DO-178 changes
This commit is contained in:
parent
3381eb2094
commit
cebb283822
13
tests/api.c
13
tests/api.c
@ -7486,11 +7486,9 @@ static int test_wc_Sha384Copy (void)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
wc_Sha384Free(&sha384);
|
||||
wc_Sha384Free(&temp);
|
||||
|
||||
|
||||
printf(resultFmt, flag == 0 ? passed : failed);
|
||||
|
||||
#endif
|
||||
@ -9043,9 +9041,7 @@ static int test_wc_Sha3_GetFlags (void)
|
||||
ret = 0;
|
||||
}
|
||||
}
|
||||
|
||||
wc_Sha3_224_Free(&sha3);
|
||||
|
||||
printf(resultFmt, ret == 0 ? passed : failed);
|
||||
|
||||
#endif
|
||||
@ -9259,7 +9255,6 @@ static int test_wc_Shake256_Copy (void)
|
||||
|
||||
#endif
|
||||
return ret;
|
||||
|
||||
} /* END test_wc_Shake256_Copy */
|
||||
/*
|
||||
* Unit test function for wc_Shake256Hash()
|
||||
@ -13219,13 +13214,13 @@ static int test_wc_RsaPrivateKeyDecode (void)
|
||||
/* Test bad args. */
|
||||
if (ret == 0) {
|
||||
ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes);
|
||||
if (ret == ASN_PARSE_E) {
|
||||
if (ret == BAD_FUNC_ARG) {
|
||||
ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes);
|
||||
}
|
||||
if (ret == BAD_FUNC_ARG) {
|
||||
ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes);
|
||||
}
|
||||
if (ret == ASN_PARSE_E) {
|
||||
if (ret == BAD_FUNC_ARG) {
|
||||
ret = 0;
|
||||
} else {
|
||||
ret = WOLFSSL_FATAL_ERROR;
|
||||
@ -27367,14 +27362,14 @@ static void test_wolfSSL_ERR_print_errors(void)
|
||||
AssertNotNull(bio = BIO_new(BIO_s_mem()));
|
||||
ERR_clear_error(); /* clear out any error nodes */
|
||||
ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0);
|
||||
ERR_put_error(0,SYS_F_BIND, -275, "asn.c", 100);
|
||||
ERR_put_error(0,SYS_F_BIND, -295, "asn.c", 100);
|
||||
|
||||
ERR_print_errors(bio);
|
||||
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 56);
|
||||
AssertIntEQ(XSTRNCMP("error:173:wolfSSL library:Bad function argument:ssl.c:0",
|
||||
buf, 55), 0);
|
||||
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 57);
|
||||
AssertIntEQ(XSTRNCMP("error:275:wolfSSL library:unknown error number:asn.c:100",
|
||||
AssertIntEQ(XSTRNCMP("error:295:wolfSSL library:unknown error number:asn.c:100",
|
||||
buf, 56), 0);
|
||||
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 0);
|
||||
AssertIntEQ(ERR_get_error_line(NULL, NULL), 0);
|
||||
|
@ -19,7 +19,15 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This library provides the interfaces to the Advanced Encryption Standard (AES)
|
||||
for encrypting and decrypting data. AES is the standard known for a symmetric
|
||||
block cipher mechanism that uses n-bit binary string parameter key with 128-bits,
|
||||
192-bits, and 256-bits of key sizes.
|
||||
|
||||
*/
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
@ -19,7 +19,14 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This library provides the interface to Abstract Syntax Notation One (ASN.1) objects.
|
||||
ASN.1 is a standard interface description language for defining data structures
|
||||
that can be serialized and deserialized in a cross-platform way.
|
||||
|
||||
*/
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
@ -2581,7 +2588,7 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
|
||||
{
|
||||
int version, length;
|
||||
|
||||
if (inOutIdx == NULL) {
|
||||
if (inOutIdx == NULL || input == NULL || key == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
|
||||
|
@ -18,15 +18,12 @@
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
* based from
|
||||
* chacha-ref.c version 20080118
|
||||
* D. J. Bernstein
|
||||
* Public domain.
|
||||
*/
|
||||
|
||||
DESCRIPTION
|
||||
This library contains implementation for the ChaCha20 stream cipher.
|
||||
|
||||
*/
|
||||
#ifdef WOLFSSL_ARMASM
|
||||
/* implementation is located in wolfcrypt/src/port/arm/armv8-chacha.c */
|
||||
|
||||
@ -112,25 +109,17 @@ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
|
||||
{
|
||||
word32 temp[CHACHA_IV_WORDS];/* used for alignment of memory */
|
||||
|
||||
#ifdef CHACHA_AEAD_TEST
|
||||
word32 i;
|
||||
printf("NONCE : ");
|
||||
for (i = 0; i < CHACHA_IV_BYTES; i++) {
|
||||
printf("%02x", inIv[i]);
|
||||
}
|
||||
printf("\n\n");
|
||||
#endif
|
||||
|
||||
if (ctx == NULL)
|
||||
if (ctx == NULL || inIv == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
XMEMCPY(temp, inIv, CHACHA_IV_BYTES);
|
||||
|
||||
ctx->left = 0; /* resets state */
|
||||
ctx->X[CHACHA_IV_BYTES+0] = counter; /* block counter */
|
||||
ctx->X[CHACHA_IV_BYTES+1] = LITTLE32(temp[0]); /* fixed variable from nonce */
|
||||
ctx->X[CHACHA_IV_BYTES+2] = LITTLE32(temp[1]); /* counter from nonce */
|
||||
ctx->X[CHACHA_IV_BYTES+3] = LITTLE32(temp[2]); /* counter from nonce */
|
||||
ctx->X[CHACHA_MATRIX_CNT_IV+0] = counter; /* block counter */
|
||||
ctx->X[CHACHA_MATRIX_CNT_IV+1] = LITTLE32(temp[0]); /* fixed variable from nonce */
|
||||
ctx->X[CHACHA_MATRIX_CNT_IV+2] = LITTLE32(temp[1]); /* counter from nonce */
|
||||
ctx->X[CHACHA_MATRIX_CNT_IV+3] = LITTLE32(temp[2]); /* counter from nonce */
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -152,7 +141,7 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
|
||||
word32 alignKey[8];
|
||||
#endif
|
||||
|
||||
if (ctx == NULL)
|
||||
if (ctx == NULL || key == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (keySz != (CHACHA_MAX_KEY_SZ/2) && keySz != CHACHA_MAX_KEY_SZ)
|
||||
@ -270,13 +259,13 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
|
||||
wc_Chacha_wordtobyte(temp, ctx->X); /* recreate the stream */
|
||||
output = (byte*)temp + CHACHA_CHUNK_BYTES - ctx->left;
|
||||
for (i = 0; i < bytes && i < ctx->left; i++) {
|
||||
c[i] = m[i] ^ output[i];
|
||||
c[i] = (byte)(m[i] ^ output[i]);
|
||||
}
|
||||
ctx->left = ctx->left - i;
|
||||
|
||||
/* Used up all of the stream that was left, increment the counter */
|
||||
if (ctx->left == 0) {
|
||||
ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]);
|
||||
ctx->X[CHACHA_MATRIX_CNT_IV] = PLUSONE(ctx->X[CHACHA_MATRIX_CNT_IV]);
|
||||
}
|
||||
bytes = bytes - i;
|
||||
c += i;
|
||||
@ -286,9 +275,9 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
|
||||
output = (byte*)temp;
|
||||
while (bytes >= CHACHA_CHUNK_BYTES) {
|
||||
wc_Chacha_wordtobyte(temp, ctx->X);
|
||||
ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]);
|
||||
ctx->X[CHACHA_MATRIX_CNT_IV] = PLUSONE(ctx->X[CHACHA_MATRIX_CNT_IV]);
|
||||
for (i = 0; i < CHACHA_CHUNK_BYTES; ++i) {
|
||||
c[i] = m[i] ^ output[i];
|
||||
c[i] = (byte)(m[i] ^ output[i]);
|
||||
}
|
||||
bytes -= CHACHA_CHUNK_BYTES;
|
||||
c += CHACHA_CHUNK_BYTES;
|
||||
@ -314,7 +303,7 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
|
||||
int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
|
||||
word32 msglen)
|
||||
{
|
||||
if (ctx == NULL)
|
||||
if (ctx == NULL || input == NULL || output == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#ifdef USE_INTEL_CHACHA_SPEEDUP
|
||||
|
@ -18,8 +18,14 @@
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This library contains implementation for the ChaCha20 stream cipher and
|
||||
the Poly1305 authenticator, both as as combined-mode,
|
||||
or Authenticated Encryption with Additional Data (AEAD) algorithm.
|
||||
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
@ -141,7 +147,7 @@ int wc_ChaCha20Poly1305_Init(ChaChaPoly_Aead* aead,
|
||||
/* setup aead context */
|
||||
XMEMSET(aead, 0, sizeof(ChaChaPoly_Aead));
|
||||
XMEMSET(authKey, 0, sizeof(authKey));
|
||||
aead->isEncrypt = isEncrypt;
|
||||
aead->isEncrypt = (byte)isEncrypt;
|
||||
|
||||
/* Initialize the ChaCha20 context (key and iv) */
|
||||
ret = wc_Chacha_SetKey(&aead->chacha, inKey,
|
||||
@ -189,6 +195,8 @@ int wc_ChaCha20Poly1305_UpdateAad(ChaChaPoly_Aead* aead,
|
||||
aead->state != CHACHA20_POLY1305_STATE_AAD) {
|
||||
return BAD_STATE_E;
|
||||
}
|
||||
if (inAADLen > CHACHA20_POLY1305_MAX - aead->aadLen)
|
||||
return CHACHA_POLY_OVERFLOW;
|
||||
|
||||
if (inAAD && inAADLen > 0) {
|
||||
ret = wc_Poly1305Update(&aead->poly, inAAD, inAADLen);
|
||||
@ -215,6 +223,8 @@ int wc_ChaCha20Poly1305_UpdateData(ChaChaPoly_Aead* aead,
|
||||
aead->state != CHACHA20_POLY1305_STATE_DATA) {
|
||||
return BAD_STATE_E;
|
||||
}
|
||||
if (dataLen > CHACHA20_POLY1305_MAX - aead->dataLen)
|
||||
return CHACHA_POLY_OVERFLOW;
|
||||
|
||||
/* Pad the AAD */
|
||||
if (aead->state == CHACHA20_POLY1305_STATE_AAD) {
|
||||
@ -261,7 +271,7 @@ int wc_ChaCha20Poly1305_Final(ChaChaPoly_Aead* aead,
|
||||
ret = wc_Poly1305_Pad(&aead->poly, aead->aadLen);
|
||||
}
|
||||
|
||||
/* Pad the ciphertext to 16 bytes */
|
||||
/* Pad the plaintext/ciphertext to 16 bytes */
|
||||
if (ret == 0) {
|
||||
ret = wc_Poly1305_Pad(&aead->poly, aead->dataLen);
|
||||
}
|
||||
|
@ -512,6 +512,9 @@ const char* wc_GetErrorString(int error)
|
||||
case PSS_SALTLEN_RECOVER_E:
|
||||
return "PSS - Salt length unable to be recovered";
|
||||
|
||||
case CHACHA_POLY_OVERFLOW:
|
||||
return "wolfcrypt - ChaCha20_Poly1305 limit overflow 4GB";
|
||||
|
||||
case ASN_SELF_SIGNED_E:
|
||||
return "ASN self-signed certificate error";
|
||||
|
||||
|
@ -18,8 +18,13 @@
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This module implements the arithmetic-shift right, left, byte swapping, XOR,
|
||||
masking and clearing memory logic.
|
||||
|
||||
*/
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
@ -77,13 +82,14 @@
|
||||
}
|
||||
|
||||
#else /* generic */
|
||||
/* This routine performs a left circular arithmetic shift of <x> by <y> value. */
|
||||
|
||||
WC_STATIC WC_INLINE word32 rotlFixed(word32 x, word32 y)
|
||||
{
|
||||
return (x << y) | (x >> (sizeof(y) * 8 - y));
|
||||
}
|
||||
|
||||
|
||||
/* This routine performs a right circular arithmetic shift of <x> by <y> value. */
|
||||
WC_STATIC WC_INLINE word32 rotrFixed(word32 x, word32 y)
|
||||
{
|
||||
return (x >> y) | (x << (sizeof(y) * 8 - y));
|
||||
@ -91,7 +97,7 @@
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
/* This routine performs a byte swap of 32-bit word value. */
|
||||
WC_STATIC WC_INLINE word32 ByteReverseWord32(word32 value)
|
||||
{
|
||||
#ifdef PPC_INTRINSICS
|
||||
@ -114,8 +120,8 @@ WC_STATIC WC_INLINE word32 ByteReverseWord32(word32 value)
|
||||
return rotlFixed(value, 16U);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
#if defined(LITTLE_ENDIAN_ORDER)
|
||||
/* This routine performs a byte swap of words array of a given count. */
|
||||
WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
|
||||
word32 byteCount)
|
||||
{
|
||||
@ -125,7 +131,7 @@ WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
|
||||
out[i] = ByteReverseWord32(in[i]);
|
||||
|
||||
}
|
||||
|
||||
#endif /* LITTLE_ENDIAN_ORDER */
|
||||
|
||||
#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)
|
||||
|
||||
@ -172,6 +178,8 @@ WC_STATIC WC_INLINE void ByteReverseWords64(word64* out, const word64* in,
|
||||
#endif /* WORD64_AVAILABLE && !WOLFSSL_NO_WORD64_OPS */
|
||||
|
||||
#ifndef WOLFSSL_NO_XOR_OPS
|
||||
/* This routine performs a bitwise XOR operation of <*r> and <*a> for <n> number
|
||||
of wolfssl_words, placing the result in <*r>. */
|
||||
WC_STATIC WC_INLINE void XorWords(wolfssl_word* r, const wolfssl_word* a, word32 n)
|
||||
{
|
||||
word32 i;
|
||||
@ -179,6 +187,8 @@ WC_STATIC WC_INLINE void XorWords(wolfssl_word* r, const wolfssl_word* a, word32
|
||||
for (i = 0; i < n; i++) r[i] ^= a[i];
|
||||
}
|
||||
|
||||
/* This routine performs a bitwise XOR operation of <*buf> and <*mask> of n
|
||||
counts, placing the result in <*buf>. */
|
||||
|
||||
WC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count)
|
||||
{
|
||||
@ -196,7 +206,8 @@ WC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count)
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_NO_FORCE_ZERO
|
||||
/* Make sure compiler doesn't skip */
|
||||
/* This routine fills the first len bytes of the memory area pointed by mem
|
||||
with zeros. It ensures compiler optimizations doesn't skip it */
|
||||
WC_STATIC WC_INLINE void ForceZero(const void* mem, word32 len)
|
||||
{
|
||||
volatile byte* z = (volatile byte*)mem;
|
||||
@ -242,6 +253,7 @@ WC_STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b, int length
|
||||
#if defined(HAVE_FIPS) && !defined(min) /* so ifdef check passes */
|
||||
#define min min
|
||||
#endif
|
||||
/* returns the smaller of a and b */
|
||||
WC_STATIC WC_INLINE word32 min(word32 a, word32 b)
|
||||
{
|
||||
return a > b ? b : a;
|
||||
@ -323,7 +335,7 @@ WC_STATIC WC_INLINE word32 btoi(byte b)
|
||||
/* Constant time - mask set when a > b. */
|
||||
WC_STATIC WC_INLINE byte ctMaskGT(int a, int b)
|
||||
{
|
||||
return (((word32)a - b - 1) >> 31) - 1;
|
||||
return ((byte)(((word32)a - b - 1) >> 31) - 1);
|
||||
}
|
||||
|
||||
/* Constant time - mask set when a >= b. */
|
||||
@ -356,16 +368,19 @@ WC_STATIC WC_INLINE byte ctMaskEq(int a, int b)
|
||||
return (~ctMaskGT(a, b)) & (~ctMaskLT(a, b));
|
||||
}
|
||||
|
||||
/* Constant time - sets 16 bit integer mask when a > b */
|
||||
WC_STATIC WC_INLINE word16 ctMask16GT(int a, int b)
|
||||
{
|
||||
return (((word32)a - b - 1) >> 31) - 1;
|
||||
}
|
||||
|
||||
/* Constant time - sets 16 bit integer mask when a < b. */
|
||||
WC_STATIC WC_INLINE word16 ctMask16LT(int a, int b)
|
||||
{
|
||||
return (((word32)b - a - 1) >> 31) - 1;
|
||||
}
|
||||
|
||||
/* Constant time - sets 16 bit integer mask when a == b. */
|
||||
WC_STATIC WC_INLINE word16 ctMask16Eq(int a, int b)
|
||||
{
|
||||
return (~ctMask16GT(a, b)) & (~ctMask16LT(a, b));
|
||||
|
@ -18,11 +18,12 @@
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
* Based off the public domain implementations by Andrew Moon
|
||||
* and Daniel J. Bernstein
|
||||
*/
|
||||
|
||||
DESCRIPTION
|
||||
This library contains implementation for the Poly1305 authenticator.
|
||||
|
||||
*/
|
||||
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
@ -228,11 +229,11 @@ extern void poly1305_final_avx2(Poly1305* ctx, byte* mac);
|
||||
}
|
||||
|
||||
static void U32TO8(byte *p, word32 v) {
|
||||
p[0] = (v ) & 0xff;
|
||||
p[1] = (v >> 8) & 0xff;
|
||||
p[2] = (v >> 16) & 0xff;
|
||||
p[3] = (v >> 24) & 0xff;
|
||||
}
|
||||
p[0] = (byte)((v ) & 0xff);
|
||||
p[1] = (byte)((v >> 8) & 0xff);
|
||||
p[2] = (byte)((v >> 16) & 0xff);
|
||||
p[3] = (byte)((v >> 24) & 0xff);
|
||||
}
|
||||
#endif
|
||||
|
||||
/* convert 32-bit unsigned to little endian 64 bit type as byte array */
|
||||
@ -254,7 +255,11 @@ static WC_INLINE void u32tole64(const word32 inLe32, byte outLe64[8])
|
||||
|
||||
|
||||
#if !defined(WOLFSSL_ARMASM) || !defined(__aarch64__)
|
||||
void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
|
||||
/*
|
||||
This local function operates on a message with a given number of bytes
|
||||
with a given ctx pointer to a Poly1305 structure.
|
||||
*/
|
||||
static void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
|
||||
size_t bytes)
|
||||
{
|
||||
#ifdef USE_INTEL_SPEEDUP
|
||||
@ -378,7 +383,11 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
|
||||
#endif /* end of 64 bit cpu blocks or 32 bit cpu */
|
||||
}
|
||||
|
||||
void poly1305_block(Poly1305* ctx, const unsigned char *m)
|
||||
/*
|
||||
This local function is used for the last call when a message with a given
|
||||
number of bytes is less than the block size.
|
||||
*/
|
||||
static void poly1305_block(Poly1305* ctx, const unsigned char *m)
|
||||
{
|
||||
#ifdef USE_INTEL_SPEEDUP
|
||||
/* No call to poly1305_block when AVX2, AVX2 does 4 blocks at a time. */
|
||||
@ -494,7 +503,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
|
||||
|
||||
#endif
|
||||
|
||||
if (ctx == NULL)
|
||||
if (ctx == NULL || mac == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#ifdef USE_INTEL_SPEEDUP
|
||||
@ -663,6 +672,13 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
|
||||
{
|
||||
size_t i;
|
||||
|
||||
if (ctx == NULL || (m == NULL && bytes > 0))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (bytes == 0) {
|
||||
/* valid, but do nothing */
|
||||
return 0;
|
||||
}
|
||||
#ifdef CHACHA_AEAD_TEST
|
||||
word32 k;
|
||||
printf("Raw input to poly:\n");
|
||||
@ -673,8 +689,7 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
|
||||
}
|
||||
printf("\n");
|
||||
#endif
|
||||
|
||||
if (ctx == NULL)
|
||||
if (ctx == NULL || (m == NULL && bytes > 0))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#ifdef USE_INTEL_SPEEDUP
|
||||
|
@ -19,7 +19,12 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This library contains implementation for the random number generator.
|
||||
|
||||
*/
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
@ -487,7 +492,7 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
|
||||
return DRBG_CONT_FAILURE;
|
||||
}
|
||||
else {
|
||||
if (i == len) {
|
||||
if (i == (len-1)) {
|
||||
len++;
|
||||
}
|
||||
drbg->matchCount = 1;
|
||||
@ -511,6 +516,10 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
/* wc_Sha256Update or wc_Sha256Final returned error */
|
||||
break;
|
||||
}
|
||||
}
|
||||
ForceZero(data, sizeof(data));
|
||||
|
||||
@ -614,7 +623,7 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
|
||||
const byte* nonce, word32 nonceSz,
|
||||
void* heap, int devId)
|
||||
{
|
||||
int ret;
|
||||
int ret = DRBG_FAILURE;
|
||||
|
||||
XMEMSET(drbg, 0, sizeof(DRBG));
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
|
||||
@ -645,9 +654,6 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
|
||||
drbg->matchCount = 0;
|
||||
ret = DRBG_SUCCESS;
|
||||
}
|
||||
else {
|
||||
ret = DRBG_FAILURE;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
@ -674,7 +680,7 @@ static int Hash_DRBG_Uninstantiate(DRBG* drbg)
|
||||
|
||||
int wc_RNG_TestSeed(const byte* seed, word32 seedSz)
|
||||
{
|
||||
int ret = DRBG_SUCCESS;
|
||||
int ret = 0;
|
||||
|
||||
/* Check the seed for duplicate words. */
|
||||
word32 seedIdx = 0;
|
||||
@ -700,7 +706,7 @@ int wc_RNG_TestSeed(const byte* seed, word32 seedSz)
|
||||
static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
|
||||
void* heap, int devId)
|
||||
{
|
||||
int ret = RNG_FAILURE_E;
|
||||
int ret = 0;
|
||||
#ifdef HAVE_HASHDRBG
|
||||
word32 seedSz = SEED_SZ + SEED_BLOCK_SZ;
|
||||
#endif
|
||||
@ -773,6 +779,10 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
|
||||
rng->drbg =
|
||||
(struct DRBG*)XMALLOC(sizeof(DRBG), rng->heap,
|
||||
DYNAMIC_TYPE_RNG);
|
||||
if (rng->drbg == NULL) {
|
||||
ret = MEMORY_E;
|
||||
rng->status = DRBG_FAILED;
|
||||
}
|
||||
#else
|
||||
/* compile-time validation of drbg_data size */
|
||||
typedef char drbg_data_test[sizeof(rng->drbg_data) >=
|
||||
@ -780,16 +790,14 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
|
||||
(void)sizeof(drbg_data_test);
|
||||
rng->drbg = (struct DRBG*)rng->drbg_data;
|
||||
#endif
|
||||
|
||||
if (rng->drbg == NULL) {
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
else {
|
||||
if (ret == 0) {
|
||||
ret = wc_GenerateSeed(&rng->seed, seed, seedSz);
|
||||
if (ret != 0)
|
||||
ret = DRBG_FAILURE;
|
||||
else
|
||||
if (ret == 0)
|
||||
ret = wc_RNG_TestSeed(seed, seedSz);
|
||||
else {
|
||||
ret = DRBG_FAILURE;
|
||||
rng->status = DRBG_FAILED;
|
||||
}
|
||||
|
||||
if (ret == DRBG_SUCCESS)
|
||||
ret = Hash_DRBG_Instantiate(rng->drbg,
|
||||
@ -2350,7 +2358,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
#endif
|
||||
#include "r_bsp/platform.h"
|
||||
#include "r_tsip_rx_if.h"
|
||||
|
||||
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
int ret;
|
||||
@ -2358,7 +2366,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
|
||||
while (sz > 0) {
|
||||
uint32_t len = sizeof(buffer);
|
||||
|
||||
|
||||
if (sz < len) {
|
||||
len = sz;
|
||||
}
|
||||
|
@ -19,7 +19,13 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This library provides the interface to the RSA.
|
||||
RSA keys can be used to encrypt, decrypt, sign and verify data.
|
||||
|
||||
*/
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
@ -605,59 +611,61 @@ int wc_CheckRsaKey(RsaKey* key)
|
||||
if (mp_set_int(k, 0x2342) != MP_OKAY)
|
||||
ret = MP_READ_E;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_HAVE_SP_RSA
|
||||
#ifndef WOLFSSL_SP_NO_2048
|
||||
if (mp_count_bits(&key->n) == 2048) {
|
||||
ret = sp_ModExp_2048(k, &key->e, &key->n, tmp);
|
||||
if (ret != 0)
|
||||
ret = MP_EXPTMOD_E;
|
||||
ret = sp_ModExp_2048(tmp, &key->d, &key->n, tmp);
|
||||
if (ret != 0)
|
||||
ret = MP_EXPTMOD_E;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifndef WOLFSSL_SP_NO_3072
|
||||
if (mp_count_bits(&key->n) == 3072) {
|
||||
ret = sp_ModExp_3072(k, &key->e, &key->n, tmp);
|
||||
if (ret != 0)
|
||||
ret = MP_EXPTMOD_E;
|
||||
ret = sp_ModExp_3072(tmp, &key->d, &key->n, tmp);
|
||||
if (ret != 0)
|
||||
ret = MP_EXPTMOD_E;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifdef WOLFSSL_SP_4096
|
||||
if (mp_count_bits(&key->n) == 4096) {
|
||||
ret = sp_ModExp_4096(k, &key->e, &key->n, tmp);
|
||||
if (ret != 0)
|
||||
ret = MP_EXPTMOD_E;
|
||||
ret = sp_ModExp_4096(tmp, &key->d, &key->n, tmp);
|
||||
if (ret != 0)
|
||||
ret = MP_EXPTMOD_E;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#endif
|
||||
#ifdef WOLFSSL_SP_MATH
|
||||
{
|
||||
ret = WC_KEY_SIZE_E;
|
||||
}
|
||||
#else
|
||||
{
|
||||
if (ret == 0) {
|
||||
if (mp_exptmod(k, &key->e, &key->n, tmp) != MP_OKAY)
|
||||
ret = MP_EXPTMOD_E;
|
||||
if (ret == 0) {
|
||||
switch (mp_count_bits(&key->n)) {
|
||||
#ifndef WOLFSSL_SP_NO_2048
|
||||
case 2048:
|
||||
ret = sp_ModExp_2048(k, &key->e, &key->n, tmp);
|
||||
if (ret != 0)
|
||||
ret = MP_EXPTMOD_E;
|
||||
if (ret == 0) {
|
||||
ret = sp_ModExp_2048(tmp, &key->d, &key->n, tmp);
|
||||
if (ret != 0)
|
||||
ret = MP_EXPTMOD_E;
|
||||
}
|
||||
break;
|
||||
#endif /* WOLFSSL_SP_NO_2048 */
|
||||
#ifndef WOLFSSL_SP_NO_3072
|
||||
case 3072:
|
||||
ret = sp_ModExp_3072(k, &key->e, &key->n, tmp);
|
||||
if (ret != 0)
|
||||
ret = MP_EXPTMOD_E;
|
||||
if (ret == 0) {
|
||||
ret = sp_ModExp_3072(tmp, &key->d, &key->n, tmp);
|
||||
if (ret != 0)
|
||||
ret = MP_EXPTMOD_E;
|
||||
}
|
||||
break;
|
||||
#endif /* WOLFSSL_SP_NO_3072 */
|
||||
#ifdef WOLFSSL_SP_4096
|
||||
case 4096:
|
||||
ret = sp_ModExp_4096(k, &key->e, &key->n, tmp);
|
||||
if (ret != 0)
|
||||
ret = MP_EXPTMOD_E;
|
||||
if (ret == 0) {
|
||||
ret = sp_ModExp_4096(tmp, &key->d, &key->n, tmp);
|
||||
if (ret != 0)
|
||||
ret = MP_EXPTMOD_E;
|
||||
}
|
||||
break;
|
||||
#endif /* WOLFSSL_SP_4096 */
|
||||
default:
|
||||
ret = WC_KEY_SIZE_E;
|
||||
}
|
||||
}
|
||||
#endif /* WOLFSSL_HAVE_SP_RSA */
|
||||
#ifndef WOLFSSL_SP_MATH
|
||||
if (ret == 0) {
|
||||
if (mp_exptmod(k, &key->e, &key->n, tmp) != MP_OKAY)
|
||||
ret = MP_EXPTMOD_E;
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY)
|
||||
ret = MP_EXPTMOD_E;
|
||||
}
|
||||
if (ret == 0) {
|
||||
if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY)
|
||||
ret = MP_EXPTMOD_E;
|
||||
}
|
||||
#endif
|
||||
#endif /* !WOLFSSL_SP_MATH */
|
||||
|
||||
if (ret == 0) {
|
||||
if (mp_cmp(k, tmp) != MP_EQ)
|
||||
@ -815,10 +823,10 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
|
||||
XMEMCPY(tmp, seed, seedSz);
|
||||
|
||||
/* counter to byte array appended to tmp */
|
||||
tmp[seedSz] = (counter >> 24) & 0xFF;
|
||||
tmp[seedSz + 1] = (counter >> 16) & 0xFF;
|
||||
tmp[seedSz + 2] = (counter >> 8) & 0xFF;
|
||||
tmp[seedSz + 3] = (counter) & 0xFF;
|
||||
tmp[seedSz] = (byte)((counter >> 24) & 0xFF);
|
||||
tmp[seedSz + 1] = (byte)((counter >> 16) & 0xFF);
|
||||
tmp[seedSz + 2] = (byte)((counter >> 8) & 0xFF);
|
||||
tmp[seedSz + 3] = (byte)((counter) & 0xFF);
|
||||
|
||||
/* hash and append to existing output */
|
||||
if ((ret = wc_Hash(hType, tmp, (seedSz + 4), tmp, tmpSz)) != 0) {
|
||||
@ -1124,6 +1132,9 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
|
||||
hiBits = (bits - 1) & 0x7;
|
||||
if (hiBits == 0) {
|
||||
/* Per RFC8017, set the leftmost 8emLen - emBits bits of the
|
||||
leftmost octet in DB to zero.
|
||||
*/
|
||||
*(pkcsBlock++) = 0;
|
||||
pkcsBlockLen--;
|
||||
}
|
||||
@ -1160,7 +1171,6 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
if ((int)pkcsBlockLen - hLen < saltLen + 2) {
|
||||
return PSS_SALTLEN_E;
|
||||
}
|
||||
|
||||
maskLen = pkcsBlockLen - 1 - hLen;
|
||||
|
||||
#if defined(WOLFSSL_PSS_LONG_SALT) || defined(WOLFSSL_PSS_SALT_LEN_DISCOVER)
|
||||
@ -1203,12 +1213,16 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
ret = wc_Hash(hType, s, (word32)(m - s), pkcsBlock + maskLen, hLen);
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Set the last eight bits or trailer field to the octet 0xbc */
|
||||
pkcsBlock[pkcsBlockLen - 1] = RSA_PSS_PAD_TERM;
|
||||
|
||||
ret = RsaMGF(mgf, pkcsBlock + maskLen, hLen, pkcsBlock, maskLen, heap);
|
||||
}
|
||||
if (ret == 0) {
|
||||
pkcsBlock[0] &= (1 << hiBits) - 1;
|
||||
/* Clear the first high bit when "8emLen - emBits" is non-zero.
|
||||
where emBits = n modBits - 1 */
|
||||
if (hiBits)
|
||||
pkcsBlock[0] &= (1 << hiBits) - 1;
|
||||
|
||||
m = pkcsBlock + maskLen - saltLen - 1;
|
||||
*(m++) ^= 0x01;
|
||||
@ -1237,15 +1251,15 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (pkcsBlockLen - RSA_MIN_PAD_SZ < inputLen) {
|
||||
WOLFSSL_MSG("RsaPad error, invalid length");
|
||||
return RSA_PAD_E;
|
||||
}
|
||||
pkcsBlock[0] = 0x0; /* set first byte to zero and advance */
|
||||
pkcsBlock++; pkcsBlockLen--;
|
||||
pkcsBlock[0] = padValue; /* insert padValue */
|
||||
|
||||
if (padValue == RSA_BLOCK_TYPE_1) {
|
||||
if (pkcsBlockLen < inputLen + 2) {
|
||||
WOLFSSL_MSG("RsaPad error, invalid length");
|
||||
return RSA_PAD_E;
|
||||
}
|
||||
|
||||
/* pad with 0xff bytes */
|
||||
XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2);
|
||||
@ -1255,12 +1269,6 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
/* pad with non-zero random bytes */
|
||||
word32 padLen, i;
|
||||
int ret;
|
||||
|
||||
if (pkcsBlockLen < inputLen + 1) {
|
||||
WOLFSSL_MSG("RsaPad error, invalid length");
|
||||
return RSA_PAD_E;
|
||||
}
|
||||
|
||||
padLen = pkcsBlockLen - inputLen - 1;
|
||||
ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen);
|
||||
if (ret != 0) {
|
||||
@ -1457,9 +1465,10 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
* saltLen Length of salt to put in padding.
|
||||
* bits Length of key in bits.
|
||||
* heap Used for dynamic memory allocation.
|
||||
* returns 0 on success, PSS_SALTLEN_E when the salt length is invalid,
|
||||
* BAD_PADDING_E when the padding is not valid, MEMORY_E when allocation fails
|
||||
* and other negative values on error.
|
||||
* returns the sum of salt length and SHA-256 digest size on success.
|
||||
* Otherwise, PSS_SALTLEN_E for an incorrect salt length,
|
||||
* WC_KEY_SIZE_E for an incorrect encoded message (EM) size
|
||||
and other negative values on error.
|
||||
*/
|
||||
static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
byte **output, enum wc_HashType hType, int mgf,
|
||||
@ -2659,7 +2668,7 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
|
||||
#endif
|
||||
|
||||
if (mp_init(c) != MP_OKAY)
|
||||
ret = MEMORY_E;
|
||||
ret = MP_INIT_E;
|
||||
if (ret == 0) {
|
||||
if (mp_read_unsigned_bin(c, in, inLen) != 0)
|
||||
ret = MP_READ_E;
|
||||
|
@ -19,6 +19,16 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/* For more info on the algorithm, see https://tools.ietf.org/html/rfc6234 */
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This library provides the interface to SHA-256 secure hash algorithms.
|
||||
SHA-256 performs processing on message blocks to produce a final hash digest
|
||||
output. It can be used to hash a message, M, having a length of L bits,
|
||||
where 0 <= L < 2^64.
|
||||
|
||||
*/
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
@ -21,6 +21,11 @@
|
||||
|
||||
/* Implementation by Sean Parkinson. */
|
||||
|
||||
/*
|
||||
DESCRIPTION
|
||||
This library provides single precision (SP) integer math functions.
|
||||
|
||||
*/
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
@ -178,20 +183,23 @@ int sp_unsigned_bin_size(sp_int* a)
|
||||
* a SP integer.
|
||||
* in Array of bytes.
|
||||
* inSz Number of data bytes in array.
|
||||
* returns BAD_FUNC_ARG when the number is too big to fit in an SP and
|
||||
* returns MP_VAL when the number is too big to fit in an SP and
|
||||
MP_OKAY otherwise.
|
||||
*/
|
||||
int sp_read_unsigned_bin(sp_int* a, const byte* in, int inSz)
|
||||
int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz)
|
||||
{
|
||||
int err = MP_OKAY;
|
||||
int i, j = 0, k;
|
||||
|
||||
/* Extra digit added to SP_INT_DIGITS to be used in calculations. */
|
||||
if (inSz > (SP_INT_DIGITS - 1) * (int)sizeof(a->dp[0])) {
|
||||
if (inSz > SP_INT_DIGITS * (int)sizeof(a->dp[0])) {
|
||||
err = MP_VAL;
|
||||
}
|
||||
|
||||
if (err == MP_OKAY) {
|
||||
else if (inSz == 0) {
|
||||
XMEMSET(a->dp, 0, a->size * sizeof(*a->dp));
|
||||
a->used = 0;
|
||||
}
|
||||
else {
|
||||
for (i = inSz-1; i >= (SP_WORD_SIZE/8); i -= (SP_WORD_SIZE/8), j++) {
|
||||
a->dp[j] = (((sp_int_digit)in[i-0]) << (0*8))
|
||||
| (((sp_int_digit)in[i-1]) << (1*8))
|
||||
@ -212,9 +220,9 @@ int sp_read_unsigned_bin(sp_int* a, const byte* in, int inSz)
|
||||
}
|
||||
}
|
||||
a->used = j + 1;
|
||||
}
|
||||
|
||||
sp_clamp(a);
|
||||
sp_clamp(a);
|
||||
}
|
||||
|
||||
return err;
|
||||
}
|
||||
@ -1019,12 +1027,27 @@ int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r)
|
||||
int i = 0;
|
||||
sp_int_digit t;
|
||||
|
||||
if (a == NULL || r == NULL || a->used > SP_INT_DIGITS)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
r->used = a->used;
|
||||
if (a->used == 0) {
|
||||
r->used = d > 0;
|
||||
|
||||
if (d == 0) {
|
||||
/*copy the content of <a> to <r>*/
|
||||
for (; i < a->used; i++)
|
||||
r->dp[i] = a->dp[i];
|
||||
|
||||
return MP_OKAY;
|
||||
}
|
||||
t = a->dp[0] + d;
|
||||
if (t < a->dp[0]) {
|
||||
|
||||
if (a->used == 0) {
|
||||
r->used = 1;
|
||||
t = d;
|
||||
}
|
||||
else
|
||||
t = a->dp[0] + d;
|
||||
|
||||
if (a->used != 0 && t < a->dp[0]) {
|
||||
for (++i; i < a->used; i++) {
|
||||
r->dp[i] = a->dp[i] + 1;
|
||||
if (r->dp[i] != 0) {
|
||||
@ -1033,19 +1056,20 @@ int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r)
|
||||
}
|
||||
if (i == a->used) {
|
||||
r->used++;
|
||||
r->dp[i] = 1;
|
||||
if (i < SP_INT_DIGITS)
|
||||
r->dp[i] = 1;
|
||||
else
|
||||
return MP_VAL;
|
||||
}
|
||||
}
|
||||
r->dp[0] = t;
|
||||
if (r != a) {
|
||||
for (++i; i < a->used; i++) {
|
||||
r->dp[i] = a->dp[i];
|
||||
}
|
||||
}
|
||||
for (++i; i < a->used; i++)
|
||||
r->dp[i] = a->dp[i];
|
||||
|
||||
return MP_OKAY;
|
||||
}
|
||||
|
||||
|
||||
#if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
|
||||
!defined(WOLFSSL_RSA_VERIFY_ONLY)
|
||||
/* Left shift the big number by a number of digits.
|
||||
|
@ -22,8 +22,15 @@
|
||||
/*!
|
||||
\file wolfssl/wolfcrypt/aes.h
|
||||
*/
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This library provides the interfaces to the Advanced Encryption Standard (AES)
|
||||
for encrypting and decrypting data. AES is the standard known for a symmetric
|
||||
block cipher mechanism that uses n-bit binary string parameter key with 128-bits,
|
||||
192-bits, and 256-bits of key sizes.
|
||||
|
||||
*/
|
||||
#ifndef WOLF_CRYPT_AES_H
|
||||
#define WOLF_CRYPT_AES_H
|
||||
|
||||
|
@ -23,6 +23,14 @@
|
||||
\file wolfssl/wolfcrypt/asn.h
|
||||
*/
|
||||
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This library provides the interface to Abstract Syntax Notation One (ASN.1) objects.
|
||||
ASN.1 is a standard interface description language for defining data structures
|
||||
that can be serialized and deserialized in a cross-platform way.
|
||||
|
||||
*/
|
||||
#ifndef WOLF_CRYPT_ASN_H
|
||||
#define WOLF_CRYPT_ASN_H
|
||||
|
||||
|
@ -23,6 +23,11 @@
|
||||
\file wolfssl/wolfcrypt/asn_public.h
|
||||
*/
|
||||
|
||||
/*
|
||||
DESCRIPTION
|
||||
This library defines the interface APIs for X509 certificates.
|
||||
|
||||
*/
|
||||
#ifndef WOLF_CRYPT_ASN_PUBLIC_H
|
||||
#define WOLF_CRYPT_ASN_PUBLIC_H
|
||||
|
||||
|
@ -18,7 +18,12 @@
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This library contains implementation for the ChaCha20 stream cipher.
|
||||
|
||||
*/
|
||||
/*!
|
||||
\file wolfssl/wolfcrypt/chacha.h
|
||||
*/
|
||||
@ -35,9 +40,21 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/*
|
||||
Initialization vector starts at 13 with zero being the index origin of a matrix.
|
||||
Block counter is located at index 12.
|
||||
0 1 2 3
|
||||
4 5 6 7
|
||||
8 9 10 11
|
||||
12 13 14 15
|
||||
*/
|
||||
#define CHACHA_MATRIX_CNT_IV 12
|
||||
|
||||
/* Size of the IV */
|
||||
#define CHACHA_IV_WORDS 3
|
||||
#define CHACHA_IV_BYTES (CHACHA_IV_WORDS * sizeof(word32))
|
||||
|
||||
/* Size of IV in bytes*/
|
||||
#define CHACHA_IV_BYTES 12
|
||||
|
||||
/* Size of ChaCha chunks */
|
||||
#define CHACHA_CHUNK_WORDS 16
|
||||
|
@ -18,12 +18,14 @@
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This library contains implementation for the ChaCha20 stream cipher and
|
||||
the Poly1305 authenticator, both as as combined-mode,
|
||||
or Authenticated Encryption with Additional Data (AEAD) algorithm.
|
||||
|
||||
/* This implementation of the ChaCha20-Poly1305 AEAD is based on "ChaCha20
|
||||
* and Poly1305 for IETF protocols" (draft-irtf-cfrg-chacha20-poly1305-10):
|
||||
* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10
|
||||
*/
|
||||
*/
|
||||
|
||||
/*!
|
||||
\file wolfssl/wolfcrypt/chacha20_poly1305.h
|
||||
@ -45,6 +47,7 @@
|
||||
#define CHACHA20_POLY1305_AEAD_KEYSIZE 32
|
||||
#define CHACHA20_POLY1305_AEAD_IV_SIZE 12
|
||||
#define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16
|
||||
#define CHACHA20_POLY1305_MAX 4294967295U
|
||||
|
||||
enum {
|
||||
CHACHA20_POLY_1305_ENC_TYPE = 8, /* cipher unique type */
|
||||
|
@ -22,6 +22,11 @@
|
||||
/*!
|
||||
\file wolfssl/wolfcrypt/error-crypt.h
|
||||
*/
|
||||
/*
|
||||
DESCRIPTION
|
||||
This library defines error codes and contians routines for setting and examining
|
||||
the error status.
|
||||
*/
|
||||
|
||||
#ifndef WOLF_CRYPT_ERROR_H
|
||||
#define WOLF_CRYPT_ERROR_H
|
||||
@ -227,10 +232,10 @@ enum {
|
||||
CRYPTOCB_UNAVAILABLE= -271, /* Crypto callback unavailable */
|
||||
PKCS7_SIGNEEDS_CHECK= -272, /* signature needs verified by caller */
|
||||
PSS_SALTLEN_RECOVER_E=-273, /* PSS slat length not recoverable */
|
||||
CHACHA_POLY_OVERFLOW =-274, /* ChaCha20Poly1305 limit overflow */
|
||||
ASN_SELF_SIGNED_E = -275, /* ASN self-signed certificate error */
|
||||
|
||||
ASN_SELF_SIGNED_E = -274, /* ASN self-signed certificate error */
|
||||
|
||||
WC_LAST_E = -274, /* Update this to indicate last error */
|
||||
WC_LAST_E = -275, /* Update this to indicate last error */
|
||||
MIN_CODE_E = -300 /* errors -101 - -299 */
|
||||
|
||||
/* add new companion error id strings for any new error codes
|
||||
|
@ -18,9 +18,13 @@
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This module implements the arithmetic-shift right, left, byte swapping, XOR,
|
||||
masking and clearing memory logic.
|
||||
|
||||
|
||||
*/
|
||||
#ifndef WOLF_CRYPT_MISC_H
|
||||
#define WOLF_CRYPT_MISC_H
|
||||
|
||||
|
@ -119,9 +119,6 @@ WOLFSSL_API int wc_Poly1305_EncodeSizes(Poly1305* ctx, word32 aadSz, word32 data
|
||||
WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz,
|
||||
byte* input, word32 sz, byte* tag, word32 tagSz);
|
||||
|
||||
void poly1305_block(Poly1305* ctx, const unsigned char *m);
|
||||
void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
|
||||
size_t bytes);
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
@ -23,7 +23,13 @@
|
||||
\file wolfssl/wolfcrypt/rsa.h
|
||||
*/
|
||||
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This library provides the interface to the RSA.
|
||||
RSA keys can be used to encrypt, decrypt, sign and verify data.
|
||||
|
||||
*/
|
||||
#ifndef WOLF_CRYPT_RSA_H
|
||||
#define WOLF_CRYPT_RSA_H
|
||||
|
||||
@ -280,8 +286,9 @@ WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
|
||||
RsaKey*, word32);
|
||||
WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
|
||||
const byte* e, word32 eSz, RsaKey* key);
|
||||
WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
|
||||
|
||||
#ifdef WOLFSSL_KEY_GEN
|
||||
WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
|
||||
#endif
|
||||
|
||||
#ifdef WC_RSA_BLINDING
|
||||
WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
|
||||
|
@ -19,7 +19,11 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
DESCRIPTION
|
||||
This library provides single precision (SP) integer math functions.
|
||||
|
||||
*/
|
||||
#ifndef WOLF_CRYPT_SP_INT_H
|
||||
#define WOLF_CRYPT_SP_INT_H
|
||||
|
||||
@ -187,7 +191,7 @@ MP_API int sp_init_multi(sp_int* a, sp_int* b, sp_int* c, sp_int* d,
|
||||
sp_int* e, sp_int* f);
|
||||
MP_API void sp_clear(sp_int* a);
|
||||
MP_API int sp_unsigned_bin_size(sp_int* a);
|
||||
MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, int inSz);
|
||||
MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz);
|
||||
MP_API int sp_read_radix(sp_int* a, const char* in, int radix);
|
||||
MP_API int sp_cmp(sp_int* a, sp_int* b);
|
||||
MP_API int sp_count_bits(sp_int* a);
|
||||
|
@ -22,7 +22,12 @@
|
||||
/*!
|
||||
\file wolfssl/wolfcrypt/types.h
|
||||
*/
|
||||
/*
|
||||
DESCRIPTION
|
||||
This library defines the primitive data types and abstraction macros to
|
||||
decouple library dependencies with standard string, memory and so on.
|
||||
|
||||
*/
|
||||
#ifndef WOLF_CRYPT_TYPES_H
|
||||
#define WOLF_CRYPT_TYPES_H
|
||||
|
||||
|
@ -19,6 +19,11 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
DESCRIPTION
|
||||
This library provides big integer math functions.
|
||||
|
||||
*/
|
||||
#ifndef __WOLFMATH_H__
|
||||
#define __WOLFMATH_H__
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user