (mbedtls_md_type_t) hash_alg,
+ secret->x, secret->len,
+ lbl, lbl_len,
+ ctx->x, ctx->len,
+ already_hashed,
+ dst, desired_length) == 0);
- ASSERT_COMPARE( dst, desired_length,
- expected->x, desired_length );
+ ASSERT_COMPARE(dst, desired_length,
+ expected->x, desired_length);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
-void ssl_tls1_3_key_evolution( int hash_alg,
- data_t *secret,
- data_t *input,
- data_t *expected )
+void ssl_tls1_3_key_evolution(int hash_alg,
+ data_t *secret,
+ data_t *input,
+ data_t *expected)
{
- unsigned char secret_new[ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char secret_new[MBEDTLS_MD_MAX_SIZE];
- TEST_ASSERT( mbedtls_ssl_tls1_3_evolve_secret(
- (mbedtls_md_type_t) hash_alg,
- secret->len ? secret->x : NULL,
- input->len ? input->x : NULL, input->len,
- secret_new ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_tls1_3_evolve_secret(
+ (mbedtls_md_type_t) hash_alg,
+ secret->len ? secret->x : NULL,
+ input->len ? input->x : NULL, input->len,
+ secret_new) == 0);
- ASSERT_COMPARE( secret_new, (size_t) expected->len,
- expected->x, (size_t) expected->len );
+ ASSERT_COMPARE(secret_new, (size_t) expected->len,
+ expected->x, (size_t) expected->len);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_tls_prf( int type, data_t * secret, data_t * random,
- char *label, data_t *result_str, int exp_ret )
+void ssl_tls_prf(int type, data_t *secret, data_t *random,
+ char *label, data_t *result_str, int exp_ret)
{
unsigned char *output;
- output = mbedtls_calloc( 1, result_str->len );
- if( output == NULL )
+ output = mbedtls_calloc(1, result_str->len);
+ if (output == NULL) {
goto exit;
+ }
- USE_PSA_INIT( );
+ USE_PSA_INIT();
- TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
- label, random->x, random->len,
- output, result_str->len ) == exp_ret );
+ TEST_ASSERT(mbedtls_ssl_tls_prf(type, secret->x, secret->len,
+ label, random->x, random->len,
+ output, result_str->len) == exp_ret);
- if( exp_ret == 0 )
- {
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
- result_str->len, result_str->len ) == 0 );
+ if (exp_ret == 0) {
+ TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
+ result_str->len, result_str->len) == 0);
}
exit:
- mbedtls_free( output );
- USE_PSA_DONE( );
+ mbedtls_free(output);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
+void ssl_serialize_session_save_load(int ticket_len, char *crt_file)
{
mbedtls_ssl_session original, restored;
unsigned char *buf = NULL;
@@ -3905,98 +3732,95 @@
* Test that a save-load pair is the identity
*/
- mbedtls_ssl_session_init( &original );
- mbedtls_ssl_session_init( &restored );
+ mbedtls_ssl_session_init(&original);
+ mbedtls_ssl_session_init(&restored);
/* Prepare a dummy session to work on */
- TEST_ASSERT( ssl_populate_session( &original, ticket_len, crt_file ) == 0 );
+ TEST_ASSERT(ssl_populate_session(&original, ticket_len, crt_file) == 0);
/* Serialize it */
- TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
- == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
- TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL );
- TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len )
- == 0 );
+ TEST_ASSERT(mbedtls_ssl_session_save(&original, NULL, 0, &len)
+ == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+ TEST_ASSERT((buf = mbedtls_calloc(1, len)) != NULL);
+ TEST_ASSERT(mbedtls_ssl_session_save(&original, buf, len, &len)
+ == 0);
/* Restore session from serialized data */
- TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 );
+ TEST_ASSERT(mbedtls_ssl_session_load(&restored, buf, len) == 0);
/*
* Make sure both session structures are identical
*/
#if defined(MBEDTLS_HAVE_TIME)
- TEST_ASSERT( original.start == restored.start );
+ TEST_ASSERT(original.start == restored.start);
#endif
- TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
- TEST_ASSERT( original.compression == restored.compression );
- TEST_ASSERT( original.id_len == restored.id_len );
- TEST_ASSERT( memcmp( original.id,
- restored.id, sizeof( original.id ) ) == 0 );
- TEST_ASSERT( memcmp( original.master,
- restored.master, sizeof( original.master ) ) == 0 );
+ TEST_ASSERT(original.ciphersuite == restored.ciphersuite);
+ TEST_ASSERT(original.compression == restored.compression);
+ TEST_ASSERT(original.id_len == restored.id_len);
+ TEST_ASSERT(memcmp(original.id,
+ restored.id, sizeof(original.id)) == 0);
+ TEST_ASSERT(memcmp(original.master,
+ restored.master, sizeof(original.master)) == 0);
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- TEST_ASSERT( ( original.peer_cert == NULL ) ==
- ( restored.peer_cert == NULL ) );
- if( original.peer_cert != NULL )
- {
- TEST_ASSERT( original.peer_cert->raw.len ==
- restored.peer_cert->raw.len );
- TEST_ASSERT( memcmp( original.peer_cert->raw.p,
- restored.peer_cert->raw.p,
- original.peer_cert->raw.len ) == 0 );
+ TEST_ASSERT((original.peer_cert == NULL) ==
+ (restored.peer_cert == NULL));
+ if (original.peer_cert != NULL) {
+ TEST_ASSERT(original.peer_cert->raw.len ==
+ restored.peer_cert->raw.len);
+ TEST_ASSERT(memcmp(original.peer_cert->raw.p,
+ restored.peer_cert->raw.p,
+ original.peer_cert->raw.len) == 0);
}
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- TEST_ASSERT( original.peer_cert_digest_type ==
- restored.peer_cert_digest_type );
- TEST_ASSERT( original.peer_cert_digest_len ==
- restored.peer_cert_digest_len );
- TEST_ASSERT( ( original.peer_cert_digest == NULL ) ==
- ( restored.peer_cert_digest == NULL ) );
- if( original.peer_cert_digest != NULL )
- {
- TEST_ASSERT( memcmp( original.peer_cert_digest,
- restored.peer_cert_digest,
- original.peer_cert_digest_len ) == 0 );
+ TEST_ASSERT(original.peer_cert_digest_type ==
+ restored.peer_cert_digest_type);
+ TEST_ASSERT(original.peer_cert_digest_len ==
+ restored.peer_cert_digest_len);
+ TEST_ASSERT((original.peer_cert_digest == NULL) ==
+ (restored.peer_cert_digest == NULL));
+ if (original.peer_cert_digest != NULL) {
+ TEST_ASSERT(memcmp(original.peer_cert_digest,
+ restored.peer_cert_digest,
+ original.peer_cert_digest_len) == 0);
}
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
- TEST_ASSERT( original.verify_result == restored.verify_result );
+ TEST_ASSERT(original.verify_result == restored.verify_result);
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- TEST_ASSERT( original.ticket_len == restored.ticket_len );
- if( original.ticket_len != 0 )
- {
- TEST_ASSERT( original.ticket != NULL );
- TEST_ASSERT( restored.ticket != NULL );
- TEST_ASSERT( memcmp( original.ticket,
- restored.ticket, original.ticket_len ) == 0 );
+ TEST_ASSERT(original.ticket_len == restored.ticket_len);
+ if (original.ticket_len != 0) {
+ TEST_ASSERT(original.ticket != NULL);
+ TEST_ASSERT(restored.ticket != NULL);
+ TEST_ASSERT(memcmp(original.ticket,
+ restored.ticket, original.ticket_len) == 0);
}
- TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
+ TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime);
#endif
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- TEST_ASSERT( original.mfl_code == restored.mfl_code );
+ TEST_ASSERT(original.mfl_code == restored.mfl_code);
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac );
+ TEST_ASSERT(original.trunc_hmac == restored.trunc_hmac);
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
+ TEST_ASSERT(original.encrypt_then_mac == restored.encrypt_then_mac);
#endif
exit:
- mbedtls_ssl_session_free( &original );
- mbedtls_ssl_session_free( &restored );
- mbedtls_free( buf );
+ mbedtls_ssl_session_free(&original);
+ mbedtls_ssl_session_free(&restored);
+ mbedtls_free(buf);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
+void ssl_serialize_session_load_save(int ticket_len, char *crt_file)
{
mbedtls_ssl_session session;
unsigned char *buf1 = NULL, *buf2 = NULL;
@@ -4006,47 +3830,47 @@
* Test that a load-save pair is the identity
*/
- mbedtls_ssl_session_init( &session );
+ mbedtls_ssl_session_init(&session);
/* Prepare a dummy session to work on */
- TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
+ TEST_ASSERT(ssl_populate_session(&session, ticket_len, crt_file) == 0);
/* Get desired buffer size for serializing */
- TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
- == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &len0)
+ == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
/* Allocate first buffer */
- buf1 = mbedtls_calloc( 1, len0 );
- TEST_ASSERT( buf1 != NULL );
+ buf1 = mbedtls_calloc(1, len0);
+ TEST_ASSERT(buf1 != NULL);
/* Serialize to buffer and free live session */
- TEST_ASSERT( mbedtls_ssl_session_save( &session, buf1, len0, &len1 )
- == 0 );
- TEST_ASSERT( len0 == len1 );
- mbedtls_ssl_session_free( &session );
+ TEST_ASSERT(mbedtls_ssl_session_save(&session, buf1, len0, &len1)
+ == 0);
+ TEST_ASSERT(len0 == len1);
+ mbedtls_ssl_session_free(&session);
/* Restore session from serialized data */
- TEST_ASSERT( mbedtls_ssl_session_load( &session, buf1, len1 ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_session_load(&session, buf1, len1) == 0);
/* Allocate second buffer and serialize to it */
- buf2 = mbedtls_calloc( 1, len0 );
- TEST_ASSERT( buf2 != NULL );
- TEST_ASSERT( mbedtls_ssl_session_save( &session, buf2, len0, &len2 )
- == 0 );
+ buf2 = mbedtls_calloc(1, len0);
+ TEST_ASSERT(buf2 != NULL);
+ TEST_ASSERT(mbedtls_ssl_session_save(&session, buf2, len0, &len2)
+ == 0);
/* Make sure both serialized versions are identical */
- TEST_ASSERT( len1 == len2 );
- TEST_ASSERT( memcmp( buf1, buf2, len1 ) == 0 );
+ TEST_ASSERT(len1 == len2);
+ TEST_ASSERT(memcmp(buf1, buf2, len1) == 0);
exit:
- mbedtls_ssl_session_free( &session );
- mbedtls_free( buf1 );
- mbedtls_free( buf2 );
+ mbedtls_ssl_session_free(&session);
+ mbedtls_free(buf1);
+ mbedtls_free(buf2);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
+void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file)
{
mbedtls_ssl_session session;
unsigned char *buf = NULL;
@@ -4056,33 +3880,32 @@
* Test that session_save() fails cleanly on small buffers
*/
- mbedtls_ssl_session_init( &session );
+ mbedtls_ssl_session_init(&session);
/* Prepare dummy session and get serialized size */
- TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
- TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
- == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ TEST_ASSERT(ssl_populate_session(&session, ticket_len, crt_file) == 0);
+ TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len)
+ == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
/* Try all possible bad lengths */
- for( bad_len = 1; bad_len < good_len; bad_len++ )
- {
+ for (bad_len = 1; bad_len < good_len; bad_len++) {
/* Allocate exact size so that asan/valgrind can detect any overwrite */
- mbedtls_free( buf );
- TEST_ASSERT( ( buf = mbedtls_calloc( 1, bad_len ) ) != NULL );
- TEST_ASSERT( mbedtls_ssl_session_save( &session, buf, bad_len,
- &test_len )
- == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
- TEST_ASSERT( test_len == good_len );
+ mbedtls_free(buf);
+ TEST_ASSERT((buf = mbedtls_calloc(1, bad_len)) != NULL);
+ TEST_ASSERT(mbedtls_ssl_session_save(&session, buf, bad_len,
+ &test_len)
+ == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+ TEST_ASSERT(test_len == good_len);
}
exit:
- mbedtls_ssl_session_free( &session );
- mbedtls_free( buf );
+ mbedtls_ssl_session_free(&session);
+ mbedtls_free(buf);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
+void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file)
{
mbedtls_ssl_session session;
unsigned char *good_buf = NULL, *bad_buf = NULL;
@@ -4092,44 +3915,43 @@
* Test that session_load() fails cleanly on small buffers
*/
- mbedtls_ssl_session_init( &session );
+ mbedtls_ssl_session_init(&session);
/* Prepare serialized session data */
- TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
- TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
- == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
- TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
- TEST_ASSERT( mbedtls_ssl_session_save( &session, good_buf, good_len,
- &good_len ) == 0 );
- mbedtls_ssl_session_free( &session );
+ TEST_ASSERT(ssl_populate_session(&session, ticket_len, crt_file) == 0);
+ TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len)
+ == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+ TEST_ASSERT((good_buf = mbedtls_calloc(1, good_len)) != NULL);
+ TEST_ASSERT(mbedtls_ssl_session_save(&session, good_buf, good_len,
+ &good_len) == 0);
+ mbedtls_ssl_session_free(&session);
/* Try all possible bad lengths */
- for( bad_len = 0; bad_len < good_len; bad_len++ )
- {
+ for (bad_len = 0; bad_len < good_len; bad_len++) {
/* Allocate exact size so that asan/valgrind can detect any overread */
- mbedtls_free( bad_buf );
- bad_buf = mbedtls_calloc( 1, bad_len ? bad_len : 1 );
- TEST_ASSERT( bad_buf != NULL );
- memcpy( bad_buf, good_buf, bad_len );
+ mbedtls_free(bad_buf);
+ bad_buf = mbedtls_calloc(1, bad_len ? bad_len : 1);
+ TEST_ASSERT(bad_buf != NULL);
+ memcpy(bad_buf, good_buf, bad_len);
- TEST_ASSERT( mbedtls_ssl_session_load( &session, bad_buf, bad_len )
- == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ TEST_ASSERT(mbedtls_ssl_session_load(&session, bad_buf, bad_len)
+ == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
}
exit:
- mbedtls_ssl_session_free( &session );
- mbedtls_free( good_buf );
- mbedtls_free( bad_buf );
+ mbedtls_ssl_session_free(&session);
+ mbedtls_free(good_buf);
+ mbedtls_free(bad_buf);
}
/* END_CASE */
/* BEGIN_CASE */
-void ssl_session_serialize_version_check( int corrupt_major,
- int corrupt_minor,
- int corrupt_patch,
- int corrupt_config )
+void ssl_session_serialize_version_check(int corrupt_major,
+ int corrupt_minor,
+ int corrupt_patch,
+ int corrupt_config)
{
- unsigned char serialized_session[ 2048 ];
+ unsigned char serialized_session[2048];
size_t serialized_session_len;
unsigned cur_byte;
mbedtls_ssl_session session;
@@ -4139,44 +3961,43 @@
corrupt_config == 1,
corrupt_config == 1 };
- mbedtls_ssl_session_init( &session );
+ mbedtls_ssl_session_init(&session);
/* Infer length of serialized session. */
- TEST_ASSERT( mbedtls_ssl_session_save( &session,
- serialized_session,
- sizeof( serialized_session ),
- &serialized_session_len ) == 0 );
+ TEST_ASSERT(mbedtls_ssl_session_save(&session,
+ serialized_session,
+ sizeof(serialized_session),
+ &serialized_session_len) == 0);
- mbedtls_ssl_session_free( &session );
+ mbedtls_ssl_session_free(&session);
/* Without any modification, we should be able to successfully
* de-serialize the session - double-check that. */
- TEST_ASSERT( mbedtls_ssl_session_load( &session,
- serialized_session,
- serialized_session_len ) == 0 );
- mbedtls_ssl_session_free( &session );
+ TEST_ASSERT(mbedtls_ssl_session_load(&session,
+ serialized_session,
+ serialized_session_len) == 0);
+ mbedtls_ssl_session_free(&session);
/* Go through the bytes in the serialized session header and
* corrupt them bit-by-bit. */
- for( cur_byte = 0; cur_byte < sizeof( should_corrupt_byte ); cur_byte++ )
- {
+ for (cur_byte = 0; cur_byte < sizeof(should_corrupt_byte); cur_byte++) {
int cur_bit;
- unsigned char * const byte = &serialized_session[ cur_byte ];
+ unsigned char * const byte = &serialized_session[cur_byte];
- if( should_corrupt_byte[ cur_byte ] == 0 )
+ if (should_corrupt_byte[cur_byte] == 0) {
continue;
+ }
- for( cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++ )
- {
+ for (cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++) {
unsigned char const corrupted_bit = 0x1u << cur_bit;
/* Modify a single bit in the serialized session. */
*byte ^= corrupted_bit;
/* Attempt to deserialize */
- TEST_ASSERT( mbedtls_ssl_session_load( &session,
- serialized_session,
- serialized_session_len ) ==
- MBEDTLS_ERR_SSL_VERSION_MISMATCH );
+ TEST_ASSERT(mbedtls_ssl_session_load(&session,
+ serialized_session,
+ serialized_session_len) ==
+ MBEDTLS_ERR_SSL_VERSION_MISMATCH);
/* Undo the change */
*byte ^= corrupted_bit;
@@ -4187,25 +4008,25 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
-void mbedtls_endpoint_sanity( int endpoint_type )
+void mbedtls_endpoint_sanity(int endpoint_type)
{
enum { BUFFSIZE = 1024 };
mbedtls_endpoint ep;
int ret = -1;
- ret = mbedtls_endpoint_init( NULL, endpoint_type, MBEDTLS_PK_RSA,
- NULL, NULL, NULL, NULL );
- TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
+ ret = mbedtls_endpoint_init(NULL, endpoint_type, MBEDTLS_PK_RSA,
+ NULL, NULL, NULL, NULL);
+ TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret);
- ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA );
- TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
+ ret = mbedtls_endpoint_certificate_init(NULL, MBEDTLS_PK_RSA);
+ TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret);
- ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA,
- NULL, NULL, NULL, NULL );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_endpoint_init(&ep, endpoint_type, MBEDTLS_PK_RSA,
+ NULL, NULL, NULL, NULL);
+ TEST_ASSERT(ret == 0);
exit:
- mbedtls_endpoint_free( &ep, NULL );
+ mbedtls_endpoint_free(&ep, NULL);
}
/* END_CASE */
@@ -4216,51 +4037,48 @@
mbedtls_endpoint base_ep, second_ep;
int ret = -1;
- mbedtls_platform_zeroize( &base_ep, sizeof( base_ep ) );
- mbedtls_platform_zeroize( &second_ep, sizeof( second_ep ) );
+ mbedtls_platform_zeroize(&base_ep, sizeof(base_ep));
+ mbedtls_platform_zeroize(&second_ep, sizeof(second_ep));
- ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
- NULL, NULL, NULL, NULL );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_endpoint_init(&base_ep, endpoint_type, MBEDTLS_PK_RSA,
+ NULL, NULL, NULL, NULL);
+ TEST_ASSERT(ret == 0);
- ret = mbedtls_endpoint_init( &second_ep,
- ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ?
- MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
- MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_endpoint_init(&second_ep,
+ (endpoint_type == MBEDTLS_SSL_IS_SERVER) ?
+ MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL);
+ TEST_ASSERT(ret == 0);
- ret = mbedtls_mock_socket_connect( &(base_ep.socket),
- &(second_ep.socket),
- BUFFSIZE );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_mock_socket_connect(&(base_ep.socket),
+ &(second_ep.socket),
+ BUFFSIZE);
+ TEST_ASSERT(ret == 0);
- ret = mbedtls_move_handshake_to_state( &(base_ep.ssl),
- &(second_ep.ssl),
- state );
- if( need_pass )
- {
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( base_ep.ssl.state == state );
- }
- else
- {
- TEST_ASSERT( ret != 0 );
- TEST_ASSERT( base_ep.ssl.state != state );
+ ret = mbedtls_move_handshake_to_state(&(base_ep.ssl),
+ &(second_ep.ssl),
+ state);
+ if (need_pass) {
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(base_ep.ssl.state == state);
+ } else {
+ TEST_ASSERT(ret != 0);
+ TEST_ASSERT(base_ep.ssl.state != state);
}
exit:
- mbedtls_endpoint_free( &base_ep, NULL );
- mbedtls_endpoint_free( &second_ep, NULL );
+ mbedtls_endpoint_free(&base_ep, NULL);
+ mbedtls_endpoint_free(&second_ep, NULL);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */
-void handshake_version( int dtls, int client_min_version, int client_max_version,
- int server_min_version, int server_max_version,
- int expected_negotiated_version )
+void handshake_version(int dtls, int client_min_version, int client_max_version,
+ int server_min_version, int server_max_version,
+ int expected_negotiated_version)
{
handshake_test_options options;
- init_handshake_options( &options );
+ init_handshake_options(&options);
options.client_min_version = client_min_version;
options.client_max_version = client_max_version;
@@ -4272,13 +4090,12 @@
options.dtls = dtls;
/* By default, SSLv3.0 and TLSv1.0 use 1/n-1 splitting when sending data, so
* the number of fragments will be twice as big. */
- if( expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_0 ||
- expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_1 )
- {
+ if (expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_0 ||
+ expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_1) {
options.expected_cli_fragments = 2;
options.expected_srv_fragments = 2;
}
- perform_handshake( &options );
+ perform_handshake(&options);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
@@ -4286,17 +4103,17 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
-void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
+void handshake_psk_cipher(char *cipher, int pk_alg, data_t *psk_str, int dtls)
{
handshake_test_options options;
- init_handshake_options( &options );
+ init_handshake_options(&options);
options.cipher = cipher;
options.dtls = dtls;
options.psk_str = psk_str;
options.pk_alg = pk_alg;
- perform_handshake( &options );
+ perform_handshake(&options);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
@@ -4304,9 +4121,9 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
-void handshake_cipher( char* cipher, int pk_alg, int dtls )
+void handshake_cipher(char *cipher, int pk_alg, int dtls)
{
- test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls );
+ test_handshake_psk_cipher(cipher, pk_alg, NULL, dtls);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
@@ -4314,12 +4131,12 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
-void app_data( int mfl, int cli_msg_len, int srv_msg_len,
- int expected_cli_fragments,
- int expected_srv_fragments, int dtls )
+void app_data(int mfl, int cli_msg_len, int srv_msg_len,
+ int expected_cli_fragments,
+ int expected_srv_fragments, int dtls)
{
handshake_test_options options;
- init_handshake_options( &options );
+ init_handshake_options(&options);
options.mfl = mfl;
options.cli_msg_len = cli_msg_len;
@@ -4328,52 +4145,54 @@
options.expected_srv_fragments = expected_srv_fragments;
options.dtls = dtls;
- perform_handshake( &options );
+ perform_handshake(&options);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */
-void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
- int expected_cli_fragments,
- int expected_srv_fragments )
+void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len,
+ int expected_cli_fragments,
+ int expected_srv_fragments)
{
- test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
- expected_srv_fragments, 0 );
+ test_app_data(mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
+ expected_srv_fragments, 0);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
-void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
- int expected_cli_fragments,
- int expected_srv_fragments )
+void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len,
+ int expected_cli_fragments,
+ int expected_srv_fragments)
{
- test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
- expected_srv_fragments, 1 );
+ test_app_data(mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
+ expected_srv_fragments, 1);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
-void handshake_serialization( )
+void handshake_serialization()
{
handshake_test_options options;
- init_handshake_options( &options );
+ init_handshake_options(&options);
options.serialize = 1;
options.dtls = 1;
- perform_handshake( &options );
+ perform_handshake(&options);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
-void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation)
+void handshake_fragmentation(int mfl,
+ int expected_srv_hs_fragmentation,
+ int expected_cli_hs_fragmentation)
{
handshake_test_options options;
log_pattern srv_pattern, cli_pattern;
@@ -4382,7 +4201,7 @@
srv_pattern.counter = 0;
cli_pattern.counter = 0;
- init_handshake_options( &options );
+ init_handshake_options(&options);
options.dtls = 1;
options.mfl = mfl;
/* Set cipher to one using CBC so that record splitting can be tested */
@@ -4393,43 +4212,41 @@
options.srv_log_fun = log_analyzer;
options.cli_log_fun = log_analyzer;
- perform_handshake( &options );
+ perform_handshake(&options);
/* Test if the server received a fragmented handshake */
- if( expected_srv_hs_fragmentation )
- {
- TEST_ASSERT( srv_pattern.counter >= 1 );
+ if (expected_srv_hs_fragmentation) {
+ TEST_ASSERT(srv_pattern.counter >= 1);
}
/* Test if the client received a fragmented handshake */
- if( expected_cli_hs_fragmentation )
- {
- TEST_ASSERT( cli_pattern.counter >= 1 );
+ if (expected_cli_hs_fragmentation) {
+ TEST_ASSERT(cli_pattern.counter >= 1);
}
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
-void renegotiation( int legacy_renegotiation )
+void renegotiation(int legacy_renegotiation)
{
handshake_test_options options;
- init_handshake_options( &options );
+ init_handshake_options(&options);
options.renegotiate = 1;
options.legacy_renegotiation = legacy_renegotiation;
options.dtls = 1;
- perform_handshake( &options );
+ perform_handshake(&options);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
-void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
- int serialize, int dtls, char *cipher )
+void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation,
+ int serialize, int dtls, char *cipher)
{
handshake_test_options options;
- init_handshake_options( &options );
+ init_handshake_options(&options);
options.mfl = mfl;
options.cipher = cipher;
@@ -4439,17 +4256,17 @@
options.dtls = dtls;
options.resize_buffers = 1;
- perform_handshake( &options );
+ perform_handshake(&options);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
-void resize_buffers_serialize_mfl( int mfl )
+void resize_buffers_serialize_mfl(int mfl)
{
- test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
- (char *) "" );
+ test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
+ (char *) "");
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
@@ -4457,10 +4274,10 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
-void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
- char *cipher )
+void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation,
+ char *cipher)
{
- test_resize_buffers( mfl, 1, legacy_renegotiation, 0, 1, cipher );
+ test_resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
@@ -4468,7 +4285,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
-void raw_key_agreement_fail( int bad_server_ecdhe_key )
+void raw_key_agreement_fail(int bad_server_ecdhe_key)
{
enum { BUFFSIZE = 17000 };
mbedtls_endpoint client, server;
@@ -4477,87 +4294,87 @@
mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP256R1,
MBEDTLS_ECP_DP_NONE };
- USE_PSA_INIT( );
- mbedtls_platform_zeroize( &client, sizeof( client ) );
- mbedtls_platform_zeroize( &server, sizeof( server ) );
+ USE_PSA_INIT();
+ mbedtls_platform_zeroize(&client, sizeof(client));
+ mbedtls_platform_zeroize(&server, sizeof(server));
/* Client side, force SECP256R1 to make one key bitflip fail
* the raw key agreement. Flipping the first byte makes the
* required 0x04 identifier invalid. */
- TEST_EQUAL( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
- MBEDTLS_PK_ECDSA, NULL, NULL,
- NULL, curve_list ), 0 );
+ TEST_EQUAL(mbedtls_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_PK_ECDSA, NULL, NULL,
+ NULL, curve_list), 0);
/* Server side */
- TEST_EQUAL( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
- MBEDTLS_PK_ECDSA, NULL, NULL,
- NULL, NULL ), 0 );
+ TEST_EQUAL(mbedtls_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_PK_ECDSA, NULL, NULL,
+ NULL, NULL), 0);
- TEST_EQUAL( mbedtls_mock_socket_connect( &(client.socket),
- &(server.socket),
- BUFFSIZE ), 0 );
+ TEST_EQUAL(mbedtls_mock_socket_connect(&(client.socket),
+ &(server.socket),
+ BUFFSIZE), 0);
- TEST_EQUAL( mbedtls_move_handshake_to_state( &(client.ssl),
- &(server.ssl),
- MBEDTLS_SSL_CLIENT_KEY_EXCHANGE )
- , 0 );
+ TEST_EQUAL(mbedtls_move_handshake_to_state(&(client.ssl),
+ &(server.ssl),
+ MBEDTLS_SSL_CLIENT_KEY_EXCHANGE)
+ , 0);
- mbedtls_psa_get_stats( &stats );
+ mbedtls_psa_get_stats(&stats);
/* Save the number of slots in use up to this point.
* With PSA, one can be used for the ECDH private key. */
free_slots_before = stats.empty_slots;
- if( bad_server_ecdhe_key )
- {
+ if (bad_server_ecdhe_key) {
/* Force a simulated bitflip in the server key. to make the
* raw key agreement in ssl_write_client_key_exchange fail. */
(client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02;
}
- TEST_EQUAL( mbedtls_move_handshake_to_state( &(client.ssl),
- &(server.ssl),
- MBEDTLS_SSL_HANDSHAKE_OVER ),
- bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0 );
+ TEST_EQUAL(mbedtls_move_handshake_to_state(&(client.ssl),
+ &(server.ssl),
+ MBEDTLS_SSL_HANDSHAKE_OVER),
+ bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0);
- mbedtls_psa_get_stats( &stats );
+ mbedtls_psa_get_stats(&stats);
/* Make sure that the key slot is already destroyed in case of failure,
* without waiting to close the connection. */
- if( bad_server_ecdhe_key )
- TEST_EQUAL( free_slots_before, stats.empty_slots );
+ if (bad_server_ecdhe_key) {
+ TEST_EQUAL(free_slots_before, stats.empty_slots);
+ }
exit:
- mbedtls_endpoint_free( &client, NULL );
- mbedtls_endpoint_free( &server, NULL );
+ mbedtls_endpoint_free(&client, NULL);
+ mbedtls_endpoint_free(&server, NULL);
- USE_PSA_DONE( );
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE:MBEDTLS_TEST_HOOKS */
-void cookie_parsing( data_t *cookie, int exp_ret )
+void cookie_parsing(data_t *cookie, int exp_ret)
{
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
size_t len;
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- TEST_EQUAL( mbedtls_ssl_config_defaults( &conf, MBEDTLS_SSL_IS_SERVER,
- MBEDTLS_SSL_TRANSPORT_DATAGRAM,
- MBEDTLS_SSL_PRESET_DEFAULT ),
- 0 );
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ MBEDTLS_SSL_PRESET_DEFAULT),
+ 0);
- TEST_EQUAL( mbedtls_ssl_setup( &ssl, &conf ), 0 );
- TEST_EQUAL( mbedtls_ssl_check_dtls_clihlo_cookie( &ssl, ssl.cli_id,
- ssl.cli_id_len,
- cookie->x, cookie->len,
- ssl.out_buf,
- MBEDTLS_SSL_OUT_CONTENT_LEN,
- &len ),
- exp_ret );
+ TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0);
+ TEST_EQUAL(mbedtls_ssl_check_dtls_clihlo_cookie(&ssl, ssl.cli_id,
+ ssl.cli_id_len,
+ cookie->x, cookie->len,
+ ssl.out_buf,
+ MBEDTLS_SSL_OUT_CONTENT_LEN,
+ &len),
+ exp_ret);
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function
index 74dc823..59c1207 100644
--- a/tests/suites/test_suite_timing.function
+++ b/tests/suites/test_suite_timing.function
@@ -17,7 +17,7 @@
*/
/* BEGIN_CASE */
-void timing_hardclock( )
+void timing_hardclock()
{
(void) mbedtls_timing_hardclock();
/* This goto is added to avoid warnings from the generated code. */
@@ -26,49 +26,43 @@
/* END_CASE */
/* BEGIN_CASE */
-void timing_get_timer( )
+void timing_get_timer()
{
struct mbedtls_timing_hr_time time;
- (void) mbedtls_timing_get_timer( &time, 1 );
- (void) mbedtls_timing_get_timer( &time, 0 );
+ (void) mbedtls_timing_get_timer(&time, 1);
+ (void) mbedtls_timing_get_timer(&time, 0);
/* This goto is added to avoid warnings from the generated code. */
goto exit;
}
/* END_CASE */
/* BEGIN_CASE */
-void timing_set_alarm( int seconds )
+void timing_set_alarm(int seconds)
{
- if( seconds == 0 )
- {
- mbedtls_set_alarm( seconds );
- TEST_ASSERT( mbedtls_timing_alarmed == 1 );
- }
- else
- {
- mbedtls_set_alarm( seconds );
- TEST_ASSERT( mbedtls_timing_alarmed == 0 ||
- mbedtls_timing_alarmed == 1 );
+ if (seconds == 0) {
+ mbedtls_set_alarm(seconds);
+ TEST_ASSERT(mbedtls_timing_alarmed == 1);
+ } else {
+ mbedtls_set_alarm(seconds);
+ TEST_ASSERT(mbedtls_timing_alarmed == 0 ||
+ mbedtls_timing_alarmed == 1);
}
}
/* END_CASE */
/* BEGIN_CASE */
-void timing_delay( int fin_ms )
+void timing_delay(int fin_ms)
{
mbedtls_timing_delay_context ctx;
int result;
- if( fin_ms == 0 )
- {
- mbedtls_timing_set_delay( &ctx, 0, 0 );
- result = mbedtls_timing_get_delay( &ctx );
- TEST_ASSERT( result == -1 );
- }
- else
- {
- mbedtls_timing_set_delay( &ctx, fin_ms / 2, fin_ms );
- result = mbedtls_timing_get_delay( &ctx );
- TEST_ASSERT( result >= 0 && result <= 2 );
+ if (fin_ms == 0) {
+ mbedtls_timing_set_delay(&ctx, 0, 0);
+ result = mbedtls_timing_get_delay(&ctx);
+ TEST_ASSERT(result == -1);
+ } else {
+ mbedtls_timing_set_delay(&ctx, fin_ms / 2, fin_ms);
+ result = mbedtls_timing_get_delay(&ctx);
+ TEST_ASSERT(result >= 0 && result <= 2);
}
}
/* END_CASE */
diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function
index 7d59794..981f8ab 100644
--- a/tests/suites/test_suite_version.function
+++ b/tests/suites/test_suite_version.function
@@ -8,34 +8,34 @@
*/
/* BEGIN_CASE */
-void check_compiletime_version( char * version_str )
+void check_compiletime_version(char *version_str)
{
char build_str[100];
char build_str_full[100];
unsigned int build_int;
- memset( build_str, 0, 100 );
- memset( build_str_full, 0, 100 );
+ memset(build_str, 0, 100);
+ memset(build_str_full, 0, 100);
- mbedtls_snprintf( build_str, 100, "%d.%d.%d", MBEDTLS_VERSION_MAJOR,
- MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH );
+ mbedtls_snprintf(build_str, 100, "%d.%d.%d", MBEDTLS_VERSION_MAJOR,
+ MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH);
- mbedtls_snprintf( build_str_full, 100, "mbed TLS %d.%d.%d", MBEDTLS_VERSION_MAJOR,
- MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH );
+ mbedtls_snprintf(build_str_full, 100, "mbed TLS %d.%d.%d", MBEDTLS_VERSION_MAJOR,
+ MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH);
build_int = MBEDTLS_VERSION_MAJOR << 24 |
- MBEDTLS_VERSION_MINOR << 16 |
- MBEDTLS_VERSION_PATCH << 8;
+ MBEDTLS_VERSION_MINOR << 16 |
+ MBEDTLS_VERSION_PATCH << 8;
- TEST_ASSERT( build_int == MBEDTLS_VERSION_NUMBER );
- TEST_ASSERT( strcmp( build_str, MBEDTLS_VERSION_STRING ) == 0 );
- TEST_ASSERT( strcmp( build_str_full, MBEDTLS_VERSION_STRING_FULL ) == 0 );
- TEST_ASSERT( strcmp( version_str, MBEDTLS_VERSION_STRING ) == 0 );
+ TEST_ASSERT(build_int == MBEDTLS_VERSION_NUMBER);
+ TEST_ASSERT(strcmp(build_str, MBEDTLS_VERSION_STRING) == 0);
+ TEST_ASSERT(strcmp(build_str_full, MBEDTLS_VERSION_STRING_FULL) == 0);
+ TEST_ASSERT(strcmp(version_str, MBEDTLS_VERSION_STRING) == 0);
}
/* END_CASE */
/* BEGIN_CASE */
-void check_runtime_version( char * version_str )
+void check_runtime_version(char *version_str)
{
char build_str[100];
char get_str[100];
@@ -43,31 +43,31 @@
char get_str_full[100];
unsigned int get_int;
- memset( build_str, 0, 100 );
- memset( get_str, 0, 100 );
- memset( build_str_full, 0, 100 );
- memset( get_str_full, 0, 100 );
+ memset(build_str, 0, 100);
+ memset(get_str, 0, 100);
+ memset(build_str_full, 0, 100);
+ memset(get_str_full, 0, 100);
get_int = mbedtls_version_get_number();
- mbedtls_version_get_string( get_str );
- mbedtls_version_get_string_full( get_str_full );
+ mbedtls_version_get_string(get_str);
+ mbedtls_version_get_string_full(get_str_full);
- mbedtls_snprintf( build_str, 100, "%u.%u.%u",
- (get_int >> 24) & 0xFF,
- (get_int >> 16) & 0xFF,
- (get_int >> 8) & 0xFF );
- mbedtls_snprintf( build_str_full, 100, "mbed TLS %s", version_str );
+ mbedtls_snprintf(build_str, 100, "%u.%u.%u",
+ (get_int >> 24) & 0xFF,
+ (get_int >> 16) & 0xFF,
+ (get_int >> 8) & 0xFF);
+ mbedtls_snprintf(build_str_full, 100, "mbed TLS %s", version_str);
- TEST_ASSERT( strcmp( build_str, version_str ) == 0 );
- TEST_ASSERT( strcmp( build_str_full, get_str_full ) == 0 );
- TEST_ASSERT( strcmp( version_str, get_str ) == 0 );
+ TEST_ASSERT(strcmp(build_str, version_str) == 0);
+ TEST_ASSERT(strcmp(build_str_full, get_str_full) == 0);
+ TEST_ASSERT(strcmp(version_str, get_str) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_VERSION_FEATURES */
-void check_feature( char *feature, int result )
+void check_feature(char *feature, int result)
{
- int check = mbedtls_version_check_feature( feature );
- TEST_ASSERT( check == result );
+ int check = mbedtls_version_check_feature(feature);
+ TEST_ASSERT(check == result);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index ba5c860..91ac00d 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -12,8 +12,8 @@
#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
-than the current threshold 19. To test larger values, please \
-adapt the script tests/data_files/dir-max/long.sh."
+ than the current threshold 19. To test larger values, please \
+ adapt the script tests/data_files/dir-max/long.sh."
#endif
/* Test-only profile allowing all digests, PK algorithms, and curves. */
@@ -29,12 +29,12 @@
profile. */
const mbedtls_x509_crt_profile compat_profile =
{
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_RIPEMD160) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA224) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
0xFFFFFFFF, /* Any PK alg */
0xFFFFFFFF, /* Any curve */
1024,
@@ -42,23 +42,23 @@
const mbedtls_x509_crt_profile profile_rsa3072 =
{
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
- MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ),
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_RSA),
0,
3072,
};
const mbedtls_x509_crt_profile profile_sha512 =
{
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
0xFFFFFFFF, /* Any PK alg */
0xFFFFFFFF, /* Any curve */
1024,
};
-int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
+int verify_none(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags)
{
((void) data);
((void) crt);
@@ -68,7 +68,7 @@
return 0;
}
-int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
+int verify_all(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags)
{
((void) data);
((void) crt);
@@ -79,7 +79,7 @@
}
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
-int ca_callback_fail( void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates )
+int ca_callback_fail(void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates)
{
((void) data);
((void) child);
@@ -88,8 +88,8 @@
return -1;
}
-int ca_callback( void *data, mbedtls_x509_crt const *child,
- mbedtls_x509_crt **candidates )
+int ca_callback(void *data, mbedtls_x509_crt const *child,
+ mbedtls_x509_crt **candidates)
{
int ret = 0;
mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
@@ -105,25 +105,21 @@
* and parent `Subject` field. */
((void) child);
- first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
- if( first == NULL )
- {
+ first = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
+ if (first == NULL) {
ret = -1;
goto exit;
}
- mbedtls_x509_crt_init( first );
+ mbedtls_x509_crt_init(first);
- if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
- {
+ if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
ret = -1;
goto exit;
}
- while( ca->next != NULL )
- {
+ while (ca->next != NULL) {
ca = ca->next;
- if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
- {
+ if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
ret = -1;
goto exit;
}
@@ -131,19 +127,18 @@
exit:
- if( ret != 0 )
- {
- mbedtls_x509_crt_free( first );
- mbedtls_free( first );
+ if (ret != 0) {
+ mbedtls_x509_crt_free(first);
+ mbedtls_free(first);
first = NULL;
}
*candidates = first;
- return( ret );
+ return ret;
}
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-int verify_fatal( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
+int verify_fatal(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags)
{
int *levels = (int *) data;
@@ -151,13 +146,12 @@
((void) certificate_depth);
/* Simulate a fatal error in the callback */
- if( *levels & ( 1 << certificate_depth ) )
- {
- *flags |= ( 1 << certificate_depth );
- return( -1 - certificate_depth );
+ if (*levels & (1 << certificate_depth)) {
+ *flags |= (1 << certificate_depth);
+ return -1 - certificate_depth;
}
- return( 0 );
+ return 0;
}
/* strsep() not available on Windows */
@@ -166,28 +160,27 @@
const char *p;
char *ret = *stringp;
- if( *stringp == NULL )
- return( NULL );
+ if (*stringp == NULL) {
+ return NULL;
+ }
- for( ; ; (*stringp)++ )
- {
- if( **stringp == '\0' )
- {
+ for (;; (*stringp)++) {
+ if (**stringp == '\0') {
*stringp = NULL;
goto done;
}
- for( p = delim; *p != '\0'; p++ )
- if( **stringp == *p )
- {
+ for (p = delim; *p != '\0'; p++) {
+ if (**stringp == *p) {
**stringp = '\0';
(*stringp)++;
goto done;
}
+ }
}
done:
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -196,195 +189,204 @@
char *p;
} verify_print_context;
-void verify_print_init( verify_print_context *ctx )
+void verify_print_init(verify_print_context *ctx)
{
- memset( ctx, 0, sizeof( verify_print_context ) );
+ memset(ctx, 0, sizeof(verify_print_context));
ctx->p = ctx->buf;
}
-int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
+int verify_print(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags)
{
int ret;
verify_print_context *ctx = (verify_print_context *) data;
char *p = ctx->p;
- size_t n = ctx->buf + sizeof( ctx->buf ) - ctx->p;
+ size_t n = ctx->buf + sizeof(ctx->buf) - ctx->p;
((void) flags);
- ret = mbedtls_snprintf( p, n, "depth %d - serial ", certificate_depth );
+ ret = mbedtls_snprintf(p, n, "depth %d - serial ", certificate_depth);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
+ ret = mbedtls_x509_serial_gets(p, n, &crt->serial);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, " - subject " );
+ ret = mbedtls_snprintf(p, n, " - subject ");
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
+ ret = mbedtls_x509_dn_gets(p, n, &crt->subject);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, " - flags 0x%08x\n", *flags );
+ ret = mbedtls_snprintf(p, n, " - flags 0x%08x\n", *flags);
MBEDTLS_X509_SAFE_SNPRINTF;
ctx->p = p;
- return( 0 );
+ return 0;
}
-int verify_parse_san( mbedtls_x509_subject_alternative_name *san,
- char **buf, size_t *size )
+int verify_parse_san(mbedtls_x509_subject_alternative_name *san,
+ char **buf, size_t *size)
{
int ret;
size_t i;
char *p = *buf;
size_t n = *size;
- ret = mbedtls_snprintf( p, n, "type : %d", san->type );
+ ret = mbedtls_snprintf(p, n, "type : %d", san->type);
MBEDTLS_X509_SAFE_SNPRINTF;
- switch( san->type )
- {
- case( MBEDTLS_X509_SAN_OTHER_NAME ):
- ret = mbedtls_snprintf( p, n, "\notherName :");
+ switch (san->type) {
+ case (MBEDTLS_X509_SAN_OTHER_NAME):
+ ret = mbedtls_snprintf(p, n, "\notherName :");
MBEDTLS_X509_SAFE_SNPRINTF;
- if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
- &san->san.other_name.value.hardware_module_name.oid ) != 0 )
- {
- ret = mbedtls_snprintf( p, n, " hardware module name :" );
+ if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME,
+ &san->san.other_name.value.hardware_module_name.oid) != 0) {
+ ret = mbedtls_snprintf(p, n, " hardware module name :");
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, " hardware type : " );
+ ret = mbedtls_snprintf(p, n, " hardware type : ");
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_oid_get_numeric_string( p, n,
- &san->san.other_name.value.hardware_module_name.oid );
+ ret = mbedtls_oid_get_numeric_string(p,
+ n,
+ &san->san.other_name.value.hardware_module_name.oid);
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
+ ret = mbedtls_snprintf(p, n, ", hardware serial number : ");
MBEDTLS_X509_SAFE_SNPRINTF;
- for( i = 0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
- {
- ret = mbedtls_snprintf( p, n, "%02X", san->san.other_name.value.hardware_module_name.val.p[i] );
+ for (i = 0; i < san->san.other_name.value.hardware_module_name.val.len; i++) {
+ ret = mbedtls_snprintf(p,
+ n,
+ "%02X",
+ san->san.other_name.value.hardware_module_name.val.p[i]);
MBEDTLS_X509_SAFE_SNPRINTF;
}
}
- break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */
- case( MBEDTLS_X509_SAN_DNS_NAME ):
- ret = mbedtls_snprintf( p, n, "\ndNSName : " );
+ break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */
+ case (MBEDTLS_X509_SAN_DNS_NAME):
+ ret = mbedtls_snprintf(p, n, "\ndNSName : ");
MBEDTLS_X509_SAFE_SNPRINTF;
- if( san->san.unstructured_name.len >= n )
- {
+ if (san->san.unstructured_name.len >= n) {
*p = '\0';
- return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
}
n -= san->san.unstructured_name.len;
- for( i = 0; i < san->san.unstructured_name.len; i++ )
+ for (i = 0; i < san->san.unstructured_name.len; i++) {
*p++ = san->san.unstructured_name.p[i];
- break;/* MBEDTLS_X509_SAN_DNS_NAME */
+ }
+ break;/* MBEDTLS_X509_SAN_DNS_NAME */
default:
- /*
- * Should not happen.
- */
- return( -1 );
+ /*
+ * Should not happen.
+ */
+ return -1;
}
- ret = mbedtls_snprintf( p, n, "\n" );
+ ret = mbedtls_snprintf(p, n, "\n");
MBEDTLS_X509_SAFE_SNPRINTF;
*size = n;
*buf = p;
- return( 0 );
+ return 0;
}
-int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid,
- int critical, const unsigned char *cp, const unsigned char *end )
+int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid,
+ int critical, const unsigned char *cp, const unsigned char *end)
{
- ( void ) crt;
- ( void ) critical;
- mbedtls_x509_buf *new_oid = (mbedtls_x509_buf *)p_ctx;
- if( oid->tag == MBEDTLS_ASN1_OID &&
- MBEDTLS_OID_CMP( MBEDTLS_OID_CERTIFICATE_POLICIES, oid ) == 0 )
- {
+ (void) crt;
+ (void) critical;
+ mbedtls_x509_buf *new_oid = (mbedtls_x509_buf *) p_ctx;
+ if (oid->tag == MBEDTLS_ASN1_OID &&
+ MBEDTLS_OID_CMP(MBEDTLS_OID_CERTIFICATE_POLICIES, oid) == 0) {
/* Handle unknown certificate policy */
int ret, parse_ret = 0;
size_t len;
- unsigned char **p = (unsigned char **)&cp;
+ unsigned char **p = (unsigned char **) &cp;
/* Get main sequence tag */
- ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE );
- if( ret != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+ if (ret != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
- if( *p + len != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p + len != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
/*
* Cannot be an empty sequence.
*/
- if( len == 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (len == 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- while( *p < end )
- {
+ while (*p < end) {
const unsigned char *policy_end;
/*
* Get the policy sequence
*/
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) !=
+ 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
policy_end = *p + len;
- if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len,
- MBEDTLS_ASN1_OID ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len,
+ MBEDTLS_ASN1_OID)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
/*
* Recognize exclusively the policy with OID 1
*/
- if( len != 1 || *p[0] != 1 )
+ if (len != 1 || *p[0] != 1) {
parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
+ }
*p += len;
- /*
- * If there is an optional qualifier, then *p < policy_end
- * Check the Qualifier len to verify it doesn't exceed policy_end.
- */
- if( *p < policy_end )
- {
- if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ /*
+ * If there is an optional qualifier, then *p < policy_end
+ * Check the Qualifier len to verify it doesn't exceed policy_end.
+ */
+ if (*p < policy_end) {
+ if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
/*
* Skip the optional policy qualifiers.
*/
*p += len;
}
- if( *p != policy_end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p != policy_end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
}
- if( *p != end )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ if (*p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
- return( parse_ret );
+ return parse_ret;
+ } else if (new_oid != NULL && new_oid->tag == oid->tag && new_oid->len == oid->len &&
+ memcmp(new_oid->p, oid->p, oid->len) == 0) {
+ return 0;
+ } else {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
}
- else if( new_oid != NULL && new_oid->tag == oid->tag && new_oid->len == oid->len &&
- memcmp( new_oid->p, oid->p, oid->len ) == 0 )
- return( 0 );
- else
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/* END_HEADER */
@@ -395,7 +397,7 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void x509_parse_san( char * crt_file, char * result_str )
+void x509_parse_san(char *crt_file, char *result_str)
{
int ret;
mbedtls_x509_crt crt;
@@ -403,142 +405,141 @@
mbedtls_x509_sequence *cur = NULL;
char buf[2000];
char *p = buf;
- size_t n = sizeof( buf );
+ size_t n = sizeof(buf);
- mbedtls_x509_crt_init( &crt );
- memset( buf, 0, 2000 );
+ mbedtls_x509_crt_init(&crt);
+ memset(buf, 0, 2000);
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
- if( crt.ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
- {
+ if (crt.ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
cur = &crt.subject_alt_names;
- while( cur != NULL )
- {
- ret = mbedtls_x509_parse_subject_alt_name( &cur->buf, &san );
- TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
+ while (cur != NULL) {
+ ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san);
+ TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE);
/*
* If san type not supported, ignore.
*/
- if( ret == 0)
- TEST_ASSERT( verify_parse_san( &san, &p, &n ) == 0 );
+ if (ret == 0) {
+ TEST_ASSERT(verify_parse_san(&san, &p, &n) == 0);
+ }
cur = cur->next;
}
}
- TEST_ASSERT( strcmp( buf, result_str ) == 0 );
+ TEST_ASSERT(strcmp(buf, result_str) == 0);
exit:
- mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free(&crt);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void x509_cert_info( char * crt_file, char * result_str )
+void x509_cert_info(char *crt_file, char *result_str)
{
mbedtls_x509_crt crt;
char buf[2000];
int res;
- mbedtls_x509_crt_init( &crt );
- memset( buf, 0, 2000 );
+ mbedtls_x509_crt_init(&crt);
+ memset(buf, 0, 2000);
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
- res = mbedtls_x509_crt_info( buf, 2000, "", &crt );
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ res = mbedtls_x509_crt_info(buf, 2000, "", &crt);
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
+ TEST_ASSERT(res != -1);
+ TEST_ASSERT(res != -2);
- TEST_ASSERT( strcmp( buf, result_str ) == 0 );
+ TEST_ASSERT(strcmp(buf, result_str) == 0);
exit:
- mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free(&crt);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
-void mbedtls_x509_crl_info( char * crl_file, char * result_str )
+void mbedtls_x509_crl_info(char *crl_file, char *result_str)
{
mbedtls_x509_crl crl;
char buf[2000];
int res;
- mbedtls_x509_crl_init( &crl );
- memset( buf, 0, 2000 );
+ mbedtls_x509_crl_init(&crl);
+ memset(buf, 0, 2000);
- TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
- res = mbedtls_x509_crl_info( buf, 2000, "", &crl );
+ TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == 0);
+ res = mbedtls_x509_crl_info(buf, 2000, "", &crl);
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
+ TEST_ASSERT(res != -1);
+ TEST_ASSERT(res != -2);
- TEST_ASSERT( strcmp( buf, result_str ) == 0 );
+ TEST_ASSERT(strcmp(buf, result_str) == 0);
exit:
- mbedtls_x509_crl_free( &crl );
+ mbedtls_x509_crl_free(&crl);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
-void mbedtls_x509_crl_parse( char * crl_file, int result )
+void mbedtls_x509_crl_parse(char *crl_file, int result)
{
mbedtls_x509_crl crl;
char buf[2000];
- mbedtls_x509_crl_init( &crl );
- memset( buf, 0, 2000 );
+ mbedtls_x509_crl_init(&crl);
+ memset(buf, 0, 2000);
- TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == result );
+ TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == result);
exit:
- mbedtls_x509_crl_free( &crl );
+ mbedtls_x509_crl_free(&crl);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */
-void mbedtls_x509_csr_info( char * csr_file, char * result_str )
+void mbedtls_x509_csr_info(char *csr_file, char *result_str)
{
mbedtls_x509_csr csr;
char buf[2000];
int res;
- mbedtls_x509_csr_init( &csr );
- memset( buf, 0, 2000 );
+ mbedtls_x509_csr_init(&csr);
+ memset(buf, 0, 2000);
- TEST_ASSERT( mbedtls_x509_csr_parse_file( &csr, csr_file ) == 0 );
- res = mbedtls_x509_csr_info( buf, 2000, "", &csr );
+ TEST_ASSERT(mbedtls_x509_csr_parse_file(&csr, csr_file) == 0);
+ res = mbedtls_x509_csr_info(buf, 2000, "", &csr);
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
+ TEST_ASSERT(res != -1);
+ TEST_ASSERT(res != -2);
- TEST_ASSERT( strcmp( buf, result_str ) == 0 );
+ TEST_ASSERT(strcmp(buf, result_str) == 0);
exit:
- mbedtls_x509_csr_free( &csr );
+ mbedtls_x509_csr_free(&csr);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
-void x509_verify_info( int flags, char * prefix, char * result_str )
+void x509_verify_info(int flags, char *prefix, char *result_str)
{
char buf[2000];
int res;
- memset( buf, 0, sizeof( buf ) );
+ memset(buf, 0, sizeof(buf));
- res = mbedtls_x509_crt_verify_info( buf, sizeof( buf ), prefix, flags );
+ res = mbedtls_x509_crt_verify_info(buf, sizeof(buf), prefix, flags);
- TEST_ASSERT( res >= 0 );
+ TEST_ASSERT(res >= 0);
- TEST_ASSERT( strcmp( buf, result_str ) == 0 );
+ TEST_ASSERT(strcmp(buf, result_str) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */
-void x509_verify_restart( char *crt_file, char *ca_file,
- int result, int flags_result,
- int max_ops, int min_restart, int max_restart )
+void x509_verify_restart(char *crt_file, char *ca_file,
+ int result, int flags_result,
+ int max_ops, int min_restart, int max_restart)
{
int ret, cnt_restart;
mbedtls_x509_crt_restart_ctx rs_ctx;
@@ -556,46 +557,46 @@
* - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500
*/
- mbedtls_x509_crt_restart_init( &rs_ctx );
- mbedtls_x509_crt_init( &crt );
- mbedtls_x509_crt_init( &ca );
+ mbedtls_x509_crt_restart_init(&rs_ctx);
+ mbedtls_x509_crt_init(&crt);
+ mbedtls_x509_crt_init(&ca);
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
- mbedtls_ecp_set_max_ops( max_ops );
+ mbedtls_ecp_set_max_ops(max_ops);
cnt_restart = 0;
do {
- ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL,
- &mbedtls_x509_crt_profile_default, NULL, &flags,
- NULL, NULL, &rs_ctx );
- } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+ ret = mbedtls_x509_crt_verify_restartable(&crt, &ca, NULL,
+ &mbedtls_x509_crt_profile_default, NULL, &flags,
+ NULL, NULL, &rs_ctx);
+ } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
- TEST_ASSERT( ret == result );
- TEST_ASSERT( flags == (uint32_t) flags_result );
+ TEST_ASSERT(ret == result);
+ TEST_ASSERT(flags == (uint32_t) flags_result);
- TEST_ASSERT( cnt_restart >= min_restart );
- TEST_ASSERT( cnt_restart <= max_restart );
+ TEST_ASSERT(cnt_restart >= min_restart);
+ TEST_ASSERT(cnt_restart <= max_restart);
/* Do we leak memory when aborting? */
- ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL,
- &mbedtls_x509_crt_profile_default, NULL, &flags,
- NULL, NULL, &rs_ctx );
- TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+ ret = mbedtls_x509_crt_verify_restartable(&crt, &ca, NULL,
+ &mbedtls_x509_crt_profile_default, NULL, &flags,
+ NULL, NULL, &rs_ctx);
+ TEST_ASSERT(ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
exit:
- mbedtls_x509_crt_restart_free( &rs_ctx );
- mbedtls_x509_crt_free( &crt );
- mbedtls_x509_crt_free( &ca );
+ mbedtls_x509_crt_restart_free(&rs_ctx);
+ mbedtls_x509_crt_free(&crt);
+ mbedtls_x509_crt_free(&ca);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
-void x509_verify( char *crt_file, char *ca_file, char *crl_file,
- char *cn_name_str, int result, int flags_result,
- char *profile_str,
- char *verify_callback )
+void x509_verify(char *crt_file, char *ca_file, char *crl_file,
+ char *cn_name_str, int result, int flags_result,
+ char *profile_str,
+ char *verify_callback)
{
mbedtls_x509_crt crt;
mbedtls_x509_crt ca;
@@ -603,103 +604,120 @@
uint32_t flags = 0;
int res;
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL;
- char * cn_name = NULL;
+ char *cn_name = NULL;
const mbedtls_x509_crt_profile *profile;
- mbedtls_x509_crt_init( &crt );
- mbedtls_x509_crt_init( &ca );
- mbedtls_x509_crl_init( &crl );
+ mbedtls_x509_crt_init(&crt);
+ mbedtls_x509_crt_init(&ca);
+ mbedtls_x509_crl_init(&crl);
- USE_PSA_INIT( );
+ USE_PSA_INIT();
- if( strcmp( cn_name_str, "NULL" ) != 0 )
+ if (strcmp(cn_name_str, "NULL") != 0) {
cn_name = cn_name_str;
+ }
- if( strcmp( profile_str, "" ) == 0 )
+ if (strcmp(profile_str, "") == 0) {
profile = &mbedtls_x509_crt_profile_default;
- else if( strcmp( profile_str, "next" ) == 0 )
+ } else if (strcmp(profile_str, "next") == 0) {
profile = &mbedtls_x509_crt_profile_next;
- else if( strcmp( profile_str, "suite_b" ) == 0 )
+ } else if (strcmp(profile_str, "suite_b") == 0) {
profile = &mbedtls_x509_crt_profile_suiteb;
- else if( strcmp( profile_str, "compat" ) == 0 )
+ } else if (strcmp(profile_str, "compat") == 0) {
profile = &compat_profile;
- else if( strcmp( profile_str, "all" ) == 0 )
+ } else if (strcmp(profile_str, "all") == 0) {
profile = &profile_all;
- else
- TEST_ASSERT( "Unknown algorithm profile" == 0 );
+ } else {
+ TEST_ASSERT("Unknown algorithm profile" == 0);
+ }
- if( strcmp( verify_callback, "NULL" ) == 0 )
+ if (strcmp(verify_callback, "NULL") == 0) {
f_vrfy = NULL;
- else if( strcmp( verify_callback, "verify_none" ) == 0 )
+ } else if (strcmp(verify_callback, "verify_none") == 0) {
f_vrfy = verify_none;
- else if( strcmp( verify_callback, "verify_all" ) == 0 )
+ } else if (strcmp(verify_callback, "verify_all") == 0) {
f_vrfy = verify_all;
- else
- TEST_ASSERT( "No known verify callback selected" == 0 );
+ } else {
+ TEST_ASSERT("No known verify callback selected" == 0);
+ }
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
- TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
+ TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == 0);
- res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, cn_name, &flags, f_vrfy, NULL );
+ res = mbedtls_x509_crt_verify_with_profile(&crt,
+ &ca,
+ &crl,
+ profile,
+ cn_name,
+ &flags,
+ f_vrfy,
+ NULL);
- TEST_ASSERT( res == ( result ) );
- TEST_ASSERT( flags == (uint32_t)( flags_result ) );
+ TEST_ASSERT(res == (result));
+ TEST_ASSERT(flags == (uint32_t) (flags_result));
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/* CRLs aren't supported with CA callbacks, so skip the CA callback
* version of the test if CRLs are in use. */
- if( crl_file == NULL || strcmp( crl_file, "" ) == 0 )
- {
+ if (crl_file == NULL || strcmp(crl_file, "") == 0) {
flags = 0;
- res = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback, &ca, profile, cn_name, &flags, f_vrfy, NULL );
+ res = mbedtls_x509_crt_verify_with_ca_cb(&crt,
+ ca_callback,
+ &ca,
+ profile,
+ cn_name,
+ &flags,
+ f_vrfy,
+ NULL);
- TEST_ASSERT( res == ( result ) );
- TEST_ASSERT( flags == (uint32_t)( flags_result ) );
+ TEST_ASSERT(res == (result));
+ TEST_ASSERT(flags == (uint32_t) (flags_result));
}
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
exit:
- mbedtls_x509_crt_free( &crt );
- mbedtls_x509_crt_free( &ca );
- mbedtls_x509_crl_free( &crl );
- USE_PSA_DONE( );
+ mbedtls_x509_crt_free(&crt);
+ mbedtls_x509_crt_free(&ca);
+ mbedtls_x509_crl_free(&crl);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-void x509_verify_ca_cb_failure( char *crt_file, char *ca_file, char *name,
- int exp_ret )
+void x509_verify_ca_cb_failure(char *crt_file, char *ca_file, char *name,
+ int exp_ret)
{
int ret;
mbedtls_x509_crt crt;
mbedtls_x509_crt ca;
uint32_t flags = 0;
- mbedtls_x509_crt_init( &crt );
- mbedtls_x509_crt_init( &ca );
+ mbedtls_x509_crt_init(&crt);
+ mbedtls_x509_crt_init(&ca);
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
- if( strcmp( name, "NULL" ) == 0 )
+ if (strcmp(name, "NULL") == 0) {
name = NULL;
+ }
- ret = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback_fail, &ca,
- &compat_profile, name, &flags,
- NULL, NULL );
+ ret = mbedtls_x509_crt_verify_with_ca_cb(&crt, ca_callback_fail, &ca,
+ &compat_profile, name, &flags,
+ NULL, NULL);
- TEST_ASSERT( ret == exp_ret );
- TEST_ASSERT( flags == (uint32_t)( -1 ) );
+ TEST_ASSERT(ret == exp_ret);
+ TEST_ASSERT(flags == (uint32_t) (-1));
exit:
- mbedtls_x509_crt_free( &crt );
- mbedtls_x509_crt_free( &ca );
+ mbedtls_x509_crt_free(&crt);
+ mbedtls_x509_crt_free(&ca);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void x509_verify_callback( char *crt_file, char *ca_file, char *name,
- int exp_ret, char *exp_vrfy_out )
+void x509_verify_callback(char *crt_file, char *ca_file, char *name,
+ int exp_ret, char *exp_vrfy_out)
{
int ret;
mbedtls_x509_crt crt;
@@ -707,94 +725,96 @@
uint32_t flags = 0;
verify_print_context vrfy_ctx;
- mbedtls_x509_crt_init( &crt );
- mbedtls_x509_crt_init( &ca );
- verify_print_init( &vrfy_ctx );
+ mbedtls_x509_crt_init(&crt);
+ mbedtls_x509_crt_init(&ca);
+ verify_print_init(&vrfy_ctx);
- USE_PSA_INIT( );
+ USE_PSA_INIT();
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
- if( strcmp( name, "NULL" ) == 0 )
+ if (strcmp(name, "NULL") == 0) {
name = NULL;
+ }
- ret = mbedtls_x509_crt_verify_with_profile( &crt, &ca, NULL,
- &compat_profile,
- name, &flags,
- verify_print, &vrfy_ctx );
+ ret = mbedtls_x509_crt_verify_with_profile(&crt, &ca, NULL,
+ &compat_profile,
+ name, &flags,
+ verify_print, &vrfy_ctx);
- TEST_ASSERT( ret == exp_ret );
- TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 );
+ TEST_ASSERT(ret == exp_ret);
+ TEST_ASSERT(strcmp(vrfy_ctx.buf, exp_vrfy_out) == 0);
exit:
- mbedtls_x509_crt_free( &crt );
- mbedtls_x509_crt_free( &ca );
- USE_PSA_DONE( );
+ mbedtls_x509_crt_free(&crt);
+ mbedtls_x509_crt_free(&ca);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_dn_gets( char * crt_file, char * entity, char * result_str )
+void mbedtls_x509_dn_gets(char *crt_file, char *entity, char *result_str)
{
mbedtls_x509_crt crt;
char buf[2000];
int res = 0;
- mbedtls_x509_crt_init( &crt );
- memset( buf, 0, 2000 );
+ mbedtls_x509_crt_init(&crt);
+ memset(buf, 0, 2000);
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
- if( strcmp( entity, "subject" ) == 0 )
- res = mbedtls_x509_dn_gets( buf, 2000, &crt.subject );
- else if( strcmp( entity, "issuer" ) == 0 )
- res = mbedtls_x509_dn_gets( buf, 2000, &crt.issuer );
- else
- TEST_ASSERT( "Unknown entity" == 0 );
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ if (strcmp(entity, "subject") == 0) {
+ res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject);
+ } else if (strcmp(entity, "issuer") == 0) {
+ res = mbedtls_x509_dn_gets(buf, 2000, &crt.issuer);
+ } else {
+ TEST_ASSERT("Unknown entity" == 0);
+ }
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
+ TEST_ASSERT(res != -1);
+ TEST_ASSERT(res != -2);
- TEST_ASSERT( strcmp( buf, result_str ) == 0 );
+ TEST_ASSERT(strcmp(buf, result_str) == 0);
exit:
- mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free(&crt);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
-void mbedtls_x509_dn_gets_subject_replace( char * crt_file, char * new_subject_ou, char * result_str, int ret )
+void mbedtls_x509_dn_gets_subject_replace(char *crt_file,
+ char *new_subject_ou,
+ char *result_str,
+ int ret)
{
mbedtls_x509_crt crt;
char buf[2000];
int res = 0;
- mbedtls_x509_crt_init( &crt );
- memset( buf, 0, 2000 );
+ mbedtls_x509_crt_init(&crt);
+ memset(buf, 0, 2000);
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
crt.subject.next->val.p = (unsigned char *) new_subject_ou;
- crt.subject.next->val.len = strlen( new_subject_ou );
+ crt.subject.next->val.len = strlen(new_subject_ou);
- res = mbedtls_x509_dn_gets( buf, 2000, &crt.subject );
+ res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject);
- if ( ret != 0 )
- {
- TEST_ASSERT( res == ret );
- }
- else
- {
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
- TEST_ASSERT( strcmp( buf, result_str ) == 0 );
+ if (ret != 0) {
+ TEST_ASSERT(res == ret);
+ } else {
+ TEST_ASSERT(res != -1);
+ TEST_ASSERT(res != -2);
+ TEST_ASSERT(strcmp(buf, result_str) == 0);
}
exit:
- mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free(&crt);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_get_name( char * rdn_sequence, int exp_ret )
+void mbedtls_x509_get_name(char *rdn_sequence, int exp_ret)
{
unsigned char *name;
unsigned char *p;
@@ -803,160 +823,158 @@
mbedtls_x509_name *allocated, *prev;
int ret;
- memset( &head, 0, sizeof( head ) );
+ memset(&head, 0, sizeof(head));
- name = mbedtls_test_unhexify_alloc( rdn_sequence, &name_len );
+ name = mbedtls_test_unhexify_alloc(rdn_sequence, &name_len);
p = name;
- ret = mbedtls_x509_get_name( &p, ( name + name_len ), &head );
- if( ret == 0 )
- {
+ ret = mbedtls_x509_get_name(&p, (name + name_len), &head);
+ if (ret == 0) {
allocated = head.next;
- while( allocated != NULL )
- {
+ while (allocated != NULL) {
prev = allocated;
allocated = allocated->next;
- mbedtls_free( prev );
+ mbedtls_free(prev);
}
}
- TEST_EQUAL( ret, exp_ret );
+ TEST_EQUAL(ret, exp_ret);
- mbedtls_free( name );
+ mbedtls_free(name);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_time_is_past( char * crt_file, char * entity, int result )
+void mbedtls_x509_time_is_past(char *crt_file, char *entity, int result)
{
mbedtls_x509_crt crt;
- mbedtls_x509_crt_init( &crt );
+ mbedtls_x509_crt_init(&crt);
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
- if( strcmp( entity, "valid_from" ) == 0 )
- TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_from ) == result );
- else if( strcmp( entity, "valid_to" ) == 0 )
- TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_to ) == result );
- else
- TEST_ASSERT( "Unknown entity" == 0 );
+ if (strcmp(entity, "valid_from") == 0) {
+ TEST_ASSERT(mbedtls_x509_time_is_past(&crt.valid_from) == result);
+ } else if (strcmp(entity, "valid_to") == 0) {
+ TEST_ASSERT(mbedtls_x509_time_is_past(&crt.valid_to) == result);
+ } else {
+ TEST_ASSERT("Unknown entity" == 0);
+ }
exit:
- mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free(&crt);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_time_is_future( char * crt_file, char * entity, int result )
+void mbedtls_x509_time_is_future(char *crt_file, char *entity, int result)
{
mbedtls_x509_crt crt;
- mbedtls_x509_crt_init( &crt );
+ mbedtls_x509_crt_init(&crt);
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
- if( strcmp( entity, "valid_from" ) == 0 )
- TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_from ) == result );
- else if( strcmp( entity, "valid_to" ) == 0 )
- TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_to ) == result );
- else
- TEST_ASSERT( "Unknown entity" == 0 );
+ if (strcmp(entity, "valid_from") == 0) {
+ TEST_ASSERT(mbedtls_x509_time_is_future(&crt.valid_from) == result);
+ } else if (strcmp(entity, "valid_to") == 0) {
+ TEST_ASSERT(mbedtls_x509_time_is_future(&crt.valid_to) == result);
+ } else {
+ TEST_ASSERT("Unknown entity" == 0);
+ }
exit:
- mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free(&crt);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
-void x509parse_crt_file( char * crt_file, int result )
+void x509parse_crt_file(char *crt_file, int result)
{
mbedtls_x509_crt crt;
- mbedtls_x509_crt_init( &crt );
+ mbedtls_x509_crt_init(&crt);
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == result );
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == result);
exit:
- mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free(&crt);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
-void x509parse_crt( data_t * buf, char * result_str, int result )
+void x509parse_crt(data_t *buf, char *result_str, int result)
{
mbedtls_x509_crt crt;
unsigned char output[2000];
int res;
- mbedtls_x509_crt_init( &crt );
- memset( output, 0, 2000 );
+ mbedtls_x509_crt_init(&crt);
+ memset(output, 0, 2000);
- TEST_ASSERT( mbedtls_x509_crt_parse_der( &crt, buf->x, buf->len ) == ( result ) );
- if( ( result ) == 0 )
- {
- res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
+ TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == (result));
+ if ((result) == 0) {
+ res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
+ TEST_ASSERT(res != -1);
+ TEST_ASSERT(res != -2);
- TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
+ TEST_ASSERT(strcmp((char *) output, result_str) == 0);
}
- mbedtls_x509_crt_free( &crt );
- mbedtls_x509_crt_init( &crt );
- memset( output, 0, 2000 );
+ mbedtls_x509_crt_free(&crt);
+ mbedtls_x509_crt_init(&crt);
+ memset(output, 0, 2000);
- TEST_ASSERT( mbedtls_x509_crt_parse_der_nocopy( &crt, buf->x, buf->len ) == ( result ) );
- if( ( result ) == 0 )
- {
- res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
+ TEST_ASSERT(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len) == (result));
+ if ((result) == 0) {
+ res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
+ TEST_ASSERT(res != -1);
+ TEST_ASSERT(res != -2);
- TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
+ TEST_ASSERT(strcmp((char *) output, result_str) == 0);
}
- mbedtls_x509_crt_free( &crt );
- mbedtls_x509_crt_init( &crt );
- memset( output, 0, 2000 );
+ mbedtls_x509_crt_free(&crt);
+ mbedtls_x509_crt_init(&crt);
+ memset(output, 0, 2000);
- TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, NULL, NULL ) == ( result ) );
- if( ( result ) == 0 )
- {
- res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
+ TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL,
+ NULL) == (result));
+ if ((result) == 0) {
+ res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
+ TEST_ASSERT(res != -1);
+ TEST_ASSERT(res != -2);
- TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
+ TEST_ASSERT(strcmp((char *) output, result_str) == 0);
}
- mbedtls_x509_crt_free( &crt );
- mbedtls_x509_crt_init( &crt );
- memset( output, 0, 2000 );
+ mbedtls_x509_crt_free(&crt);
+ mbedtls_x509_crt_init(&crt);
+ memset(output, 0, 2000);
- TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, NULL, NULL ) == ( result ) );
- if( ( result ) == 0 )
- {
- res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
+ TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL,
+ NULL) == (result));
+ if ((result) == 0) {
+ res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
+ TEST_ASSERT(res != -1);
+ TEST_ASSERT(res != -2);
- TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
+ TEST_ASSERT(strcmp((char *) output, result_str) == 0);
}
exit:
- mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free(&crt);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
-void x509parse_crt_cb( data_t * buf, char * result_str, int result )
+void x509parse_crt_cb(data_t *buf, char *result_str, int result)
{
mbedtls_x509_crt crt;
mbedtls_x509_buf oid;
@@ -965,119 +983,119 @@
oid.tag = MBEDTLS_ASN1_OID;
oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKIX "\x01\x1F");
- oid.p = (unsigned char *)MBEDTLS_OID_PKIX "\x01\x1F";
+ oid.p = (unsigned char *) MBEDTLS_OID_PKIX "\x01\x1F";
- mbedtls_x509_crt_init( &crt );
- memset( output, 0, 2000 );
+ mbedtls_x509_crt_init(&crt);
+ memset(output, 0, 2000);
- TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, parse_crt_ext_cb, &oid ) == ( result ) );
- if( ( result ) == 0 )
- {
- res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
+ TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, parse_crt_ext_cb,
+ &oid) == (result));
+ if ((result) == 0) {
+ res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
+ TEST_ASSERT(res != -1);
+ TEST_ASSERT(res != -2);
- TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
+ TEST_ASSERT(strcmp((char *) output, result_str) == 0);
}
- mbedtls_x509_crt_free( &crt );
- mbedtls_x509_crt_init( &crt );
- memset( output, 0, 2000 );
+ mbedtls_x509_crt_free(&crt);
+ mbedtls_x509_crt_init(&crt);
+ memset(output, 0, 2000);
- TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, parse_crt_ext_cb, &oid ) == ( result ) );
- if( ( result ) == 0 )
- {
- res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
+ TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, parse_crt_ext_cb,
+ &oid) == (result));
+ if ((result) == 0) {
+ res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
+ TEST_ASSERT(res != -1);
+ TEST_ASSERT(res != -2);
- TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
+ TEST_ASSERT(strcmp((char *) output, result_str) == 0);
}
exit:
- mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free(&crt);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C */
-void x509parse_crl( data_t * buf, char * result_str, int result )
+void x509parse_crl(data_t *buf, char *result_str, int result)
{
mbedtls_x509_crl crl;
unsigned char output[2000];
int res;
- mbedtls_x509_crl_init( &crl );
- memset( output, 0, 2000 );
+ mbedtls_x509_crl_init(&crl);
+ memset(output, 0, 2000);
- TEST_ASSERT( mbedtls_x509_crl_parse( &crl, buf->x, buf->len ) == ( result ) );
- if( ( result ) == 0 )
- {
- res = mbedtls_x509_crl_info( (char *) output, 2000, "", &crl );
+ TEST_ASSERT(mbedtls_x509_crl_parse(&crl, buf->x, buf->len) == (result));
+ if ((result) == 0) {
+ res = mbedtls_x509_crl_info((char *) output, 2000, "", &crl);
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
+ TEST_ASSERT(res != -1);
+ TEST_ASSERT(res != -2);
- TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
+ TEST_ASSERT(strcmp((char *) output, result_str) == 0);
}
exit:
- mbedtls_x509_crl_free( &crl );
+ mbedtls_x509_crl_free(&crl);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C */
-void mbedtls_x509_csr_parse( data_t * csr_der, char * ref_out, int ref_ret )
+void mbedtls_x509_csr_parse(data_t *csr_der, char *ref_out, int ref_ret)
{
mbedtls_x509_csr csr;
char my_out[1000];
int my_ret;
- mbedtls_x509_csr_init( &csr );
- memset( my_out, 0, sizeof( my_out ) );
+ mbedtls_x509_csr_init(&csr);
+ memset(my_out, 0, sizeof(my_out));
- my_ret = mbedtls_x509_csr_parse_der( &csr, csr_der->x, csr_der->len );
- TEST_ASSERT( my_ret == ref_ret );
+ my_ret = mbedtls_x509_csr_parse_der(&csr, csr_der->x, csr_der->len);
+ TEST_ASSERT(my_ret == ref_ret);
- if( ref_ret == 0 )
- {
- size_t my_out_len = mbedtls_x509_csr_info( my_out, sizeof( my_out ), "", &csr );
- TEST_ASSERT( my_out_len == strlen( ref_out ) );
- TEST_ASSERT( strcmp( my_out, ref_out ) == 0 );
+ if (ref_ret == 0) {
+ size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr);
+ TEST_ASSERT(my_out_len == strlen(ref_out));
+ TEST_ASSERT(strcmp(my_out, ref_out) == 0);
}
exit:
- mbedtls_x509_csr_free( &csr );
+ mbedtls_x509_csr_free(&csr);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_crt_parse_path( char * crt_path, int ret, int nb_crt )
+void mbedtls_x509_crt_parse_path(char *crt_path, int ret, int nb_crt)
{
mbedtls_x509_crt chain, *cur;
int i;
- mbedtls_x509_crt_init( &chain );
+ mbedtls_x509_crt_init(&chain);
- TEST_ASSERT( mbedtls_x509_crt_parse_path( &chain, crt_path ) == ret );
+ TEST_ASSERT(mbedtls_x509_crt_parse_path(&chain, crt_path) == ret);
/* Check how many certs we got */
- for( i = 0, cur = &chain; cur != NULL; cur = cur->next )
- if( cur->raw.p != NULL )
+ for (i = 0, cur = &chain; cur != NULL; cur = cur->next) {
+ if (cur->raw.p != NULL) {
i++;
+ }
+ }
- TEST_ASSERT( i == nb_crt );
+ TEST_ASSERT(i == nb_crt);
exit:
- mbedtls_x509_crt_free( &chain );
+ mbedtls_x509_crt_free(&chain);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int,
- int ret_chk, int flags_chk )
+void mbedtls_x509_crt_verify_max(char *ca_file, char *chain_dir, int nb_int,
+ int ret_chk, int flags_chk)
{
char file_buf[128];
int ret;
@@ -1089,80 +1107,82 @@
* with NN.crt signed by NN-1.crt
*/
- mbedtls_x509_crt_init( &trusted );
- mbedtls_x509_crt_init( &chain );
+ mbedtls_x509_crt_init(&trusted);
+ mbedtls_x509_crt_init(&chain);
- USE_PSA_INIT( );
+ USE_PSA_INIT();
/* Load trusted root */
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, ca_file ) == 0 );
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted, ca_file) == 0);
/* Load a chain with nb_int intermediates (from 01 to nb_int),
* plus one "end-entity" cert (nb_int + 1) */
- ret = mbedtls_snprintf( file_buf, sizeof file_buf, "%s/c%02d.pem", chain_dir,
- nb_int + 1 );
- TEST_ASSERT( ret > 0 && (size_t) ret < sizeof file_buf );
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, file_buf ) == 0 );
+ ret = mbedtls_snprintf(file_buf, sizeof file_buf, "%s/c%02d.pem", chain_dir,
+ nb_int + 1);
+ TEST_ASSERT(ret > 0 && (size_t) ret < sizeof file_buf);
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, file_buf) == 0);
/* Try to verify that chain */
- ret = mbedtls_x509_crt_verify( &chain, &trusted, NULL, NULL, &flags,
- NULL, NULL );
- TEST_ASSERT( ret == ret_chk );
- TEST_ASSERT( flags == (uint32_t) flags_chk );
+ ret = mbedtls_x509_crt_verify(&chain, &trusted, NULL, NULL, &flags,
+ NULL, NULL);
+ TEST_ASSERT(ret == ret_chk);
+ TEST_ASSERT(flags == (uint32_t) flags_chk);
exit:
- mbedtls_x509_crt_free( &chain );
- mbedtls_x509_crt_free( &trusted );
- USE_PSA_DONE( );
+ mbedtls_x509_crt_free(&chain);
+ mbedtls_x509_crt_free(&trusted);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca,
- int flags_result, int result,
- char *profile_name, int vrfy_fatal_lvls )
+void mbedtls_x509_crt_verify_chain(char *chain_paths, char *trusted_ca,
+ int flags_result, int result,
+ char *profile_name, int vrfy_fatal_lvls)
{
- char* act;
+ char *act;
uint32_t flags;
int res;
mbedtls_x509_crt trusted, chain;
const mbedtls_x509_crt_profile *profile = NULL;
- mbedtls_x509_crt_init( &chain );
- mbedtls_x509_crt_init( &trusted );
+ mbedtls_x509_crt_init(&chain);
+ mbedtls_x509_crt_init(&trusted);
- USE_PSA_INIT( );
+ USE_PSA_INIT();
- while( ( act = mystrsep( &chain_paths, " " ) ) != NULL )
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, act ) == 0 );
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, trusted_ca ) == 0 );
+ while ((act = mystrsep(&chain_paths, " ")) != NULL) {
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, act) == 0);
+ }
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted, trusted_ca) == 0);
- if( strcmp( profile_name, "" ) == 0 )
+ if (strcmp(profile_name, "") == 0) {
profile = &mbedtls_x509_crt_profile_default;
- else if( strcmp( profile_name, "next" ) == 0 )
+ } else if (strcmp(profile_name, "next") == 0) {
profile = &mbedtls_x509_crt_profile_next;
- else if( strcmp( profile_name, "suiteb" ) == 0 )
+ } else if (strcmp(profile_name, "suiteb") == 0) {
profile = &mbedtls_x509_crt_profile_suiteb;
- else if( strcmp( profile_name, "rsa3072" ) == 0 )
+ } else if (strcmp(profile_name, "rsa3072") == 0) {
profile = &profile_rsa3072;
- else if( strcmp( profile_name, "sha512" ) == 0 )
+ } else if (strcmp(profile_name, "sha512") == 0) {
profile = &profile_sha512;
+ }
- res = mbedtls_x509_crt_verify_with_profile( &chain, &trusted, NULL, profile,
- NULL, &flags, verify_fatal, &vrfy_fatal_lvls );
+ res = mbedtls_x509_crt_verify_with_profile(&chain, &trusted, NULL, profile,
+ NULL, &flags, verify_fatal, &vrfy_fatal_lvls);
- TEST_ASSERT( res == ( result ) );
- TEST_ASSERT( flags == (uint32_t)( flags_result ) );
+ TEST_ASSERT(res == (result));
+ TEST_ASSERT(flags == (uint32_t) (flags_result));
exit:
- mbedtls_x509_crt_free( &trusted );
- mbedtls_x509_crt_free( &chain );
- USE_PSA_DONE( );
+ mbedtls_x509_crt_free(&trusted);
+ mbedtls_x509_crt_free(&chain);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_oid_desc( data_t * buf, char * ref_desc )
+void x509_oid_desc(data_t *buf, char *ref_desc)
{
mbedtls_x509_buf oid;
const char *desc = NULL;
@@ -1173,114 +1193,110 @@
oid.p = buf->x;
oid.len = buf->len;
- ret = mbedtls_oid_get_extended_key_usage( &oid, &desc );
+ ret = mbedtls_oid_get_extended_key_usage(&oid, &desc);
- if( strcmp( ref_desc, "notfound" ) == 0 )
- {
- TEST_ASSERT( ret != 0 );
- TEST_ASSERT( desc == NULL );
- }
- else
- {
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( desc != NULL );
- TEST_ASSERT( strcmp( desc, ref_desc ) == 0 );
+ if (strcmp(ref_desc, "notfound") == 0) {
+ TEST_ASSERT(ret != 0);
+ TEST_ASSERT(desc == NULL);
+ } else {
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(desc != NULL);
+ TEST_ASSERT(strcmp(desc, ref_desc) == 0);
}
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_oid_numstr( data_t * oid_buf, char * numstr, int blen, int ret )
+void x509_oid_numstr(data_t *oid_buf, char *numstr, int blen, int ret)
{
mbedtls_x509_buf oid;
char num_buf[100];
- memset( num_buf, 0x2a, sizeof num_buf );
+ memset(num_buf, 0x2a, sizeof num_buf);
oid.tag = MBEDTLS_ASN1_OID;
oid.p = oid_buf->x;
oid.len = oid_buf->len;
- TEST_ASSERT( (size_t) blen <= sizeof num_buf );
+ TEST_ASSERT((size_t) blen <= sizeof num_buf);
- TEST_ASSERT( mbedtls_oid_get_numeric_string( num_buf, blen, &oid ) == ret );
+ TEST_ASSERT(mbedtls_oid_get_numeric_string(num_buf, blen, &oid) == ret);
- if( ret >= 0 )
- {
- TEST_ASSERT( num_buf[ret] == 0 );
- TEST_ASSERT( strcmp( num_buf, numstr ) == 0 );
+ if (ret >= 0) {
+ TEST_ASSERT(num_buf[ret] == 0);
+ TEST_ASSERT(strcmp(num_buf, numstr) == 0);
}
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_KEY_USAGE */
-void x509_check_key_usage( char * crt_file, int usage, int ret )
+void x509_check_key_usage(char *crt_file, int usage, int ret)
{
mbedtls_x509_crt crt;
- mbedtls_x509_crt_init( &crt );
+ mbedtls_x509_crt_init(&crt);
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
- TEST_ASSERT( mbedtls_x509_crt_check_key_usage( &crt, usage ) == ret );
+ TEST_ASSERT(mbedtls_x509_crt_check_key_usage(&crt, usage) == ret);
exit:
- mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free(&crt);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
-void x509_check_extended_key_usage( char * crt_file, data_t * oid, int ret
- )
+void x509_check_extended_key_usage(char *crt_file, data_t *oid, int ret
+ )
{
mbedtls_x509_crt crt;
- mbedtls_x509_crt_init( &crt );
+ mbedtls_x509_crt_init(&crt);
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
- TEST_ASSERT( mbedtls_x509_crt_check_extended_key_usage( &crt, (const char *)oid->x, oid->len ) == ret );
+ TEST_ASSERT(mbedtls_x509_crt_check_extended_key_usage(&crt, (const char *) oid->x,
+ oid->len) == ret);
exit:
- mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free(&crt);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_get_time( int tag, char * time_str, int ret, int year, int mon,
- int day, int hour, int min, int sec )
+void x509_get_time(int tag, char *time_str, int ret, int year, int mon,
+ int day, int hour, int min, int sec)
{
mbedtls_x509_time time;
unsigned char buf[21];
- unsigned char* start = buf;
- unsigned char* end = buf;
+ unsigned char *start = buf;
+ unsigned char *end = buf;
- memset( &time, 0x00, sizeof( time ) );
- *end = (unsigned char)tag; end++;
- *end = strlen( time_str );
- TEST_ASSERT( *end < 20 );
+ memset(&time, 0x00, sizeof(time));
+ *end = (unsigned char) tag; end++;
+ *end = strlen(time_str);
+ TEST_ASSERT(*end < 20);
end++;
- memcpy( end, time_str, (size_t)*(end - 1) );
+ memcpy(end, time_str, (size_t) *(end - 1));
end += *(end - 1);
- TEST_ASSERT( mbedtls_x509_get_time( &start, end, &time ) == ret );
- if( ret == 0 )
- {
- TEST_ASSERT( year == time.year );
- TEST_ASSERT( mon == time.mon );
- TEST_ASSERT( day == time.day );
- TEST_ASSERT( hour == time.hour );
- TEST_ASSERT( min == time.min );
- TEST_ASSERT( sec == time.sec );
+ TEST_ASSERT(mbedtls_x509_get_time(&start, end, &time) == ret);
+ if (ret == 0) {
+ TEST_ASSERT(year == time.year);
+ TEST_ASSERT(mon == time.mon);
+ TEST_ASSERT(day == time.day);
+ TEST_ASSERT(hour == time.hour);
+ TEST_ASSERT(min == time.min);
+ TEST_ASSERT(sec == time.sec);
}
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-void x509_parse_rsassa_pss_params( data_t * params, int params_tag,
- int ref_msg_md, int ref_mgf_md,
- int ref_salt_len, int ref_ret )
+void x509_parse_rsassa_pss_params(data_t *params, int params_tag,
+ int ref_msg_md, int ref_mgf_md,
+ int ref_salt_len, int ref_ret)
{
int my_ret;
mbedtls_x509_buf buf;
@@ -1291,16 +1307,15 @@
buf.len = params->len;
buf.tag = params_tag;
- my_ret = mbedtls_x509_get_rsassa_pss_params( &buf, &my_msg_md, &my_mgf_md,
- &my_salt_len );
+ my_ret = mbedtls_x509_get_rsassa_pss_params(&buf, &my_msg_md, &my_mgf_md,
+ &my_salt_len);
- TEST_ASSERT( my_ret == ref_ret );
+ TEST_ASSERT(my_ret == ref_ret);
- if( ref_ret == 0 )
- {
- TEST_ASSERT( my_msg_md == (mbedtls_md_type_t) ref_msg_md );
- TEST_ASSERT( my_mgf_md == (mbedtls_md_type_t) ref_mgf_md );
- TEST_ASSERT( my_salt_len == ref_salt_len );
+ if (ref_ret == 0) {
+ TEST_ASSERT(my_msg_md == (mbedtls_md_type_t) ref_msg_md);
+ TEST_ASSERT(my_mgf_md == (mbedtls_md_type_t) ref_mgf_md);
+ TEST_ASSERT(my_salt_len == ref_salt_len);
}
exit:
@@ -1309,8 +1324,8 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */
-void x509_selftest( )
+void x509_selftest()
{
- TEST_ASSERT( mbedtls_x509_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_x509_self_test(1) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index b27a252..84da143 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -8,64 +8,61 @@
#include "mbedtls/asn1write.h"
#if defined(MBEDTLS_RSA_C)
-int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
- const unsigned char *input, unsigned char *output,
- size_t output_max_len )
+int mbedtls_rsa_decrypt_func(void *ctx, int mode, size_t *olen,
+ const unsigned char *input, unsigned char *output,
+ size_t output_max_len)
{
- return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen,
- input, output, output_max_len ) );
+ return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen,
+ input, output, output_max_len);
}
-int mbedtls_rsa_sign_func( void *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
- const unsigned char *hash, unsigned char *sig )
+int mbedtls_rsa_sign_func(void *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
+ const unsigned char *hash, unsigned char *sig)
{
- return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode,
- md_alg, hashlen, hash, sig ) );
+ return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, f_rng, p_rng, mode,
+ md_alg, hashlen, hash, sig);
}
-size_t mbedtls_rsa_key_len_func( void *ctx )
+size_t mbedtls_rsa_key_len_func(void *ctx)
{
- return( ((const mbedtls_rsa_context *) ctx)->len );
+ return ((const mbedtls_rsa_context *) ctx)->len;
}
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C)
-static int x509_crt_verifycsr( const unsigned char *buf, size_t buflen )
+static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen)
{
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
const mbedtls_md_info_t *md_info;
mbedtls_x509_csr csr;
int ret = 0;
- mbedtls_x509_csr_init( &csr );
+ mbedtls_x509_csr_init(&csr);
- if( mbedtls_x509_csr_parse( &csr, buf, buflen ) != 0 )
- {
+ if (mbedtls_x509_csr_parse(&csr, buf, buflen) != 0) {
ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
goto cleanup;
}
- md_info = mbedtls_md_info_from_type( csr.sig_md );
- if( mbedtls_md( md_info, csr.cri.p, csr.cri.len, hash ) != 0 )
- {
+ md_info = mbedtls_md_info_from_type(csr.sig_md);
+ if (mbedtls_md(md_info, csr.cri.p, csr.cri.len, hash) != 0) {
/* Note: this can't happen except after an internal error */
ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
goto cleanup;
}
- if( mbedtls_pk_verify_ext( csr.sig_pk, csr.sig_opts, &csr.pk,
- csr.sig_md, hash, mbedtls_md_get_size( md_info ),
- csr.sig.p, csr.sig.len ) != 0 )
- {
+ if (mbedtls_pk_verify_ext(csr.sig_pk, csr.sig_opts, &csr.pk,
+ csr.sig_md, hash, mbedtls_md_get_size(md_info),
+ csr.sig.p, csr.sig.len) != 0) {
ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;
goto cleanup;
}
cleanup:
- mbedtls_x509_csr_free( &csr );
- return( ret );
+ mbedtls_x509_csr_free(&csr);
+ return ret;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */
@@ -91,11 +88,11 @@
*/
#define EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH 12
-static int csr_set_extended_key_usage( mbedtls_x509write_csr *ctx,
- const char *oid, size_t oid_len )
+static int csr_set_extended_key_usage(mbedtls_x509write_csr *ctx,
+ const char *oid, size_t oid_len)
{
unsigned char buf[EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH] = { 0 };
- unsigned char *p = buf + sizeof( buf );
+ unsigned char *p = buf + sizeof(buf);
int ret;
size_t len = 0;
@@ -103,18 +100,21 @@
* Following functions fail anyway if the temporary buffer is not large,
* but we set an extra check here to emphasize a possible source of errors
*/
- if ( oid_len > EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH )
- {
+ if (oid_len > EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH) {
return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
}
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( &p, buf, oid, oid_len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, buf, ret ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, buf,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(&p, buf, oid, oid_len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, ret));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
- ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_EXTENDED_KEY_USAGE,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_EXTENDED_KEY_USAGE ), p, len );
+ ret = mbedtls_x509write_csr_set_extension(ctx,
+ MBEDTLS_OID_EXTENDED_KEY_USAGE,
+ MBEDTLS_OID_SIZE(MBEDTLS_OID_EXTENDED_KEY_USAGE),
+ p,
+ len);
return ret;
}
@@ -127,9 +127,9 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */
-void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
- int key_usage, int set_key_usage, int cert_type,
- int set_cert_type, int set_extension )
+void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
+ int key_usage, int set_key_usage, int cert_type,
+ int set_cert_type, int set_extension)
{
mbedtls_pk_context key;
mbedtls_x509write_csr req;
@@ -142,64 +142,67 @@
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
mbedtls_test_rnd_pseudo_info rnd_info;
- memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
- mbedtls_x509write_csr_init( &req );
+ mbedtls_x509write_csr_init(&req);
- mbedtls_pk_init( &key );
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
+ mbedtls_pk_init(&key);
+ TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0);
- mbedtls_x509write_csr_set_md_alg( &req, md_type );
- mbedtls_x509write_csr_set_key( &req, &key );
- TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );
- if( set_key_usage != 0 )
- TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 );
- if( set_cert_type != 0 )
- TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
- if ( set_extension != 0 )
- TEST_ASSERT( csr_set_extended_key_usage( &req, MBEDTLS_OID_SERVER_AUTH,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH ) ) == 0 );
-
- ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ),
- mbedtls_test_rnd_pseudo_rand, &rnd_info );
- TEST_ASSERT( ret == 0 );
-
- pem_len = strlen( (char *) buf );
-
- for( buf_index = pem_len; buf_index < sizeof( buf ); ++buf_index )
- {
- TEST_ASSERT( buf[buf_index] == 0 );
+ mbedtls_x509write_csr_set_md_alg(&req, md_type);
+ mbedtls_x509write_csr_set_key(&req, &key);
+ TEST_ASSERT(mbedtls_x509write_csr_set_subject_name(&req, subject_name) == 0);
+ if (set_key_usage != 0) {
+ TEST_ASSERT(mbedtls_x509write_csr_set_key_usage(&req, key_usage) == 0);
+ }
+ if (set_cert_type != 0) {
+ TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0);
+ }
+ if (set_extension != 0) {
+ TEST_ASSERT(csr_set_extended_key_usage(&req, MBEDTLS_OID_SERVER_AUTH,
+ MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH)) == 0);
}
- f = fopen( cert_req_check_file, "r" );
- TEST_ASSERT( f != NULL );
- olen = fread( check_buf, 1, sizeof( check_buf ), f );
- fclose( f );
+ ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ TEST_ASSERT(ret == 0);
- TEST_ASSERT( olen >= pem_len - 1 );
- TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+ pem_len = strlen((char *) buf);
- der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ),
- mbedtls_test_rnd_pseudo_rand,
- &rnd_info );
- TEST_ASSERT( der_len >= 0 );
+ for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) {
+ TEST_ASSERT(buf[buf_index] == 0);
+ }
- if( der_len == 0 )
+ f = fopen(cert_req_check_file, "r");
+ TEST_ASSERT(f != NULL);
+ olen = fread(check_buf, 1, sizeof(check_buf), f);
+ fclose(f);
+
+ TEST_ASSERT(olen >= pem_len - 1);
+ TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
+
+ der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf),
+ mbedtls_test_rnd_pseudo_rand,
+ &rnd_info);
+ TEST_ASSERT(der_len >= 0);
+
+ if (der_len == 0) {
goto exit;
+ }
- ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len - 1 ),
- mbedtls_test_rnd_pseudo_rand, &rnd_info );
- TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len - 1),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
exit:
- mbedtls_x509write_csr_free( &req );
- mbedtls_pk_free( &key );
+ mbedtls_x509write_csr_free(&req);
+ mbedtls_pk_free(&key);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C:MBEDTLS_USE_PSA_CRYPTO */
-void x509_csr_check_opaque( char *key_file, int md_type, int key_usage,
- int cert_type )
+void x509_csr_check_opaque(char *key_file, int md_type, int key_usage,
+ int cert_type)
{
mbedtls_pk_context key;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
@@ -211,53 +214,55 @@
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
mbedtls_test_rnd_pseudo_info rnd_info;
- memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
- mbedtls_x509write_csr_init( &req );
+ mbedtls_x509write_csr_init(&req);
- USE_PSA_INIT( );
+ USE_PSA_INIT();
- md_alg_psa = mbedtls_psa_translate_md( (mbedtls_md_type_t) md_type );
- TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );
+ md_alg_psa = mbedtls_psa_translate_md((mbedtls_md_type_t) md_type);
+ TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE);
- mbedtls_pk_init( &key );
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
- TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &key_id, md_alg_psa ) == 0 );
+ mbedtls_pk_init(&key);
+ TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0);
+ TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&key, &key_id, md_alg_psa) == 0);
- mbedtls_x509write_csr_set_md_alg( &req, md_type );
- mbedtls_x509write_csr_set_key( &req, &key );
- TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );
- if( key_usage != 0 )
- TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 );
- if( cert_type != 0 )
- TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
+ mbedtls_x509write_csr_set_md_alg(&req, md_type);
+ mbedtls_x509write_csr_set_key(&req, &key);
+ TEST_ASSERT(mbedtls_x509write_csr_set_subject_name(&req, subject_name) == 0);
+ if (key_usage != 0) {
+ TEST_ASSERT(mbedtls_x509write_csr_set_key_usage(&req, key_usage) == 0);
+ }
+ if (cert_type != 0) {
+ TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0);
+ }
- ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ) - 1,
- mbedtls_test_rnd_pseudo_rand, &rnd_info );
+ ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1,
+ mbedtls_test_rnd_pseudo_rand, &rnd_info);
- TEST_ASSERT( ret == 0 );
+ TEST_ASSERT(ret == 0);
- pem_len = strlen( (char *) buf );
+ pem_len = strlen((char *) buf);
buf[pem_len] = '\0';
- TEST_ASSERT( x509_crt_verifycsr( buf, pem_len + 1 ) == 0 );
+ TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0);
exit:
- mbedtls_x509write_csr_free( &req );
- mbedtls_pk_free( &key );
- psa_destroy_key( key_id );
- PSA_DONE( );
+ mbedtls_x509write_csr_free(&req);
+ mbedtls_pk_free(&key);
+ psa_destroy_key(key_id);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CRT_WRITE_C:MBEDTLS_SHA1_C */
-void x509_crt_check( char *subject_key_file, char *subject_pwd,
- char *subject_name, char *issuer_key_file,
- char *issuer_pwd, char *issuer_name,
- char *serial_str, char *not_before, char *not_after,
- int md_type, int key_usage, int set_key_usage,
- int cert_type, int set_cert_type, int auth_ident,
- int ver, char *cert_check_file, int rsa_alt, int is_ca )
+void x509_crt_check(char *subject_key_file, char *subject_pwd,
+ char *subject_name, char *issuer_key_file,
+ char *issuer_pwd, char *issuer_name,
+ char *serial_str, char *not_before, char *not_after,
+ int md_type, int key_usage, int set_key_usage,
+ int cert_type, int set_cert_type, int auth_ident,
+ int ver, char *cert_check_file, int rsa_alt, int is_ca)
{
mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
mbedtls_pk_context *key = &issuer_key;
@@ -274,30 +279,29 @@
FILE *f;
mbedtls_test_rnd_pseudo_info rnd_info;
- memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
- mbedtls_mpi_init( &serial );
+ memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
+ mbedtls_mpi_init(&serial);
- mbedtls_pk_init( &subject_key );
- mbedtls_pk_init( &issuer_key );
- mbedtls_pk_init( &issuer_key_alt );
+ mbedtls_pk_init(&subject_key);
+ mbedtls_pk_init(&issuer_key);
+ mbedtls_pk_init(&issuer_key_alt);
- mbedtls_x509write_crt_init( &crt );
+ mbedtls_x509write_crt_init(&crt);
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file,
- subject_pwd ) == 0 );
+ TEST_ASSERT(mbedtls_pk_parse_keyfile(&subject_key, subject_key_file,
+ subject_pwd) == 0);
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file,
- issuer_pwd ) == 0 );
+ TEST_ASSERT(mbedtls_pk_parse_keyfile(&issuer_key, issuer_key_file,
+ issuer_pwd) == 0);
#if defined(MBEDTLS_RSA_C)
/* For RSA PK contexts, create a copy as an alternative RSA context. */
- if( rsa_alt == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA )
- {
- TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &issuer_key_alt,
- mbedtls_pk_rsa( issuer_key ),
- mbedtls_rsa_decrypt_func,
- mbedtls_rsa_sign_func,
- mbedtls_rsa_key_len_func ) == 0 );
+ if (rsa_alt == 1 && mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_RSA) {
+ TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&issuer_key_alt,
+ mbedtls_pk_rsa(issuer_key),
+ mbedtls_rsa_decrypt_func,
+ mbedtls_rsa_sign_func,
+ mbedtls_rsa_key_len_func) == 0);
key = &issuer_key_alt;
}
@@ -305,130 +309,125 @@
(void) rsa_alt;
#endif
- TEST_ASSERT( mbedtls_test_read_mpi( &serial, serial_str ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&serial, serial_str) == 0);
- if( ver != -1 )
- mbedtls_x509write_crt_set_version( &crt, ver );
-
- TEST_ASSERT( mbedtls_x509write_crt_set_serial( &crt, &serial ) == 0 );
- TEST_ASSERT( mbedtls_x509write_crt_set_validity( &crt, not_before,
- not_after ) == 0 );
- mbedtls_x509write_crt_set_md_alg( &crt, md_type );
- TEST_ASSERT( mbedtls_x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 );
- TEST_ASSERT( mbedtls_x509write_crt_set_subject_name( &crt, subject_name ) == 0 );
- mbedtls_x509write_crt_set_subject_key( &crt, &subject_key );
-
- mbedtls_x509write_crt_set_issuer_key( &crt, key );
-
- if( crt.version >= MBEDTLS_X509_CRT_VERSION_3 )
- {
- /* For the CA case, a path length of -1 means unlimited. */
- TEST_ASSERT( mbedtls_x509write_crt_set_basic_constraints( &crt, is_ca,
- (is_ca ? -1 : 0) ) == 0 );
- TEST_ASSERT( mbedtls_x509write_crt_set_subject_key_identifier( &crt ) == 0 );
- if( auth_ident )
- TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 );
- if( set_key_usage != 0 )
- TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 );
- if( set_cert_type != 0 )
- TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 );
+ if (ver != -1) {
+ mbedtls_x509write_crt_set_version(&crt, ver);
}
- ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof( buf ),
- mbedtls_test_rnd_pseudo_rand, &rnd_info );
- TEST_ASSERT( ret == 0 );
+ TEST_ASSERT(mbedtls_x509write_crt_set_serial(&crt, &serial) == 0);
+ TEST_ASSERT(mbedtls_x509write_crt_set_validity(&crt, not_before,
+ not_after) == 0);
+ mbedtls_x509write_crt_set_md_alg(&crt, md_type);
+ TEST_ASSERT(mbedtls_x509write_crt_set_issuer_name(&crt, issuer_name) == 0);
+ TEST_ASSERT(mbedtls_x509write_crt_set_subject_name(&crt, subject_name) == 0);
+ mbedtls_x509write_crt_set_subject_key(&crt, &subject_key);
- pem_len = strlen( (char *) buf );
+ mbedtls_x509write_crt_set_issuer_key(&crt, key);
+
+ if (crt.version >= MBEDTLS_X509_CRT_VERSION_3) {
+ /* For the CA case, a path length of -1 means unlimited. */
+ TEST_ASSERT(mbedtls_x509write_crt_set_basic_constraints(&crt, is_ca,
+ (is_ca ? -1 : 0)) == 0);
+ TEST_ASSERT(mbedtls_x509write_crt_set_subject_key_identifier(&crt) == 0);
+ if (auth_ident) {
+ TEST_ASSERT(mbedtls_x509write_crt_set_authority_key_identifier(&crt) == 0);
+ }
+ if (set_key_usage != 0) {
+ TEST_ASSERT(mbedtls_x509write_crt_set_key_usage(&crt, key_usage) == 0);
+ }
+ if (set_cert_type != 0) {
+ TEST_ASSERT(mbedtls_x509write_crt_set_ns_cert_type(&crt, cert_type) == 0);
+ }
+ }
+
+ ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ TEST_ASSERT(ret == 0);
+
+ pem_len = strlen((char *) buf);
// check that the rest of the buffer remains clear
- for( buf_index = pem_len; buf_index < sizeof( buf ); ++buf_index )
- {
- TEST_ASSERT( buf[buf_index] == 0 );
+ for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) {
+ TEST_ASSERT(buf[buf_index] == 0);
}
- if( *cert_check_file != '\0' )
- {
- f = fopen( cert_check_file, "r" );
- TEST_ASSERT( f != NULL );
- olen = fread( check_buf, 1, sizeof( check_buf ), f );
- fclose( f );
- TEST_ASSERT( olen < sizeof( check_buf ) );
- TEST_ASSERT( olen >= pem_len - 1 );
- TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+ if (*cert_check_file != '\0') {
+ f = fopen(cert_check_file, "r");
+ TEST_ASSERT(f != NULL);
+ olen = fread(check_buf, 1, sizeof(check_buf), f);
+ fclose(f);
+ TEST_ASSERT(olen < sizeof(check_buf));
+ TEST_ASSERT(olen >= pem_len - 1);
+ TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
}
- der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ),
- mbedtls_test_rnd_pseudo_rand,
- &rnd_info );
- TEST_ASSERT( der_len >= 0 );
+ der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf),
+ mbedtls_test_rnd_pseudo_rand,
+ &rnd_info);
+ TEST_ASSERT(der_len >= 0);
- if( der_len == 0 )
+ if (der_len == 0) {
goto exit;
+ }
// Not testing against file, check date format
- if( *cert_check_file == '\0' )
- {
+ if (*cert_check_file == '\0') {
// UTC tag if before 2050, 2 digits less for year
- if( not_before[0] == '2' && ( not_before[1] > '0' || not_before[2] > '4' ) )
- {
+ if (not_before[0] == '2' && (not_before[1] > '0' || not_before[2] > '4')) {
before_tag = MBEDTLS_ASN1_GENERALIZED_TIME;
- }
- else
- {
+ } else {
before_tag = MBEDTLS_ASN1_UTC_TIME;
not_before += 2;
}
- if( not_after[0] == '2' && ( not_after[1] > '0' || not_after[2] > '4' ) )
- {
+ if (not_after[0] == '2' && (not_after[1] > '0' || not_after[2] > '4')) {
after_tag = MBEDTLS_ASN1_GENERALIZED_TIME;
- }
- else
- {
+ } else {
after_tag = MBEDTLS_ASN1_UTC_TIME;
not_after += 2;
}
- end = buf + sizeof( buf );
- for( p = end - der_len ; p < end ; )
- {
+ end = buf + sizeof(buf);
+ for (p = end - der_len; p < end;) {
tag = *p++;
sz = *p++;
- if( tag == MBEDTLS_ASN1_UTC_TIME || tag == MBEDTLS_ASN1_GENERALIZED_TIME )
- {
+ if (tag == MBEDTLS_ASN1_UTC_TIME || tag == MBEDTLS_ASN1_GENERALIZED_TIME) {
// Check correct tag and time written
- TEST_ASSERT( before_tag == tag );
- TEST_ASSERT( memcmp( p, not_before, sz - 1 ) == 0 );
+ TEST_ASSERT(before_tag == tag);
+ TEST_ASSERT(memcmp(p, not_before, sz - 1) == 0);
p += sz;
tag = *p++;
sz = *p++;
- TEST_ASSERT( after_tag == tag );
- TEST_ASSERT( memcmp( p, not_after, sz - 1 ) == 0 );
+ TEST_ASSERT(after_tag == tag);
+ TEST_ASSERT(memcmp(p, not_after, sz - 1) == 0);
break;
}
// Increment if long form ASN1 length
- if( sz & 0x80 )
+ if (sz & 0x80) {
p += sz & 0x0F;
- if( tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
+ }
+ if (tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
p += sz;
+ }
}
- TEST_ASSERT( p < end );
+ TEST_ASSERT(p < end);
}
- ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ),
- mbedtls_test_rnd_pseudo_rand, &rnd_info );
- TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len - 1),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
exit:
- mbedtls_x509write_crt_free( &crt );
- mbedtls_pk_free( &issuer_key_alt );
- mbedtls_pk_free( &subject_key );
- mbedtls_pk_free( &issuer_key );
- mbedtls_mpi_free( &serial );
+ mbedtls_x509write_crt_free(&crt);
+ mbedtls_pk_free(&issuer_key_alt);
+ mbedtls_pk_free(&subject_key);
+ mbedtls_pk_free(&issuer_key);
+ mbedtls_mpi_free(&serial);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */
-void mbedtls_x509_string_to_names( char * name, char * parsed_name, int result
- )
+void mbedtls_x509_string_to_names(char *name, char *parsed_name, int result
+ )
{
int ret;
size_t len = 0;
@@ -436,38 +435,38 @@
mbedtls_x509_name parsed, *parsed_cur, *parsed_prv;
unsigned char buf[1024], out[1024], *c;
- memset( &parsed, 0, sizeof( parsed ) );
- memset( out, 0, sizeof( out ) );
- memset( buf, 0, sizeof( buf ) );
- c = buf + sizeof( buf );
+ memset(&parsed, 0, sizeof(parsed));
+ memset(out, 0, sizeof(out));
+ memset(buf, 0, sizeof(buf));
+ c = buf + sizeof(buf);
- ret = mbedtls_x509_string_to_names( &names, name );
- TEST_ASSERT( ret == result );
+ ret = mbedtls_x509_string_to_names(&names, name);
+ TEST_ASSERT(ret == result);
- if( ret != 0 )
+ if (ret != 0) {
goto exit;
+ }
- ret = mbedtls_x509_write_names( &c, buf, names );
- TEST_ASSERT( ret > 0 );
+ ret = mbedtls_x509_write_names(&c, buf, names);
+ TEST_ASSERT(ret > 0);
- TEST_ASSERT( mbedtls_asn1_get_tag( &c, buf + sizeof( buf ), &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) == 0 );
- TEST_ASSERT( mbedtls_x509_get_name( &c, buf + sizeof( buf ), &parsed ) == 0 );
+ TEST_ASSERT(mbedtls_asn1_get_tag(&c, buf + sizeof(buf), &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) == 0);
+ TEST_ASSERT(mbedtls_x509_get_name(&c, buf + sizeof(buf), &parsed) == 0);
- ret = mbedtls_x509_dn_gets( (char *) out, sizeof( out ), &parsed );
- TEST_ASSERT( ret > 0 );
+ ret = mbedtls_x509_dn_gets((char *) out, sizeof(out), &parsed);
+ TEST_ASSERT(ret > 0);
- TEST_ASSERT( strcmp( (char *) out, parsed_name ) == 0 );
+ TEST_ASSERT(strcmp((char *) out, parsed_name) == 0);
exit:
- mbedtls_asn1_free_named_data_list( &names );
+ mbedtls_asn1_free_named_data_list(&names);
parsed_cur = parsed.next;
- while( parsed_cur != 0 )
- {
+ while (parsed_cur != 0) {
parsed_prv = parsed_cur;
parsed_cur = parsed_cur->next;
- mbedtls_free( parsed_prv );
+ mbedtls_free(parsed_prv);
}
}
/* END_CASE */
diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function
index 1d5b29b..7e06e30 100644
--- a/tests/suites/test_suite_xtea.function
+++ b/tests/suites/test_suite_xtea.function
@@ -8,8 +8,8 @@
*/
/* BEGIN_CASE */
-void xtea_encrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * dst )
+void xtea_encrypt_ecb(data_t *key_str, data_t *src_str,
+ data_t *dst)
{
unsigned char output[100];
mbedtls_xtea_context ctx;
@@ -17,15 +17,15 @@
memset(output, 0x00, 100);
- mbedtls_xtea_setup( &ctx, key_str->x );
- TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->x, output ) == 0 );
+ mbedtls_xtea_setup(&ctx, key_str->x);
+ TEST_ASSERT(mbedtls_xtea_crypt_ecb(&ctx, MBEDTLS_XTEA_ENCRYPT, src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, 8, dst->len) == 0);
}
/* END_CASE */
/* BEGIN_CASE */
-void xtea_decrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst )
+void xtea_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *dst)
{
unsigned char output[100];
mbedtls_xtea_context ctx;
@@ -33,16 +33,16 @@
memset(output, 0x00, 100);
- mbedtls_xtea_setup( &ctx, key_str->x );
- TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->x, output ) == 0 );
+ mbedtls_xtea_setup(&ctx, key_str->x);
+ TEST_ASSERT(mbedtls_xtea_crypt_ecb(&ctx, MBEDTLS_XTEA_DECRYPT, src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, 8, dst->len) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void xtea_encrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst )
+void xtea_encrypt_cbc(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst)
{
unsigned char output[100];
mbedtls_xtea_context ctx;
@@ -50,18 +50,18 @@
memset(output, 0x00, 100);
- mbedtls_xtea_setup( &ctx, key_str->x );
- TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->len, iv_str->x,
- src_str->x, output ) == 0 );
+ mbedtls_xtea_setup(&ctx, key_str->x);
+ TEST_ASSERT(mbedtls_xtea_crypt_cbc(&ctx, MBEDTLS_XTEA_ENCRYPT, src_str->len, iv_str->x,
+ src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
- src_str->len, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x,
+ src_str->len, dst->len) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void xtea_decrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst )
+void xtea_decrypt_cbc(data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *dst)
{
unsigned char output[100];
mbedtls_xtea_context ctx;
@@ -69,18 +69,18 @@
memset(output, 0x00, 100);
- mbedtls_xtea_setup( &ctx, key_str->x );
- TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->len, iv_str->x,
- src_str->x, output ) == 0 );
+ mbedtls_xtea_setup(&ctx, key_str->x);
+ TEST_ASSERT(mbedtls_xtea_crypt_cbc(&ctx, MBEDTLS_XTEA_DECRYPT, src_str->len, iv_str->x,
+ src_str->x, output) == 0);
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
- src_str->len, dst->len ) == 0 );
+ TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x,
+ src_str->len, dst->len) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void xtea_selftest( )
+void xtea_selftest()
{
- TEST_ASSERT( mbedtls_xtea_self_test( 1 ) == 0 );
+ TEST_ASSERT(mbedtls_xtea_self_test(1) == 0);
}
/* END_CASE */