| Manuel Pégourié-Gonnard | 045f094 | 2020-07-02 11:34:02 +0200 | [diff] [blame] | 1 | /** |
| 2 | * \file ssl_invasive.h |
| 3 | * |
| 4 | * \brief SSL module: interfaces for invasive testing only. |
| 5 | * |
| 6 | * The interfaces in this file are intended for testing purposes only. |
| 7 | * They SHOULD NOT be made available in library integrations except when |
| 8 | * building the library for testing. |
| 9 | */ |
| 10 | /* |
| 11 | * Copyright (C) 2020, ARM Limited, All Rights Reserved |
| 12 | * SPDX-License-Identifier: Apache-2.0 |
| 13 | * |
| 14 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 15 | * not use this file except in compliance with the License. |
| 16 | * You may obtain a copy of the License at |
| 17 | * |
| 18 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 19 | * |
| 20 | * Unless required by applicable law or agreed to in writing, software |
| 21 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 22 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 23 | * See the License for the specific language governing permissions and |
| 24 | * limitations under the License. |
| 25 | * |
| 26 | * This file is part of mbed TLS (https://tls.mbed.org) |
| 27 | */ |
| 28 | #ifndef MBEDTLS_SSL_INVASIVE_H |
| 29 | #define MBEDTLS_SSL_INVASIVE_H |
| 30 | |
| 31 | #include "common.h" |
| 32 | #include "mbedtls/md.h" |
| 33 | |
| 34 | #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ |
| 35 | ( defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| 36 | defined(MBEDTLS_SSL_PROTO_TLS1_1) | \ |
| 37 | defined(MBEDTLS_SSL_PROTO_TLS1_2) ) |
| 38 | /** \brief Compute the HMAC of variable-length data with constant flow. |
| 39 | * |
| 40 | * This function computes the HMAC of the concatenation of \p add_data and \p |
| 41 | * data, and does with a code flow and memory access pattern that does not |
| 42 | * depend on \p data_len_secret, but only on \p min_data_len and \p |
| 43 | * max_data_len. In particular, this function always reads exactly \p |
| 44 | * max_data_len bytes from \p data. |
| 45 | * |
| 46 | * \param ctx The HMAC context. It must have keys configured |
| 47 | * with mbedtls_md_hmac_starts(). It is reset using |
| 48 | * mbedtls_md_hmac_reset() after the computation is |
| 49 | * complete to prepare for the next computation. |
| 50 | * \param add_data The additional data prepended to \p data. This |
| 51 | * must point to a readable buffer of \p add_data_len |
| 52 | * bytes. |
| 53 | * \param add_data_len The length of \p add_data in bytes. |
| 54 | * \param data The data appended to \p add_data. This must point |
| 55 | * to a readable buffer of \p max_data_len bytes. |
| 56 | * \param data_len_secret The length of the data to process in \p data. |
| 57 | * This must be no less than \p min_data_len and no |
| 58 | * greated than \p max_data_len. |
| 59 | * \param min_data_len The minimal length of \p data in bytes. |
| 60 | * \param max_data_len The maximal length of \p data in bytes. |
| 61 | * \param output The HMAC will be written here. This must point to |
| 62 | * a writeable buffer of sufficient size to hold the |
| 63 | * HMAC value. |
| 64 | * |
| 65 | * \retval 0 |
| 66 | * Success. |
| 67 | * \retval MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED |
| 68 | * The hardware accelerator failed. |
| 69 | */ |
| 70 | int mbedtls_ssl_cf_hmac( |
| 71 | mbedtls_md_context_t *ctx, |
| 72 | const unsigned char *add_data, size_t add_data_len, |
| 73 | const unsigned char *data, size_t data_len_secret, |
| 74 | size_t min_data_len, size_t max_data_len, |
| 75 | unsigned char *output ); |
| 76 | #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC && TLS 1.0-1.2 */ |
| 77 | |
| 78 | #endif /* MBEDTLS_SSL_INVASIVE_H */ |